DISCLOSURE OF PERSONAL DATA PROCESSING POLICY PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 679/2016 (General Data Protection Regulation - GDPR)

This information pertains to the processing of personal data of users (interested in the processing) who access and use the services provided through the apps and social platforms of Digitalmoka (collectively "Services").

The Services are accessible through apps that can be downloaded from stores for mobile devices (eg. App Store or Google Play Store, hereinafter referred to as "Apps") or through online gaming platforms connected to social networks (e.g. Facebook, hereinafter referred to as "Social platforms")

This information is provided only for the Apps and Social Platforms through which Digitalmoka delivers its Services and not for the Apps, Social Platforms and third-party websites accessible through hyperlinks contained therein, for which the Data Controller is in no way liable.

We specify, as of now, that the personal data of users who access and use the Services may also be processed by third parties, as independent Data Controllers. Concretely, this occurs for the managers mobile device stores (eg. Google Ireland Limited, Apple Distribution International Ltd., etc.) or of the Social Platforms (e.g. Facebook Ireland Limited) which process user data for their own purposes and with autonomously determined means (for example, to allow the acquisition of additional content or services or in the context of their own marketing activities), as better specified in the rest of this disclosure.

1. Data Controller

The Data Controller is "Digitalmoka S.r.l.", with registered office in via Anguillarese 186, 00123 Rome (hereinafter "DIGITALMOKA" or "Data Controller").

2. Nature of data provision

To use the Services, the user may be required to provide the personal data necessary to ensure their use: for example, in order to fill in the contact forms available on the Apps and Social Platforms, users must provide their e-mail address, in order to respond to communications sent. In any case, it is specified that the user is free to provide the requested data or otherwise, in the sense that he/she is not legally obliged to provide them: failure to provide the data indicated as necessary, however, makes it impossible for DIGITALMOKA to provide the service required.

3. Types of data processed, purpose and legal basis of the processing

The processing operations are carried out with reference only to data attributable to the user's identity, which can be classified as personal data pursuant to art. 4, par. 1 n. 1 of Regulation (EU) 679/2016 (GDPR), to be understood as " any information concerning an identified or identifiable natural person ".

Indeed, the use of the Services does not necessarily require the identification of the user. In particular:

The user can always change the nickname associated with their DIGITALMOKA Account, through the appropriate function available in the "PROFILE" section: in this case, if the nickname chosen by the user contains personal data referring to the same, such as to allow identification, the same data will be processed by Digitalmoka as Data Controller.

Given the above, it is specified that the types of data listed below can be considered personal data and are, therefore, subject to processing only when they can be associated with the identity of the interested party (for example, in the event that the chosen nickname contains data susceptible to identify the user, such as name and surname, or if the User logs in via the Social Platform or associates the DIGITALMOKA Account with their Social Account with a profile photo that makes it identifiable) .

The types of data processed include, in particular:

3.1 navigation data

During the user's navigation on the Apps and on the Social Platforms, the computer systems used to operate them automatically acquire some information whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of devices used by Users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment.

These data are processed for the purpose of:

3.2 data provided by the interested party

DIGITALMOKA processes the data submitted voluntarily by the user for purposes related to the provision of the Services. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the interested party is a party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR).

In particular, the personal data provided by the interested party may be processed for the following purposes:

a) in relation to the data provided through the personalization functions available within the Apps and Social Platforms, in order to allow the user to customize their profile, modifying or entering new data associated with their DIGITALMOKA Account (such as, for example, nicknames, avatars, lists of friends etc.). These data could be viewed by other users, in order to improve the user experience of the Services and encourage interaction between the users;

b) in relation to the data provided through the use of chat, where available, in order to allow the user to exchange opinions and suggestions with other users;

c) in relation to the data provided by filling in the contact forms (in particular, e-mail address and any other personal data included in the message sent by the user) in order to obtain support requests and, more generally, communications from the interested party.

