Who We Are

This Privacy Policy (“Policy”) applies to the services available on Globfone.com and the Globfone mobile applications (hereinafter “Globfone” or “Service”). Globfone, as the administrator of personal data, is operated by i-Trends Sp. z o.o., headquartered in Poland at ul. Druskiennicka 27, 81-533 Gdynia (“Administrator”). Globfone provides services such as sending text messages (SMS), VoIP calls, text and video chat, and P2P file sharing.

Globfone is committed to fairness, transparency, and accountability regarding the collection and use of personal data. This Policy explains our approach to processing personal data in connection with Globfone.com (hereinafter the “Site”) and the choices you have regarding accessing and controlling your information.

By using our website and services, you acknowledge that you have read this Policy and our Terms of Use, including the use of cookies, and agree to comply with them. If you do not agree with how we process personal data, we advise against using the Site or Services.

This Policy complies with data protection obligations under the General Data Protection Regulation (EU-GDPR), the California Consumer Privacy Act (CCPA), and other international data protection regulations, ensuring robust privacy safeguards and rights tailored to local requirements.

Definitions

• User – any person using the Globfone Services.
• Services – services provided by the Administrator based on the Regulations of the “Globfone.com” portal.
• Cookies – information saved by the server on the User’s computer or other end device in a text file, detailed in this Policy.
• End User – recipient of the message/telephone conversation.
• Personal Data – information relating to an identified or identifiable natural person, including but not limited to name, phone number, email address, IP address, and other information enabling identification.
• Data Controller – the entity determining the purposes and means of processing personal data (i-Trends Sp. z o.o., as the administrator of the Globfone platform).
• Data Processor – an entity processing personal data on behalf of the Data Controller.
• Third Parties – external entities or organizations that may receive personal data, including service providers, hosting companies, and payment processors, as described in this Policy.

Purpose and Scope of Personal Data Processing

The purpose and scope of processing, as well as the recipients of processed data, depend on the User’s actions via the Globfone.com website or the Globfone mobile applications. Personal data is processed solely to provide requested services, handle complaints, and fulfill legal or regulatory obligations. No additional personal data is processed without the User’s explicit consent.

Globfone endeavors to enter into additional data protection agreements with its partners where possible. However, due to the diverse and changing environment of service providers, it cannot guarantee that all partners will adhere to such agreements. The Administrator ensures that personal data is disclosed only to entities directly involved in service provision. These include:

• Hosting companies: Data is shared based on data processing agreements.
• Service providers: Partners assisting in operational tasks.
• Telecommunications operators: For communication-based services.
• Payment operators: To securely process payments (e.g., PayPal).
• Authorized state authorities: When legally required.

The following personal data and categories may be processed:

• Identification Data (processed based on user consent to enable identification and service provision):
  • First and last name (if provided, e.g., for complaints).
  • Phone number (required for application authorization and as an account identifier).
  • Email address (e.g., when contacting support, purchasing an Activity Report).
• Technical Data (processed based on the legitimate interest of ensuring platform and user security – Art. 6(1)(f) GDPR):
  • IP address.
  • Browser type and operating system.
  • Device information (e.g., unique device identifiers, FCM token for push notifications).
• Transactional Data (processed to fulfill contractual obligations and comply with legal requirements – Art. 6(1)(b) and (c) GDPR):
  • Payment information provided by the payment operator (e.g., PayPal).
  • Transaction history and service usage (e.g., purchase of Activity Report).
• Communication Data (processed to provide the service and based on the legitimate interest of preventing abuse – Art. 6(1)(b) and (f) GDPR):
  • Message content (e.g., SMS) – processed temporarily for delivery and moderation; stored for 180 days for technical troubleshooting purposes, unless a longer retention period is required by law. Messages rejected by the moderation system are not stored.
  • Recipient’s phone number.
  • Call history (e.g., contact numbers, time, and duration of calls) – processed to provide the service.
  • Communication metadata (e.g., date, time, delivery status).
• Location Data (processed based on legitimate interest to tailor services and ensure compliance with legal requirements – Art. 6(1)(f) GDPR):
  • Approximate location based on IP address (to adjust language, regional content, advertising, and meet licensing requirements).
• Usage and Analytical Data (processed based on legitimate interest to improve services and analyze platform performance – Art. 6(1)(f) GDPR):
  • User interaction with the application or website (e.g., pages visited, clicks).
  • Anonymized information collected using tools such as Google Analytics.
• Address Book Data (Contacts) (processed based on user consent – Art. 6(1)(a) GDPR):
  • The application may request access to contacts stored on the User’s device. This access is used solely to allow the User to easily select the recipient’s phone number for an SMS message directly from the contact list.
  • Contacts are not transferred, stored, or synchronized with Globfone’s servers. Processing occurs locally on the User’s device.
  • On Android, the application may request access to the entire address book. On iOS, the User may have the option to share only selected contacts. Granting consent is voluntary, and refusal will prevent the use of the feature to select recipients from contacts but will not affect other application functionalities.

