LAST UPDATED DATE: 6/28/22
COMPANY: Kevin Hart Nation (the “Company”)
SERVICE: Kevin Hart Nation (“the Service”)
TERMS OF SERVICE: The Company’s Terms of Service are located at https://www.kevinhartnation.io/terms (the “Terms of Service”)
OUR LOCATION: We are located in Encino, CA (the “Jurisdiction”).
● Data Controller: Company
● We will only collect personal information that you have voluntarily decided to provide to us or we have recorded from your usage of the Service.
● Depending on how you choose to interact with us we may collect your name, email, phone number, IP address or any other contact details or content which you have provided to us.
● We will use this personal information:
○ to provide you with the full features of the Service; and
○ to analyse, improve and promote the Service and its content.
● We will always ask you before processing your personal data in any other ways.
● We will use an anonymized version of your personal data, from which you cannot be identified, to prepare statistics so we can learn and improve our service. For example, how many users login each day, how many transactions are sent, etc. We may also share such anonymized information with third parties.
● We will only share your personal information with our declared data processors.
● We may transfer your data to authorized data processors but will make sure that there are appropriate safeguards in place. By voluntarily submitting your personal data you consent to these transfers.
● We will never sell, rent or give away your identifiable personal information to other third parties.
● We will only keep your information for as long as needed to answer your query or as required by applicable legislation or regulations.
● We will use appropriate technical and organisational measures to ensure the safety, security and accuracy of your personal data.
● You have important rights in relation to the use of your personal data, listed in Section 9.
● We do not knowingly request or store sensitive or children’s information.
The Data Controller is responsible for determining the processing purposes of your personal data, and the content and related services or features which are made available to you from using this Service.
2. What is the Purpose of this Service?
The purpose of this Service is to provide a rewards program to you and other users.
3. Where do we collect personal data about you from?
We may collect personal data about you from the following sources:
● Directly from you. This is information you have voluntarily provided when entering your personal details on the Service.
● Through publicly available sources such as Facebook, Twitter or LinkedIn.
We do not collect personal data about you:
● From an agent/third party acting on your behalf.
4. What Information Do We Collect and Why?
We will only ever collect the information we need to enable us to undertake the specific information processing activities noted later in this section.
We collect and process two distinct kinds of information:
● non-personal information such as the pages you have accessed, helping us to determine how many people use our Service, how many people visit on a regular basis, and how popular each of our pages or features are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our service.
● personal information such as your IP address, email address, username, password, approximate location, transactions you complete within or connected to the Service and any optional information you may choose to provide to us as part of your experience within the Service.
Should you decide to register we ask for the following information:
● Email address - we use this to facilitate your registration for the Service and to send Service-related communications such as resetting your password, verifying your email address or offering you opportunities to participate in other parts of the Service. We will not send you any marketing or third-party messages if you have explicitly requested that we do not do so.
● Your name/username - You do not need to use your real name, though we generally encourage it.
● A photo - this may be optional as part of the Service.
● A password - we store this in a secure one-way encrypted system. If you forget your password, you may request that it be reset, and an email will be sent to you with instructions on how to do so.
Once registration is complete, and you have verified your email you may, if you choose, use the Services.
As you use the Services, we will keep track of your reward activity. We also use this data in an aggregated, anonymized form to understand how popular the Service and its different features are so that we can improve the Service. This aggregated, anonymized data may be shared with third parties.
We record the last IP address from which you accessed the Service so that we can protect the Service from malicious access. As part of this we may look up the approximate location of the IP address such as country and city.
Your decision to disclose your personal information to us is entirely voluntary. If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data, you may not be able to access or use the Services.
We will only retain your personal information for as long as you are a registered user of the Services. We comply with all legislative and regulatory information retention requirements and will securely and permanently delete your personal information when there is (a) no justification for its further retention, or (b) you have asked us to delete it.
We will not use your identifiable personal information for any other purposes. We will not share your identifiable personal information with any other party, other than the declared Data Processors recorded in Section 11.
5. What information do we share with third parties?
In addition to the Subprocessors listed in Section 11, we may provide anonymized, aggregated information, statistics, trends and insights about the use of the Services to third parties, but we do not sell any of your personal information to anyone. Examples of such third parties include the following:
A. Analytics and Measurement Services
We may engage third parties to help us and our partners understand how our users use the Services. We may share anonymized, aggregated information with such parties to enable them to generate reports and analyses of the Services.
We may provide advertisers with anonymized, aggregated information about our users and their use of the Services to enable advertisers to allow them to better understand their audience. We do not provide advertisers with any information that could identify you or any individual user.
C. Commercial Partners
We may provide our commercial partners with anonymized, aggregated information to allow them to integrate their products or services with the Services and to enable us to expand our products and services.
6. What legal basis do we have for using your personal data?
The legal basis we have for processing your data is based around the consent you have voluntarily provided us.
7. Sensitive Personal Information
This Service does not knowingly collect or process any sensitive personal information (e.g., racial or ethnic origin, political opinions, or religious or philosophical beliefs) unless you have chosen to voluntarily disclose and share such information during your use of the Service.
