At Focus Bear Pty Ltd (hereinafter, "Focus Bear," "Company," "us," or "we"), we respect and protect the privacy of visitors to our website, www.focusbear.io, and our customers who use our apps, and related services.
This Privacy Policy explains how we collect, use, disclose, and protect visitors’ and users’ personal data that may be processed by browsing, contacting, or using our website and apps.
The Company strives to ensure compliance with current regulations on the protection of personal data through the General Data Protection Regulation (EU) 2016/679 (‘the GDPR’ hereinafter).
The objective of this Privacy Policy is to inform the natural persons (this means real people, not companies or organizations) who provide their personal data, and/or those who act on their behalf, about the purposes of the use of personal data, the legal bases for the processing, who has access to the data, how to exercise the rights guaranteed by the GDPR, the information retention periods, and the security measures used to maintain the confidentiality, integrity and availability of personal data, among others.
By accessing and using our website and apps, you signify your acceptance to the terms of this Privacy Policy as well as the conditions included inthe Terms of Service. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our website and apps.
Heya!
Welcome to Focus Bear’s Privacy Policy! We’ve added plain-English summaries in these boxes to help you understand the legal stuff more easily. These summaries aren’t legally binding — they’re just here to explain things in a simple way.
We collect and use your personal data when you browse or use our website and apps, in line with EU privacy laws (GDPR). This Privacy Policy explains why we collect your data, the legal reasons for doing so, who can access it, how long we keep it, your rights, and how we keep your data safe.
By using the website and apps, you agree to this policy and the Terms of Service.
According to data protection, "Controller" means the entity that determines the purposes and means of the processing of your personal data. In these terms, Focus Bear must be considered the Controller.
Controller – Focus Bear Pty Ltd
ABN - 59 659 843 964
Address - 29 Melrose St, Sandringham VIC 3191 (Australia)
Email – privacy@focusbear.io
According to data protection, ‘Representative’ means the entity established in the European Union who, designated by the Controller, represents the controller with regard to its respective obligations under the GDPR.
Representative – ‘by Data’
ABN – 33 420 814 429
Postal Address – PO Box 42034 Branch Office 2, Valencia 46017 (Spain)
Email – representative@bydata.eu
Website – www.bydata.eu
According to data protection, ‘Data Protection Officer (DPO)’ is the entity who informs and advises the Controller on its obligations under the GDPR and cooperates with the Supervisory Authority.
DPO – ‘by Data’
ABN – 33 420 814 429
Postal Address – PO Box 785 Upper Coomera QLD 4209 (Australia)
Email – dpo@bydata.eu
Website – www.bydata.eu
Simply put...
We are responsible for how your personal data is collected and used (this makes us the “Controller” under privacy laws).
Since we operate outside the EU, we’ve appointed a company called ‘by Data’ as our representative in the EU to help with GDPR compliance. ‘by Data’ also serves as our Data Protection Officer (DPO), making sure Focus Bear follows data protection rules and acting as a contact for any privacy-related questions or concerns.
So, if you have questions or issues about how your data is used, you can contact us, or our Data Protection Officer (DPO) and EU representative, using the provided emails.
All information collected by Focus Bear will be processed fairly, lawfully and transparently.
Likewise, the personal data requested in each of the data processing carried out will consist only of those strictly essential to achieve the intended and informed purpose in each case.
In this way, your data collected will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case. Therefore, your personal data will be collected for certain explicit and legitimate purposes and will not be further processed in a manner incompatible with said purposes. In addition, they will be updated whenever necessary.
Within the framework of the different data processing on activities carried out by the Controller, the following categories of personal data are collected:
Identification Data - Personal data used to contact, identify or register a natural person.
Social Data - Personal data related to personal characteristics and lifestyle.
Academic and Professional Data - Personal data related to academic levels, training, career and working experience.
Commercial and Marketing Data - Personal data related to preferences in Marketing, Activities and Businesses.
Technical Data - Personal data related to technology used to access to websites, applications, software and platforms.
Economic, Financial and Insurance Data - Personal data related to the financial situation and banking details.
Profile Data - Personal data related to purchases, service preferences, feedback and survey.
Aggregate Data - Personal data related to Statistical or Demographic information to websites, applications, software and platforms (as Cookies).
Special Category of Personal Data – Religious beliefs and personal data related to Health.
Simply put...
