Storm Shield Privacy Notice
We’re Bending Spoons S.p.A., the parent company of Bending Spoons Operations S.p.A (collectively, the “Company,” “we,” “our,” or “us”). This privacy notice (the “Notice”) explains how your personal data (hereinafter, “Personal Data”) is collected, used, disclosed, and otherwise processed by the Company.
This Notice applies to information we collect and process when you access, use, or otherwise interact with us in connection with our Storm Shield mobile application (the “Services”). We may provide different or additional notices of our privacy practices for certain offerings, in which case those notices will supplement or replace the disclosures in this Notice.
CONTENTS
Personal Data Controller
The Data Controller is Bending Spoons S.p.A., based in Via Nino Bonnet 10, Milan, Italy.
Email: privacy@bendingspoons.com
Categories of Processed Data, Processing Purposes and Conditions
The Company shall process the categories of Personal Data shown below, for the following purposes:
| Purpose | Legal basis | Categories of processed data | Sources of data |
|---|---|---|---|
|
Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (art. 6(1)(b) of the GDPR). | Common data: IDFA, device model and type, location as set by the User in the device settings, device language, device name, OS version, IP address, precise location data (such as longitude and latitude), app usage, unique identifier assigned to Users by the Company. We will collect your precise location only if you grant the relevant permission by allowing “precise location” on your mobile operating system settings. |
We collect these categories of information automatically, when you interact with our Services. We may also derive data or draw inferences about you based on the information we collect. |
|
The legal basis for the processing is legitimate interest of the Data Controller (art. 6(1)(f) of GDPR). The legitimate interest of the Data Controller is to improve its products and services. |
Device information and further information collected to improve the Services’ functionality (such as the options selected by the User, their in-app actions). | |
|
Our legitimate interest to ensure the quality and the proper functioning of the services provides the legal grounds for processing this data for this purpose (article 6(1)(f) of the GDPR). | Identifiers, Internet and network activity information (such as IP address, device model, device type, OS version, crash and error logs), inferences we generate, and other related information about your usage of the app. | |
|
Legal obligations that we must comply with provide the legal grounds for processing this data for this purpose (article 6(1)(c) of the GDPR). | Any information which may be required by law or under the instructions of public authorities. | |
|
Our contractual relationship provides the legal grounds for processing this data for this purpose (article 6(1)(b) of the GDPR). | Identifiers (such as name and email address) and the content of your communication or request. | |
|
Our legitimate interest to establish, exercise or defend our rights and to carry out corporate transactions or operations provides the legal grounds for processing this data for this purpose (article 6(1)(f) of the GDPR) | Any information necessary to ensure the performance of these purposes. | |
|
Our legitimate interest provides the legal grounds for processing this data for this purpose (article 6(1)(f) of GDPR). |
|
|
|
Your consent provides the legal grounds for processing this data for this purpose (article 6(1)(a) of the GDPR). Where your consent is not required, for example, where we use your email to send you information about products and services related to or similar to the app (“Soft Opt-In”), the legal basis is our legitimate interest (article 6(1)(f) of the GDPR). |
Identifiers (such as name, and email address), Internet and network activity information (such as IP address), information about your interactions with the Services, inferences we generate and other related information about your usage of and experience with the Services (such as your responses in case you take part in our interviews). We will send you push notifications only if you grant the relevant permission by enabling push notification on your mobile operating system settings. |
The Services are not for children under the age of 16. The Company does not knowingly collect Personal Data from children. If you believe we have received Personal Data from children under the age of 16, please email us at privacy@bendingspoons.com.
Should the Company realize that some Users are aged below 16 , it shall immediately delete the processed data and close the related account forthwith.
Retention of Users’ Personal Data
Personal Data may be processed by both automated and non-automated means and may be stored at our premises and on our service providers’ servers. We adopt appropriate technical and organizational measures designed to prevent the loss, improper use and alteration of your Personal Data. However, transmissions of data over the Internet are never 100% secure.
