Effective Date: 2025-07-24

This Privacy Policy describes how ColdLake OÜ (“ColdLake,” “we,” “us,” or “our”), collects, uses, stores, and shares your personal data when you use our mobile application “Bengodi” (the “App”).

We are committed to protecting your privacy and handling your data in a transparent and lawful manner, in accordance with the General Data Protection Regulation (GDgulation (EU) 2016/679) and applicable Estonian data protection laws.

1. Data Controller

ColdLake OÜ is the data controller responsible for the processing of your personal data collected through the Bengodi App.

2. What Personal Data Do We Collect?

We collect the following types of personal data:

  • Account Data: When you create an account, we collect your username and email address.
  • Profile Information (Optional): You may choose to provide additional information for your public profile, such as a profile picture, a short bio, or other details.
  • Content Data:
    • Pictures: Pictures you choose to upload to the App.
    • Geographical Information (Location Data): We collect the precise geographical location (GPS coordinates) where a picture was taken. This data is associated with the picture.
    • Post Content: Any text, captions, or other information you add to your posts.
    • Visibility Settings: Information about whether you designate a post as “public” or “private.”
  • Interaction Data: Information about your interactions within the App, such as comments you make, likes you give, and users you follow.
  • Device and Usage Data: We automatically collect certain information when you access and use the App, including:
    • Your device’s unique identifier.
    • Your mobile operating system.
    • The type of mobile Internet browser you use.
    • IP address.
    • App usage statistics (e.g., features accessed, time spent on the App).
    • Crash logs and performance data.
  • Communication Data: If you contact us for support or other inquiries, we collect the content of your communication and our responses.

3. How We Collect Your Personal Data

We collect personal data in the following ways:

  • Directly from You: When you create an account, upload pictures, set post visibility, or communicate with us.
  • Automatically: Through your use of the App, your device’s GPS functionality, and standard logging technologies.
  • From Your Device (with your consent): We request access to your device’s local pictures only for the purpose of allowing you to select which pictures you wish to upload to the App. We do not access, collect, or store any local pictures other than those you explicitly choose to upload.

We process your personal data based on the following legal bases:

  • Performance of a Contract (GDPR Article 6(1)(b)): We process your Account Data, Content Data (pictures, post content), and Interaction Data to provide you with the Bengodi service, including allowing you to post publicly or privately, and to enable other users to view your content according to your settings.
  • Your Consent (GDPR Article 6(1)(a)):
    • Location Data: We will explicitly ask for your consent to access and collect your GPS location data when you take a picture within the App or choose to add location data to a picture. You can withdraw this consent at any time through your device settings or the App’s settings.
    • Access to Local Pictures: We will ask for your consent to access your device’s local pictures solely for the purpose of allowing you to select images for upload. You can manage this permission through your device settings.
    • For certain optional features or marketing activities, we may rely on your explicit consent.
  • Legitimate Interests (GDPR Article 6(1)(f)): We may process Device and Usage Data for our legitimate interests to:
    • Improve and optimize the App’s performance and user experience.
    • Ensure the security and stability of our services.
    • Analyze user trends to enhance features and content.
    • Prevent fraud and abuse.
    • For our business operations and to comply with legal obligations (see below).
  • Legal Obligation (GDPR Article 6(1)(c)): We may process your personal data where it is necessary to comply with a legal obligation to which we are subject (e.g., tax laws, responding to lawful requests from public authorities).

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To Provide and Maintain the App: To operate the core functionalities of Bengodi, including enabling you to create an account, upload food pictures, and manage your posts.
  • To Display Your Content:
    • Public Posts: If you choose to make a post public, your picture, associated geographical information, and any other post content will be visible to all Bengodi users and potentially accessible via the internet.
    • Private Posts: If you choose to make a post private, your picture, associated geographical information, and any other post content will only be visible to the specific users you select.
  • To Personalize Your Experience: To recommend content or users that may be of interest to you.
  • To Improve and Develop the App: To understand how users interact with Bengodi, identify areas for improvement, and develop new features.
  • For Analytics and Research: To analyze usage patterns, diagnose technical issues, and conduct research to enhance our services.
  • For Communication: To send you important notices, updates about the App, or respond to your inquiries.
  • For Security and Fraud Prevention: To protect the integrity of the App and detect and prevent fraudulent or unauthorized activities.
  • To Comply with Legal Obligations: To fulfill our legal responsibilities and respond to lawful requests from government or law enforcement authorities.

