Privacy Policy

Last updated: May 18, 2026

This policy describes how UBA PROJECT S.R.L.S. collects, uses, and protects the personal data of users who access the website, mobile application, and related services.

This policy is drawn up in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR).

1. Data Controller

The data controller for personal data is:

UBA PROJECT S.R.L.S.
Via Leonardo n.5
62024 Matelica (MC) – Italy
VAT No.: 01900730431
Email: privacy@ubaproject.com

For any requests related to the processing of personal data or to exercise the rights provided for under the GDPR, please contact the data controller at the above details.

2. Types of Data Processed

Browsing Data

During navigation on the website, some data is automatically collected by the computer systems that enable the service to operate. This data may include:

IP address
type of browser used
operating system
information about pages visited
referring URL
technical data collected via cookies or similar technologies

This information is used primarily to ensure the correct functioning of the website and for aggregate statistical analysis.

Data Voluntarily Provided by the User

When the user contacts Uba Project via contact form, email, or newsletter subscription, certain personal data necessary to handle the request may be collected. This data may include:

first and last name
email address
phone number
company name
city of residence
tax or billing information (in the case of service purchases)
any additional information voluntarily provided

Data Processed for Contractual Purposes

In the case of purchase or use of services offered by Uba Project, data necessary for managing the contractual, administrative, accounting, and fiscal relationship may be processed.

Data Processed for Marketing Purposes

Subject to the user's consent, Uba Project may use certain personal data (such as name and email) to send:

newsletters
promotional communications
product or service updates
invitations to events or webinars

Consent may be withdrawn at any time.

3. Use of the EarOn Pro App

To use the EarOn Pro mobile application, it is necessary to create an account by entering an email address and password (stored in encrypted form). This information enables access to the application and user identification. No additional personal data is required.

During use of the app, technical and operational data related to app usage and training sessions may be recorded. This data may include:

type of device used
operating system or firmware version
app features used (audio and video recordings of sessions performed with the EqTool Pro device)
data synchronisation with the platform
crash logs

This information is used exclusively to improve the functioning of the app and ensure service stability, and to associate sessions with the user and for the technical operation of the application.

Some app features may require access to device components, such as the microphone, for example for recording voice notes. The user can manage such permissions directly from their smartphone settings.

The activation of geolocation required by the Bluetooth system is necessary for the technical functioning of the connection, but does not involve recording or tracking the user's location.

With the exception of crash logs, data is automatically synchronised with the KFlow platform, managed by the same data controller jointly with Underwater care srls. No automatic synchronisation, transmission, or sharing takes place with third-party platforms, services, or systems other than kflow.pro.

The account and associated data can be deleted both from the application and from the platform.

Account and associated data deletion:
https://www.kflow.pro/en/profile

Request for deletion of specific data without deleting the account:
https://www.kflow.pro/en/eqtool

In the event of an application crash, the following are automatically collected: device model, operating system version, application version, execution trace (stack trace), memory state at the time of the error. This data is collected via the Firebase Crashlytics service and is used exclusively to diagnose and fix technical errors. It is not used to identify the User or for advertising or tracking purposes.

4. Synchronisation with the KFLOW Platform

The app may synchronise data with the KFLOW web platform, a cloud service that allows users to monitor training activities and analyse their progress. Synchronisation may include data such as:

user profile information
account settings
operational data related to training
information about devices used

Data transmission takes place via secure connections with encryption protocols (HTTPS/TLS).

5. Purposes of Processing and Legal Bases

Personal data is processed for various purposes, based on the conditions set out in Article 6 of the GDPR. In particular, data may be used to:

provide and manage the website and app services
perform a contract or pre-contractual measures requested by the user
manage synchronisation between the app and the web platform
ensure system security and prevent fraudulent use
fulfil legal obligations
send promotional communications and newsletters, subject to consent
carry out aggregate statistical analysis on service usage

Where processing is based on the legitimate interest of the data controller, the user has the right to object at any time.

6. Processing Methods and Security

Personal data is processed using computer and electronic tools, in compliance with the principles of lawfulness, fairness, and transparency provided for under the GDPR. To protect data, appropriate security measures are adopted, including:

encryption of data during transmission
authentication and access control systems
system access logging
data backup and recovery procedures
protection of web applications through dedicated security systems

7. External Data Processors

To provide its services, Uba Project may use external suppliers who process personal data on behalf of the data controller. These parties act as Data Processors pursuant to Art. 28 GDPR and are bound by specific contractual agreements. The main categories of suppliers used include:

hosting and cloud infrastructure services
email and communications management services
statistical analysis tools
push notification systems for mobile applications
application anomaly reporting systems
online payment services (where applicable)
invoicing and accounting management software
customer support management systems

The complete list of external suppliers can be requested from the Data Controller.

8. Joint Controllership

For certain features involving the synchronisation of data between the app and the KFLOW web platform, UBA PROJECT S.R.L.S. and UNDERWATER CARE S.R.L.S. act as joint controllers pursuant to Article 26 of the GDPR. The two companies jointly determine the purposes and means of processing the data necessary for the operation of the integrated services.

Users may exercise their rights against either controller. The primary point of contact for data subjects is:

privacy@ubaproject.com

9. Transfer of Data to Non-EU Countries

Where external suppliers or the joint controller referred to in the preceding sections process data in countries outside the EEA, the Data Controller ensures that the transfer takes place in compliance with Chapter V of the GDPR, by means of:

Adequacy Decision by the European Commission (Art. 45 GDPR)
Standard Contractual Clauses (SCC) — June 2021 version (Art. 46(2)(c) GDPR)
Other appropriate safeguards pursuant to Art. 46 GDPR

Below are the external providers that carry out data transfers to countries outside the EU:

Google LLC is based in the United States of America. The transfer of data to the United States takes place on the basis of the Standard Contractual Clauses approved by the European Commission (Art. 46(2)(c) GDPR), incorporated into the contractual terms of Google Cloud / Firebase.

For more information: https://policies.google.com/privacy).

10. Data Retention

Personal data is retained for the period strictly necessary to achieve the purposes for which it was collected. In particular:

contact data is retained for the time necessary to handle the user's request
contractual and billing data is retained for the period required by tax regulations (generally 10 years)
data used for marketing purposes is retained until consent is withdrawn
technical and statistical data is retained for limited periods proportionate to the analysis purposes

11. Cookies and Tracking Technologies

The website uses cookies and similar technologies to ensure the correct functioning of services and improve the browsing experience. Cookies may be used to:

store user preferences
analyse website traffic
improve the security of services
provide personalised content

Technical cookies necessary for the functioning of the website do not require the user's consent. Other cookies, such as third-party analytics or marketing cookies, are only used subject to consent via the cookie banner. For more information, please consult the Cookie Policy available on the website.

12. Data Subject Rights

Users have the right to exercise at any time the rights provided for under the GDPR, including:

right of access to their personal data
right to rectification of inaccurate data
right to erasure of data in cases provided for by law
right to restriction of processing
right to data portability
right to object to processing
right to withdraw consent at any time

To exercise these rights, please write to:

privacy@ubaproject.com

13. Complaint to the Supervisory Authority

If the user believes that the processing of their data violates data protection legislation, they have the right to lodge a complaint with the competent supervisory authority.

Italian Data Protection Authority (Garante per la protezione dei dati personali)
Piazza Venezia 11 – 00187 Rome
www.garanteprivacy.it

14. Updates to the Privacy Policy

This policy may be updated over time to reflect regulatory changes or changes to the services offered.

The updated version will always be available on this page with an indication of the date of the last update.