Privacy Policy for Historical Calendar
Effective Date: July 19, 2025
This Privacy Policy explains how the "Historical Calendar" mobile application (referred to as "the App," "we," "us," or "our") collects, uses, stores, and shares your personal data. We are committed to protecting your privacy and ensuring compliance with applicable European data protection laws, including the General Data Protection Regulation (GDPR) and the ePrivacy Directive.
By using our App, you agree to the collection and use of information in accordance with this policy.
1. Who We Are (Data Controller)
The data controller responsible for your personal data collected through this App is:
Alexandru C. Ene
Str. George Ranetti, nr 15, Sector 4, Bucuresti, Romania
Contact Email: historical.calendar@gmail.com
For any questions or concerns regarding this Privacy Policy or your data, please contact us at the email address provided above.
2. Data We Collect
We collect various types of personal data to provide and improve our App's services.
2.1. Types of Personal Data Collected
We collect the following categories of data:
- Automatically Collected Data: This data is gathered automatically when you use the App. It includes:
- Unique Device Identifiers: Such as Google Advertiser ID or IDFA (Identifier for Advertisers).
- Geographic Position: General location data.
- Usage Data: Information about how you interact with the App, including session duration, app opens, app updates, in-app purchases, and specific actions taken within the App.
- App-Instance Identifiers: Unique identifiers generated for each installation of the App.
- Device Information: Such as operating system, device model, and other parameters about your device's IT environment.
- IP Addresses: Collected for security, diagnostics, and general geographic analytics.
- Cookies and Similar Technologies: Small data files stored on your device to facilitate service provision and track user behavior.
- Directly Provided Data: This includes information you voluntarily submit, such as your email address if you contact us for support.
2.2. Purpose and Lawful Basis for Processing Your Data
We process your personal data for specific, legitimate purposes, relying on the following lawful bases under the GDPR:
- To Provide and Maintain Our Service (Performance of a Contract): We use your data to deliver the core functionalities of the App, such as displaying historical events, managing your preferences, and ensuring the App operates correctly.
- To Improve and Optimize the App (Legitimate Interests / Consent): We analyze usage data and performance metrics to understand how the App is used, identify bugs, enhance features, and improve overall user experience. Where required by law, especially for tracking technologies, we will obtain your explicit consent.
- For Security and Fraud Prevention (Legitimate Interests / Legal Obligation): We collect IP addresses and device information to maintain the security of our network and services, detect and prevent malicious or fraudulent activities, and respond to enforcement requests.
- To Provide User Support (Legitimate Interests / Contract): If you contact us for support, we use your provided information to respond to your inquiries and resolve technical issues.
- To Comply with Legal Obligations (Legal Obligation): We may process your data when necessary to comply with applicable laws, regulations, or legal processes.
2.3. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable legal obligations or your consent.
- Firebase Crashlytics: Crash data, including stack traces and associated identifiers, is retained for 90 days.
- Google Analytics for Firebase: User data can be retained for a maximum of 14 months, or according to Google's default data retention policy.
- Other data is retained as long as needed to fulfill the purpose of collection, or until you withdraw consent or request deletion, unless a longer retention period is required by law.
Table 1: Data Types, Purposes, and Lawful Bases
| Data Type Collected | Purpose of Processing | Lawful Basis (GDPR) | Retention Period |
|---|---|---|---|
| IP Address | Security, Diagnostics, Geographic Analytics | Legitimate Interests | Few weeks |
| Device Model, OS | App Performance Optimization, Analytics, Compatibility | Legitimate Interests / Consent | Up to 14 months for Analytics data |
| App Usage Data | User Experience Improvement, Feature Optimization, Analytics | Legitimate Interests / Consent | Up to 14 months for Analytics data |
| App-Instance ID | Analytics, Crash Reporting, User Impact Measurement | Legitimate Interests / Consent | 90 days (Crashlytics) |
| Email Address (if provided for support) | User Support | Legitimate Interests / Consent | As long as necessary for inquiry |
| Calendar Access (if permitted by user) | Providing Core App Functionality (e.g., adding historical events to personal calendar) | Consent | As long as permission granted by user |
3. Data Sharing and Disclosure
We may share your data with third parties under specific circumstances, always ensuring appropriate safeguards.
3.1. Sharing with Third-Party Service Providers
We utilize third-party services to support the functionality and improvement of our App. These providers act as Data Processors on our behalf and are contractually bound to protect your data.
- Google Analytics for Firebase (Google LLC): This service collects app-instance identifiers, mobile device identifiers (Android Advertising ID, iOS Advertising Identifier/Vendor Identifier), and metrics such as user and session counts, session duration, operating systems, device models, geographic data, first launches, app opens, app updates, and in-app purchases. This data is used for analytics, gaining insights into user behavior, and monitoring app performance. IP addresses are not logged or stored in Google Analytics 4. You can opt-out of certain advertising features and personalization through device settings.
- Firebase Crashlytics (Google LLC): This service collects device state information, unique device identifiers, location data, usage data, crash stack traces, Crashlytics Installation UUIDs, and Firebase installation IDs. Its purpose is for crash reporting, debugging, and measuring the impact of crashes on users. For EU users, explicit consent is required for collecting crash reporting data, and developers can enable opt-in reporting.
