* July 2021 Version

From 3warnings we want the user to use our app with total security and confidence. Therefore, we have implemented this privacy policy that complies with the security measures required by Law 3/2018 of December 5, Protection of Personal Data and guarantee of digital rights, and the European Regulation on Data Protection 679/2016 of April 27, on the protection of individuals with regard to the processing of personal data and the free movement of such data, all with the aim of ensuring their privacy and be transparent with the use of their data.

As already stated in the Legal Notice, the person behind this app is:

Daniel Muñoz Gil
DNI: 52332108R
Address: Calle Concejo de Degaña 2, 1C, 33204 Gijón (España)

You can contact us, in relation to this privacy policy, at the email address above or at our physical address.

WAY TO COLLECT DATA FROM OUR USERS

Data collection channels

By installing the App

  • Your Google account email address: You provide it to us when you install the app. This way we know where to send the messages sent to you by your contacts. This data is indispensable, and without it, the app can not function. It is also used to verify your identity every time you send a message or file to a contact or group, to avoid phishing.
  • Your phone number: You provide it to us when you run the app, when a form asking for it appears and you fill it in. We then check that the phone number provided is correct, sending you an SMS with a verification code that you have to enter in the app. We collect the phone number of our users to contact them easily (see next point). This information is essential, as without it, the app would not be able to display contacts for whom you only have the phone number.
  • Your user profile data (name and image): You provide them to us when you create or edit your user profile in the app. They are used so that you can customize the way your contacts will see you in the app, and can recognize you. These data are indispensable, because without them, your contacts would only see your email or phone number, and it would be more difficult for them to recognize you.

  • The above data (email, name, image and emoticon) make up your ‘user profile’, and is used for users to identify each other in the app, and to contact each other. You can search for your contacts in the app by entering their email or phone number. If the email or phone number matches one of our users, a new contact will be created in your contact list, with the ‘user profile’ found. This way, you will be able to contact that person. In turn, your ‘user profile’ is shared with those users who search for you in the app, to add you to their contact lists. In no case is the phone number provided. Although you can search for users by their email and phone number, the phone number is not provided in the results.
  • Your contacts list (phone numbers and emails of your contacts from your cell phone address book): This list is uploaded securely and regularly to our servers, to check which of your contacts are also users of our app, and display them in your contact list in the app. We do not retain this data. Once the check is done on our servers, the data is deleted. These data are indispensable, and without them, the app would not be able to show you contacts to send messages to.

  • Your votes to Non Profit Organizations (NPOs). You can vote for your favorite NPOs for them to receive our donations. We keep your votes on our servers to count them and show how many votes each NPO gets. But your votes are secret, we do not publish our users’s votes, we just add all our users’s votes and show the total results. The votes to NPOs are optional, they are not essential for the operation of the app, and you don’t need to vote any NPO to use it.
  • Your messages. We don’t keep your messages. Your messages are encrypted on your device and delivered encrypted to Google’s Firebase Cloud Messaging, a service that delivers your messages to your recipients. Once your messages (including your chats, photos, videos, voicemails, documents and location information) are delivered, they are deleted from our servers. Your messages are stored on your own device. If a message cannot be delivered immediately (for example, if you are offline), GCM may store it on their servers for up to 30 days while they attempt to deliver it. If a message has not been delivered after 30 days, they delete it. We also offer end-to-end encryption automatically. End-to-end encryption means that your messages are encrypted to safeguard them so that neither we nor third parties can read them.

  • Your files. The files you send to your contacts (images, audios, videos…) are uploaded by the app to our backend, a signed URL link is obtained, and sent to your recipients. We do not encrypt your files, but only users who have the signed URL have access to these files, and only temporarily.
  • Your groups. You can create groups, assign them a name and image, and invite your contacts to join them. You can also accept group invitations from other people. We store on our servers the group names, their group profile pictures, and the members who have agreed to join them. This is necessary for us to send your group messages to all group members, and to keep this information up to date for your members.
  • Your advertising preferences: The app displays advertising to generate income. We store on your device the ad categories you click on. More in line with your interests, this information is only stored on your device, and is not shared with anyone, not even 3warnings. * These data are not yet processed, until 3warnings appoints a Data Protection Delegate. But it will be treated in the future, and you accept it by using the app.

