THE SPACE MALL S.R.L.S., with its registered office in Rome (hereinafter referred to as the “Data Controller”), as the data controller, informs you, pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as the “GDPR”), that your personal data will be proces- sed by employees and collaborators of THE SPACE MALL S.R.L.S.
All employees of THE SPACE MALL S.R.L.S. and other individuals who have access to your data operate under the direct authority of the Data Controller and Data Processors, have been appointed as data processors, have been trained, and have received appropriate opera- tional instructions.
The Data We Process
The Data Controller processes personal data, including non-sensitive identification data, in particular, name, surname, tax code, VAT number, email address, phone number, bank details, credit card information, wallet number – hereinafter referred to as “personal data” or simply “data.” Data derived from cookies.
When Data Collection Occurs
The Data Controller processes personal data, including non-sensitive identification data (in particular, name, surname, tax code, VAT number, email address, phone number, bank details, credit card information, wallet number – hereinafter referred to as “personal data” or simply “data”), provided by you during:
The purchase of THE SPACE MALL Coin (TSM) Tokens. Any requests for services and products.
Support through our assistance channels.
Browsing our website.
In case you have given consent to other companies to share your data or if your infor mation is publicly available.
The Purposes of the Processing
The processing of data will be carried out to allow the performance of activities related to the establishment and management of the requested service to the data controller. This includes activating the signed contract, managing your requests, providing additional services related to the signed contract, sending commercial communications, fulfilling a legal obligation, satisf- ying customer needs, and processing requests from job applicants.
The same data will be processed lawfully, fairly, and with the utmost confidentiality, mainly using electronic and computer tools and stored both on computer media and on paper or any other suitable support, in compliance with the minimum security measures as provided for by the Code and the Regulation.
How the Processing is Carried Out
The processing of your personal data is carried out through the operations indicated in Article 4(2) of the GDPR, namely: collection, recording, organization, storage, consultation, proces- sing, modification, selection, extraction, comparison, use, interconnection, blocking, commu- nication, erasure, and destruction of data. Your personal data is subject to both paper-based and electronic and/or automated processing.
In particular, they are processed for:
Management of the requested service.
Provision of the service.
Requesting information and resolving any issues. Service messages.
Commercial communications via phone, SMS, fax, email, postal mail, and through the website.
Receiving information and commercial offers.
Responding to reports or inquiries.
Detecting fraud, damages, and credit recovery.
The Data Controller will process personal data for the time necessary to fulfill the aforemen- tioned purposes and in any case, not exceeding 10 years from the termination of the rela- tionship for Service Purposes and not exceeding 2 years from the data collection for Marke- ting Purposes.
Who Your Data is Disclosed To
Your data may be made accessible, once you have given your consent, for the aforementio- ned purposes, to:
Employees and collaborators of the Data Controller or THE SPACE MALL S.R.L.S companies of which the Data Controller is a part, in their capacity as internal processors and/or system administrators.
Third-party companies or other entities (e.g., website management and maintenance provi- ders, suppliers, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, as external processors.
Entities, professionals, companies, or other structures entrusted by us with processing ac- tivities related to the fulfillment of administrative, accounting, and management obligations related to the ordinary course of our business.
Public authorities and administrations for purposes connected to the fulfillment of legal obli- gations.
Banks, financial institutions, or other entities to which the transfer of such data is necessary for the performance of our company’s activities in relation to the fulfillment of contractual obligations towards you.
Without your explicit consent, the Data Controller may communicate your data to supervisory bodies, judicial authorities, and all other subjects to whom communication is mandatory by law for the fulfillment of said purposes. Your data will not be disclosed.
Data Transfer Abroad
The management and storage of personal data will take place on servers located within the European Union owned by the Data Controller and/or third-party companies appointed as Data Processors. The servers are located in ITALY. The data will not be transferred outside the European Union. It is understood, however, that the Data Controller, if necessary, has
the right to move the location of the servers within Italy and/or the European Union and/or non-EU countries. In such cases, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, by entering into, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
Nature of Data Provision for the Provision of Requested Services
The provision of data for the purposes of processing is mandatory. In their absence, we will not be able to guarantee the requested service relationship.
Nature and Provision of Data for Marketing Activities
Consent to the processing of data for marketing activities is optional and can be separately expressed and will remain valid until revoked by you.
At any time, you can exercise, in accordance with Articles 15 to 22 of EU Regulation No. 2016/679, the following rights:
Withdraw consent at any time: You can revoke your previously expressed consent to the pro- cessing of your personal data.
Object to the processing of your data: You can object to the processing of your data when it is based on a legal basis other than consent.
Access your data: You have the right to obtain information about the data processed by the Data Controller, certain aspects of the processing, and receive a copy of the processed data. Verify and request rectification: You can verify the accuracy of your data and request its up- date or correction.
Obtain the restriction of processing: When certain conditions are met, you can request the limitation of the processing of your data. In this case, the Data Controller will not process the data for any other purpose than their storage.