3.3 data relating to the user's activity

DIGITALMOKA collects some personal data generated through the user's interaction with the Apps and Social Platforms, for purposes related to the provision of the Services. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the interested party is a party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR). Such data could be viewed by other users, in order to improve the User experience of the Services and encourage interaction between users and include, by way of example:

3.4 data acquired from third parties

DIGITALMOKA receives some personal data regarding the user from third parties and processes them for purposes related to the provision of the Services. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the interested party is a party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR), or, in some cases, by virtue of the consent of the interested party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR). Such data may include, for example:

4. Methods and duration of the processing

The processing will be carried out using paper and / or IT tools, by individuals authorized to do so, who operate under the direct authority and according to the instructions given by the Data Controller, with processing strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data processed.

The processing operations are carried out in such a way as to guarantee the security of data and systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access, of processing that is not permitted or does not comply with the purposes indicated in these guidelines.

However, the security measures adopted do not allow for the risk of interception or compromise of personal data transmitted via telematic devices to be absolutely ruled out. It is therefore recommended to verify that the device employed by the user is equipped with software systems suitable for the protection of the telematic transmission of data, both inbound and outbound (such as, for example, updated antivirus systems, firewalls and spam filters).

The data being processed will be kept for a period of time not exceeding that necessary to achieve the purposes for which they were collected and subsequently processed. In particular:

It is also specified that the DIGITALMOKA Account will be deleted in the event of user inactivity for a period equal to or greater than 180 days: in this case, all personal data associated with the same DIGITALMOKA Account will be deleted or made anonymous.

5. Categories of recipients

The personal data of the Interested party may be communicated to:

Under no circumstances will personal data be communicated, disseminated, sold or otherwise transferred to third parties for illegal purposes and, in any case, without providing suitable information to the interested parties and obtaining their consent, where required by law. Any communication of data at the request of the judicial or public security authorities, in the manner and in the cases provided for by law, remains unaffected. Personal data will not be transferred abroad, to Countries or international Organizations not belonging to the European Union that do not guarantee an adequate level of protection, as recognized, pursuant to art. 45 GDPR, through an adequacy decision of the EU Commission. Should it be necessary for the provision of the Services, the transfer of personal data to Countries or international Organizations outside the EU, for which the Commission has not made an adequacy decision pursuant to art. 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient Country or Organization, pursuant to art. 46 GDPR and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 GDPR, the cross-border transfer will take place only if one of the conditions indicated in art. 49 GDPR is fulfilled.

6. Data Subject's Rights

The interested party has the right to access their personal data, to request their correction, updating and deletion or limitation, if incomplete, erroneous or collected in violation of the law, as well as to oppose the processing for legitimate reasons or obtain portability.

Specifically, the party concerned is entitled to receive confirmation as to the existence or non-existence of their personal information, even if it has not yet been recorded, and to its communication in intelligible form.

The party concerned also has the right to obtain information on:

The interested party has the right to obtain:

The interested party has the right to oppose, in whole or in part:

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their usual residence, place of work or place of the alleged infringement.

7. Exercise of rights

The above rights are exercised with a request addressed to the Data Controller, by sending an e-mail message to the address privacy@digitalmoka.com. The request is formulated freely and without formalities by the interested party, who has the right to receive suitable feedback within a reasonable timeframe, depending on the circumstances of the case.

The interested party may make use, for the exercise of their rights, of non-profit bodies, organizations or associations, whose statutory objectives are of public interest and which are active in the field of protection of the rights and freedoms of the interested parties with regard to the protection of personal data, providing, for this purpose, a suitable mandate. The data subject may also be assisted by a person of trust.

It is possible to receive more information on the purposes and methods of processing personal data by writing to privacy@digitalmoka.com and indicating "Privacy" in the subject line.

To find out about your rights, lodge a complaint and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the interested party can contact the personal Data Protection Authority, by consulting the website at the address http://www.garanteprivacy.it/.

8. Miscellaneous

The original text of this information is drawn up in Italian and the Italian text is the only one that will be authentic in the relationship between the data subject and the Data Controller.

It should be noted that, for the convenience of the interested party, this information is also available in English: it is understood, in any case, that any translation is provided solely for facilitative purposes and that in any case of conflict or discrepancy, the Italian version will remain prevailing and legally binding in the relations between the Data Controller and the data subject, without prejudice to DIGITALMOKA's exemption from any liability deriving from translation defects.

Information updated in June 2021