Post cover image

Privacy Policy

Information on the processing of personal data in accordance with Articles 13 and 14 GDPR

Dear User, This information is provided not only to comply with the obligations imposed by the laws on the protection of personal data - Regulation (EU) 2016/679 (hereinafter "GDPR"), Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (or "Code for the protection of personal data") and the relevant provisions of the Guarantor Authority for the protection of personal data - but also because NFT Factory S.r.l. (hereinafter also "we" “us” or the “company”) believes that the protection of personal data is a fundamental value of its activity and wishes to provide every information that can help you protect your privacy and control the use that is made of personal data when browsing the website (hereinafter the "Site"). Personal data are information concerning an identified or identifiable natural person defined as "data subject" (hereinafter also "User"), such as personal data, navigation data, information on economic conditions, health status, lifestyle, etc.

1. Contacting Us

The Data Controller, i.e. the subject who determines the purposes and means of the processing of personal data to whom you can turn to exercise the rights recognized by the GDPR, is NFT Factory S.r.l., VAT number 12524830960, with registered office in Milan, Via Santa Monica 1, 20162. For questions about this Privacy Policy, or our use of your personal information, cookies or similar technologies, please contact us by email at [email protected]

Please note that when you contact us to assist you, for your safety and ours we may need to authenticate your identity before fulfilling your request.

2. Data sources

The Data Controller's systems acquire, during their normal operations, certain personal data relating to navigation by users. This category includes:

  • Information you provide us

    user’s wallet addressuser’s wallet address

    e-mail address and additional information provided in the context of an operational or assistance request (reason for contact or complaint).

  • Identifiers

    User ID such as connected wallet address.

  • Browsing and usage data

    Information relating to the sections and pages of the visited websites (such as, for example, the URL addresses of the resources contained on the Website and on third-party sites, the time of the visit, the size of the file obtained in response). Such data are collected anonymously and with a statistical scope and aim.

3. Purposes and legal basis


Legal Basis

To provide the services requested by data subjects. In particular, the processing of personal data is aimed at: • enable navigation and use of the Website; • verify the users’ identity; • enable the use of services requested by users, in compliance with the Terms of Service • send notices.

The performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at his/her request (Article 6 (1)(b) GDPR).

To process and respond to customer service communications and enquiries.

Legitimate interest (Article 6(1)(f) GDPR).

To improve our products and services (e.g. by conducting user surveys and research activities to provide new features and to assess user satisfaction).

Legitimate interest (Article 6(1)(f) GDPR).

To send information about our products and services, such as newsletters by e-mail in each case similar to those covered by the contracts concluded between you and NFT Factory S.r.l.

In pursuit of our legitimate interests (Article 6(1)(a) GDPR), as long as the interests or fundamental rights and freedoms of the person concerned do not prevail (Article 130 (4), Italian Privacy Code (D.Lgs. n. 196/2003, as modified by D.Lgs n. 101/2018). Such processing carried out on the basis of our legitimate interest does not require your specific consent. You may, however, object to the processing at any time by sending a written communication to the address [email protected] or, with specific reference to receiving direct marketing communications by email, by clicking on the unsubscribe link in each communication.

To protect our systems, prevent fraud and help us protect security (e.g. by confirming your identity) and to assert and defend the rights of NFT Factory S.r.l.

Legitimate interest (Article 6(1)(f) GDPR).

To comply with our legal obligations, including requests from competent authorities (administrative, tax and judicial).

Fulfilling a legal obligation to which we are subject (Article 6(1)(c) GDPR).

To establish, exercise or defend our rights and those of our employees, and to carry out corporate transactions or operations (e.g. in the event of bankruptcy, merger, acquisition, re-organisation, sale of assets or assignments, and due diligence relating to such transactions).

In pursuit of our legitimate interests (Article 6(1)(f) GDPR), as long as the interests or fundamental rights and freedoms of the person concerned do not prevail.

