Privacy Policy
This Privacy Policy (“Privacy Policy”) applies to the processing of personal data of users (“user” or “you”) of the Sleep mobile application (“app”) by Bending Spoons S.p.A. (“we” or “us”), in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”), the Italian Legislative Decree 196/2003 (as amended), and other applicable local laws, as amended or replaced (jointly, “Applicable Privacy Laws”).
If you are a California resident, please see Section 11 (Additional Information for California Consumers) below.
1. Data Controller’s contact details
The Data Controller is Bending Spoons S.p.A., based in Via Nino Bonnet 10, Milan, MI 20154 (Italy), VAT 08931860962. For any requests regarding the processing of your personal data, please email us at privacy@bendingspoons.com.
Our Data Protection Officer can be contacted by sending an email to dpo@bendingspoons.com for any requests relating to the processing of your personal data or this Privacy Policy.
2. Categories of the processed Personal Data, purposes and legal basis for the processing
We process the following categories of personal data, for the purposes and on the legal bases indicated below. Please note that not all of the below information may be deemed personal data in your jurisdiction in all cases.
Purpose | Legal basis |
|
|
The legal basis for the processing is the performance of a contractual relationship with the User (art. 6(1)(b) of the GDPR). |
|
|
The legal basis for the processing is our legitimate interest (art. 6(1)(f) of GDPR) to improve our products and services. As for the collection of personal data by means of analytics tracking technologies, please see Section 12 (In-app Tracking Technologies). |
|
|
The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to ensure the quality and the smooth functioning of the service. |
|
|
The legal basis for the processing is compliance with legal obligations to which we are subject (art. 6(1)(c) of the GDPR). Where the requirements provided by the applicable law (such as data protection laws) grant us some discretionary assessments in order to fully comply with it, we may rely on our legitimate interest (art. 6(1)(f) of the GDPR) to carry out processing activities for this purpose in order to demonstrate our compliance. |
|
|
The legal basis for the processing is the performance of our contractual relationship (art. 6(1)(b) of GDPR). |
|
|
The legal basis for the processing is our legitimate interest (art. 6(1)(f) of GDPR) to establish, exercise or defend our rights and to carry out corporate transactions or operations. |
|
|
The legal basis for the processing is our legitimate interest (art. 6(1)(f) of GDPR). The collection of personal data by means of profiling and third-party analytics tracking technologies is based on your consent (art. 122 of Italian Privacy Code). For more details, please see Section 12 (In-app Tracking Technologies). |
|
3. Data retention of User’s Personal Data
Personal data may be processed by both automated and non-automated means and may be stored at our premises and on our service providers’ servers. We adopt technical and organizational measures designed to prevent the loss, improper use and alteration of your personal data. In some cases, we may also adopt data encryption and pseudonymization measures. However, transmissions over the Internet are never 100% secure, and you should not provide any personal data if you want to avoid any risk.
Personal data processed for the purposes referred to in Section 2.a), 2.b), 2.e), 2.g) will be kept for a period not exceeding the one necessary for the said purposes and, in each case, for no more than three (3) years from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
Personal data processed for the purposes referred to in Section 2.c) will be kept for a period not exceeding the one necessary for the said purposes and, in each case, for no more than one (1) year from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
Personal data processed for the purposes referred to in Section 2.d), will be kept up to five (5) years from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
Personal data processed for the purposes referred to in 2.f) will be kept up to ten (10) years from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
At the end of these specified periods, unless any legal obligations require a longer data retention, the processed personal data will be either deleted or anonymized.
4. Your Choices with Regard to the Use of Your Personal Data
It is mandatory for you to provide your personal data for the purposes referred to in Sections 2.a), 2.d), and 2.e). If you do not provide the personal data, you will not be able to enjoy the app’s services and features.
Where we rely on your consent for the purposes referred to in Section 2.g), your provision of personal data is optional, and you have the right to withdraw your consent at any time. If you do not provide personal data, you will still be able to enjoy the app’s services and features.
