Create Urby Profile
Build and engage the local audience
Last update: 15 May, 2018
Welcome to Urby!
Thanks for using our Service!
Your Service Account
You must be at least 16 years old for using the Service.
You may create your own Service Account, or your Service Account may be assigned to you by an administrator, such as your employer. If you are using a Service Account assigned to you by an administrator, different or additional terms may apply and your administrator may be able to access or to disable your account.
To protect your Service Account, keep your password confidential. You are responsible for the activity that happens on or through your Service Account. Try not to reuse your Service Account password on third-party applications.
Your Content in the Service
Some components of the Service allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.
When you upload, submit, store, send or receive content to or through the Service, you give Provider (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with the Service), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving the Services, and to develop new ones.
This license continues even if you stop using the Service. Some components of the Service may offer you ways to access and remove content that has been provided to that Service. Also, in some components of the Service, there are terms or settings that narrow the scope of our use of the content submitted in those components of the Service. Make sure you have the necessary rights to grant us this license for any content that you submit to the Services.
If you have a Business Account, we display your Profile name, Profile photo, locations, offers, events and other actions you take on the Service, including displaying in ads and other commercial contexts.
Using the Service
You must follow any policies made available to you within the Service.
The Service displays some content that is not Provider’s. This content is the sole responsibility of the entity that makes it available. We may review content to determine whether it is illegal or violates our policies, and we may remove or refuse to display content that we reasonably believe violates our policies or the law. But that does not necessarily mean that we review content, so please don’t assume that we do.
In connection with your use of the Service, we may send you service announcements, administrative messages, and other information. You may opt out of some of those communications.
Intellectual property rights (IPR)
Intellectual property rights (IPR) are all intangible rights, such as copyright, know-how, database rights, design rights, model rights, patents, trademarks and domain name registrations.
The Service is protected by international conventions and national law on copyright as well as international trade provisions.
All content, including graphic layout, text, images, illustrations, graphics, audio or video clips are parts of the trademarks, service marks, copyright and/or other intellectual property rights or parts of the licenses held by Provider or his partners or other third parties who have licensed their materials to Provider.
Logos, names of goods and Service as well as offers that belong collaborators of Provider are the property of respective owners and they have full rights and obligations on them.
The user of Service cannot copy, download, reproduce, modify, distribute, transmit, transfer or create derivative works from the content of Service without direct written permission from Provider.
If the user of Service notifies or believes that any material on this website, published by Provider or by someone else, violates copyright or any other rights, may contact Provider at email address firstname.lastname@example.org, in order to take a decision as quickly as informed.
Permissions & Responsibilities
The users of Service are directly responsible for:
- any content that they enter via Service
- all activities within the Platform, as creating, editing, modifying or deleting content, that are made under their username, Provider reserving his right to intervene on such content, sending it in case of the requirements set out in this document are not met
The users of Service are not allowed:
- to register in the Platform any content that is illegal, harmful, threatening, abusive, harassing, defamatory, pornographic, privacy invasive or affecting the minors in any way
- to register in the Platform as events content which represents promotions or offers of Service, products or any kind of activities involving marketing of goods or Service over a period of time no matter how long it is. For this type of content, it can be used the sections of Offers, Promotions, Menu or Products within the Platform, according to the contract that they signed with Provider
- to introduce in the Platform content which includes private information or identifies a third party without its express consent
- to introduce content which is false, deceptive, misleading, confusing or misinformed
- to use the Platform for illegal or unauthorized purposes
- to modify, to adapt or to exploit the security of the Platform as well as to modify another website in order to induce false impression that is associated with Urby
- to create and send unsolicited emails to any other users of the Platform or applications that derive from it ("SPAM").
If the user of Service is not a Romanian citizen or resident in Romania, he is obliged to submit to Romanian laws regarding conduct and content acceptable in online media.
The user of Service agrees that Provider take content created and edited by him in order to send it to third web and mobile applications that displays the content of Platform.
About Software in the Service
When a Service requires or includes downloadable software, this software may update automatically on your device once a new version or feature is available. Some Services may let you adjust your automatic update settings.
