Privacy Policy of HOBB App

# HOBB APP – PRIVACY POLICY ## 1\. GENERAL PROVISIONS 1.1. This Privacy Policy is intended to inform how the Controller complies with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “**GDPR**”). It further explains how the Controller collects, processes, and protects your personal data in connection with your use of the Application and related services, as well as your rights in relation to such data processing. 1.2. Capitalized terms used in this Privacy Policy have the meanings assigned to them in section 2.1 of the Terms of Use, unless otherwise defined herein. ## 2\. DATA CONTROLLER 2.1. Your personal data collected in connection with the use of the Application is processed by the Controller \- HOBB Media sp. z o.o., with its registered office in Białystok, Żurawia street 71/3.18, 15-540 Białystok, entered into the Register of Entrepreneurs kept by the District Court in Białystok, 12th Commercial Division of the National Court Register under number KRS: 0001152323, Tax Identification Number (NIP): 9662201995, REGON: 540758090, with a share capital of PLN 120.000 (hereinafter referred to as the “**Controller**” or the “**Service Provider**”). 2.2. You may contact the Controller as follows: 2.2.1. by traditional mail at the correspondence address: Żurawia street 71/3.18, 15-540 Białystok; 2.2.2. by electronic mail at: hello@hobb.media ## 3\. PROCESSED DATA 3.1. In connection with the use of the Application, the Controller collects and processes the following categories of data and information: 3.1.1. Information provided by you within the Application: 3.1.1.1. account information: username, profile picture; 3.1.1.2. contact information: e-mail address; 3.1.1.3. optionally – additional information: age, gender, phone number, personal description, and any other information, data, and content if you choose to provide it through any of the Application’s features; 3.1.2. Information collected automatically, provided that there is an appropriate legal basis for their processing: 3.1.2.1. location information; 3.1.2.2. information about the type of Device you use, its settings, operating system, and unique identifier; 3.1.2.3. data regarding activity within the Application (e.g., browsing history of Content, interactions with other Users) \- collected via tracking cookies; 3.1.2.4. data derived from activity, such as interests or preferences regarding plants \- obtained from tracking cookies; 3.1.3. Information obtained from third-party providers, including: 3.1.3.1. Clerk Inc., Functional Software Inc., Google Ireland Limited, RevenueCat Inc., Apple Inc., PostHog Inc. 3.2. Providing data through the Application, including forms specifically designated for this purpose, is voluntary; however, it may be necessary to conclude agreements between you and the Controller and for the proper performance of specific services and purposes. If provision of specific data is necessary for using the Application or its features, the corresponding fields will be marked as mandatory. 3.3. Regardless of the processing of data by the Controller, external entities cooperating with the Controller (in particular those indicated in point 3.1.3) may collect and process User data other than that indicated in point 3.1. above, subject to obtaining the appropriate consent of the User. In order to obtain information about the purposes and methods of processing by these entities, the User should read their privacy policies. ## 4\. PURPOSE AND SCOPE OF PROCESSING 4.1. Your personal data is collected by the Controller through the Application and depending on your relationship with the Controller is processed: 4.1.1. when you register – for the purpose of taking actions prior to concluding the agreement for the use of the Application and the agreement for the provision of services under the HOBB+ Subscription, including verification of your contact details – pursuant to Article 6(1)(b) of the GDPR; 4.1.2. when you use the Application – for the purpose of performing agreements between you and the Controller, including the agreement for the use of the Application and the agreement for the provision of services under the HOBB+ Subscription, in accordance with the provisions of the Terms of Use – pursuant to Article 6(1)(b) of the GDPR; 4.1.3. when you share your location – for the purpose of confirming your location, e.g., during Account Registration or publishing an Offer – based on your consent, i.e., Article 6(1)(a) of the GDPR; 4.1.4. when you submit a Complaint – for the purpose of considering it and providing a response – pursuant to Article 6(1)(b) of the GDPR; 4.1.5. when you contact us regarding other matters, e.g., suggesting improvements – for the purpose of providing a response based on the Controller’s legitimate interest, which is to provide increasingly better services – pursuant to Article 6(1)(f) of the GDPR; 4.1.6. if you subscribe to our newsletter – for the purpose of its distribution and marketing of the Controller’s own products and services, which constitutes a legitimate interest