Last update: 01/02/2023
UNDO Studios SA, Via F. Pelli 13, 6900 Lugano, Switzerland (the “Company”), collects Personal Data (as defined below) in compliance with the applicable law and regulations, in particular the Swiss Federal Act on Data Protection (“FADP”) as well as the General Data Protection Regulation (EU/2016/679) (“GDPR”) (together “Data Protection Law”).
Pursuant to the Data Protection Law, the following capital terms shall have the meaning indicated here below:
“Personal Data” means any information relating to an identified or identifiable natural or legal person;
“Processing” means any operation or set of operations, performed whether or not by automated means which are applied to Personal Data or sets of Personal Data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. What personal information we collect
We collect different information depending on how you use the site and how you interact with us.
The Company collects personal data on different ways:
a) via the game site we may collect data which include:
- Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the site;
- Usage data, which includes information about how you use the site, and any communications we may receive from you;
- Marketing and communications data, including your preferences in receiving marketing and other communications from us.
b) via the user managing portal we ask you to provide data which include:
- Identity information, such as name, date of birth, gender.
- Contact data, such as phone and email.
Our site is not intended for storing or ‘special categories’ of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information.
2. How we collect personal data
Different personal data are collected in different ways.
a) Personal data you provide to us:
- When you complete the user managing portal, you will provide us with the information required. This data are collected via direct solicitation;
- You will also provide us with personal data when you correspond with us, and if you apply for a position with the firm;
- If you play a game and you are eligible to win a prize, you might be asked for personal data to claim the challenge rewards. We treat any information you send to us as strictly private and confidential and will only use it in order to give/send you the prizes;
- When you sign up to one of our mailing lists, you will provide us with your contact information and your marketing preferences.
b) Personal data we collect automatically
- As you use the site, we will collect certain technical data including your browser type, the Internet Protocol (IP) address used to connect your computer to the internet, and your usage habits, patterns and preferences. We collect this data using cookies, beacons and similar technologies. We use Google Analytics to help us analyse user habits while visiting our site. The data gathered from cookies may be transmitted to Google servers in the European Union and Switzerland. The information will be used by Google only for the purpose of evaluating website use, creating website activity reports, and other services relating to website activity and internet usage on behalf of the Companies. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.
We use the following cookies:
Cookie name What it is used for
Google Analytics, Firebase Website analytics and visitor tracking
Cloudfare Website security and access control
You can remove cookies from your computer through the settings on your browser, but be aware that this may impact your ability to make use of some features on this and other websites. Management of cookie settings varies from one browser to another.
3. How and why we use personal data
We will only use your information where:
a) You have given us permission to do so
- If you sign up to our mailing lists, we will use the personal data in the management of our relationship with you and for communication purposes, including to send you newsletters and invitations to events, training programs or lectures, and to maintain our list of contacts;
- If you apply for a position with the Companies, we treat any information you send to us as strictly private and confidential and will only use it in relation to the applications you have submitted;
- If you play a game and you are eligible to win a prize, you might be asked for personal data to claim the challenge rewards. We treat any information you send to us as strictly private and confidential and will only use it in order to give/send you the prizes.
b) We have a legitimate interest (reasonable business purpose) for doing so
- We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights;
- We will use your identity, contact and usage information to keep our records up to date;
- We will use your technical information to:
– provide and make improvements to the site, system maintenance, support, reporting and hosting of data, and troubleshooting;
– ensure that the site is secure;
– analyse how users interact with the site; and
– address any issues you may experience with the site.
- We may also use any or all of the information above to administer and manage our business in general. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.
c) We need to comply with a legal or regulatory obligation
- In certain circumstances, we may need to retain or use your data to comply with regulations and/or the law.
- We will only retain this data for as long as is necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements.
4. How we share your personal data
We will only disclose your personal data where we are required to do so to comply with our legal or regulatory obligations; where we need to do so for business management or administration purposes; or because you have asked us to. This is likely to include:
- within the Company;
- to third parties who process your personal data on our behalf (such as IT systems providers and other service providers) or on behalf of the party which organized on our platform an event or a challenge in which you participated by winning a price (e.g. sending the price you won to your domicile);
- to third parties who process your personal data on their own behalf but in connection with a service provided to us or you on our behalf (such as accountants, consultants, barristers and other providers of professional services, and in the case of disputes, with the Court or alternative dispute resolution providers);
- to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation.
5. International transfers of personal data
Should we transfer your data outside Switzerland or the European economic Area to a country which Switzerland or the European Commission does not deem to have adequate data privacy laws, we will ensure that such transfer(s) are in accordance with applicable data privacy laws.
6. How we protect your personal data
The safety of your personal data is important to us, and we use various technical and organization measures to ensure that your data are secure.
We are committed to safeguarding and protecting personal data and maintain appropriate technical and organizational measures to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure. We also have in place safeguards including data encryption in motion and at rest, data access and security monitoring, and 24/7 network security monitoring for breaches or anomalous behavior to ensure the security of your data.
7. What are the measures we take when privacy breach is detected?
We take several urgent steps when a data breach is detected: the first is to record the date and time of detection as well as all information known about the incident at the moment.
The person who discovered the breach immediately reports to those responsible within the organization.
Security officers also restrict access to breached information to prevent the further spreading of leaked data.
Then, we proceed with the following 10 steps:
1. Document the date and time the data breach was discovered
2. Notify the response team
3. Isolate the location of the data breach
4. Stop additional data loss
5. Gather all possible data about the breach
6. Interview the people who discovered the breach
7. Perform a risk assessment
8. Document the investigation of the breach
9. Begin an in-depth investigation
10. Notify regulators and affected parties
8. Data subject rights
Under Data Protection Law, data subjects have a number of rights with regard to their personal data. They have the right to request from us access to and rectification or erasure of their personal data, the right to restrict or object to processing, as well as in certain circumstances the right to data portability.
If a data subject has provided consent for the processing of their data, he or she has the right (in certain circumstances) to withdraw that consent at any time.
Any data subject wishing to exercise any of the above rights should email us at: email@example.com.
We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests. We also reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning access to personal data, and for any additional copies of the personal data requested from us.
9. Data Controller and representative in the European Union
The Data Controller is UNDO Studios SA – Lugano.
The representative within the union is UNDO Studios IT Srl – Milano.
10. AR TrueDepth APIs & Face recognition
We use TrueDepth APIs to recognize the user’s face through face tracking and place a sticker on the face. The information is not saved or used by us or third parties, the only result is a photo or video that the user can save in his personal roll or share.