* Last modification: July 21, 2021, for the collection of users' telephone numbers, to put them in contact easily, and for the creation of user profiles.

For the operation of the app and the web, we collect and use personal data of our users, who are protected by the European General Data protection Regulation (EU RGPD) and the Spanish Personal Data Protection Organic Law.



Data Processing Responsible

The data controller is:

Daniel Muñoz Gil
Tax ID number: 52332108R
ADDRESS: Calle Concejo de Degaña 2, 1C, 33204 Gijón (España)
EMAIL:



Personal Data that we collect

We inform our users that:

3warnings has a database that contains, among others, personal data of its users. This information is used exclusively to operate the instant messaging app and the web. 3warnings uses different Google services to operate, so this data is hosted on Google facilities.

These are the personal data that we collect, its purpose, and its mandatory or optional nature.

Personal data collected via app

  • Your email address: You provide it to us when you install the app. This way we know where to send the messages sent to you by your contacts. This data is indispensable, and without it, the app can not function. It is also used to verify your identity every time you send a message or file to a contact or group, to avoid phishing.
  • Your phone number: You provide it to us when you run the app, when a form asking for it appears and you fill it in. We then check that the phone number provided is correct, sending you an SMS with a verification code that you have to enter in the app. We collect the phone number of our users to contact them easily (see next point). This information is essential, as without it, the app would not be able to display contacts for whom you only have the phone number.
  • Your user profile data (name and image): You provide them to us when you create or edit your user profile in the app. They are used so that you can customize the way your contacts will see you in the app, and can recognize you. These data are indispensable, because without them, your contacts would only see your email or phone number, and it would be more difficult for them to recognize you.

  • The above data (email, name, image and emoticon) make up your ‘user profile’, and is used for users to identify each other in the app, and to contact each other. You can search for your contacts in the app by entering their email or phone number. If the email or phone number matches one of our users, a new contact will be created in your contact list, with the ‘user profile’ found. This way, you will be able to contact that person. In turn, your ‘user profile’ is shared with those users who search for you in the app, to add you to their contact lists. In no case is the phone number provided. Although you can search for users by their email and phone number, the phone number is not provided in the results.
  • Your contacts list (phone numbers and emails of your contacts from your cell phone address book): This list is uploaded securely and regularly to our servers, to check which of your contacts are also users of our app, and display them in your contact list in the app. We do not retain this data. Once the check is done on our servers, the data is deleted. These data are indispensable, and without them, the app would not be able to show you contacts to send messages to.

  • Your votes to Non Profit Organizations (NPOs). You can vote for your favorite NPOs for them to receive our donations. We keep your votes on our servers to count them and show how many votes each NPO gets. But your votes are secret, we do not publish our users’s votes, we just add all our users’s votes and show the total results. The votes to NPOs are optional, they are not essential for the operation of the app, and you don’t need to vote any NPO to use it.
  • Your messages. We don’t keep your messages. Your messages are encrypted on your device and delivered encrypted to Google’s Firebase Cloud Messaging, a service that delivers your messages to your recipients. Once your messages (including your chats, photos, videos, voicemails, documents and location information) are delivered, they are deleted from our servers. Your messages are stored on your own device. If a message cannot be delivered immediately (for example, if you are offline), GCM may store it on their servers for up to 30 days while they attempt to deliver it. If a message has not been delivered after 30 days, they delete it. We also offer end-to-end encryption automatically. End-to-end encryption means that your messages are encrypted to safeguard them so that neither we nor third parties can read them.

  • Your files. The files you send to your contacts (images, audios, videos…) are uploaded by the app to our backend, a signed URL link is obtained, and sent to your recipients. We do not encrypt your files, but only users who have the signed URL have access to these files, and only temporarily.
  • Your groups. You can create groups, assign them a name and image, and invite your contacts to join them. You can also accept group invitations from other people. We store on our servers the group names, their group profile pictures, and the members who have agreed to join them. This is necessary for us to send your group messages to all group members, and to keep this information up to date for your members.
  • Your advertising preferences: The app displays advertising to generate income. We store on your device the ad categories you click on. More in line with your interests, this information is only stored on your device, and is not shared with anyone, not even 3warnings. * These data are not yet processed, until 3warnings appoints a Data Protection Delegate. But it will be treated in the future, and you accept it by using the app.

