Effective Date: December 10, 2025 | Last Updated: December 10, 2025
Welcome to METEO+! This Privacy Policy explains how we collect, use, store, and protect your personal data in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws. We are committed to protecting your privacy and ensuring transparency in our data processing practices.
Web Extreme Ltd. is the data controller responsible for the processing of your personal data in connection with the METEO+ service (including the mobile application and website). We determine the purposes and means of processing your personal data.
2. Scope and Applicability
2.1 🛡️ Services Covered
We are updating our Privacy Policy to explicitly include the following digital properties in its scope. This policy now governs your use of and interaction with:
METEO+ meteoradar.bg - Website: Accessible via web browsers at [meteoradar.bg]
METEO+ makmeteo.com - Website: Accessible via web browsers at [makmeteo.com]
METEO+ Метео Македонија - Mobile App: Available on mobile devices via Google Play Store and Apple App Store.
Времето Българив - Mobile App: Available on mobile devices via Google Play Store and Apple App Store.
All Related Services: Including APIs, widgets, and any other interfaces we may offer
This means that whenever you use or access any of the websites or mobile applications listed above, the terms of this Privacy Policy apply to the collection, use, and handling of your personal information.
2.2 Geographic Scope
This policy applies to all users worldwide, with specific provisions for users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with data protection laws.
2.3 Language
This Privacy Policy is provided in English. Translations in other languages are available upon request. In case of discrepancies, the English version shall prevail.
3. Types of Data We Collect
Categories of personal data as per Article 13(1)(c) GDPR
Saved Locations: Cities or locations you save for quick access
User Preferences: Temperature units (°C/°F), language settings, notification preferences
Account Information: Email address, username (if you create an account)
Communications: Feedback, bug reports, support inquiries you submit
3.3 Data We Do NOT Collect
We do NOT collect:
Precise real-time location tracking (we only use location when you open the app)
Contact lists or phonebook information
Photos, videos, or media files
SMS or call logs
Financial or payment information
Biometric data
Special categories of personal data (racial origin, religious beliefs, health data, etc.) as defined in Article 9 GDPR
4. How We Collect Data
Collection methods as per Article 13(2)(f) GDPR
4.1 Direct Collection
We collect data directly from you when you:
Download and install the mobile application
Create an account or profile
Enter location preferences or saved locations
Adjust app settings or preferences
Submit feedback, bug reports, or contact us
Grant permissions (location, notifications, etc.)
4.2 Automatic Collection
We automatically collect data through:
App Usage: During normal operation of the mobile app or website
Location Services: When you grant location permission to your device
Analytics SDKs: Google Analytics for Firebase, integrated into the app
Advertising SDKs: Google AdMob and AdSense
CDN Services: Bunny CDN for content delivery
Cookies: On our website (see Section 12)
4.3 Third-Party Sources
We may receive data from:
Google Services: Through Google Maps API, Analytics, and advertising services
Weather Data Providers: Third-party meteorological services
App Stores: Limited data from Google Play Store (installation statistics)
5. Purpose of Data Processing
Purposes as per Article 13(1)(c) GDPR
5.1 Core Service Functionality
Weather Information Delivery: Display current weather conditions, forecasts, and alerts for your selected locations
Location-Based Services: Automatically show weather for your current location
Map Functionality: Display interactive weather maps using Google Maps
Content Delivery: Efficiently load fonts, images, and data via CDN
Personalization: Remember your preferences, saved locations, and settings
5.2 Service Improvement and Analytics
Usage Analysis: Understand how users interact with features to improve the service
Performance Monitoring: Identify and fix bugs, crashes, and performance issues
Feature Development: Analyze which features are most used to prioritize development
A/B Testing: Test different versions of features to optimize user experience
5.3 Advertising and Marketing
Ad Display: Show advertisements through Google AdMob and AdSense
Ad Personalization: Display relevant ads based on your interests (with consent)
Ad Performance: Measure effectiveness of advertising campaigns
Revenue Generation: Support free access to the service
5.4 Security and Fraud Prevention