Urby gives you a personal, worldwide, royalty-free, non-assignable and non-exclusive license to use the software provided to you by Provider as part of the Service. This license is for the sole purpose of enabling you to use and enjoy the benefits of the Service as provided by Provider, in the manner permitted by these terms.
You may not copy, modify, distribute, sell, or lease any part of the Service or included software, nor may you reverse engineer or attempt to extract the source code of that software, unless laws prohibit those restrictions or you have our written permission.
Open source software is important to us. Some software used in the Service may be offered under an open source license that we will make available to you. There may be provisions in the open source license that expressly override some of these terms.
Modifying and Terminating the Service
We are constantly changing and improving the Service. We may add or remove functionalities or features, and we may suspend or stop a part of the Service altogether.
You can stop using the Service at any time, although we’ll be sorry to see you go. Provider may also stop providing the Service to you, or add or create new limits to the Services at any time.
We believe that you own your data and preserving your access to such data is important. If we discontinue a part of the Service, where reasonably possible, we will give you reasonable advance notice and a chance to get information out of that Service.
Our Warranties and Disclaimers
We provide the Service using a reasonable commercially level of skill and care and we hope that you will enjoy using them. But there are certain things that we don’t promise about the Service.
Some jurisdictions provide for certain warranties, like the implied warranty of merchantability, fitness for a particular purpose and non-infringement. To the extent permitted by law, we exclude all warranties.
Provider shall not be responsible if the subcontractors and/or his partners of any kind involved in executing of order, do not fulfill any of their contractual obligations.
Neither party shall be liable for failure to perform its contractual obligations if such failure is caused by an event of force majeure.
Force majeure is unforeseeable and unavoidable, beyond the parties, noted as such under the laws in force.
Applicable law. Jurisdiction
Price and payment method are specified in the order.
Order is the electronic document (email, invoice, etc.) that comes as form of communication between Provider and the Business User Account, whereby Business User Account expresses its intention to purchase a Business Account from Provider.
Business Account payment will be made at the beginning of each period for which the user of Service chooses to use the Business Account.
Payment is based on the invoice issued by Provider, according to the time required by the user of Service.
After payment confirmation of invoice, Provider shall issue and send the appropriate bill, which is purchase account confirmation for the time specified in the invoice.
The user of Service is obliged to provide all necessary information for invoice in accordance with law.
In case of acquisition of several months of use account by the user of Service, Provider may apply discounts, which will operate directly in the invoices.
In the case that user of Service renounces at Business User Account after payment, the amount paid by him will not be refunded.
The user of Service could cease the payment account at any time, but without being able to request the return of any amounts previously paid.
If the user of Service does not renew the account after a period of time, the account is automatically suspended at the end of the last day of that period for which the account was purchased.
Changes will not apply retroactively and will become effective no sooner than 10 days after they are posted. However, changes addressing new functions for a Service or changes made for legal reasons will be effective immediately. If you do not agree to the modified terms for a Service, you should discontinue your use of that Service.
If you do not comply with these terms, and we don’t take action right away, this doesn’t mean that we are giving up any rights that we may have (such as taking action in the future).
If it turns out that a particular term is not enforceable, this will not affect any other terms.
For information about how to contact Provider, please visit our contact page.
Applicable from 25 May 2018
SC EVENTYA CO SRL is a company with Romanian private capital, based in Sura Mare, 18 Florilor Street, Sibiu County, registered with the Trade Registry Office attached to the Sibiu Court with the number J32/408/2013, Unique Registration Code: RO31611012, email email@example.com.
SC EVENTYA CO SRL collects, processes and stores personal data in the EU, being able to demonstrate at all times compliance with European Union law and the principles set out in this document.
All personal data processing activities carried out by SC EVENTYA CO SRL are in line with the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Directive).