  • Your geolocation: The app offers you the ability to share your location with your contacts. This information is only stored on your device, and is only shared with the recipients you choose. It is not shared with anyone else, not even 3warnings.
  • Your city: The app gets the city in which you use it, to show you ads available in your geographic area. It only uses your approximate location, about 30 square kilometers, and gets it only once a day. This information is only stored on your device, and is not shared with anyone. It is obtained through the web services that the app uses for its normal operation, from the IP of your device. This method is inaccurate, and it is possible to get the wrong city.
  • Your subscriptions to NPOs and Advertisers channels: The app allows you to subscribe to NPOs and Advertiser channels in order to receive their messages and files. You can unsubscribe at any time. This information is stored in our backend to obtain the number of subscribers per channel. This information is not provided to NPOs or Advertisers. They are informed of the number of subscribers they have, but nothing else.

Automated decisions

We inform you that the system makes automated decisions: Depending on your geolocation and your advertising preferences, you will be shown one ad or another. It is important for 3warnings and its advertisers to show you advertising that may be of interest to you. There are no consequences beyond the display of some ads or others.

Personal data collected on the web

  • Forms. In our web there are several forms (of contact, of registration of NGOs, of report of errors, of vote to new functionalities to develop…). They have been made with Google Forms. The data entered in these forms are subject to Google’s Privacy Policy. Through them, you can provide us with information related to your use of our Services, and how to contact you.

Personal data collected via email

  • Your email address: You give it to us when you send us an email. We use it to answer you. Without it, we would not be able to respond to you.

Personal data collected in the Nonprofit registry

  • Your Google Account: Used to identify you and give you access to the control panel, where you can register your Organization, send messages to your subscribers, and more.
  • Your email address: We save it so that we can contact your Organization in case a problem arises. The donations we make to your NGO will be sent to this email, through Transferwise.

Not considered personal data of NGOs

  • Your registration details: The full name of the NGO, the short name, country in which it is registered, and the website of the Official Institution where it is registered. It is used so that our users can vote for your NGO. This data will be published (except for the Google account and the contact email) in our web and app, so that users can identify the registered NGOs and vote for them.

Personal data collected in the Advertisers registry

  • Your Google Account: Used to identify you and give you access to the control panel, where you can register, buy advertising credits, create and configure ads, send messages to your subscribers, and more.
  • Your email address: We save it so we can contact you in case any problem arises.
  • Your registration data: Full name, tax identification code, VIES registration and address are used to issue your invoices when buying advertising credits.

The following are not considered personal data of advertisers nor NGOs

The messages and files you send through our Control Panel to your subscribers. They are considered public, are not encrypted, and are available to anyone who is subscribed to your channel at the time of sending.

Data retention period

The personal data are necessary for the proper functioning of the instant messaging app, so they are retained as long as you continue to use the app, and do not request its removal.

The data collected in the registers of NGOs and Advertisers are necessary for the proper functioning of their respective control panels. Therefore, your data will be kept until you unsubscribe.

In addition, they will be kept during the necessary time required to comply with legal obligations.

Data that is not retained

  • Emails and phone numbers from your contacts on your device
  • Your messages and files sent in the app

Data that is immediately removed from your device when you uninstall the app

  • Your geolocation
  • Your advertising preferences

Data that is removed immediately after Nonprofit termination

  • Your Google Account
  • Your email address

Data that is deleted immediately after the unsubscribe as Advertiser

  • Your Google Account
  • Your email address
  • Your registration details: Full name, tax identification code, VIES registration and address

Data that is removed within a few weeks of uninstalling the app

When you uninstall the app, your personal data is automatically deleted after a few weeks

  • Your email address
  • Your group memberships
  • Your votes to Nonprofits
  • Your NGO and Advertiser Subscriptions
  • Your user profile

Preservation of data for historical and statistical purposes

The data you provide will also be used for historical and statistical purposes. We will publish on our website aggregated data, without personal information. For example, number of users in time, number of messages and files sent, number of Nonprofits, Advertisers, etc.



Legitimation

Personal data is collected with the consent of the user. Legal basis: RGPD EU 2016/679 Article 6.1.a

If, due to any documentation error, any personal data not contemplated by the user’s consent is collected, its collection is carried out in the legitimate interest of the Responsible Party, for the correct functioning of the app, the backend and the control panels of Nonprofits and Advertisers. Legal basis: RGPD UE 2016/679 Article 6.1.f.

Access to data on behalf of third parties

3warnings uses Google technology to run your app. Your personal information, which you provide to 3warnings, is hosted by Google servers.

You can check here the agreement between 3warnings and Google, which includes the privacy of your personal data: Security and Data Processing Terms

Google, in addition, complies with the General European Regulation on Personal Data Protection (GDPR). You can check here the agreement between 3warnings and Google: EU Model Contract Clauses



International Data Movement

The 3warnings app is designed to work globally: Users can send messages from different countries. To do this, Google maintains data centers around the world, and moves the data between them to bring them closer to their destination. Therefore, your personal data can be transferred to other countries.

