We’re the parent company of AI Creativity S.r.l. (“we” or “us”). With this privacy policy, we’ll explain how we process the personal data of users (“user” or “you”) of the Wrapp mobile application (“app”), or those who otherwise interact with us.
We provide this privacy policy in accordance with Regulation (EU) 2016/679–General Data Protection Regulation (“GDPR”), the Italian Legislative Decree 196/2003 (as amended), and other applicable local laws, as amended or replaced (collectively, “applicable privacy laws”).
We process the following categories of personal data, for the purposes and on the legal bases indicated below. Please note that not all of the below information may be deemed personal data in your jurisdiction in all cases.
Purpose | Legal Basis | Categories of Processed Data |
a) To enable you to use the app and to provide you with its functionalities (service delivery). | These activities are based on the contract we have with you (Article 6.1.b GDPR). | User identifiers (such as Apple ID) and mobile identifiers (such as IP address, device identifiers, and custom identifiers that we generate to identify our users). Device information (such as device model, device type, OS version, device language, device name, and region). Information about your subscription. Information about your interaction with the app. |
b) To improve and develop our products and services. For example, we may process your data to conduct statistical analyses or other research activities to optimize our features and provide you with new ones (service improvement). | The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to improve our products and services. As for the collection of personal data by means of analytics tracking technologies, please | User identifiers (such as Apple ID), mobile identifiers (such as IP address, device identifiers, and custom identifiers that we generate to identify our users), device information (such as device model, device type, OS version, device language, device name, and region), and information collected to |
see Section 9 (In-app Tracking Technologies). | improve the app’s functionalities (such as information about your interactions with the app and other related information about your usage of the app). | |
c) To ensure the quality of the services by analyzing, preventing or correcting failures and bugs, illicit use or misuse of the services (troubleshooting). | The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to ensure the quality and the smooth functioning of the service. | User identifiers (such as Apple ID) and mobile identifiers (such as IP address, device identifiers, and custom identifiers that we generate to identify our users). Device information (such as device model, device type, OS version, device language, device name, and region). Internet and network activity information (such as IP address, and information about network usage, Internet connectivity, latency, failures, crashes, and error logs). Inferences we generate about your usage of the app. |
d) We analyze information about you and the way you use the app to create your user profile. We use the user profile to improve our products, develop new features, and provide you with relevant offers and a customized in-app experience (profiling). | These activities are based on our legitimate interest to improve and customize our services (Article 6.1.f GDPR). | User identifiers (such as Apple ID) and mobile identifiers (such as IP address, device identifiers, and custom identifiers that we generate to identify our users) and information about your interaction with the app. |
e) To comply with our legal obligations, including requests from public authorities (compliance). | When this activity is required by a specific legal obligation, your personal data may be used to the extent required to comply with | Any information which may be required by law or under the instructions of public authorities. |
the legal obligation itself (Article 6.1.c GDPR). When the applicable law leaves some discretion in assessing the appropriate way to comply with it, your personal data is used based on our legitimate interest to prove our compliance (Article 6.1.f GDPR). | ||
f) To process and respond to customer support communications and to requests for information you may raise with us (customer support). | The legal basis for the processing is the performance of our contractual relationship (art. 6(1)(b) of the GDPR). | Identification and contact information you provide us and the content of your communication or request. |
g) To establish, exercise or defend our rights and those of our employees, and to carry out corporate transactions or operations. For example, in case of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to any such transactions (defense). | The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to establish, exercise or defend our rights and to carry out corporate transactions or operations. | Any information necessary to ensure the performance of these purposes. |
Personal data may be processed by both automated and non-automated means and may be stored at our premises and on our service providers’ servers. We adopt technical and organizational measures designed to prevent the loss, improper use and alteration of your personal data. In some cases, we may also adopt data encryption and pseudonymization measures. However, transmissions over the Internet are never 100% secure, and you should not provide any personal data if you want to avoid any risk.
The other categories of personal data processed for the purposes of service delivery, service improvement and profiling will be kept for a period not exceeding the one necessary for the said purposes and, in each case, for no more than three (3) years from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
Personal data processed for the purposes of troubleshooting will be kept for a period not exceeding the one necessary for the said purposes and, in each case, for no more than one (1) year from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
Personal data processed for the purposes of compliance, will be kept up to five (5) years from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
Personal data processed for the purposes of defence will be kept up to ten (10) years from the date of your last interaction with the app or from the date of the expiration of your subscription unless you access the app after then. In this case, the retention period will start from the date of your last interaction with the app.
