Effective Date: 13 July 2020

CAP-A Privacy Policy

What is CAP-A about?

Thank you for using CAP-A.

CAP-A is a portal that relies on feedback provided by users, in order to identify

• the privacy behavior of Android mobile apps,
• to present it in a simple way,
• as well as to make explicit the opinion of users regarding this behavior.

We rely entirely on the crowdsourcing paradigm and we reward the users with points for their voluntary participation.

The Portal is under the responsibility of the Institute of Computer Science (ICS) of the Foundation for Research and Technology – Hellas (FORTH) and IN2, and is the result of the CAP-A project (https://cap-a.eu/). It does not sell, exchange or make profit of any of the data collected. We do not use ads.

The CAP-A Portal is fully compliant with the GDPR regulation, following all necessary guidelines to protect the privacy of its users. We collect your data on the basis of your informed and freely given consent.

Which data about me do you collect?

We collect the IP address, the browser used and basic statistical data about the interaction with the Portal, such as the pages visited, the time you stayed at each page and the searches you made.

When you contact us by email, we keep your name and email.

When you create a CAP-A profile, we further ask for your email address, and optionally, a display name, nationality, year-of-birth, parental status and technology expertise level.

In order to create a CAP-A profile, you must have a CAPrice Community account. CAPrice is an initiative led by the Institute of Computer Science (ICS) of the Foundation for Research and Technology – Hellas (FORTH) that serves the broader vision of empowering citizens to collectively ask for the protection of their digital privacy. CAPrice seeks to attract funding to support projects like CAP-A (https://www.caprice-community.net/faq/). If you do not already have a CAPrice Community account, one will automatically be created during your CAP-A registration with the username and email you provide to us. The CAPrice account requires no additional data.

Through your interaction with the CAP-A Portal, you will be asked to provide your feedback in the form of expectations, up/down votes, favorite apps, questionnaire and annotations.

What is the purpose of collecting my data?

Basic statistical data help us better understand how you use our portal, in order to improve our services.

They also help us keep our Portal secure, by blocking unintended use of our services.

If you create a CAP-A account, we use your personal information

• To enable you to collect points and get rewards, through your interaction with our system.
• To contact you occasionally, e.g., to keep you up-to-date with our features and with the community activity, to solicit your feedback or to let you know when your contribution has become out-of-date.
• To generate aggregate, non-personally-identifying statistics about the behaviour of community members.
• In case you are the developer of an app, to enable you to claim the ownership and represent the company behind this app.

Make sure to check our Terms of Use of the portal here: Link

With whom do you share my data?

We do not share any of your personal information with any third party.

In exceptional cases, data may be disclosed or transmitted to third parties, if this is mandatory for fulfilling legal obligations, subject to the safeguards provided for by relevant legislation.

How is my data stored and protected?

All data collected through the Web Portal is transmitted over encrypted channels.

Some statistical data are stored as cookies (small data files) on your browser. All other information is stored on a password-protected web server in a physically secured location, in Greece.

No personally-identifying data are transmitted outside of Europe.

For how long do you retain my data?

Cookies are stored for up to 8 hours, unless you choose to delete them from the settings of your browser.

All other data are stored permanently. But you can always send us an email to ask for their deletion.

What are your obligations towards me?

The CAP-A Portal is compliant with all the legal procedures in respect of personal data processing, as set out in the applicable European and national law, including the General Data Protection Regulation (EU/2019/679). You have the right to access, the right of information, correction, update, blocking and/or erasure of your personal data in accordance with the aforementioned EU Regulation and applicable national laws. In addition, you have the right to file a complaint with the Data Protection Authority.

You may contact us at all times:

• To ask for a copy of the data we collected about you.
• To correct your personal data.
• To unsubscribe from any of our lists.
• To ask for closing your account. Note that any feedback you contributed will remain in the system, even after the termination of your account.
• To ask for completely erasing your account and all personally identifiable feedback you contributed.
• To stop correlating you with a given app, if you had claimed ownership of this app in the past.
• To ask us not to correlate a given user with an app, if you provide legitimate reasons that the email used for claiming that app by the user was not properly handled.

How can I contact you?

You can always contact us via email at: info@cap-a.eu 

We will respond to you within 10 days from the reception of your request.

CAP-A Android app

The above are also applicable to the CAP-A mobile app for Android devices. In addition, the app asks your permission to access:

• The metadata information about the applications installed in your phone (i.e., name of the app, required permission as declared in the app’s manifest). No personal or other data related to or managed by an application are accessed by the CAP-A app. Note that this is requested only from Android 11 onwards.
• Internet connectivity. Note that this is not requested explicitly as Android apps no longer need to do this.

Logged in users using the “Audit my Apps” functionality will have the information about the apps installed on their device syncronised with the CAP-A server so that once the user logs in to the CAP-A Portal, the information on the installed apps is available under the “Installed” menu tab. Anonymised information about the apps installed (name of the application and last update version) is sent to the CAP-A server in order to inform the system about the most popular apps installed by users.