We only collect personal data that’s necessary for specific, clear purposes and handle it fairly and transparently. This may include your contact info, lifestyle details, education and work background, marketing preferences, tech usage, financial info, feedback, and general stats like cookies. In some cases, sensitive data like health or religious beliefs may also be collected, but only when needed and with care.
As a general rule, personal data is always collected directly from you or an agent acting on your behalf (interested party); however, in certain exceptions, the data may be collected through third parties, entities or services other than you.
In this case, this point will be conveyed to the interested party through the information clauses contained in the different ways of collecting information and within a reasonable period or in the first communication made to the interested party.
Simply put...
We usually collect your personal data directly from you or someone acting on your behalf. In some cases, we may get it from third parties, but if that happens, we’ll let you know clearly and as soon as possible.
Your personal data is processed for the following purposes:
Customer Management
Manage the purchase and sale of goods and services, billing, accounting, subscriptions and user registrations, shipments, collections, non-payments, offers, budgets and quotes, contracts, customer service, contact and commercial relationships.
Customer Service
Manage complaints or queries about products, services and possible breaches of the code of ethics or internal regulations of the organization, acts or conduct that may be contrary to general or specific regulations of the sector, with the purpose of carrying out managing investigations of possible complaints or queries, as well as managing internal information systems related to clients.
Marketing Management
Make contacts, monitor and create business opportunities, manage user registration for newsletters and commercial communications, hold meetings (in person or online) to advise on the products and services offered, conduct surveys and feedback monitoring, organize events and actions related to direct marketing.
Website Management
Respond to requests for information, goods and services sent by website users through established communication channels, manage the registration of web users to access direct sales products and services through the website (e-commerce) and the Analysis of data generated by website visitors.
Social Media Management
Manage follower data on social networks and offer multimedia content through publications and interactions with them.
The categories of personal data, the conditions of use, the privacy policies and the rules of access to Social Media Networks, can be consulted at the following links:
In no case the Company will use the profiles of followers in social networks to send advertising individually.
Service Providers Management
Manage purchases, accounting, payments, management of delivery notes and orders, acquisition of materials, products, services and assets through service contracts for the Company, its clients, contacts and business relationships.
Personnel Management
Hiring (own personnel, trainees or through External Companies), payroll management, taxes and social services, occupational risk prevention, health surveillance, expense and cost control, access and schedule control, training, insurance and social benefits, as well as Human Resources Administration.
Security Breach Management
Assess, manage and report personal data security breaches in accordance with the GDPR.
Exercise of Data Subjects’ Rights
Respond to and manage requests from interested parties in the exercise of the rights granted in the GDPR in compliance with data protection regulations.
However, all the explicit purposes for which each of the processing are carried out are included in the information clauses incorporated in each of the data collection methods (as web forms, informative notes, invoices, delivery notes, contracts and other documents containing personal information).
Simply put...
We use your data to deliver and manage our services—this includes things like processing orders, sending updates, responding to questions, and improving your experience. We also use it for marketing (if you’ve opted in), event invites, managing social media, and handling any legal or HR matters.
You can unsubscribe from marketing messages anytime, and let us know if you want to update or remove your info.
As a general rule, prior to the processing of your personal data, the Company informs you of the legal basis by which it establishes the legitimacy of the processing of your personal data.
The processing of your personal data is lawful because it applies:
Consent: There is processing based on the express and unequivocal consent of the interested party, through the incorporation of information clauses in the different personal data collection systems, authorizing consent through a clear and affirmative statement or action. Additionally, we inform you that we will only use personal information under this Privacy Policy and, in general, we will request your consent for purposes other than those for which you initially granted them.
Execution of a Contract: for the prior management of a contracted service or product, development of the execution of a contract or subsequent procedures derived from said contract between the Controller and the Interested Party.
Compliance with Legal and Regulatory Obligations: general and specific laws and regulations are applied to the processing of your personal data in relation to business activity, as well as regulations on data protection, which authorize or require the processing of personal data of the interested party and will be shown in the corresponding information clause.
Legitimate interest: data processing based on the legitimate interest of the Controller will be established for the general activity of the business and for the sending of communications or commercial events about products or services similar to those contracted (direct marketing). This processing will only be valid when the interested party has not expressly denied it at the time of collecting their personal data or in any of the communications made.
Simply put...
We only process your personal data when we have a valid legal reason to do so.