If you have any questions about the use of personal data (including legal bases and transfer methods), cookies or similar technologies, you can contact us by e-mail at

4. Cookies and other tracking tools uses

NFT Factory S.r.l. uses cookies primarily to make the experience on the website simpler and more intuitive and to offer you a more pleasant and efficient navigation. You can find here the Cookie Policy

For any questions or comments regarding this Cookie policy, you can contact us via email at: [email protected]

5. Data storage & protection and possible extra-EU transfer

Personal data will be processed by automated and non-automated means and will be stored at our office and on the servers of our service providers located in the EU. Please note that NFT Factory may keep the following data for the sole purpose of creating a leaderboard: the user's public key, the character used to play and the score. Your personal data will be kept as long as necessary to fulfill the purposes indicated above, without prejudice to the cases in which the retention for a longer period is necessary to comply with the applicable legislation or with requests received by competent authorities. The personal data that we process on the basis of your consent are retained until your consent is withdrawn. We also may retain some data even after the termination of the relationship with you related to the provision of services, depending on the time required for the management of specific contractual or legal obligations, as well as for administrative, tax and/or contribution purposes, for the period of time required by applicable laws and regulations, as well as for the time required to enforce any rights in court. Basically, we will not transfer your personal data outside the European Economic Area. If, in pursuit of the purposes set out in this policy, it becomes necessary to transfer your data outside the European Economic Area and to countries or territories that are not the subject of an adequacy decision by the European Commission under Article 45 GDPR, (i) we will carry out such transfer on the basis of the conditions set out in Articles 46 or 47 GDPR (adequate safeguards or binding corporate rules) and/or the exemptions set out in Article 49 GDPR, and (ii) we will take technical-organisational and/or contractual measures that are necessary from time to time to ensure a level of protection of your personal data comparable to that guaranteed by the applicable legislation in the European Economic Area. We take technical and organisational measures to prevent the loss, misuse and alteration of your personal data. In some cases, data encryption and pseudonymisation measures may also be taken. However, transmissions over the Internet are never 100% secure, and you should not provide any personal data if you want to avoid any risk.

6. Access to personal data

We will share your personal data with the following categories of recipients:

  • Providers performing activities related or instrumental to our business and operational activities as outsourced data controllers appointed in writing in accordance with applicable privacy laws, or acting as autonomous data controllers (such as IT or storage service providers, mobile measurement partners, mobile marketing service providers, and advertising networks and platforms).

  • If we enter into a business transaction or corporate operation (e.g., in the event of bankruptcy, merger, acquisition, reorganization, asset sale or divestiture, and due diligence related to such transactions), your personal information may be disclosed to our advisors and the advisors of any potential buyer, and may be one of the assets that is transferred to another owner.

  • Public, judicial or police authorities, within the limits established by applicable laws.

Personal data will not be disclosed for reasons other than those stated above, unless such disclosure is deemed necessary to fulfill a legal obligation or if your consent is required.

7. Information and privacy rights

In compliance with the European Regulation n. 679/2016 (GDPR) and the national legislation, as data subject you may - in the manner and within the limits provided for by current legislation - exercise the following rights:

  • request confirmation of the existence of personal data concerning you (right of access);

  • to know their origin;

  • receive intelligible communication of them;

  • obtain information on the logic, methods and purposes of the processing;

  • request the updating, rectification, integration, cancellation, transformation into anonymous form, and blocking of data processed in violation of the law, including data no longer necessary for the purposes for which they were collected;

  • in cases of processing based on consent, to receive, at the sole cost of any support, your data provided to the controller, in a structured and machine-readable form and in a format commonly used by an electronic device;

  • the right to lodge a complaint with the supervisory authority (Privacy Guarantor)

  • as well as, more generally, to exercise all the rights accorded to you by current legal provisions.

Requests should be addressed to the Data Controller by writing to the mailbox [email protected] or to the physical address of the Data Controller. Where data are processed on the basis of legitimate interests, the data subject's rights to processing are still guaranteed (except for the right to portability, which is not provided for by the rules), in particular the right to object to processing, which can be exercised by sending a request to the Data Controller. For other requests, or if you have any questions regarding our privacy policies, please contact us at [email protected]

We respond to all requests we receive from users wishing to exercise their rights in accordance with applicable data protection laws.

8. Changes to this information

This information is updated as of June 9, 2023. Any future changes made to this information will be published on this page. The Company invites Users to regularly view this page in order to be updated in relation to any changes. If necessary, the changes made to this information will be notified to the User by email.

Copyright © 2022 - 2023 NFT Factory All Rights Reserved

Cookie Policy

Check our cookie policy here