Gnammus Privacy Policy

Data Controller

Gnammus is a service developed and provided by RTLP SRL, which acts as the Data Controller.

You may contact us or send reports through the app or via the communication channels indicated in the Terms of Use. For matters concerning requests, questions, or reports relating to privacy or data processing, please use one of the following communication methods:

Ordinary or registered mail:

RTLP SRL – Via Corte dei Mesagnesi 30 – 73100 – Lecce (LE) – Italy

Data Controller email address:

[email protected]

Certified email (PEC):

[email protected]

Types of Data We Collect

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of this Application.

Unless otherwise specified, all Data requested by this Application are necessary for the proper use of the platform. If the User refuses to provide them, it may be impossible for this Application to provide the Service. Where this Application indicates certain Data as optional, Users are free to refrain from providing such Data without any consequence on the availability of the Service; in such cases, some app features may provide results of lower relevance or quality for the User.

Users who have doubts as to which Data are mandatory are encouraged to contact the Data Controller.

Any use of Cookies—or other tracking tools—by this Application or by the owners of third-party services used by this Application is solely intended to provide the Service requested by the User and is necessary for the technical operation of the platform. Any additional optional purposes are described in detail in the Cookie Policy document.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application.

Data collection activities may include:

• personal data provided during registration, such as: name, nickname, profile photo, registration email address, preferences;
• content you create, such as recipes, reels, posts, comments, or audio and video content;
• connections to platform users, pages, groups, followers, and interaction methods within the platform;
• content provided through our camera features, gallery settings, or voice features;
• messages you send and receive and their related content;
• data relating to location or use of connection networks, such as, by way of example: IP address, IPv6 availability, proxy usage, upload/download bandwidth, time zone, connecting ISP;
• eating habits or preferences, for example: appreciation of specific dietary regimes (vegetarian, high-protein, low-calorie, etc.), usage occasions (restaurant, home, street food, etc.), beverages (wine products, spirits, etc.);
• views and interactions with content (such as likes, follows, subscriptions, etc.);
• time, frequency, and duration of your activities on our platform;
• type of device used (web browser, tablet, smartphone, etc.) and related details such as OS version, screen resolution, system language;
• information possibly shared by the device, such as GPS location, camera access, device signals, IDs;
• activity occurring on the device, such as foreground/background status, mouse movements, or actions enabling the detection of fraudulent or bot usage;
• information obtained from third-party providers, such as our connectivity or distribution providers (CDN, IP Transit, network peering, etc.), including data related to traffic analysis and optimization or fraud prevention;
• any information or data provided to receive assistance from us.

Types of Data We Do Not Collect

In general, we do not automatically collect or infer data that are unrelated to the food and wine domain or to the preparation or consumption of food and beverages. By way of example only, we do not collect the following data: gender and sexual orientation, political or philosophical beliefs, national, ethnic, or racial origin, membership in trade unions, social organizations, groups, or associations.

You may choose to optionally provide certain information related to your religious orientation (dietary rules) or health (allergies, food intolerances). This type of “Protected Information” is used exclusively to provide you with a more personalized user experience (suggestions, feed composition, etc.).

Under no circumstances is Protected Information displayed to third parties on your profile or elsewhere, nor is it communicated to third parties (including data processing or storage subcontractors).

Methods and Place of Processing of Collected Data

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the stated purposes. In addition to the Data Controller, in some cases other parties involved in the organization of this Application (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data. Such parties may be appointed, where necessary, as Data Processors by the Data Controller.

The updated list of Data Processors may be requested at any time from the Data Controller. RTLP shares with third-party providers only the data strictly necessary for the performance of the assigned activities, removing unnecessary data and, where possible, sharing them in anonymized, aggregated, or non-personally identifiable form.

Data are processed at the Data Controller's operating offices and at any other place where the parties involved in the processing are located. The User's Personal Data may be transferred to a country different from the one in which the User is located. To obtain further information on the place of processing, the User may refer to the section concerning details on the processing of Personal Data.

In some cases, data collected or received from third-party providers are received by RTLP in anonymous, aggregated, statistical, or non-identifiable form. In other cases, we ourselves remove certain personal identifiers from the information, aggregate it, or anonymize it so that it can no longer identify you. This is done to avoid processing unnecessary personal data. In such circumstances, without prejudice to legal obligations or the protection of the safety of persons or property, RTLP refrains from any activity aimed at re-identifying individuals or linking anonymous or aggregated data to platform Users.

