RORTOS PRIVACY POLICY
Dear User, we are pleased that you have chosen games of Rortos.
Below we present the privacy policy („Privacy Policy”) explaining how we process your personal data, with
whom we share these data and how long the data will be stored. You will also learn what rights you have and
how you can execute them.
This Privacy Policy applies to electronic services provided by Rortos S. r. l. with its registered seat in (referred to
as „Rortos” or „we”) in the form of mobile games, available online on our websites or on third-party websites
such as Facebook, in the form of mobile applications, as well as website http://www.rortos.it/ (collectively
referred to as „Services”).
Please read the Privacy Policy and the enclosed Terms of Service.
I. WHO DO YOU SHARE YOUR DATA WITH? MEET THE PERSONAL DATA CONTROLLER
Below we present the name and contact details of the entity acting as the controller of your personal data
(the controller is the entity providing the Services; in most cases it is the provider/developer of a given
game)
Controller’s name: Rortos S. r. l.
address: Via del Pontiere 11, 37122 Verona VR, Italy
II. CONTACT US
Contact us and we will do our best to give you a satisfactory reply.
You can do this in three ways:
❖ through the communication channels available on our main website: www.rortos.it
❖ by letter sent to our address provided in clause 1 of the Privacy Policy;
❖ by e-mail: info@rortos.com
III. FOR WHAT PURPOSE DO WE PROCESS PERSONAL DATA AND ON WHAT LEGAL
GROUNDS?
The main purpose for which we process your personal data is the need to perform the contract you have
concluded with Rortos by accepting the Terms of Service. We need your personal data, among others, to
manage the game user’s account; enable you to contact other Players, update the Player’s profile and
provide other services related to the game. In this case, the legal basis for the processing of your personal
data is the necessity to perform the contract (Article 6.1. (b) GDPR).
Your personal data may also be processed for other purposes, such as:
❖ execution of legal obligations related, among others, to in-game payments (legal basis: the
necessity to comply with a legal obligation, i.e. Article 6.1. (c) GDPR);
❖carrying out and verifying payments (legal basis: the necessity to perform a contract, i.e. Article
6.1. (b) GDPR);
❖Player’s service i.e. answering questions, comments, chat support, provision of technical support
(legal basis: legitimate interests in solving the Players’ problems i.e. Article 6.1. (f) GDPR);
❖conducting marketing activities, including activities based on profiling, i.e. presenting Players with
other games of Rortos that may be interesting to them, presenting personalized marketing content
(legal basis: legitimate interests in promoting Rortos, i.e. Article 6.1 (f) GDPR);
❖conducting and organizing competitions (legal basis: legitimate interests in promoting Rortos, i.e.
Article 6.1 (f) GDPR);
❖improving the quality of provided Services, including ensuring an adequate level of game security
– sending updates to Players, sending security alerts and other messages from technical support,
stopping attacks on systems (legal basis: legitimate interests consisting in ensuring the cyber
security of Players, i.e. Article 6.1. (f) GDPR);
❖development and improvement of Services and Players’ experience (legal basis: legitimate
interests in adapting the Services to the Players’ needs, i.e. Article 6.1. (f) GDPR);
❖determination, investigation and defense against legal claims (legal basis: legitimate interests in
providing Rortos with effective legal protection, i.e. Article 6.1. (f) GDPR).
IV. HOW LONG DO WE STORE YOUR PERSONAL DATA?
The storage time of your personal data depends on the purpose for which we obtained them. Above all,
we store your personal data for as long as it is necessary to provide our Services to you.
We may also store your personal data for the duration of our legitimate interests in the data processing or
until the moment specified by law.
The storage time of your personal data may also be extended if it becomes necessary to protect our rights.
The Player may delete her/his game account at any time. In such a case, we shall delete personal data,
except for those we have to store due to legal provisions or our legitimate interests in determining,
pursuing and defending against claims.
V. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Players’ personal data are not disclosed, except for the situations specified below:
1) PARTNERS CONTRACTED BY RORTOS
Rortos uses the services of its partners. The partners process the Players’ data only at the request
and in accordance with the instructions of Rortos to provide the Services. Our partners are
marketing agencies and other entities supporting us in our marketing activities, external IT service
providers (including the providers of IT systems), entities supporting us in handling
correspondence, entities providing us with consulting, advisory and auditing services as well as
entities providing us with legal, tax or accounting support, entities providing postal or delivery
services, operators of online payment platforms, entities cooperating with us in the field of sales as
well as entities comprising same capital group.