6. How We Share Your Personal Data

We may share your personal data with the following categories of recipients:

  • Other Bengodi Users (based on your settings):
    • Public Posts: Your username, profile information, public posts (including pictures and their associated geographical information), and any comments you make on public posts will be visible to all Bengodi users.
    • Private Posts: Your username, profile information, private posts (including pictures and their associated geographical information), and any comments you make on private posts will only be visible to the specific users you have chosen to share them with.
  • Service Providers: We may share your data with third-party service providers who perform services on our behalf, such as:
    • Cloud hosting providers (e.g., for storing pictures and data).
    • Analytics providers (to help us understand App usage).
    • Customer support providers.
    • These service providers are contractually bound to process your data only according to our instructions and to implement appropriate security measures.
  • Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law, in response to a court order, subpoena, or other legal process, or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights or property, or ensure the safety of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized data (data from which your personal identity has been removed) with third parties for various purposes, including analytics, research, or marketing. This data cannot be used to identify you personally.

7. International Data Transfers

As ColdLake OÜ is an Estonian company operating within the EU, your data is primarily processed and stored within the European Economic Area (EEA). If we transfer your personal data to countries outside the EEA, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission.
  • Ensuring the recipient country has been deemed to provide an adequate level of data protection by the European Commission.
  • Binding Corporate Rules.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Generally:

  • Account Data: Retained for as long as your account is active and for a limited period thereafter to allow for account recovery or to comply with legal obligations.
  • Content Data (Pictures, Location, Posts): Retained for as long as the content is active on the App. If you delete content, it will be removed from public view, but residual copies may remain on our backup systems for a limited period due to technical reasons.
  • Location Data (associated with pictures): Retained as long as the associated picture is active. If you delete a picture, its associated location data will also be deleted.
  • Usage and Device Data: Retained for a period necessary for analytics and security purposes, typically for up to 6 months, unless longer retention is required for legal or security reasons.

9. Your Data Protection Rights (GDPR)

As a data subject under GDPR, you have the following rights concerning your personal data:

  • The Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves to fulfill this right.
  • The Right of Access (Article 15 GDPR): You have the right to request a copy of the personal data we hold about you and information about how we process it.
  • The Right to Rectification (Article 16 GDPR): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • The Right to Erasure (“Right to Be Forgotten”) (Article 17 GDPR): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal basis for processing).
  • The Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we limit the way we use your personal data under certain circumstances (e.g., if you contest the accuracy of the data, or if the processing is unlawful).
  • The Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible and where the processing is based on consent or contract.
  • The Right to Object (Article 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Rights in Relation to Automated Decision-Making and Profiling (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently engage in such automated decision-making.

To exercise any of these rights, please contact us using the contact details provided in Section 11. We will respond to your request within one month, which may be extended by two further months where necessary, taking into account the complexity and number of the requests.

10. Security of Your Personal Data

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, accidental loss, destruction, alteration, disclosure, or abuse. These measures include:

  • Encryption: Data is encrypted both in transit and at rest where appropriate.
  • Access Controls: Restricting access to personal data to authorized personnel only.
  • Regular Security Audits: Regularly reviewing our security practices to ensure they are up-to-date and effective.
  • Data Minimization: Collecting only the data necessary for the stated purposes.

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us:

ColdLake OÜ Email: info @ coldlake.eu

12. Complaints to the Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe that your data protection rights have been violated.

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) Address: Tatari 39, 10134 Tallinn, Estonia Phone: +372 627 4135 Email: info@aki.ee Website: www.aki.ee

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top. We encourage you to review this Privacy Policy periodically for any changes. If the changes are significant, we will provide more prominent notice (e.g., through an in-app notification or email).