of the Controller – pursuant to Article 6(1)(f) of the GDPR; 4.1.7. if you give consent upon the Controller’s specific request – pursuant to Article 6(1)(a) of the GDPR, i.e., based on your consent (this also applies to optional cookies, as described below); 4.1.8. for the purpose of improving your experience with the Application through customization and enhancement of available Content, as well as for conducting statistics – pursuant to Article 6(1)(a) of the GDPR, i.e., based on your consent; 4.1.9. for the purpose of ensuring IT security – which constitutes a legitimate interest of the Controller – pursuant to Article 6(1)(f) of the GDPR; 4.1.10. for the purpose of establishing, exercising, or defending claims – which constitutes a legitimate interest of the Controller – pursuant to Article 6(1)(f) of the GDPR; 4.1.11. for the purpose of fulfilling obligations under applicable law, in particular handling requests submitted under Articles 15–22 of the GDPR, complying with accounting and tax regulations, as well as possible obligations related to verifying business users – pursuant to Article 6(1)(c) of the GDPR. 4.2. The Application is not designed for sharing sensitive data, i.e., revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health-related information, or sexual orientation. We recommend not to disclose such data in the Application. Should you choose to do so, such data will be processed as data made public by you, the data subject – pursuant to Article 9(2)(e) of the GDPR. 4.3. In cases where data is processed to prepare for the conclusion of an agreement and verification of contact details, personal data will be processed and retained until all pre-contractual actions are completed, and if an agreement is concluded – until its performance, expiration, termination, or withdrawal, and subsequently for the maximum period for limitation of claims arising from the use of the Application. 4.4. In the case of handling Complaints, personal data will be processed and retained until the statute of limitation period for claims arising from such Complaints expires. 4.5. In cases where personal data is processed for the purpose of fulfilling Controller’s legitimate interests (other than for the purpose of asserting or defending against claims), data will be processed and retained until an effective objection to such processing is submitted, and within the periods regarding cookies specified below. 4.6. In cases where personal data is processed based on your consent, personal data may be processed and retained until the withdrawal of the given consent. Consent may be withdrawn at any time by contacting the Controller using the contact details provided above. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. 4.7. In cases where personal data is processed to fulfill obligations arising from applicable law, personal data will be processed and retained until such obligations are fulfilled, including, for example, until the request submitted under GDPR is reviewed and the data subject is informed of the outcome, or until the mandatory retention period for accounting documents expires. 4.8. With regard to data processed for statistical or analytical purposes, such data will be stored for the period necessary to achieve the purpose of processing, after which it will be permanently deleted. ## 5\. AUTOMATED DATA PROCESSING 5.1. Your personal data collected by the Controller in connection with the use of the Application may be processed in an automated manner, including for the purpose of ensuring the security of the available Content or preventing fraud. However, such automated processing will not be used to make decisions that would have a significant impact on you (e.g., for differentiating access to the Application or the pricing of paid services based on the collected data). 5.2. The Controller may allow partners and external providers to collect data via the Application in order to present more relevant marketing content and personalized advertisements, subject to the User's prior consent. ## 6\. DATA RECEIVERS 6.1. Access to your personal data may be granted to authorized employees and partners of the Controller, entities with which the Controller has concluded a data processing agreement, or entities to whom the disclosure of your personal data is permitted under applicable law. Accordingly, recipients of your personal data may include the following entities or categories of entities: 6.1.1. institutions or authorities entitled to request access to or receive personal data under applicable law, e.g., the President of the Personal Data Protection Office; 6.1.2. entities providing services to the Controller (such as law firms, accounting offices, auditors, IT system service providers, or providers of other services); 6.1.3. third-party providers and partners of the Controller to whom personal data may be transferred, subject to obtaining appropriate consent, including: 6.1.3.1. online payment operator: Apple Inc.; 6.1.3.2. in-app advertising operator: Google Ireland Limited; 6.1.3.3. owners