1. Introduction / Introduzione
Squizito Fan ("we", "us", "our" / "noi") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Platform.
We comply with applicable data protection laws worldwide, including:
- General Data Protection Regulation (EU) 2016/679 ("GDPR")
- UK General Data Protection Regulation ("UK GDPR") and Data Protection Act 2018
- California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA")
- Italian Data Protection Code (D.Lgs. 196/2003, as amended by D.Lgs. 101/2018)
- Personal Information Protection and Electronic Documents Act ("PIPEDA") - Canada
- Privacy Act 1988 and Australian Privacy Principles - Australia
- ePrivacy Directive (2002/58/EC) and Italian implementation
Data Controller / Titolare del Trattamento:
Cathedral s.r.l.s
Registered Office: Via Casino Fondrini 6, 25080 Padenghe sul Garda (BS), Italy
VAT/P.IVA: IT03939260984
REA: BS-577421
Data Protection Officer (DPO) / Responsabile Protezione Dati:
Email: dpo@squizito.me
PEC: cathedral@mypec.eu
UK Representative (Post-Brexit):
For users in the United Kingdom, our UK representative for data protection matters can be contacted at: ukrepresentative@squizito.me
2. Data We Collect
2.1 Data You Provide
| Data Type |
Examples |
Purpose |
| Account Data |
Email, username, password (hashed) |
Account creation and authentication |
| Profile Data |
Display name, avatar, preferences |
Platform personalization |
| Verification Data |
ID documents (for prize redemption) |
Identity verification for rewards |
| Contact Data |
Address, phone (for merchandise) |
Delivery of physical items |
2.2 Data Collected Automatically
| Data Type |
Examples |
Purpose |
| Usage Data |
Predictions, achievements, activity logs |
Service delivery, leaderboards |
| Device Data |
Browser type, OS, screen resolution |
Technical optimization |
| Log Data |
IP address, access times, pages viewed |
Security, analytics |
| Cookie Data |
Session IDs, preferences |
Functionality, analytics |
3. Legal Bases for Processing
Under GDPR Article 6, we process your data based on:
| Legal Basis |
Processing Activities |
| Contract (Art. 6(1)(b)) |
Account management, prediction processing, reward delivery |
| Consent (Art. 6(1)(a)) |
Marketing emails, analytics cookies, promotional notifications |
| Legitimate Interest (Art. 6(1)(f)) |
Security monitoring, fraud prevention, platform improvement |
| Legal Obligation (Art. 6(1)(c)) |
Tax records, regulatory compliance, legal requests |
4. How We Use Your Data
- Service Delivery: Operate the Platform, process predictions, manage rewards
- Communication: Send service updates, respond to inquiries
- Personalization: Customize your experience, remember preferences
- Analytics: Understand usage patterns, improve services
- Security: Detect fraud, prevent abuse, protect users
- Legal Compliance: Meet regulatory requirements
5. Data Sharing
5.1 We May Share Data With:
- Service Providers: Hosting, email delivery, payment processing, shipping
- Analytics Partners: Google Analytics (anonymized data)
- Legal Authorities: When required by law or legal process
5.2 We Do NOT:
- Sell your personal data (see California Rights section below)
- Share your personal data for cross-context behavioral advertising
- Share data with gambling operators
- Transfer data outside EU/EEA without adequate safeguards
5.3 International Data Transfers
As we provide services internationally, your personal data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place:
| Transfer Scenario |
Safeguard Mechanism |
| EU/EEA to Italy |
No transfer (data remains in EU) |
| UK to Italy/EU |
EU Adequacy Decision for UK (2021) |
| EU to USA (cloud services) |
EU-US Data Privacy Framework + SCCs |
| Other international transfers |
Standard Contractual Clauses (2021 SCCs) |
Transfer Impact Assessments: We conduct Transfer Impact Assessments (TIAs) for transfers to countries without adequacy decisions to ensure your data receives equivalent protection.
6. Data Retention
| Data Category |
Retention Period |
| Account Data |
Duration of account + 2 years |
| Prediction History |
Duration of account + 1 year |
| ID Verification Documents |
30 days after verification |
| Transaction Records |
10 years (Italian tax law) |
| Log Data |
12 months |
| Marketing Consent Records |
Duration of consent + 2 years |
7. Your Rights (GDPR Articles 15-22)
As an EU resident, you have the following rights:
π Access
Request a copy of your personal data
βοΈ Rectification
Correct inaccurate or incomplete data
ποΈ Erasure
Request deletion of your data ("right to be forgotten")
βΈοΈ Restriction
Limit how we process your data
π¦ Portability
Receive your data in a portable format
π« Object
Object to processing based on legitimate interests
π€ Automated Decisions
Not be subject to solely automated decisions
β©οΈ Withdraw Consent
Withdraw consent at any time
How to Exercise Your Rights
You can exercise your GDPR rights easily through our platform:
Self-Service Options (Settings Page)
-
Data Export (Right of Access)
Download all your personal data in JSON format: Settings > Privacy > Request Data Export
-
Account Deletion (Right to Erasure)
Request permanent account deletion with 30-day grace period: Settings > Account > Delete Account
-
Marketing Consent (Right to Object)
Manage marketing preferences: Settings > Privacy > Marketing Consent
-
Notification Preferences (Right to Object)
Control which communications you receive: Settings > Notifications
Go to Settings
Other Requests
For other rights (rectification, restriction, portability), contact our DPO at dpo@squizito.me. We will respond within 30 days.
