Privacy Policy

Latest update: June 2021

Welcome to our Privacy Policy!

This Privacy Policy describes the way www.bemyfan.com (hereinafter the “Website”) collects, uses, shares and stores the personal information of individuals visiting our website (hereinafter “Visitor”) and individuals who register as members (hereinafter “Members”).

We operate our site and our services in compliance with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"). For more information, please see Section 6 "YOUR RIGHTS UNDER GDPR". If you are a California resident, please also see Section 7 "INFORMATION FOR CALIFORNIA RESIDENTS."

Your privacy is important to us. We provide you with this Privacy Policy, so that you can make informed choices about the use of your data.

As used in this Privacy Policy, the term "personal data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. For example, under CCPA Personal Data includes identifiers such as your real name, alias, or postal address; commercial information, including records of products or services purchased; Internet or other electronic network activity information, including, but not limited to, browsing history, and search history. CCPA § 1798.140(o)(1).

Please read this Privacy Policy carefully. This Privacy Policy forms a part of and is incorporated into the BeMyFan Terms and Conditions. By using the Website, you agree that the Terms and Conditions, including this Privacy Policy, forms a binding legal contract with you.

You can contact us if you have any question about our privacy practices. We will be happy to provide you any assistance you may need.

1. WHO DECIDES “HOW” AND “WHY” YOUR PERSONAL DATA IS PROCESSED?

The following company decides how and why your personal data is processed, and for GDPR purposes are "Joint Controllers":

JWS Americas S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg
Registered with the Luxembourg Trade and Companies Register under the number: B 249539.

JWS International S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg
Registered with the Luxembourg Trade and Companies Register under the number: B 249566.

JWS Americas S.à r.l. and JWS International S.à r.l. jointly determine the purposes and means of the processing of your personal data. Both entities collaborate in joint processing activities related to the purposes mentioned in this Privacy Policy.

We have put in place a joint controllership agreement (according to article 26 GDPR) in order to determine the respective roles and responsibilities of the Joint Controllers, in particular, as regards the exercise of data subjects’ rights and the duties to provide information. You can notably contact us through a single contact point as mentioned in Section 9 "How to contact us?" of this Privacy Policy.

Please note that, irrespective of this arrangement, you are free to exercise your rights (as described in the Privacy Policy) in respect of and against each of the Joint Controllers. You also have the right to contact us and request to be informed about how the responsibilities are allocated between the two companies.

2. WHAT PERSONAL DATA DO WE PROCESS?

The data we collect and process varies depending on whether you are a Visitor or a Member. Personal data you provide when you open an account as a Member If you choose to create an account as a Member on our Website, we will ask you to provide the following information:

  • Username
  • Password
  • Email address

Additional information, such as the links you will share and your profile picture, will be stored in your account.

Personal data from site use if you are both a Member and/or a Visitor

We collect and process information about you when you are using our Website. This means that, when you visit our Website even if you have not created an account or logged in, we collect data, including:

Log data, device and usage information:

  • Your IP address;
  • Your time zone;
  • The date, time and duration of your visit;
  • The type of device you use (e.g. iPad);
  • The type of your device’s operating system (e.g. iOS 3.1) and internet browser (e.g., Mozilla Firefox, Opera, etc.);
  • Your activity history and how you interact with the pages/features of the Website;
  • Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.

If you are using a mobile device, we might also collect:

  • data that identifies your mobile device
  • device-specific settings and characteristics
  • location details

Information collected by cookies and other technologies

Like many websites and applications, we use cookies to collect information about your activity, browser, and device.

Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that blocking cookies may negatively affect your use of the services on our site.

To learn more about how we use cookies and your choices, please check out our Cookie Policy.

3. WHY DO WE PROCESS YOUR PERSONAL DATA?

We use the information we collect for the following purposes:

Account activation

We process this information to perform the contract that we have with you. We use the personal data you provided us when creating your online account to open and administer this account. The account allows you to exercise control over your personal data, your profile and account settings.

