Privacy Policy
Last updated: 3 June 2025
1. Data Controller
The Data Controller is Microfilla Srl, registered office at Via Aquila 6/a, 48015 Cervia (RA), Italy, VAT no. 02650000397, hereinafter also referred to as "uigooo", "we" or "us".
Privacy contact: [email protected]
2. Personal Data Collected
We collect the following categories of personal data:
2.1 Data provided directly by you
- Registration data: first and last name, email address, password (stored in encrypted form), account type (individual or organisation).
- Profile data: profile photo, bio, city, interests, organisation type.
- User-generated content: events created, chat messages, event registrations.
2.2 Data collected automatically
- Usage data: pages visited, features used, access dates and times.
- Device data: device type, operating system, unique device identifiers (for push notifications).
- Approximate location data: city or geographic area, used to show nearby events. We do not collect precise GPS location without your explicit consent.
- Push notification tokens: required to send event-related notifications.
2.3 Data from third parties
If you choose to register via Google, Facebook or Apple, we receive from these providers the data you have authorised them to share (usually name, email address and unique identifier). We do not receive your password for those services.
3. Purposes and Legal Bases for Processing
3.1 Service provision (Art. 6(1)(b) GDPR – performance of a contract)
- Creating and managing your account.
- Enabling you to create, edit, register for and attend events.
- Chat functionality with other users attending the same events.
- Sending push notifications relating to event updates.
3.2 Compliance with legal obligations (Art. 6(1)(c) GDPR)
- Retention of data required by tax and accounting regulations.
- Responding to requests from competent authorities.
- Recording acceptance of legal documents (privacy policy and terms).
3.3 Legitimate interests (Art. 6(1)(f) GDPR)
- Prevention of fraud and abuse on the platform.
- Service improvement through aggregated and anonymised data.
- Security of the platform and users' data.
3.4 Consent (Art. 6(1)(a) GDPR)
- Sending marketing communications and newsletters (if expressly requested).
- Use of non-essential analytical and profiling cookies.
4. Sharing Data with Third Parties
We do not sell your personal data. We may share it with the following categories of recipients:
4.1 Technical service providers (data processors)
- Supabase Inc. (USA) – database, authentication and storage. Processing based on Standard Contractual Clauses (SCCs) approved by the European Commission.
- Google LLC / Firebase (USA) – push notifications (Firebase Cloud Messaging) and sign-in via Google account. Processing based on SCCs and the EU-US Data Privacy Framework.
- Meta Platforms Ireland Ltd. (Ireland) – sign-in via Facebook account. Subject to GDPR as a European entity.
- Apple Inc. (USA) – sign-in via Apple ID. Processing based on SCCs and the EU-US Data Privacy Framework.
4.2 Public authorities
We may disclose your data to law enforcement or judicial authorities where required by law or in emergencies that put the safety of persons at risk.
4.3 Visibility to other users
Your name, initials and account type are visible to other users within the app's social features (organiser profile, event participants, chat). You can control your profile visibility in the settings.
5. International Data Transfers
Some of our providers are based in the United States. In such cases, transfers are carried out in compliance with Art. 46 GDPR through:
- Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914/EU).
- EU-US Data Privacy Framework (Adequacy Decision 2023/1795/EU), where applicable.
6. Data Retention
- Account data: retained for the duration of the contractual relationship and for 12 months following account deletion, unless legal obligations require otherwise.
- Access and security logs: 90 days.
- Chat messages: retained as long as at least one participant in the conversation keeps an active account; deleted within 30 days of the closure of the last account involved.
- Billing data: 10 years under Italian tax legislation.
- Data for legal obligations: for the period required by applicable law.
At the end of the retention period, data is deleted or irreversibly anonymised.
7. Your Rights
As a data subject, you have the following rights under Arts. 15–22 GDPR:
- Access (Art. 15): obtain confirmation of processing and a copy of the data relating to you.
- Rectification (Art. 16): correct inaccurate data or complete incomplete data.
- Erasure ("right to be forgotten", Art. 17): obtain deletion of data where there is no other legal basis for processing.
- Restriction (Art. 18): obtain restriction of processing in certain circumstances.
- Portability (Art. 20): receive your data in a structured, machine-readable format.
- Objection (Art. 21): object to processing based on legitimate interests.
- Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise your rights, write to [email protected]. We will respond within 30 days of receiving your request. If you are not satisfied with our response, you may lodge a complaint with your national data protection authority.
8. Minors
The service is intended for persons aged 16 or older. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at [email protected] and we will arrange deletion.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, disclosure or destruction, including:
- Password encryption (bcrypt hashing).
- Secure connections (HTTPS/TLS) for all data transfers.
- Role-based access control.
- Continuous infrastructure security monitoring.
- Regular data backups.
No system is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay in accordance with Art. 34 GDPR.
10. Cookies and Similar Technologies
The mobile app does not use cookies. The website join.uigooo.app uses only strictly necessary technical cookies required for the service to function, which do not require consent under applicable law.
11. Account Deletion
You may delete your account at any time from Profile → Delete account in the app. Deletion results in the removal of all your personal data in accordance with the retention terms set out in section 6. Content already published (past events, participations) will be anonymised.
12. Changes to This Policy
We may update this policy to reflect regulatory, technological or operational changes. In the event of material changes, we will inform you via an in-app notification or by email with at least 15 days' notice. The date of the last update is always shown at the top of the document.
13. Contact
For any questions relating to the processing of your personal data:
Email: [email protected]
Microfilla SRL – Via Aquila 6/a, 48015 Cervia (RA) – VAT no. 02650000397