Providing data such as a phone number (for authorization) is necessary to use the mobile application. Providing other data is voluntary but may be required to use specific features (e.g., complaints, purchasing a report).

Firebase Authentication & Push Services

We use Google Firebase Authentication solely to create and manage user accounts in the mobile application. Firebase acts as a data processor under Art. 28 GDPR and stores the phone number, device identifier, and Firebase Cloud Messaging (FCM) token on servers located in the European Union, operated by Google Cloud Platform. This data is necessary for the authentication process and sending service-related push notifications. Any authentication logs older than 30 days after account deletion are automatically purged. More information about Google’s privacy practices can be found here.

Automated SMS Content Moderation (AI)

To combat spam, fraud, and content that violates the law or our Terms of Use (including content that is sexual, vulgar, degrading, contains threats, or illegal URLs), we employ machine learning models (AI) that automatically classify and, where necessary, block the sending of SMS messages.

• Purpose: Ensuring platform security, protecting recipients from unwanted or harmful content, and preventing abuse.
• Process: The decision to block a message is made fully automatically within the meaning of Art. 22 GDPR.
• Storage: The content of messages classified as spam or violating the terms is not stored after the moderation process. Only metadata (e.g., block information, time, sender/recipient number) is stored for analytical and abuse prevention purposes, according to our retention schedule.
• Right to Human Intervention: A user whose message has been blocked has the right to request human review of this decision. To do so, please contact us via email at: privacy@globfone.com.

Advertising

The Globfone application displays advertisements to fund the free SMS services. We use the Google AdMob advertising network. Google AdMob may collect and use data (such as the device’s advertising ID, approximate location, interactions with ads) to display personalized advertisements.

• Partner: Google (AdMob)
• Google Privacy Policy: You can learn more about how Google collects and uses data and how to manage your advertising preferences by visiting the Google Privacy & Terms page and How Google uses data when you use our partners’ sites or apps.
• Managing Preferences: You can manage your preferences for personalized advertising in your mobile device’s settings (e.g., by limiting ad tracking or resetting your advertising ID).

Data Processing and Storage (Retention)

The Administrator processes data necessary to provide the service, including transmission data (e.g., IP addresses, HTTP User Agent, recipient phone numbers). This data is not used for direct user identification unless necessary for investigations or legal requirements. We implement safeguards compliant with GDPR principles of data minimization and pseudonymization.

Personal data provided when submitting complaints or creating an account is processed solely for the intended purpose and deleted upon fulfillment or according to the retention schedule.

Data retention periods are as follows:

• SMS Content: Stored for 180 days for delivery and technical troubleshooting purposes (based on Art. 6(1)(b) and (f) GDPR), unless a longer period is required by law. Secure overwriting is used for deletion.
• Authentication Data (Firebase Logs): Stored for 30 days after account deletion for security and abuse prevention (based on Art. 6(1)(b) and (f) GDPR). Automatic deletion is used.
• Transmission Data (Metadata): Stored for up to 6 years to ensure service provision, security, billing, and compliance with legal requirements (e.g., Telecommunications Law, statutes of limitation, tax/accounting obligations) (based on Art. 6(1)(b), (c), and (f) GDPR). Secure overwriting is used for deletion.
• Anonymous Analytical Data: Stored for 36 months (3 years) for improving service performance (based on Art. 6(1)(f) GDPR). Aggregation/anonymization is used for deletion.
• Complaint Data: Stored until the limitation period for claims expires (based on Art. 6(1)(b) and (c) GDPR). Secure overwriting is used for deletion.
• User Account Data: Stored until the account is deleted by the user, plus the period necessary to meet legal requirements or defend claims (max. 6 years) (based on Art. 6(1)(b) GDPR). Secure overwriting is used for deletion.

User Rights

Users have the right to:

• Access their personal data (Art. 15 GDPR).
• Rectify inaccurate or incomplete data (Art. 16 GDPR).
• Request erasure of data (“right to be forgotten”) when it is no longer necessary, consent is withdrawn, or it was processed unlawfully (Art. 17 GDPR).
• Restrict data processing in specific cases (Art. 18 GDPR).
• Data portability to another Controller (Art. 20 GDPR).
• Object to data processing for specific purposes, including profiling and direct marketing (Art. 21 GDPR).
• Withdraw consent for data processing at any time (if processing is based on consent), without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7(3) GDPR).
• Lodge a complaint with a supervisory authority (in Poland: President of the Personal Data Protection Office – UODO) (Art. 77 GDPR).

Requests can be submitted via email to dpo@globfone.com or by post to the Administrator’s registered address. The Administrator will respond within one month, unless extraordinary circumstances arise.