Where we rely on our legitimate interest for the purposes referred to in Sections 2.b), 2.c), 2.f), and 2.g), you may, at any time, exercise your right to object to such processing as explained in Section 7 (Your Rights).
5. Sharing Your Personal Data
We may share or disclose your personal data to the following categories of recipients:
Vendors carrying out activities that are related or instrumental to our business and operational activities as outsourced data processors appointed in writing in accordance with Applicable Privacy Laws, or acting as autonomous data controllers (such as IT or storage service providers, mobile measurement partners, suppliers of mobile marketing services, and advertising networks and platforms).
If we carry out a corporate transaction or operation (for example, in case of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to any such transactions), your personal data may be disclosed to our advisers and any prospective purchaser's advisers, and may be one of the assets that is transferred to another owner.
Public, judicial or police authorities, within the limits established by applicable laws.
Personal data will not be disclosed for any reason other than those stated above, unless such disclosure is deemed necessary for the fulfillment of a legal obligation or if we request your consent.
6. Transfers of Personal Data Outside the European Economic Area
We may transfer personal data from the European Economic Area (“EEA”), the UK or Switzerland to other countries outside the EEA. Such data transfers are based on appropriate safeguards in accordance with Applicable Privacy Laws, including (a) the standard contractual clauses developed by the European Commission (SCCs); (b) Swiss-U.S. Privacy Shield, and the decisions of adequacy of the European Commission; or (c) binding corporate rules. When we rely on SCCs we also make sure that supplementary organizational and technical measures are in place to ensure an adequate level of protection to the personal data transferred, by carrying out also the relevant Transfer Impact Assessments on the processing activities and service providers located outside the EEA.
More information on the appropriate safeguards in place for extra-EEA transfer are available for consultation by sending an email to privacy@bendingspoons.com.
7. Your Rights
At any time and free of charge, you can exercise the following rights, as specified and subject to certain limitations and exceptions under Applicable Privacy Laws:
Right of access. You have the right to obtain information about the processing of your personal data and to access it.
Right to rectification. You have the right to ask for the updating, rectification or integration of your personal data.
Right to erasure. You have the right to request the deletion of your personal data.
Right to restriction of processing. You have the right to request the restriction of the processing of your personal data.
Right to data portability. You have the right to obtain a portable electronic copy of your personal data.
Right to object. Where we rely on our legitimate interest to process your personal data, you have the right to object to such processing, wholly or partly, on grounds related to your particular situation. In particular, you are entitled to object to the processing of your personal data for direct marketing purposes, including profiling.
Right to withdraw your consent. Where we rely on your consent to process your personal data, you have the right to withdraw your consent, although the processing carried out before your withdrawal of consent will remain valid.
You also have the right to lodge a complaint before the competent national Data Protection Authority, in particular before the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
To exercise your rights, you may contact us by sending an email to privacy@bendingspoons.com. You may also delete or download a copy of your personal data by using the tool available here. We may take reasonable steps to verify your identity prior to responding to your request.
8. Children’s Personal Data
The app is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have received personal data from children under the age of 16, please email us at privacy@bendingspoons.com. If we learn that a user is under the age of 16, we will take reasonable steps to delete any processed data and close such user’s account.
9. Third-party Websites and Services
The app may include links to other websites or services operated by third parties. The activities described in this Privacy Policy do not apply to data processed by such third-party websites and services. We have no control over, and we are not responsible for, the actions and privacy policies of third parties and other websites and services.
10. Changes to this Privacy Policy
We may modify, integrate or update, in whole or in part, this Privacy Policy, and we will notify users of any substantial modification, integration or update in accordance with Applicable Privacy Laws. If we make modifications, we will notify you by revising the date at the bottom of this Privacy Policy and, under certain circumstances, we may also notify you by additional means such as pop-up or push notifications within the app or our website, or email.
