Privacy
Privacy Policy
Last updated: 22 May 2026
Notice provided pursuant to Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree 101/2018. Selfiestreet S.r.l., in its capacity as Data Controller, hereby informs you of the following.
01Data Controller and Data Protection Officer
The Data Controller is Selfiestreet S.r.l., with registered office at Via Giovanni Piranesi 34, 20137 Milano, P.IVA 13597050965, Tel. 02 24202308, e-mail info@selfiestreet.it. The Data Protection Officer may be contacted at the following e-mail address: info@selfiestreet.it.
02Purposes and legal basis of the processing
Selfiestreet is a platform that allows the user to share and broadcast, upon electronic payment, images, videos and multimedia files on billboards installed in places open to the public, which are stored on their devices and on our servers. It also enables users to interact through the platform's communication tools to share content, interact via comments and chat, and create communities. The platform further includes a Gamification system that allows users to accumulate “Selfie Points” through interactions (login, posts, likes, comments, friendships), advance in level and receive projection vouchers. The processing of such data is necessary for the performance of the contract (art. 6 lett. b GDPR) and for the pursuit of the Controller's legitimate interest in preventing fraud or abuse of the rewards system (art. 6 lett. f GDPR). Our services feature end-to-end encryption.
The purpose of the processing is the sharing and broadcasting of images, videos and multimedia files and the interaction of users through the platform's communication tools. The legal basis is constituted by the data subject's consent pursuant to art. 6 lett. a) and 7 GDPR, freely revocable at any time, as well as by the performance of the contract to which the user is a party pursuant to art. 6 lett. b) GDPR and by the pursuit of the Data Controller's legitimate interest pursuant to art. 6 lett. f) GDPR.
The processing is carried out by the Controller and by the persons authorised by it and is based on the principles set out in art. 5 GDPR: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity.
With specific reference to the multimedia content uploaded and its possible broadcasting on billboards and screens installed in places open to the public, the legal basis of the processing is also constituted by the explicit consent of the data subject pursuant to artt. 6, par. 1, lett. a) and 7 GDPR, given by the user who uploads the content, who acts as an autonomous controller responsible for collecting the consents of any persons depicted.
03Information provided by the user
User account
To create a Selfiestreet account, the user must provide their mobile phone number or e-mail address and a profile name of their choice, as set out in Selfiestreet's Terms and Conditions, to which full reference is made.
User content
Through the platform, the user may also publish and share content (photographs, audio, video, comments, texts and messages) which is collected by Selfiestreet together with the associated metadata.
The user acknowledges and accepts that the content uploaded may include images and videos featuring identifiable third parties. In such cases, the user declares and warrants that they have obtained, before uploading and broadcasting, every necessary consent pursuant to the applicable legislation, including consent to being filmed and to the subsequent communication to the public through billboards and digital screens installed in places open to the public, also for promotional or commercial purposes where provided. The user assumes all responsibility in relation to the collection and management of the consents of the persons depicted in the content uploaded. The user acknowledges that the broadcasting of content through billboards and screens installed in places open to the public entails a communication to the public in contexts that cannot be controlled by the Controller and potentially characterised by broad visibility. Once the broadcasting has been scheduled and carried out, it cannot be technically revoked in real time and may be perceived by an indeterminate number of persons present in the viewing area.
Selfiestreet collects the content of the messages sent and received on the platform and the associated metadata. The content uploaded by users may be broadcast not only through the application, but also through physical screens (billboards) located in places open to the public, with the consequent potential visibility to an indeterminate number of persons. Selfiestreet collects the information provided by users in the event of participation in surveys, research, promotions or Selfiestreet events.
Should the user choose to synchronise their contacts, information may be collected from the device (for example names, telephone numbers, e-mail addresses) and associated with the platform's users. Should the user choose to identify other users through their social profile, information about their public profile or the names and profiles of their contacts on social networks may be collected.
Selfiestreet may also collect information about the accounts that users follow or by which they are followed.
Furthermore, in the event of contact by users, Selfiestreet collects information provided by them such as identity, age, feedback or requests for information on the use of the platform or on possible breaches of the terms and conditions, or in the case of the completion of forms prepared by Selfiestreet.
The user undertakes not to publish the personal data of third parties in the absence of a suitable legal basis and, where necessary, the relevant consent, holding the Controller harmless from any liability arising from unlawful processing carried out through the platform.
Location information
The user may choose to share location information where the relevant settings are enabled on the device used. The location information that the user shares is encrypted, so that Selfiestreet cannot view it. We also receive and use certain location-related information even when location settings are disabled, such as IP addresses or information derived from that provided by the user (for example, telephone area codes, postal codes). In any event, certain indirect location information (such as IP address, telephone area codes or data provided by the user) may be processed to ensure the operation and security of the service.
Information about the user's groups and communities
The user may create, join or be added to communities, groups and broadcast lists, which are associated with their account. It is the user who assigns names to their groups and communities. The user may provide a description or a profile image for the groups or communities. We also collect information on the creation or updating of groups and communities.
Customer support information and other communications
When the user contacts us for customer support or communicates with us in another way (for example, through optional surveys), they may provide us with information relating to the use of our services (including information deemed useful to understand and respond to their requests) and their contact details. We also collect information about how the user uses our support features, any feedback provided and the user's responses to surveys or questions.
Third-party information
As regards any third-party data, it is the user's responsibility to obtain the necessary consents and to fulfil the information duties that may be required by the applicable legislation, as indicated in Selfiestreet's Terms and Conditions, to which full reference is made.
