RORTOS PRIVACY POLICY


Dear User, we are pleased that you have chosen games of Rortos.


Below we present the privacy policy („Privacy Policy”) explaining how we process your personal data, with whom we share these data and how long the data will be stored. You will also learn what rights you have and how you can execute them.


This Privacy Policy applies to electronic services provided by Rortos S. r. l. with its registered seat in (referred to as „Rortos” or „we”) in the form of mobile games, available online on our websites or on third-party websites such as Facebook, in the form of mobile applications, as well as website http://www.rortos.it/ (collectively referred to as „Services”).


Please read the Privacy Policy and the enclosed Terms of Service.


  1. WHO DO YOU SHARE YOUR DATA WITH? MEET THE PERSONAL DATA CONTROLLER


Below we present the name and contact details of the entity acting as the controller of your personal data (the controller is the entity providing the Services; in most cases it is the provider/developer of a given game)

Controller’s name: Rortos S. r. l.

address: Via del Pontiere 11, 37122 Verona VR, Italy


  1. CONTACT US


Contact us and we will do our best to give you a satisfactory reply.

You can do this in three ways:


through the communication channels available on our main website: www.rortos.it

by letter sent to our address provided in clause 1 of the Privacy Policy;

by e-mail: [email protected]


  1. FOR WHAT PURPOSE DO WE PROCESS PERSONAL DATA AND ON WHAT LEGAL GROUNDS?


The main purpose for which we process your personal data is the need to perform the contract you have concluded with Rortos by accepting the Terms of Service. We need your personal data, among others, to manage the game user’s account; enable you to contact other Players, update the Player’s profile and provide other services related to the game. In this case, the legal basis for the processing of your personal data is the necessity to perform the contract (Article 6.1. (b) GDPR).


Your personal data may also be processed for other purposes, such as:


execution of legal obligations related, among others, to in-game payments (legal basis: the necessity to comply with a legal obligation, i.e. Article 6.1. (c) GDPR);

carrying out and verifying payments (legal basis: the necessity to perform a contract, i.e. Article 6.1. (b) GDPR);

Player’s service i.e. answering questions, comments, chat support, provision of technical support (legal basis: legitimate interests in solving the Players’ problems i.e. Article 6.1. (f) GDPR);

conducting marketing activities, including activities based on profiling, i.e. presenting Players with other games of Rortos that may be interesting to them, presenting personalized marketing content (legal basis: legitimate interests in promoting Rortos, i.e. Article 6.1 (f) GDPR);

conducting and organizing competitions (legal basis: legitimate interests in promoting Rortos, i.e. Article 6.1 (f) GDPR);

improving the quality of provided Services, including ensuring an adequate level of game security – sending updates to Players, sending security alerts and other messages from technical support, stopping attacks on systems (legal basis: legitimate interests consisting in ensuring the cyber security of Players, i.e. Article 6.1. (f) GDPR);

development and improvement of Services and Players’ experience (legal basis: legitimate interests in adapting the Services to the Players’ needs, i.e. Article 6.1. (f) GDPR);

determination, investigation and defense against legal claims (legal basis: legitimate interests in providing Rortos with effective legal protection, i.e. Article 6.1. (f) GDPR).


  1. HOW LONG DO WE STORE YOUR PERSONAL DATA?


The storage time of your personal data depends on the purpose for which we obtained them. Above all, we store your personal data for as long as it is necessary to provide our Services to you.


We may also store your personal data for the duration of our legitimate interests in the data processing or until the moment specified by law.

The storage time of your personal data may also be extended if it becomes necessary to protect our rights.


The Player may delete her/his game account at any time. In such a case, we shall delete personal data, except for those we have to store due to legal provisions or our legitimate interests in determining, pursuing and defending against claims.

  1. WHO DO WE SHARE YOUR PERSONAL DATA WITH?


Players’ personal data are not disclosed, except for the situations specified below:


  1. PARTNERS CONTRACTED BY RORTOS


Rortos uses the services of its partners. The partners process the Players’ data only at the request and in accordance with the instructions of Rortos to provide the Services. Our partners are marketing agencies and other entities supporting us in our marketing activities, external IT service providers (including the providers of IT systems), entities supporting us in handling correspondence, entities providing us with consulting, advisory and auditing services as well as entities providing us with legal, tax or accounting support, entities providing postal or delivery services, operators of online payment platforms, entities cooperating with us in the field of sales as well as entities comprising same capital group.


