Privacy Policy

Last updated in April 2023

Welcome to Berry App's Privacy Policy!

Please note that this Privacy Policy applies to personal data that is collected and processed in the course of providing Service (as defined in Section 3 of the Terms of Use) by App Crafters doo Čačak, with registered seat at Karađorđeva 15, 32000 Čačak, Serbia, CIN 21269999, TIN 109933771, (hereinafter: “App Crafters”, or “we”).


App Crafters, as a Data Controller, collects and processes personal data relating to interactions on the Berry App (as defined in the Definition Section of the Terms of Use). This Privacy Policy describes how App Crafters uses and protects any information that you share with us in relation to our Berry App.


We believe in full transparency, which is why we keep our Privacy Policy simple and easy to understand.


We strongly urge you to read this Privacy Policy and make sure that you fully understand and agree with it. If you do not agree to this Privacy Policy, please do not access, or otherwise use Berry App. In case there is anything that you would like to ask us regarding this Privacy Policy, please send your inquiry to privacy@tryberry.app.


Please note that this Privacy Policy applies only to the use of the Berry App. The use of App Crafters website is governed by a separate Privacy Policy, Terms of Use and corresponding policies and not by this agreement.


Along with the Terms of Use, this Privacy Policy represents a contract between you and the App Crafters. Thus, any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Definition Section of the Terms of Use.


1. Definitions

Arrow
Term & Meaning
Consent Your explicit consent on the processing of personal data. Persons who are 16 years of age or older may give free consent to the processing of their personal data.
Cookies Cookies and other similar technologies (e.g. web beacons) are small pieces of data stored on your device (computer or mobile device). This information is used to track your use of the Berry App and to compile statistical reports on Berry App's activity.
Data Controller An entity that alone or jointly with others determines the purposes and means of the processing of personal data.
Data Processor Any natural or legal person who processes the data on behalf of the controller.
Data Subject, or you Any natural person that shares personal data with us via Berry App, or in relation to Berry App (e.g. via email).
Employer The Client (as defined in Section 1 of Terms of Use) who made your Personal Data available to us and who is using the Service.
Employee An individual that is engaged as an employee, consultant, or contractor of Client, and who is registered on Berry App by Admin (as defined in Terms of Use) with the purpose of HR management, and who has been invited, permitted or caused to have access to Berry App by Admin, either through the Employee Account or otherwise. A natural person who is registering Employee Account on the Software as Client’s representative or Employee as determined by the Admin.
Data Protection Law Means a) General Data Protection Regulation 2016/679 or b) Law on Personal Data Protection of the Republic of Serbia.
Personal data or data Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, either directly or indirectly. Therefore, data about a company or any legal entity is not considered to be personal data but registering on behalf of a legal entity may include sharing personal data. For example, information about one-person companies may constitute personal data where it allows the identification of a natural person. The rules also apply to all personal data relating to natural persons in the course of professional activity, such as the employees of a company or organization, and business e-mail addresses like “firstname.surname@company.com”. This Privacy Policy does not apply to information from which no individual can reasonably be identified (anonymized information).
Processing Any operation or set of operations that is performed on personal data or sets of personal data. This includes activities such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

2. Data Controller and Data Processor

Arrow

In relation to your personal data processed via Berry App, App Crafters may be either a Data Controller or Data Processor.


When App Crafters acts in the capacity of a Data Controller, App Crafters determines the purposes and means of the processing of personal data. The purpose of data processing is the reason why we process your personal data. The table in Section 3.1 of the Privacy Policy presents the purposes and legal basis for data processing. In those cases, App Crafters is responsible for your personal data.


Apart from Section 3.2, this Privacy Policy primarily contains information on processing your data in the capacity of a Data Controller. Should you have any inquiries, or you wish to exercise any of the rights of a Data Subject stipulated in Section 9, please contact us:



Given that App Crafters strongly supports fair personal data processing, despite being only a Data Processor in the below-listed cases, App Crafters made an additional effort to explain such personal data processing via Berry App - in Section 3.2 of this Privacy Policy.


The information contained therein outlines how personal data processing via Berry App functions in general. But if you wish to send an inquiry, or exercise any of the rights which you may have under the applicable data protection law as the Data Subject, please contact the Client directly, as they hold the position of Data Controller.


