Version: 1.0
Effective date: 12 May 2026
1. Data Controller
1.1 The data controller is swhouse s.r.o., ID No. 29563160, registered office at plukovníka Mráze 1190/10, Praha – Hostivař, 102 00, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, Insert 448534 (hereinafter "controller"), which declares that all personal data processed by the controller are strictly confidential and handled in accordance with applicable national legislation and European Union regulations on personal data protection.
1.2 The controller collects, stores and uses your personal data pursuant to Act No. 110/2019 Coll. on the Processing of Personal Data and Regulation (EU) 2016/679 (GDPR). The individual purposes for which the controller processes personal data are specified below.
1.3 The controller collects this personal data through the GatherApp mobile application and the website at gatherapp.today (hereinafter "service").
1.4 These policies are issued so that you are sufficiently informed about what personal data the controller processes, for what purpose, for how long, who will have access to your personal data, and what rights you have. These policies apply to all personal data collected by the controller, whether collected for the purpose of fulfilling a contractual relationship, a legal obligation, a legitimate interest, or a granted consent.
2. Data Processed
2.1 The controller is authorized to process the following personal data by purpose, category, data subject, recipients, and retention period:
| No. | Processing purpose | Categories of personal data | Data subject | Recipients | Retention period |
|---|---|---|---|---|---|
| 1 | Registration and user account management | Name/nickname, email, password (hash), OAuth identifier (Google, Facebook, Apple) | Registered user | Controller, hosting provider, OAuth providers | For the duration of the account + 30 days after deletion |
| 2 | Provision of app services (map, events, profile) | Profile photo, bio, interests, GPS location, created and visited events | Registered user | Controller, other users (publicly shared content), hosting provider | For the duration of the account |
| 3 | User communication (chat) | Chat messages, sender and recipient identifier | Registered user | Controller, message recipients, hosting provider | For the duration of the account or until deleted |
| 4 | Sending notifications | Email, device push token, user ID | Registered user | Controller, Apple Push, Google FCM, email provider | For the duration of the account |
| 5 | Service security and abuse prevention | IP address, device identifier, login logs, user and content reports | Visitor and registered user | Controller | Up to 12 months; for reports until the case is closed |
| 6 | Customer and technical support | Email, communication content, technical data | Visitor and registered user | Controller | 3 years from case closure |
| 7 | Statistical and analytical purposes | Anonymised traffic data, device type, OS version | Visitor and registered user | Controller | Up to 24 months |
| 8 | Fulfilment of legal obligations (e.g. cooperation with public authorities) | Data requested by the relevant authority | Registered user | Public authorities as required by law | For the period stipulated by law |
2.2 The individual processing purposes mean the following:
2.2.1 fulfilment of the contractual relationship means: the relationship between you and the controller arising from the registration of a user account and acceptance of GatherApp's General Terms and Conditions, or the conclusion of a premium subscription;
2.2.2 provision of the service means: ensuring the operation of the GatherApp application, including displaying events on the map, user profiles, mutual communication and notifications about activity within the application;
2.2.3 sending commercial communications and offering products and services means: sending information about news and related services by electronic mail (email) or via push notifications in the app;
2.2.4 statistical purposes means: anonymised measurement of traffic, number of app opens, time spent in the service, device type and operating system version. The data is used to improve our services and offer users relevant content;
2.2.5 legitimate interest means: ensuring service security, preventing abuse (e.g. spam, fake accounts, fraud), processing user and content reports, effective defence in the event of a dispute, and direct marketing to existing users. The period of processing personal data for the defence of legal claims is 4 years from the end of the contractual relationship and is extended for the duration of any pending dispute. Legitimate interest also includes ensuring network and information security and reporting criminal offences to the relevant authorities. This list is illustrative only;
2.2.6 fulfilment of other legal obligations means: providing information to law enforcement authorities, providing information to other public authorities, keeping accounting records for paid services, and similar matters.
2.3 We process your personal data for the period strictly necessary to ensure all rights and obligations arising from the contractual relationship, and furthermore for the period during which the controller is required to retain personal data under generally binding legislation, or for the period for which you have granted the controller consent. Otherwise, the processing period follows from the purpose for which the personal data are processed, or is determined by law.