11. Additional Information for California Consumers
This section provides additional disclosures required by the California Consumer Privacy Act (“CCPA”).
a) Additional Information Related to Collection, Use, and Disclosure of Personal Information
We collect personal information from several sources: directly from you (for example, when you make purchases within the app or participate in a survey); automatically when you use the app (for example, device information); from other sources (for example, mobile measurement partners). We also generate inferences about you based on your use of the app and other information we collect.
In the preceding 12 months, we have collected the following categories of personal information: identifiers; internet or other electronic network activity information; characteristics of protected classifications under California or U.S. federal law (such as age and gender); commercial information (such as purchases you make in the app); approximate geolocation information (such as country); inferences; and other information that relates to or is reasonably capable of being associated with you. For details about the personal information we collect, please see Section 2 (Categories of Personal Data that We Collect, Purposes and Legal Bases for Our Processing) above. We collect personal information for the business and commercial purposes listed in the chart in Section 2 above.
We may share your personal information with the categories of third parties as described in Section 5 above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes: identifiers, internet and electronic network activity information, characteristics of protected classifications under California or U.S. federal law; commercial information; approximate geolocation information; and other information that we have inferred about you or that relates to or is reasonably capable of being associated with you.
We do not sell your personal information. We do allow our advertising partners to collect certain device identifiers and electronic network activity via our app to show ads that are based on your interests. If you prefer to limit this activity, your device may include a feature (such as “Limit Ad Tracking” on iOS, or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through mobile apps used for interest-based advertising purposes.
b) Rights of California Consumers
Subject to certain limitations, the CCPA provides California consumers the right to:
Request more details about the categories and specific pieces of personal information that we process.
Request the deletion of their personal information.
Opt out of “sales” of personal information that may be occurring.
Not to be discriminated against for exercising these rights.
To exercise these rights, California consumers may contact us by sending an email to privacy@bendingspoons.com. You may also delete or download a copy of your personal information by using the tool available here. We will verify your request by asking you to provide information that matches information we have on file about you. Consumers can also designate an authorized agent to exercise these rights on their behalf, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.
12. In-app Tracking Technologies
When we refer to “tracking technology/technologies” in this Policy, we mean any technology that stores or accesses information on the user’s device, including SDKs, tracking pixel, HTML5 local storage, local shared object, and fingerprinting technique.
Tracking technologies are usually classified by purpose (Technical, Analytics, Profiling) or by publisher (First-party, Third-party).
This classification is important because different legal requirements apply based on how the tracking technologies are classified.
Below you will find the types of tracking technologies as classified with some practical examples.
By purpose
Technical tracking technologies
Technical tracking technologies are used for the purpose of transmitting messages over an electronic communication network or to provide a service specifically requested by the user.
Thus, technical tracking technologies are essential for the correct functioning of the app and to provide the service offered to and requested by the user.
For example, technical tracking technologies can be used to monitor sessions, store specific server access information related to the user configuration, facilitate the use of online content, or keep track of items in a shopping cart or information used to fill in a form.
Technical tracking technologies do not need your consent.
Analytics tracking technologies
Analytics tracking technologies may be used to assess the effectiveness of an information society service provided by a publisher, evaluate and improve the design of an app, or help measure its traffic.
In other words, analytics tracking technologies may be used to track the traffic and performance of an app, by collecting aggregate data on the number of users and how they interact with the app to improve its services.
For example, analytics tracking technologies may collect information about how users access an app, including the number of users, possibly grouped by geographical area, time slot, how long users stay on the app, what parts of the app they interact with, or the number of users who used a particular feature.
Analytics tracking technologies need your explicit consent. However, analytics tracking technologies are equated to technical trackers and, thus, do not need your consent if:
they are only used to produce aggregated statistics that are performed by way of the controller’s own resources and do not turn into activities that go beyond statistical counting and enable business-related decision-making; or
the third parties do not match the analytics trackers' data with any other information and do not forward such data to other third parties.