Personal Data processed for the purposes of Provision of the Service, Service Improvement, Customer Support, and Analytics will be kept for no more than three (3) years from the date of your last interaction with the Services or from the date of the expiration of your subscription. If you access the Services after your subscription expires, the retention period starts from the date of this most recent interaction with the Services.
Personal Data processed for Troubleshooting purposes will be kept only as long as necessary to fulfill said purposes, and in any case for no more than one (1) year from the date of your last interaction with the Services or from the date of the expiration of your subscription. If you access the Services after your subscription expires, the retention period starts from the date of this most recent interaction with the Services.
Personal Data processed for Compliance purposes will be kept up to five (5) years from the date of your last interaction with the Services or from the date of the expiration of your subscription. If you access the Services after your subscription expires, the retention period starts from the date of this most recent interaction with the Services.
Personal Data processed for Defense purposes will be kept up to ten (10) years from the date of your last interaction with the Services or from the date of the expiration of your subscription. If you access the Services after your subscription expires, the retention period starts from the date of this most recent interaction with the Services.
Personal Data processed for Marketing purposes will be kept up to two (2) years from the date of your last interaction with the Services or from the date of the expiration of your subscription. If you access the Services after your subscription expires, the retention period starts from the date of this most recent interaction with the Services.
In some cases, we retain Personal Data for longer than the retention periods described above. For example, specific legal obligations might require different retention periods and, in such cases, those different periods will apply.
At the end of these specified periods, unless any legal obligations require a longer data retention, the processed Personal Data will be either deleted or anonymized.
Mandatory or Optional Nature of the Supply of Personal Data and Consequences of the Refusal to Answer
It is necessary for you to supply your Personal Data to use the Services. Your refusal to supply the requested data, or the supply of inaccurate data, might make it impossible to use the Services.
Analytics
We engage vendors that provide analytics services on our behalf. These vendors may use pixels, SDKs, device identifiers, and other technologies to collect information about your use of our Services and other websites and mobile apps, including your IP address, web browser and mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, order information, items added to cart, and conversion information. This information is used to analyze and track data, determine the popularity of certain content, and better understand your activity.
Recipients of Personal Data
The Company may disclose Personal Data to the following categories of recipients:
public, judicial or police authorities, as necessary and within the limits established by applicable laws and regulations, if we have reason to believe that your actions are inconsistent with our user agreements or policies or that you’ve violated the law, or if it’s necessary to protect our rights, property, and safety or that of our users, the public, or others;
service providers, vendors, or consultants carrying out activities that are related or instrumental to the Company’s activities, acting as outsourced data processors (such as suppliers providing IT maintenance and development services, IT or filing services, or mobile marketing services), duly appointed in writing by the Company in accordance with applicable privacy laws;
other users or the public, when you provide a review of the Services;
our legal, financial, insurance, and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests;
in connection with, or during negotiations of, certain corporate transactions, including a merger, financing, acquisition of all or a portion of our business by another company, reorganization, sale of company assets, or as part of the associated due diligence; and
other third parties when we have your consent or you intentionally direct us to do so.
International Data Transfers
The Company may transfer Personal Data of the Users to countries other than the country in which the data was originally collected for the purposes described in this Notice. For example, we may transfer your Personal Data to the United States. The countries to which we transfer Personal Data may not have the same data protection laws as the country in which you initially provided the information. When we transfer Personal Data across borders, we consider a variety of requirements that may apply to these transfers.
Specifically, we may transfer Personal Data from the European Economic Area to:
Pursuant to the recipient's compliance with standard contractual clauses (also known as Model Clauses),
Countries that the European Commission has deemed to adequately safeguard Personal Data, or
As otherwise permitted by applicable EEA requirements.
Your Privacy Choices
The Users, at any time and free of charge, can request the following, in relation to how we process your Personal Data:
Access: you may request access to your Personal Data and receive copies of it.
Correction: you may request that we update or correct inaccurate/incomplete Personal Data.
