FRIENDS Privacy Policy

This App collects some Personal Data from its Users.

Privacy Policy Summary

Personal Data are collected for the following purposes and using the following services:

Access the accounts of third-party

• services and Access Facebook
• accounts
• Authorizations: Access to posts in the User's timeline; Access to friend lists; Email; Likes

Beta Testing

• TestFlight and Google Play Beta Testing
• Personal Data: last name; email; first name

Social Network functionalities

• Invite and refer friends
• Personal Data: various types of Data

Amazon Web Services (AWS)

• hosting and backend
• infrastructure
• Personal data: various types of data as specified in the privacy policy of the service.

Authorization to access Personal Data available on the User's device -

• Authorization to access to Personal Data available on the User's device -
• Personal Data: Camera permission; Photo Gallery Permission

Registration and authentication

• Facebook Authentication and Instagram Authentication
• Personal data: various types of data as specified in the privacy policy of the service.

Additional information about Personal Data

User Data Analysis and Forecasts ("profiling")

The Data Controller may process usage data collected through this App to create or update users' profiles. This type of processing enables the Data Controller to assess Users' choices, preferences and behavior for the purposes specified in the respective sections of this document. User profiles may also be created by automated tools, such as algorithms, which may also be offered by third parties. To obtain further information on the profiling activity, Users may refer to the respective sections of this document. Users have the right to oppose this profiling activity at any time. To learn more about the Users rights and how to exercise them, Users may refer to the section of this document related to Users' rights.

Push Notifications

This App may send push notifications to the User.

Contact Information

Data Controller

Friendz Enterprise Srl - start-up innovativa P.IVA 10736940965, Via Bianca di Savoia 17 20122 MILANO (MI)

Data Controller email: privacy@friendz.io

Full Privacy Policy

Data Controller

Friendz Enterprise Srl - start-up innovativa P.IVA 10736940965, Via Bianca di Savoia 17 20122 MILANO (MI)

Data Controller's email address: privacy@friendz.io

Nature of the data collected

Among the Personal Data collected by this App, either independently or through third parties, there are: email; first name; last name; various types of Data; Camera Permission; Photo Gallery Permission. Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information displayed before collecting the data. Personal Data may be freely provided by the User or, in the case of Usage Data, be automatically collected when using this App. Unless otherwise specified, all Data requested by this Application are mandatory. If the User refuses to disclose them, it may be impossible for this App to provide the Service. When this App marks some of the Data as optional, Users may choose not to disclose said Data, without any consequence on the availability of the Service or its operation. If Users have any doubts about what Data are mandatory, they should contact the Data Controller. Any use of Cookies - or other tracking tools - by this App or the data controllers of third-party services used by this App, unless otherwise specified, has the purpose to provide the Service requested by the User, in addition to the purposes further described in this document and in the Cookie Policy, if available. The User is liable for the Personal Data of third parties obtained, published or shared through this App and guarantees to have the right to disclose or disseminate them, holding the Data Controller harmless from any liability towards third parties.

Place and method of data processing

Processing methods

The Data Controller has adopted the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and with a logic strictly related to the mentioned purposes. In addition to the Data Controller, other parties involved in the organization of this App (administrative, commercial, marketing, legal department, system administrators) or external parties (such as third party technical service providers, postal carriers, IT companies, communication agencies, hosting providers) appointed as Data Protection Officers by the Data Controller, if necessary, may have access to the Data. The updated list of Data Protection Officers may always be requested from the Data

Legal basis of the processing

The Data Controller will process Personal Data related to the User if one of the following conditions is met:

• the User provided consent for one or more specific purposes;
• Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without the User's consent or any other of the legal bases specified below, until the User opposes ("opt-out") such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
• processing is necessary for the performance of an agreement with the User and/or for the performance of pre- contractual measures; processing is necessary to fulfill a legal obligation to which the Data Controller is subjected;
• processing is necessary for the performance of a task in the public interest or for exercising public powers entrusted to the Data Controller;
• processing is necessary for the legitimate interest of the Data Controller or third parties.
However, it is always possible to request the Data Controller to clarify the actual legal basis for each processing and in particular to specify whether the processing is based on the law, is required by an agreement or is necessary for entering into an agreement.

