PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 679/2016 (General Data Protection Regulation – GDPR)

This policy pertains to the processing of personal data of users data subjects ) who access and use the services provided through the apps and social platforms of Digitalmoka (collectively “Services”). The Services are accessible through apps that can be downloaded from stores for mobile devices (eg. App Store or Google Play Store, hereinafter referred to as “Apps”) or through online gaming platforms connected to social networks (e.g. Facebook, hereinafter referred to as “Social platforms”) This policy is provided only for the Apps and Social Platforms through which Digitalmoka delivers its Services and not for the Apps, Social Platforms and third-party websites accessible through hyperlinks contained therein, for which the Controller is in no way liable. We specify, as of now, that the personal data of users who access and use the Services may also be processed by third parties, as independent Controllers. Concretely, this occurs for the managers mobile device stores (eg. Google Ireland Limited, Apple Distribution International Ltd., etc.) or of the Social Platforms (e.g. Facebook Ireland Limited) which process user data for their own purposes and with autonomously determined means (for example, to allow the acquisition of additional content or services or in the context of their own marketing activities), as better specified in the rest of this disclosure.

1. Data Controller

The Controller is “Digitalmoka S.r.l.”, with registered office in Via Ostiense 387b 00145 Rome (hereinafter “DIGITALMOKA” or “Controller”).

2. Nature of data provision

To use the Services, the user may be required to provide the personal data necessary to ensure their use: for example, in order to fill in the contact forms available on the Apps and Social Platforms, users must provide their e-mail address, in order to respond to communications sent. In any case, it is specified that the user is free to provide the requested data or otherwise, in the sense that he/she is not legally obliged to provide them: failure to provide the data indicated as necessary, however, makes it impossible for DIGITALMOKA to provide the service required.

3. Types of data processed, purposes and legal basis of the processing

The processing operations are carried out with reference only to data attributable to the user’s identity, which can be classified as personal data pursuant to art. 4, par. 1 n. 1 of Regulation (EU) 679/2016 (GDPR), to be understood as “any information relating to an identified or identifiable natural person”. Indeed, the use of the Services does not necessarily require the identification of the user. In particular:

• to use the Services through the Social Platform, access to the user’s personal account (Social Account) is required. In this case, when the user first logs in, the username associated with the Social Account of the interested party will be changed in order to avoid direct identification and associated with a new account created by DIGITALMOKA (DIGITALMOKA Account): following this change and on the occasion of subsequent accesses through the Social Platform, the user will be recognized through the new nickname associated with the DIGITALMOKA Account. The profile picture relating to the Social Account, however, will not be changed and can be viewed by other Users. If this image allows for the User to be identified and can therefore be qualified as personal data, Digitalmoka will carry out the related processing exclusively for purposes related to Service provision;
• When Services are used through the App, an account will be automatically assigned to the User the first time they log in through their device (DIGITALMOKA Account). It should be noted that the creation of the DIGITALMOKA Account does not involve the collection of personal data of the user, who is identified through an ID associated with the device used; however, the user has the possibility of associating his Social Account with the DIGITALMOKA Account: in this case, DIGITALMOKA may be able to identify the user and process their data for purposes related to the Service provision; it should be noted, however, that even if the DIGITALMOKA Account is associated with the user’s Social Account, DIGITALMOKA will proceed, as illustrated in the previous point, to change the username associated with the Social Account of the data subject, which will not be processed further.
• The user can always change the nickname associated with their DIGITALMOKA Account, through the appropriate function available in the “PROFILE” section: in this case, if the nickname chosen by the user contains personal data referring to the same, such as to allow identification, the same data will be processed by Digitalmoka as Controller.

Given the above, it is specified that the types of data listed below can be considered personal data and are, therefore, subject to processing only when they can be associated with the identity of the data subject (for example, in the event that the chosen nickname contains data susceptible to identify the user, such as name and surname, or if the User logs in via the Social Platform or associates the DIGITALMOKA Account with their Social Account with a profile photo that makes it identifiable). The types of data processed include, in particular:

3.1 navigation data

During the user’s navigation on the Apps and on the Social Platforms, the computer systems used to operate them automatically acquire some information whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of devices used by Users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment. These data are processed for the purpose of:

• ensuring the correct functionality of the Apps and social platforms and the usability of the Services;
• obtaining aggregated and anonymized statistical information relating to the use of the Apps and Social Platforms (such as, for example, most visited pages, number of visitors by time or day, geographical areas of origin, etc.). With the express consent of the data subject, such information may be associated with an anonymous identifier (“Advertising ID”) and communicated to DIGITALMOKA’s business partners, who will be able to process it for their own purposes and according to their own personal data processing policies.