Terms and definitions
”Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
”Consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
”Controller” is SC EVENTYA CO SRL, supplier of Urby App and website located at http://urbyapp.com/, which processes personal data in the EU, according to the legislation and the present policy
”User” means individual, with the minimum age of 16 (or the legal minimum age at which someone can join an online service without the controller having to obtain parental consent), which expresses its consent to the use of the Application under the operator’s policies and whether or not it is authenticated in the Application by creating a profile
”Supervisory Authority” means an independent public authority which is established by a Member State according to Regulation (EU) 2016/679
”Urby”, hereinafter referred to as the Application, means the mobile application available for iOS and Android operating systems, owned by SC EVENTYA CO SRL and running on the Eventya Publishing Platform
”Eventya Publishing Platform”, hereinafter referred to as the Platform, means an integrated system, consisting of a suite of web-based software applications and mobile applications that are subject to copyright law, being registered in the National Register of Computer Programs according to the certificate series 799029BM no. 09135
- Personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data is accurate and, where necessary, kept up to date.
- Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Who is responsible for processing personal data?
The responsibility for the processing of personal data rests with SC EVENTYA CO SRL. It decides what data is processed, for what purpose and how this processing takes place.
The legal basis of the processing of personal data
Personal data is processed with the express and unambiguous consent of the Application’s user, in accordance with the provisions of the legislation in force and under the terms of this policy.
It may be the basis for processing: a contract, a user’s request before entering into a contract, the need to comply with a legal obligation, the legitimate interest of the operator or of a third party, the need to protect the vital interests of the user or other individual, fulfilling a task that serves a public interest.
What data do we collect and for what purpose?
We collect personal data from both users who sign in to their accounts in mobile apps as well as those who access the apps non-authenticated.
In the case of authentication, we collect the following personal data:
- first and last name - used to create the user account, visible in the Application;
- photo - the profile picture is automatically taken from the social profile when the user logs into the Application with his/hers Facebook or Google Account. Once authenticated, regardless of the authentication method, the user can add or change the profile picture;
- email address - is automatically collected from your Facebook or Google account, when the user logs in through Social Media. It can be manually entered by the user when logging in with email and password. A user's email address is not visible anywhere in the Application, being used only for authentication;
- information about the device of the user (operating system, type of smartphone (model), the network he uses, GPS location (optionally, if it has given its consent in the Application), this information being used for statistical purposes only.
For unauthenticated users, the following data is collected:
- information about the device of the user (operating system, type of smartphone (model), the network he uses, GPS location (optionally, if it has given its consent in the Application), this information being used for statistical purposes only;
In addition to the personal data we referred to above, we obtain data from the analysis of how our services are used, as follows:
- information about the device of the user (operating system, type of smartphone (model), the network he uses, GPS location (optionally, if it has given its consent in the Application), this information being used for statistical purposes only;
- data collected in Google Analytics, used for statistical purposes to determine patterns in user behavior;
- data obtained by using the "REMINDER" function at events is stored for statistical purposes to make charts with popular events;
- data obtained by creating collections with locations and events are stored for statistical purposes to determine popular locations or events.
SC EVENTYA CO SRL doesn't process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
What data do we collect for creating profile in the Application and what do we make public?
When creating a user profile in the Application, the following personal data is required:
- first and last name;
- email address;
- profile picture (when logging in through one of two social platforms: Facebook or Google).
In the user account, which is public in the Application, we publicly display the following information:
- first and last name;
- profile picture
What is the purpose for which personal data is processed?
We process personal data for:
- geolocation, in the case of the user who accepted the availability of his/hers GPS location to view / order different locations on the map or list, depending on its distance from them. In the lists of locations we display the distance in kilometers from the user's location to the point of interest;
- push notifications - users can receive push notifications in the following situations:
- when they “follow” a location or an event organizer in the Application. In this case, they are notified when that entity publishes an event or new offer;
- when they click on “Going” to an event, they will be notified based on the reminder that they set in the Application or local calendar;
- when they “follow” other users from the Application, about their activity in the Application;
- when another user of the platform “follows” you in the Application, you’ll be notified;
- general push notifications sent by content managers / publishers of the Application. When installing the Application, you can choose to receive or not these general notifications.
- statistics and reports - the Application users’ data are processed with Google Analytics, generating automated marketing statistics in order to better promote the Application.
The marketing statistics remain anonymous and are not made public.