Since App Crafters is a company operating under the laws of the Republic of Serbia it falls under the scope of application of the Data Protection Law, and as a Data Processor, it is obliged to sign the Data Protection Addendum to the Terms of Use ("DPA"), with the Client as a Data Controller. The DPA reflects the agreement between you and App Crafters regarding the terms which govern the processing of personal data under App Crafters' Terms of Use. Signing the DPA will be considered as an amendment to the Contract (within the meaning of the Definitions Section of the Terms of Use) and will be considered to form a part of the Contract.


DPA is available on the Berry App, and the Client will accept it when creating an account for the Company it represents. The Client can also download a PDF version of the DPA on the Berry App.


3. What data do we process about you and when?

Arrow

We may collect and receive information about you in various ways:


  • Information you provide using the Berry App (for example, by creating an Account on Berry App).

  • Information you decide to provide through getting in touch with us.

  • Information we collect using cookies and similar technologies as explained below.

Personal data we may collect automatically


Each time you use the Berry App we may automatically collect the following information:


  • At the time of logging in, we locally store the date of your registration, and in the keychain we store data such as employeeUUID, email, companyName, firstName, lastName, jobTitle, profile picture, verification tokens and the JWT token that includes user data about the date when you will be logged out automatically.

  • when you use Berry App, we will keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage;

  • technical information about your computer or mobile device for system administration and analysis, including your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type;

  • other information about your use of Berry App, including the pages you have viewed, the duration spent on the Berry App and User/Client Content you have uploaded to the Berry App.

This information is collected primarily by using cookies and similar technologies.


Please note that this information is ‘strictly necessary’ and the storage of (or access to) information is essential for the purpose of providing the Service requested by the user.


This information is also required to comply with other legislation that applies to App Crafters, for example, the security requirements of data protection law.


Therefore, the lawful basis for the processing is the fact that the- processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.


3.1 App Crafters AS DATA CONTROLLER


3.1 App Crafters AS DATA CONTROLLER
Data we collect First and last name, the name of the company, email address and the password.

Payment information

Card holder name, Card number, Expiration date, Security code Billing Information: First name, Last name, Company, VAT ID, Contact Email, Address, Country, State, City, ZIP code

Additional Data

i.e., data you decide to share with us by contacting us.

Information necessary for identification, time and date of data subject’s request

Other personal data

Purpose Creating and maintaining an Account at the Berry App according to the Terms of Use. When subscribing to any of the Paid Plans or when changing any Paid Plan in accordance with the Terms of Use, this information is being collected by a third-party processor. If you send us an inquiry or otherwise request support, we will collect the data you decide to share with us. To allow Data Subjects to exercise their rights in accordance with this Privacy Policy, as defined in Section 9. For the prevention and detection of fraud, money laundering or other crimes or to respond to a binding request from a public authority or court.
Legal basis Processing is necessary for the performance of the Contract (as defined in Section 1 of the Terms of Use). Without providing first and last name, the name of the company, email address and the password, you cannot create an Account. Processing is necessary for the performance of the Contract (as defined in Section 1 of the Terms of Use). Processing of personal data is either necessary to provide a Service or part thereof or the processing is based on your consent. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject. The processing is necessary to comply with legal and regulatory obligations.
Retention period Until the Account is deleted in accordance with the Terms of Use. We keep only the last four digits of the credit card number under subscription billing info until such Agreement is terminated and for the period necessary to comply with the applicable financial and tax accounting and other statutory obligations in accordance with the applicable law (Section 21 of the Terms of Use). If the processing is based on your consent, we keep the information until you withdraw your consent or for one year, whichever date comes first. We keep this information for a period of one year. In accordance with the applicable statutory deadlines.

3.2 App Crafters AS DATA PROCESSOR


As previously stated, concerning some of your personal data processed on the Berry App, App Crafters is a Data Processor, and the Client is the Data Controller. App Crafters processes personal data following instructions from the Data Controller under the Terms of Use, and DPA (if any). The purpose of such personal data processing includes but is not limited to: inviting and adding users to your company’s account on Berry App, adding optional data to the employee’s Berry App accounts, adding and editing vacation and holiday policies of the company, adding and editing job titles at the company within the Berry App, edit organization chart within the Berry App, deciding on requests submitted by the employees within the Berry App.


As a processor, App Crafters is permitted to collect, use, disclose and/or otherwise process your personal data only in accordance with its contracts with the Client.


3.2.1 Processing prior to using the Service


Employee’s data


  • The Client, your Employer shares your work email address, first and last name to enable you to access the Berry App.

  • If you have any questions regarding the legal basis for such personal data processing, please contact your Employer who added you to the Berry App.

