1. Introduction
MyWash ("we," "our," or "us") operates the MyWash mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our App.
2. Information We Collect
2.1 Personal Information
When you create an account or use our services, we may collect:
- Account Information: Name, email address, and phone number
- Authentication Data: Information provided through Google Sign-In or Apple Sign-In, including your email and name
- Device Information: Device tokens for push notifications, device type, and operating system
- Profile Information: Profile picture (if provided), preferred language, and notification preferences
2.2 Transaction Information
When you purchase tokens or use services, we collect:
- Purchase Records: Token type, quantity, payment method, order details, and transaction timestamps
- Fiscal Information: Invoice numbers and receipt details as required by tax authorities
- Usage History: Records of token usage at partner locations, including service type and location
- Wallet Information: Current Token balance and transaction history
2.3 Technical Information
We automatically collect:
- Log Data: IP address, browser type, access times, pages viewed, and referring URLs
- Device Identifiers: Unique device identifiers for app functionality and security
- Usage Analytics: App interaction data to improve our services
- Crash Reports: Technical information about app crashes to improve stability
- Performance Data: App loading times, response times, and feature usage
2.4 Location Information
We collect location data only when:
- You search for nearby car wash locations
- You use services at partner locations
- You explicitly enable location services for the App
You can disable location services through your device settings, though this may limit certain features.
2.5 Information from Third Parties
We may receive information from:
- Social Login Providers: Google and Apple when you use their sign-in services
- Payment Processors: Transaction confirmation and fraud prevention data
- Analytics Providers: Aggregated usage statistics
3. How We Use Your Information
We use your information to:
- Provide Services: Process token purchases, facilitate service redemption, and manage your digital wallet
- Communication: Send purchase confirmations, invoices, and important service updates
- Push Notifications: Send transaction confirmations and service alerts (with your consent)
- Security: Protect against fraud, unauthorized access, and security threats
- Legal Compliance: Comply with tax regulations and legal obligations, including fiscal invoice requirements
- Service Improvement: Analyze usage patterns to enhance app functionality and user experience
- Customer Support: Respond to inquiries and resolve issues
- Personalization: Customize your app experience based on preferences and usage
- Marketing: Send promotional offers (only with your explicit consent)
4. Legal Basis for Processing (GDPR)
| Purpose | Legal Basis |
|---|
| Account creation and management | Contract performance |
| Token purchases and redemption | Contract performance |
| Fiscal invoice generation | Legal obligation |
| Fraud prevention and security | Legitimate interests |
| Customer support | Contract performance |
| Service improvement analytics | Legitimate interests |
| Marketing communications | Consent |
| Push notifications (promotional) | Consent |
5. Information Sharing and Disclosure
We do not sell your personal information. We may share your information with:
5.1 Service Providers
- Payment Processors: To process payments for token purchases
- Fiscal Service Providers: To generate legally required fiscal invoices and receipts
- Cloud Infrastructure: For secure data storage and app hosting
- Email Services: To send transactional emails and invoices
- Analytics Services: To help us understand app usage (data is anonymized/aggregated)
- Customer Support Tools: To manage support tickets and inquiries
5.2 Partner Car Wash Locations
When you redeem tokens at a partner location, we share:
- Transaction authorization data
- Service redemption details
We do not share your personal contact information with partner locations.
5.3 Legal Requirements
We may disclose information when required by law, regulation, legal process, government requests, or court orders.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
6. Cookies and Tracking Technologies
6.1 Mobile Analytics
We use mobile analytics tools to collect app usage patterns, feature engagement, crash reports, and performance metrics.
6.2 Third-Party SDKs
Our App includes third-party SDKs for:
- Firebase: Push notifications and analytics
- Google Sign-In: Authentication
- Apple Sign-In: Authentication
- Payment SDKs: Payment processing
Each SDK is subject to its provider's privacy policy.
6.3 Opting Out
You can limit tracking by disabling analytics in App settings, using device-level privacy controls, or limiting ad tracking on your device.
7. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
- Password Security: Passwords are hashed using bcrypt encryption
- Access Controls: Strict access controls limit employee access to personal data
- Audit Logging: We maintain security logs to detect and prevent unauthorized access
- Regular Security Audits: We conduct periodic security assessments
- Secure Infrastructure: We use reputable cloud providers with security certifications
8. Data Retention
| Data Type | Retention Period |
|---|
| Account information | Duration of account + 30 days |
| Transaction records | 10 years (legal requirement) |
| Fiscal invoices | 10 years (legal requirement) |
| Usage analytics | 2 years (anonymized thereafter) |
| Support tickets | 3 years |
| Marketing consent records | Duration of consent + 3 years |
When you delete your account, we will delete or anonymize your personal information, except where retention is required by law.
9. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your account and personal data
- Portability: Receive your data in a portable format
- Withdraw Consent: Withdraw consent for optional data processing
- Opt-Out: Unsubscribe from marketing communications
- Restriction: Request we limit how we use your data
- Object: Object to processing based on legitimate interests
9.1 How to Exercise Your Rights
To exercise these rights, contact us at privacy@mywash.rs. We will respond within 30 days.
9.2 Account Deletion
You can request account deletion by using the in-app account deletion feature or contacting our support team. Personal data will be deleted within 30 days.
10. Third-Party Services
- Google Sign-In: Subject to Google's Privacy Policy
- Apple Sign-In: Subject to Apple's Privacy Policy
We are not responsible for the privacy practices of third-party services.
11. Children's Privacy
Our App is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@mywash.rs.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We take appropriate safeguards including Standard Contractual Clauses (SCCs) and data processing agreements. Primary data is stored on servers located in the European Union.
13. Do Not Track
Our App does not currently respond to Do Not Track signals, as there is no industry standard for handling these signals in mobile applications.
14. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights including the right to know, right to delete, and right to non-discrimination. California residents can submit requests to: privacy@mywash.rs
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App, updating the "Last Updated" date, sending a notification through the App, or sending an email to your registered address.
16. Contact Us
MyWash
Data Protection Contact: privacy@mywash.rs
General Support: support@mywash.rs
Website: https://mywash.rs
We aim to respond to privacy-related inquiries within 72 hours for urgent matters and 30 days for formal rights requests.
17. Additional Information for EU/EEA Users
MyWash is the data controller responsible for your personal information. For data protection inquiries, contact: dpo@mywash.rs
You have the right to lodge a complaint with your local data protection authority. In Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection.
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
18. Biometric Data
We do not collect biometric data such as fingerprints or facial recognition data. Any biometric authentication (Face ID, Touch ID) is handled entirely by your device's operating system.
19. Sensitive Personal Data
We do not intentionally collect sensitive personal data, including health information, religious beliefs, political opinions, trade union membership, genetic or biometric data, or sexual orientation.
This Privacy Policy is effective as of the "Last Updated" date above.
1. Uvod
MyWash ("mi", "nas" ili "nas") upravlja MyWash mobilnom aplikacijom ("Aplikacija"). Ova Politika privatnosti objasnjava kako prikupljamo, koristimo, otkrivamo i stitimo Vase informacije kada koristite nasu Aplikaciju.
2. Informacije koje prikupljamo
2.1 Licne informacije
- Informacije o nalogu: Ime, adresa e-poste i broj telefona
- Podaci o autentifikaciji: Informacije putem Google prijave ili Apple prijave
- Informacije o uredaju: Tokeni uredaja za push notifikacije, tip uredaja i operativni sistem
- Informacije o profilu: Profilna slika, preferirani jezik i preferencije obavestenja
2.2 Informacije o transakcijama
- Zapisi o kupovini: Tip tokena, kolicina, nacin placanja, detalji narudzbine
- Fiskalne informacije: Brojevi racuna i detalji priznanica
- Istoriju koriscenja: Zapise koriscenja tokena na partnerskim lokacijama
- Informacije o novcaniku: Trenutno stanje Tokena i istoriju transakcija
2.3 Tehnicke informacije
Automatski prikupljamo IP adresu, identifikatore uredaja, analitiku koriscenja, izvestaje o rusenju i podatke o performansama.