Website management and optimization

To understand how we can improve our services and/or find better ways to promote our services to others, we collect your personal data for analytical and statistical purposes.

To better understand your needs and how we can improve our Website, we compile the information you gave to us or that we collected about you when visiting pages on our site to detect general trends regarding the preferences/habits of our users. This helps us, for example, to generate statistics reports on our users’ activity based on the countries, or links visited. The information in these reports is in aggregate form and cannot be used to identify individuals.

We process this information given our legitimate interest in developing and improving our Website and our users’ experience, as well as promoting the Website. When we use cookies or similar technologies for the same purpose, we rely on your consent to the use of cookies, including third-party cookies. To learn more about how we use cookies and your choices, please check out our Cookie Policy.

Ensure a safe and Trusting Environment

To protect you and our business, we use your personal data to detect and prevent fraud/illegal activities, and for security & risk assessment (e.g., authentication).

We have a legitimate interest in keeping you and our business safe.

Comply with any legal requirements and enforce our legal rights

We may rely on a legal obligation to process your personal data. For example, we must retain your information to maintain legally required accounting records.

We may also use your information to respond to requests of competent authorities or given our legitimate interest to establish, exercise or defend legal claims. If necessary, we would use your data to investigate issues.

4. WITH WHOM DO WE SHARE YOUR DATA?

We share a portion of your personal data with the following parties:

Entities of our Companies’ Group

We share your personal data with the following companies of our group based in Luxembourg and Hungary, as they are helping us to deliver the services to you:

  • Jasmin IP S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
  • Jasmin Holding SA, 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
  • Docler Services S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg
  • Docler IP S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg
  • Jasmin SSC Kft, Expo tér 5-7, H-1101, Budapest, Hungary
  • Jasmin IP S.à r.l. Hungary Branch, Expo tér 5-7, H-1101, Budapest, Hungary;
  • Duodecad IT Services Luxembourg S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg.

Service providers

We use carefully selected and trusted third parties, who act as service providers to our site. We ensure that they are bound by contractual obligations to process information we share with them in accordance with our instructions, this Privacy Policy and all applicable data protection laws.

As we constantly work on the development and enhancement of the technology to support our site, our third party service providers may regularly change. Such entities mainly belong to the following areas:

  • Business intelligence and analytics
  • Fraud prevention

Law enforcement agencies or governmental authorities

To the extent permitted by applicable laws, we may also share information with law enforcement agencies or authorities, if such disclosure is reasonably necessary for the following:

  • to comply with our legal obligations
  • to respond to information requests for fraud investigations and other alleged illegal activities
  • to enforce and administer our Terms and Conditions
  • to protect our rights or defend ourselves against any claims

Business transfers

Your information may be transferred to another entity of our group (i.e. reorganization, restructuring, etc.) or third party (i.e. sale, merger and/or acquisition, etc.) if part (more than 50%) or whole of the business (or related assets) is either directly or indirectly transferred or falling under the control of the new owner.

This would be the case providing the new owner operates in the same or similar line of business as ours and commits to comply with this Privacy Policy.

5. HOW DO WE PROTECT AND HOW LONG WE RETAIN YOUR PERSONAL DATA?

We implement various security measures, technical and organizational, to grant protection to your personal data against unauthorized access, modification, disclosure or deletion.

We implement data loss prevention systems against leakage, theft and data breach. We periodically test our IT systems and do penetration tests. Our Website incorporates reasonable security technologies available to ensure safety of its users and the safekeeping of their related information.

We will retain personal data for as long as we consider it necessary to:

Maintain your Member account

To enable us to process and maintain your content in your Member account.

Legal Obligation Compliance

For example, we may keep some of your information for legal reporting and auditing obligations.