Obtain the erasure or removal of your personal data: When certain conditions are met, you can request the erasure of your data by the Data Controller.
Receive your data or have them transferred to another controller: You have the right to re- ceive your data in a structured, commonly used, and machine-readable format, and, where technically feasible, to have them transferred to another controller without hindrance. This provision is applicable when the data is processed by automated means and the processing is based on your consent, a contract in which you are a party, or contractual measures connec- ted to it.
Lodge a complaint: You can lodge a complaint with the competent data protection authority or take legal action.
How We Protect Your Data
This section describes the measures taken to ensure:
Protection of the areas and premises where the processing of personal data takes place. Proper storage and custody of documents and media containing personal data.
Logical security within the use of electronic tools.
The measures that the Data Controller has already adopted at the time of data access, as well as any additional measures aimed at increasing the security of data processing, are des- cribed.
Measures adopted for the integrity and availability of data:
a. Written appointment of personnel. b. Instructions for data processing.
c. Controlled access.
d. Locked cabinets.
e. Procedure for modifying credentials.
f. Company policies.
h. Written appointment of external controllers.
a. Authentication. b. Authorization. c. Separation.
f. Business continuity. g. Disaster recovery.
Revocation of consent, data modification, right to object:
At any time, you can revoke your consent and modify your privacy settings. You can also ob- ject to the processing of your data by us.
How to contact us:
You can exercise your rights at any time by sending an email to: [email protected]
Data Controller, Data Processor, and Data Handlers:
Data Controller: Jeannette Del Rocio Flores Cisneros.
Data Processor and Data Handlers: The updated list is kept within the Data Controller’s premi- ses.
INFORMATION PURSUANT TO ARTICLE 13 OF EU REGULATION NO. 2016/679 WEBSITE CUSTOMERS
Dear _______________________________________________________________________ ____________,
EU Regulation 2016/679 protects the confidentiality of personal data and imposes a series of obligations on those who “process” personal information relating to other individuals.
One of the most important requirements imposed by the law is to inform the individuals con- cerned and, where prescribed, obtain their consent for the processing, especially for proces- sing activities in which the data must be communicated to other parties.
In light of the above, therefore, we inform you, pursuant to Article 13 of the aforementioned EU Regulation, that THE SPACE MALL S.R.L.S., with registered office in Rome, as the Data Controller, collects and processes data concerning you/your company.
1) Nature of the processed data and purposes of the processing: Your data, such as name, surname, place of birth, date of birth, residence, telephone contact, tax code, VAT number, bank details, credit card information, and Wallet Number, are processed for purposes related to the purchase of THE SPACE MALL Coin (TSM) tokens and any requests for services and products, in order to help realize The Space Mall project. We will respond to your inquiry via mail and the website.
2) Processing methods: The processing will be carried out both manually and electronically, while observing all the necessary precautions to ensure the security and confidentiality of the information. The Data Controller will process personal data for the time necessary to fulfill the above-mentioned purposes and, in any case, they will be kept for a maximum period of 10 years.
3) Data disclosure: Your data may also be disclosed to third parties, exclusively for technical and operational needs strictly connected to the aforementioned purposes, and in particular to the following categories of subjects:
a) Entities, professionals, companies, or other structures appointed by us to perform proces- sing activities related to the fulfillment of administrative, accounting, and management obliga- tions associated with the ordinary conduct of our business.
b) Public authorities and administrations for purposes connected to the fulfillment of legal obligations.
c) Banks, financial institutions, or other entities to which the transfer of the aforementioned data is necessary for the performance of our company’s activities in relation to the fulfillment of contractual obligations towards you.
4) Nature of data provision: The provision of your data is not mandatory, but it is necessary for the proper fulfillment of pre-contractual and contractual obligations and, in general, to ful- fill all the obligations required by law. In case of refusal to provide the data necessary for the above-mentioned obligations, we will not be able to provide you with the requested services.
5) Rights of the data subject: At any time, you may exercise, in accordance with Articles 15 to 22 of EU Regulation No. 2016/679, the right to:
a) request confirmation of the existence or non-existence of your personal data;
b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be dis- closed, and, when possible, the retention period;
c) obtain the rectification and erasure of data;
d) obtain the restriction of processing;
e) obtain data portability, meaning to receive them from the data controller in a structured, commonly used, and machine-readable format and transmit them to another data controller without hindrance;
f) object to the processing at any time, including processing for direct marketing purposes;
g) object to an automated decision-making process concerning individuals, including profiling. h) request access to personal data from the data controller and the rectification or erasure of such data or the restriction of their processing, as well as the right to data portability;
i) withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal;
j) lodge a complaint with a supervisory authority.
6) Exercise of rights: You may exercise your rights at any time by sending an email to the following address: [email protected].
7) Data controller, data processors, and authorized personnel:
Data controller: Jeannette Del Rocio Flores Cisneros
Data Processor and Data Processors: The updated list is kept at the data controller’s head- quarters.
The Data Controller/Data Processor