PRIVACY POLICY

1. INFORMATION WE COLLECT

1.1. Personal Identification Information

• Name, phone number, email address, date of birth, gender, nationality, profile photo, and other identity-related details.

1.2. Profile and Activity Information

• Interests, skill levels, activity preferences, social tags, biography content, and user-generated content (reviews, ratings, messages).
• Activities you create, join, or engage in, including time, location, and participation statistics.

1.3. Location Information

• Geolocation data (real-time GPS and location history) for matching, safety features, and recommendations. You may disable this in your device settings (with limited functionality as a result).

1.4. Device and Log Information

• Device type, operating system, unique device ID, browser type, IP address, language, time zone, crash data, diagnostic logs, and other metadata.

1.5. Communications

• Messages between users, support interactions, and email content may be stored for customer service and safety.

---

2. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR, including:

1. Consent (Art. 6(1)(a)) – e.g., for marketing emails and optional profiling.
2. Contract Performance (Art. 6(1)(b)) – e.g., to provide, maintain, and improve MITRA.
3. Legal Obligation (Art. 6(1)(c)) – e.g., to comply with tax, accounting, or reporting requirements.
4. Legitimate Interests (Art. 6(1)(f)) – e.g., to ensure the security and functionality of our platform, provided your interests do not override these interests.

---

3. DATA PROTECTION REPRESENTATIVE

In accordance with Article 37 GDPR, we have determined that an appointment of a Data Protection Officer is not required. Instead, you may direct all data protection queries to our Data Protection Representative:
Email: simea_raul@yahoo.com
Address: Berliner Str. 69, 13189 Berlin, Germany

---

4. HOW WE USE YOUR INFORMATION

We use your data to:

• Create and maintain your account.
• Match users by interests, availability, location, and skill levels.
• Offer recommendations and personalized content.
• Enhance security and enforce our Terms of Use.
• Enable communication between users.
• Monitor system performance and usage.
• Provide customer support.
• Analyze KPIs and optimize user experience.

---

5. USER-GENERATED CONTENT

Any content you post (activity photos, bios, reviews, messages) may be visible to other users based on your privacy settings. By submitting content, you grant us a worldwide, royalty-free license to use, display, reproduce, and distribute it within MITRA for operational and promotional purposes.

---

6. THIRD-PARTY SERVICES AND INTEGRATIONS

MITRA integrates with:

• Google Maps (location/routing)
• Google Calendar & Similar Tools (scheduling & syncing)
• Amazon Web Services (AWS) (hosting & infrastructure)
• Analytics Platforms (KPI analysis & performance)

We do not control how these third parties handle your data; their policies apply in addition to ours when you interact with their tools.

---

7. SUBPROCESSORS

We engage third-party subprocessors (e.g., AWS, Google) to assist in service delivery. A current list of subprocessors is available upon request by emailing simea_raul@yahoo.com.

---

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to operate our service and analyse usage. Cookies fall into these categories:

• Essential Cookies: Required for basic functionality (e.g., login sessions).
• Analytics Cookies: To measure and improve performance.
• Marketing Cookies: To deliver relevant advertisements.

You can manage or withdraw your cookie preferences at any time via your browser settings or our cookie consent banner.

---

9. AUTOMATED DECISION-MAKING AND PROFILING

We use algorithmic tools to match you with activities and other users. This profiling is based on your interests, location, and activity history. You have the right to request human intervention, express your view, and contest any decisions that significantly affect you (Art. 22 GDPR).

---

10. SHARING AND DISCLOSURE

We may share your information with:

• Other MITRA users (limited to profile/activity data).
• Service providers and partners (infrastructure, storage, analytics, support).
• Law enforcement or regulators (if required).
• Trusted contacts (if you enable safety-sharing features).

We do not sell your data.

---

11. YOUR RIGHTS AND CHOICES

You may:

• Access, update, or delete your personal data.
• Request a copy of your information.
• Opt out of certain notifications.
• Revoke location permissions.
• Delete your account at any time by emailing simea_raul@yahoo.com.

Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. For Germany, this is:
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153, 53117 Bonn, Germany
https://www.bfdi.bund.de/

Direct Marketing and ePrivacy Compliance
By creating an account and accepting this Privacy Policy, you expressly consent to receive emails, newsletters, and service updates from Community Sphere Group UG. You may withdraw your consent and unsubscribe at any time by clicking the “unsubscribe” link in our emails or by contacting us at simea_raul@yahoo.com. For any marketing communications beyond service-related emails, we send messages only if you have given explicit consent as required by the German Unfair Competition Act (UWG).

---

12. DATA RETENTION

We retain your personal data only as long as necessary for the purposes collected:

• Account Information: Until account deletion plus 3 years for legal and audit purposes.
• Log & Diagnostic Data: 6 months.
• Marketing Consents: Until withdrawal of consent.
• User-Generated Content: Until you delete it or your account.

---

13. CHILDREN’S PRIVACY

MITRA is not intended for anyone under 16. We do not knowingly collect data from minors; if discovered, we will delete it promptly.

13.1 AGE VERIFICATION AND PARENTAL CONSENT

We implement reasonable measures to verify user age. If a user under 16 is identified, we will delete their data unless valid parental consent is provided.

---

14. INTERNATIONAL DATA TRANSFERS

If we transfer your data outside the European Economic Area (EEA), we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of protection of your personal data.

---

15. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Significant changes will be communicated via the app or email.

---

16. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

We implement appropriate measures to protect your data, including:

• Encryption: TLS for data in transit.
• Pseudonymization: Where feasible.
• Access Controls: Role-based access and regular security audits.

---

17. CONTACT

For any privacy or data-deletion requests, email: simea_raul@yahoo.com
Address: Berliner Str. 69, 13189 Berlin, Germany