This could be:
* Your consent, which you give clearly (like ticking a box or filling out a form);
* A contract, when we need your data to provide a product or service you've requested;
* A legal obligation, when laws or regulations require us to use your data; or
* Our legitimate interest, like improving our services or sending you updates about similar products—unless you tell us not to.
We’ll always let you know which legal basis applies when collecting your data.
Your personal data is stored for the time necessary to fulfill the purpose for which it was collected, as long as the provision of the service, employment or contractual relationship is maintained, there is a mutual interest or for the time provided for in the corresponding regulations.
The following criteria may be applied to the data storage time:
The period established by law, or
Until you exercise the right to Erasure, or
The period necessary for the purposes for which we collect your personal data, including to satisfy any legal, accounting or reporting requirements.
The data may be stored longer that the time necessary to fulfill the purpose for which they were collected for statistical purposes, for which the appropriate security measures and data minimization criteria will be applied to guarantee data confidentiality.
Simply put...
We keep your data only as long as needed, to provide services, meet legal or contractual duties, or for legitimate business purposes like accounting. If we keep data longer for statistics, we make sure it’s secure and anonymized.
If you want your data deleted or have questions about how long we store it, just reach out to us.
When you connect and interact with this website or send an email to Focus Bear, you are providing personally identifiable information for which the Company is responsible.
By providing this information, you give your consent for your personal data to be collected, transferred to us and may be stored by:
To fulfill the purposes described above, when you interact with the Company, your personal data can be shared with:
Judicial Authorities, State Agencies or Public Bodies (if mandatory);
Professional advisers acting as Processors including lawyers, consultants, auditors and insurers;
Service providers acting as Processors who provide Information Technology (IT) and system administration services on our behalf and companies included in the Information Society Services.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
The following companies process personal data on behalf of the Company, acting as Processors:
Simply put...
When you visit our website or contact us, you share personal information that we are responsible for protecting. By doing so, you agree that your data may be collected, stored, and possibly handled by trusted third-party services.
To help us run our business and provide services to you, we may share your data with: government or legal authorities (if required), professional advisers (like lawyers or auditors), and tech service providers who support our systems.
We also work with other companies, known as Processors, who handle your data strictly under our instructions. These can be IT providers, hosting platforms, consultants, and other partners who help us operate smoothly and securely.
International Data Transfer means any personal data transferred from a European Union country to a third country or international organisation outside the European Economic Area (EEA)*.
(EEA*: Composed of the 27 EU Member States plus Norway, Iceland and Liechtenstein).
Your personal data is collected directly from outside the European Economic Area with your explicit consent, accepting this Privacy Policy.
Simply put...
If you're in the EU, any time your personal data is sent outside the European Economic Area (EEA—which includes EU countries plus Norway, Iceland, and Liechtenstein), it's considered an international transfer. Since Focus Bear is based outside the EEA, your data may be collected and stored in countries like Australia.
According to the GDPR, the Rights that assist you are the following:
Right of Access, right to request information from the controller about whether your personal data is being processed. This allows you to receive a copy of the Personal Data we hold about you and to check that we are legally processing it.
Right to Rectification, a right that allows the affected party to request the modification of personal data that is inaccurate or incomplete.
Right to Erasure (‘right to be forgotten’), right to delete or remove the personal data of the interested party. This enables you to ask us to delete or remove your personal data where you have successfully exercised your right to Object (see below), where we may have processed your information unlawfully or where we are required to erase your data to comply with local law.
Right to Object, the right of a person to oppose the processing of their personal data or the cessation of it.
Right to Restriction, right to suspend the processing of the interested party's personal data in certain cases: where you want exercise the right to Rectification, where data processing is unlawful, where you need us to hold the data to establish, exercise or defend legal claims; or you have objected to use your data while the verification is still pending.
Right to data Portability, the right to request that the Company will provide to another Controller your personal data in a structured, commonly used, machine-readable format.
Right to Object, the right of the interested party to oppose the processing of their personal data or the cessation of it. You also have the right to object where we are processing your personal data for direct marketing purposes.
Automated individual decision-making, the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects on the affected party or significantly affects them in a similar way.
Right to lodge a complaint with a Supervisory Authority if you consider that the data processing does not comply with current regulations.
Right to withdraw consent at any time where the processing is relying on your consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
The applicant may exercise their rights through the following means:
Email to privacy@focusbear.io providing documentation that proves the identity of the applicant (copy of a Photo ID).
