Effective Date: June 16, 2025

1. INTRODUCTION

This Privacy Policy describes how Gatherella ApS ("Company," "we," "us," or "our") collects, uses, processes, and protects your personal information when you use the Foodielink mobile application ("App"). This policy applies to all users of our services.

By using the App, you consent to the collection and use of your personal information as outlined in this Privacy Policy. If you do not agree with the practices described herein, please do not use our App.

2. INFORMATION WE COLLECT

2.1. Personal Information You Provide

We collect the following personal information that you voluntarily provide to us:

• First name and last name
• Email address
• Phone number
• Avatar picture (optional)

This information is provided during account registration and may be updated or completed by you at any time within the App.

2.2. Device Information Collected Automatically

We automatically collect certain device and usage information when you register for or log into the App:

• Device push notification token
• Device model and name
• Locale settings (country and language preferences)
• Location information

2.3. Information Collected Through Third-Party Services

We use the following third-party services that may collect additional information:

• Google Analytics: Collects usage and analytics data only with your explicit consent
• Google Crashlytics: Collects crash reports and performance data to improve app stability
• Expo Notifications: Processes notification data only with your explicit consent to receive push notifications

3. HOW WE USE YOUR INFORMATION

We collect and process your personal information for the following purposes:

• Service Provision: To provide, maintain, and improve the App's core functionality
• Personalization: To deliver personalized content and enhance your user experience
• Communication: To send you important updates, notifications, and information about your gatherings
• Technical Support: To provide customer support and troubleshoot technical issues
• Analytics: To understand usage patterns and improve our services (only with your consent)
• Legal Compliance: To comply with applicable laws and regulations

4. LEGAL BASIS FOR PROCESSING

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services
• Consent: For optional features like analytics and push notifications
• Legitimate Interests: For service improvement and security purposes

5. THIRD-PARTY SERVICES

5.1. Google Analytics

• Purpose: Provides usage analytics and insights
• Data Collected: Usage patterns, device information, and interaction data
• User Control: Requires your explicit consent to activate
• Privacy Policy: Google Analytics Privacy Policy

5.2. Google Crashlytics

• Purpose: Crash reporting and app performance monitoring
• Data Collected: Crash logs, device information, and performance metrics
• Privacy Policy: Firebase Privacy Policy

5.3. Expo Notifications

• Purpose: Delivery of push notifications
• Data Collected: Device tokens and notification interaction data
• User Control: Requires your explicit consent to receive notifications
• Privacy Policy: Expo Privacy Policy

6. DATA SHARING AND DISCLOSURE

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

• Service Providers: We share necessary data with the third-party services mentioned above solely for their intended functionality
• Legal Requirements: When required by law, court order, or governmental request
• Safety and Security: To protect the rights, property, or safety of our users or others
• Business Transfers: In connection with any merger, acquisition, or sale of assets

7. DATA RETENTION

7.1. Account Data

We retain your personal information for as long as your account remains active or as needed to provide our services.

7.2. Account Deletion

Upon deletion of your account:

• Immediate Anonymization: All personal data is immediately anonymized in an irreversible manner
• Complete De-identification: It will not be possible to identify you or restore your data after deletion
• Historical Data: Your participation in gatherings organized by others will be anonymized (e.g., displayed as "Former User") to maintain the functionality for other users
• Legal Compliance: Some anonymized data may be retained to comply with legal obligations

7.3. Third-Party Data

Data processed by third-party services is subject to their respective retention policies as outlined in their privacy policies.

8. YOUR RIGHTS UNDER GDPR

As a data subject under GDPR, you have the following rights:

8.1. Right of Access

You may request information about the personal data we hold about you.

8.2. Right to Rectification

You may request correction of inaccurate or incomplete personal data.

8.3. Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data under certain circumstances.

8.4. Right to Restrict Processing

You may request limitation of processing of your personal data.

8.5. Right to Data Portability

You may request to receive your personal data in a structured, commonly used format.

8.6. Right to Object

You may object to processing of your personal data for certain purposes.

8.7. Right to Withdraw Consent

You may withdraw your consent for processing that is based on consent at any time.

To exercise these rights, please contact us using the information provided in Section 12.

9. DATA SECURITY

We implement comprehensive security measures to protect your personal information:

9.1. Data Encryption

• Personal data is encrypted both in transit and at rest using industry-standard encryption protocols
• All data transmission occurs over secure HTTPS connections
• Passwords are hashed and salted before storage

9.2. Server Security

• Data security is ensured through our trusted hosting provider's security infrastructure
• Access to personal data is restricted to authorized personnel only
• Regular security assessments and monitoring are conducted

9.3. Organizational Measures

• Employee training on data protection practices
• Confidentiality agreements for all personnel with data access
• Documented data protection policies and procedures

10. INTERNATIONAL DATA TRANSFERS

As we are based in Denmark and operate within the European Union, your personal data is primarily processed within the EU. When using third-party services (Google Analytics, Google Crashlytics, Expo Notifications), data may be transferred to countries outside the EU under appropriate safeguards in accordance with GDPR requirements.

11. CHILDREN'S PRIVACY

Our App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy within the App and updating the "Effective Date" at the top of this policy. Your continued use of the App after such modifications constitutes acceptance of the updated Privacy Policy.

13. CONTACT INFORMATION

14. GOVERNING LAW

This Privacy Policy is governed by the laws of Denmark and the European Union's General Data Protection Regulation (GDPR). Any disputes relating to this policy shall be subject to the jurisdiction of Danish courts.

Last Updated: June 16, 2025