ALCE App — Privacy Policy

1) Who we are (Data Controller)

Controller: ALCE BOLOGNA | Language Training Centre

Registered address: Viale Carducci 13/3 – 40125 Bologna – Italia

Contact (privacy): info@alcebologna.it

If you are in the EEA/UK, the above entity is the data controller for GDPR purposes. If applicable, details of our EU/UK representative or Data Protection Officer will be provided here.

2) Scope

This policy covers personal information processed through the ALCE mobile application and related services used for student registration, identity verification, school administration, and safety communications.

3) Information we collect

A. Information you provide

Registration:

• First name, Last name
• Date of birth
• Street address, City, ZIP/Postal code
• Country of residence
• Nationality (demonym)
• Mother language
• Mobile phone number

Emergency contact:

• Emergency contact first & last name
• Relationship to you
• Emergency contact email
• Emergency contact mobile number

Identity verification:

• Selfie photograph (image you choose)
• Passport/ID card image (image you choose)

B. Information collected automatically (minimal)

To operate and secure the service, we may process device and usage data such as IP address, device model, operating system version, app version, and in-app activity timestamps. We do not build advertising profiles.

4) Why we use your information (Purposes)

• Create and manage your student account and provide App features.
• Verify your identity (matching selfie with your passport/ID, manual review by authorized staff) and reduce fraud/impersonation.
• Contact your emergency contact when safety or welfare requires it.
• Communicate with you about registration, activities, accommodation, tests, or policy updates.
• Operate, maintain, and secure the App and our infrastructure.
• Comply with legal/administrative requirements, including record keeping.

5) Legal bases (GDPR/UK GDPR)

• Performance of a contract (Art. 6(1)(b)) — to create your account and deliver App services.
• Legitimate interests (Art. 6(1)(f)) — to secure the App, prevent fraud, and contact an emergency contact when necessary.
• Legal obligation (Art. 6(1)(c)) — to meet record-keeping, public safety, or regulatory requirements.
• Consent (Art. 6(1)(a)) — for processing selfie and ID images for identity verification when required by local policy. You may withdraw consent at any time, but this may affect features that require verified identity.

Special categories/biometrics: We do not perform facial recognition for biometric identification. Selfie and ID images are used solely for manual verification and record keeping.

6) Where we store and process data

We use Google Firebase (Google Cloud) to store and process data, which may be in the EU, the United States, or other regions depending on service configuration. When data is transferred outside your country/region, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) offered by our service providers.

7) How we share information

We do not sell personal data. We share information only with:

• Service providers acting on our behalf, under contracts that protect your data, e.g. Firebase Authentication, Firestore/Realtime Database, Cloud Storage and Hosting (Google), email/SMS providers, and payment processors (e.g., Stripe) if you pay for activities.
• School administrators and authorized staff who manage your enrollment and services.
• Public authorities when required by law or to protect vital interests (e.g., responding to lawful requests or emergencies).

8) Data retention

• Account & registration data: kept while your account is active and for up to 24 months after closure, unless longer retention is required by law.
• Emergency contact details: retained while your account is active and for up to 24 months after closure.
• Identity documents (selfie, passport/ID): retained until verification is completed and for up to 6 months thereafter (or as required by law or school policy).

When data is no longer needed, we will delete or irreversibly anonymize it.

9) Your rights

Depending on your location (e.g., EEA/UK), you may have the right to access, rectify, erase, or port your data; to restrict or object to processing; and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority.

How to exercise your rights: Contact us at info@alcebologna.it. We may need to verify your identity before responding.

Account deletion: You can request deletion of your account and associated personal data by contacting us at info@alcebologna.it (or using the in-app deletion option, if available).

10) Security

We implement technical and organizational measures to protect personal information, including encryption in transit (TLS) and access controls. Firebase data is encrypted at rest by the provider. No method of transmission or storage is 100% secure; we continuously improve our safeguards.

11) Children’s privacy

The App is not directed to children under 13. If you are under the age where parental consent is required in your country (e.g., 16 in the EEA), you must have your parent/guardian’s consent to use the App. If we learn we have collected data from a child without appropriate consent, we will delete it.

12) Permissions and device access

• Camera / Photos: Used only when you choose to capture or upload a selfie and passport/ID image for verification. We do not access photos or videos you did not select.
• Network: Required to connect to our servers and Firebase services.

If additional permissions are introduced later (e.g., notifications), we will update this section.

13) International users

Your information may be transferred to and processed in countries other than your own. By using the App, you acknowledge these transfers as described in this Policy.

14) Changes to this Policy

We may update this Policy from time to time. The Effective date at the top indicates when it was last revised. Significant changes will be notified in-app or by email where appropriate.

15) Contact us

If you have questions or requests about this Policy, contact:

ALCE BOLOGNA | Language Training Centre
Email: info@alcebologna.it
Postal address: Viale Carducci 13/3 – 40125 Bologna – Italia

Appendix — Data Safety (Play Store) mapping (informative)

Data collected: name, date of birth, postal address, country, nationality, mother language, phone number, emergency contact details (name, relationship, email, phone), and photos (selfie, passport/ID).

Purpose: account management, identity verification, safety (emergency contact), app functionality, security & compliance.

Data handling: stored in Firebase (non-ephemeral), not sold; shared only with service providers and school admins; user deletion supported on request.