Unless otherwise indicated in this document, Personal Data are processed and stored for as long as required by the purpose for which they were collected and may be retained for a longer period due to legal obligations or based on Users' consent. Anonymized, statistical, aggregated data, or data that cannot be linked to a specific User, may be processed and stored indefinitely.

Whenever possible, information and collected Data are processed automatically by our systems; however, in some cases manual processing by authorized personnel may also be used.

Purposes of Processing the Collected Data

User Data are collected to allow us to provide the Service and to deliver a satisfying and personalized experience. Processing purposes may include:

• offering a personalized experience, including through content recommendation tools (sponsored and non-sponsored);
• personalizing the content you view (feed, collections, user interface, etc.);
• translating content into different languages;
• verifying that the platform functions correctly and that the user experience is satisfactory;
• training our proprietary algorithms (for example: Machine Learning, Machine Translation, Artificial Intelligence, Automatic Moderation, etc.);
• providing metrics, services, and statistical data (for example: content popularity, follower lists, number of views), including in aggregated form;
• communicating with users via the apps (activity notifications or alerts) and via the provided contact details;
• market research of a scientific or innovation-related nature (only in anonymous, aggregated, or statistical form).

Additional purposes include the need to comply with legal obligations, respond to requests or enforcement actions, protect rights and interests (ours, those of Users, or of third parties), and detect potential malicious or fraudulent activities.

Sharing of User Information and Data

RTLP's sharing of data collected or provided by the User with third parties is regulated differently depending on whether the data fall into one of the following categories:

• Private Content
• Limited-Access Content
• Public Content

These are data, information, and content uploaded by the User to the platform for which publication has not been requested (or for which publication cannot be requested, such as the “Protected Information” referred to in section 3).

Such data are not disclosed to third parties, are not published on the platform, and are not stored or processed outside RTLP's IT platforms.Where they are processed(for example, Protected Information optionally provided by the User), processing is limited to internal services and / or carried out in anonymized, aggregated, or statistical form.

This category includes all information and data collected automatically.

These are data, information, and content uploaded by the User for which an explicit or implicit access limitation has been provided.

Examples of explicit access limitations include content that the User chooses to make available only to certain users or categories (such as recipes available only to followers or specific groups). Some content is implicitly marked as limited-access, such as messages between users or between the user and the platform (for example reports or help requests), for which the platform automatically restricts access.

These data are processed using the same tools and methods reserved for Public Content, but their visibility is limited to the senders and recipients of the content (via Access Control List mechanisms).

The User acknowledges that RTLP has no control over the possible disclosure of Limited-Access Content by legitimate recipients, including outside the Gnammus platform. The User also acknowledges that deletion, limitation, or transformation of Limited-Access Content (or conversion into Private Content), or changes to viewing authorizations, may require technical implementation time and that RTLP cannot intervene on copies, sharing, or disclosures already in progress.

This includes all content that does not fall into the previous categories, i.e., content posted by the User for which publication has been requested without specifying access limitations (or for which access limitation is not possible). Examples of non-limitable content include the username or nickname, profile or cover photo, tagline, interactions such as likes or comments, and generally all publishable fields for which such limitation cannot be set via the user interface.

Once approved by moderation services, such content may be made publicly available and visible to anyone within (and in some cases outside) the platform, including users without an account.

The User acknowledges that removal, limitation, or deletion of public content may require technical implementation time and that RTLP cannot intervene on copies, sharing, or disclosures already in progress, nor on disclosure by third parties.

Cookie Policy

The platform may use cookies. Cookies are small data fragments stored in the User's browser that may be used for various tracking or technical purposes. For a detailed description of cookie usage by RTLP and third-party providers, please consult the Cookie Policy.

Third-Party Providers

Without prejudice to section 6, the following is a list of third-party providers to whom User Data or Information may be transmitted or who may process such data. We select our Third-Party Providers with particular attention to privacy issues, favoring “privacy-first” policies that minimize data processing or allow anonymization.

Company: BunnyWay d.o.o.

Place of processing: European Union

Bunny.net is a traffic optimization, protection, and distribution service. We use Bunny.net for the storage and distribution of audio-video content published by users. Integration involves BunnyWay processing all or part of the audio/video content requested for publication and ready for public distribution, and distributing such content according to RTLP's instructions.

Company: Cloudflare, Inc.