of social media platforms or other third-party websites where the User chooses to share Content; 6.1.3.4. other partners of the Controller: Clerk Inc., Sentry Inc., RevenueCat Inc, PostHog Inc. 6.2. Detailed information on the personal data processing practices of the external partners and service providers providing access to tools used by the Controller, referred to in section 6.1 above is available in the privacy policies of each of these parties, accessible via their respective websites, including but not limited to: [https://sentry.io/privacy/](https://sentry.io/privacy/), [https://clerk.com/privacy](https://clerk.com/privacy), [https://policies.google.com/privacy](https://policies.google.com/privacy), [https://www.revenuecat.com/privacy/](https://www.revenuecat.com/privacy/), [https://posthog.com/privacy](https://posthog.com/privacy). The Application may also contain links to third-party services over which the Controller has neither ownership nor control. The decision to use these services and to provide them with your personal data is entirely voluntary, although in some cases it may be necessary to initiate or properly provide services by the Controller. ## 7\. TRANSFER OF DATA OUTSIDE THE EEA 7.1. For the purpose of performing certain agreements concluded between you and the Controller, including granting access to the Application and its specific features, the Controller may use the services of third parties and providers registered to conduct business outside the European Economic Area (hereinafter: the “**EEA**”). As a result, your personal data may be transferred outside the EEA. 7.2. Your data may, inter alia, be transferred to Clerk Inc. and Sentry Inc., which are entities registered under the Data Privacy Framework. Their activities, pursuant to the agreement between the United States and the European Union, are recognized as ensuring an adequate level of data protection equivalent to that applicable within the European Union. Further information regarding the Data Privacy Framework is available at: [https://www.dataprivacyframework.gov/](https://www.dataprivacyframework.gov/). ## 8\. YOUR RIGHTS IN RELATION TO DATA 8.1. In connection with the processing of your personal data by the Controller, you are entitled to exercise the following rights: 8.1.1. the right of access to your personal data and to obtain a copy thereof; 8.1.2. the right to rectification of your personal data – which you may also exercise through the user panel within the Application; 8.1.3. the right to data portability with respect to personal data processed in an automated manner and on the basis of consent or an agreement; 8.1.4. the right to erasure of personal data in the circumstances set forth in article 17 of the GDPR; 8.1.5. the right to restriction of processing; 8.1.6. the right to object to the processing of personal data where such processing is based on article 6(1)(f) of the GDPR; 8.1.7. the right to withdraw your consent to the processing of personal data where such processing is based on consent. You may withdraw your consent at any time by contacting the Controller using the contact details indicated above. Withdrawal of consent will not affect the lawfulness of processing carried out prior to its withdrawal; 8.1.8. the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office. ## 9\. DATA SECURITY 9.1. The Controller ensures that access to personal data is granted solely to duly authorized individuals and strictly to the extent necessary to achieve the intended purpose. 9.2. At the same time, the Controller undertakes all reasonable measures to ensure that personal data is processed in a secure manner. Both the Controller and any other entities processing personal data under the principles set forth in this Privacy Policy implement appropriate technical and organizational security measures. ## 10\. COOKIE FILES 10.1. The Application uses cookies. Cookies are small text files stored on a computer or mobile device while using online platforms or websites. The purpose of cookies is, inter alia, to enable the use of various functionalities of a given website or the Application, to maintain a user session, or to confirm that the user has become acquainted with certain content. Cookies may include those that are strictly necessary for the operation of websites as well as those for which the User’s consent is required. 10.2. Within the Application, the Controller and its partners use both proprietary cookies and third-party cookies (i.e., created by other service providers), including: 10.2.1. Classified by their purpose: 10.2.1.1. technical cookies – also referred to as strictly necessary or functional cookies – allow users to navigate the Application and use its features. Technical cookies are used to operate and manage the Application and allow for among others session identification. Importantly, the use of technical cookies does not require your (User’s) consent. 