Security Monitoring: Detect and prevent fraudulent activity, abuse, and security threats
Authentication: Verify user identity (if you create an account)
Access Control: Prevent unauthorized access to the service
5.5 Legal Compliance
Legal Obligations: Comply with applicable laws, regulations, and legal processes
Law Enforcement: Respond to lawful requests from authorities
Dispute Resolution: Establish, exercise, or defend legal claims
6. Legal Basis for Processing
Legal grounds as per Article 6 GDPR
We process your personal data only when we have a valid legal basis under GDPR. The applicable legal basis depends on the specific processing activity:
6.1 Consent (Article 6(1)(a) GDPR)
We rely on your consent for:
Location Access: Processing GPS or network-based location data
Personalized Advertising: Using your data for targeted advertisements
Analytics Cookies: Non-essential cookies on our website
Your Right to Withdraw: You can withdraw your consent at any time through app settings or by contacting us. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
6.2 Contractual Necessity (Article 6(1)(b) GDPR)
Processing is necessary to provide the service you requested:
Delivering weather information
Displaying maps and visualizations
Providing saved locations functionality
Account management (if applicable)
6.3 Legitimate Interests (Article 6(1)(f) GDPR)
We process data based on our legitimate interests, which do not override your rights:
Service Improvement: Analyzing usage patterns to enhance functionality
Security: Detecting and preventing fraud, abuse, and security threats
Technical Optimization: Improving app performance and stability
Processing necessary to comply with legal requirements:
Responding to law enforcement requests
Complying with court orders
Meeting tax and accounting obligations
7. Third-Party Services and Data Processors
Recipients of data as per Article 13(1)(e) GDPR
We share your data with carefully selected third-party service providers who act as data processors on our behalf. All processors are bound by data processing agreements compliant with Article 28 GDPR.
Google LLC
Services Used: Google Maps API, Google Fonts, Google Analytics for Firebase, Google AdMob, Google AdSense
Location: United States
Data Processed: Location data, device information, usage data, advertising identifiers, IP address
Purpose: Maps display, analytics, advertising, font delivery
Legal Basis for Transfer: EU-US Data Privacy Framework, Standard Contractual Clauses
Data Processed: Location coordinates (to retrieve weather data)
Purpose: Obtain accurate weather forecasts and current conditions
Legal Basis: Contractual necessity
7.1 No Data Sales
Important: We do NOT sell, rent, or trade your personal data to third parties for their marketing purposes. Any data sharing is solely for the purposes described in this policy and governed by strict contractual obligations.
7.2 Data Processor Obligations
All third-party processors are required to:
Process data only on our documented instructions
Implement appropriate technical and organizational security measures
Maintain confidentiality of personal data
Assist us in responding to data subject requests
Delete or return data upon termination of services
Notify us of any data breaches
8. Data Retention Periods
Storage periods as per Article 13(2)(a) GDPR
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
Data Type
Retention Period
Justification
Location Data (real-time)
Session only (not stored)
Used only to retrieve weather data, then immediately deleted
Saved Locations
Until user deletion or account closure
Necessary for service functionality
Usage Analytics (user-level)
2 months
Google Analytics for Firebase default setting
Usage Analytics (aggregated)
26 months
Industry standard for trend analysis
Advertising Data
12-18 months
Google advertising policy requirements
Crash Reports
90 days
Bug fixing and stability improvement
Server Logs
90 days
Security monitoring and abuse prevention
Account Data
Until account deletion + 30 days
Allow for account recovery
Support Communications
3 years
Customer service and dispute resolution
Legal/Compliance Data
As required by law (typically 5-7 years)
Legal obligations
8.1 Deletion Process
Upon expiry of retention periods, we will:
Permanently delete personal data from active systems
Securely erase data from backups during routine backup cycles
Anonymize data for statistical purposes (where applicable)
9. Your Rights Under GDPR
Data subject rights as per Articles 15-22 GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
1. Right of Access (Article 15 GDPR): You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with information about the processing (purposes, categories, recipients, retention periods, etc.). You can request a copy of your personal data.