Place of processing: United States of America

Cloudflare is a traffic optimization, protection, and distribution service. We use Cloudflare to provide Users with a better experience and to protect some of our IT systems. Integration involves Cloudflare filtering all traffic of this Application, i.e., communications between the Application and the User's browser, and allowing the collection of statistical data.

Company: DeepL SE

Place of processing: European Union

DeepL is a multilingual translation service. We use DeepL to translate certain content requested for publication before it is made globally available. Integration involves exchanging texts to be translated (stripped of author-identifying information) with DeepL to obtain one or more translated versions.

Company: Embrace Mobile, Inc.

Place of processing: United States of America

Embrace is a system for tracking technical, performance, or error issues on mobile devices. We use Embrace to identify potential technical, security, or performance issues in applications distributed to end users. Integration involves collecting data related to the device in use and events related to the Gnammus app (such as CPU usage, memory consumption, unhandled errors, crashes, etc.), without access to personal data or application content.

Company: Google LLC

Place of processing: United States of America

Google reCAPTCHA is an abuse and spam protection system for websites. We use reCAPTCHA only on web registration and login pages. Integration involves Google analyzing traffic generated on such pages to authorize data submission. The provider does not have visibility into the data exchanged between the User and Gnammus (e.g., name, password, or other entered data), but may use tracking systems (e.g., cookies) to identify users or browsing devices.

Company: Google LLC

Place of processing: United States of America

These are tools for verifying textual or graphical content. We use them to evaluate certain content requested for publication. Integration involves exchanging texts or audio, video, or image content (stripped of any metadata or author-related information) with Google to receive content evaluations (e.g., potential presence of prohibited content such as violence or racial hatred).

Company: OneSignal, Inc.

Place of processing: United States of America

OneSignal is a push notification delivery system for mobile devices. We use it to send notifications and alerts to users who choose to receive them. Integration involves the provider accepting the user device subscription and delivering messages sent by RTLP (e.g., when a user receives a “like” or when their content is published).

Additional Information on Processing

For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, i.e., files recording interactions that may also contain Personal Data, such as the User's IP address.

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page. Users are therefore encouraged to review this page regularly, referring to the last modification date. Where changes affect processing based on consent, the Data Controller will collect renewed consent where necessary before proceeding.

Upon User request, and in addition to the information contained in this privacy policy, this Application may provide additional and contextual notices regarding specific Services or the collection and processing of Personal Data.

Legal Basis, Rights, and Legal References

The terms of this Privacy Policy are governed by Italian law, in particular by EU regulations on Personal Data Protection and the GDPR.

The processing of your information as described in this Privacy Policy is based on multiple legal grounds.

User rights vary depending on the applicable legal basis. In general, regardless of the legal basis, Users always have the right to request access to, rectification of, and deletion of their information.

We process information necessary to perform our contracts with you, namely to provide the services described inthe Gnammus Terms of Use.

We process information for which you have given consent. Where processing is based on consent, the Data Controller may retain Personal Data longer until such consent is withdrawn. The Data Controller may also be required to retain Personal Data for a longer period to comply with legal obligations or orders from authorities.

At the end of the retention period, Personal Data will be deleted. Until that time, the User has the right to withdraw consent.

We process information as necessary for our legitimate interests and those of others, including providing an innovative, personalized, secure, and profitable service. Legitimate interests also include obligations to process or retain data to comply with legal requests.

We process information to the extent necessary for public interest purposes, such as research, security, protection, integrity, or the exercise of public powers vested in us.

We process information to protect individuals or prevent harm (e.g., to save lives or safeguard physical integrity).

We process information as necessary to comply with obligations imposed by law or binding legal acts.

If you have doubts about the legality or legal basis used for processing specific data, you may contact us for clarification.

In all cases, within the limits of the law, Users have the right to:

• withdraw consent at any time;
• object to the processing of their Data;
• access their Data;
• verify and request rectification;
• obtain restriction of processing;
• obtain deletion or removal of Personal Data;
• receive their Data or have them transferred to another controller;
• lodge a complaint.

Personal Data may be used by the Data Controller in legal proceedings or in preparatory phases for the defense against abuse in the use of this Application or related Services.The User declares awareness that the Data Controller may be required to disclose Data by order of public authorities.

Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the provided contact details.The Data Controller will make all reasonable efforts to resolve disputes through mediation bodies.Unless otherwise provided by law, the competent forum for disputes shall be the Court of Milan.