UV Index Bot Logo
UV Index Bot
Add Bot

Privacy Policy - UV Index Bot

Pursuant to Art. 13 of the EU Regulation 2016/679 (GDPR)

Last updated: 27/04/2025

Dear User, We wish to inform you that the Telegram bot “UV Index Bot” (hereinafter “Bot”), managed by [Your Name/Company Name] (hereinafter “Controller”), processes some of your personal data during its use. This policy describes what data we collect, how we use it, and what your rights are in this regard.

1. Data Controller

The Data Controller for personal data is: [Your Name/Company Name] Contact: [Your Privacy Contact Email/Telegram]

2. Personal Data Processed

The Bot processes the following categories of personal data:

  • Identifiers Provided by Telegram: Your unique Telegram user ID.
  • Data Provided Directly by You:
    • Text messages sent to the Bot (commands and input for features).
    • Names or addresses of locations provided for UV index monitoring.
    • Timezone (IANA format, e.g., “Europe/Rome”) provided textually or via an external Mini App.
    • Desired notification time for daily subscriptions (if activated).
    • Input provided by pressing buttons (callback queries).
  • Data Derived or Processed by the Bot:
    • Preferred locale (language) for the Bot interface (may be derived from the language set on Telegram, if supported).
    • List of monitored locations associated with your User ID, containing: assigned name, latitude, and longitude (obtained via geocoding).
    • Status of your subscription to daily notifications and the corresponding sending time.
    • Timestamps related to interaction with the Bot (e.g., user creation date, last update, last activity).

We process your personal data for the following purposes:

  • To provide the core functionalities of the Bot: Allow you to add, view, rename, inspect, and remove locations; obtain current UV index forecasts (/now) for your locations. Legal Basis: Performance of a service requested by the user (Art. 6.1.b GDPR).
  • To manage subscriptions to daily notifications: Send you daily UV index reports at the time and timezone specified by you (if you have activated the subscription with /subscribe). Legal Basis: Consent of the data subject (Art. 6.1.a GDPR), freely given via the /subscribe command and revocable with /unsubscribe. Setting the time (/set_time) and timezone (/set_timezone) is necessary for this purpose and based on your consent to provide them.
  • To personalize the user experience: Use the locale (language) to respond in the appropriate language. Legal Basis: Legitimate interest of the Controller to provide a more user-friendly service (Art. 6.1.f GDPR) or performance of the requested service (Art. 6.1.b GDPR).
  • To ensure the technical operation and security of the Bot: Use of anonymized technical logs (if any) and timestamps for monitoring and diagnostics. Legal Basis: Legitimate interest of the Controller (Art. 6.1.f GDPR).

4. Data Communication to Third Parties and External Services

To provide its functionalities, the Bot interacts with some external services, communicating only the strictly necessary data to them:

  • Telegram: The platform on which the Bot operates. Data processing by Telegram is governed by the Telegram Privacy Policy.
  • Nominatim (Geocoding Service based on OpenStreetMap): When you add a location by name or address, that text is sent to Nominatim to obtain geographical coordinates. Data processing by Nominatim/OpenStreetMap is subject to their respective policies. Map data is © OpenStreetMap contributors (Attribution: osm.org/copyright).
  • Open-Meteo (Weather/UV Forecast Service): The geographical coordinates (latitude and longitude) of your locations are sent to Open-Meteo to obtain UV index forecasts. Data processing is subject to Open-Meteo’s policy (Attribution: Weather data by Open-Meteo.com).
  • Timezone Mini App/Web App (your-timezone.pages.dev): To facilitate setting the timezone, the Bot may suggest using a dedicated Web App ([Link to your-timezone instance]). When opened, this web page will use your browser’s features (the Intl.DateTimeFormat API) to automatically detect the IANA timezone configured on your device. This detection happens locally on your device. The web page does not store this data nor send it to other servers. If you decide to press the “Send Timezone to Bot” button within the Web App, the detected timezone will be transmitted exclusively to our Bot and will be processed according to the purposes and methods described in this policy (specifically, for managing daily notifications). The page does not use cookies or other tracking tools.

The Controller does not share your personal data with other third parties for purposes other than those indicated, except under legal obligation.

5. International Data Transfers

The data processed by the Bot is stored on servers located [Server Location, e.g., within the European Economic Area (EEA)].

However, the use of the aforementioned external services (Telegram, Nominatim/OSM, Open-Meteo, Your Timezone Mini App) may involve the transfer of some data (Telegram user ID, geocoding queries, coordinates, timezone detected by the Mini App) outside the EEA. Such transfers occur based on the guarantees offered by these providers (e.g., Adequacy Decisions of the European Commission, Standard Contractual Clauses), in compliance with Chapter V of the GDPR.

6. Processing Methods and Security Measures

Data is processed mainly using electronic tools and stored in a local file (JSON) on the system hosting the Bot. The Controller adopts appropriate technical and organizational measures to protect data from unauthorized access, loss, or accidental destruction, in line with GDPR provisions (Art. 32). The specific security of the data file depends on the hosting environment chosen by the Controller.

7. Data Retention Period

Your personal data will be kept for the time strictly necessary to provide you with the requested functionalities:

  • Data related to your locations and preferences (locale, timezone) is kept as long as you actively use the Bot or do not request the deletion of specific locations or your entire user profile.
  • Data related to the daily subscription is kept as long as you maintain the subscription active.
  • [Inactive User Policy: e.g., “Data of users who do not interact with the Bot for a continuous period of [e.g., 12/24 months] will be automatically anonymized or deleted.”]

You can request the deletion of your data at any time as described in point 8.

8. Rights of the Data Subject

As a data subject, you have the right to exercise the rights provided for in Articles 15-22 of the GDPR, including:

  • Access: Obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data. You can view your locations with /locations and inspect their details (coordinates) with /inspect_location. For a complete data export, contact the Controller.
  • Rectification: Request the correction of inaccurate data. You can change location names with /rename_location, timezone with /set_timezone, and notification time with /set_time. For other corrections, contact the Controller.
  • Erasure (Right to be forgotten): Request the deletion of your data. You can remove individual locations with /remove_location and cancel the subscription with /unsubscribe. For the complete deletion of your user profile from the Bot, contact the Controller [Data Deletion Contact/Method].
  • Restriction of Processing: Request the restriction of processing under certain circumstances (e.g., contesting data accuracy, unlawful processing). Contact the Controller.
  • Data Portability: Receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format, based on consent or contract, and have the right to transmit those data to another controller where technically feasible. The export obtainable by contacting the Controller fulfills this right.
  • Objection: Object to processing based on legitimate interest. Contact the Controller.
  • Withdrawal of Consent: Withdraw consent for the daily subscription at any time using the /unsubscribe command, without affecting the lawfulness of processing based on consent before its withdrawal.

You can exercise your rights using the Bot commands where provided, or by contacting the Controller at [Your Privacy Contact Email/Telegram]. We will respond to your request within 1 month (extendable to 3 months in complex cases).

9. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the provisions of the GDPR, you have the right to lodge a complaint with the competent Supervisory Authority (for Italy, the Garante per la protezione dei dati personali - www.gpdp.it) or the Supervisory Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.

10. Children’s Data

The Bot is not intended for users under the age of 14 (or the minimum age for digital consent applicable in your jurisdiction). We do not knowingly collect personal data from children under this age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us.

11. Changes to this Policy

This policy may be subject to changes and updates. We invite you to consult it periodically. Any substantial changes will be communicated via [Notification Method for Policy Changes, e.g., a broadcast message if implemented, or simply updating the date and encouraging review].