  • Your geolocation: The app offers you the ability to share your location with your contacts. This information is only stored on your device, and is only shared with the recipients you choose. It is not shared with anyone else, not even 3warnings.
  • Your city: The app gets the city in which you use it, to show you ads available in your geographic area. It only uses your approximate location, about 30 square kilometers, and gets it only once a day. This information is only stored on your device, and is not shared with anyone. It is obtained through the web services that the app uses for its normal operation, from the IP of your device. This method is inaccurate, and it is possible to get the wrong city.
  • Your subscriptions to NPOs and Advertisers channels: The app allows you to subscribe to NPOs and Advertiser channels in order to receive their messages and files. You can unsubscribe at any time. This information is stored in our backend to obtain the number of subscribers per channel. This information is not provided to NPOs or Advertisers. They are informed of the number of subscribers they have, but nothing else.

Through our corporate emails

Through our e-mail addresses you can write us and/or request the information you consider necessary to clarify the doubts related to our services or about the operation of our app or data protection policy.

Information 3warnings does not collect from its users

3warnings does not collect names, addresses or other information from its users’ contact lists. It only collects the user’s contact email and phone numbers, to check if they are app users, so that they appear in your app contact list, so that you can contact them through 3warnings.

The contents of messages that have been delivered by 3warnings are not copied, maintained or archived in the normal course of business. The 3warnings service is intended to be a replacement for SMS, using a user’s data service.

Users write their messages, which are encrypted on their devices and sent already encrypted through the data service to our servers, and are routed to their recipient (who must also be a 3warnings user), through the Firebase Cloud Messaging service. 3warnings does not store these encrypted messages in any way, but they can be stored by Google for proper delivery to their recipients. If a message cannot be delivered immediately (for example, if the user is offline), Firebase Cloud Messaging can store it on its servers for up to 30 days while it is being delivered, after which it will be deleted.

However, 3warnings may retain the date and time of the information associated with successfully delivered messages and the e-mail accounts involved in the messages, as well as any other information that 3warnings is legally obliged to collect.

Information collected automatically

When a file is received, the app checks whether your device is connected to a Wifi network or not, to download the file directly or to display a download button. This is done so that, as a user, you can choose whether to consume part of your mobile data rate to download the file, or wait until later when you are connected to a Wifi network. We do not collect this information on our servers.

WHAT IS THE OBJECTIVE AND/OR PURPOSE OF THE DATA COLLECTION?

The purpose of the data collection in all the sections mentioned in the previous point is to make the application operational, so that the data you provide us with will be used for its effective functioning.

Under no circumstances will you receive information from third parties without having informed you and requested your express consent beforehand, thus ensuring compliance with the parameters of European regulations.

From 3warnings we inform you that we do carry out international transfers of data to third countries, from Spain, established outside the European Economic Area. In this case, we use the services of the company Google, which applies security measures comparable to European standards by adhering to the Privacy Shield, the framework privacy shield of the United States, considered by the European Commission as an appropriate level for conducting international transfers of personal data.

USE OF PERSONAL DATA AND COMMERCIAL PURPOSES

3warnings informs its Users that the personal data they provide will be processed for the purposes set forth in the previous section and will be, in detail, the following:

  1. To attend and solve the requests or doubts required from the users
  2. Enable the App’s instant chat features (send and receive messages, documents, images, locations, create groups…); The files sent by users to their contacts are uploaded by the app to the backend, a temporary signed download url is obtained and sent to its recipients. Only users who have this signed url have access to these files.

With respect to group creation functionality, users can create groups, assign names and images to them, and invite their contacts to join them, as well as accept group invitations from other people. From 3warnings we store in our servers the group names, their images and the members that have accepted to be part of one, which is necessary to send the messages of the group users to the rest of the members and to keep this information updated for its members.