Exceptions to the Right to Erasure (“Right to be Forgotten”) (Art. 17(3) GDPR):

Globfone reserves the right to retain certain personal data, despite a user’s request for deletion, in the following limited circumstances where processing is necessary:

1. For compliance with a legal obligation requiring processing by Union or Member State law to which the controller is subject (Art. 17(3)(b) GDPR): E.g., obligations arising from Telecommunications Law regarding the retention of transmission data, regulations concerning anti-money laundering, counter-terrorism financing, combating cybercrime, and maintaining accounting or tax records.
2. For the establishment, exercise or defence of legal claims (Art. 17(3)(e) GDPR): Data may be retained to defend against legal claims or to establish, exercise, or defend our own rights.
3. For purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR in conjunction with Recital 47 GDPR): Particularly for fraud and abuse prevention. Storing transmission data (e.g., phone number, IP address) may be necessary to protect users and the platform from fraud, spam, or other illegal activities, and to identify and respond to suspicious activities, especially in cooperation with law enforcement agencies.
4. For security reasons: Certain data may be necessary to ensure the security of systems and users, e.g., to identify and block malware or hacking attempts.

Account Deletion

To delete your Globfone application account, please send an email requesting deletion to support@globfone.com from the email address associated with the account or by providing the phone number used for registration. Account deletion will result in the removal of personal data associated with the account, subject to the exceptions described above (e.g., data subject to legal retention obligations).

Compliance with CCPA and GDPR

Under the CCPA, California residents have the right to:

• Know the categories of personal data collected, purposes of processing, and third parties receiving their data.
• Request deletion of their personal data.
• Opt out of the “sale” of personal data (not applicable, as Globfone does not sell data).

Users can exercise these rights by contacting dpo@globfone.com. Globfone also adheres to GDPR, ensuring users worldwide have rights to access, rectify, erase, and restrict the processing of their personal data.

Globfone does not sell personal data to third parties. All collected data is used solely to provide and enhance our services, in accordance with GDPR and CCPA requirements.

Data Transfers to Third Countries

By using the Services, the User consents to the transfer of their data to servers located outside their jurisdiction, including the United States (e.g., when using Google Firebase services) or other countries through which SMS messages may be routed to operators outside the EEA. Transfers are carried out using appropriate safeguards, such as:

• Cooperation with entities recognized by the European Commission as providing an adequate level of data protection.
• Use of standard contractual clauses approved by the European Commission (in accordance with Commission Implementing Decision (EU) 2021/914).
• Application of binding corporate rules.
• For transfers to the US, cooperation with entities certified under the Data Privacy Framework (DPF) program.

Partners (e.g., telecommunications operators outside the EEA) are contractually obligated to process data solely for message delivery and to delete all logs within a specified short period (e.g., 24 hours), unless local laws dictate otherwise. Globfone ensures data transfers comply with GDPR and CCPA standards.

Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or destruction. This includes:

• Encryption: We encrypt data in transit using TLS 1.3 and data at rest using AES-256.
• Key Management: Encryption keys are stored in a Hardware Security Module (HSM) and rotated at least every 90 days.
• Access Control: We apply strict access controls to personal data, limiting access only to authorized personnel.
• Regular Audits: We conduct regular security audits and risk assessments.

Children’s Privacy

The Service is not directed to children under 13 years of age (or a higher minimum age required by law in a particular jurisdiction, e.g., 16 years in some EU countries regarding consent for data processing). We do not knowingly collect personal information from children. If we learn that a child under the required age has provided us with personal data without parental consent, we will delete it immediately. If you believe we might have collected information from a child, please contact us at privacy@globfone.com.

Cookies and Usage Data (Website)

Cookies are small text files saved on users’ devices to enhance website functionality and personalize the user experience. The data collected may include IP addresses, browser types, operating systems, and information about website interactions (e.g., pages visited, forms completed). This information helps optimize the site and improve services.

Globfone processes cookie data for the following purposes:

• Remembering user activity: To ensure smooth navigation and retain preferences, such as language or layout settings.
• Enhancing user experience: By storing form or survey responses for future visits.
• Providing anonymous statistics: To monitor website usage and improve functionality (e.g., Google Analytics).
• Ensuring security: To prevent fraud, errors, and unauthorized access.

Users can manage cookie settings in their browser to block or delete cookies. Disabling cookies may affect some website features. Learn more about managing cookies at www.allaboutcookies.org.

Types of Cookies Used:

1. Strictly Necessary Cookies: Essential for website operation and providing user-requested functionalities.
2. Analytical Cookies: Collect data on user behavior to improve the website (e.g., Google Analytics).
3. Functional Cookies: Store user preferences, such as language or font size.
4. Advertising Cookies: Track visits to display tailored advertisements and measure marketing effectiveness (e.g., Google Ads).

Third-Party Tracking Tools: Globfone uses services like Google Analytics, Google Ads, and others to track user behavior and improve the website. For more details or to opt-out:

• Google Analytics Opt-Out
• Google Advertising Policies
• Facebook Cookie Policy (Note: Check if Facebook Pixel/SDK is actually used)

Globfone is not responsible for the privacy practices of third parties. For additional control, adjust browser privacy settings to manage cookies and tracking.

Final Provisions

Globfone may update this Policy to reflect changes in data processing practices or legal requirements. Updates will be published on the website. Users are encouraged to review the Policy regularly. For questions or complaints, please contact dpo@globfone.com or the Administrator’s postal address provided.

In matters not regulated by this Privacy Policy, the relevant provisions of Polish law and European Union law, in particular the GDPR, shall apply.