FREEHOUR PRIVACY POLICY

Version 4.2

  1. 1. Who are we; what does this policy cover; who is the data controller?

FreeHour Limited, a company registered under the Laws of Malta, bearing company registration number C 82326 (“we”, “us” or “FreeHour”) operates a platform, accessible through a mobile application (“FreeHour App”) which is essentially aimed for students to keep

the schedule of lectures (timetable) readily available in electronic format. Moreover, this application allows students to easily check and confirm the availability of their friends during specific hours.

FreeHour shall be deemed to be a data controller for the processing of personal data pursuant whilst using the FreeHour App. Accordingly, the document applies to the processing of such personal data carried out by FreeHour in its capacity as data controller.

This policy is intended to provide a high-level overview of the personal data that is collected by us whilst you are using the FreeHour App, and thus deals with:

  1. (a) how this personal data is collected;
  1. (b) why do we need to collect such personal data; and
  1. (c) how we comply with the provisions of laws relating to the protection of personal data as applicable to us, in particular Regulation (EU) 2016/679 (“GDPR”).

This Privacy Policy is without prejudice to the contents of the Career Module Privacy Policy, the document specifically intended to solely govern and regulate the processing of personal data relating to the use of the Career Module.

Throughout this document, we will be using certain specific terms. Since our intention is that this document is easily understood, we would like to clarify what these terms are intended to refer to. Naturally, if anything is unclear, please do not hesitate to get in touch with us.

In terms of the provisions of the GDPR, the term “personal data” is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’)’. Furthermore, the term “processing” is also given a wide meaning and is defined as ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.’ This includes collection, recording, storage, adaptation, and use of personal data.

If you are under the age of 18, you should review this text together with your parent or legal guardian to make sure you both understand them. We are not responsible for checking your age but sometimes we still do verification checks. If we learn that you are under the age of 18 and that we have collected information about you without consent from your parent or legal guardian, we will delete the information as soon as possible and you will not be able to use the FreeHour App.

  1. 2. How do we collect personal data?

We collect or get access to your personal data as follows:

  1. a. Information you give us directly:
  1. i. personal data that relates to your details that you provided to us during the account opening process and/or registration details, specifically your (a) email, name and surname, (b) the school you are attending (or have attended) and details of the course you are reading for (or have graduated at) and (c) where you chose to do so, your profile picture (hereinafter “Account Personal Data”);
  1. ii. Personal data that you make available to us whilst corresponding with us, both offline and online;
  1. iii. personal data that you upload, disclose, or otherwise choose to make available whilst using the FreeHour App (“the Additional Personal Data”). The personal data that we get or otherwise process depends entirely on how you choose to use the FreeHour App and interact with us, specifically as follows:

If you choose to upload your timetable, we will be processing the details that you provide for each lecture. The relevant details consist of the following (i) title of the lecture, (ii) start and end time, (iii) Venue, (iv) Repetition (if applicable) and (v) any notes that you may choose to add.

Furthermore, you may also choose to track any missed lectures. You can do so either by accessing your time-table and marking that particular lecture as “missed” or manually adding the relevant details through the “Track – Attendance” functionality. Whilst we give you the option to add the reason for missing that particular lecture, we strongly encourage you to refrain from including any health or medical data.

You may also choose to track (a) tasks and (b) exams. The relevant details and personal data that we will be processing consist of the following:

  1. (i) Tasks – Title of the particular task, due date and time, whether the task is completed and any notes you may choose to add;
  2. (ii) Exams – Title of the exam, start and end time along with any notes you may choose to add.

We also give you the option to share a task with specific friends. When you share a task, that specific friend will receive full updates of all the details you will include in the future regarding that specific task.

  1. b. Information that we collect about you automatically through your use of FreeHour App, such as the sections you have visited, the content you have accessed, the adverts you have clicked and the frequency and duration of your visits.
  1. c. In addition to the above, please note that we will also collect certain data about your device or browser automatically via log files, such as your Media Access Control (MAC) address, device ID, operating system name and version, browser type, and device manufacturer and model. We may also collect your IP address. We use data about your device to ensure our solutions (including the FreeHour App) functions properly, diagnose server problems, and administer our software solutions (including the FreeHour App) and the services we provide.
  1. d. FreeHour provides users with the option to log in to the FreeHour App seamlessly by using their Facebook credentials. To streamline account creation, we offer the possibility to use your Facebook credentials for both initial account setup and subsequent access. If you choose this option, we will collect specific information from your Facebook profile, namely your name, surname, email address, and profile picture (“Facebook User Data”). We will use this information solely as follows: (a) name and surname - for your account creation process and identification; (b) the profile picture - used solely for creating an avatar which avatar is visible for other users who are searching for friends or viewing a time table, always within the FreeHour App; (c) the email address - exclusively used for authentication purposes.
  1. 3. Why do we process personal data and what is the legal basis for doing so?

