Privacy Policy
Last update: 11/11/2024
UNDO Studios SA, Via Balestra 12, 6900 Lugano, Switzerland (hereinafter referred to as "the Company"), is committed to protecting the privacy of its users and handling their personal data in accordance with applicable laws and regulations, particularly the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (EU) 2016/679 (GDPR) (collectively referred to as the "Data Protection Laws").
Definitions
For the purposes of Data Protection Laws, the following capitalized terms shall have the meanings set forth below:
- "Personal Data": Any information that relates to an identified or identifiable natural person.
- "Processing": Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, use, disclosure, alteration, or destruction of data.
This Privacy Policy applies where the Company collects and/or processes Personal Data in its capacity as a data controller and uses that data in its capacity as a data processor.
1. Information we collect
We collect different information depending on how you use the site and how you interact with us.
The Company collects personal data on different ways:
a) Data Collected via the Game Site
We may collect information that includes:
- Technical Data: Your IP address, browser type and version, time zone settings, location, browser plug-in types and versions, operating system, and other technologies used on the devices you use to access the site.
- Usage Data: Information about how you use the site, including any communications we may receive from you.
- Marketing and Communication Data: Your preferences for receiving marketing communications from us.
b) Data Collected via the User Management Portal
When you interact with our portal, we ask for the following information:
- Identity Information: Name, date of birth, gender.
- Contact Information: Phone number and email address.
We do not collect "special categories" of personal data, such as race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, union membership, or health information.
2. How we collect personal data
Personal Data is collected in various ways:
a) Personal Data You Provide to Us
- When you complete the user managing portal, you will provide us with the information required. This data are collected via direct solicitation;
- You will also provide us with personal data when you correspond with us, and if you apply for a position with the firm;
- If you play a game and you are eligible to win a prize, you might be asked for personal data to claim the challenge rewards. We treat any information you send to us as strictly private and confidential and will only use it in order to give/send you the prizes;
- When you sign up to one of our mailing lists, you will provide us with your contact information and your marketing preferences.
b) Personal Data We Collect Automatically
- As you use our website, we collect technical data, such as your IP address and browser type, through cookies, beacons, and similar technologies (e.g., Google Analytics, Firebase). The data collected via cookies may be transferred to Google servers in the European Union and Switzerland. Your IP address will not be associated with any other data held by Google.
You can manage your cookie settings in your browser, but be aware that this may affect your ability to use certain features on this and other websites.
3. How and why we use personal data
We will only use your information where:
a) Consent
- If you sign up to our mailing lists, we will use the personal data in the management of our relationship with you and for communication purposes, including to send you newsletters and invitations to events, training programs or lectures, and to maintain our list of contacts;
- If you apply for a position with the Companies, we treat any information you send to us as strictly private and confidential and will only use it in relation to the applications you have submitted;
- If you play a game and you are eligible to win a prize, you might be asked for personal data to claim the challenge rewards. We treat any information you send to us as strictly private and confidential and will only use it in order to give/send you the prizes.
b) Legitimate Interests
- We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights;
- We will use your identity, contact and usage information to keep our records up to date;
- We will use your technical information to: I) provide and make improvements to the site, system maintenance, support, reporting and hosting of data, and troubleshooting; II) ensure that the site is secure; III) analyse how users interact with the site; and IV) address any issues you may experience with the site.
- We may also use any or all of the information above to administer and manage our business in general. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.
c) Legal Obligations
- In certain circumstances, we may need to retain or use your data to comply with regulations and/or the law;
- We will only retain this data for as long as is necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements.
4. Sharing your personal data
We will only disclose your Personal Data in the following circumstances:
- within the Company for internal business purposes.;
- With third parties who process personal data on our behalf (such as IT systems providers and other service providers) or on behalf of the party which organized on our platform an event or a challenge in which you participated by winning a price (e.g. sending the price you won to your domicile);
- With third parties who process data on their own behalf, but in connection with services provided to us or you, such as in the case of legal disputes, courts, or alternative dispute resolution bodies.
5. International transfers of personal data
Should we transfer your data outside Switzerland or the European economic Area to a country which Switzerland or the European Commission does not deem to have adequate data privacy laws, we will ensure that such transfer(s) are in accordance with applicable data privacy laws.
6. How we protect your personal data
We take the security of your Personal Data seriously and implement various technical and organizational measures to ensure that your data is protected.
We are committed to safeguarding your data from unauthorized access, accidental loss, destruction, or damage, and use measures such as data encryption, access control, security monitoring, and 24/7 network security monitoring to ensure its security.
7. What happens in the Event of a Data Breach?
In the event of a Personal Data breach, we will take immediate steps:
- Document the date and time the breach was discovered.
- Notify the response team.
- Isolate the breach location to prevent further exposure.
- Gather as much information as possible about the breach.
- Conduct a risk assessment and document the investigation.
- Notify the relevant regulatory authorities and affected individuals, if necessary.
8. Data subject rights
Under Data Protection Laws, you have the following rights regarding your Personal Data:
- Access to your Personal Data.
- Rectification or erasure of your Personal Data.
- Restriction of processing of your Personal Data.
- Objection to the processing of your Personal Data, particularly for marketing purposes.
- Data portability in certain circumstances.
If you have provided consent for processing, you may also withdraw your consent at any time (subject to legal limitations).
To exercise any of these rights, please email us at dpo@thenemesis.io.
We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests. We also reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning access to personal data, and for any additional copies of the personal data requested from us.
9. Data Controller and representative in the European Union
The Data Controller is UNDO Studios SA - Lugano.
The representative within the union is UNDO Studios IT Srl - Milano.
10. AR TrueDepth APIs & Face recognition
We use TrueDepth APIs to recognize the user's face through face tracking and place a sticker on the face. The information is not saved or used by us or third parties, the only result is a photo or video that the user can save in his personal roll or share.
11. Changes to this Privacy Policy
We may update this Privacy Policy periodically. We will notify you of any substantial changes, and the updated date will always be indicated at the top of this page. Please review this policy regularly to stay informed about any changes.