Privacy and the protection of your personal data are very important for DOTMOOVS which has always processed the collection, use, consulting and treatment of the data in strict compliance with the applicable legislation regarding personal data protection. With the application of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, also called the General Data Protection Regulation (GDPR), DOTMOOVS is committed to providing its customers with detailed information about the use and protection of their personal data, the reasons why it is processed and their rights regarding this processing, among others, in compliance with the provisions in articles 13 and 14 of the GDPR.
1.- Data Controller
1.1 - DOTMOVS OÜ, with head offices at Harju Maakond, Tallinn, Kristiine Linnaosa, Keemia tn 4, 10616, owner of DOTMOOVS platform, is the entity responsible for processing the personal data of DOTMOOVS users.
1.2 - DOTMOOVS users can contact the data controller through the following addresses to raise any questions or get clarification regarding personal data protection:
- By email to email@example.com;
- By mail to: Harju Maakond, Tallinn, Kristiine Linnaosa, Keemia tn 4, 10616, Estonia.
2.- Principles applicable to the protection of your personal data
DOTMOOVS processes your personal data in accordance with the general principles laid down in the General Data Protection Regulation (GDPR) and in other applicable legislation to the protection of personal data, namely:
- Principle of lawfulness, fairness and transparency: DOTMOOVS guarantees that your personal data is subject to lawful, fair and transparent processing;
- Principle of purpose limitation: Personal data is processed by DOTMOOVS for specified, explicit and legitimate purposes, and are not further processed in a manner incompatible with those purposes;
- Data minimisation principle: In the interests of minimum and limited data collection, DOTMOOVS only processes data that is strictly necessary, appropriate and relevant to the purposes for which it is processed;
- Principle of accuracy: DOTMOOVS undertakes to delete or rectify any personal data that is found to be inaccurate or imprecise as soon as possible.
- Principle of conservation: personal data shall be stored by DOTMOOVS for the period of time strictly necessary to fulfil the purposes for which they were collected;
- Principle of integrity and confidentiality: DOTMOOVS undertakes to process your data securely, implementing technical and organisational measures to ensure a high level of protection of personal data, particularly those necessary to ensure the confidentiality and integrity of this data.
3.1. - Personal data: any information that, whatever its medium, directly or indirectly identifies or is likely to identify a natural person, in particular by reference to an identifier, such as a name, an identification number, a location data, an electronic identifier, or other specific elements of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.
3.2 - Personal data subject: any natural person to whom the personal data refer. Within the scope of the activities pursued by DOTMOOVS, the following are data subjects: the users of DOTMOOVS platform, web site or other pages, its clients, employees, service providers and suppliers.
3.3 - Processing of personal data: operation or set of operations performed on personal data, by automated or non-automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction. In short, the concept of Processing of Personal Data is comprehensive and shall apply to all operations or set of operations carried out by DOTMOOVS with reference to your personal data.
4.- Grounds for lawfulness
4.1 - DOTMOOVS, in accordance with the "lawfulness principle", only processes personal data when there are legitimate grounds for doing so.
4.2 - The processing of the personal data of data subjects is essentially carried out on the following grounds:
- Consent: when the data subject has given his or her consent to the processing of his or her personal data, for one or more specific purposes, through a declaration or positive act that expresses a free, specific, informed and explicit expression of will that the data subject authorises the processing of his or her data;
- Performance of pre-contractual diligence: when the processing is carried out with a view to the performance of steps or procedures preceding the conclusion of a certain contract - pre-contractual diligence;
- Execution/performance of a contract: when the processing of the data is assumed as necessary for the conclusion, performance or development of a contractual instrument to which the holder of the personal data is a party;
- Compliance with a legal obligation: when the processing is necessary to comply with a legal obligation incumbent upon the controller, that is, to comply with a legal imposition to which the controller is bound.
- Pursuit of legitimate interests: where the personal data are processed to pursue the legitimate interests of the controller, particularly marketing, except where the interests or fundamental rights and freedoms of the data subject require protection of the personal data.
5.- Personal data category
5.1 - DOTMOOVS processes personal data of varying nature and sensitivity, depending on each area of activity and the purpose underlying the processing of such data.
5.2 - Depending on the purpose, DOTMOOVS processes various categories of personal data, including:
- Identification data (e.g. signature);
- Address and contact data (e.g. e-mail address);
- Biometric data (e.g. video records of the users playing);
6.- Purposes of processing the data and legal grounds
6.1 - DOTMOOVS user’s personal data is processed in pursuit of specific, explicit and legitimate purposes and cannot later be processed in a way that is incompatible with these purposes.
6.2 - In order to ensure a minimum and limited collection of data, DOTMOOVS only handles data that is strictly necessary, adequate and important for the purposes for which it is handled.
6.3 - Our customers' personal data can be processed namely for the following purposes:
- To manage your access, usage or interaction on DOTMOOVS platform, i.e. if you want to access or use the platform, we need to handle some data related to you to grant you access to various functions, products and DOTMOOVS services, as if we did not process the data this would not be possible.
- Compliance and enforcement of applicable Anti-money launderingCounter terrorism financing (AMLCTF) legislation, regulators requests, sanctions and PEP screenings, fraud suspicion investigations (including anti-cheat logs), purchases, and general platform usage, which occurs for instance when you use MOOV tokens.
- Marketing and communication of products and services. DOTMOOVS handles your data to send you written notices, warnings, disclosures and announcements, by email and/or by other electronic communications, in order to advertise or promote a particular DOTMOOVS product or service. This data processing occurs in pursuit of the data controller's legitimate interests and/or when a customer has given their free, informed and explicit consent for this purpose, or when the user made the data manifestly public;
- To send invitations to the users, by email and/or by other electronic communications, in order them to participate in competitions or other DOTMOOVS events;
- Customer support. DOTMOOVS considers its legitimacy to process DOTMOOVS customers data to answer requests and/or questions raised regarding DOTMOOVS products and services.
- information management;
- management of complaints, compliments and incidents;
- dissemination of external communications;
- quality control;
- accounting and management;
- payment management;
- execution of internal or external audits;
- receiving and processing requests for IT support
- information security control;
- access management, logs;
- backups management;
- management of security incidents;
- management of litigation and other conflicts;
- In the pursuit of statistical or similar purposes;
- DOTMOOVS will still be able to proceed to the treatment of the users' data in the accomplishment of other their legitimate interests.
7.- Personal data recipients
7.1 - For the purposes mentioned above and in compliance with its legal obligations, DOTMOOVS may have to send the user’s personal data to third parties, namely:
- To entities that are subcontractors pursuant to the General Data Protection Regulation, to provide the contract enforcement services, information technologies, data storage, auditing, document management and litigation, namely with service providers in the security services, AMLCTF, accounting, information systems, auditing and litigation areas. DOTMOOVS shall only use subcontracted entities who act according to its instructions and as long as they present sufficient guarantees they can undertake the proper technical and organizational measures, so that the processing satisfies, among other things, the security, confidentiality and integrity requirements and these guarantees are formalized in an agreement signed by DOTMOOVS and the entities.
- Entities that are considered to be third parties for the purpose of the General Data Protection Regulation such as the Tax and Customs Authority, Judicial Entities and Regulators.
8.- Storage Period
8.1 - DOTMOOVS will retain personal data for the period of time strictly necessary for the performance of the respective purposes or, as the case may be, until the data subject withdraws the consent given or exercises his or her right to object or erasure.
8.2 - DOTMOOVS may be required to retain some of the personal data for a longer period taking into account factors such as:
- Legal obligations, under the laws in force;
- Statute of limitations under applicable laws;
- (possible) litigation;
- guidelines issued by competent data protection authorities.
9.- Data Subject' Rights
9.1 - DOTMOOVS users or customers, as the data subjects, through the collection and processing of their data, have the following rights:
- the right of access: whenever they request, they can access their personal data, get information about the processing of their data and get a copy of their personal data that is handled;
- the right of rectification: whenever they consider that their personal data is incomplete or inaccurate, they can request its rectificationmodification;
- right of data erasure: notwithstanding any legal obligations that may limit this right, the data subjects can request their data elimination when: the data no longer needs to be processed for the purpose that justified its collection or processing; the user withdraws its consent on which the data processing was grounded and there are no other legal grounds for it; they present opposition to the processing of the data and there are no prevailing legal interests, to be assessed on a case by case basis, that justify the processing; when the data has been processed illegally; the personal data has to be deleted to comply with a legal obligation that the data controller is subject to; the data has been collected in the context of the offer of services by the company mentioned in article 8(1) of the General Data Protection Regulation;
- right of limiting the processing: the data subject can request to limit the processing of their data in the following situations: if the user challenges the accuracy of the data, during a period that allows the controller to check its accuracy; if the processing is illegal and the data subject opposes to their personal data being deleted and requests that its use be limited; if the data processor no longer needs the data to be processed but the data is still necessary for the purposes of declaration, exercise or defense of a right in a legal process; if the user opposes to the processing, until it is seen that the legitimate interests of the data processor prevails over theirs.
- the right of objection: the data subject has the right to oppose to the processing of their data when the processing is based on the legitimate interest of the controller or when the data is processed for other reasons than those for which it was collected, but that is compatible with it.
If you oppose to the processing of the data, DOTMOOVS shall stop processing your data unless it has legitimate reasons to conduct this processing and these prevail over your interests. You can also oppose the processing of your data at any time for direct marketing purposes.
- right to portability: if your personal data is in a structured format that is in current use and of automatic reading, the processing is based on the express consent or by contractual form and if it is done by automatic means, you have the right to send them to another controller as long as if that is technically possible.
- right to withdraw your consent: in situations where the processing in question is undertaken based on your consent, you have the right to withdraw the consent you gave at any time. In this case, the controller will stop processing the data in question, unless there are other grounds that justify the processing.
- the right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Republic of Estonia Data Protection Inspectorate regarding the matters concerning the processing of your personal data.