3.2 data provided by the data subject

DIGITALMOKA processes the data submitted voluntarily by the user for purposes related to the provision of the Services. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the data subject is a party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR). In particular, the personal data provided by the data subject may be processed for the following purposes:

1. in relation to the data provided through the personalization functions available within the Apps and Social Platforms, in order to allow the user to customize their profile, modifying or entering new data associated with their DIGITALMOKA Account (such as, for example, nicknames, avatars, lists of friends etc.). These data could be viewed by other users, in order to improve the user experience of the Services and encourage interaction between the users;
2. in relation to the data provided through the use of chat, where available, in order to allow the user to exchange opinions and suggestions with other users;
3. in relation to the data provided by filling in the contact forms (in particular, e-mail address and any other personal data included in the message sent by the user) in order to obtain support requests and, more generally, communications from the data subject.

3.3 data relating to the user’s activity

DIGITALMOKA collects some personal data generated through the user’s interaction with the Apps and Social Platforms, for purposes related to the provision of the Services. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the data subject is party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR). Such data could be viewed by other users, in order to improve the User experience of the Services and encourage interaction between users and include, by way of example:

1. game score;
2. game level;
3. game rankings, in which the User can view their own positioning and that of other players;
4. list of opponents;
5. data relating to game options and use of the Services (e.g. type of playing cards, background, sound activation, etc.);
6. data relating to purchases of Virtual Money, Virtual Goods and Subscriptions and the virtual credit associated with the DIGITALMOKA Account.

3.4 data acquired from third parties

DIGITALMOKA receives some personal data regarding the user from third parties and processes them for purposes related to the provision of the Services. The legal basis of the processing is, therefore, constituted by the execution of a contract of which the data subject is a party, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR), or, in some cases, by virtue of the consent of the data subject, pursuant to art. 6, par. 1, lett. b) of Regulation (EU) 679/2016 (GDPR). Such data may include, for example:

1. information associated with the Social Account of the data subject (if they log in via the Social Platform or associate the Social Account with the DIGITALMOKA Account). These data are communicated by the manager of the Social Platform (e.g. Facebook Ireland Limited) and may include, in particular:
   1. the username and profile picture, subject to the express consent of the data subject, in order to allow access to and use of the Services through the Social Platform or the association of the Social Account to the DIGITALMOKA Account. In this case, as specified above, the username associated with the Social Account will be processed by DIGITALMOKA for the sole purpose of creating a new nickname, used to identify the data subject within the Social Platform and viewable by other users, without identification data attributable to the data subject (for example, if the username associated with the Social Account is Mario Rossi, the new nickname created by DIGITALMOKA and associated with the DIGITALMOKA Account, could be Mario R.);
   2. the list of friends / social contacts of the user who use the same Digitalmoka application, subject to the express consent of the same, in order to improve the experience of using the Services and encourage interaction between users;
2. data relating to purchases of content or additional services in real currency, made by the user within the stores available in the Apps and Social Platforms. It should be noted that, in this case, DIGITALMOKA is not part of the sales contract, which exists exclusively between the user (buyer) and the manager of the store for mobile devices (e.g. Google Ireland Limited, Apple Distribution International Ltd., etc.) or the Social Platform (e.g. Facebook Ireland Limited) employed for the use of the Services: the processing activities related to the management of transactions, therefore, are carried out by the same managers as independent Controllers and according to their own privacy policies, to which DIGITALMOKA remains extraneous. DIGITALMOKA exclusively collects and processes the data transmitted by the managers, once the purchase has been made, in order to attribute to the user the advantages connected to the same in the context of the Services offered (e.g. credit on the DIGITALMOKA Account of Virtual Goods, Virtual Money o Subscriptions, deletion of advertising messages, etc.).

4. Methods and duration of the processing

The processing will be carried out using paper and / or IT tools, by natural person authorized to do so, who operate under the direct authority and according to the instructions given by the Controller, with processing strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data processed. The processing operations are carried out in such a way as to guarantee the security of data and systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access, of processing that is not permitted or does not comply with the purposes indicated in these guidelines. However, the security measures adopted do not allow for the risk of interception or compromise of personal data transmitted via telematic devices to be absolutely ruled out. It is therefore recommended to verify that the device employed by the user is equipped with software systems suitable for the protection of the telematic transmission of data, both inbound and outbound (such as, for example, updated antivirus systems, firewalls and spam filters). The data being processed will be kept for a period not exceeding that necessary to achieve the purposes for which they were collected and subsequently processed. In particular:

1. the data under 3.2.a) will be kept until they are deleted or modified and, in any case, until the user’s DIGITALMOKA Account is deleted;
2. the data under 3.2.b) will be kept until the end of the individual game, for chats between users participating in the same game and, for chats taking place outside of a game, for six months from the last interaction of one of the users participating in the chat;
3. the data under 3.2.c) will be kept for the time necessary to provide a response to the data subject;
4. the data under 3.3 will be kept for the time necessary to ensure the use of the services and features to which they refer (for example, the data relating to the game options and the use of the Services will be kept until any modification of the same) and, in any case, until the deletion of the DIGITALMOKA Account;
5. with regard to the data under 3.4.a).i: the username associated with the Social Account of the data subject, acquired if the Services are accessed through the Social Platform or association of the Social Account with the DIGITALMOKA Account, will be kept until creation of a new nickname associated with the DIGITALMOKA Account; the new nickname created by DIGITALMOKA and the profile image will be kept until they are modified and, in any case, until the deletion of the DIGITALMOKA Account or the User’s Social Account or the withdrawal of consent, whichever occurs first;
6. the data under 3.4.a).ii will be kept until the deletion of the DIGITALMOKA Account or the User’s Social Account or, in any case, until the data subject revokes their consent for the processing;
7. the data under 3.4.b) will be kept for the time necessary to ensure the use of the Services and functions to which they refer (for example, the data relating to the purchase of Virtual Goods, Virtual Money or Subscriptions, will be kept as long as they are present on the DIGITALMOKA Account) and, in any case, until the deletion of the DIGITALMOKA Account.