Right to Complain: You may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at
www.garanteprivacy.it
Account Deletion Process: When you request account deletion, your account enters a 30-day grace period. During this time, you can cancel the deletion by logging in. After 30 days, your personal data is permanently deleted, but anonymized prediction statistics may be retained for platform analytics.
7A. Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers: Email address, username, IP address
- Internet Activity: Browsing history on our platform, predictions made, interactions
- Geolocation Data: Approximate location based on IP address
- Inferences: Predictions about preferences based on platform activity
Your California Privacy Rights
Right to Know
Request disclosure of personal information collected, sources, purposes, and third parties with whom we share data
Right to Delete
Request deletion of your personal information, subject to certain exceptions
Right to Correct
Request correction of inaccurate personal information
Right to Opt-Out
Opt out of the sale or sharing of personal information (we do not sell personal information)
Right to Limit Use
Limit use of sensitive personal information (we do not collect sensitive PI)
Non-Discrimination
Not be discriminated against for exercising your privacy rights
Notice: We Do Not Sell Personal Information
Cathedral s.r.l.s. does NOT sell, and has NOT sold in the preceding 12 months, personal information of California residents as defined under CCPA/CPRA. We also do NOT share personal information for cross-context behavioral advertising purposes.
How to Exercise Your California Rights
California residents may submit requests by:
- Email: privacy@squizito.me (subject: "California Privacy Request")
- Through your account Settings page
We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.
Financial Incentives
We do not offer financial incentives for the collection or sale of personal information.
"Shine the Light" Disclosure
California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
7B. Additional Rights for UK Residents (UK GDPR)
Following the UK's departure from the European Union, UK residents are protected by the UK GDPR and the Data Protection Act 2018.
Your Rights Under UK GDPR
UK residents have the same rights as EU residents under GDPR, including:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
UK Supervisory Authority
Information Commissioner's Office (ICO)
UK residents may lodge a complaint with the ICO:
Website:
ico.org.uk
Helpline: 0303 123 1113
International Transfers from UK
Transfers of personal data from the UK to Italy/EU are permitted under the UK's adequacy decision for the EU. For transfers to other countries, we use UK-approved Standard Contractual Clauses.
7C. Additional Rights for Canadian Residents (PIPEDA)
If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
Your Canadian Privacy Rights
- Access: Request access to your personal information held by us
- Correction: Request correction of inaccurate or incomplete information
- Withdrawal of Consent: Withdraw consent to the collection, use, or disclosure of your information (subject to legal restrictions)
- Challenge Compliance: Challenge our compliance with PIPEDA
Contact for Canadian Privacy Matters
Email: privacy@squizito.me
Office of the Privacy Commissioner of Canada
Canadian residents may file a complaint with the Office of the Privacy Commissioner of Canada:
Website:
priv.gc.ca
Toll-free: 1-800-282-1376
7D. Additional Rights for Australian Residents
If you are an Australian resident, your personal information is protected by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Your Australian Privacy Rights
- Access: Request access to personal information we hold about you (APP 12)
- Correction: Request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information (APP 13)
- Anonymity: In some circumstances, deal with us anonymously or using a pseudonym (APP 2)
- Direct Marketing Opt-Out: Opt out of receiving direct marketing communications (APP 7)
Office of the Australian Information Commissioner (OAIC)
Australian residents may file a complaint with the OAIC:
Website:
oaic.gov.au
Phone: 1300 363 992
Overseas Disclosure
Your personal information may be disclosed to our service providers located overseas, including in the European Union and United States. We take reasonable steps to ensure overseas recipients handle your information in accordance with the APPs.
8. Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication
- Regular security audits and penetration testing
- Employee training on data protection
- Incident response procedures
9. Children's Privacy
Squizito Fan is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we learn that we have collected data from a minor, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email or in-app notification at least 30 days before taking effect.
The "Last Updated" date at the top indicates when revisions were made.
11. Contact Us
Data Protection Officer:
Email: dpo@squizito.me
PEC: cathedral@mypec.eu
General Inquiries:
Email: privacy@squizito.me
Address: Via Casino Fondrini 6, Padenghe sul Garda 25080 Brescia (BS), Italy