Profiling tracking technologies
Profiling tracking technologies may be used to evaluate certain personal aspects relating to users and trace specific actions or recurring behavioral patterns in the use of the offered functionalities back to specific, identified or identifiable individuals for the purpose of grouping them within homogeneous, multi-sized clusters. This is aimed to enable the company to analyze and predict personal aspects concerning the users, provide them with increasingly customized services beyond what is strictly necessary for the delivery of the service, and also send targeted advertising messages in line with the preferences expressed by the user during their in-app activities.
In other words, profiling tracking technologies may be used to convey behavioral advertising, measure the effectiveness of ads, or to customize the services offered in line with the user’s monitored behavior.
For example, profiling tracking technologies can be used to create user profiles and offer content in line with the user’s interests, send targeted ads or messages, conduct statistical analysis or other research activities to improve our products and services and measure the effectiveness of our campaigns.
Profiling tracking technologies need your explicit consent.
By publisher
First-party tracking technologies
First-party tracking technologies are installed and managed directly by the owner of the app which will process the collected data for its own purposes.
Third-party tracking technologies
Third-party tracking technologies are installed and managed by different apps or developers either for our purposes or for the third party’s own purposes.
The data collected by these third parties is governed by their own specific privacy policies and terms and conditions over which we have no control. Thus, for further information about this data processing activities, please refer to the privacy policy of such third parties as indicated in the following section ("Types of tracking technologies used by the app”).
Third-party non-anonymized analytics and/or profiling trackers need your consent. You can manage this consent at any time by accessing the “Privacy Settings” within the app.
Types of tracking technologies used in the app
This app installs the following types of tracking technologies:
Name | Purpose | Retention period | Publisher (i.e., first-party or third-party) | Description | Third-party Privacy Policy (where applicable) |
Sleep SDK (technical) | Technical | 3 years. See Section 3 (Data storage and protection) for more details. | First-party | Our internal software development kit (SDK). It is essential for the app to function correctly. | N/A |
Sleep SDK (statistical analytics) | Technical | 3 years | First-party | Our internal software development kit (SDK). It allows us to produce aggregated statistics. | N/A |
Firebase Crashlytics | Technical | 3 years. See Section 3 (Data storage and protection) for more details. | Third-party | Firebase is a tool provided by Google which is essential for the app to correctly interact with the backend and provide the user with the key features. | https://policies.google.com/privacy |
Firebase Dynamic Links | Technical | 3 years. See Section 3 (Data storage and protection) for more details. | Third-party | Firebase is a tool provided by Google which is essential for the app to correctly interact with the backend and provide the user with the key features. | https://policies.google.com/privacy |
FirebaseAuth | Technical | 3 years. See Section 3 (Data storage and protection) for more details. | Third-party | Firebase is a tool provided by Google which is essential for the app to correctly interact with the backend and provide the user with the key features. | https://policies.google.com/privacy |
Firebase | Analytics | 3 years | Third-party | Firebase is a tool provided by Google which is essential for the app to work properly. When analytics features are enabled, it can help us to improve app’s traffic and performance. | https://policies.google.com/privacy |
Sleep SDK (profiling) | Profiling | 3 years | First-party | Our internal profiling software development kit (SDK). It allows us to provide customized services. | N/A |
Adjust | Profiling | 3 years | Third-party | Adjust is a mobile attribution tool. It helps us to measure the effectiveness of our ads. | https://www.adjust.com/terms/privacy-policy/ |
Tracking technologies settings
You can activate or disable (in whole or in part) profiling and third-party analytics tracking technologies at any time through the “Privacy Settings” within the app.
In case of withdrawal of consent, your data will no longer be collected through those trackers but we will continue processing the data collected before the withdrawal.
You cannot deactivate first-party analytics tracking technologies since they are equated to technical trackers and, thus, are not based on your consent. However, you can opt out of the further processing of your data collected by means of such trackers by sending an email to privacy@bendingspoons.com.
With regards to your rights under applicable Data Protection Laws, please refer to Section 7 (Your Rights) above.
Last updated: August 14, 2023
Can't find what you’re looking for?
Contact us.