10.2.1.2. analytical cookies – enable the Controller to monitor and analyze User’s behavior within the Application. Data obtained through analytical cookies are used in particular to evaluate the functioning of the Application and to introduce improvements. The use of analytical cookies requires your prior consent, which may be withdrawn at any time in the manner described in section 10.6 below. 10.2.2. Classified by storage method: 10.2.2.1. session cookies – temporary cookies that collect and store data for the duration of a given session of using the Application, i.e., they remain on the User’s Device until the end of a single use of the Application; 10.2.2.2. persistent cookies – remain on the User’s Device for the period specified in their parameters or until deleted by the User. Persistent cookies are not removed after you finish using or close the Application and will continue to be stored on the User’s device, becoming active each time the User accesses the Application. 10.3. The Controller, within optional, analytical cookies that require the User’s prior consent for their collection and processing for analytical purposes, may collect the following categories of data: 10.3.1. information regarding Account creation and login within the Application; 10.3.2. data relating to interactions with the Application, e.g., viewed content; 10.3.3. country, language, and time zone; 10.3.4. location data; 10.3.5. session and Device identifiers; 10.3.6. timestamps, including dates of the first and last sessions; 10.3.7. information on the operating system, Device model, and network operator; 10.3.8. Application version, browser name, and screen resolution; 10.3.9. data regarding interactions with Notifications; 10.3.10. information concerning technical issues within the Application. 10.4. The Controller, within essential technical and statistical cookies, collects the following categories of data: 10.4.1. Application version and installation information; 10.4.2. Data about interactions with the application (e.g., screens viewed); 10.4.3. Country, language, and time zone; 10.4.4. Brightness and volume settings; 10.4.5. Location data; 10.4.6. Processor, RAM, and battery status information; 10.4.7. Operating system version, model, and manufacturer information; 10.4.8. Screen resolution, format, and touch support; 10.4.9. Browser information; 10.4.10. Session and event identifiers. 10.5. The Controller or external entities, in particular Google as part of the Google AdMob service used by the Controller, may also collect other data, such as: interactions with an Application and its contents, for the purpose of delivering tailored advertisements and for analytical and measurement purposes related to these advertisements. Such collection and processing of data by the Controller or external partners is only possible subject to the User’s prior consent to the use of marketing cookies and similar technologies, which consent may be withdrawn at any time in the manner referred to in point 10.6 below. 10.6. The User may disable or limit cookies processing in the Device or Application settings, as well as delete cookies automatically or manually. It should be noted, however, that in such cases the Application may not function or may function improperly or providing the services requested by the User may be completely impossible. More information on how to adjust cookie settings can be found in the Device or Application help panel, as well as at: [https://www.aboutcookies.org/](https://www.aboutcookies.org/). ## 11\. SHARING CONTENT ON THIRD-PARTY WEBSITES 11.1. The Controller also enables sharing of Content available within the Application using features available within the Device. Activation of the sharing function occurs upon the User’s selection of the “share” button available in the Application. As result of such sharing, a hyperlink to the Content will be generated, which may be published on the selected social media platform or any other site supporting such functionality. Without explicit actions by the Users, the Application will not share or transfer any information to any third-party websites, during the use of the Application. 11.2. Social media platforms and other third-party sites on which the User elects to publish Content using the sharing functionality may process the User’s personal data in accordance with their respective privacy policies. Detailed information regarding such processing is available on the websites of such platforms or sites. ## 12\. FINAL PROVISIONS 12.1. To exercise the rights listed in section 8.1 of the Privacy Policy and for any other matters referred to in this Privacy Policy, as well as to obtain answers to any questions regarding the processing of personal data, you may contact the Controller using the contact details provided in section 2.2 of this Privacy Policy. 12.2. The Controller reserves the right to amend this Privacy Policy, in which case undertakes to appropriately inform all Users. 12.3. This Privacy Policy is the current version, adopted and effective as of February 20, 2026\. --- ### **This document is an attachment to:** HOBB APP – TERMS OF USE ([LINK](terms-of-use-eng.html))