Back to home

Privacy Policy

March 04, 2024

GLOBALSTONE PROJECT SERVICES – FZCO is committed to protecting your privacy and complying with applicable data protection and privacy laws. This Privacy Policy ("Policy") is designed to help you understand what kind of information we collect in connection with our mobile application BTRFLY (hereinafter referred to as "Application") and how we process and use such information. Throughout this Policy the term "personal data" means information relating to an identified or identifiable individual (i.e. a natural person).

"GLOBALSTONE PROJECT SERVICES – FZCO" or "controller" refers to GLOBALSTONE PROJECT SERVICES – FZCO, a Free Zone Company incorporated under the Dubai Integrated Economic Zones Authority (DIEZA) — IFZA, with its registered office at IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates, Registration Number: 76343, Trade License Number: 78092 (also referred to as "we", "us", or "our"). You acknowledge that your personal data collected may be used in accordance with this Policy by and for one or more GLOBALSTONE PROJECT SERVICES – FZCO group companies or other companies as the case may be, which will be regarded, individually or jointly, as data controllers in respect of your personal data if there is an agreement between you and such controller. If Application is transferred, assigned or passed to a new owner or operator, this new owner or operator will replace GLOBALSTONE PROJECT SERVICES – FZCO as data controller.

This Policy applies to personal data collected in connection with Application or from other interactions with us where a link or other appropriate reference of incorporation to this Policy is made, for example, in connection with our other products, websites, applications and other types of services offered by GLOBALSTONE PROJECT SERVICES – FZCO typically in electronic form, as well as other services such as customer care and warranty services, customer events, or promotions and campaigns.

Our products or services may also contain links to other companies' websites and other third party services that have privacy policies of their own. We recommend that you carefully read the privacy policies of such services. GLOBALSTONE PROJECT SERVICES – FZCO is not responsible for the privacy practices or contents of any such third party services.

Where a consent from you to the processing of personal data described in this Policy is required under the applicable law, such consent will be obtained by an appropriate mechanism such as ticking a box stating your consent, choosing technical settings for Application, service or website, or other statement or conduct clearly indicating your acceptance to the processing, depending on the product, website, service or application you are using.

It is crucial that you understand how and why we collect, use and share your personal data when you install, access and use Application or when you otherwise interact with us, always in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR").

We have taken appropriate technical and organisational measures to protect the personal data retained by us against unauthorized access and misuse. Our security procedures are revised regularly and adapted to reflect technological progress.

1. Information about you we collect

1.1. We collect information you directly provide to us while you install and use Application including your registration. This includes:

  • 1.1.1. First name (e.g. Thomas) — within the registration process we collect your first name (you also referred to as "Data Subject") in order to:
    • communicate with registered users about products, services, offers, promotions, and events,
    • provide other news and information we think will be of users' interest, and
    • allow registered users to be known / identified while using Application.
  • 1.1.2. Age — within the registration process we collect the age of Data Subjects to enable other registered users to consider this information when deciding to start a communication with you through Application in accordance with its main purpose (seeking an appropriate partner and dating).
  • 1.1.3. Place of occurrence or interest — collected to allow registered users to use functionality of Application enabling users to see other persons within a respective place or to be seen by other registered users within a respective place, area, city or region.
  • 1.1.4. E-mail address — collected to authenticate you and provide you information about Application, other products, services, offers, promotions, and events.
  • 1.1.5. Phone number — collected to authenticate you and provide you information about Application, other products, services, offers, promotions, and events.
  • 1.1.6. Photos:
    • Profile photo — within the registration process we collect a photo of Data Subjects; such content may be uploaded to the registered user's account (profile photo). We reserve the right to remove a photo if its content is unethical, inappropriate or contrary to law.
    • Photos for profile verification purposes — when using the Application, you can verify your identity. The process of scanning your face and taking photos for verification purposes will begin only after you have given your specific consent in the Application.
  • 1.1.7. Other information — to provide quality customer support and communication, we may process:
    • Device information (device name, IMEI/ESN/MEID/SN, activation time, hardware model, OS version, application version, software identification code, and device and application settings such as region, language, time zone, and font size).
    • Mobile network information (PLMN, provider ID and IP address).
    • Log information — time of access, access count, IP address, and information about incidents (errors, crashes, restarts, and upgrades).
    • Location information — collected only if you enable location gathering in the Application settings. Simply installing the Application does not gather your location. You can disable location permissions at any time.