  1. Verify the identity of app users via their Google Account each time you send a message or file to another user or group, avoiding phishing scenarios
  2. Know which contacts from the user’s address book are also App users, by accessing the registered user’s address book through 3warnings. These data are essential to know which contacts in the user’s address book can send messages and are not kept by 3warnings after the relevant checks have been made
  3. Block users to prevent their messages from arriving. This lock is stored locally on the users’ device, not on 3warnings’ servers. The application does not inform which users have been blocked by another user.
  4. Count users’ votes to NGOs, when they are made, which are stored in 3warnings’ servers, so that we can calculate the donations that correspond to each NGO based on the votes obtained by each one. The votes are secret, we do not publish which NGO each user has voted for
  5. Know which ads to show the User, based on their approximate geographic location. 3warnings uses an approximate location of 30 square kilometers and obtains it certain times a day. Geolocation information is only stored on the User’s device, and is not shared with 3warnings or third parties.
  6. Informing about news we may contain in the App
  7. Send information considered to be of interest to the User
  8. Notification of promotional agreements that 3warnings has signed with companies, NGOs and/or professional collaborators to offer users of the app, certain features different or additional to those who have hired or accepted
  9. Knowing the User’s advertising preferences. 3warnings stores in the users’ device the categories of ads in which they click, in order to show ads that are according to their interests. This information is only stored in the user’s device and is not shared with anyone, not even with 3warnings. * This data is not yet stored nor processed, until 3warnings appoints a Data Protection Officer. But it will be processed in the future, and you agree to it by using the app.
  10. Allow the User to subscribe to NGO and advertiser channels. The application allows users to subscribe to these channels in order to receive their messages and files, providing the option to unsubscribe at any time, when the User wishes to do so. This information is stored in 3warnings’ back-end, so that you can obtain the number of subscribers per channel and is not provided to NGOs or advertisers; they are simply informed of the number of subscribers they have.
  11. Send commercial communications, carry out promotional actions or inform you about your data in the following: (i) your data will not be used for any purpose other than to carry out the processing for which you expressly consented at the time or for the purposes set out in this policy by us; (ii) all this information is stored on an independent secure server.

We inform you that 3warnings also uses your data, in an anonymous way, for statistical purposes; we publish daily on our website the number of registered users, messages and files sent, the total votes of our users obtained by each NGO, among others.

We warn you that the information you provide through the App may reveal or allow others to deduce your nationality, ethnicity, sex, age or other aspects of your private life. Thus, by providing this information on a completely voluntary basis through any means of our app, the User is expressly and voluntarily accepting this Privacy and Personal Data Protection Policy.

SHARING INFORMATION WITH THIRD PARTIES

Third parties with whom we may share information for the provision of the service

3warnings will not provide users’ data to third parties, except for those service providers that are necessary to ensure the proper functioning and maintenance of the project, such as Google, committed to complying with security standards established by 3warnings and the laws and regulations on personal data protection, and with which the relevant contract has been signed. You can consult the privacy terms and conditions that 3warnings has signed with Google, as well as the clauses applicable to international transfers. You are also provided with the necessary information regarding the processing of your personal data by Paypal and TransferWise.

Information sharing in cases of merger and/or acquisition

If 3warnings was acquired or merged by or with a third entity, it reserves the right to transfer the personal information of its users as part of the process of acquisition, merger or similar, always respecting the provisions contained in the applicable personal data protection legislation, ie, provided that the processing of personal data of users is necessary for the proper functioning of the operation and can ensure, where appropriate, the continuity of the provision of normal services.

In compliance with the requirements of the Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights, and the European Data Protection Regulation 679/2016 and in accordance with our internal policies, each time you send us personal data you must give your express consent by clicking on the box at the bottom of each form where your data is collected, or when you write to our contact email or any other email enabled for specific functions of the app, you are expressly accepting that we may collect your data for the purpose or request you have indicated. With such action(s), you are freely and unequivocally expressing your agreement to 3warnings processing your data according to the purposes mentioned in the previous paragraphs.

The user guarantees that the personal data provided to 3warnings is true and is responsible for notifying the user of any changes.

The user’s acceptance that their data is processed for the purposes referred to in this policy is always revocable, without retroactive effect, in accordance with the provisions of existing legislation, and therefore has the right to withdraw their consent at any time, without affecting the legality of the treatment based on their prior consent, by the means provided in the section on data protection rights in this legal text.

We inform you that, if you act on behalf of a legal entity or as an independent professional, you will authorize us to send you information associated with the services contracted, on the one hand, or commercial information, at the appropriate times through the acceptance of this privacy policy. Thus, when you request any information related to 3warnings through the channels established through the app, your information may also be treated for commercial purposes and the sending of electronic communications when you have authorized us through the options enabled.

