Privacy and Data Protection Notice

The type of personal data collected varies depending on the user's activities on the platform, interaction with IT systems, and the level of use of available features. The processed information is divided into specific macro-categories.

Identification and contact data

This category includes information voluntarily provided by the user during registration, profile creation, or technical support requests. Such data typically includes name, surname, date of birth (required for legal age verification), email address, mobile phone number, and details regarding residence or domicile. Providing this information is an essential requirement for activating reserved services.

Usage and browsing data

Our IT systems automatically acquire certain information during normal website browsing. This data includes access logs, connection times, pages viewed within the platform, time spent on each section, internal navigation paths, and interaction rates with various user interface functionalities.

Device and transaction data

We collect technical information related to the devices used to access the platform, such as IP address, web browser type and version, operating system used, screen resolution, and unique mobile device identifier. Furthermore, in the presence of financial operations or transactions related to the use of services, data related to the history of deposits, withdrawals, preferred payment methods, and billing details are processed, excluding the direct storage of sensitive banking credentials, which are processed by protected financial institutions.

The processing of users' personal data is carried out exclusively when at least one of the legal bases clearly defined by current data protection regulations is present. Specifically, data is processed when:

It is necessary for the performance of a contract to which the user is party or for the performance of pre-contractual measures taken at their request.

There is a legitimate interest of the data controller, provided that the fundamental interests or rights of the user do not prevail (e.g., for fraud prevention and IT security improvement).

The user has given their explicit consent for one or more specific purposes, such as sending personalized promotional or informational communications.

It is necessary to comply with a legal or regulatory obligation to which the platform is subject within the relevant jurisdiction.

The information collected is used for well-defined purposes strictly related to the provision of the platform's activities. Personal data is never processed for purposes incompatible with those originally declared. The main purposes include:

The administration, operational management, and activation of the user account, allowing personalized access to all available functionalities.

Monitoring of systems to ensure the security of financial transactions and the early identification of suspicious, illicit, or fraudulent activities.

Optimization of the technical architecture and analysis of aggregated data to correct software bugs, improve server stability, and refine the user experience.

Provision of timely and effective customer support service, processing support requests sent through official communication channels.

Sending security updates, important technical notifications, and, only with optional consent, commercial communications about service updates.

Users' personal data are kept within our secure systems only for the time strictly necessary to achieve the purposes for which they were collected, or in accordance with legal requirements.

The criteria used to determine the retention period take into account the duration of the active contractual relationship with the user, the need to maintain historical data for internal audit purposes or legal protection in case of disputes, and the mandatory retention periods imposed by applicable tax and anti-money laundering laws in Italy. Once this period has passed, or in case of acceptance of a legitimate deletion request, the data are permanently deleted or rendered completely anonymous through irreversible IT procedures.

Users' personal data may be communicated to specific external parties, acting as data controllers or independent controllers, exclusively to allow the proper performance of operational activities and integrated services.

These parties include providers of advanced technological services, hosting and server management companies, legal consultants, accredited financial institutions managing payment flows, and providers of statistical analysis platforms. Each provider is selected through rigorous verification processes and contractually commits to process the received data exclusively for the purposes established by the platform, ensuring the application of appropriate technical and organizational data protection measures. Data is not transferred, sold, or disclosed to third parties for independent marketing purposes without user consent.

The management of digital services may, under certain circumstances, involve the transfer of some information outside the borders of the European Economic Area (EEA). If this becomes necessary, the platform adopts all legal, organizational, and technical safeguards prescribed by the relevant regulations to ensure that transferred data enjoys a level of protection equivalent to that guaranteed in Europe.

Such transfers typically occur to third countries recognized as safe through adequacy decisions by competent bodies, or through the signing of approved Standard Contractual Clauses, supplemented by additional technical security measures such as advanced encryption of data flows.

To safeguard personal data from unauthorized access, alteration, improper disclosure, accidental loss, or destruction, we implement a comprehensive suite of enterprise-level security countermeasures.

The adopted protocols include encryption of data in transit and at rest, installation of next-generation firewalls, intrusion detection systems, and strict logical access controls based on the principle of least privilege for authorized internal personnel. Although our efforts to protect the infrastructure are paramount and constantly updated according to the state of the art, the user acknowledges that no data transmission system via the internet or digital storage can be considered one hundred percent secure and that absolute guarantees against unpredictable external cyber breaches cannot be provided.

Current regulations grant users a series of fundamental rights regarding the control of their personal data. Each user has the right to exercise these rights freely and at any time by sending a formal communication to our offices. The recognized rights include:

The right of access, to obtain confirmation of the existence or not of personal data processing and receive a copy.

The right to rectification, to request the update or correction of inaccurate, outdated, or incomplete information.

The right to erasure (right to be forgotten), to request the deletion of one's data when they are no longer necessary for the initial purposes or in case of withdrawal of consent.

The right to restriction, to request the temporary blocking of processing in case of disputes regarding the accuracy of the data or the lawfulness of the process.

The right to data portability, to receive one's data in a structured, commonly used, and machine-readable format, in order to transfer them to another controller.

The right to object, to object at any time to the processing for reasons related to one's specific situation or for direct marketing purposes.

To exercise the rights described above, request clarifications on information processing procedures, or submit requests related to the protection of personal data, users can contact our Data Protection Officer directly. The primary communication channel is the institutional email address:

[email protected]

We will handle every request with the utmost priority, committing to provide a detailed response within the deadlines established by applicable regulations, usually within thirty days of receiving the request and after verifying the identity of the requester to avoid unauthorized communications to third parties.

This Privacy Policy is periodically reviewed to ensure its continuous alignment with changes made to the platform's services and with the evolution of the national and international legal framework. Any substantial variation will be made known through the publication of the updated version within this section of the platform. We advise users to consult this policy regularly to maintain a clear understanding of how their personal information is protected and processed over time.