Last updated: September 20, 2025
Controller: Smart Garden Systems d.o.o., Kralja Petra Krešimira IV 4, 47000 Karlovac, Croatia
Contact: info@smartgarden.hr

What we use the camera for

Our app requests access to your device’s camera solely so you can:

• add photos to your posts, reviews and community contributions (e.g., plant growth updates, recipes, tips, experiences);
• attach images to product reviews (AURELIA, SIMPLY and related accessories).

We do not record video or capture images without your action. Camera access is only active while you are using features that require it (e.g., tapping “Add photo”).

Types of data processed

• Images you choose to upload (photos you take in-app or select from your gallery).
• Optional captions/review text you write.
• Technical metadata (e.g., file type, size).
  • We automatically remove embedded location (EXIF GPS) data from photos before storage.

We do not collect biometric data, face templates, or background camera footage.

Legal basis (GDPR)

• Consent (Art. 6(1)(a)) for camera permission and uploading photos.
• Performance of a contract (Art. 6(1)(b)) to provide community and review features you request.
• Legitimate interests (Art. 6(1)(f)) for service security, abuse prevention, and moderation.

You can withdraw camera permission at any time in your device settings; this won’t affect the legality of processing prior to withdrawal, but you may not be able to add photos.

How we process and store your photos

• Photos you upload are stored on secure servers in the EU or EEA-aligned providers with appropriate safeguards.
• Data is encrypted in transit and at rest.
• We apply content moderation (automated and/or manual) to prevent abusive or illegal content.

Sharing and disclosures

We do not sell your data. We may share photos and related content with:

• Service providers (processors) that host, store, or moderate content under data-processing agreements;
• Authorities if required by law or to protect rights, safety, and prevent fraud/abuse.

If you choose to make a post/review public, your username and photo will be visible to other users. We may request your explicit consent to feature your content in marketing materials; absent such consent, your content remains within the app/community context you selected.

Retention

• Your photos and reviews are kept until you delete them or delete your account.
• Backups may persist for up to 30 days after deletion for disaster recovery. Aggregated, de-identified analytics may be retained longer.

Your choices and controls

• Grant/deny camera permission at any time via device settings.
• Upload or remove your photos and posts within the app.
• Report content for moderation if you see something inappropriate.

Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local supervisory authority.
To exercise your rights, contact info@smartgarden.hr.

Children’s privacy

Our app is not intended for children under the age applicable in your country without parental consent. We remove content suspected to be submitted by underage users without proper consent.

Changes to this notice

We may update this section if our camera or photo features change. We will notify you in-app or by email where appropriate.

---

Camera Usage Description (for permission prompt)

iOS (NSCameraUsageDescription) / Android prompt text:
“Smart Garden uses the camera only when you choose to add photos to your posts and product reviews (e.g., plant updates, recipes, experiences). We don’t capture images without your action.”

---

ADDENDUM: PROFILE, PHOTOS/VIDEOS, PERMISSIONS & SDKs (GDPR)

Scope. This section supplements the camera notice and lists all data categories, purposes, legal bases, recipients, retention periods, and platform permissions (iOS/Android).

Categories of data we process

• Account & profile: name, surname (if provided), username, email address, profile image (avatar).
• Community content (UGC): photos and videos you upload, captions/notes, comments, reactions (e.g., likes).
• Technical & diagnostics: IP address, device/app identifiers, language/region, OS and app version, push notification token, crash logs, basic usage analytics.
• Third-party sign-in (optional): if you use “Sign in with Apple/Google,” we receive the public attributes you approve (e.g., name and email).
• Content metadata: file type and size. Where applicable, we strip location (EXIF GPS) data from photos before storage.

Purposes and legal bases

• Provide the service and your account; publish content; show profile/community features (contract, Art. 6(1)(b) GDPR).
• Camera/photos/videos strictly at your request (consent, Art. 6(1)(a)); you can withdraw permission in device settings.
• Security, abuse prevention and moderation (legitimate interests, Art. 6(1)(f)).
• Diagnostics and quality improvement (legitimate interests, Art. 6(1)(f)).

Platform permissions and how they work

• Camera: active only when you choose an action (e.g., “Add photo” / “Record video”). We do not capture without your action.
• Photos/Media Library: to let you select existing photos/videos from your gallery.
• Microphone (only if you record video with sound): requested solely when you record a video and enable audio.
• Notifications (push): used for community updates (e.g., reactions/comments). You can disable at any time in system settings.

Sharing, recipients, and international transfers

• We do not sell your data.
• We may share data with trusted processors (hosting/CDN, storage, moderation, analytics, crash reporting) under data-processing agreements.
• If data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) and additional technical/organizational measures.
• Public visibility: content you mark as public will be visible to other users together with your username and avatar. We seek separate, explicit consent for marketing uses.

Retention (by category)

• Account & profile: until you delete your account or withdraw consent where applicable.
• Photos and videos (UGC): until you delete them or delete your account.
• Backups: up to 30 days (disaster recovery).
• Diagnostics & logs: 12–24 months (security and stability).
• Aggregated/anonymous statistics: may be kept longer without identifying you.

Your choices and rights

• GDPR rights: access, rectification, erasure, restriction, portability, and objection.
• Withdraw consent: you can disable camera/photos/microphone permissions at any time in device settings (this does not affect the lawfulness of processing before withdrawal).
• Supervisory authority: you may lodge a complaint with AZOP – Croatian Personal Data Protection Agency.
• To exercise rights: info@smartgarden.hr (subject: “GDPR request”).

Children and age of consent

Our service is not intended for children without parental consent. If we offer the service to a child under 16 (or the lower age permitted in your country), we will seek verifiable parental consent. Content suspected to have been submitted by a child without proper consent will be removed.

Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

Security

We apply industry-standard measures: encryption in transit and at rest, access controls, abuse monitoring, and incident response procedures.

Changes

If we change how we handle photos/videos or profile data, we will notify you in-app or by email where appropriate.