1. Who We Are (Data Controller)
Porralia ("we", "us", "our") is the data controller responsible for your personal data collected through the Porralia application. For data protection enquiries, you can reach us at:
Data Protection Email: dpo@porralia.com
Entity: Porralia
Address: [Insert registered address], Spain
2. What Data We Collect
We collect and process the following categories of personal data:
2.1 Data You Provide Directly
- Account information: email address or phone number, display name.
- Pool content: pool names, questions, answer options, and predictions you create or submit.
- Invitation data: email addresses or phone numbers of people you invite to Pools.
2.2 Data Collected Automatically
- Usage data: pages viewed, features used, actions taken within the App, timestamps.
- Device information: device type, operating system, browser type, screen resolution.
- Log data: IP address, access times, error logs.
2.3 Data We Do Not Collect
✓ We do not collect precise geolocation data.
✓ We do not collect biometric data or special categories of data as defined under Article 9 of the GDPR.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under the GDPR:
| Legal Basis | Purpose |
|---|---|
| Contract (Art. 6(1)(b)) | Providing the Service: account creation, pool management, scoring, and point distribution. |
| Legitimate Interest (Art. 6(1)(f)) | Improving the App, preventing fraud, ensuring security, and analysing aggregated usage patterns. |
| Consent (Art. 6(1)(a)) | Sending optional marketing communications and push notifications. You may withdraw consent at any time. |
| Legal Obligation (Art. 6(1)(c)) | Complying with applicable laws, regulations, or court orders. |
4. How We Use Your Data
We use the data we collect for the following purposes:
- To create and manage your account.
- To enable Pool creation, participation, and scoring.
- To deliver invitations on your behalf to the people you choose to invite.
- To communicate with you about your account, Pools, and Service updates.
- To improve the App's functionality, performance, and user experience.
- To detect and prevent fraud, abuse, and security threats.
- To comply with legal obligations.
5. Who We Share Your Data With
We do not sell your personal data. We may share data in the following limited circumstances:
- With other Pool participants: Your display name and predictions are visible to other members of a Pool you have joined. Pool organisers can see all participant predictions.
- With service providers: We use trusted third-party providers for hosting, analytics, and email delivery. These providers process data on our behalf under data processing agreements that comply with the GDPR.
- For legal reasons: We may disclose data if required by law, regulation, legal process, or governmental request.
We do not share personal data with advertisers or unrelated third parties.
6. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy:
- Account data: Retained for the duration of your active account, plus 30 days after account deletion to allow for reactivation requests.
- Pool data (questions, predictions, results): Retained for 24 months after the Pool closes, then anonymised for statistical purposes.
- Log and usage data: Retained for up to 12 months, then deleted or aggregated.
- Invitation data (third-party contacts): Deleted within 30 days of the invitation being sent, unless the invitee creates an account.
8. Your Rights Under the GDPR
As a data subject in the EU/EEA, you have the following rights:
To exercise any of these rights, contact us at dpo@porralia.com. We will respond within 30 days of receiving your request.
9. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Access controls limiting data access to authorised personnel.
- Regular security audits and vulnerability assessments.
- Secure password storage using industry-standard hashing algorithms.
While we take reasonable steps to protect your data, no system is completely secure. We encourage you to use a strong, unique password for your Porralia account.
10. Children's Privacy
Porralia is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without verified parental consent, we will take steps to delete that information promptly.
If you believe a child under 16 has provided us with personal data, please contact us at dpo@porralia.com.
11. Cookies and Similar Technologies
Porralia may use cookies and similar technologies to:
- Keep you logged in and remember your preferences.
- Analyse how the App is used to improve performance.
- Detect and prevent security threats.
We use only strictly necessary and functional cookies by default. Analytics cookies are only enabled with your consent, which you can manage in the App's settings. For more details, refer to our Cookie Policy (available within the App).
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When material changes are made, we will notify you through the App or by email. The "Last updated" date at the top of this document indicates when the most recent revision was made.
13. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:
Data Protection Contact: dpo@porralia.com
General Support: support@porralia.com
Postal Address: Porralia, [Insert registered address], Spain