2.4 Personal data are processed by the controller both manually and automatically. The controller is authorised to process certain information automatically, for example to generate statistical information about service traffic or to recommend events based on location.
3. Personal Data Processed on the Basis of Consent
3.1 If we have obtained your consent to process personal data, it was for one of the following purposes:
- processing data about your GPS location for the purpose of displaying events and users in your vicinity;
- sending commercial communications and marketing offers by email or push notifications beyond the controller's legitimate interest;
- publishing profile data (photo, bio, interests) to other users within the service.
You may withdraw your consent at any time in the app settings or by sending a message to info@gatherapp.today.
4. Rights of the Data Subject
4.1 As a data subject, you have the following rights arising from legal regulations, which you may exercise at any time:
- right of access to personal data: you have the right to obtain from the controller information about whether the controller processes your personal data. The controller is obliged to provide this information without undue delay. The content of the information is governed by Article 15 of the GDPR. The controller is entitled to request reasonable reimbursement not exceeding the costs necessary to provide the information;
- right to rectification or erasure of personal data, or restriction of processing: you have the right to have inaccurate or incorrect personal data rectified. If your personal data are no longer needed for the purposes for which they were collected, or are processed unlawfully, you have the right to request their erasure. If you do not wish to request erasure but only a temporary restriction of processing, you may request restriction of processing;
- right to request an explanation if you suspect that the processing of personal data by the controller is contrary to legal regulations;
- right to contact the Office for Personal Data Protection in case of doubts about compliance with obligations related to personal data processing;
- right to data portability: the right to obtain personal data relating to you that you have provided to the controller in a structured, commonly used and machine-readable format, see Article 20 GDPR for more details;
- right to object to the processing of personal data processed for the performance of a task carried out in the public interest or in the exercise of official authority, or for the purposes of the legitimate interests of the controller. The controller will cease processing without undue delay unless it demonstrates that compelling legitimate grounds for processing exist which override your interests, rights or freedoms;
- right to withdraw consent to the processing of personal data at any time, if you have granted the controller consent to process personal data.
5. Cookies
5.1 Cookies are short text files that a website sends to your browser. They allow the site to remember information about your visit, such as your preferred language or display mode. Cookies are used by almost every website in the world; without them, browsing the Internet would be much more complicated.
5.2 The following types of cookies may be used on the controller's website:
5.2.1 Session (temporary) cookies are activated when the browser is opened and deactivated when it is closed. They are used to link your activities during your browsing session (e.g. maintaining login).
5.2.2 Persistent cookies help identify your browser on a return visit and allow the site to be customised to your preferences (e.g. saving your choice of light/dark mode).
5.3 In accordance with Section 89(3) of Act No. 127/2005 Coll. on Electronic Communications, we hereby inform you that our website uses cookies.
5.4 Internet browsers typically include cookie management. In the browser settings you can manually delete, block or completely disable cookies. If you do not allow the use of cookies, some website functions may not work correctly (e.g. remembering login or the selected display mode).
5.5 The controller's website does not use third-party advertising or analytical cookies. The cookies we store serve exclusively to operate the service (login, language, display mode).
6. Recipients of Personal Data and Transfers to Third Countries
6.1 In order to ensure the operation of the service, the controller cooperates with the following categories of processors:
- Hosting and data storage provider — servers located within the European Union (Federal Republic of Germany);
- OAuth login providers — Google LLC, Meta Platforms Ireland Ltd., Apple Inc., if you choose to log in via these services;
- Push notification providers — Apple Push Notification Service and Google Firebase Cloud Messaging;
- Map data — OpenStreetMap Foundation (UK) for displaying the map in the application;
- Payment service provider — Apple App Store and Google Play Store in the case of paid membership.
6.2 User personal data is primarily stored on servers within the European Economic Area. When using the services of certain processors listed in point 6.1 (in particular Google, Meta, Apple), data may be transferred to third countries, especially the United States of America. Transfers are based on standard contractual clauses approved by the European Commission and other safeguards under Article 46 of the GDPR.
7. Information and Questions
7.1 Further information on rights and obligations regarding personal data protection can be obtained at gatherapp.today or by email at info@gatherapp.today.
7.2 For questions regarding the processing of personal data, exercising your rights under Article 4 of these policies, or withdrawing consent to processing, you may also use the email address gdpr@gatherapp.today.