Legitimate Interests and Business Conduct

Including:

  • Establishing, exercising or defending legal claims
  • Fraud/illegal activity detection and prevention
  • Enhancing Safety
    For example, if we suspend or close your account due to fraud or illegal activities, we may retain certain information about you to prevent you from opening a new account in the future. Such information will also be kept available in case of ongoing judicial proceedings and/or investigations.

Security

As we have said, the protection of your information and our Website from accidental or malicious loss and destruction is one of our top priorities.

Residual copies of some of your personal information will be kept on our backup systems for 30 days. Some anonymized copies of your information may also remain in our database.

If you have a question about any specific retention periods of certain personal data, please contact us via the contact details provided in clause 8: "How to contact us?".

6. YOUR RIGHTS UNDER GDPR

Information on the transfer of your personal data outside of the European Economic Area?

As we are a Luxembourg based company, we comply with the EU Data Protection Regulation, “GDPR.” Regardless of whether you are located in Europe or elsewhere, our own location in Europe requires us to comply with GDPR. You can read the entire Regulation here.

During the course of the operation and exploitation of the site and the provision of the services, your personal data may be transferred outside of the European Economic Area (“EEA”) to third parties data processors located in the United States and other countries outside of where you live, for the purposes specified in this Privacy Policy.

If we transfer your personal data outside of the EEA, we endeavor to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. For this purpose, we utilize the Standard Contractual Clauses approved by the European Commission that you can find here.

What are Your Rights Regarding Your Personal Data?

We have done our best below to explain what your rights are under GDPR and how you can exercise them. If, despite of our below explanations, you are still unsure about the actions you can take or the conditions of exercise of your rights, you can contact us and we will provide you with all the assistance you need when exercising your rights. You may also contact us, at any time, before exercising any of your rights, and we will reply to your request as quickly as possible.

We will provide you with information on actions taken within one month of the day of receipt of your request. Only in exceptional circumstances, when we face complex and a high number of requests, we may extend this period of response up to two further months.

Please note that rights may be exercised free of charge. However, unfounded or excessive requests, in particular because of their repetitive character, will lead to the payment of a fee. Please also understand that, because your privacy is so important for us, we may ask you to provide additional information before executing your request.

Data access and data portability

You have the right to access the personal data that we hold about you by requesting a copy of your personal data, free of charge, sending us an email to privacy@bemyfan.com.

If we consider that your request is manifestly unfounded or excessive (e.g., due to multiple requests in a short period), we may refuse to act or charge a reasonable fee taking into account the administrative costs for providing you with the information.

In certain cases, you are also entitled to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). To exercise this right, you can send an email to privacy@bemyfan.com.

Rectification of inaccurate or incomplete data

You have the right to request that we correct any inaccuracies in your personal data.

For this purpose, you can send us an email to privacy@bemyfan.com.

Data Erasure

If you no longer want us to use your account and/or your information, you can request that we erase your personal data and close your account. Requests for account cancellation or closure will be considered as a request for erasure of your personal data.

If you face any difficulties on your request, please contact us at any time.

When the erasure process starts, you will not be able to log into your account.

Please note that even if you request the erasure of your personal information, we will retain some of it for as long as we consider it necessary for compliance with our legal obligations or other legitimate interests as explained above in Section 5 “How do We Protect And How Long Do We Retain Your Personal Data?”.

Right to object

We process your data for a variety of reasons as explained in Section 3 “Why do We Process Your Personal Data?”.

Applicable law may entitle you to require us not to process your personal data for some specific purposes where such processing is based on legitimate interest. If you object to such processing we will stop processing your personal data for those purposes.

In specific situations, we may have to refuse the execution of your request. This would be the case where we have legitimate grounds to continue such processing or if we have to establish, exercise or defend legal claims.

Right to restriction of processing

You have the right to request that we stop processing your personal data, while we resolve any issues.