Postal mail to Level 13, Freshwater Place, 2 Southbank Boulevard, Southbank VIC 3006 (Australia) providing documentation that proves the identity of the applicant (copy of a Photo ID).
Focus Bear will respond to your request as soon as possible and the maximum period for the resolution of the application is 30 days from receipt, it can be extended for a maximum of 2 months whenever necessary, but you will be notified about it.
Simply put...
Under the GDPR, you have several rights to control your personal data. These include the right to access, correct, or delete your data; object to or restrict how we use it; and request a copy of your data in a portable format. You can also withdraw consent for data processing or opt-out of automated decisions that significantly affect you. If you believe we’re not handling your data correctly, you have the right to lodge a complaint with a data protection authority.
To exercise these rights, simply contact us via email or postal mail, providing proof of your identity (like a photo ID). We’ll respond as quickly as possible, usually within 30 days.
You have the right to lodge a complaint with a Supervisory Authority.
You may submit a complaint if you do not receive a response to your request for the execution of your rights or if you consider that the processing of your personal data breaks the law, and it could affect your rights and freedoms.
You may lodge a complaint with:
The Office of the Australian Information Commissioner (OAIC) www.oaic.gov.au for Australian residents and interested parties.
The Spanish Data Protection Agency (AEPD, acronym in Spanish) www.aepd.es as it is the European Supervisory Authority chosen by the Controller for data protection issues.
All affected parties may submit a complaint to any of the European Supervisory Authorities established by the European Commission.
All interested parties guarantee that the information transmitted or provided, in any of the forms or collection media, is true, accurate and corresponds to the data of the legitimate owner.
If you do not provide true or accurate information when requested, we may not be able to provide you with the required services or perform the contract we have or are trying to enter into with you. In these circumstances we have the right to cancel or refuse our services, but we will notify you if this is the case at the time.
Our services are not intended for minors, so registration is only permitted for people over 16 years of age. Otherwise, please note that any possible liabilities that may arise as a result of the use of our services will be the responsibility of the parents or guardians of the minor.
Simply put...
You’re responsible for ensuring the information you provide is accurate and belongs to you. If you don’t provide true or correct details when asked, we may not be able to offer our services or complete any contracts with you. In this case, we may need to cancel or refuse our services, and we’ll inform you if that happens.
Our services are not for minors, so users must be over 16 years old. If a minor uses our services, the responsibility for any issues will fall on the parents or guardians.
The Company processes your personal data to make automated decisions about our services offered to you. The result of this automated decision-making could affect the final decision to approve or deny your enquiry, or affect the service provided.
The logic involved in determining the result is as follows:
User ranking by usage streaks.
Positive consequences: Motivational factors.
Negative consequences: Sharing users’ usage streaks with other users (under a pseudonym).
However, you will have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effects on you or significantly affects you in a similar way.
Simply put...
We use automated decision-making to help determine the services we offer you, which may include approving or denying a request or affecting the services you receive.
We also use automated decisions based on your usage streaks to provide you with motivation messages. Your usage streak with also be shared with others under a pseudonym of your choice which you can change in your Leaderboard in the app settings.
The Company will not process your personal data for a different purpose that was collected for.
However, in case that the Company has the intention to use your personal data for another purpose, we will contact you, prior to further processing, to provide the information on that other purpose and with any relevant further information.
The security measures adopted by Focus Bear are those required, in accordance with the provisions of Article 32 of the GDPR.
The Company, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of individuals physical, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.
The Company has sufficient mechanisms implemented to:
Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Restore availability and access to personal data quickly, in the event of a physical or technical incident.
Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the data processing.
These Technical and Organisational measures are available for consultation by the Judicial and Supervisory Authorities, and are under continuous review and audits in data protection and privacy.
Simply put...
We take the security of your personal data seriously and have implemented the necessary technical and organizational measures to protect it, as required by the GDPR.
These measures are designed to ensure your data remains confidential, available, and secure, even in the case of physical or technical issues.
We regularly evaluate the effectiveness of these security measures to ensure they are working properly.
Focus Bear reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential developments, as well as industry practices.
These policies will be in force until they are modified by others duly published.
If you haveanyquestions regarding this Policy or about the privacy practices of Focus Bear, please contact us by email at privacy@focusbear.io.