  1. OTHER ENTITIES


We may share information relating to the Player as a consequence of any merger, sale of our assets, financing or acquisition of our business, in whole or in part, by another company. The Player shall be notified by e-mail and/or within the Service of any changes in the ownership or changes of persons using the Player’s personal data.


Social features (such as forums or chats) are key elements of our games. When the Players use these features, other players and users may, for instance, see their profile data, in-game activity data and read the Player’s posts. Information shared by the Player also becomes publicly available – this means that not only may we collect and use the information shared by the Player, but also, in some cases, the information may be collected and used by other persons having access to such information without the User’s knowledge. It is entirely up to the Player what she/he shares with other Players. Rortos does not share any Player data with other Players.


  1. TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA COUNTRIES


Due to the global nature of our Services and, also, in order to provide the Players with the best experience, the Players’ personal data may be transferred to various countries, including countries outside the European Economic Area („EEA”). As different countries may have different data protection laws than in the Player’s country, we take steps to provide appropriate safeguards to protect the data we were provided with.

Appropriate safeguards include in particular:

  1. decisions of the European Commission stating the appropriate level of protection of personal data in a given country,

  2. standard contractual clauses approved by the European Commission.


If necessary, in order to increase the security of personal data, we use additional supplementary measures, such as e.g. encryption, to ensure that the transfer of personal data to a country outside the EEA is secure.


We inform you that at any time you have the option to receive a copy of the security measures we use in the form of an appropriate document. For this purpose, please contact us at: [email protected]


  1. YOUR RIGHTS


The Players have the right to:

  1. demand access to her/his personal data (Article 15 GDPR);

  2. demand the rectification of her/his personal data (Article 16 GDPR);

  3. demand the erasure of her/his personal data (Article 17 GDPR);

  4. demand the restriction of her/his personal data processing (Article 18 GDPR);

  5. demand the transfer of her/his personal data (Article 19 GDPR);

  6. object to the processing of her/his personal data (Article 20 GDPR).


If we process your personal data based on your consent, you have the right to withdraw your consent at any time, which, however, shall not affect the lawfulness of processing based on your consent before its withdrawal. In the event of withdrawal of your consent to the processing of certain data, the User may not be able to use the full functionality of some services or participate in certain activities.


It may happen that deleting all the Player’s data may be technically impossible if these data are linked to the Player’s accounts on other websites, in particular on social networking sites and mobile platform operators.


Also, we’d like to inform that there are several opt-out methods that you may utilize such as opting-out of marketing push notification and other direct marketing or targeted advertising by contacting us directly, or opting-out of receiving promotional communications by simply uninstalling the application software from your device.


You can also opt-out of interest-based advertising on mobile applications by checking the privacy settings of your Android or iOS device and selecting “limit ad tracking” (Apple iOS) or “opt-out of interest-based ads” (Android). For more information, see also: http://www.rortos.it/opting-out/.


The execution of certain rights may be limited by the provisions of law or the controller’s legitimate interests.


If you consider that your rights or the rules for the processing of personal data have been violated, you have the right to lodge a complaint with the competent supervisory authority. The default authority for such a complaint is the Italian Data Protection Authority (Garante per la protezione dei dati personali), address: Piazza Venezia 11 - 00187 Roma (Italy), but such a complaint may also be submitted to any other personal data protection authority in one of the Member States of the European Union.

All the Player’s requests regarding personal data should be addressed to: [email protected]


  1. OBLIGATION TO PROVIDE PERSONAL DATA


Providing us with personal data is a condition for concluding a contract for Services. Obviously, you may decide not to provide us with any data, but then you will have no possibility to use your games. Providing us with other personal data may be necessary, e.g. to carry out the payment process in the game – failure to provide them will prevent the purchase.


  1. COLLECTING DATA ABOUT USERS THROUGH INDIRECT MEANS


If the Player creates or logs in to her/his account using a third-party platform and when she/he chooses to link a third-party tool (e.g. Facebook, Messenger or Google), or when she/he uses the Services (in particular, by playing our games) through any third-party applications, we may come into possession of some of the User’s data that will be provided to us by the provider of the aforementioned third-party applications. The information we obtain depends on the Services used by the User (this applies, in particular, to our game played by the Player), the third-party applications used by the User, the User’s privacy settings and, if applicable, the privacy settings of the User’s friends in third-party applications. We may collect and store some or all of the following information from the provider of the third-party application:

  1. name and surname;

  2. profile picture, Player ID (Facebook ID), which may be associated with publicly available user information (profile picture);

  3. the Player’s friends list and other publicly available data;

  4. e-mail address provided in the respective application belonging to a third party;

  5. the Player’s location and the location of the devices on which the User uses our Services;

  6. gender;

  7. age;

  8. information regarding other activities undertaken through or in third-party applications;

  9. other publicly available data made available in applications belonging to third parties.


