GDPR Policy

1. Purpose & Scope

This GDPR Policy applies to all processing of personal data carried out by Friendium through the website friendium.com, related applications, services, features, and support channels (collectively, the “Services”).

It applies to users located in the European Union (EU), European Economic Area (EEA), and Switzerland, as well as any individual whose personal data is processed in connection with Friendium’s operations.

2. Data Controller

For the purposes of the GDPR:

• Data Controller: Friendium
• Operated by: Nexa-Group
• Primary Contact: privacy@friendium.com
• Data Protection Officer (DPO): dpo@nexa-group.org

3. Principles of Data Processing

Friendium processes personal data in accordance with the GDPR principles:

• Lawfulness, Fairness & Transparency
• Purpose Limitation
• Data Minimization
• Accuracy
• Storage Limitation
• Integrity & Confidentiality
• Accountability

4. Categories of Personal Data

Depending on use of the Services, Friendium may process:

• Account information (name, username, email address).
• Profile content and user-generated content.
• Contact and support communications.
• Technical data (IP address, device identifiers, logs).
• Security, authentication, and fraud-prevention data.
• Optional information voluntarily provided by users.

5. Legal Bases for Processing

Friendium relies on one or more of the following legal bases:

• Contractual Necessity: To provide the Services.
• Legitimate Interests: Platform security, abuse prevention, service improvement, and corporate operations.
• Legal Obligation: Compliance with applicable laws.
• Consent: Where explicitly required.
• Vital Interests: Protection of users in emergencies.

6. Data Subject Rights

Under the GDPR, individuals have the following rights:

• Right of access.
• Right to rectification.
• Right to erasure (“right to be forgotten”).
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing.
• Right not to be subject to automated decision-making.

Requests can be submitted to privacy@friendium.com.

7. Identity Verification

To protect users and prevent unauthorized disclosure, Friendium may require reasonable identity verification before fulfilling GDPR requests.

8. Data Retention

Personal data is retained only as long as necessary for the purposes described, unless a longer retention period is required or permitted by law.

9. Security Measures

Friendium implements appropriate technical and organizational safeguards, including:

• Encryption and access controls.
• Monitoring and intrusion detection.
• Incident response and breach management procedures.
• Staff confidentiality and training.

10. Data Processors & Third Parties

Friendium may engage processors to assist with operations (e.g., hosting, analytics, security). All processors are contractually bound under GDPR-compliant agreements.

11. International Transfers

Where personal data is transferred outside the EU/EEA, Friendium applies appropriate safeguards such as Standard Contractual Clauses (SCCs).

12. Data Breach Notification

Friendium maintains procedures to detect, investigate, and report personal data breaches. Where required, supervisory authorities and affected individuals will be notified within statutory timeframes.

13. Supervisory Authority

Data subjects have the right to lodge a complaint with their local data protection authority.

14. Policy Updates

This GDPR Policy may be updated periodically to reflect changes in law or operational practices.

15. Contact

GDPR & Privacy: privacy@friendium.com
Data Protection Officer: dpo@nexa-group.org
Legal: legal@friendium.com