1.1. WonderGames is a data controller within the meaning of the General Data Protection Regulation. Further details about us and how to contact us appear below.
1.2. We collect personal data from you when you contact us, when you use our website, when you make purchases in our in-site shop, and when you provide us with your personal data directly.
1.3. We have legal obligations to you to inform you of:
a. The personal data which we collect from you
b. How we use your personal data
c. The purposes for which we process your personal data
d. The legal basis for processing your personal data
e. Who we share your personal data with
f. Where we store your personal data, and what protections we have in place for it
g. Where we send your personal data, and where applicable the existence of automated decision-making and profiling (the logic, the significance and the envisaged consequences), whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. h. The periods for which we retain your personal data
j. Your rights under the General Data Protection Regulation
1.4. We set this information out below for you.
2. How we process your Personal Data:
2.1. Personal data are informations that identifies you as a person, either directly or indirectly.
2.2. Personal data include personal data
a. that has been submitted to our system by you (such as name and e-mail when signing up,
b. about you contained in messages sent through our contact forms or to our e-mail accounts),
c. data that has been created or logged automatically by our systems (by registering the IP address, app version or browser signature you use during your visits to our site and app.
2.3. When we process your personal data, we:
a. do so lawfully, fairly and in a transparent manner
b. collect it for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
c. limit our collection to what is adequate and relevant to what is necessary in relation to the purposes for which they are processed
d. take reasonable steps to keep it accurate and up to date having regard to the purposes for which they are processed
e. keep it in a form where we can identify you for no longer than is necessary, for the purposes for which it is processed
f. process it in a manner that ensures appropriate security of the personal data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. We use appropriate technical or organisational measures to do so.
3. Personal data collected
3.1. The types of personal data we may collect from you when you contact us, register and use our game and apps, or visit our website includes:
3.2. Please help us keep your personal data up to date and let us know when it changes.
3.3. Also, game data: Any information created by the Soccerwonder game engine is non-personal information. This includes match orders placed, matches played, match statistics, players scouted, nicknames given, transfers made, achievements earned, titles won, and many other things. It also includes team names. This kind of data is out of the scope of privacy regulations. If you exercise your right to be forgotten, this data will be anonymised.
4. Why we collect personal data:
4.1. We need to collect personal data from you to communicate with you, to be able to offer you the services you request, and to be able to verify your age.
4.2. Without your personal data
a. our website would not function properly;
b. we could not provide you with our game;
c. we could not respond to you if you have any questions;
d. we could not comply with our legal obligations;
e. we could not maintain our legitimate business operations;
4.3. As a user in SoccerWonder you are able to communicate with others through many communication channels. You then have the opportunity to also share information about yourself.
4.4. Information sent by way of e-mail, chat messages, contact forms or internal SoccerWonder messages to SoccerWonder representatives or game volunteers. It will be treated with confidentiality and deleted on your request.
4.5. Personal data shared through public settings, such as a SoccerWonder press release, blog posts, guestbook messages or forum posts, can be shared and stored by anyone and is outside SoccerWonder control.
4.6. Information posted to the public parts of SoccerWonder (forums, guestbooks, press releases) is never deleted automatically. It is an important part of the game history. If you exercise your right to erase your personal data, your forum posts will only be anonymised.
4.7. We do not knowingly supply our services to those under 13 years of age. We will require parental consent of those that are between the ages of 13 and 16.
5. Where do we obtain your personal data:
5.1. We primarily obtain personal data about you directly from you, when you register and through your continued use of the website;
5.2. Other users of SoccerWonder may also post information relating to you on our forums, in guestbooks, press announcements, the SoccerWonder messaging system. Such information could contain personal details.
6. How we use your personal data:
6.1. We process your personal data for the following purposes, where we have a legal basis to do so:
6.2. We use your personal data for the following reasons:
a. You have given us your consent in writing for the purposes for which you provided your personal data
b. We need to take steps to form a contract with you and perform a contract with you
c. We need to comply with a legal obligation other than with you;
d. We or someone else has a legitimate interest other than where your interests or fundamental rights and freedoms would be overridden.
6.3 We believe we have legitimate interests to process your personal data to:
a. Administer contracts with you and others
b. Enable us to meet our legal and statutory obligations to you and others
c. Ensure compliance with our policies and procedures
d. Conduct data protection assessments and audits
e. Prevent, detect, investigate and address fraud, corruption and misconduct by you and others
f. Ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
g. Value and sell our business
6.4. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
6.5. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. Data Sharing
7.1. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
7.2. Other game users are able to view your User Profile data as part of the playing the game and any participation you have in our forums or chat rooms.