Object to, or Limit or Restrict, Use of Data: you can ask us to stop using all or some of your Personal Data or to limit our use of it.
Deletion: you can request that we delete your Personal Data. We will honor such requests unless we have to retain this information to comply with a legal obligation or unless we have an overriding interest to retain it.
Consent Management: where we rely on consent to process your Personal Data, you may withdraw the consent at any time. You do not have to provide a reason for your withdrawal where processing is based on consent.;
Portability: you can request a transferable version of your Personal Data, such that it can be shared with another provider).
You can make these requests by writing to privacy@bendingspoons.com. For your protection, we may require proof of identity and verification before we can answer your requests.
Users may have the right to complain before the competent national data protection authority, or any other applicable regulator in the jurisdiction where you reside, in the event that you think we’ve violated the applicable privacy laws and we haven’t addressed your request.
You may have additional privacy rights if you reside in certain U.S. states. Please see Additional U.S. State Disclosures for more information.
Precise Location Information
We only collect precise geolocation data if you give your consent for us to do so. When you first launch the Services, you will be asked to consent to the Services’ collection of this information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device.
Communications Preferences
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending a request to privacy@bendingspoons.com. Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive transactional or administrative messages from us regarding the Services.
Mobile Push Notifications
With your permission, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
Automated decision-making
No entirely automated decision-making is carried out within the processing of the Users’ Personal Data (there included profiling under Article 22(1) and 22(4) of GDPR).
Additional U.S. State Disclosures
Certain U.S. states have state-level privacy laws that grant their residents certain rights and require specific disclosures (“State Privacy Laws”). This section provides information about your Personal Data and additional information about your rights under applicable State Privacy Laws and serves as our California notice at collection.
| Category of Personal Data | Use of Personal Data | Categories of Recipients |
|---|---|---|
| Identifiers (such as your name, email address, or IP address) |
|
|
| Commercial information (such as records of services purchased) |
|
|
| Internet or other electronic network activity information (such as information from cookies and browsing behavior) |
|
|
| Geolocation data (such as precise location data and country) |
|
|
| Inferences (such as your location based on your IP address) |
|
|
| Other Personal Data that relates to or is reasonably capable of being associated with you (such as customer feedback, call and voicemail transcripts, messages and communications between and among Users) |
|
We collect precise location information, which is considered "sensitive" under the applicable State Privacy Laws. We limit our processing of this information to provide the Services. We do not use or disclose sensitive Personal Data for the purpose of inferring characteristics about you.
As described in the Categories of Processed Data, Processing Purposes and Conditions section above, we collect Personal Data from various sources, including directly from you, automatically when you access or use the Services, and from third-party sources.
We do not sell or share Personal Data in connection with the Services.
Your Rights
Access, Correction, and Deletion: you have the right to (1) request to know more about and access your Personal Data, including in a portable format, (2) request deletion of your Personal Data, and (3) request correction of inaccurate Personal Data. To request access, correction, or deletion of your Personal Data, send your request to privacy@bendingspoons.com.
Nondiscrimination: you have the right not to be discriminated against for exercising any of your privacy rights.
Appeals: if we deny your request, you may appeal our decision by contacting us at privacy@bendingspoons.com. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
To authenticate your request, we will confirm your identity first by asking you to provide us with the relevant IDs.
Your authorized agent may submit a rights request on your behalf. We may ask your authorized agent to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact you to confirm the authorized agent has permission to submit the request. To submit a rights request, please send your request to privacy@bendingspoons.com.
Changes and Updates to This Notice
The Company may modify and/or update, in whole or in part, this Notice from time to time, also in view of future changes that may involve the applicable privacy laws. If we make changes, we will notify you by revising the date at the top of this Notice. If we make material changes, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification). In this regard, it could be required to the User to read the new version of the Notice and to accept it before continuing to use the Services.
Last Updated: 17 December 2024
Can't find what you’re looking for?
Contact us.