Privacy Notice

Last Modified: August 08, 2024

    1. WHO WE ARE AND HOW TO CONTACT US

      1.1. The website located at www.allpasstrust.com ("Platform") is operated by Aylo Freesites Ltd (hereinafter "APT","we","us"or"our"). Our registered office is located at 195-197 Old Nicosia- Limassol Road, Block 1 Dali Industrial Zone, 2540 in Cyprus. APT is the controller of certain personal data processed by the Platform.

      1.2. If you have any questions about this Privacy Notice or would like to exercise any of your rights, please contact our Data Protection Officer by email at the following addresses:

        1.2.1. Privacy Team: privacy@allpasstrust.com; or

        1.2.2. Data Protection Officer: dpo@allpasstrust.com

    2. WHEN THIS PRIVACY NOTICE APPLIES

      2.1. This Privacy Notice (together with our Terms of Use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us or by our third party service provider.

      2.2. We respect your privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not want your information to be processed as set out in this Privacy Notice, please do not provide any personal data to us and do not use the Platform.

      2.3. This Privacy Notice applies to information we collect:

      • on the Platform, ourselves our via the services of third-party service providers; or
      • in e-mail and other communications between you and APT.

      2.4. It does not apply to information collected by:

      • any other website operated by us;

      2.5. We strongly recommend that you review the privacy notices of any website on which you use our Universal Login to access before using them or providing them with any personal data.

    3. WHO THIS PRIVACY NOTICE APPLIES TO

      3.1 This Privacy Notice applies to anyone who visits or uses our Platform including individuals who create an account ("Users") .

    4. WHY DO WE COLLECT INFORMATION?

      4.1. Certain jurisdictions require website operators to verify a person's age before allowing them access rights to certain websites and/or certain types of content shown on websites. We collect information from Users to verify your age and provide you with access to Aylo Websites that contain age restricted content.

      4.2. If a User would like to use our services, our third-party age verification service providers ("Service Providers") will require certain personal data to process age verification. The Service Providers will then confirm to us whether the User passes or fails the age verification process and therefore is at least 18 years old or the age required by the relevant jurisdiction for accessing the Aylo Websites (as this term is defined under the Terms of Use). Once a User's eligibility to use our services has been confirmed, they will be granted a "Universal Login" which they will be able to use to access the Aylo Websites.

      4.3. We will explain the purposes and legal basis on which we process data in more detail at section 7 of this Privacy Notice.

    5. INFORMATION WE COLLECT AND HOW WE COLLECT IT

    We only collect a limited amount of personal data about Users. The data we process is listed below.

    Personal data we collect

    How it is collected

    Login ID (including your email address and password)

    You will provide it directly to us when you create an account with us. Note that we hash such data when storing your Login ID, for increased privacy.

    Age Status (whether you pass or fail the age verification process and therefore are at least 18 years old or the age required by the relevant jurisdiction for accessing the Aylo Websites ).

    We will receive this information from a Service Provider when they have verified your age.

    Technical data (including your internet protocol address (IP address) and log in data.

    We may collect this information from your device or browser. Note that we may hash your IP address for increased privacy

    Cookie data

    We or a third party have set cookies on your device or browser. Please see Section 6 for more information relating to the cookies we use.

    Jurisdiction data (the country in which you are located, but not your exact location)

    We receive information about your approximate location from your IP address.

    6. COOKIES

    As you navigate through and interact with the Platform, we use automatic data collection technologies to collect website activity data. The technologies we use for this automatic data collection may include cookies, which are small text files that are stored in your web browser or downloaded to your device when you visit the Platform.

    Cookies can be either session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires, or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after many years.

    Strictly necessary cookies: These are cookies that are required for the operation of the Platform. These include, for example, cookies that enable a user to log in to the Platform and to check if a user is allowed access to a particular service or content.