We also collect the data regarding the Player’s purchases. If the Player makes any payments, our payment partners collect the billing and payment information necessary to process the Player’s fees. These data may include the Player’s mailing address, her/his e-mail address and financial data. Our payment partners do not share the Player’s financial information with us, such as credit card numbers, but they may share with us non-financial data relating to the Player’s purchases, such as name, surname and purchased items.


If the Player plays our games connected with third-party apps or their platforms (such as Facebook, Apple or Google), all purchases made by the Player will be processed by the respective third-party application and will be subject to the terms of service and privacy policy of the respective third party. Rortos does not come into possession of the Player’s financial data related to the above-mentioned purchases, but may obtain access to the Player’s non-financial information related to the purchases made by her/him, such as the Player’s name and surname and the items purchased by her/him. The type of information we receive depends on the game the Player plays and the third-party application.


  1. PROFILING


When the Player uses our Services, we collect data about her/his interactions with the Website and other players in the game through server logs. In order to display personalized advertisements, tailored to the User’s preferences or needs, ensure the security of our Services and analyze and monitor the use of our Services by the User for such purposes as, for example, improving our games, we may automatically profile and segment all data collected about the User (the information provided by the User may be linked to her/his gamer ID, IP address or device ID). We may also undertake marketing activities related to addressing our personalized offers and benefits to the User. We prepare them by analyzing the User’s data and behavior and, based on them, we undertake activities, e.g. regarding the offer’s content and/or whether to submit a given (special) offer to the User or not. The legal basis for such processing of personal data is the contract for services (execution of the contract) and our legitimate interests.


If the data processing (profiling) is based on our legitimate interests, the User has the right to object to such data processing at any time due to her/his particular situation. In such a case, Rortos is not entitled to process (profile) the User’s data, unless it demonstrates compelling and justified grounds for their processing that override the User’s interests, rights and freedoms, or when the processing is necessary to establish, perform or defend against legal claims.


If we use the User’s data to profile them for direct marketing purposes, the User has the unconditional right to object to such processing at any time. In such a case, the User’s personal data will no longer be processed for such purposes, regardless of our interests, rights and freedoms.


  1. PUSH NOTIFICATIONS IN OUR GAMES


We may send push notifications to Players through our games in order to inform them about game updates and new records, as well as to send other notifications related to the Services that may be significant to the Players. The Player may at any time resign from receiving such notifications by disabling them on her/his device using the settings.


  1. USER DATA SECURITY


In order to help to ensure safe gaming entertainment, we continuously develop and implement administrative, technical and physical security measures to protect the Player’s data from unauthorized access, loss, misuse and alteration.


However, it should be noted that none of these measures guarantee full security of the data provided to us. No server, communications network or data transmission technology over the Internet is 100% secure. Providing us with the data is the User’s decision. In the event such a decision is made, the Player takes the risk of sharing data.


  1. AGE RESTRICTIONS


If you are a minor under 14 years of age, to use our Services we must receive the consent of a parent (or guardian) who authorizes the processing of personal data, at the following e-mail address: [email protected], after reading this “Policy Privacy and cookies” information.

We do not knowingly collect or solicit personal data about or direct or target interest-based advertising to anyone under the age of 14 (or other different age limit per country considered as protected age) or knowingly allow such persons to use our Services. If you are under 14 (or other different age limit per country considered as protected age), please do not send any data about yourself to us, including your name, address, telephone number, or email address.

No one under the age of 14 (or other different age limit per country considered as protected age) may provide any personal data. If we learn that we have collected personal data about a minor under age 14 (or other different age limit per country considered as protected age), we will delete that data as quickly as possible. If you believe that we might have any data from or about a minor under the age of 14 (or other different age limit per country considered as protected age), please contact us at: [email protected].


  1. INTERNET STORAGE TECHNOLOGIES/ MOBILE IDENTIFIERS


We use Internet storage technologies in our games, including mobile identifiers, in order to:

- enable the use of games and their functionalities,

- ensure their safety,

- improve the quality of games,

- conduct analytical activities enabling us to improve our games,

- conduct marketing activities,

- send PUSH notifications to the Players,

- provide the Players with the possibility to communicate with each other,

- carrying out the transactions.


