Information on the processing of personal data pursuant to Articles 13 and 14 of EU Reg. No. 2016/679

The purpose of this information is to provide you with a clear and detailed explanation of how, when, and why we may collect to enable you to use “blockit” Application and its services. It has been designed to explain in a simple and transparent way our policy on the protection of personal data and to show you how to effectively exercise your rights. 

This Policy concerns, in particular, the processing carried out by the Application Developer in its capacity as Data Controller. Since in order to download, review or make purchases on the Application you will need to use services provided by a third party, Google Inc., you may have to provide your personal data to the latter. In this case, Google acts as an autonomous data controller. For the processing activities carried out by Google, please refer to Google’s Privacy Policy (https://policies.google.com/privacy?hl=it ).

We also inform you that this information may be subject to changes and variations over time, so we invite you to regularly consult this page to be updated on the processing of personal data carried out by The Developer.

1. Definitions

1. Application/App: the mobile application named “blockit: break phone addiction” (following, just “blockit”) downloadable through Play Store;

2. Developer: Francesco Sgnaolin, P.IVA 01777090331, as “blockit” application developer, with registered office in via Manfredi 58, Piacenza, 29121, Italy, email: francesco.sgnaolin+BLOCKIT@gmail.com;

3. Google: depending on the user’s location, Google Ireland Limited, based in Dublin 4, Ireland, Gordon House, Barrow Street, for users located in Swiss and in the European economic area, or Google LLC, based in California, USA, 1600 Amphitheatre Parkway, 94043, for users located in UK;

4. Play Store: Google Play Store, digital distribution service managed and developed by Google;

5. User: the natural person who downloaded and uses of the Application “Blockit”;

6. Personal data: any information relating to an identified or identifiable natural person (data subject);

7. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

8. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

9. Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

10. GDPR: General data protection Regulation (EU) 2016/679 of 27 April 2016.

2. When and what personal data are processed when I download and/or use the App?

a) Using the App

“blockit” has been developed to process as little information as possible and to ensure your anonymity.

Except as set out in point d) below, no personal data is collected by the Application and processed by the App Developer.

In particular, the App merely generates information about your usage (e.g. number of sessions and duration) which is then stored on the device itself, which the Developer has no access to.

In certain cases, it is possible to make use of certain functionalities (e.g. retrieval of sessions in the event of a change of device, purchase of tokens to stop blocking sessions) by logging in with a Google account. In this case, the information generated through the use of the Application may be transmitted to Google Firebase servers, subject to anonymisation and encryption. The information thus transmitted cannot be used by Google or the Developer to identify the User.

b) Download and payments

The App can be downloaded through Google Play and, in some cases, Google Authentication may be required in order to take advantage of certain additional services, such as the purchase of Tokens or the payment of a subscription to use the App without activating advertising cookies from our commercial partners. In order to do so, the User will have to provide personal data to Google (authentication credentials, billing information, location, etc.). 

The data collected in this way are shared by Google with the Developer in an anonymous and aggregate form, in a way that prevents the Developer from tracing the identity of the user. In this case, your data will be processed exclusively by Google as an autonomous data controller for the purposes it determines. For further information please refer to Google’s Privacy Policy available at the following address:  https://policies.google.com/privacy?hl=it. The Developer will receive directly through Google the sums paid by Users without having access to or any knowledge of the Users’ payment data, which will only be processed by Google.

c) Personal account

When the User creates a personal account on the Application, he/she will be able to view the sessions of use made, save his/her preferred settings, purchase Token and, in general, benefit from all the functionalities made available by the App. The data entered by the User in his/her account are not accessible to the Developer, as the App collects and stores them exclusively as encrypted data.

One of the functions made available to Users is the ability to delete their account at any time: each User can therefore delete their account and all the data they have entered into it, using the specific function of the App. Following this operation, all encrypted data linked to this account will also be deleted from the Application. 

d) Leave a review

On the Play Store, users who have downloaded the App have the option to leave their own review. In this case, Google will only collect the information necessary to enable the user to leave their review and to verify the user's identity and the download of the application they wish to review, in order to ensure the security and reliability of the service.

Some of the information provided to Google (review content and username) may be shared with the Developer, who may use this information to improve the functionality of the application or to process and provide feedback on the reviews received.

In this case, the Developer and Google will each act as independent data controllers under a separate agreement, which can be viewed at: https://business.safety.google/controllerterms/.