It is also specified that the DIGITALMOKA Account will be deleted in the event of user inactivity for a period equal to or greater than 180 days: in this case, all personal data associated with the same DIGITALMOKA Account will be deleted or made anonymous.

5. Categories of recipients

The personal data of the data subject may be communicated to:

• specifically authorized collaborators and employees of the Data, within the scope of their duties;
• commercial partners of DIGITALMOKA (subject to the express and free consent of the interested party), who will process the data subject to communication as independent Controllers and for their own purposes;
• providers of the Services offered through the Apps and Social Platforms or related to the functioning of the same.

Under no circumstances will personal data be communicated, disseminated, sold or otherwise transferred to third parties for illegal purposes and, in any case, without providing suitable information to the data subject and obtaining their consent, where required by law. Any communication of data at the request of the judicial or public security authorities, in the manner and in the cases provided for by law, remains unaffected. With the express consent of the interested party, the data may be transferred to servers located in the United States, whose legal regime does not guarantee a level of protection equivalent to that in force within the European Union in accordance with the GDPR. It should be noted, however, that standard contractual clauses have been signed with the importer, which constitute adequate guarantees pursuant to art. 46, par. 2, lett. c) of the GDPR.

6.Rights of the data subject

The data subject has the right to access their personal data, to request their correction, updating and deletion or limitation, if incomplete, erroneous or collected in violation of the law, as well as to oppose the processing for legitimate reasons or obtain portability. Specifically, the data subject shall have the right to obtain from the controller confirmation as to whether or no personal data concerning him or her are being processed , even if it has not yet been recorded, and to its communication in intelligible form. The data subject concerned also has the right to obtain information on:

1. the purposes and methods of data processing;
2. the logic applied in case of processing carried out with the aid of electronic devices;
3. the identification details of the Controller, of the Processors and of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them in their capacity as natural person acting under the authority of the controller or the processor who has access to personal data.

The data subject has the right to obtain:

1. the updating, rectfication or integration of their data;
2. the erasure, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes of the processing;
3. the restriction of processing, when one of the situations referred to in Article 18 GDPR occurs;
4. the attestation that the operations referred to in letters a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
5. the transmission of data concerning them, provided to the Controller and processed on the basis of the express consent of the data subject for one or more specific purposes, in a structured, commonly used and machine readable format. Pursuant to art. 20 GDPR, the interested party also has the right to transmit such data to another controller without impediments and, if technically feasible, to obtain the direct transmission of personal data from one controller to another.
6. if the processing is based on consent, to withdraw their consent at any time (pursuant to Article 7, paragraph 3 of the GDPR).

The data subject has the right to object, in whole or in part:

1. the processing of personal data concerning them for legitimate reasons, even if relevant to the purpose of collection;
2. the processing of personal data concerning them for the purpose of sending advertising or direct sales material, or for carrying out market research or commercial communication.
3. automated decision-making processes that significantly affect their person.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their usual residence, place of work or place of the alleged infringement.

7. Exercise of rights

The above rights are exercised with a request addressed to the Controller, by sending an e-mail message to the address [email protected]. The request is formulated freely and without formalities by the data subject, who has the right to receive suitable feedback within a reasonable timeframe, depending on the circumstances of the case. The data subject may make use, for the exercise of their rights, of non-profit bodies, organizations or associations, whose statutory objectives are of public interest and which are active in the field of protection of the rights and freedoms of the interested parties with regard to the protection of personal data, providing, for this purpose, a suitable mandate. The data subject may also be assisted by a person of trust. It is possible to receive more information on the purposes and methods of processing personal data by writing to [email protected] and indicating “Privacy” in the subject line. To find out about your rights, lodge a complaint and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the data subject can contact the personal Data Protection Authority, by consulting the website at the address http://www.garanteprivacy.it/.

8. Miscellaneous

The original text of this information is drawn up in Italian and the Italian text is the only one that will be authentic in the relationship between the data subject and the Controller. It should be noted that, for the convenience of the data subject, this information is also available in English: it is understood, in any case, that any translation is provided solely for facilitative purposes and that in any case of conflict or discrepancy, the Italian version will remain prevailing and legally binding in the relations between the Controller and the data subject, without prejudice to DIGITALMOKA’s exemption from any liability deriving from translation defects.

Information updated in September 2022