8. Children’s Personal Data
This Service, and any services available from it, are not directed to users under the age of 18 (save where any users between 13 - 18 years old have obtained prior parental or guardian consent).
If you learn that a user under the age of 18 has provided us with their personal information without having parental or guardian consent, please contact us by sending an email to the Contact Email immediately so we can take appropriate action.
9. User Data Rights
Depending on your location, you may have several rights connected to the provision of your personal information to us from using the Service.
A. The right to be informed
B. The right of access
You may have the right to obtain access to your personal information (if we’re processing it), and certain other information such as the reasons why we are processing or storing it. This is so you’re aware and can check that we’re using your personal information in accordance with data protection legislation and your agreement.
C. The right to rectification
You are entitled to request that your personal information is promptly corrected if it’s identified as being inaccurate or incomplete.
D. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information under certain circumstances where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
E. The right to restrict processing
You have rights to ‘block’ or suppress further use of your personal information. When processing is restricted, we can still store your information but may not be able to process it further. We maintain lists of people who have asked for further use of their personal information to be ‘blocked’ to make sure the restriction is respected in future.
F. The right to object to processing
You have the right to object to certain types of personal data processing, including processing for direct marketing activities.
G. The right to lodge a complaint
Depending on your location, you may have the right to lodge a complaint about the way we have handled or processed your personal data with the applicable data protection regulator.
H. The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to vary or withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw your consent to us using your personal data for marketing purposes.
For any of the above rights, we usually act on validated requests and provide the requested information or activity free of charge, but by law we are allowed to charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests or further copies of the same information.
Alternatively, there are reasons why we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your validated request but, if the request is going to take longer to deal with, we will let you know.
To contact us please send an email to the Contact Email. If we do not address your request or fail to provide you with a valid reason why we are unable to do so, you may have the right to contact the applicable data protection regulator. For more information about the applicable data protection regulator, please see Section 15.
10. Personal Data Breach Reporting
You have the right to be promptly informed by us of any personal data loss, theft or compromise arising directly or indirectly from the Service, and any supporting systems or declared Data Processors (see Section 10) involved with delivering, supporting, maintaining, monitoring or improving the Service. Similarly, we may be required to notify the applicable data protection regulator.
As a user of the Service, you have a responsibility to safeguard and manage your Service login credentials securely. This requires you to ensure that they are changed frequently, of sufficient strength and complexity, different from any other passwords you may use, and not recorded in a format which could be accessed or guessed by others. If you suspect that your credentials have been compromised, you should notify us immediately by sending an email to the Contact Email. We will not be liable for any personal information loss, theft or compromise where this can be attributed to your failure to secure your Service login credentials.
11. Declaration of Personal Data Subprocessors
To make an informed decision on whether to provide your personal data to us when using this Service, we need to make you aware of the organisations that act as Data Subprocessors for us, helping in the provision of the Service and its functionality.
These partners are as follows:
● Moonwalk Labs, Inc.: provider of the Service technology platform, based in the United States. Moonwalk Labs, Inc. (“Moonwalk”) is a corporation registered with the state of Delaware with file number 3460157.
Below is a list of subprocessors that Moonwalk might utilize. This list may be updated from time to time.
● MailChimp: Used to send administration of service emails such as email verification, password reset and welcome email; and other potential marketing messages where you have given your explicit consent for us to do so. Based in the United States. MailChimp complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● Google Analytics: Used to provide analytics to understand how the Service is used and help provide actionable insights for improvements. Google, including Google Inc. and its wholly-owned US subsidiaries, comply with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● Google G Suite: Used as email system, so any emails you send to support will be handled by G Suite. Google, including Google Inc. and its wholly-owned US subsidiaries, comply with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● Crashlytics (Part of Google): Used to provide actionable insights and analytics on crash reporting. Part of Fabric, acquired by Google’s Developer Products Group. Crashlytics complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● Amazon Web Services: Hosting services. AWS complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● Heroku (Subsidiary of Salesforce): Hosting services. Heroku complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
12. International Transfers of Personal Data
We are located in the Jursidiction. Any personal data you provide to us will be transferred to that country. At least one of our Data Subprocessors is located in the United States, so, if you are located outside the United States, your personal information will be transferred to and processed in the United States. As we have described above, to be able to provide you with the Services, we may transfer your personal data to subprocessors in other countries where the privacy laws may be different from those in your home country.
By voluntarily submitting your personal data to us you consent to these international transfers. If you later wish to withdraw your consent, please contact the Data Controller by sending an email to the Contact Email.
Cookies are small text files sent by websites to your web browser and sent back to them each time you access or use the site and may be necessary for the site to function. They are unique to you or your web browser and may contain identifiable personal information as well as technical information (e.g., your device manufacturer and model, screen resolution, internet service provider, browser, and geo-location data). Session-based cookies last only while your browser is open and are automatically deleted when you close the browser. Persistent cookies last until you or your browser delete them, or until they expire.