In particular, the Developer will only process your data in order to acknowledge the reviews received and to improve the functionality of the App on the basis of its own legitimate interest (art. 6.1., lett. f, GDPR).

With regard to the processing carried out by Google for the provision of the service, please consult Google’s Privacy Policy available at the following address:  https://policies.google.com/privacy?hl=it.

e) Cookie

What are they? The term cookie refers to a small text file that stores brief information about navigation on a specific internet App, which will be installed on your device when you access it. Each cookie contains various data (e.g., the name of the server from which it comes, a numeric identifier, etc.), can remain in the system for the duration of a session (until the browser is closed) or for long periods and may contain a unique identification code. 

When you visit the App again, they will be sent back to the App that generated them (first-party cookies) or to those provided by third parties who can recognize them (third-party cookies). 

The developer wants to reassure you about the safety of the cookies on its App: they do not harm your device in any way, but they allow you to navigate faster, offering a better experience. 

What are they used for? Cookies are used for different purposes depending on their type: some are strictly necessary for the proper functionality of an App (technical cookies), while others optimize performance to provide a better user experience or allow the gathering of statistics on the use of the App, such as analytics cookies, or enable the display of personalized advertising, such as profiling cookies. 

The App may use both cookies that do not require your consent for their installation (such as technical cookies) and cookies that require your prior consent to be used (such as profiling cookies). This information is reported in the banner displayed at the opening of the App and in the cookie settings panel always available on the App. 

As indicated in the banner that appears when you open the App and in the cookie settings panel that is always available, the App uses technologies - technical cookies - that guarantee the technical functionalities for the functioning of the App itself and that are automatically activated, as indicated in the Cookie Policy. On the other hand, and only with your express consent, cookies from our partners may also be activated for marketing and profiling purposes, to develop and improve our services and to provide personalised advertising and content. The full list of partners and cookies is available in the Cookie policy: you can always choose to accept, decline or revoke all or some of them by clicking on the “Settings” button in the cookie management panel. 

However, we would like to point out that our App is financed by the advertising that our partners do with cookies: therefore, in order to allow users to use the application for free, their activation is required; without this resource, we would ask you to pay a fee to use the App. You can always choose to accept cookies or to pay a small fee to use the App without advertising cookies, and you can change your mind at any time, even after you have made a choice.

In particular, the following can be activated on the App: 

a. Technical cookies (which do NOT require your consent): 

These are cookies necessary for the operation of the App and allow you to access its features (known as navigation cookies) or to authenticate into the session. 

There is also the use of functional cookies, which allow the storage of your preferences and settings, thus improving your browsing experience within the App. 

To ensure their functionality, these cookies are usually not deleted upon closing the browser; however, they have a predefined duration (generally up to a maximum of 2 years) and after this period, they deactivate automatically. These cookies and the data collected from them will not be used for any further purposes. 

The installation of technical cookies occurs automatically upon accessing the App or to activate certain features (e.g., selecting the "remember me" option). At any time, you can always decide to disable them by changing the settings of your browser; however, this may cause some problems with the display of the App. 

• Pursued purpose: to ensure the correct functioning and security of the App; 

• Legal basis for processing: the legitimate interest of The Developer in the correct functioning and security of navigation, regularly balanced with the rights of the data subject (art. 6, paragraph 1, letter f, GDPR). 

b. Analytical cookies (which do NOT require your consent if anonymized): 

These cookies track the choices made on the App and data related to users' online navigation (for example, pages viewed, time spent on a page, etc.), in order to perform statistical analyses, usually in an anonymous and aggregated form. If users can be tracked and identified through these analyses, these tools can only be used with the user’s express consent. However, when the following circumstances occur: 

• the IP address has been properly anonymized; 

• the information obtained with analytical cookies refers to a single computing resource (site, app, etc.) and is used only in an anonymous and aggregated form; 

• the cookie provider does not combine the information with other processing and does not transmit it to third parties, 

• the complete anonymization of the data collected is ensured, and even cookies in this category can be activated without the need for user consent, precisely because the data processed cannot be linked to any identifiable user. 

• Purpose of processing: to have statistics on user behaviour on the App, based on aggregated and anonymized data. 

