Information on the processing of personal data
of users who consult and/or browse the website
The following privacy rules – to be understood also as information pursuant to art. 13 of the European Regulation 2016/679 “General Data Protection Regulation” – have the purpose of describing the procedures for the collection and use of personal data through this website and are aimed at users and users of the web services of XMetaReal Italia Srl, accessible for electronically from the address:
corresponding to the home page of the official website of the Company.
However, the information is not applicable to other websites that may be consulted by the user, via links contained on the xmetareal.com website.
Data Controller and Data Processor
The “Data Controller” is the Company XMetaReal Italia Srl, with registered office in Via Mascheroni n. 14 – Milan and Operational Headquarters in Via Cassala n. 57 – Milan, in the person of the pro tempore legal representative domiciled at the Company’s headquarters (hereinafter the “Owner”).
The Data Controller may appoint other subjects as “Data Processors” (hereinafter the “Data Processors”), as well as persons in charge of processing operations.
Pursuant to art. 37 of the GDPR, the Company has appointed the “Data Protection Officer” (hereinafter “Data Protection Officer – “DPO”), in the person of Dr. Cosimo Calabrese.
You can contact the Data Controller and the DPO at the following email address: firstname.lastname@example.org.
Type of data processed
For the purposes indicated below, the user will be asked to provide some personal identification and contact data (those indispensable for the provision of the specific service will be marked with an asterisk).
These are data provided directly and voluntarily by the interested party requesting the service.
No particular category data will be collected and processed.
Purpose of data processing
The collection and processing of data are carried out in order to:
A. check the requests made by the interested party and provide the requested services; for example:
- in the “Contact Us” area, the name, e-mail address and telephone number are requested;
- in the request to receive the “Newsletter”, the e-mail address is requested;
- within specific forms referring to events or initiatives in the world of the metaverse, identification or contact data will be requested.
For the data in the “Contact Us” area, in accordance with art. 6 of the GDPR, the legal basis of the processing is the fulfillment of the services requested by the user (par. 1 letter b)).
For other cases of personal data processing, please refer to the specific information on the website.
B. fulfill any legal obligations to which the Data Controller is subject; fulfill the obligations deriving from the law, from regulations, from national and community legislation or from an order of the Authority.
In compliance with the art. 6 of the GDPR, the legal basis of the processing is the fulfillment of a legal obligation (par. 1 letter c));
In addition to these data, freely transmitted by the user on the site, navigation data could also be processed, collected following the use of our services by the user and, in particular:
- information on the device with which the user connects;
- device-specific information (e.g. device type, mobile network information);
- Log information. While you use our services or view content provided by the Owner, we may automatically collect and store some information in server logs . This information may include: data about how you use our service, such as your search queries; information about internet connection data such as IP address and all data connected to it; device event information such as system activity, hardware settings, browser type and language, timestamps of requests and referring URLs; cookies that may uniquely identify your browser or user account.
We and our partners may use various technologies to collect and store information when the Site is visited and/or a service of the Company is used, which may involve the sending of one or more technical cookies or anonymous identifiers to the user’s device.
Nature of the provision of data and consequences of any refusal
The provision of data is necessary to be able to provide the services requested through the Website (for example, request for information in the “Contact Us” area). Refusal to provide data will make it impossible to provide the requested service.
Methods of data processing
Data processing is carried out through IT procedures or in any case telematic means by specially trained, educated and authorized internal and/or external subjects. The data is stored in IT and telematic archives.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
The navigation data will be anonymised at the end of the session, unless legal obligations or other legitimate reasons lead the Data Controller to behave differently (for example following a request from the judicial authority or in the case of activities carried out to the detriment of XMetaReal Italia Srl or its website).
The other data processed are kept for the time necessary to render the service requested by the user, they are then aggregated and made anonymous.
Data recipients and transfer to third countries
The data will not be communicated to third parties and will not be subject to disclosure.
The data will be processed within the EU.
Rights of the interested party
As foreseen by the art. 13 of the EU Privacy Regulation 2016/679, you may at any time:
- ask the Data Controller to access personal data and correct or cancel them or limit their processing;
- object to the processing of your personal data;
- exercise the right to data portability;
- lodge a complaint with a supervisory authority.
The rights described above can be exercised with a request made informally to the Data Controller at the addresses referred to in paragraph 1.
Modification of the information on the processing of personal data
Update date: March 9, 2023