Similarly, the user’s acceptance that their data will be processed for the purposes referred to in this policy is always revocable, without retroactive effect, in accordance with the provisions of existing legislation, and therefore has the right to withdraw their consent at any time, without affecting the legality of treatment based on their prior consent, by the means provided in the section on data protection rights in this legal text.

ABOUT YOUR RIGHTS OF ACCESS, RECTIFICATION, DELETION, OPPOSITION, PORTABILITY, FORGETFULNESS AND LIMITATION OF PROCESSING

The Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights and the European Regulation on Data Protection 679/2016 have implemented a series of legal guarantees that allow users to exercise rights and actions related to the processing of their data.

3warnings offers you this legal guarantee, so that at any time and / or when it deems appropriate, you can make use of your rights of access, rectification, deletion, opposition, portability, forgetfulness and limitation of treatment through the forms provided on the website. This is the form recommended by 3warnings, as it is the fastest and easiest. It does not require our intervention, and the effects are immediate.

Individuals can exercise their rights in the following link: https://3warnings.com/legal/proteccion-de-datos-personales.html

Alternatively, you may also exercise your rights by writing to the contact email address we have provided at the beginning of the document, attaching a copy of your passport or any other national identity document legally valid in the user’s (data subject’s) country of origin, and indicating in the subject line the request you wish to make: access, rectification, deletion, opposition, portability, forgetfulness or limitation of processing.

If you want to make the request to exercise the right by email, apart from attaching the required in the previous paragraph, you must make it using the same email address that is in your profile as a registered user on the website, so that 3warnings can be aware of your real identity. 3warnings will not respond to requests to exercise rights that are made using an email address that is not associated with a registered user that actually corresponds to the person who wishes to exercise those rights.

It is important that as a user you bear in mind that the information you have shared with users by any means may continue to be visible and that 3warnings disclaims any responsibility for the deletion of this information.

Similarly, 3warnings does not control the system for renewing the search mechanisms of third parties, which may contain certain public profile information that has already been canceled but is still on the Internet by the re-broadcasting of the same, in which case, we recommend that you contact those responsible for these platforms to request their cancellation or the exercise of a right to forget.

We briefly explain what each of the rights you can exercise consists of:

.
Access Through the exercise of this right you can know which of your personal data are being processed by the project; their purpose, origin or possible transfer to third parties
Rectification It consists of being able to modify your personal data that are inaccurate or incomplete, having to specify in the request what data you want to be modified
Suppression Allows the cancellation of your personal data as inadequate or excessive
Opposition You have the right to object to the processing of your data in cases such as: advertising and commercial prospecting activities or when the purpose of such processing is to obtain a decision concerning you based solely on the automated processing of your personal data
Portability You may receive your personal data provided in a structured, commonly used and machine-readable format and be able to transmit them to another manager, if technically possible
Forgotten You may request the deletion of your personal data without delay when any of the cases mentioned above occurs. For example, illicit data processing, or when the purpose that motivated the processing or collection has disappeared
Limitation in treatment In general, in cases where it is not clear whether personal data should be deleted, you can exercise your right to limit the processing. This right exists in the following cases: (i) where the accuracy of the data concerned is in doubt; (ii) where you as a User do not want the data to be deleted; (iii) where the data are no longer necessary for the original purpose, but cannot be deleted on legal grounds; (iv) where the decision to object to the processing is pending.
The limitation means that your personal data may (except for storage) only be processed with your consent for the purpose of formulating, exercising or defending claims, with a view to protecting the rights of another natural or legal person or for reasons of public interest of the EU or of a given EU Member State. As a User you must be informed before such limitation is lifted

Likewise, as a User, you have the right to file a complaint with the competent Control Authority if you consider that the processing of personal data concerning you is in breach of data protection legislation and regulations; all this without prejudice to any other administrative appeal or legal action.

You are also informed that the processing of your data will be aimed at taking automated decisions based on your behaviour, in order to assess your advertising preferences. In other words, 3warnings will store the ads you have clicked on on your Android device so that it can display similar ads more frequently; this is a method based on the number of clicks you make on the ads that appear in the app. Automated decision making is an indispensable requirement for the operation of the 3warnings project, so you understand and accept that this situation occurs when you give your prior, express and informed consent when you register in the app. If you do not agree that 3warnings operates in this way, you can uninstall the application and not use it. * This data is not yet stored or processed, until 3warnings appoints a Data Protection Officer. But it will be processed in the future, and you agree to this by using the app.