    Analytics cookies: These cookies allow us to recognize and count the number of Users and to see how Users use and explore The Platform. These cookies help us to improve The Platform.. Additionally, we use third party session recording technologies that help us better understand our Users’ experience, however, the recording data is pseudonymized.

    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.

    The Cookie Banner can be utilized to customize your cookie preferences. The Cookie Banner will record when you have consented to our cookies. The Cookie Banner specifically controls the analytics cookies set by using the Platform. Consequently, Analytics cookies can be switched off at any time by accessing the 'Manage cookies' option that is located at the footer of the Platform.

    Strictly necessary cookies cannot be disabled, nor can the tool be used to block cookies on third party websites linked from our Platform.

    We currently use the following types of cookies:

    Cookie

    Reason/Purpose

    Duration/Type

    Essential cookies

    AV

    This cookie is used for storing the user’s session ID

    Persistent cookie

    gdprcookienotice

    This cookie is used for storing the user’s selection.

    Session cookie

    XSRF-TOKEN

    This cookie is used for controlling the integrity of the request.

    Persistent cookie

    clientRedirect

    This cookie is used for storing the url of the client on where to redirect the user after a verification.

    Persistent cookie

    Analytics

    Google Analytics (e.g. _ga, _gid, SID, AEC)

    We use Google Analytics cookies which contain information regarding their device if the User has chosen to share it with Google Analytics.

    Google Analytics is a web analytics service provided by Google, Inc. which uses cookies to collect information about how visitors use our site. We use this information to compile reports and to help us improve our site. Google holds this information and provides us with access to it. Find out more about Google Analytics at: https://support.google.com/analytics/answer/6004245

    Read the Google Analytics privacy notice at: https://policies.google.com/privacy

    You can find out how to opt out of being tracked by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout

    Various lengths

    7. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA

    We use information that we collect about you or that you provide to us for following purposes:

    What's the purpose?

    Which types of data are processed?

    What's the lawful basis?

    Confirming User age verification compliance required by the relevant jurisdiction for accessing the Aylo Websites.

    Login ID and Age Status.

    When necessary for the performance of a contract entered into with you when you agree to our Terms and Conditions or when necessary to legitimately operate our Platform effectively.

    Communicating with you. (We do not send direct marketing to Users' email addresses and Login IDs are stored as hashed data. However, Users may provide their un-hashed personal data when communicating with us).

    Login ID.

    It is necessary for our legitimate interest of operating our business, resolving issues if they arise and assisting Users to recover their accounts or re-set passwords.

    Provision of services

    Login ID, Age Status, Technical, Cookie and Jurisdiction data.

    When necessary for the performance of the contractual terms entered into with you when you agree to our Terms and Conditions or when necessary to legitimately operate our Platform effectively.

    Providing you with support, resolving complaints and monitoring feedback.

    Login ID and Technical Data.

    When necessary for the performance of the contractual terms entered into with you when you agree to our Terms and Conditions or when necessary to legitimately operate our Platform effectively.

    Administering and protecting our site (e.g. troubleshooting, testing, data analysis, system maintenance)

    Login ID, Technical and Jurisdiction data.

    When necessary to legitimately operate our Platform effectively., namely protecting us from cyberattacks and preventing fraud etc.

    Managing our relationship with you (including managing your account, notices about your account, and notices about changes to our Platform or any services we offer or provide through it)

    Login ID and Technical data.

    When necessary for the performance of the contractual terms entered into with you when you agree to our Terms and Conditions or when necessary for our legitimate interest.

    To enforce our terms and conditions or contract with you, prevent fraud or any other processing required to comply with requirements imposed by law or a court order.

    Login ID, Age Status, Technical, Cookie and Jurisdiction data.

    When required to comply with legal obligations.

    When necessary for the performance of the contractual terms entered into with you when you agree to our Terms and Conditions or when necessary to legitimately operate our Platform effectively.

    We may need to process your personal data for various legal purposes which will be shared with you upon providing the information requested from you; or for any other purpose with your express consent.