- Firebase Performance Monitoring (Google LLC): This service collects data related to app start-up time, screen rendering, network request metrics (e.g., response time, payload size), and attributes like device and app version. It does not permanently store personally identifiable information. Its primary purpose is to monitor app performance and identify areas for improvement. Developers have the option to enable opt-in monitoring.
We do not transfer your data to third parties except to subprocessors assisting us in providing Firebase services or in accordance with your instructions (e.g., if you link Firebase to other non-Firebase services).
Table 2: Common Third-Party Services and Data Collected
| Third-Party Service | Data Collected | Purpose of Collection | Legal Basis (GDPR) | Opt-Out/Control |
|---|---|---|---|---|
| Google Analytics for Firebase | App-instance ID, Device information, Usage data, In-app purchases, Geographic data | Analytics, User behavior insights, App performance monitoring | Legitimate Interests / Consent | Programmatic disabling of data collection, Device settings |
| Firebase Crashlytics | Device state, Unique device IDs, Usage data, Crash traces, IP addresses | Crash reporting, Debugging, Measuring user impact | Consent (for EU users) / Legitimate Interests | Opt-in reporting |
| Firebase Performance Monitoring | App start-up time, Screen rendering, Network request metrics, Device, App version | App performance monitoring, Optimization | Legitimate Interests | Opt-in monitoring |
3.2. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the European Union (EU) or European Economic Area (EEA), such as the United States, where Google LLC operates.
When transferring data outside the EU/EEA, we ensure that appropriate safeguards are in place to protect your data, such as relying on Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, which Google complies with. For Crashlytics, explicit consent is required for transferring EU user data to countries outside the EU.
4. Your Rights and Choices
Under the GDPR, you have specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.
4.1. Your Data Protection Rights
You have the right to:
- Right to Information: Receive clear, transparent, and easily understandable information about how your data is processed.
- Right of Access: Obtain confirmation as to whether your personal data is being processed and to access that data.
- Right to Rectification: Request the correction of inaccurate or incomplete personal data concerning you.
- Right to Erasure ("Right to be Forgotten"): Request the deletion of your personal data under certain conditions.
- Right to Restriction of Processing: Request the limitation of the processing of your data under specific circumstances.
- Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
- Right to Object: Object to the processing of your personal data, particularly when processing is based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Withdraw your consent at any time where processing is based on your consent. This will not affect the lawfulness of processing based on consent before its withdrawal.
4.2. How to Exercise Your Rights
You can exercise your rights by contacting us at historical.calendar@gmail.com. We will respond to your request as soon as possible, and always within one month, as required by law. Any rectification, erasure, or restriction of processing will be communicated to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You can also:
- Opt-out of Analytics Data Collection: Programmatically disable data collection for advertising features and personalization through your device settings.
- Delete Local Data: Delete end-user data stored locally on your mobile device and reset app-instance IDs.
- Delete Server Data: Use the Google Analytics API to honor requests to delete data about you from Analytics servers on a per-app, per-device basis.
Table 3: User Rights and How to Exercise Them
| User Right (GDPR) | What it Means | How to Exercise This Right |
|---|---|---|
| Right to Information | To know how your data is collected, used, and shared. | This Privacy Policy provides comprehensive information. |
| Right of Access | To request a copy of the personal data we hold about you. | Contact us at historical.calendar@gmail.com. |
| Right to Rectification | To have inaccurate or incomplete data corrected. | Contact us at historical.calendar@gmail.com. |
| Right to Erasure | To request deletion of your data under certain conditions. | Contact us at historical.calendar@gmail.com. |
| Right to Restriction of Processing | To request the limitation of processing your data. | Contact us at historical.calendar@gmail.com. |
| Right to Data Portability | To receive your data in a machine-readable format and transfer it to another service. | Contact us at historical.calendar@gmail.com. |
| Right to Object | To object to processing of your data based on legitimate interests or for marketing. | Adjust privacy settings in the App or contact us at historical.calendar@gmail.com. |
| Right to Withdraw Consent | To withdraw consent for data processing where consent was the legal basis. | Adjust privacy settings in the App or contact us at historical.calendar@gmail.com. |
4.3. Right to Lodge a Complaint
You have the right to lodge a complaint concerning the processing of your personal data with the applicable EU Supervisory Authority. You can find contact information for all EU Supervisory Authorities online.
5. Data Security Measures
We implement robust technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction, as well as against accidental loss or damage. These measures include:
- Encryption: Data is encrypted both in transit (using HTTPS) and at rest.
- Access Controls: Strict policies limit access to personal data to authorized personnel with a legitimate business purpose. Employee access to systems containing personal data is logged, and multi-factor authentication is required for access.
- Secure Storage: Private data is stored within internal storage, and secure configurations are used for shared preferences.
- Regular Audits: We conduct frequent data security audits to proactively identify and prevent potential breaches.
- Secure Communication: We enforce secure communication protocols between the App and other applications, as well as with external services.
- Updates: All services and dependencies, including SDKs and libraries, are kept up to date with the latest security patches.
6. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and, where feasible, by providing in-app notifications or sending a notice to you via any contact information available to us. We encourage you to review this Privacy Policy periodically for any changes.
Should the changes affect processing activities performed on the basis of your consent, we will collect new consent from you where required.
7. Accessibility of the Policy
This Privacy Policy is easily accessible from within the App (typically in the settings or "about" section), on the App's Google Play Store page, and its Apple App Store listing. It is publicly accessible, non-editable by users, and not provided in a PDF format.