7.3. We otherwise limit access to your personal information to those employees, agents, contractors and other third parties who need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. When we do send them personal data or make it available to them, we minimise it. In many cases, we are able to pseudonymise it and sometimes anonymise it so that they do not tell who you are.
7.4. They are:
a. Managers and Moderators.
Informations shown by us to our volunteers about other users are anonymized and do thus not constitute personal data. However, all volunteers enter into an agreement to protect personal data about users if any such data would be offered to them by users through contact forms, forums or e-mail.
b. Payment processors. (Ingenico, PayPal)
c. Our accountants and auditors
d. Legal advisors
e. Website hosting infrastructure companies
f. Cloud storage providers
g. Advertising networks
7.5. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
7.6. We also may have cause to share your personal information with:
a. telecommunications providers, such as providers that provide telephone, instant messaging services, post and couriers;
b. computer systems service providers, including IT security personnel
c. regulatory authorities.
7.7. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
7.8. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms.
Promotional Offers from Us
7.9. We may use your Contact Details, User Profile to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
7.10. You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
Third Party Marketing
7.11. We will get your express opt-in consent before we share your personal data with any company for marketing purposes.
7.12. You can ask us to stop sending you marketing messages at any time by selecting options in your online profile [or emailing us]. We include opt-out links on all marketing messages.
7.13. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
7.14. There are some messages that you are not able to opt-out of, such as security messages.
8. Automated Decision Making
8.1. Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
8.2. We do not automate decision making in a way that effects your legal rights or has legal consequences for you.
8.3. Where we are allowed to use automated decision-making:
a. where we have notified you of the decision and given you 21 days to request a reconsideration.
b. where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
c. in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
8.4. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
9. Data Storage
9.1. We transfer your personal data outside the EEA as follows:
10. Data Security
10.1. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to those employees, agents, contractors and other third parties who need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
10.2. We store all information that you provide to us on secure servers.
10.3. We train employees regarding our data privacy policies and procedures, and permit authorised employees to access information on a need to know basis, as required for their role.
10.4. We use firewalls designed to protect against intruders and test for network vulnerabilities.
10.5. Where you have a password which enables you to use our services you are responsible for keeping this password complex, secure, and confidential. If you would like to update or change your password, you may select the â€œForgot your password?â€ link on the login page. You will be sent an email that allows you to reset your password.
10.6. However, no method of transmission over the internet or method of electronic storage is completely secure.
10.7. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
11. Retention of your Data
11.1. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
11.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11.3. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
11.4. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will retain and securely destroy your personal information (as the case may be) in accordance with applicable laws and regulations.
11.5. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with our data retention policy.
12. Rights of access, correction, erasure, and restriction
12.1. You have a series of rights under the General Data Protection Regulation.
12.2. Not all apply in all circumstances. Under certain circumstances, you have the right to:
a. Request access to your personal information (commonly known as a 'data subject access request'). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
b. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
c. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
d. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
e. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
f. Request the transfer of your personal information to another party.
12.3. If you would like to exercise any of these rights, please contact us using the details below. We will need to verify your identity before we are able to release any personal data to you.
13. Withdrawal of Consent
13.1. Where you may have provided your consent for us to process your personal data and/or transfer your personal data for a specific purpose, you can withdraw it at any time.
13.2. To withdraw your consent, please contact us using the e-mail firstname.lastname@example.org, using the GDPR option in our contact form, or by visiting the Preferences page on SoccerWonder, where your privacy controls are located. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
14. About Us
14.1. SoccerWonder is part of WONDERGAMES, a private Company formed in Italy not yet registered into the Italian Company Official Register.
14.2. SoccerWonder has under the Italian Data Protection Ordinance of 2018 registered as Data Controller with the Italian Data Protection Commissioner (https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161).
14.3. SoccerWonder is responsible for the personal data we hold and use.
14.4. The person responsible for data protection at SoccerWonder is Valerio Colace.
14.5. If you are dissatisfied with the way we process your personal data, you have the right to complain to the Italian Data Protection Commissioner.
14.6. They may be contacted at https://www.garanteprivacy.it/web/guest/home/autorita.
14.7. We would prefer to try and resolve any difficulties between us and make them right before you approach the ICO. Please consider contacting us in the first instance.
15. Changes to this Privacy Statement