1.2. We do not intend to process most special categories of data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data for uniquely identifying a natural person, health data, or data concerning sex life or sexual orientation) unless the individual has given explicit consent (such as for profile verification purposes).

1.3. Collection of personal data under section 1.1 is not automatic and comes into consideration only after they have been provided to us by the Data Subject in order to use the specific functionality of the Application. If you no longer wish your personal data to be processed, you may contact us to exercise any of the rights in section 8.

1.4. Processing of personal data in section 1.1.6.(b) is not a legal requirement. However, without your consent it is not possible to verify identity of Data Subjects.

1.5. Processing of personal data in section 1.1 (except section 1.1.6.(b)) is necessary to become a registered user. Without providing this personal data, you cannot register and use the Application.

2. How we use information about you

2.1. We process personal data mentioned in section 1 for the following purposes and on the following legal grounds:

  • 2.1.1. to allow the Data Subject to use the Application and its functionalities [performance of a contract — Article 6(1)(b) GDPR]. This includes profile verification where we process related photos only with your specific consent [Article 9(2)(a) GDPR].
  • 2.1.2. to fulfil our legal obligations [Article 6(1)(c) GDPR].
  • 2.1.3. for establishment, exercise or defence of legal claims [legitimate interests — Article 6(1)(f) GDPR].
  • 2.1.4. to provide personal data pursuant to section 1.1 to third parties for their business activities [consent — Article 6(1)(a) GDPR].

2.2. We also process your information for our legitimate interests [Article 6(1)(f) GDPR] and those of third parties, applying appropriate safeguards, notably to:

  • identify you as an individual or entity, or perform KYC checks;
  • maintain and improve the Application;
  • measure performance;
  • communicate with you about products, services, offers, promotions, and events, and provide other news and information;
  • prevent or detect fraud;
  • protect against harm to rights, freedoms, property or safety of Data Subjects as required or permitted by law;
  • send you Application updates and installation notifications;
  • synchronise, share, and store the data you have provided;
  • process pursuant to laws and regulations, e.g. tax, authority requests.

2.3. Our legitimate interest lies in conducting and managing our business and the above purposes. We balance any potential impact on you and your rights before we process your personal data for our legitimate interests. You can obtain further information about our legitimate interest assessment by contacting us at support@btrfly.com.

2.4. We may process and use your personal data for marketing, including personalized marketing or research in accordance with applicable laws. Some products or services may be used to promote products and services of other companies; however, GLOBALSTONE PROJECT SERVICES – FZCO does not disclose your personal data to such companies for their marketing purposes without your prior consent.

2.5. We may process your personal data for profiling/personalization for such purposes as targeted direct marketing and improvement of our products or services, and to create aggregate and statistical information.

2.6. We will process the information about you during the term necessary for the purposes for which it is processed (i.e., while your account is active, within the period required by law, or as necessary for the establishment, exercise or defence of legal claims). Photos taken during profile verification are processed only during the time we have your consent and 10 days after that.

2.7. The provision of the personal data specified above is voluntary; however, if you do not provide it, we may not be able to provide a functional Application.

3. Consent on processing your personal data and cookies

Consent

3.1. Consent is gathered within the installation process of the Application, whereas provision of consent is not a condition of installation or further usage of the Application. Only the active ticking of the consent box before the Application is installed is considered as freely given consent; otherwise we will not proceed to the processing of your personal data for the purposes stated below.