2. Right to Rectification (Article 16 GDPR): You have the right to request correction of inaccurate personal data and completion of incomplete personal data.
3. Right to Erasure / "Right to be Forgotten" (Article 17 GDPR): You have the right to request deletion of your personal data when:
The data is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Deletion is required to comply with a legal obligation
4. Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we restrict processing of your personal data when:
You contest the accuracy of the data (during verification)
Processing is unlawful but you prefer restriction over deletion
We no longer need the data but you need it for legal claims
You have objected to processing (pending verification of legitimate grounds)
5. Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV) and transmit it to another controller, where:
Processing is based on consent or contract
Processing is carried out by automated means
6. Right to Object (Article 21 GDPR): You have the right to object at any time to processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing immediately.
7. Right to Withdraw Consent (Article 7(3) GDPR): Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
8. Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.
9. Right Not to be Subject to Automated Decision-Making (Article 22 GDPR): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently engage in such automated decision-making.
9.1 How to Exercise Your Rights
To exercise any of the above rights, please contact us using the methods below:
Subject Line: "GDPR Data Subject Request - [Your Request Type]"
Required Information: To verify your identity, please provide:
Full name
Email address associated with your account (if applicable)
Specific request details
Any additional information that helps us locate your data
9.2 Response Timeline
We will respond to your request:
Within 30 days of receipt of your request
Extension possible: Up to 60 additional days for complex requests (we will inform you within the first 30 days)
Free of charge: Unless requests are manifestly unfounded or excessive
9.3 Verification Process
For security reasons, we may need to verify your identity before fulfilling your request. We may ask for additional information to confirm you are the data subject or authorized representative.
10. International Data Transfers
Third country transfers as per Articles 44-50 GDPR
Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. We ensure that such data transfers are conducted with appropriate safeguards as required by GDPR Chapter V.
10.1 Transfer Mechanisms
EU-US Data Privacy Framework
Google LLC participates in the EU-US Data Privacy Framework, which has been recognized by the European Commission as providing adequate protection for personal data transferred from the EU to participating organizations in the United States.
For transfers not covered by an adequacy decision, we use Standard Contractual Clauses approved by the European Commission (Decision 2021/914). These clauses provide appropriate safeguards for the protection of privacy, fundamental rights, and freedoms of individuals.
Additional Safeguards
We implement supplementary measures to ensure data protection, including:
Technical measures: Encryption in transit (TLS/SSL) and at rest
Organizational measures: Access controls, data minimization, confidentiality agreements
Contractual measures: Data processing agreements with strict security requirements
Regular audits: Assessment of data processors' compliance
10.2 Your Rights Regarding Transfers
You have the right to:
Obtain information about the safeguards in place for international transfers
Request copies of the safeguards (e.g., SCCs)
Object to transfers that do not have appropriate safeguards
10.3 Data Localization
Bunny CDN Data: All data processed by Bunny CDN remains within the European Union on servers located in EU member states, ensuring no international transfer occurs for CDN services.
11. Security Measures
Security obligations as per Article 32 GDPR
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, costs of implementation, and the nature, scope, context, and purposes of processing.