The user acknowledges that they act as an autonomous data controller with reference to the personal data of any third parties present in the content uploaded, assuming full responsibility for the lawfulness of the collection, use and dissemination of the relevant images and information, including the acquisition of the necessary consents. Selfiestreet operates exclusively as the provider of the technological platform.
04Information collected automatically
Usage information
We collect information about how the user uses our services (for example about their activity, their interactions with other users, the times, frequency and duration of their activities and their history).
The personal data collected may be used for a range of purposes, including:
- purposes connected to the supply of the products, their presentation, information, events and insights, and offers;
- purposes aimed at ensuring the lawful processing of the data and necessary to provide the user with a service that meets their needs and expectations;
- purposes aimed at ensuring the security of the platform and for content moderation purposes;
- purposes connected to the rewards system: real-time tracking of activities and missions for the attribution of scores, the updating of the progress bar and the automatic assignment of vouchers upon level advancement.
Logs and troubleshooting information
We collect information relating to the performance of our Services during use by the user (such as that relating to service diagnostics and performance). This includes log files, date and time stamps, data relating to diagnostics or crashes, and error messages or reports.
Device and connection information
We collect information about the device and connections when the user accesses, installs or uses our services. This includes information about the hardware model, the operating system, the battery level, the signal strength, the app version, the browser and the mobile network, connections (including any use of Wi-Fi networks or mobile data, the mobile operator and the internet service provider or ISP), the language and time zone, the IP address, details relating to device operations and identifiers.
Cookies
We also collect information by using cookies to operate and provide our services. Further information on how we use cookies to provide our services is set out in the cookie policy, to which full reference is made.
User preferences
We collect information about in-app settings and data relating to the user's acceptance of our terms. The user has exclusive control over their own privacy settings.
Authentication information
To verify and ensure the appropriate authorisations during the use of our services, we store the authentication codes that constitute a security measure by which it is ensured that only the user accesses their own account. The authentication information also includes the encryption keys used by the end-to-end encryption protocol.
05Information from other sources
Third-party platforms provide information (such as e-mail address, authentication identifier and public profile) when the user accesses the platform using the login features provided by such third parties. Selfiestreet may receive contact information when it is synchronised with the platform by the user themselves or by another user. Selfiestreet may also receive information from third-party providers that it uses for security purposes, such as protecting users on the platform or moderating content.
Selfiestreet may receive and collect information about the user from third parties, including public-domain sources or public authorities. It may also receive information when it is present in content, in messages, in a complaint or dispute of the user or of third parties, or if it is provided by another user.
Should the user choose to access the platform through third-party authentication services (e.g. Facebook Login), Selfiestreet may receive from such parties certain information associated with the user's account, such as, by way of example, name, user identifier and e-mail address, in accordance with the privacy settings selected by the user with the service provider. Such data is processed for the purposes of authentication and access to the platform pursuant to art. 6, par. 1, lett. b) GDPR. The authentication service provider acts as an autonomous data controller; for further information, reference is made to their respective privacy notices.
06Retention periods for personal data
Personal data is retained for the period necessary to provide the services and the retention period will be equal to that of the user's account. The retention period of the data may also depend on compliance with certain legal obligations or on security reasons.
Data relating to the history of Selfie Points, level progress and completed missions is retained for the entire duration of the account, in order to ensure the continuity of the user's profile and the enjoyment of the rewards accrued.
Selfiestreet maintains adequate security measures to protect information from unauthorised access, theft, alteration or loss, subject to periodic review to take account of the most advanced technologies available.
07Recipients of personal data
Selfiestreet collaborates with service providers who contribute to its better operation. For example, for hosting, technical support, content moderation and payment services, with whom the information provided by the user, that collected automatically and that coming from other sources may be shared.
Depending on the privacy settings, the user's information, including account information, user content and usage information, may be visible to other users and to the public. If the account is public and has not restricted the visibility of its content, the relevant account information and user content may be viewed or shared by anyone on the platform or outside it, regardless of whether or not they have a Selfiestreet account. Depending on the privacy settings, account information and content may also be viewed on search engines and content aggregators.
Furthermore, the user's personal data other than the images, videos and multimedia files being broadcast may be shared with the following parties:
- third parties who require it in order to provide the requested products (by way of example, external parties such as technical service providers, hosting providers, interbank circuits);
- competent authorities in order to comply with legal obligations.
08User's rights
The user has the right to exercise the rights set out in artt. 15 and following of the GDPR and precisely the rights to:
- obtain confirmation of the processing of their personal data and, in that case, obtain access to such personal data and to the following information: purposes of the processing, categories of personal data, recipients to whom they have been or will be communicated, retention period or criteria used to determine it, information on their origin, and the existence of automated decision-making;
- revoke any consent given pursuant to art. 7 n. 3) GDPR;
- lodge a complaint with a supervisory authority pursuant to art. 14 lett. e) and 77 GDPR;
- obtain the rectification of inaccurate personal data pursuant to art. 16 GDPR; the erasure of the data pursuant to art. 17 GDPR; the restriction of processing pursuant to art. 18 GDPR; the portability of the data pursuant to art. 20 GDPR;
- object, in whole or in part pursuant to art. 21 GDPR, on legitimate grounds, to the processing of personal data even though relevant to the purpose of the collection, as well as to the processing of personal data for the purposes of sending advertising or sales material or for carrying out market research or commercial communication;
- receive clear information on the operation of the gamification system: the assignment of points and level advancement take place through automated systems based on the user's activity. Such processes are aimed exclusively at managing the benefits internal to the platform and do not produce significant legal effects or adverse effects on the user.
The data subject may at any time exercise the rights indicated above by sending a communication by e-mail to the following address: info@selfiestreet.it.