Consent is gathered for the following purposes:

  • 3.1.1. disclosure of personal data of Data Subjects to third parties (other than the controller) for their marketing purposes ("marketing of third parties"),
  • 3.1.2. use of cookies for the purposes stated within section 3.2 below,
  • 3.1.3. verification of identity of Data Subjects who use the Application.

For the purposes above the following personal data will be processed:

  • Name
  • Age
  • Place of occurrence or interest
  • E-mail address
  • Phone number
  • Profile photo
  • Other information; see section 1.1.7 above
  • Photos for profile verification purposes

You are always authorized to withdraw this consent at any time by sending a withdrawal via a preferred communication route under Clause 10. If your preferred route is telephone, please also confirm by email or post.

Cookies

3.2. A cookie is a small piece of data sent from the Application and stored on the user's device while the user is using the Application. We set third party cookies on behalf of companies that provide space for the display of advertising while using the Application.

We may use cookies to establish a relationship between devices or data pertaining to the same user. If we already have information about a device's user, we may link the information stored in cookies to the device's Ad ID. We use this information to facilitate the delivery of targeted advertisements. You are always authorized to withdraw this consent at any time under Clause 10.

4. How we share information

4.1. In certain specific cases we might use our business partners to perform certain services for us. Generally these are standardized services and we bind our business partners with protection of your personal information according to this Policy.

4.2. We might share your information with the following categories of recipients:

  • other registered users, in accordance with the main purpose of the Application (seeking an appropriate partner and dating);
  • our hosting provider;
  • owners of media properties and other companies that send targeted advertising to consumers;
  • data centres provided by third parties;
  • other vendors.

The third parties above include: Google LLC (Mountain View, CA, USA); Apple Inc. (Cupertino, CA, USA); Meta Platforms, Inc. (Menlo Park, CA, USA); Sentry (San Francisco, CA, USA).

4.3. We will not share our users' personal information with third parties unless one (or more) of the following applies:

  • we may share information (with prior notice where legally permissible) in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process or governmental request;
  • we may share information in response to an emergency if we believe it is necessary to prevent imminent and serious bodily harm to a person.

4.4. We may share aggregated or anonymized information that cannot be used to identify you, even if based on your personal data.

5. Transfer to other countries

5.1. Personal data of our users will be transferred, processed and stored on servers located in the EU. We may subcontract processing to, or share your information with, third parties located in countries other than your home country, but not third countries. Regardless of where your information is processed, we apply the same protection as described in this Policy.

6. Security

6.1. We take appropriate technical and organisational measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.

6.2. We take reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed. We retain your personal data for no longer than necessary for the purposes stated in this Policy, unless extending the retention period is required or permitted by law.

6.3. We are committed to protecting your personal data. Nevertheless, no security measure is perfect and no product, service, website, data transfer, computing system, or network connection is absolutely secure.

7. Age limit

7.1. The Application is not intended or directed at individuals under the age of 16. We do not knowingly collect personal information from individuals under 16 ("the Age Limit"). If you are under the Age Limit, please do not use the Application and do not provide any personal data to us.

8. Your rights

8.1. You as a data subject ("the Data Subject" or "user") have the right to request access and rectification or erasure of personal data or restriction of processing, or to object to processing, as well as the right to data portability.

8.2. The Data Subject has the right to lodge a complaint with the competent supervisory authority overseeing companies operating within the Dubai Silicon Oasis Free Zone, namely Dubai Silicon Oasis Authority (DSOA), www.dso.ae.

8.3. The right to rectification is the right of the Data Subject to obtain without undue delay the rectification of inaccurate personal data concerning them.

8.4. The Data Subject shall have the right to receive the personal data concerning them, which they have provided to us, and have the right to transmit those data to another Controller where technically feasible, where the processing is based on consent or on a contract and carried out by automated means.