11.1 Technical Measures
Encryption:
Data in transit: TLS 1.2 or higher for all data transmissions
Data at rest: AES-256 encryption for stored sensitive data
End-to-end encryption for sensitive communications
Access Controls:
Role-based access control (RBAC)
Multi-factor authentication for administrative access
Principle of least privilege
Regular access reviews and audits
Network Security:
Firewalls and intrusion detection systems
DDoS protection
Regular security patching and updates
Secure API endpoints (HTTPS only)
Application Security:
Secure coding practices
Regular security testing and code reviews
Vulnerability scanning
Input validation and sanitization
11.2 Organizational Measures
Personnel:
Background checks for employees with data access
Mandatory data protection training
Confidentiality agreements
Clear data handling procedures
Policies and Procedures:
Data protection policies
Incident response plan
Business continuity and disaster recovery plans
Data retention and deletion procedures
Vendor Management:
Due diligence on all data processors
Data processing agreements with all third parties
Regular audits of processor compliance
Monitoring and Testing:
Continuous monitoring of systems
Regular security assessments
Penetration testing (annually)
Logging and audit trails
11.3 Data Minimization
We adhere to the principle of data minimization (Article 5(1)(c) GDPR) by:
Collecting only data necessary for specific purposes
Not collecting special categories of data
Anonymizing or pseudonymizing data where possible
Regularly reviewing data collection practices
12. Cookies and Tracking Technologies
Cookie consent as per ePrivacy Directive and GDPR
Our website and mobile application use cookies and similar tracking technologies. This section provides detailed information about these technologies.
12.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website or use an app. They help us recognize your device and remember your preferences.
12.2 Types of Cookies We Use
Cookie Type
Purpose
Duration
Consent Required
Strictly Necessary
Essential for app/website functionality, security, and load balancing
Session
No (legitimate interest)
Functional
Remember preferences, saved locations, language settings
1 year
Yes
Performance/Analytics
Google Analytics - measure app usage, identify bugs
2 years
Yes
Advertising
Google AdMob/AdSense - display personalized ads
12-18 months
Yes
12.3 Third-Party Cookies
Third-party services set their own cookies:
Google Analytics: _ga, _gid, _gat
Google AdMob/AdSense: Various advertising cookies
Google Maps: NID, PREF, SNID
12.4 Mobile App Identifiers
On mobile devices, we use:
Android Advertising ID (AAID): For personalized advertising
Android ID: For analytics and app functionality
Installation ID: To identify app installations
12.5 Managing Cookies and Tracking
Website (Browser)
You can control cookies through:
Our Cookie Banner: Manage preferences when first visiting
Browser Settings: Block or delete cookies
Chrome: Settings → Privacy and Security → Cookies
Firefox: Options → Privacy & Security → Cookies
Safari: Preferences → Privacy → Cookies
Mobile App (Android)
You can control tracking through:
App Settings: Toggle analytics and advertising preferences
Android Settings:
Reset Advertising ID: Settings → Google → Ads → Reset advertising ID
Opt out of personalized ads: Settings → Google → Ads → Opt out of Ads Personalization
Limit ad tracking: Settings → Privacy → Advanced → Ads
Note: Blocking all cookies may affect app functionality and prevent some features from working properly.
13. Children's Privacy
Protection of children as per Article 8 GDPR
13.1 Age Restrictions
METEO+ is not directed at children under the age of 16 years. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent.
13.2 Parental Consent
If you are under 16, you may only use METEO+ with the involvement, supervision, and consent of a parent or legal guardian who has read and agreed to this Privacy Policy.
13.3 Discovery of Child Data
If we become aware that we have collected personal data from a child under 16 without proper parental consent, we will:
Take immediate steps to delete such data
Terminate any associated account
Not use the data for any purpose
Complete deletion within 30 days of discovery
13.4 Parental Rights
Parents or guardians can:
Request information about data we hold on their child
Request deletion of their child's data
Refuse further collection or use of their child's data
Contact: If you believe your child has provided us with personal data, please contact us immediately at
support@webextreme.bg
Monitoring compliance with GDPR and other data protection laws
Advising on data protection impact assessments
Cooperating with supervisory authorities
Acting as a contact point for data subjects and authorities
Providing guidance on data protection practices
You can contact our DPO directly with questions about data protection, to exercise your rights, or to report concerns.
