PRIVACY POLICY – Art. 13 et seq. GDPR 2016/679

This Privacy Policy describes the processing of personal data collected on the company website in accordance with Articles 13 and 14 of the GDPR 2016/679.

1) Personal information we collect

Personal information may include: your contact details; personal characteristics, nationality, identification document number and date and place of issuance; activities carried out, payment information such as payment card number and other card details, as well as authentication information.

2) Purpose of processing

The processing of data is aimed at the following purposes:
– managing relationships with users of the website, including product purchases.
The processing of personal data that, pursuant to Article 9 of GDPR 2016/679, reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health, sexual life or sexual orientation is excluded.

3) Additional purposes

The IT systems and software procedures responsible for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (success, error, etc.), and other parameters related to the user’s operating system and IT environment.
These data are used solely to obtain anonymous statistical information on the use of the site and to check its proper functioning and are deleted immediately after processing.
The data may also be used to ascertain liability in the event of hypothetical computer crimes against the website.

4) Data Controller Identity

This site is managed by the Data Controller, the legal representative of the company, or, on its behalf, by a third party appointed as Data Processor pursuant to Article 28 of GDPR 2016/679.
The Data Controller ensures the security, confidentiality, and protection of the data in its possession at every stage of the data processing process.
The collected data is used in compliance with current privacy legislation (GDPR 2016/679 and Legislative Decree 196/2003).

5) Place of Processing

The data will be processed by the Data Controller at its operational headquarters or at the headquarters of a third party appointed as Data Processor pursuant to Article 28 of GDPR 2016/679.

6) Nature of Data Provision

For the purposes referred to in point 2) of this information notice, the provision of data is mandatory for the use of the services provided by Actainfo.
For the purposes referred to in point 3) of this information notice, the provision of data is optional and does not prevent the provision of the requested services.

7) Refusal to Provide Data

The data subject may refuse to provide their browsing data to the Data Controller.
To do so, they must disable cookies by following the instructions provided by the browser in use.
Disabling cookies may impair the navigation of the site’s features.

8) Data Recipients

The data is processed by personnel specifically authorized and/or formally appointed in writing for data processing (administrative staff), IT system management staff who may also perform system administrator functions, and web management staff.
The data provided by the user may be disclosed to entities that have a legal obligation to communicate or a need to communicate to assert a legitimate right.

9) Data Retention Period

The data is processed for the time strictly necessary to carry out the service requested by the user or required by the purposes described in this document.
The user may always request the cessation of processing or the deletion and/or restriction of data at any time.

10) Data Transfer

The Data Controller does not transfer personal data to third countries or international organizations.

11) Consent Withdrawal

Pursuant to Article 6 of GDPR 2016/679 and Article 23 of Legislative Decree 196/2003, the data subject may withdraw consent at any time.

12) Rights of Data Subjects

With reference to Articles 15 “right of access,” 16 “right to rectification,” 17 “right to erasure,” 18 “right to restriction of processing,” 20 “right to data portability,” and 21 “right to object to automated decision-making” of GDPR 2016/679, the data subject may exercise their rights by writing to the Data Controller.

13) Filing a Complaint

The data subject, pursuant to Article 77 of GDPR 2016/679, has the right to file a complaint with the supervisory authority of the country of residence.

14) Automated Decision-Making

The Data Controller does not carry out processing involving automated decision-making as referred to in Article 22, paragraphs 1 and 4 of GDPR 2016/679.

The service is provided by Cards4Game srl at:
Legal Office: Viale Marche, 22 • 64026 Roseto degli Abruzzi (TE)
Operational Office: Via Beccaria, 2 – Fraz. Casemolino • 64020 Castellalto (TE)
Tel: +39 338 8878294 • Email: cards4gamesrl@gmail.com • PEC: cards4game@pec.it

The Data Controller is Cards4Game srl.