RU4M Privacy Policy

Last updated: May 8, 2024

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You consent to the collection and use of Your personal data by Us in accordance with this Privacy Policy.

Information about RU4M as controller and contact person for personal data protection issues

RU4M Ltd

Tosin bunar 272B street,

Belgrade 11070, Serbia

[email protected]

Interpretation and Definitions Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to the personal data controller RU4M Ltd Beograd, Tosin bunar 272B street, Belgrade, Serbia.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: Serbia

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the RU4M App and RU4M Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website refers to RU4M website, accessible from https://ru4m.com

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Identifiers, such as:

Your mobile number (including mobile country/network code);
Your personal details, (e.g., name, date of birth), if you provided them;
Your contact details (e.g., email address), if you provided them;
Other optional details (e.g. job title, employer name, country of residence);
Your account login details, such as your username and any of your password or security pin-code, which you have chosen, if any;
Device identifiers, as described below;
Your photo, if you provided it (e.g. any avatar);
Your physical location ie. the GPS location of your Device.

Usage data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies Policy

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies.

Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential CookiesType: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance CookiesType: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website. Functionality Cookies Type: Persistent Cookies Administered by: Us Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Use of Your Personal Data We use your personal data to provide you with the Service. This includes administering your account, customizing and improving the Service we offer, processing payments, serving ads and marketing campaigns, providing you with support and for compliance and safety reasons.

For the purpose of analyzing use of Our Service we may process anonymized personal data within the platforms such as Google Analytics and Firebase.

The purposes for which we collect and use your personal data:

Authentication and Account Administration:

RU4M uses different types of your personal data to create and administrate your RU4M account in order to enable you to register, log in, activate and use the Services. This includes, for example:

To authenticate and verify your account, as well as to make sure you do not already have a RU4M account;

To synchronize your contact list on the App (meaning, in order to show you your contacts on the RU4M interface so you contact them through RU4M);

Your contact details (e.g., email address), if you provided them;

Your account login details, such as your username and any of your password or security pin-code, which you have chosen, if any;

Device identifiers, as described below.

To create your profile, customize your RU4M account according to the information you have provided (e.g. name or photo), and display such information as part of your profile when you use RU4M Services., if you provided it (e.g. any avatar).

The types of data we will use for such purpose will mainly include (as detailed in the “Data We Collect” section above):

Data provided or collected through registration & under your RU4M account, such as Identifiers, your photo and phone address book;

General location;

Data we collect automatically from your device, such as device identifiers and other device data;

Data collected from other sources such as social media data and your contact name, as saved on other users’ device.

Provide our Services and enabling backups:

RU4M uses different types of personal data in order to operate, provide and deliver to you our Services, including communication features. This includes, for example:

To allow mobile carriers to connect calls to you and from you;

To show your online status;

To enable you to send and receive messages, participate in RU4M calls, delete messages;

To provide you with other RU4M features such as operational notifications (e.g., missed calls);

We will use your IP address to extract your approximate location, in order to enable you to use certain features that are only available in certain countries;

Enable you to upload and create backups of your messages on external services;

Enable you to post and share your User Submitted Content (e.g., images, videos, texts) on our communities, channels, and bots, where allowed by its administrator, and generally utilize our content features;

Send you operational related and service-related communications, including administrative messages that relate to your use of the Services;

Subject to the permission you provide, enabling you to share your location with your contacts.

We may provide Your Personal Data to third party companies to perform services on Our behalf, including payment processing, data analysis, e-mail delivery, hosting services, customer service and to assist Us in Our marketing efforts. We direct all such third party service providers to provide adequate protection of Your Personal Data, maintain the confidentiality of the information disclosed to them and to not use Your Personal Data for any purpose other than to provide services on Our behalf.

Also, We may share Your Personal Data with third party social platforms such as Instagram, Facebook, X, LinkedIn and Google in the context of profile verification.

Use of Third-Party Services — Stream Trust

RU4Meeting has integrated the Stream service (GetStream’s chat messaging platform) to provide users with reliable real-time messaging within the application. This integration introduces private and group chats as part of the app’s features, enhancing communication among users when organizing meetings and events. Using the ready-made Stream service instead of a custom-built solution offers scalable infrastructure, real-time message synchronization, and a rich set of features (such as notifications, typing indicators, attachments, etc.), with minimal development effort on our side. In short, Stream was integrated to ensure a stable, secure, and efficient chat environment in the RU4Meeting app.