8.5. The Data Subject shall have the right to object, on grounds relating to their situation, at any time to processing of personal data concerning them which is based on Article 6(1)(e) and (f) GDPR, including profiling based on those provisions.

8.6. Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to such processing, which includes profiling to the extent it is related to such direct marketing.

8.7. Subject to statutory limitations, the Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.

8.8. The Data Subject has the right to access their data. Upon request, the Controller shall confirm whether the Data Subject's personal data are being processed and provide a copy.

8.9. The first copy is free of charge. For any further copies, the Controller may charge a reasonable administrative fee. If requested electronically, the information shall be provided in a commonly used electronic format unless another method is requested.

8.10. The Data Subject has the right to rectify inaccurate personal data and to complete incomplete personal data without undue delay.

8.11. The Data Subject has the right to erasure of personal data if:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the Data Subject withdraws consent on which processing is based, and there is no other legal ground for the processing;
  3. the Data Subject objects to the processing under section 8.19;
  4. the personal data have been unlawfully processed;
  5. erasure is necessary to comply with a legal obligation under UAE law to which the Controller is subject; or
  6. the personal data have been collected in relation to the offer of information society services to a person under 16 years of age.

8.12. The exercise of the right to erasure is subject to respective limitations set by applicable law.

8.13. The Data Subject shall not have the right to erasure if processing is necessary for:

  1. exercising the right of freedom of expression and information;
  2. compliance with a legal obligation under UAE law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. reasons of public interest in the area of public health;
  4. archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes; or
  5. the establishment, exercise, or defence of legal claims.

8.14. The Controller shall erase personal data upon request without undue delay after evaluating that the request is justified.

8.15. The Data Subject has the right to restrict the processing of personal data if:

  1. they contest the accuracy of the personal data, during a period allowing the Controller to verify accuracy;
  2. the processing is unlawful and the Data Subject opposes erasure and requests restriction of use instead;
  3. the Controller no longer needs the personal data, but the Data Subject requires them for legal claims;
  4. the Data Subject has objected to processing based on legitimate interests, until verifying whether the Controller's grounds override those of the Data Subject.

8.16. If restriction is requested, the Controller shall refrain from processing (except storage) without the Data Subject's consent.

8.17. The Data Subject shall be informed when the restriction is lifted.

8.18. The Data Subject has the right to data portability — to obtain personal data provided to the Controller in a commonly used and machine-readable format and to transmit this data to another Controller, where processing is based on consent or a contract and is carried out by automated means.

8.19. The Data Subject has the right to object at any time to processing of their personal data for reasons relating to their particular situation. Objection may be made to processing based on:

  1. the performance of tasks carried out in the public interest or in the exercise of public authority vested in the Controller;
  2. processing for direct marketing purposes;
  3. processing for scientific or historical research purposes, or statistical purposes.

8.20. If the Data Subject objects to processing for direct marketing under 8.19(b), the Controller may no longer process their personal data for that purpose.

8.21. The Controller shall promptly assess the objection and shall not further process personal data unless it demonstrates compelling legitimate grounds that override the interests, rights and freedoms of the Data Subject or for legal claims.

8.22. The Data Subject has the right to withdraw consent to the processing of personal data at any time if processing is based on that legal ground.

8.23. Withdrawal may be made by contacting the responsible person in any chosen way.

8.24. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8.25. The Data Subject acknowledges that the Controller has fulfilled the obligation to provide information in accordance with Article 13 GDPR.

9. Changes to the privacy policy

9.1. We may change this Policy from time to time. When we make material changes, we will provide you with prominent notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the Application or by sending you an email. We encourage you to review the Policy whenever you access or use the Application or otherwise interact with us.

10. Contact us

10.1. Questions or comments about this Policy may be directed to support@btrfly.com.

Our Data Protection Officer is available at info@btrfly.com. You may address your comments and requests regarding the processing of personal data to that address.

Last updated: March 04, 2024.