3.2.2 Processing during the usage of the App


Employee’s data


If you decide to accept the invitation sent to your email to use Berry App, you will be required to download the App and create an account. To create the account, you will need to confirm your name and last name and your email address, as well as choose a password for your account.


Optional data, that the Employer or, for some data, the Employee may add within the Berry App are:


  • Photograph

  • Job title

  • Hire date

  • Phone number

  • Private e-mail address

  • Birthday date

  • Marital status

  • Gender

  • Residency address

  • Company’s Vacation policy

  • Company’s Holiday policy

  • Available days off for each employee

Namely, the Employer may collect and process specific dates for Employee’s vacation, holiday and remote work days via the App.


Also, You can upload a profile photo to your account and edit it.


Owner of the company’s account and Admins can view and edit everything, as well as decide on requests submitted by employees. Managers can view all data as Admins and can decide on requests submitted by employees. Employees can see all the sections besides the section only visible to Admins. Employees; do not have permission to invite other users to the team, nor they can manage the requests or data of other employees. For more information about the available roles, please contact support@tryberry.app.


If you have any questions regarding the legal basis for such personal data processing, please contact your Employer who added you to the Berry App.


4. What do we not do?

Arrow

App Crafters will never:


  • Sell any kind of personal information or data.

  • Disclose this information to marketers or third parties not specified in Section 6 of the Privacy Policy.

  • Process your data in any way other than stated in this Privacy Policy.

5. Personal data security

Arrow

We take administrative, technical, organizational, and other measures to ensure the appropriate level of security of personal data we process. Upon assessing whether a measure is adequate and which level of security is appropriate, we consider the nature of the personal data we are processing and the nature of the processing operations we perform, the risks to which you are exposed by our processing activities, the costs of the implementation of security measures and other relevant matters in the particular circumstances.


Some of the measures we apply include access authorization control, information classification (and handling thereof), protection of integrity and confidentiality, data backup, firewalls, data encryption and other appropriate measures. We equip our staff with the appropriate knowledge and understanding of the importance and confidentiality of your personal data security.


Whenever we save your personal information, it’s stored on servers and in facilities that only selected personnel and our contractors have access to. We encrypt all data that you submit through Berry App during transmission using SSL in order to prevent unauthorized parties from viewing such information. Remember – all information you submit to us by email is not secure, so please do not send sensitive information in any email to App Crafters. We never request that you submit sensitive or personal information over email, so please report any such requests to us by sending an email to privacy@tryberry.app


We protect personal information you provide online in connection with registering an account via Berry App. Access to your own personal information is available through a password selected by you. We do encryption in the database itself (BCrypt algorithm). We use HTTPS (Hypertext Transfer Protocol Secure), which is a combination of Hypertext Transfer Protocol and SSL/TSL protocol, to ensure encryption and secure server identification. To protect the security of your personal information, never share your password to anyone. Please notify us immediately if you believe your password has been compromised.


6. With whom do we share your personal data?

Arrow

App Crafters utilizes external processors and sub-processors for certain processing activities. We conduct information audits to identify, categorize and record all personal data that is processed outside our company so that the information, processing activity, processor and legal basis are all recorded, reviewed and easily accessible. The list of our sub-processors is approved by the Client.


We have strict due diligence procedures and measures in place and review, assess and background check all processors prior to forming a business relationship. We obtain company documents, certifications, references and ensure that the processor is adequate, appropriate, and effective for the task we are employing them for.


We audit their processes and activities prior to the contract and during the contract period to ensure compliance with the data protection regulations and review any codes of conduct that oblige them to confirm compliance.


This is the list of processors and sub-processors with whom we share your personal data:


Processor Role Seat Server
VeriFone, Inc.Payment processorUSAUSA, The Netherlands
Amazon, Inc.App architecture and data serversUSAGermany
Mixpanel, Inc.Tracking eventsUSAThe Netherlands
Firebase (Google Inc.) Sending notifications, Tracking events and tracking app crashes USABelgium
DittoTranslate processorUSAUSA
SendGridEmail processorUSAUSA

We may also share your personal data with our outside accountants, legal counsels, and auditors.


Moreover, we may disclose your personal information to third parties:


  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;

  • to prevent and detect fraud or crime;

  • in response to a subpoena, warrant, court order, or as otherwise required by law.

Please note that personal information may be disclosed or transferred as part of, or during negotiations of, a merger, consolidation, sale of our assets, as well as equity financing, acquisition, strategic alliance or in any other situation where personal information may be transferred as one of the business assets of App Crafters.