For the integration, we used official Stream Chat SDK libraries on the client side.

Data Sent to the Stream Service

During integration, special attention was given to limiting the scope of personal data shared with the external Stream service. The user profile we send to Stream contains only the minimal information required for chat functionality:

User ID: An internal user identifier (e.g., numeric ID or UUID) is used as a unique marker in the Stream system. This ID is typically a pseudonym (we do not use an email or similar identifier) to reduce the possibility of revealing personal identity.
Name (nickname): A display name is forwarded to identify the message sender in the chat interface. It is recommended to use a first name or nickname, without a surname, to further protect privacy in cases where the app supports semi-anonymous users.
Profile picture (avatar): A URL pointing to the user’s profile picture or an uploaded image via the Stream API. This enables avatar display next to each message. The image is stored on the Stream side (if uploaded through them) or hosted on our server and referenced via a link.

No additional data is shared with the Stream service beyond these basic fields. Specifically, information such as email addresses, phone numbers, contact lists, or any other personal data is not visible to Stream through this integration. This ensures that the third party only receives the necessary data to provide the chat communication service.

The content of messages exchanged between users is transmitted through the Stream infrastructure, as this is the core of the messaging service. All messages, including any attachments (images, documents) sent in the chat, are transported and temporarily stored on Stream servers to enable delivery to channel members. Users are informed through the Terms of Use that their communication is facilitated via an external service.

Access Control: Access to data on the Stream platform is restricted to authorized requests using API keys and tokens. Each client can only read data from channels in which they participate.

Stream Trust, as a company, conducts regular security audits and holds SOC 2 Type II and ISO/IEC 27001:2022 certifications.

RU4M has signed a Data Processing Agreement (DPA) with the provider (Stream), outlining both parties’ obligations and responsibilities regarding user data protection. Accordingly, our application’s Privacy Policy has been updated with information about the use of the Stream service, ensuring transparency toward users (see the following section for a proposed wording).

Legal Basis for Processing:

Data processing via Stream Trust is carried out based on:

Execution of a contract (application functionality);
User consent (recording of video meetings);
Legitimate interest (service security and stability).

Data Transfer Outside the EU:
Data is not processed outside the EU. Stream Trust applies Standard Contractual Clauses (SCCs) and other measures in accordance with GDPR.

Stream Trust Privacy Policy: For more information, see:

Stream – Privacy Policy

Your rights

Right to information and access

You have the right to obtain confirmation from Us about whether or not Your personal data is being processed, and, if this is the case, access to Your personal data.

Right to correction and deletion

You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, You have the right to obtain the completion or deletion of Your data.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period.

Restriction of processing

As far as statutory requirements are fulfilled You have the right to demand for restriction of the processing of Your data.

Objection to data processing

In addition, You have the right to object to the processing of Your personal data at any time. We will then terminate the processing of Your data, unless We demonstrate compelling legitimate grounds according to legal requirements which override your rights.

Objection to direct marketing

Additionally, You may object to the processing of Your personal data for direct marketing purposes at any time. In this case, We are obliged to terminate the processing of Your data for this purpose without delay. Please take into account that due to organizational reasons, there might be an overlap between Your objection and the usage of your data within the scope of a campaign which is already running.

Withdrawal of consent

In case You consented to the processing of Your data, You have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to Your withdrawal remains unchanged.

Data portability

As far as statutory requirements are fulfilled You may request to receive data that You have provided to Us in a structured, commonly used and machine-readable format or – if technically feasible –that We transfer such data to a third party.

Right to lodge a complaint with supervisory authority

You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for Your place of residence or Your state of residency or to the supervisory authority responsible for Us. This is:

If you wish to exercise your rights regarding the processing of your data within the Stream Trust service, you can contact us or contact Stream Trust directly using the information provided in their privacy policy.

Commissioner for Information of Public Importance and Personal Data Protection

Bulevar kralja Aleksandra 15

11000 Belgrade

Serbia

E-mail: [email protected]

Telephone: +381 11 3408 900

Fax: +381 11 3343 379

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

RU4M use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, aquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your personal data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

Changes to this Privacy

Policy We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.