PRIVACY POLICY

1. DATA CONTROLLER

The Data Controller is SPAZZI, with contact email spazzispazzispazzi@gmail.com. For any privacy-related questions, you can contact us at this address.

2. TYPES OF DATA COLLECTED

Voluntarily provided data: Name, email, profile information, photos, location descriptions, preferences and communications you send through the platform.

Location data: When you publish a location, you can choose whether to share the exact address or just the city/locality. The information you choose to share will be publicly visible on the platform. You are responsible for the accuracy of the information provided and for the consequences of its publication. SPAZZI is not responsible for the use that third parties may make of the location information you have chosen to make public.

Automatically collected data: IP address, browser type, device used, pages visited, time spent, cookies and geolocation data (if authorized).

Google data: When you log in through Google, we collect name, email and profile photo from your Google account, exclusively for authentication and profile management.

3. PURPOSES AND LEGAL BASIS FOR PROCESSING

Contract performance (Art. 6(1)(b) GDPR): SPAZZI is a public marketplace where profiles and locations must be visible to other users to enable the service to function. The publication of your profile data (name, username, photo, industry, profession, social links) and your locations (name, description, photos, address, availability, price) is necessary for the performance of the service contract you accept by registering on SPAZZI. This includes: account management, profile and location publication, facilitating contacts between users, search and booking features. By signing up for the platform, you agree that your data will be publicly visible as an essential part of the marketplace service.

Legitimate interest (Art. 6(1)(f) GDPR): Service improvement, anonymous statistical analysis, fraud prevention and platform security.

Consent (Art. 6(1)(a) GDPR): Marketing, newsletter, geolocation and non-essential cookies. Consent for marketing communications is optional and can be revoked at any time.

Legal obligations (Art. 6(1)(c) GDPR): Data retention for tax and regulatory obligations.

4. USE OF GOOGLE DATA

The use of Google data is limited to the practices disclosed in this Privacy Policy and compliant with Google's "Limited Use" requirements. Google data is used exclusively for:

• Secure authentication on the platform
• User profile creation and management
• Facilitating access to SPAZZI services

We do not share, sell or use Google data for purposes other than those stated. You can revoke access at any time from your Google account settings.

5. DATA SHARING

Other users: Profile information and published locations are visible to other platform users.

Platform administrators: The SPAZZI administrative team may access user data for content moderation, technical support, marketplace service management and creating locations on behalf of users (intermediary service). Administrators are bound by confidentiality obligations and use data exclusively for platform operational purposes.

Service providers: Supabase (database hosting), Vercel (web hosting), Mapbox (map services), Google (authentication), analytics and security services.

Competent authorities: Only if required by law or to protect the rights, property or safety of SPAZZI and its users.

6. DATA TRANSFER OUTSIDE THE EU

Some of our providers may transfer data outside the EU. All transfers occur with adequate protection guarantees through European Commission adequacy decisions or standard contractual clauses.

7. DATA RETENTION

Account data: Until account deletion or deletion request.

Communication data: 5 years for security and dispute prevention purposes.

Billing data: 10 years for tax obligations.

Security logs: 12 months for platform security.

8. COOKIES AND SIMILAR TECHNOLOGIES

We use essential cookies for platform operation and analytical cookies (with your consent) to improve user experience. You can manage cookie preferences through your browser settings or the banner on the site.

9. YOUR RIGHTS (GDPR)

You have the right to:

• Access: Obtain information about your processed data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request removal of your data
• Restriction: Limit processing in certain circumstances
• Portability: Receive your data in a structured format
• Objection: Object to processing for legitimate interest
• Withdraw consent: Withdraw consent at any time

To exercise these rights, contact us at spazzispazzispazzi@gmail.com. You also have the right to file a complaint with the Italian Data Protection Authority.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, destruction or disclosure. We use SSL/TLS encryption, authenticated database access and continuous security monitoring.

11. MINORS

SPAZZI is not intended for minors under 16. We do not knowingly collect personal data from minors. If you become aware that a minor has provided personal data, contact us immediately for removal.

12. CHANGES TO THE PRIVACY POLICY

This notice may be updated periodically. Substantial changes will be communicated via email or notification on the platform. We encourage you to regularly check this page to stay informed.

13. IN-APP PRIVACY NOTICES

Within the platform you will find specific privacy notices that inform you about how we use your Google data and other sensitive information. These notices are an integral part of this Privacy Policy.

14. CONTACTS AND DPO

For any privacy-related questions or to exercise your rights, contact our privacy team at: spazzispazzispazzi@gmail.com.

Italian supervisory authority: Garante per la Protezione dei Dati Personali - www.gpdp.it