The above does not imply that 3warnings performs profiling, that is, that your personal aspects are evaluated to make predictions about you, since the personal information you provide, as a user, when registering in the app, does not allow profiling about you.

AGE OF MAJORITY

To be a user of our app, it is mandatory to be of legal age, so in any case, it will be necessary that the user has the legal age of majority required in the country of which he is a national.

SECURITY MEASURES IN DATA COLLECTION

To guarantee the security in our App, we have integrated a security system that allows us to maintain the confidentiality and integrity of our Users’ data that has been sent or collected through the means mentioned in the first point. Therefore, all messages are encrypted by default.

The messages written by the Users are automatically encrypted using AES of 128 bits, an algorithm that, nowadays, is considered safe enough and requires less computing than other options. End-to-end encryption is also used automatically, i.e. messages are encrypted to safeguard them and make them unreadable by both 3warnings and third parties.

Regarding the files sent by users, these are not encrypted, but they are uploaded to our backend and a temporary signed url is obtained and sent to their recipients. Only users who have this signed url have access to the corresponding file.

In addition to AES, at 3warnings we use the public key encryption, which ensures that only the recipient of the message will be able to decrypt the message.

In communications with the server we use the HTTPS protocol, to prevent data interception.

In this way, 3warnings maintains the security levels of data protection required by Law 3/2018 of December 5, Protection of Personal Data and guarantee of digital rights and the European Regulation on Data Protection 679/2016 of April 27, and has provided all the technical means at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of data that the user provides through the app.

Also, as a user of our app you understand, accept and understand that security measures on the Internet are not impregnable and therefore you are obliged to adopt the necessary security measures that allow you to trust the veracity of the app in which you are entering your data. We will also do our best to guarantee the privacy and security of your identification data at all times, always using the maximum diligence and implementing the necessary measures.

Thus, we inform you that you will be solely responsible for the security measures implemented in relation to the protection of your data, so 3warnings is not responsible for situations where the user has not implemented the appropriate security measures, or their consequences, as well as for causes or damage caused by third parties outside the project, including acts of God and / or force majeure.

In accordance with the above, 3warnings can not guarantee that unauthorized third parties may have knowledge of the class, conditions, characteristics and circumstances of the use that users make of the services offered in the app. However, as a measure, we have provided some conditions of use in our Legal Notice.

TERM OF CONSERVATION OF YOUR PERSONAL DATA

Data storage overview

The personal data provided will be kept for the time necessary to fulfill the purpose for which it is collected and to determine any possible liabilities that may arise from the purpose, in addition to the periods arising from the applicable legislation.

By virtue of the above, the data that are not kept by 3warnings, once the relevant checks have been carried out, and while the application is being used, are the emails of the contacts in the contact book of the user registered in the app, and the messages and files sent through the application.

Once the application is uninstalled, its geolocation and advertising preferences will be immediately deleted.

Some of the data you provide will be kept, after processing, for historical and statistical purposes, always in a disaggregated manner, ie, anonymized, so that they can not be associated with any user.

LOG FILE or REGISTRIES

When you use the 3warnings app, our servers automatically record certain information that is sent whenever you visit any web site. These server logs may include information such as your web request, Internet Protocol (“IP”), browser type, browser language, referring/exit pages and URLs, app type, the number of clicks, domain names, landing pages, the pages visited and the order of the pages, the amount of time spent on particular pages, the date and time of the request, one or more cookies that may uniquely identify your browser, your e-mail address and various status information.

When you use the 3warnings service, our servers record certain general information that our application sends whenever a message is sent or received, or when it automatically updates your contact list in the app, including the e-mail accounts from which the messages were sent and received, as well as the date and time they were sent.

MODIFICATION OF THIS PRIVACY POLICY

3warnings reserves the right to modify this policy to adapt it to future legislative or jurisprudential developments, as well as future uses it plans to make of the personal data of users of the app. In the event that such a change would affect the processing of your data, for example, because some additional processing will be done, not previously informed, we will notify you.

In any case, it is recommended that the user reads the App’s Personal Data Protection Policy each time he or she accesses the App.

This privacy policy is complemented by the Legal Notice and the Code of Conduct associated with this app, and any applicable legal texts present on our website.