Place

The Data are processed at the executive offices of the Data Controller and in any other location where the parties involved in the processing are located. For additional information, please contact the Data Controller.
The personal Data of the User may be transferred to a country other than one in which the User is located. To obtain additional information on the place of the processing, the User may refer to the section related to the details on the processing of Personal Data.

The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or the transfer to an international organization governed by public international law or consisting of two or more countries, such as the UN, and also about the security measures adopted by the Data Controller to protect the Data.

The User may check whether one of the above transfers occurred by examining the section of this document concerning the details on the processing of Personal Data or by requesting information from the Data Controller contacting it by using the contact details previously provided.

Storage period

The Data are processed and stored for the time required to achieve the purposes for which they were collected. Therefore:

• Personal Data collected for purposes related to the performance of an agreement between the Data Controller and the User will be stored until the performance of such agreement is completed.
• Personal Data collected for purposes related to the legitimate interest of the Data Controller will be stored until such interest is met. The User may obtain further information regarding the legitimate interest pursued by the Data Controller browsing the pertinent sections of this document or by contacting the Data Controller.

When processing is based on the User's consent, the Data Controller may store Personal Data beyond that period, until such consent is revoked. It may also occur that the Data Controller is required to store Personal Data for a longer period of time, due to a legal obligation or by order of an authority.

At the end of the aforementioned storage period, Personal Data will be erased. Therefore, after the expiration of such term, the right of access, erasure, rectification and the right to portability of the Data may no longer be exercised.

Purpose of the data processing for the collected data

User Data are collected to allow the Data Controller to provide the Services, as well as for the following purposes: Access to accounts of third-party services, Beta Testing, Social Network Functionalities, Hosting and backend infrastructure, Authorization to access Personal Data available on the User's device and registration and authentication.

To obtain additional detailed information on the purpose of the processing and on Personal Data actual relevant to each purpose, the User can refer to the specific sections of this document.

Facebook authorizations required by this App

This App may require Facebook access authorizations to allow it to perform actions with the Facebook account and collect information, including Personal Data, from it. This service allows this App to connect with the User’s account on the Facebook social network, provided by Facebook Inc.

For more information about the following authorizations, please refer to the documentation of Facebook authorizations and to the Facebook Privacy Policy.

The authorizations required are as follows:

Basic information

The basic information of the User registered on Facebook which normally includes the following Data: id, name, image, gender and localization language and, in some cases, Facebook "Friends". If the User made available to the public additional Data, the latter will be available.

Access to posts contained in the User's timeline

It provides access to posts on the User's timeline.

Access to friend lists

It provides access to lists of friends created by the User.

Email

It provides access to the primary email address of the User.

Like

It provides access to the list of all the pages that the User marked with the Like button.

Authorization to access the Personal Data available on the User's device

Depending on the specific device used by the User, this App may require authorization to access User Data on said device, as described below.

Such authorizations must be provided by the User before processing any information. Once issued, the authorization may be withdrawn by the User at any time. In order to withdraw authorizations, the User may use the system settings or contact the Data Controller at the addresses specified in this document.
The procedure for checking authorizations may vary depending on the device and software used by the User.

Please note that withdrawal of one or more authorizations may have consequences for the proper operation of this App.

In the event that the User provides the authorization specified below, the pertinent Personal Data may be processed (access, change or deletion) by This Application.

Camera Permission

It is used to access the camera or acquire images and videos from the device.

Photo Gallery Permission

It allows access to the User's Photo Gallery.