At the end of these specified periods, unless any legal obligations require a longer data retention, the processed personal data will be either deleted or anonymized.
Your personal data may be transmitted to trusted and reliable third parties. This happens only when there are lawful grounds for the transmission. We don’t sell your data to third parties under any circumstances.
The types of third parties to which your data may be transmitted are as follows:
Third parties that carry out activities related to our business and operations. Such parties can operate either on our behalf as data processors (for example, IT or storage service providers) or as autonomous data controllers (for example, professional advisors providing advice or otherwise protecting and managing our business interests).
Advisors and new owners, in the event that we carry out a corporate transaction or operation such as a merger, acquisition, reorganization, sale of assets or assignments, and as a part of the associated due diligence.
Public, judicial, or police authorities, within the limits established by applicable laws.
Other parties as necessary (for example, competent authorities), if we have reason to believe that your actions are inconsistent with our user agreements or policies or that you’ve violated the law, or if it’s necessary to protect our rights, property, and safety or that of our users, the public, or others.
Additionally, we may share your personal data if it’s required for the fulfillment of a legal obligation, or if you give us your consent to do so.
Bending Spoons is located in Italy. Sometimes, we may transfer your personal data outside the European Economic Area (“EEA”). When we do so, the transfer is always based on appropriate safeguards in accordance with applicable privacy laws, including the standard contractual clauses developed by the European Commission, the decisions of adequacy of the European Commission, or binding corporate rules.
More information on the appropriate warranties is available for consultation at privacy@hive-xyz.com.
At any time and free of charge, you can exercise the following rights, as specified and subject to certain limitations and exceptions under Applicable Privacy Laws:
Right of access. You have the right to obtain information about the processing of your personal data and to access it.
Right to rectification. You have the right to ask for the updating, rectification or integration of your personal data.
Right to erasure. You have the right to request the deletion of your personal data.
Right to restriction of processing. You have the right to request the restriction of the processing of your personal data.
Right to data portability. You have the right to obtain a portable electronic copy of your personal data.
Right to object. Where we rely on our legitimate interest to process your personal data, you have the right to object to such processing, wholly or partly, on grounds related to your particular situation. In particular, you are entitled to object to the processing of your personal data for direct marketing purposes, including profiling.
Right to withdraw your consent. Where we rely on your consent to process your personal data, you have the right to withdraw your consent, although the processing carried out before your withdrawal of consent will remain valid.
You also have the right to lodge a complaint before the competent national Data Protection Authority, in particular before the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
To exercise your rights, you can submit a request following these steps:
Access the app from your device (if you do not have it on your device any longer, you can download it again and then access it without the need to purchase a subscription).
Long press four fingers on any screen within the app until a menu opens up.
Tap Send a Privacy Request and follow the instructions.
After you have sent your request through Send a Privacy Request, you may uninstall the app if you do not want to use it anymore.
If you have any other questions about privacy or data protection at Bending Spoons, you can contact us at privacy@hive-xyz.com. We may take reasonable steps to verify your identity prior to responding to your request.
The app is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have received personal data from children under the age of 16, please email us at privacy@hive-xyz.com. If we learn that a user is under the age of 16, we will take reasonable steps to delete any processed data and close such user’s account.
The app may include links to other websites or services operated by third parties. The activities described in this privacy policy don’t apply to data processed by third-party websites and services. We’ve got no control over, and we're not responsible for, the actions and privacy policies of third parties and other websites and services.
We may modify, integrate, or update—in whole or in part—this privacy policy. We’ll notify users of any modification, integration, or update in accordance with applicable privacy laws.
If we make modifications, we’ll notify you by revising the date at the bottom of this privacy policy and, under certain circumstances, we may also notify you by additional means (such as via email, pop-up, or push notification).
When we refer to “tracking technology/technologies” in this Policy, we mean any technology that stores or accesses information on the user’s device, including SDKs, tracking pixel, HTML5 local storage, local shared object, and fingerprinting technique.
Tracking technologies are usually classified by purpose (Technical, Analytics, Profiling) and by publisher (First-party, Third-party).