The United States is included in the list of countries that the European Union estimates to meet an adequate level of personal data protection. You can check it in the Spanish Agency for Data Protection .

Google is included in the list of companies certified under the EU-US Privacy Shield. You can check it on the EU-US Privacy Shield website.

Court of Justice of the European Union (CJEU) ruling on July 16, 2020. The CJEU ruling invalidated the EU-US Privacy Shield Framework but did not invalidate EU Model Contract Clauses (MCCs, also known as Standard Contractual Clauses) as a lawful transfer mechanism for personal data transferred outside of the EU, Switzerland or the UK (as applicable).

The transfer of data from 3warnings to Google is done under these agreements:

Data Processing and Security Terms (Customers)

Google Cloud Platform: EU Model Contract Clauses

By installing the 3warnings app you understand that this international data movement is necessary for the proper functioning of the 3warnings app, and authorize it.



Consent to the processing of underage data

We only accept adults as users:

Our app displays third-party advertising to our users, and we have no control over the content of their ads. Although our policies for advertisers include a ban on ads unsuitable for minors, and we have an Artificial Intelligence system that helps us discard unwanted ads, we cannot ensure that the app only displays ads appropriate for minors. That is why we only accept adults as users.



Rights of access, rectification, cancellation, opposition, limitation of the treatment and portability of data for Nonprofits.

You can exercise your personal data rights at the following link . You must log in with the same user you use in the Control Panel.

Rights of access, rectification, cancellation, opposition, limitation of the treatment and portability of data for Advertisers.

You can exercise your personal data rights at the following link . It must be logged in with the same user you use in the Control Panel.

Personal Data rights of access, rectification, cancellation, restriction of processing, and data portability for mobile app users

You can exercise your personal data rights in this same web page, in the forms available below. The effects will be immediate. You must log in with the same user that you use in our app.

  • We recommend the use of the Google Chrome browser for the proper functioning of the forms.

Right to access

You can access your personal data in the following Form. For this, it is necessary that you accept the use of cookies, and log in with the same user you use in the app. You can delete cookies later. If your personal data does not appear, we do not have it. You can make a copy of your data using the button on your ‘Print Screen’ keyboard.

Right to rectification

To rectify your data, you can do it in the following ways:

  • Uninstalling the app from your device, and reinstalling it using another user. After a while, the personal data of your original account will be automatically deleted.
  • You can rectify your votes directly in the mobile app, changing them by others, or eliminating them
  • You can rectify your groups directly in the mobile app, editing them to change your name or group image, and inviting and expelling members
  • You can rectify your group membership in the mobile app, accepting invitations to groups or leaving them
  • You can rectify your subscriptions to NGO and company channels by subscribing and unsubscribing to these channels through the app.
  • You can rectify your user profile by updating it in the app.

Right to erasure

You can erase your data just using the form below.

Right to limitation of treatment

You can exercise your right to limitation of treatment in the following form. Keep in mind that by doing so, the app will stop working properly. To reuse it, you must uninstall it, and reinstall it again.

Right to data portability

According to the European General Data Protection Regulation (EU RGPD), you have the right to data portability. This right consists of:

  • to receive the personal data concerning you, which you have provided to a controller, in a structured format, commonly used and machine-readable, and to transmit them to another controller without being prevented by the controller to whom they have been provided.

In this form you can obtain a file in json format, with your personal data, which you can transmit to another data controller.

  • to transmit your personal data directly from controller to controller where technically possible

In this form you can give and withdraw permissions to other data controller to access your data through our API. To do so, you must provide the Google Accounts of those responsibles to whom access will be provided.

The recipient of your personal data can access them through this link, by logging in with the email account you provide in the form Link to the Portability API for Data Managers

Right of opposition and automated individual decisions

By opposing the processing of your data, the app can no longer function, so in our case, the right of opposition and erasure are equivalent. You can exercise your right of opposition in the same way as in the case of erasure, in the Form .

With respect to the right to object to automated individual decisions, it is the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects on it or significantly affects it in a similar way. 3warnings informs you that it does not carry out any such procedure.

Right to file a complaint with a Control Authority

Without prejudice to any other administrative remedy or judicial action, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he has his habitual residence, place of work or place of alleged infringement, if he considers that the processing of personal data concerning him infringes the European General Data Protection Regulation.

You may withdraw your consent to the processing of your personal data at any time. You have two options:

  • Uninstall the app. After a few weeks, your data will be deleted automatically.

  • Use the Data deletion form. Your data will be deleted immediately.