We do not have a list of all third parties we share your data with. However, if you would like further information about whom we have shared your data, you can request this by contacting us at privacy@tryberry.app


7. International transfer of your personal data

Arrow

We may transfer your personal data to countries other than the one you reside in. In that case, we will also apply appropriate technical and organizational measures to ensure an adequate level of security in respect of all personal data we process. We make sure that such transfer is made:


  1. to the countries within the EEA;

  2. to the countries which ensure an adequate level of protection;

  3. to the countries which do not belong to those specified under item 1. and 2, but only by applying the appropriate safeguard measures (such as Standard Contractual Clauses).

If you would like to obtain more information about these protective measures, please contact us at privacy@tryberry.app


Your personal data is stored on servers located in Frankfurt, Germany.


8. How long do we keep your data?

Arrow

The period for which we store your personal data depends on a particular purpose for the processing of personal data, as explained in detail in Section 3. We retain personal data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, we take into consideration the applicable law (see Section 21 of the Terms of Use), contractual obligations, and the expectations and requirements of our Clients. When we no longer need personal information, or when you legitimately request us to delete your information, we will securely delete or destroy it.


However, as an exception to the retention periods in Section 3 the data may be processed to determine, pursue, or defend claims and counterclaims.


9. Your rights

Arrow

Given that fairness and transparency are our cornerstone principles, we wanted to remind you of the rights that you have as a Data Subject. These rights may be exercised by Data Subject when App Crafters operates as a Data Controller.


If your inquiry or exercise of any of the Data Subject's rights relates to the data processed by the Client as a Data Controller as explained in Section 3.2 of the Privacy Policy, please contact the Client (the company that you have linked your Account with by sending them a request).


In the event App Crafters receives a request for exercising any of these rights directly from a Data Subject, we are obliged to notify the Client before responding to such a request.


Right of Access

You can send us a request for a copy of the personal data we hold about you.


We have ensured that appropriate measures have been taken to provide such in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data Subject and with prior verification as to the subject's identity.


Information is provided to the Data Subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary.

Right to Object to Processing

You have the right to object to the processing of your personal data where that processing is being undertaken based on the Data Controller’s legitimate interest. In such a case the Data Controller is required to cease processing your data unless they can demonstrate adequate grounds that override your objection.

Right to Correction of Your Personal Data

If your personal data processed by the Data Controller is incorrect, you have the right to request that we correct those data. Where notified of inaccurate data by the Data Subject, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the personal data in question to them.

Right to Erasure

You have the right to request that your personal data is deleted in certain circumstances, such as:


  • The personal data are no longer needed for the purpose for which they were collected;

  • You withdraw your consent (where the processing was based on consent);

  • You object to the processing and no overriding legitimate grounds are justifying processing the personal data;

  • The personal data have been unlawfully processed; or

  • To comply with a legal obligation.

However, this right does not apply where, for example, the processing is necessary:


  • To comply with a legal obligation; or

  • For the establishment, exercise, or defense of legal claims.

The Client and Admin user can leave the company account and deactivate its User Account and User Accounts of its Employees. Please note that some data will be kept for our internal business purposes, legal, financial, and accounting purposes in accordance with Section 16. of Terms of Use.

Right to Restriction of Processing

You can exercise your right to the restriction of processing in the following situations:


  • if the accuracy of the personal data is contested,

  • you consider the processing unlawful, but you do not want your personal data to be erased,

  • we no longer need the personal data, but you require it for the establishment, exercise or defense of legal claims or you have objected to the processing and verification.
Right to Data Portability

Where you have provided personal data to us, you have the right to receive such personal data back in a structured, commonly used and machine-readable format, and to have those data transmitted to a third-party without hindrance, but in each case only where:


  • The processing is carried out by automated means; and

  • The processing is based on your consent or the performance of a contract with you.
Right to Withdraw the Consent

If you have provided your consent to the collection, processing, and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.


Right to Lodge a Complaint

If you have any concerns or requests in relation to your personal data, please contact us at privacy@tryberry.app and we will respond as soon as possible but not later than 30 days.


If you are unsatisfied with our response, you may also contact the competent supervisory authority at your country of residency or Commissioner for information of public importance and personal data protection, Bulevar kralja Aleksandra 15, 11120 Belgrade, telephone number: (+381)-11-3408-900, https://www.poverenik.rs/en/home.html.


10. Changes to our privacy policy

Arrow

Any changes we may make to our Privacy Policy will be posted on this page and where appropriate may be notified to you by email or advised to you on the next login to Berry App. If you continue with the use of the Berry App after the changes were implemented, that will signify that you agree to any such changes.