    Should you fail to provide the information we request from you we will not be able to perform the services under the Terms and Conditions of APT which will prevent you from accessing Aylo Websites that require age verification.

    8. DISCLOSURE OF YOUR PERSONAL DATA

    We understand that your personal data is important, and we therefore want you to understand the limited circumstances in which we may disclose it. We do not share your personal data with third parties or allow them to access it, except as indicated below:

    • If you are a User and we refer any dispute between us to the Online Dispute Resolution (ODR) Platform, and/or we agree to engage in any alternative dispute resolution (ADR) procedure with you through the Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute.

    • To our third-party suppliers (e.g. serving hosting supplier, customer services supplier, business support supplier).

    • In response to a summons or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Platform terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.

    • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by us about our Users is among the assets transferred. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Notice.

    • To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our Users, our employees, or others, to maintain and protect the security and integrity of our Platform or infrastructure.

    • To the extent this is necessary to fulfil any other purpose not mentioned above for which you provided personal data and, if applicable, your consent separately from this Privacy Notice.

    Please note that you may be required to submit identification documents and other personal data to Service Providers who collect this information from you and verify your age and confirm this to us. We do not conduct the verification ourselves and will not require copies of the identification documents or other personal information you submit to the third parties, aside from an approval or rejection from the age verification process.

    We may also disclose aggregated non-personal data (information that does not identify any individual) without restriction. In particular, we may transfer non-personal data and process it outside your country of residence, wherever the Platform, its affiliates and service providers operate. We may combine non-personal data we collect with additional non-personal data.

    9. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

    We may share the information we collect globally, across our corporate group and with our service providers. Transfers are necessary for a variety of reasons, including our operation and provision of the services stated in our Terms of Service, Privacy Notice or so that we can fix, analyze, and improve our . Whenever we transfer personal information to countries outside the EEA and other regions with comprehensive data protection laws, we will ensure that the information is transferred in accordance with this Privacy Notice, as permitted by the applicable laws and based on appropriate mechanisms.

    Where available, we rely on decisions of the European Commission, known as “adequacy decisions,” recognizing that certain countries offer a level of protection of personal data that is essentially equivalent to the EEA.

    In other situations, we rely on standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK, where appropriate) or on derogations provided for under the applicable law to transfer information to a third country.

    Personal data relating to Users is stored on Microsoft Azure Cloud infrastructure and on servers in Europe. If you would like more information regarding the appropriate safeguards we have put in place for transfer of personal data outside of the EEA, please contact our DPO using the details set out at the beginning of this Notice.

    10. FINANCIAL INFORMATION

    We do not routinely process Users' financial information through the Website.

    11. RETENTION OF PERSONAL DATA

    We store your personal data for different periods of time depending upon the purposes for which we collected it and we do not store your personal data for longer than is necessary to fulfil these purposes.

    We take into consideration a number of factors when we determine the appropriate retention periods for your personal data, including what personal data we are processing, the risk of harm from any unauthorized disclosure, why we are processing your personal data and whether we can achieve this outcome by another means without having to process it.

    Please note that if you delete your Universal Login, or if your account is closed, deleted and/or terminated for any reason, we may retain your information to the extent this should be necessary to comply with legal, auditing or account obligations.

    12. YOUR RIGHTS RELATED TO YOUR PERSONAL DATA

    Subject to local law and applicable legal requirements and exemptions, you have certain rights regarding your personal data:

    • Right of access: you have the right to receive information on the personal data we hold about you and how such personal data is used, as well as a copy of your personal data;

    • Right to rectification: you have the right to rectify inaccurate personal data concerning you;

    • Right to be forgotten: you have the right to delete/erase your personal data;

    • Right to data portability: you have the right to receive the personal data provided by you in a structured, commonly used, and machine-readable format and to transmit this personal data to another data controller;

    • Right to object: you have the right to object to the use of your personal data where such use is based on our legitimate interests or on public interests;

    • Right to restriction of processing: you have the right in some cases, to restrict our use of your personal data; and

    • Right to file a complaint: If you are in the EEA or the UK, you also have a right to file a complaint with your local data protection authority.