15. Data Breach Notification
Breach notification as per Articles 33-34 GDPR
15.1 Our Obligations
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
Notify Supervisory Authority: Within 72 hours of becoming aware of the breach (Article 33 GDPR)
Notify Affected Users: Without undue delay if the breach poses a high risk (Article 34 GDPR)
Document the Breach: Maintain records of all breaches and our response
15.2 Breach Response Process
Our incident response process includes:
Detection: Identify and verify the breach
Containment: Immediately contain and mitigate the breach
Assessment: Evaluate the nature, scope, and impact
Notification: Notify authorities and affected individuals as required
Investigation: Conduct thorough investigation of root cause
Remediation: Implement measures to prevent recurrence
Documentation: Maintain comprehensive records
15.3 What We Will Tell You
If we notify you of a breach, we will provide:
Nature of the breach
Categories and approximate number of data subjects affected
Categories and approximate number of personal data records concerned
Likely consequences of the breach
Measures taken or proposed to address the breach
Recommended actions you should take
Contact information for more information
16. Changes to This Policy
Transparency obligation as per Article 12 GDPR
16.1 Policy Updates
We may update this Privacy Policy from time to time to reflect:
Changes in our data processing practices
New features or services
Changes in applicable laws or regulations
Technological developments
Best practice improvements
16.2 Notification of Changes
We will notify you of material changes through:
In-App Notification: Prominent notice in the mobile app
Website Banner: Notice on our website
Email: Direct email notification (if you have provided an email address)
Updated Date: The "Last Updated" date at the top of this policy
16.3 Material Changes
For material changes that affect your rights or how we process your data, we will:
Provide at least 30 days' notice before the changes take effect
Obtain your renewed consent where required
Allow you to object or opt-out before the changes apply
16.4 Acceptance of Changes
Your continued use of METEO+ after the effective date of changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the service and may request deletion of your data.
16.5 Version History
Previous versions of this Privacy Policy are available upon request. Contact us at
support@webextreme.bg to request historical versions.
Response Time: We aim to respond to all inquiries within 5 business days, and to formal data subject requests within 30 days as required by GDPR.
17.2 How to Contact Us
When contacting us about privacy matters, please:
Use a clear subject line (e.g., "GDPR Rights Request" or "Privacy Inquiry")
Provide sufficient information to identify you and your request
Specify the nature of your request or concern
Include any relevant reference numbers or account details
18. Regional Specific Information
Additional information for specific jurisdictions
18.1 European Economic Area (EEA) Users
This entire Privacy Policy applies to users in the EEA, including all GDPR protections and rights described herein.
Lead Supervisory Authority
For cross-border processing, our lead supervisory authority is:
Commission for Personal Data Protection (Bulgaria)
2 Prof. Tsvetan Lazarov Blvd.
Sofia 1592, Bulgaria
Phone: +359 2 915 3 518
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg
18.2 North Macedonia
Legal Framework: North Macedonia's data protection law aligns with GDPR standards.
Supervisory Authority: Directorate for Personal Data Protection (DPDP) (Дирекција за заштита на личните податоци)
Bul. Goce Delcev 18
1000 Skopje, Republic of North Macedonia
Phone: +389 2 3230 635
Email: info@dzlp.mk
Website: https://dzlp.mk
Your Rights: You have the same rights as described in Section 9, and you may lodge a complaint with the DPDP.
18.3 Bulgaria
Legal Framework: Bulgarian Personal Data Protection Act (LPPD) + GDPR
Supervisory Authority: Commission for Personal Data Protection (CPDP) (Комисия за защита на личните данни)
2 Prof. Tsvetan Lazarov Blvd.
Sofia 1592, Bulgaria
Phone: +359 2 915 3 518
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg
18.4 United Kingdom
For users in the UK, we comply with the UK GDPR and Data Protection Act 2018.
Supervisory Authority: Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF, United Kingdom
Phone: +44 303 123 1113
Website: https://ico.org.uk
18.5 California (USA)
For California residents, additional rights under the California Consumer Privacy Act (CCPA) may apply. Please contact us for information specific to CCPA.
18.6 Other Jurisdictions
Users in other jurisdictions may have additional rights under local privacy laws. Please contact us to learn about rights specific to your location.
Quick Summary
What we collect: Location (with permission), device info, usage data, advertising IDs