(pursuant to Regulation (EU) 2016/679 and Legislative Decree 196/2003 amended by

Legislative Decree 101/2018)

With City Tale (hereinafter the ”Application”), exploring a city is a breeze. City Tale helps you

discover places to visit while you move around the city. Just open the App and start exploring”

1. Introduction to data processing

When you use our app or website, we collect and use your personal data to provide you with

our services.

2. Data controller and contacts

The data controller is the sole proprietorship City Tale di Garavelli Giorgio, VAT number

12583930016 and CF GRVGRG93P13L219F, with registered office in Corso Monte Cucco, n.73,

10141, Turin, Italy. If you have any questions or concerns about our privacy policy, or if you

wish to exercise your rights, do not hesitate to contact us at the email address [email protected]

or via PEC [email protected] .

3. Information about minors

This application is intended for use by individuals who are 14 years of age or older. We do not

knowingly collect personal information from users under the age of 14. In the event that we

become aware of any collection of personal information from anyone under the age of 14

without verifiable parental consent, we will promptly take appropriate steps to delete that

information from our servers. If you are a parent or legal guardian and you believe that your

child has provided us with personal information without your consent, please contact us to

ensure that such information is removed.

4. Type of data collected and processed

To use the services, features and functions of the Application, as a new user you will need to

application collects the following categories of information:

4.1. Information provided voluntarily by the user:

4.1.1. Name, email address, and similar contact information when you provide us

with feedback or register for an account.

4.1.2. Your user profile data, including your profile photo (if provided voluntarily).

4.1.3. Information about your trip, such as preferred destinations, dates, and trip

details.

4.2. Information automatically collected:

4.2.1. Aggregated data on the use of the App and navigation data to understand how

users interact with the App, identify problems or areas for improvement and

optimize its usability and functionality as well as to protect the APP from

fraudulent activity, abuse or security breaches.

4.2.2. Information about your use of the App, such as login data, usage statistics and

browsing data, if you have given the App permission to know this information.

4.2.3. User geographic location data if the user has granted permission to the App to

access location.

4.2.4. Device information, including device type, unique device ID, operating system,

and other technical information.

5. Purpose of processing and legal bases

We use the information collected for the following purposes:

5.1 Provision of services:The legal basis for processing information to provide the

App services, including allowing you to plan trips and search for activities, is

the performance of a contract. When you use the App, we are performing a

contract between you (the user) and us (the App provider) to provide the

services and features promised in that contract. The legal basis for processing

user location information is consent. Before we collect your geographic

location data, we will explicitly ask for your consent to do so. This consent will

be informed and voluntary, and you can withdraw it at any time. Location data

will only be collected if you give your explicit consent.

5.1.1 To help you plan trips and search for activities in the cities you're in.

5.1.2 To personalize your user experience and improve our services.

5.2 Communications and assistance:The legal basis for processing information for

communication and support purposes is legitimate interest. We have a

legitimate interest in responding to your questions and providing support

when requested, as well as communicating with you relevant updates about

the App and other information relevant to you. However, we always respect

your right to object to such marketing communications.

5.2.1 To answer your questions and provide assistance with technical or

other problems.

5.2.2 To send you App updates, newsletters and other marketing

communications if you have given your consent.

5.2.3 To send you relevant notifications and communications about places

you visit, including travel recommendations and other places to visit

in the city.

5.3 Analysis and improvement:The legal basis for processing information for

analysis and improvement purposes is legitimate interest. We believe that it

is in our legitimate interest to analyze the use of the App, monitor

performance and improve the quality of services in order to provide a better

experience to users. This processing occurs with the utmost respect for your

privacy and your rights.

5.3.1 To analyze the use of the App, monitor performance and improve the

quality of services.

5.3.2 To analyze the security aspects of the App

6. Treatment methods

The handling of personal data occurs through electronic procedures during the use of the

application. In particular, when you use the app, your personal data is transmitted securely

to Firebase and to Google's Firestore Cloud. This transfer is done through encrypted

connections to ensure maximum security of your data.

For more information about Firebase's data management and privacy practices, please see

their Privacy Policy at the following link:https://firebase.google.com/support/privacy.

Additionally, as a user, you have full control over the processing of your personal data. You

can change your preferences and permissions regarding data processing at any time by

accessing the dedicated section within your personal account page in the app. This allows you

to flexibly and securely manage the information you share with us and Firebase.

7. Period of retention of personal data

Personal data collected by the App are retained for the time necessary to pursue the purposes

indicated in this Privacy Policy.

In particular, the data collected for the use of the App are stored for a period of 12 months

from the date of collection or from the user's last access to the App.