This classification is important because different legal requirements apply based on how the tracking technologies are classified.
Below you will find the types of tracking technologies as classified with some practical examples.
By purpose
Technical tracking technologies
Technical tracking technologies are used for the purpose of transmitting messages over an electronic communication network or to provide a service specifically requested by the user.
Thus, technical tracking technologies are essential for the correct functioning of the app and to provide the service offered to and requested by the user.
For example, technical tracking technologies can be used to monitor sessions, store specific server access information related to the user configuration, facilitate the use of online content, or keep track of items in a shopping cart or information used to fill in a form.
Technical tracking technologies do not need your consent.
Analytics tracking technologies
Analytics tracking technologies may be used to assess the effectiveness of an information society service provided by a publisher, evaluate and improve the design of an app, or help measure its traffic.
In other words, analytics tracking technologies may be used to track the traffic and performance of an app, by collecting aggregate data on the number of users and how they interact with the app to improve its services.
For example, analytics tracking technologies may collect information about how users access an app, including the number of users, possibly grouped by geographical area, time slot, how long users stay on the app, what parts of the app they interact with, or the number of users who used a particular feature.
Analytics tracking technologies need your explicit consent. However, analytics tracking technologies are equated to technical trackers and, thus, do not need your consent if:
they are only used to produce aggregated statistics that are performed by way of the controller’s own resources and do not turn into activities that go beyond statistical counting and enable business-related decision-making; or
the third parties do not match the analytics trackers' data with any other information and do not forward such data to other third parties.
Profiling tracking technologies
Profiling tracking technologies may be used to evaluate certain personal aspects relating to users and trace specific actions or recurring behavioral patterns in the use of the offered functionalities back to specific, identified or identifiable individuals for the purpose of grouping them within homogeneous, multi-sized clusters. This is aimed to enable the company to analyze and predict personal aspects concerning the users, provide them with increasingly customized services beyond what is strictly necessary for the delivery of the service, and also send targeted advertising messages in line with the preferences expressed by the user during their in-app activities.
In other words, profiling tracking technologies may be used to convey behavioral advertising, measure the effectiveness of ads, or to customize the services offered in line with the user’s monitored behavior.
For example, profiling tracking technologies can be used to create user profiles and offer content in line with the user’s interests, send targeted ads or messages, conduct statistical analysis or other research activities to improve our products and services and measure the effectiveness of our campaigns.
Profiling tracking technologies need your explicit consent.
By publisher
First-party tracking technologies
First-party tracking technologies are installed and managed directly by the owner of the app which will process the collected data for its own purposes.
Third-party tracking technologies
Third-party tracking technologies are installed and managed by different apps or developers either for our purposes or for the third party’s own purposes.
The data collected by these third parties is governed by their own specific privacy policies and terms and conditions over which we have no control. Thus, for further information about this data processing activities, please refer to the privacy policy of such third parties as indicated in the following section ("Types of tracking technologies used by the app”).
Third-party non-anonymized analytics and/or profiling trackers need your consent. You can manage this consent at any time by accessing the “Privacy Settings” within the app.
Types of tracking technologies used in the app
This app installs the following types of tracking technologies:
Name | Retention period | Purpose | Third-party Privacy Policy (where appropriate) |
Wrapp SDK (technical) Technical | 3 years | Our internal software development kit (SDK). It’s necessary for the app to function correctly. | NA |
Wrapp SDK (statistical analytics) Technical | 3 years | Our internal software development kit (SDK). It allows us to produce aggregated statistics. | NA |
Tracking technologies settings
You cannot deactivate first-party analytics tracking technologies since they are equated to technical trackers and, thus, are not based on your consent. However, you can opt out of the further processing of your data collected by means of such trackers by sending an email to privacy@hive-xyz.com.
With regards to your rights under applicable Data Protection Laws, please refer to Section 5 (Your Rights) above.
The Data Controller is Bending Spoons S.p.A., based in Via Nino Bonnet 10, Milan, MI 20154 (Italy), VAT 08931860962. For any requests regarding the processing of your personal data, please email us at privacy@hive-xyz.com.
Our Data Protection Officer can be contacted by sending an email to dpo@bendingspoons.com for any requests relating to the processing of your personal data or this Privacy Policy.
Last updated: January 15, 2025