Using online storage technologies is a common practice of mobile game providers. You don’t need to worry about your device’s security – technologies used by us have no negative impact on devices. Also, we don’t use technologies the aim of which is to obtain from you more data than those necessary to provide our services.


You can write to us at any time to learn more about the technologies we use in our games.


  1. USE OF COOKIES

What are cookies?

Cookies are small text files that the sites visited by users send to their terminals, where they are stored and then retransmitted to the same sites on the next visit. The cookies of the so-called “third party” are, instead, set by a Website other than the one the user is visiting. This is because on each site can be present elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than that of the visited site.


What are cookies used for?

Cookies can be used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations concerning users accessing the server, storing preferences, etc.


Cookie Policy

The site (www.rortos.it) uses cookies to make its services simple and efficient for users who view the pages of this site.

Users who view www.rortos.it site will see minimal amounts of information inserted in the devices in use, which are computers and Mobile devices, in small text files called “cookies” saved in the directories used by the user’s web browser.

There are various types of cookies, some to make the use of the site more effective, others to enable certain features.


How can I disable cookies and manage user preferences?

We inform you that you can authorize, limit or block cookies through your browser settings. However, we remember that disabling navigation or functional cookies can cause malfunction on websites and / or limit the service that we offer.

For more information on cookies and to manage your preferences on third-party profiling cookies, please visit the website of your browser.


We inform you that, at any time, you can obtain information on third-party cookies and you can authorise, limit or disable these cookies by consulting the information and using the relative consent form, if present, made available by the third parties (see par. XVI).



  1. TYPES OF COOKIES USED AND RELATED PURPOSES


  1. Technical cookies

These cookies, always sent by the domain www.rortos.it, are necessary to correctly view the site and in relation to the technical services offered, they will therefore always be used and sent, unless the user changes the settings in the browser (thus affecting viewing the site pages).

Their use is not instrumental to the collection of personal identification data of users, but to improve navigation, such as returning to the same page if the internet connection is lost; or remember the preferences selected by the user while browsing.


  1. Statistics

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”).

Google uses the personal data collected for the purpose of tracking and examining the use of this online space, compiling reports and sharing them with other services developed by Google.

Google may use personal data to contextualize and personalize the advertisements of its advertising network. Personal Data collected: statistical navigation data.

Place of treatment: USA

Privacy Policy: https://policies.google.com/privacy?hl=en-US


  1. Other types of Cookies or third-party tools that may install them

Facebook social widgets (Facebook, Inc.)

are services of interaction with the social network Facebook, provided by Facebook, Inc. Personal Data collected: Cookies and Usage Data

Place of processing: USA

Policy privacy: https://www.facebook.com/policy.php


Twitter social widgets (Twitter, Inc.)

Social widgets are services of interaction with Twitter social network, provided by Twitter, Inc. Personal Data Collected: Cookies and Usage Data.

Place of processing: USA

Policy privacy: https://twitter.com/en/privacy


YouTube Video Widgets (Google Inc.)

YouTube is a video content display service managed by Google Inc. that allows this application to integrate such content within its pages.

Personal Data collected: Cookies and Usage Data

Place of processing: USA

Privacy Policy: https://policies.google.com/privacy?hl=en


Instagram widgets (Instagram, Inc.)

Is an image visualization service provided by Instagram, Inc. that allows this site to incorporate content of this kind on its pages.

Personal Data collected: Cookie and Usage data.

Place of processing: USA

Privacy Policy: https://help.instagram.com/519522125107875


Discord

Discord, Inc. provides a social online and mobile chat platform via the Discord website, the Discord application (the “App”) and related Internet services. The Service is operated by Discord, Inc.

Personal Data collected: Cookie and Usage data.

Place of processing: USA

Privacy Policy: https://discord.com/privacy

For more information on the Italian legislation regarding cookies visit: www.garanteprivacy.it/cookie.


  1. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS.


This paragraph supplements the information contained in the “Privacy Policy and Cookies” of RORTOS S.r.l. and applies only to California residents, defined as “consumers”, pursuant to the California Consumer Privacy Act of 2018 (” CCPA“).

RORTOS S.r.l., in fully complying with EU Regulation 2016/679, guarantees, even to citizens residing in the State of California, more restrictive privacy protections than the provisions of the aforementioned CCPA.

