PRIVACY POLICY

Gemmy APP

Welcome to the “Gemmy” mobile phone App of Ab.Acus S.r.l. (hereinafter “App”).

With this Privacy Policy Ab.Acus S.r.l. provides the user with all the information related to the processing of personal data that are collected automatically or that the user voluntarily gives, by accessing the App and using the services provided therein.

*** *** ***

  1. Data controller

The Data controller is Ab.Acus S.r.l. (Tax Code and ITA VAT 05266690964) with head office in Milano, Via Francesco Caracciolo n. 77 and e-mail privacy@ab-acus.com (hereafter “Company”).

  1. Categories of personal data processed

Personal data means any information that concerns the user and is related to him/her. The processing shall concern personal data collected automatically by the App and by the device on which it is installed, as well as those personal and particular data voluntarily provided by the user.

More specifically:

  • Account Information: When you sign up or log in, authentication is handled by Firebase Authentication through your credentials or your Google or Apple account. In this process, we receive your email address together with an authentication token. This information is used solely to establish your session, is not otherwise used by us, and is discarded at the end of the session.
  • Usage Data: information on how you interact with the App, collected via Google Analytics (e.g., screens visited, time spent, clicks).
  • Crash Reports & Diagnostics: technical information about errors, crashes, and device information collected through Firebase Crashlytics.

(hereinafter, collectively, “Data”).

  1. Purposes of processing of Data

Data shall be processed for the following purposes:

  • Authentication: to enable secure login and account management we use Firebase Authentication to allow you to create and access your account securely. You may sign in using email and password (handled by Firebase) or third-party accounts such as Google or Apple, through Firebase Authentication.
  • App Performance & Stability: to detect, diagnose, and resolve crashes and errors (Firebase Crashlytics).
  • Analytics & Improvement: to understand how the App is used and improve features (Google Analytics).
  1. Legal bases for the processing

For the purposes indicated in point 3) above, the processing of Data has a legal basis, under the GDPR, as follows:

  • Performance of a contract (Art. 6(1)(b)): for authentication and providing access to the App.
  • Legitimate interests (Art. 6(1)(f)): for ensuring app stability, detecting fraud, and analysing usage, provided these do not override your rights.
  • Consent (Art. 6(1)(a)): where required for analytics (i.e. Google Analytics).
  1. Methods of processing

With regard to the purposes indicated in point 3) above, the processing of Data shall take place mainly by electronic and automated means, in accordance with the provisions of the data protection law, adopting appropriate security measures.

Specifically:

  • Firebase Authentication: your login may be carried out using your Google account, your Apple ID, or an email address. In all cases, your credentials are encrypted in transit and securely processed by Firebase servers.
  • Firebase Crashlytics: crash logs and diagnostics are collected automatically in the background when the App encounters an error. Data may include device type, operating system, and limited log information.
  • Google Analytics: usage data is collected through anonymized identifiers (e.g., randomly generated IDs, cookies, or app instance IDs). IP addresses are also collected but are truncated and anonymized where possible to reduce identifiability.
  • Internal Processing: our authorized staff may access aggregated analytics or crash reports through secure dashboards for troubleshooting and improvement.
  1. Data’s communication and spread

Your data will not be disclosed to unauthorized third parties. For the purposes described in Section 3 above, we rely on third-party services provided by Google LLC and its affiliates, including Firebase, Google Analytics, and authentication services that allow sign-in with Google or Apple accounts through Firebase Authentication.

Data may also be shared with entities legally entitled to receive it under applicable laws or regulations, including, but not limited to, public authorities and judicial bodies.

The updated list of data processors shall be requested from the Company by sending an e-mail to the following address privacy@ab-acus.com.

  1. Data retention

The Company stores Data for the period of time strictly necessary to fulfil the purposes for which the said Data is collected. Specifically:

  • Authentication data are stored as long as your account exists.
  • Analytics data: retained for up to 14 months.
  • Crash logs: retained up to 90 days

Notwithstanding, however, the right to withdraw consent, the exercise of the rights set out in point 8) below, as well as the fulfilment of specific storage obligations provided for by law.

  1. Rights of data subject

With reference to your Data, you have the right to ask to the Company in the ways provided by the GDPR and without prejudice to the provisions and limitations as per the Italian Legislative Decree no. 196/2003 (Book I – Chapter I – Section III);

  • the access, in the cases provided for by law (article 15 GDPR);
  • the rectification and the integration of inaccurate and incomplete Data (article 16 GDPR);
  • the erasure of Data in the cases provided for by law (article 17 GDPR), for example when they are no longer necessary for the purposes indicated above or not treated in the respect of the GDPR;
  • the restriction of processing in the cases provided for by law (article 18 GDPR) as in case the exactness of the Data is contested and their accuracy has to be checked;
  • the portability, i.e., the right to receive, in the cases provided for by law (article 20 GDPR), the Data in a structured, commonly used and machine-readable format and to transmit the aforementioned Data to another data controller;
  • object to the processing, in the cases provided for by law (article 21 GDPR).

All the rights listed above shall be exercised by the user sending an e-mail to the Company at privacy@ab-acus.com or a registered letter to the Company’s address.

  1. Right to lodge a complaint with a Supervisory Authority

If the user thinks that the processing of the Data breaches the provisions of the GDPR, the user has the right to lodge a complaint with the Supervisory Authority according to the provisions set out in article 77 of the GDPR.

  1. Provision of Data

The provision of the Data is optional, but strictly necessary for the pursuit of the purposes set out in point 3) above. Therefore, failure to provide information may entail the objective impossibility for the Company to allow the user to access the App and use the services therein provided. Specifically:

  • Mandatory Data: certain personal data (e.g., login information) is required to provide essential functionalities of the App. Without it, you cannot create an account or log in.
  • Optional Data: analytics data is collected only with your consent (see Section 4). Refusing consent will not affect your use of the App but may limit our ability to improve it.
  • Crash Reports: collected automatically to maintain stability and security.
  1. Transfer of Data to a recipient in a third country

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where Google LLC and Apple Inc. are located. These providers may process your data on servers outside the EEA, particularly in the United States, to provide services such as Firebase, Google Analytics, and authentication via Google or Apple accounts. Data transfers outside the EEA are safeguarded through the providers’ participation in the EU–US Data Privacy Framework (where applicable) and, where required, by the use of Standard Contractual Clauses (SCCs) approved by the European Commission. For more information, please refer to

https://cloud.google.com/terms/data-processing-addendum for Google LLC

and https://www.apple.com/legal/privacy/ for Apple Inc.

Milano, 18th September 2025