Privacy Notice

This Privacy Notice describes how Samsann Sweden AB (company registration number 559239-4257) ("we", "our" or "us") processes personal data in connection with the operation and provision of the App. The App ("the App") refers to the mobile application intended to provide features designed to support users in nurturing and developing their relationships through the App's functionalities.

References to "you", "your" or "yours" refer to the natural person whose personal data is being processed (the data subject).

In this Privacy Notice, we explain, among other things:

• which personal data is processed,
• for what purposes the processing takes place and on what legal basis,
• how long the personal data is stored,
• which recipients may gain access to the data, and
• which rights you have under the EU General Data Protection Regulation 2016/679 ("GDPR").

Personal Data About You That You Provide Yourself

We obtain access to your personal data that you provide yourself in connection with your use of the App, for example but not limited to when you: create a user account in the App; use the App's features (e.g., by entering information related to relationships, activities, reminders, or similar); communicate with us via the App or through the provided contact details for support or other inquiries; or choose to receive notifications or other communication related to your account in the App. Which personal data about you that you provide depends on how you choose to use the App and which features you activate.

Personal Data About You That Is Collected Automatically When Using the App

When you use the App, certain personal data about you is collected automatically, for example but not limited to technical information about your device and how you use the App. Such information is collected to enable the App's functionality, security, and further development. More detailed information about this data is provided in section 7 below.

Personal Data About Other Individuals Registered by Users

The App allows users to register notes, goals, and other content that may contain personal data about individuals other than the user, for example names. Such personal data is processed only to the extent necessary to provide the App's features to the user. In these cases, we generally have no possibility of identifying or contacting the individuals to whom the personal data relates, and we do not actively monitor the content of users' notes. For these reasons, we may not always be able to provide information to the individuals concerned in accordance with Article 14 of the GDPR. In such cases, the exemption in Article 14(5) of the GDPR applies.

We process only personal data that is adequate, relevant, and necessary to provide and administer the App and to fulfill the App's Terms of Use, in accordance with the principle of data minimization under the GDPR. The categories of personal data that may be processed primarily include the following:

• Identifying data, such as first name, last name, and profile picture.
• Contact details, such as email address, telephone number, and postal address.
• Account details, such as user ID.
• Personal data that you register yourself in the App, for example information related to relationships, activities, reminders, notes, or other information that you choose to save or share within the App's features.
• Technical and usage-related data, such as information about the device, device name, operating system, language settings, app version, and how and when the App is used.
• Notification data, such as information related to push notification and reminder settings.

The App is not designed for you to provide sensitive personal data (e.g., data concerning ethnic origin, political opinions, religious or philosophical beliefs, health, sex life, or sexual orientation), and we do not request such data. However, sensitive personal data may be processed if you choose to enter it yourself in the App, for example in free-text fields. We therefore recommend that you do not register sensitive personal data in the App. If you nevertheless choose to provide such data, this is done on your own initiative, and the data will then be processed as part of the content you register in the App.

More detailed information about which personal data is processed for specific purposes is provided in section 7.

We process personal data only for specific, explicitly stated, and legitimate purposes in accordance with the principle of purpose limitation. The processing is primarily based on one of the following legal bases:

• Consent (Article 6(1)(a) GDPR): You have given your consent to our processing of your personal data for specific purposes. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
• Contract (Article 6(1)(b) GDPR): The processing of your personal data is necessary in order to enter into or perform a contract with you.
• Legal Obligation (Article 6(1)(c) GDPR): We are required to process your personal data in order to comply with legal obligations.
• Legitimate Interest (Article 6(1)(f) GDPR): The processing of your personal data is necessary for the purposes of our legitimate interests or those of a third party, following a balancing of interests against your rights and freedoms.

In certain cases, providing personal data to us is voluntary. However, if you choose not to provide certain personal data, for example data required to create and administer a user account, this may mean that we are unable to provide the App to you or handle certain requests.

When processing is based on legitimate interest, we have carried out a balancing test and assessed that a legitimate interest exists and that the processing does not infringe upon your right to privacy and data protection.

We retain personal data only for as long as necessary for the purposes for which it was collected or as long as required to comply with legal obligations, in accordance with the principle of storage limitation. The retention periods specified in section 7 refer to the normal retention period. In certain situations, personal data may need to be retained longer. When personal data no longer needs to be retained, it is deleted or anonymized. Personal data may temporarily remain in technical backups (normally within thirty (30) days).

Our objective is to always process personal data within the EU/EEA. However, in certain cases, personal data may be transferred to and processed outside the EU/EEA. To ensure an adequate level of protection, we implement appropriate safeguards, including standard contractual clauses approved by the European Commission. You may contact us for more information about the safeguards used and, where applicable, to obtain a copy of the relevant standard contractual clauses.

Personal data is only shared to the extent necessary for the purposes set out in this Privacy Notice.

1. Authorities: We may share personal data if we are legally obliged to do so (e.g., to the Police, the Swedish Tax Agency, or the Swedish Authority for Privacy Protection) or in connection with an investigation, to prevent crime, or to protect our business.

2. Processors: We cooperate with service providers (e.g., app developers, IT providers) who process personal data on our behalf in accordance with our instructions and data processing agreements (Article 28 GDPR).

3. Other Independent Controllers: In certain cases, we may share personal data with external parties who act as independent controllers (e.g., in connection with business transactions). When purchasing the premium version, payment data is processed by the app store or payment service providers as independent controllers. The App may contain links to or integrations with external services; such third parties are responsible for their own processing.

As a data subject under the GDPR, you have the following rights, among others:

• Right to information – clear information about how we process your personal data.
• Right of access – request a copy of your personal data and information about the processing.
• Right to rectification – have inaccurate or incomplete data corrected.
• Right to erasure ("the right to be forgotten") – under certain conditions, request erasure of your data.
• Right to restriction of processing – request that processing be restricted under certain circumstances.
• Right to data portability – receive data in a structured, machine-readable format and have it transferred to another controller where technically feasible.
• Right to object – object to processing based on legitimate interest; you always have the right to object to processing for direct marketing, in which case we must cease such processing.
• Right not to be subject to automated decision-making – not to be subject to decisions based solely on automated processing or profiling that significantly affects you. We do not carry out such decision-making.

You may contact us using the contact details below to exercise your rights. Exercising your rights is free of charge, unless your request is repetitive, unfounded, or excessive (in which case we may charge a reasonable fee or refuse the request). We may need to verify your identity. We will respond within one month; in complex cases, the response period may be extended by up to two months (we will inform you of any extension within the first month). Certain rights apply only under specific conditions; if we are unable to comply with your request, we will inform you of the reasons.