All general information in the previous paragraphs remains valid and in particular the categories of data processed (“The Data we collect”), the purposes of the processing (“Why we collect your data”), the recipients of the data or who contribute to the treatment (“Who can see your data”).

It also specifies the following.

The CCPA grants rights to California consumers:

  1. The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;

  2. The right to delete personal information held by businesses and by extension, a business’s service provider;

  3. The right to opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.

  4. The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA. 


A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following:

  1. The categories of personal information it has collected about that consumer.

  2. The categories of sources from which the personal information is collected.

  3. The business or commercial purpose for collecting or selling personal information.

  4. The categories of third parties with whom the business shares personal information.

  5. The specific pieces of personal information it has collected about that consumer.

  6. RORTOS S.r.l. does not directly sell the aggregate personal data of consumers.


RORTOS S.r.l. sells advertising space, within its applications/games, to commercial partners, who can collect consumer data, in order to offer targeted offers or resell information, which contain the consumer’s personal data, to third parties.

The commercial partners of RORTOS S.r.l., independently determine the purposes and methods of the treatments and are required to guarantee the rights and privacy protections compliant with the applicable regulations.

The complete list of partners is shown in this document, users are invited to read their respective “Privacy Policies”.


Consumer rights under the California Consumer Privacy Act

Art. 1798.120.(a) A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt out.


(b) A business that sells consumers’ personal information to third parties shall provide notice to consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that consumers have the right to opt out of the sale of their personal information.


(c) A business that has received direction from a consumer not to sell the consumer’s personal information or, in the case of a minor consumer’s personal information has not received consent to sell the minor consumer’s personal information shall be prohibited, pursuant to paragraph (4) of subdivision (a) of Section 1798.135, from selling the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s personal information.


(d) Notwithstanding subdivision (a), a business shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information. A business that wilfully disregards the consumer’s age shall be deemed to have had actual knowledge of the consumer’s age. This right may be referred to as the “right to opt in.”


Art. 1798.135.

(a) A business that is required to comply with Section 1798.120 shall, in a form that is reasonably accessible to consumers:

(1) Provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information”, to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information. A business shall not require a consumer to create an account in order to direct the business not to sell the consumer’s personal information.

(2) Include a description of a consumer’s rights pursuant to Section 1798.120, along with a separate link to the “Do Not Sell My Personal Information” Internet Web page in:

(A) Its online privacy policy or policies if the business has an online privacy policy or policies.

(B) Any California-specific description of consumers’ privacy rights.

(3) Ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Section 1798.120 and this section and how to direct consumers to exercise their rights under those sections.

(4) For consumers who exercise their right to opt out of the sale of their personal information, refrain from selling personal information collected by the business about the consumer.

(5) For a consumer who has opted out of the sale of the consumer’s personal information, respect the consumer’s decision to opt out for at least 12 months before requesting that the consumer authorize the sale of the consumer’s personal information.

(6) Use any personal information collected from the consumer in connection with the submission of the consumer’s opt-out request solely for the purposes of complying with the opt-out request.

(b) Nothing in this title shall be construed to require a business to comply with the title by including the required links and text on the homepage that the business makes available to the public generally, if the business maintains a separate and additional homepage that is dedicated to California consumers and that includes the required links and text, and the business takes reasonable steps to ensure that California consumers are directed to the homepage for California consumers and not the homepage made available to the public generally.

(c) A consumer may authorize another person solely to opt out of the sale of the consumer’s personal information on the consumer’s behalf, and a business shall comply with an opt out request received from a person authorized by the consumer to act on the consumer’s behalf, pursuant to regulations adopted by the Attorney General.

To exercise the rights illustrated above, we invite the consumer to send an e-mail to [email protected] with the subject “Request Rights provided by CCPA”.


RORTOS S.r.l. can provide services, including apps with simulators and video games, thanks to the financial support that its business partners recognize. The player or his/her parent / guardian on behalf of the minor, can interrupt the processing of his/her personal data for commercial purposes at any time but in this case RORTOS S.r.l. cannot guarantee services under the same economic conditions.


  1. UPDATES


We may update this Privacy Policy by posting its new versions on the website and in the relevant games. If we make any material modifications, we shall inform the Player about this fact by notification in the Service before the modification comes into force. Further use of the Service after the modifications become effective will be subject to the updated Privacy Policy.


Last update: 13.03.2023