This is only possible in the following four cases:

  • Accuracy: If you contest the accuracy of your personal data, processing would be stopped while we verify your claim.
  • Legitimate Interest: If you object to a processing activity based on legitimate interest, you can require the processing operation to be put on hold while we verify your grounds for objecting.
  • Unlawful Processing: You can request the restriction of data processing if you consider your data is being processed unlawfully, but do not wish your data to be immediately erased.
  • Data Storage: We have no further need for the data but you require it to establish, exercise, or defend legal claims. Despite your request, we may continue to process your data if we have to establish, exercise, or defend legal claims. We will notify you before lifting a restriction.
  • Right to lodge a complaint with a supervisory authority

If you consider that our processing of your personal data infringes the GDPR or any other applicable national laws, you have the right to lodge a complaint with a supervisory authority (e.g. your local authority or the CNPD).

7. INFORMATION FOR CALIFORNIA RESIDENTS

If you are a California resident, you have the following special rights under the California Consumer Privacy Act (“CCPA”) in addition to any other rights outlined in this Privacy Policy.

Please note that we do not “sell” your personal data, as that term is defined in CCPA.

Your Right to “Know” and to Request Deletion

You have the right to know the categories and specific pieces of personal data we have collected about you. You have the right to know the categories of sources from which the personal data has been collected, the business or commercial purpose for collecting or selling personal data, and the categories of third parties with whom we share personal data.

You also have the right to request deletion of personal data we’ve collected or maintain. Please note this right is subject to certain exceptions, including without limitation our retaining information as necessary to protect against malicious, deceptive, fraudulent, or illegal activity, to comply with our legal obligations, and for other internal purposes.

To exercise these rights, you can contact us as provided in Section 9 “How to Contact Us?”. Please note that any requested disclosures in connection with a request to know will only apply to the 12-month period preceding the request, and you are entitled to request disclosure twice in any 12-month period.

Personal Information Disclosed

You also have the right to know what categories of personal data we’ve disclosed for a business purpose, and the third parties to whom that information was disclosed. In the past 12 months, we’ve disclosed for a business purpose the following categories of information to the following parties: Usage/device information (including, without limitation, your IP address, as the case may be) to our business intelligence and analytics service providers (e.g. Google Analytics).

Your Right to Non-Discrimination

You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by CCPA, including but not limited to by denying you services, charging different prices or rates, or providing you with a different level or quality of services. Please note, however, that the exercise of some of your rights (e.g., to delete your data) may render it impossible for us to continue to deliver services to you.

Your Right to Use an Authorized Agent

You have the right to designate an authorized agent to make a request under the CCPA on your behalf. To designate an authorized agent, please contact us as provided in Section 9 “How to Contact Us?” below. In order to verify you have authorized an agent we may require a signed, written authorization from you.

Do Not Track

Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because these features are not yet uniform, we do not presently respond to “do not track” signals. We will however treat any “do not sell” or similar signals as opt-out requests under CCPA.

8. CHANGES TO OUR PRIVACY POLICY

We may occasionally amend this Privacy Policy to reflect changes to our services and the way we are handling your personal data or changes in the applicable laws.

If we make any important changes, we will let you know by placing a notice on the relevant site and/or contact you directly, using other methods such as email.

To the extent permitted by applicable law, such changes will be applicable from the time they are published on our site, unless we specify a date of entry into force. Your continued use of our site from that day on will be subject to the new Privacy Policy.

9. HOW TO CONTACT US?

If you have any comments or questions about this privacy policy or generally about our privacy practices, please send an email to privacy@bemyfan.com or via mail to the address indicated below, and we will get quickly back to you. We are always glad to talk about our privacy practices.

JWS Americas S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg

JWS International S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg

We are also happy to inform you that we have an employee dedicated to ensuring your privacy, our Data Protection Officer. You can directly reach our Data Protection Officer via email at: dpo@bemyfan.com or mail to the following address:

To the attention of the DPO
JWS Americas S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg

Or

To the attention of the DPO
JWS International S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg