Information Notice according to article 13 of the Eu regulation no. 679/2016 (“GDPR”)
Below you will find the main information River run: Escape Games, the application of Lancio Entertainment S.p.A. (hereinafter the “App“) for smart devices (smartphones, tablets, etc.) provided pursuant to art. 13 of the EU General data Protection Regulation no. 679/216 and also pursuant to the provisions of Opinion 02/2013 – WP 202 on applications for smart devices adopted by the Working Group of European Data Protection Authorities dated February 27, 2013 (hereinafter the “Opinion“).
River run: Escape Games is an application provided free of charge by Lancio Entertainment S.p.A., Data Controller of the related data processing.
The Opinion released by the Working Group of European Data Protection Authorities requires to Data Controllers to provide users in advance (i.e., before the download and installation phase of the App is completed) with a minimum core of information on the data processing, which is referred hereinbelow.
Data Controller – Contact details.
Lancio Entertainment S.p.A.
Legal seat: Viale Bruno Buozzi, no. 58 – zip code 00197 Rome, Italy
Tel: +39 06 3350644
Fax: +39 06 3350632
Email: [email protected]
(PEC): [email protected]
(Hereinafter also referred to as “LancioE”)
Data Protection Officer (DPO) – Contact details.
Also as required by the Guidelines on Data Protection Officer (RDP / DPO) WP243 / 2016 (“Guidelines”), the contact details of the Data Protection Officer (DPO) are also provided. It must be specified, as permitted by the Guidelines, that the dedicated contact details of the DPO are exclusively represented by his electronic mail address, while the telephone number is generic and not dedicated (the data controller can alternatively indicate either a dedicated email or a dedicated telephone number of the DPO).
As for the telephone number indicated, the user shall be in any case quickly put in contact with the DPO.
Geographical address: Viale Bruno Buozzi, no. 58 – zip code 00197 Rome, Italy
Tel: +39 06 3350644
Dedicated email: [email protected]
Purposes of the processing. Categories of personal data collected by the App and methods of processing.
Allow the download and operation of the App to unauthenticated users.
It is possible for any user to download and browse the App without having to register or authenticate in any other way. In this case, no identification data is collected and processed (neither the user’s identity, nor technical data of the device from which the user can be traced even indirectly, such as for example unique identification codes such as ICCID, IMEI, IMSI, UDID , mobile number, identity of the telephone, i.e. name of the telephone, etc) and the purposes are represented by the need to allow the download and installation of the App and the need to meet the request of the interested party.
Allow the download and operation of the App to authenticated users.
After downloading and installing the App, the user can choose to authenticate to use all the contents offered by the App. In this case, the purposes of the processing are represented by the need to allow the download and installation of the App, the need to implement the authentication procedure and the fulfillment by LancioE of the provision of contents and app’s functions reserved for authenticated users.
The authentication service is completely managed by a third platform, Microsoft’s Playfab, which operates as an independent Data Controller. However, LancioE – according to the technical options made available by Playfab – guarantees that the processing connected to the authentication phase of the user of the App is carried out by Playfab in such a way that neither this nor LancioE collect or process user identification data. The login and authentication method used by Microsoft’s Playfab is in fact totally anonymous, uniquely identifying the device source of the connection to the App without processing or otherwise associating to the device data – technical or personal or other – which may eventually allow the identification, even subsequently, of the natural person. As a result, not only does Microsoft’s Playfab not collect identification data, but LancioE does not access or collect or receive – following authentication – any personal or otherwise identifying data of the user authenticated to the App.
Further, the authentication procedure based on the so-called “social login” via Facebook or Google takes place in such a way as to guarantee the anonymity of the user of the App. The user logs in to the App via Facebook (if he/she has a FB account) or via Google (if he/she has a Google account) and Facebook and / or Google – as separate data controllers – require the user to be authorized to communicate some personal data to Microsoft’s Playfab, according to the options highlighted by Facebook and / or Google as separate data controller. Subsequently, Microsoft’s Playfab – once received the data from Facebook or Google – anonymizes them by creating an account for the user to access the LancioE App in a completely anonymous way, using authentication credentials represented by a unique numeric string technically managed in in such a way as not to allow even indirectly or potentially to trace the identification data communicated by Facebook or Google by association. Following the creation of the anonymous account, all other standard data that Facebook and / or Google should communicate in an ordinary way in all cases of access via social login (e.g.: email, list of friends, and other public data of the profile) are deleted in such a way as not to make any information or personal data accessible to LancioE as possibly processed and communicated by Facebook or Google. LancioE specifies that no technical data of the device is collected, stored or processed, such as, for example, unique identification codes such as ICCID, IMEI, IMSI, UDID, mobile number, telephone identity, i.e., name phone, etc, nor are tracking technologies used. The only access to the user’s device/technical data occurs to allow the installation of the App following the download requested by the user.
Allow the gathering of anonymous statistical data on the use of the App.
Other purposes of the processing pursued by LancioE are represented by the gathering of aggregate data obtained from the App through the collection of anonymous or non-identifying data: the App provides aggregate and completely anonymous statistical reports through analytics functions that highlight some anonymous and aggregated information on the functionalities used by all users (e.g., features of the App, average time spent in the App, etc). For these purposes, the App records and stores some event logs for two weeks (logon, logon failed and timeout) which are anonymized and stored in aggregate mode and deleted after the indicated period.
Excluded, as specified above, the collection of data and / or content stored on the user’s mobile device, LancioE may collect aggregate statistical data for the purpose of improving the App, such as, by way of example, an overview of the first activations or of the number of sessions during which the App was opened for the first time on a device, the total number of new users, their operating systems employed, the version of the app and the country / area, data on traffic sources, aggregated data on the types of main mobile devices used, data on the versions of the operating system on which the App is running, total number of screens displayed per session, screen display order, number of technical errors, including crashes of the App, frequency of users’ return to the App, duration of sessions, loading time of the individual elements of the App, actions on certain specific contents of the App, such as a recommendation on a social network, etc.
LancioE specifies for maximum transparency that the purposes of the processing explained above do not pursue any purpose of profiling users, whose data – as mentioned – are processed anonymously, aggregated and without the possibility of tracing the identity of a specific user.
Dissemination of data to third parties.
Possible third parties who may access/receive technical information/data from the user’s device may be manufacturers of operating systems and devices, app stores, application distributors and telecommunications operators. These subjects – depending on the case and in accordance with the aforementioned Opinion 02/2013 – are not “third parties” but autonomous data controllers who must comply on their own with any data protection rule.
LancioE does not communicate any personal data to third parties, except in the already highlighted case of Microsoft’s Playfab platform.
Modalities through which users can exercise their rights, in terms of revocation of consent and deletion of data.
Users can exercise their rights of access, rectification, cancellation and opposition to the processing of data. Within the App, you can click on the dedicated link to send requests to exercise the rights mentioned above to the single contact point specified in this Information Notice. Furthermore, users always have the possibility to withdraw their consent – where required or mandatory – in a simple and inexpensive way. An interested party can withdraw consent to the processing of data also by uninstalling the App with the consequence of deleting all personal data.
Once the users have been informed about the basic functions of the App, a positive action by the user before the App is downloaded and installed (i.e., click on the “Install” button or similar) satisfies the requirement of acquisition and manifestation of consent.
In the case of the App – based on the provisions of the aforementioned Opinion 02/2013 and of the adopted by the Working Group of European Data Protection Authorities no. 9/2014 on the collection of technical data of and from the device, as illustrated in this statement – it is necessary to gather the user’s consent to allow LancioE (and the Playfab platform of Microsoft) to access the user’s device for the sole purpose of allowing the installation of the App following the download requested by the user on the basis of what LancioE has pointed out in this Information Notice (data then anonymized, as illustrated above). Consent is given by the user through the positive action of clicking on the button or link or other icon to start the download and installation of the App on his/her device.