Privacy Policy
1. Preamble and Data Controller
This Privacy Policy describes how the mobile application Buddhy (the “App”) and the company DEDALUX S.R.L.S.(“DEDALUX” or the “Company”) process Users’ personal data in compliance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and applicable Italian law.
Data Controller:
DEDALUX S.R.L.S. Registered Office: Corso Umberto I, 10, Bagheria, Palermo, Italia Privacy E-mail:info@dedalux.com (Responsible for handling Data Subjects’ rights)
2. Processing Principles and Commitment (Privacy by Design)
DEDALUX is committed to processing personal data according to the principles of lawfulness, fairness, and transparency. Our policy is based on the principle of Data Minimization and Privacy by Design: we do not collect personal data that is not strictly necessary for the provision of the Services, and, in particular, we do not access the personal content generated by the user within the App (as specified in section 3A).
3. Categories of Data Processed, Purposes, and Legal Basis
We process the User’s personal data only when necessary to provide the Buddhy Services.
A. User Interaction Data (Stored Locally)
Data Processed: Content of chats with the AI virtual assistant, personal information entered into the “basket” section of the App, and any data shared during mindfulness and meditation interactions.
Purpose of Processing: To provide the User with the App’s core service: meditation, mindfulness sessions, and the personalized AI assistant.
Legal Basis: Performance of a Contract (Art. 6.1.b of the GDPR), as processing is essential for the provision of the Service requested by the User.
Crucial Note on Storage (Local Storage): We emphasize that all this interaction data and User-generated content are stored exclusively locally on the User’s device. DEDALUX does not have access to this content, does not store it on its servers, and does not use it for any other purpose.
B. Subscription and Purchase Data
Data Processed: Unique user/device ID and technical information about the subscription status (e.g., plan type, validity). This data is exchanged with application stores (App Store, Google Play Store).
Purpose of Processing: To verify, manage, and maintain the User’s active subscription status, ensuring access to paid content.
Legal Basis: Performance of a Contract (Art. 6.1.b of the GDPR), necessary to honor the service agreement entered into upon purchasing the subscription.
C. Technical and Support Data
Data Processed: (If implemented) Anonymous, aggregated, or pseudo-anonymous data on general App usage (e.g., frequency of use), crash reports, and email addresses spontaneously provided by the User for support requests.
Purpose of Processing: To optimize the App’s performance, stability, and security. In the case of emails, the purpose is to respond to support and information requests.
Legal Basis: Legitimate Interest of DEDALUX (Art. 6.1.f of the GDPR), aimed at improving service quality and ensuring its correct technical functioning.
4. Processing Methods and Retention
Personal data is processed using automated and/or paper-based tools for the time strictly necessary to achieve the purposes for which it was collected.
Local Data: As specified, User interaction data is stored only on the User’s device. Its deletion occurs upon uninstallation of the App or manual data deletion from within the application.
Other Data: Subscription data is retained for the duration of the contractual relationship and for the period required by law (e.g., for tax purposes). Support data is kept for the time necessary to manage the request.
5. Communication and Disclosure of Data
The minimum personal data processed (e.g., subscription data, device ID) may only be communicated to third parties strictly necessary for the provision and management of the App, such as:
Hosting, maintenance, and infrastructure security service providers.
Anonymous analytics platforms (if used, only aggregated or pseudo-anonymous data).
Competent authorities for compliance with legal obligations.
The data will not be subject to disclosure (sale or disclosure to undetermined parties).
6. Transfer of Data Outside the EU
Should DEDALUX use service providers (e.g., cloud providers for the basic infrastructure) located in countries outside the European Economic Area (EEA), the transfer will only occur in the presence of appropriate safeguards, such as the Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision.
7. Data Subject Rights (User – Ref. GDPR)
As a Data Subject, the User has the right to exercise the following rights at any time, in accordance with the GDPR, by writing to the Privacy email address specified in section 1:
Right of Access (Art. 15): To obtain confirmation as to whether or not personal data concerning them is being processed.
Right to Rectification (Art. 16): To obtain the correction of inaccurate personal data.
Right to Erasure (Right to be Forgotten) (Art. 17): To obtain the erasure of data (if data is stored only locally, deletion occurs by uninstalling the App).
Right to Restriction of Processing (Art. 18): To obtain the restriction of processing.
Right to Data Portability (Art. 20): To receive the data provided in a structured, commonly used, and machine-readable format.
Right to Object (Art. 21): To object to processing based on legitimate interest.
Right to Lodge a Complaint: To lodge a complaint with the Italian Data Protection Authority (Garante Privacy) or the supervisory authority in their country of residence.
8. Minors
The App is not intended for minors under 16 years of age. If DEDALUX becomes aware of personal data collected from minors without verified parental consent or the consent of the guardian, it will take reasonable steps to remove such information.
9. Changes to the Policy
DEDALUX reserves the right to modify this Privacy Policy at any time to adapt it to regulatory or technological developments. The User will be informed of such changes by appropriate means, and continued use of the App after such changes will constitute acceptance of them.