How to collect and process personal data?
The collection of personal data is done:
- automatically, when creating a new user account through social platforms (Facebook or Google), including: name, surname, email, photo, device data, GPS location (optional)
- manually, when creating a new user account through email and password, including name, surname, email; the photo can be added later - optional.
The processing of personal data is done:
- automatically, through Google Analytics, Fabric and Amplitude, for statistical purposes;
- manually, in order to prepare marketing reports.
User statistics remain anonymous and are not made public.
For what period do we store personal data?
Personal data is stored for an indefinitely period of time.
The user may at any time request the modification or deletion of personal data by using the contact form in the Application.
Deleting your user account involves automatically deleting your personal data (name, surname, email, picture, password, phone number), collections created, and followed pages.
Currently, we are working on introducing an account deletion button, which will allow the user to delete his / hers account (and all the personal data referred to above).
To whom do we transfer personal data and for what purpose?
We transfer personal data to:
Google Analytics (outside the EU), where user data is stored for statistical and marketing purposes;
Fabric (outside the EU), where data about app crashes and users is stored, so we can fix what it’s not working on in the Application;
Amazon (Frankfurt, EU), where the users’ profile pictures are stored (when that’s the case), Amazon being a private storage service;
Google Cloud (EU), where our server and database are located.
What security measures have we implemented?
We are constantly concerned with the implementation of the necessary security measures to minimize the risks of unauthorized access to data and implicitly the impact on the privacy of the users:
- SSL standard for the encryption of data flow;
- OAUTH standard for user authentication;
- HMAC - is used to verify (authenticate) that the data has not been altered or replaced.
- limiting the number of IPs from which the server where we have the database and the web server can be accessed;
- limited server access by using private SSH keys.
The Regulation gives the user a series of rights, which we briefly present in the following:
1. right to information and access to personal data, by virtue of which the user can obtain from us a confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data and the information about the methods and the purposes of processing;
2. right to rectification of personal data that can be invoked in order to obtain without undue delay the rectification of inaccurate personal data or completing of incomplete personal data;
3. right to erasure (‘right to be forgotten’) by virtue of which the user can obtain the erasure of personal data without undue delay where one of the following grounds applies:
i.the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
ii.the user withdraws consent on which the processing is based and there is no other legal ground for the processing;
iii.the user objects to the processing and there are no overriding legitimate grounds for the processing;
iv.the personal data have been unlawfully processed;
v.the personal data have to be erased for compliance with a legal obligation;
vi.the personal data have been collected in relation to the offer of information society services.
4. right to restriction of processing where one of the following applies:
i.the accuracy of the personal data is contested by the data subject, for a period enabling us to verify the accuracy of the personal data;
ii.the processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;
iii.we no longer need the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims;
iv.the user has objected to processing pending the verification whether the legitimate grounds of the controller override those of the user.
5. right to object, by virtue of which the user can object, on grounds relating to his or her particular situation, at any time to processing of personal data, including profiling, where:
- the processing is necessary for the performance of a task carried out in the public interest; or
- the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the user shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
6. right to data portability that gives permission to a user to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller, where the processing is based on consent or on a contract and the processing is carried out by automated means.
By virtue of this right, personal data concerning the user can be transmitted directly from one controller to another, where technically feasible.
We encourage users to check this page periodically to keep up-to-date on our privacy practices.
How can you contact us?
For questions about processing your personal data, you can contact SC EVENTYA CO SRL in writing at the address Sura Mare, 18 Florilor Street, Sibiu County, 557265 Romania, or through email at the address firstname.lastname@example.org.
If you wish to make complaints about the processing of your personal data, you can write to the same address, and we will respond within the legal term of correspondence in accordance with our internal policies and procedures.
In the unlikely event that you believe your rights to the processing of personal data have been violated and SC EVENTYA CO SRL did not treat the complaint properly, you can address a Supervisory Authority for Personal Data Processing.
The address of the National Supervisory Authority for Personal Data Processing: 28 - 30 Gen. Gheorghe Magheru Bld., District 1, 010336 Bucharest, Romania.