• Legal basis for processing: depending on the case: 

• the legitimate interest of The Developer in optimizing the performance of the App and improving the services provided through the App, regularly balanced with the rights of the data subject (art. 6, paragraph 1, letter f, GDPR); 

- the user’s consent (art. 6, paragraph 1, letter a, GDPR), freely given and revocable at any time, through the cookie banner or by following the instructions provided below and, in the Cookie Policy, available on the App. 

c. Profiling and marketing cookies (which require your CONSENT): 

This App may also use profiling and third-party cookies, the installation of which is subject to your prior consent given through the banner or also managed at any time through the Cookie Policy available on the App. 

Profiling cookies can include different categories, including advertising profiling, retargeting, or social cookies.  

• Advertising profiling cookies: create a user profile that allows the display of advertising content in line with the preferences expressed during navigation on the App; 

• Retargeting cookies: are created to send you advertising content related to products you have purchased or viewed on the App and towards which you have shown interest; 

• Social cookies: this App provides for the installation of cookies related to social network plugins.

These cookies are managed directly by third parties and allow the display of advertising messages in line with your preferences. 

When you access the App, through a specific banner, you will be informed about the presence of profiling and retargeting cookies and, through it, you can consent or not to their installation, possibly selecting the individual cookies you want to install. 

At any time, you can still revoke the consent previously given, without affecting the possibility of visiting the App and enjoying the related content. 

The installation of profiling, retargeting, analytical, and social cookies, including any other activity connected to them, is managed through third-party services. For more information and to activate or deactivate these cookies, you can access the disclosures made directly by the third-party companies: the relevant list is available in our Cookie Policy. 

The user is informed both through the brief information (banner displayed until consent is given or denied and always modifiable by clicking on the appropriate icon present on all pages of the App) and through our Cookie Policy, which we invite you to read carefully for all other information on the cookies used on the App and for information on their disabling. 

• Purpose of processing: analyse the browsing behaviour of the user to present personalized advertising; 

• Legal basis for processing: the user's consent (art. 6, paragraph 1, letter a, GDPR), freely given and revocable at any time, through the cookie banner or following the directions provided below and in the Cookie Policy available on the App. 

3. For what additional purposes might you use my data?

Where the user has provided the personal data to the Developer for the purposes set out in paragraph 2.c), personal data may also be used for the purposes of: 

1. complying with legal obligations and requests from public or government authorities; 

2. managing any disputes or contentions and thus defending the rights of The Developer, both judicially and extra-judicially. 

In these cases, the legal bases for processing will be: 

• for point a), compliance with a legal obligation; 

for point b), the legitimate interest of the Data Controller in protecting its rights, provided they are adequately balanced, from time to time, with the rights of the data subject.

4. With whom will you share my data?

In accordance with the purposes indicated in the previous section, the staff and consultants of The Developer will be specifically trained and instructed to process your data, in order to provide you with the services, information, or support requested. Access to your personal data will always be expressly authorized by the Data Controller, who also identifies external parties to whom it turns for the provision of services and for activities within its competence, specifically designated as Data Processors pursuant to Article 28 of the GDPR. Furthermore, we remind you that the list of data processors is available from the Data Controller, from whom you may request it using the contact details indicated above. 

User data will not be transferred to third parties except in cases where the nature of the services rendered requires it (such as in the case of an application for a position with a partner company), or in cases where, by virtue of a legal obligation or in the presence of a legitimate interest, the Data Controller needs to communicate them to the competent jurisdictional or supervisory authorities.

5. How will you process my data?

Your personal data will also be processed with the help of electronic means for the time strictly necessary to achieve the purposes intended with the collection. 

The Developer will adopt the most appropriate technical and organizational measures to reduce the risks of loss, illicit or incorrect use of data, and to prevent any unauthorized access by third parties. Therefore, The Developer will ensure the security of your personal data, limiting the number of subjects who will be allowed access to the servers or databases and arranging appropriate protection systems aimed at limiting the risk of cyber-attacks. 

6. Where are the data processed?

As the download, token purchase and review services are provided through Google, your personal data may be transferred to non-EU territory.

In these cases, personal data may also be transferred to servers located in the United States: in these instances, compliance with the guaranteed measures provided for and required by the adequacy decision adopted by the European Commission on July 10, 2023, relating to personal data transferred from the EU to US companies and their adoption by the relevant provider will always be verified. All necessary precautions will be taken to ensure the best possible protection of personal data based on such transfer: a) on adequacy decisions of third countries expressed by the European Commission; b) on adequate guarantees expressed by the third-party recipient pursuant to Art. 46 of the Regulation; c) on the adoption of binding corporate rules, known as Corporate binding rules, and in particular, by preparing technical and computer security measures that protect personal data and the rights of the data subjects, as provided for by the GDPR and European legislation.