Details on the processing of Personal Data

Personal Data are collected for the following purposes and using the following services:

Access to accounts of third party services

• Beta Testing Social
• Network functionalities
• Hosting and backend infrastructure
• Authorization to access the Personal Data available on the User's device -Registration and authentication

Additional information about Personal Data

• Analysis of User's Data and Forecasts ("profiling") Push Notifications

Rights of the User

Users may exercise specific rights with regard to the Data processed by the Data Controller. In particular, the User has the right to:

Details of the right to oppose the processing

When Personal Data are processed in the public interest, in the exercise of public powers entrusted to the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to oppose processing for reasons concerning their particular situation.

Users are informed that, if the Data are processed for direct marketing purposes, they may oppose the processing without giving reasons. In order to find out if the Data Controller processes data for direct marketing purposes, it is necessary to visit the respective sections of this document.

How the rights can be exercised

In order to exercise their rights, Users may submit a request to the contact details of the Data Controller specified in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible and at the latest within one month.

Cookie policy

• withdraw consent at any time. The User may withdraw consent for the processing of Personal Data previously provided.
  oppose the processing of the Data. The User may oppose the processing of its Data when processing takes place on a legal basis different from that of the consent. Additional details on the right to oppose the processing are provided in the section below.
• Accessing one's Personal Data. The User has the right to obtain information on the Data processed by the Data Controller, on specific aspects of the processing and to receive a copy of the Data processed.
  Check and request correction of Data. The User may check the correctness of the Data and may update or correct them.
• obtain the limitation of the processing. Under specific conditions, the User may request the limitation of the processing of the Data. In this case, the Data Controller will not process the Data for any other purpose than data storage.
• obtain the erasure of the Personal Data. Under special conditions, the User may request the erasure of the Data by the Data Controller.
• receive one's Data or have them transferred to another Data Controller. The User has the right to receive the Data in a structured format, commonly used and readable by an automatic device and to obtain their transfer without restrictions to another Data Controller, if technically feasible. This is applicable when the Data are processed by automated devices and the processing is based on the User's consent, on an agreement of which the User is a party or on contractual measures connected to it.
• lodge a complaint. The User may lodge a complaint with the Data Protection Officer or take legal action.

Details of the right to oppose the processing

When Personal Data are processed in the public interest, in the exercise of public powers entrusted to the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to oppose processing for reasons concerning their particular situation.

Users are informed that, if the Data are processed for direct marketing purposes, they may oppose the processing without giving reasons. In order to find out if the Data Controller processes data for direct marketing purposes, it is necessary to visit the respective sections of this document.

How the rights can be exercised

In order to exercise their rights, Users may submit a request to the contact details of the Data Controller specified in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible and at the latest within one month.

Cookie Policy

This App uses Cookies. For more information and to read the full Policy, the User may refer to the Cookie Policy.

Additional information on processing

Defense in court

The User's Personal Data may be used by the Data Controller in court or in the preparatory stages to defend against abuses in the use of this App or related Services by the User.
The User states to be aware that the Data Controller may have to disclose the Data by order of the public authorities.

Specific privacy policies

On request of the User, in addition to the information contained in this privacy policy, this App may provide additional information to the User regarding specific Services, or the collection and processing of Personal Data.

System log and maintenance

For operational and maintenance needs, this App and any third party services used by it may collect system logs, that is files that record interactions and may also contain Personal Data, such as User IP address.

Information not contained in this privacy policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Reply to "Do Not Track" requests

This App does not support "Do Not Track" requests.
To know if any third party services used by it, support them, the User must browse their privacy policy.

Amendments to this Privacy Policy

The Data Controller reserves the right to make amendments to this privacy policy at any time by informing Users on this page and, if possible, on this App and, where technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller.
We advise to visit this page regularly, referring to the date of the last update specified at the bottom.

If the amendments involve processing with consent as the legal basis, the Data Controller will collect the consent of the User again, if necessary.

Definitions and legal references

Last amendment: March 5, 2019
iubenda hosts this content and collects only the Personal Data strictly necessary for its provision.