The data collected for the creation of a user account are retained for a period of five years

from the date of creation of the account.

The data collected for sending newsletters or promotional communications are stored for a

period of 24 months from the date of registration or from the last sending of communications.

The data collected for the resolution of complaints or support requests are retained for a

period of five years from the date of resolution of the complaint or support request.

The data collected for the analysis of the use of the App are stored for a period of 24 months

from the date of collection.

Personal data collected by Firebase Authentication and Firestore Cloud are stored as follows:

 Firebase Authentication retains your personal data for as long as it is needed to

provide you with our services, which is 24 months from the date your account was

created.

 Firestore Cloud retains users' personal data for as long as necessary to provide its

services, or for 12 months from the date of collection or from the user's last access.

You may request the deletion of your personal data from Firebase Authentication and

Firestore Cloud by contacting the Data Controller at any time, without affecting any

processing that occurred prior to your request.

8. Recipients of personal data

The personal data collected by the App may be communicated to recipients, internal and

external to the Data Controller's organization, who may process the personal data as data

controllers or persons in charge of processing.

Recipients may be:

8.1. Web hosting providers who host the App or website.

8.2. Google Ireland Limited, registered office at Gordon House, Barrow Street, Dublin 4,

Ireland, which provides the Firebase Authentication and Firestore Cloud services.

8.3. Third Party Service Providers: We work with various companies and individuals to

perform functions and provide services through the APP, such as payment processing,

data analysis, providing customer support, and marketing.

8.4. Experience providers and travellers i.e. companies or entities that can be booked or

selected through the APP or website.

8.5. Third Party Social Media Sites: If you share information through our services on third

party social media websites, your information will be governed by the respective

privacy policies of those sites and your privacy settings on those sites.

8.6. Payment Platforms: For in-app transactions, we work with trusted payment platforms.

These payment service providers (Apple Pay and Google Pay) process financial

information such as credit card details, which are necessary to complete transactions.

They operate in compliance with the Payment Card Industry Data Security Standards

(PCI DSS).

8.7. Lawyers, consultants, debt collection companies, etc.

8.8. Relevant government, judicial, regulatory or law enforcement authorities, if required

by law, or to respond to legal process, such as in response to a search warrant, court

order or subpoena.

8.9. Personal data may also be transferred to third-party recipients located outside the

European Union, in countries that do not guarantee a level of protection of personal

data equivalent to that of the European Union. In these cases, the transfer of personal

data occurs in accordance with the provisions of the GDPR, and in particular on the

basis of an adequacy decision of the European Commission or other appropriate

guarantees, such as standard contractual clauses approved by the European

Commission.

9. Transfer of data to third countries

Personal data will not be transferred outside the European Union. However, if for technical

and/or operational reasons it becomes necessary to use entities located outside the European

Union, we hereby inform you that such entities will be appointed as Data Processors pursuant

to and for the purposes of art. 28 of the Regulation or Independent Data Controllers. The

transfer of personal data to such entities may take place limited to the performance of specific

processing activities related to the provision of services, and will be regulated in accordance

with the provisions of Title V of the GDPR.

10. Information Security and Data Integrity

We have adopted technical (end-to-end encryption) and organizational (registration via

username) measures suitable to protect personal data from accidental or illicit events that

cause their destruction, loss, alteration, and from unauthorized use, disclosure or access,

especially where the processing involves the transmission of data via a network and against

any other form of illicit processing and abuse.

11. Profiling

City Tale does not use automated processes aimed at profiling you.

12. Rights of interested parties

Want to have control over your data? No problem! It's very simple. Send us an email at

[email protected] and ask for what you need. Do you want to see what data we have about you?

Or do you want to delete or correct it if you think there is something wrong? Or maybe you

want to add something that is missing? You can also ask us to limit how we use your data in

certain situations (as provided for by art. 18 of the GDPR) or say "no thanks" if you think we

are using it in a way that is not okay with you.

Don't worry, we will get back to you within a month to let you know how we are proceeding

with your request. And guess what? You also have the right to move your data from one place

to another. If you are not happy with how we are handling your data, you always have the

option to raise your voice with the Data Protection Authority.

If your data is processed automatically (such as by contract or because you have given us

consent) and you want to move it elsewhere, you can have your data in a format that is easily

read by a machine and, if possible, we will send it directly to the new manager without a hitch.

And remember, if you have given consent for localization, you can always change your mind

and withdraw it.

13. Revisions or Updates to the Privacy Policy

City Tale reserves the right to modify or update this policy at any time. Changes will be

communicated to you through the app or via the email you provided to us during registration.

For questions about this Privacy Policy, please contact us at: [email protected]