We use the personal data referenced above to administer and perform our services, including to carry out our obligations arising from the FreeHour TOS.

[a]In terms of the FreeHour TOS, we are contractually bound to provide you with certain services, namely access to the features and functionalities of the FreeHour App.

In order to comply with and meet our legal and contractual obligations, we will be processing your personal data (comprising of both Account Personal Data and Additional Personal Data), so we are in a position to:

  1. (a) enable you to upload and view your schedule of lectures;
  1. (b) allow you to track tasks, exams and attendance to lectures;
  1. (c) enable you to track your upcoming stipend; and
  1. (d) provide you with promotions, discounts and offers.

Furthermore, but only if you choose to do so, we will share certain data about you with third parties. More details about such sharing is set out in point 4 and 5 of this Privacy Policy.

Our legal basis to process such personal data is performance of a contract, in accordance with the provisions of Article 6(1)(b) GDPR.

  1. [b] As indicated in point 2(d) above, we also process Facebook User Data but only in relation to those users who voluntarily choose and consent to use their Facebook credentials to create an account with FreeHour and thereafter login their account. We will use this information solely as follows: (a) name and surname - for your account creation process and identification; (b) the profile picture - used solely for creating an avatar which avatar is visible for other users who are searching for friends or viewing a time table, always within the FreeHour App; (c) the email address - exclusively used for authentication purposes. The legal basis for the processing of such Facebook User Data is consent.

Point 7 offers an overview of the data subject rights to which you are entitled and guidance on how to exercise those rights. Additionally, irrespective of the aforementioned, you have the option to:

  1. [i] Request Data Deletion In-App - by clicking the “delete account” button in the Profile section of the FreeHour App - this action will send a request to FreeHour, resulting in the automatic delation of your account along with any data and information associated with it from our system and other third party systems.
  1. [ii] Request Data Deletion Manually - Alternatively, users may manually request their data delation by reaching out to hello@freehour.eu, resulting in the automatic delation of your

account along with any data and information associated with it from our system and other third party systems.

  1. [iii] unlink your FreeHour account from your Facebook account by following the instructions on the Facebook page (currently, Settings -> Apps and Websites). If you choose to unlink your accounts, we will no longer have authorisation to access the Facebook User Data associated with you. To regain access to the FreeHour App after unlinking your account, you will be required to create a new account by following the instructions provided within the FreeHour App.
  1. [c] Moreover, we will process other personal data when we have a proper reason for doing so, and particularly to manage your use of the FreeHour App, as further set out hereunder:

Purpose

Description

Legal Basis

Management of to administer and perform our services, c o n t r a c t  p e r f o r m a n c e ;

c   l   i   e   n   t

including  to  carry  out  our  obligations

legitimate  interests

(to

relationship

&

arising from the FreeHour TOS and any

enable  us  to  perform  our

c u s t o m e r

agreements  entered  into,  to  provide

obligations  and  provide

our

support

customer  service  and  to  engage  third

services to you).

party contractors

  1. Business - To collect and anonymise data for Legitimate interest (to Intelligence & statistical and benchmarking purposes. improve user experience and

Analytics our solutions).

Safeguard of our

to  keep  our  software  solutions  and l e g i t i m a t e i n t e r e s t

( t o

interests

infrastructure

secure, including through

safeguard  our  interests);

identity  management  and  security

Legal Obligation

monitoring  to  detect,  prevent  and

respond  to  suspicious  activity,  fraud,

intellectual

property  infringement,

misuse of the FreeHour App, violations

of our terms or law and for other similar

purposes;  to  establish,  exercise  or

defend legal claims.

Business  take- To make certain information available to Legitimate interests (to over third parties that may be interested in ensure that we are able to acquiring our business (either prior to or sell our business, should we as  part  of the  transaction). This decide to do so). includes,  amongst  others,  any  merger, sale,  restructure,  acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock.