Regarding providers of cookies and cookie management services based in non-European countries, please refer to our Cookie Policy.

7. How long will you keep my data?

The Developer will process your personal data for the time reasonably necessary to achieve the purposes previously listed, available in the section "What data will you process?" or for the retention terms provided by each sector-specific regulation: for example, data relating to reviews published on the Play Store will be kept for as long as it is necessary to analyse the review and, in any case, until the review is deleted by the user and/or the provider of the relevant service. In some cases, the retention time may be extended: for example, if the data is needed to protect the Developer’s rights in and out of court, the data may be kept for up to 10 years after collection. 

In any case, at the end of the retention period, your personal data will be deleted or made irreversibly anonymous.

8. What are my rights and how can I protect my privacy?

In relation to your personal data and in accordance with the provisions of the GDPR, The Developer informs you that you have the right to request: 

• access to your data; 

• the modification and rectification of any errors in our database concerning your data; 

• the deletion of your data if held without legal grounds; 

• the restriction of processing of your data; 

• objection to the processing of your data; 

• the portability of your data. 

It is reminded that for all purposes where consent is required, the data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent performed by the Data Controller prior to the communication of the withdrawal. 

Further models and more information are also available here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 . 

_____

We now illustrate in detail how to exercise your rights:

YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM: 

Access  

You can request to: 

• Ask for confirmation whether your personal data is being processed; 

• Obtain a copy of your data; 

• Provide other information about your personal data that is not already included in this information notice. 

Rectification 

You can request the rectification of inaccurate or incomplete personal data. 

Before proceeding with the rectification, we will verify the accuracy of the data in our records. 

Deletion/ Right to be Forgotten 

You can request the deletion of your personal data, but only if: 

• Their retention is no longer necessary in relation to the purposes for which they were collected; 

• You have withdrawn your previously given consent (where processing is based on consent); 

• The processing has been carried out unlawfully; 

• It is necessary to comply with a legal obligation to which the Developer is subject (in relation to an order from an Authority). 

Restriction  

You can request to restrict your personal data, but only if: 

• Their accuracy has been contested; 

• They are no longer necessary for the purposes for which they were collected, but there is an ongoing legal dispute regarding their use; 

Following your request for restriction, the use of your personal data is however permitted when: 

• Your consent still exists; 

• It is necessary to establish, exercise, or defend legal claims; 

• To protect the rights of another natural or legal person involved in the processing. 

Portability 

You can request a copy of your personal data in a structured, commonly used, and machine-readable format. 

Objection 

You can object at any time to the processing of personal data concerning you when: 

• the legality of the processing is based on the legitimate interest of the data controller; 

• the personal data is processed for direct marketing purposes including profiling to the extent that it is related to such direct marketing. 

When you object: 

• to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes; 

in the case of the legitimate interest of the controller, processing may continue only if the controller demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. It is possible to exercise the right to object also through automated means using specific techniques, such as those made available on the App in the personal page and in emails (unsubscribe link).

The Developer guarantees that a response to any request regarding your rights will be provided within thirty days of its receipt.

_____

9. Reports?

If there are doubts or issues, interested parties can contact the Data Controller using the contact details provided above, reporting the problem encountered and requesting more information and any necessary clarification regarding the processing carried out by the Developer. The Developer commits to respond within no more than 30 days from the notification. 

Interested parties can file a complaint when the processing carried out by the Developer does not comply with the provisions of European Regulation No. 679/2016 and national legislation and falls within the cases of violation of their rights, as provided by such legislation. In Italy, the competent authority is the Italian Data Protection Authority, whose contact details are available at http://www.garanteprivacy.it/. 

Furthermore, if the conditions provided by Articles 78 and 79 of the GDPR exist, you have the right to lodge a complaint with the competent judicial authority. 

More information and the template to be used for the complaint are available here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 .

10. Data Controller’s contacts

The Developer, as data controller, may be contacted:

• via mail: Francesco Sgnaolin, via Manfredi 58, Piacenza, 29121;

• via e-mail: francesco.sgnaolin+BLOCKIT@gmail.com.

11. Any changes

The information we are providing now may change over time, as the processing activities, the data collected, or when there are legislative or regulatory changes, or due to technological advancements. Therefore, we recommend that you periodically consult this Privacy and Cookie Policy, always updated on this page.