2.4 Informacije o lokaciji
Prikupljamo podatke o lokaciji samo kada trazite obliznje lokacije, koristite usluge na partnerskim lokacijama ili eksplicitno omogucite usluge lokacije.
3. Kako koristimo Vase informacije
- Pruzimo usluge: Obradjujemo kupovine tokena i upravljamo Vasim digitalnim novcanikom
- Komunikacija: Saljemo potvrde kupovine, racune i azuriranja usluga
- Bezbednost: Stitimo protiv prevara i neovlascenog pristupa
- Pravna uskladjenost: Uskladjujemo se sa poreskim propisima i pravnim obavezama
- Poboljsanje usluga: Analiziramo obrasce koriscenja
- Marketing: Saljemo promotivne ponude (samo uz Vasu saglasnost)
4. Pravni osnov za obradu (GDPR)
| Svrha | Pravni osnov |
|---|
| Kreiranje i upravljanje nalogom | Izvrsavanje ugovora |
| Kupovine i koriscenje tokena | Izvrsavanje ugovora |
| Generisanje fiskalnih racuna | Pravna obaveza |
| Prevencija prevara i bezbednost | Legitimni interesi |
| Korisnicka podrska | Izvrsavanje ugovora |
| Marketinske komunikacije | Saglasnost |
5. Deljenje i otkrivanje informacija
Ne prodajemo Vase licne informacije. Mozemo deliti Vase informacije sa procesorima placanja, fiskalnim pruzaocima usluga, oblak infrastrukturom, analitickim uslugama i alatima za korisnicku podrsku.
Ne delimo Vase licne kontakt informacije sa partnerskim lokacijama.
6. Bezbednost podataka
Primenjujemo industrijski standardne mere bezbednosti: enkripciju (TLS/SSL), hesovanje lozinki (bcrypt), kontrole pristupa, revizijske zapise i redovne bezbednosne provere.
7. Zadrzavanje podataka
| Tip podataka | Period zadrzavanja |
|---|
| Informacije o nalogu | Trajanje naloga + 30 dana |
| Zapisi transakcija | 10 godina (zakonski zahtev) |
| Fiskalni racuni | 10 godina (zakonski zahtev) |
| Analitika koriscenja | 2 godine (anonimizovano) |
| Tiketi podrske | 3 godine |
8. Vasa prava i izbori
Imate pravo na pristup, ispravku, brisanje, prenosivost, povlacenje saglasnosti i iskljucivanje iz marketinskih komunikacija.
Za ostvarivanje prava kontaktirajte: privacy@mywash.rs
9. Privatnost dece
Nasa Aplikacija nije namenjena deci mladoj od 16 godina. Ne prikupljamo svesno licne informacije od dece mladje od 16 godina.
10. Medjunarodni transferi podataka
Primarni podaci se cuvaju na serverima u Evropskoj uniji. Preduzimamo odgovarajuce zastitne mere za medjunarodne transfere.
11. Izmene ove Politike privatnosti
Mozemo azurirati ovu Politiku privatnosti s vremena na vreme. Obavesticemo Vas o materijalnim izmenama putem Aplikacije i e-poste.
12. Kontaktirajte nas
MyWash
Kontakt za zastitu podataka: privacy@mywash.rs
Opsta podrska: support@mywash.rs
Veb-sajt: https://mywash.rs
13. Dodatne informacije za korisnike iz EU/EEA
MyWash je kontrolor podataka. Sluzbenik za zastitu podataka: dpo@mywash.rs
Imate pravo da podnesete zalbu Povereniku za informacije od javnog znacaja i zastitu podataka o licnosti.
Ne koristimo automatizovano donosenje odluka ili profilisanje.
14. Biometrijski podaci
Ne prikupljamo biometrijske podatke. Biometrijska autentifikacija (Face ID, Touch ID) se u potpunosti rukuje operativnim sistemom Vaseg uredaja.
Ova Politika privatnosti je na snazi od datuma "Poslednje azuriranje" gore.