Prior to relying on legitimate interest as a legal basis for data processing, we have conducted a balancing test in accordance with the provisions of the GDPR.

If you fail to provide personal information

Whilst we respect your choice not to share personal data, please note that if you decide not to provide personal data, you will not be able to fully benefit from the functionalities offered by the FreeHour App.

Please note that even if you choose not to provide personal data, we may still collect certain data, as outlined in our privacy policy.

  1. 4. Adding Friends and sharing personal data.

We allow users of the FreeHour App to search for other users.

By opening an account, you understand and agree that all other users of the FreeHour App may find you through a search using either your name, surname or the email address you provided when registering for your account. The search results will be limited and restricted to your name, surname and your profile picture (if you choose to include one).

Please only send friend requests to people you know.

We encourage you to accept friend request only from people you trust. When you accept a friend-request, they will also get access also to the course you are reading or have completed.

Please be careful and ensure that you are comfortable with sharing such course-related information before adding friends.

We allow you to control the way friends may interact with you in the following ways:

  1. (i) you have the option to decide whether you want to allow friends to view which free slots you both have in common;
  2. (ii) you are free to choose whether to allow friends to view your timetable for the next 7 days.

In relation to (i) and (ii) above, you have the option to apply universal settings, where you decide whether, by default, friends should or should not have access to your timetable and common free slots. Alternatively, you can set access permissions individually for each friend. The universal settings will be automatically applied, but you retain the flexibility to customize the settings for specific friends according to your preferences.

  1. (iii) we also give you the option to choose to remove a friend at any time. When you remove a friend, they will no longer have access to your free slots or time-table. This removal process happens automatically when we process your request.
  1. 5. Do we share or make personal data available to other third parties?

Promos

In the lifestyle section, we regularly publish promotions, discounts and offers (“promo(s)”) by third-party advertisers. To redeem a promo, you will be typically required to follow three (3) steps, specifically (i) clicking on a particular promo that interests you and confirming that you are happy with the terms, (ii) clicking on the “Claim Offer Now” button (or similar) to initiate the promo redemption process. This action will prompt a “Redeem this Offer” pop-up to appear. Confirm your redemption by clicking on the “Redeem” button, which will prompt the final “Redeem Offer” popup to appear along with a countdown (“the confirmation popup”). Once you have completed these steps, you can show your mobile device with the FreeHour App, displaying the confirmation popup to that specific third-party advertiser.

Since this confirmation popup shows that you qualify for the promo, this should be enough for the third-party advertiser to allow you to redeem that particular promo. There is no need for the third-party advertiser to scan your mobile, or otherwise collect any other information directly from you. We have designed our system in this way to avoid having to give any personal data concerning you to such third-party advertisers when you choose to redeem a promo.

FreeHour is not responsible for the data processing practices of any third-party advertiser, which may differ from the contents of this document. If you choose to share your personal data to such third-party advertisers, we encourage you to review the relevant privacy notices set out by such third-party advertisers before proceeding. Please note that FreeHour cannot be held responsible for the data processing practices of third-party advertisers and encourages users to exercise due diligence and caution when interacting with such entities.

Advertisers

We prioritise your data privacy and do not share any of your personal data with advertisers.

However, we may provide them with aggregated data, which does not contain any personally identifiable information. Aggregated data is compiled and summarised from multiple users in a way that no individual user can be identified. This data helps advertisers gain insights into general user trends and preferences without compromising your personal information. Rest assured that your privacy remains protected, and any data shared in aggregated form is done so in accordance with our privacy policy and applicable data protection regulations.

Other

In addition to this, we will also share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you, and as otherwise provided hereunder.

We also share personal data with:

  1. (a) Third party service providers – from time to time, and always subject to us complying in full with Article 28 GDPR, we engage a number of third parties to provide us with certain services and in doing so, certain types of personal data may be required to be provided to such third-party service providers. These include third parties providing accountancy services, sales, and customer & IT support;
  1. (b) Regulatory authorities, departments or law enforcement agencies, when we are required, or permitted to do so by law;
  2. (c) Any other person or entity but solely when we are expressly authorised to do so, such as when you provide us with your consent; and
  3. (d) A prospective buyer or any of its advisors, where relevant, in the course of a due diligence exercise or as part of a corporate transaction.
  1. 6. Is the information transferred outside of the EEA?