    Moreover, the Users have the right to withdraw their consent and complain to a Member State's supervisory authority for data protection issues. Before exercising this right, we encourage you to contact us first to resolve any complaint you may have, although this is not legally required.

    To exercise any of the rights above please contact us using the details at the beginning of this Privacy Notice. If you do so, please provide us the information that needed about the request you want to make to help us respond as soon as we can. You might need to provide us with proof of identity before we can fully respond, as we need to be sure we are giving the correct personal data to the correct individual. Please note that according to privacy regulations and applicable laws, we may not be able to proceed your request, if we cannot verify the User.

    Please be aware that the above rights are not available to everyone all the time. Some are subject to exemptions, and so we may not always be able, or required, to comply with your request to exercise these rights.

    We usually respond to data protection requests within one month, but it can take longer if your request is particularly complex or if you have made a number of requests. You will not usually have to pay a fee to exercise the rights above, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive, or excessive; alternatively, we may refuse to comply with your request.

    Please note that we may need to process your personal data to respond to your request.

    13. CHOICES IN RELATION TO YOUR PERSONAL DATA

    As well as being able to exercise the above rights, we have outlined below some other examples of how you can exercise control and make choices regarding the personal data you provide to us.

    • You can choose not to provide us with certain personal data, but that may result in you being unable to use certain features of our Platform because such information may be required in order for you to register as a User, pass verification procedures, login via the Universal Login, access third-party websites, purchase or request our services, ask a question, or initiate other transactions on our Platform.
    • You may delete your Universal Login at any time. If you do so, your personal data and all other account related information will no longer be accessible by you. After deleting your Universal Login, if you want to create a new account, you will have to sign up again as none of the information you previously provided will have been saved. Please note that Personal Users will have to pass the age verification procedures again to be granted a new Universal Login.
    14. COMPLAINTS PROCEDURE

    We regularly review this Privacy Notice and our compliance with its terms. Please feel free to direct any questions or concerns regarding this Privacy Notice to our Data Protection Officer using the details set out at the top of this Notice.

    When we receive a formal written complaint, it is our Notice to contact the complaining party regarding their concerns. We will cooperate with the appropriate regulatory authorities, including relevant data protection authorities, to resolve any complaints regarding the collection, use and disclosure of personal data that cannot be resolved by an individual and us.

    You also have the right to complain to a Member States' supervisory authority for data protection issues, as set out in section 12.

    15. NO RIGHTS OF THIRD PARTIES

    This Privacy Notice does not create rights enforceable by third parties.

    16. NO CHILDREN

    Our Platform is not for use by persons under the age of 18 and we do not seek to collect personal data from children. If you become aware that your child has provided us with personal data, please contact us using the details set out at the beginning of this Privacy Notice.

    If we become aware that a child has provided us with personal data, we will take steps to delete such data and terminate that person's account.

    17. CHANGES TO OUR PRIVACY NOTICE

    We may modify or revise our Privacy Notice from time to time. Although we may attempt to notify you when major changes are made to this Privacy Notice, you are expected to periodically review the most up-to-date version found at https://allpasstrust.com/privacy, so you are aware of any changes.

    All changes are effective immediately and apply to all access to and use of the Platform thereafter. The updated version of our Privacy Notice supersedes any prior versions immediately upon being posted.

    If we change anything in our Privacy Notice, the date of change will be reflected in the "last modified date" below. You agree that you will periodically review this Privacy Notice and refresh the page when doing so. You agree to note the date of the last revision to our Privacy Notice. If the "last modified" date is unchanged from the last time you reviewed our Privacy Notice, then it is unchanged. If the date has changed that means that there have been changes.