Currently, all personal data is processed in Malta and the European Economic Area (EEA). It is however possible that personal data will be made available or otherwise processed outside of the EU, namely when we engage third-party contractors.

If we do so, we will take adequate measures to ensure that personal data is safeguarded to the same standards as it would have been if processed in the EU, by relying on one of the following:

  1. (a) We will ensure that personal information is sent to a country that is considered to provide an adequate level of data protection, in terms of any adequacy decision adopted by the European Commission, in accordance with the provisions of article 45 of the GDPR;
  1. (b) We will enter into agreements that impose a legal obligation on the recipient to protect personal data in accordance with the provisions of the GDPR.
  1. 7. Can you request that your data is deleted?

Yes, you surely can. In fact, we provide you with a number of options through which you can exercise this right, in particular by:

  1. [i] Requesting Data Deletion In-App - by clicking the “delete account” button in the Profile section of the FreeHour App - this action will send a request to FreeHour, resulting in the automatic delation of your account along with any data and information associated with it from our system and other third party systems; or
  1. [ii] Requesting Data Deletion Manually - Alternatively, users may manually request their data delation by reaching out to hello@freehour.eu, resulting in the automatic delation of your account along with any data and information associated with it from our system and other third party systems.

Furthermore, but only if you previously chose to login to FreeHour through your Facebook account, you can also unlink your FreeHour account from your Facebook account by following the instructions on the Facebook page (currently, Settings -> Apps and Websites). If you choose to unlink your accounts, we will no longer have authorisation to access the Facebook User Data associated with you. To regain access to the FreeHour App after unlinking your account, you will be required to create a new account by following the instructions provided within the FreeHour App. Furthermore, please not that, unless you create a new account within 48 hours from this notification, your account (and all associated data) will be deleted.”

  1. 8. Do you have any other rights in relation to your data?

We are fully committed to ensure compliance with the GDPR. The GDPR grants data subjects a number of rights that can be exercised in certain circumstances, including:

  1. (a) Right of access (subject access request)
  1. (b) Right of rectification
  1. (c) Right of erasure
  1. (d) Right of restriction
  1. (e) Right to object
  1. (f) Right of data portability.

We do not carry out any automated decision-making or profiling.

In those occasions where we have indicated that we are basing our processing on our legitimate interest, please note that in terms of Article 21 GDPR, you have the right to object to that processing. Whilst we will fully respect your decision, please note that we will not be able to provide you with the full functionalities of the FreeHour App without being able to process your personal data.

Where the legal basis of processing is based solely on your consent, you may withdraw such consent at any time by notifying us accordingly. This shall be without prejudice to the lawfulness of processing based on consent before such withdrawal.

For more information about these rights and how to exercise them (when we are acting in our capacity as data controllers), kindly contact us on the contact details set out hereunder.

  1. 9. For how long do we retain personal data?

The length of time for which we hold personal data depends on a number of factors, such as regulatory rules and any legal requirements. If you would like further information about our data retention policies, please get in touch with our data protection officer on the contact details set out hereunder.

  1. 10. Where can I get more informa7on about your data handling policies?

We have appointed a data protection officer (in terms of the GDPR), to oversee compliance with the GDPR and general data protection related queries. If you need more information about this this privacy notice or how we handle personal information, please contact the data protection officer, Zach Ciappara on zach@freehour.eu.

Our registered address is situated at:

FreeHour Limited

Salis Residence,

Blk A, 12 Triq Il Qala

St. Paul's Bay SPB 1640

Malta

  1. 11. Can I file a complaint?

If you are not satisfied with the way we manage personal data, you have the right to file a complaint with any relevant data protection authority (particularly the one situated where you habitually reside). Contact details of the competent authority in Malta are as follows:

Address - Information and Data Protection Commissioner, Floor 2, Airways House, High Street, Sliema, SLM 1549, Malta.

Telephone - (+356) 2328 7100

Email - idpc.info@idpc.org.mt

Version 4.2

Date: 2nd February 2023

Changes to the Privacy Policy - We may alter these terms at any time, but in any case we will inform you accordingly, by means we deem reasonable in the circumstances. In the event of any conflict between the current version of these terms and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.

Do not include details that reveals your race or ethic origin, political opinions, religious or political beliefs, trade union membership, genetic or biometric data, data concerning health or data concerning your sexual life or sexual orientation.