2) OTHER ENTITIES
We may share information relating to the Player as a consequence of any merger, sale of our
assets, financing or acquisition of our business, in whole or in part, by another company. The
Player shall be notified by e-mail and/or within the Service of any changes in the ownership or
changes of persons using the Player’s personal data.
Social features (such as forums or chats) are key elements of our games. When the Players use these
features, other players and users may, for instance, see their profile data, in-game activity data and read
the Player’s posts. Information shared by the Player also becomes publicly available – this means that not
only may we collect and use the information shared by the Player, but also, in some cases, the information
may be collected and used by other persons having access to such information without the User’s
knowledge. It is entirely up to the Player what she/he shares with other Players. Rortos does not share any
Player data with other Players.
VI. TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA COUNTRIES
Due to the global nature of our Services and, also, in order to provide the Players with the best
experience, the Players’ personal data may be transferred to various countries, including countries outside
the European Economic Area („EEA”). As different countries may have different data protection laws
than in the Player’s country, we take steps to provide appropriate safeguards to protect the data we were
provided with.
Appropriate safeguards include in particular:
1) decisions of the European Commission stating the appropriate level of protection of personal data
in a given country,
2) standard contractual clauses approved by the European Commission.
If necessary, in order to increase the security of personal data, we use additional supplementary measures,
such as e.g. encryption, to ensure that the transfer of personal data to a country outside the EEA is secure.
We inform you that at any time you have the option to receive a copy of the security measures we use in
the form of an appropriate document. For this purpose, please contact us at: legal@rortos.com
VII. YOUR RIGHTS
The Players have the right to:
1) demand access to her/his personal data (Article 15 GDPR);
2) demand the rectification of her/his personal data (Article 16 GDPR);
3) demand the erasure of her/his personal data (Article 17 GDPR);
4) demand the restriction of her/his personal data processing (Article 18 GDPR);
5) demand the transfer of her/his personal data (Article 19 GDPR);
6) object to the processing of her/his personal data (Article 20 GDPR).
If we process your personal data based on your consent, you have the right to withdraw your consent at
any time, which, however, shall not affect the lawfulness of processing based on your consent before its
withdrawal. In the event of withdrawal of your consent to the processing of certain data, the User may
not be able to use the full functionality of some services or participate in certain activities.
It may happen that deleting all the Player’s data may be technically impossible if these data are linked to
the Player’s accounts on other websites, in particular on social networking sites and mobile platform
operators.
Also, we’d like to inform that there are several opt-out methods that you may utilize such as opting-out
of marketing push notification and other direct marketing or targeted advertising by contacting us
directly, or opting-out of receiving promotional communications by simply uninstalling the application
software from your device.
You can also opt-out of interest-based advertising on mobile applications by checking the privacy
settings of your Android or iOS device and selecting “limit ad tracking” (Apple iOS) or “opt-out of
interest-based ads” (Android). For more information, see also: http://www.rortos.it/opting-out/.
The execution of certain rights may be limited by the provisions of law or the controller’s legitimate
interests.
If you consider that your rights or the rules for the processing of personal data have been violated, you
have the right to lodge a complaint with the competent supervisory authority. The default authority for
such a complaint is the Italian Data Protection Authority (Garante per la protezione dei dati personali),
address: Piazza Venezia 11 – 00187 Roma (Italy), but such a complaint may also be submitted to any
other personal data protection authority in one of the Member States of the European Union.
All the Player’s requests regarding personal data should be addressed to:
legal@rortos.com
VIII. OBLIGATION TO PROVIDE PERSONAL DATA
Providing us with personal data is a condition for concluding a contract for Services. Obviously, you may
decide not to provide us with any data, but then you will have no possibility to use your games. Providing
us with other personal data may be necessary, e.g. to carry out the payment process in the game – failure
to provide them will prevent the purchase.
IX. COLLECTING DATA ABOUT USERS THROUGH INDIRECT MEANS
If the Player creates or logs in to her/his account using a third-party platform and when she/he chooses
to link a third-party tool (e.g. Facebook, Messenger or Google), or when she/he uses the Services (in
particular, by playing our games) through any third-party applications, we may come into possession of
some of the User’s data that will be provided to us by the provider of the aforementioned third-party
applications. The information we obtain depends on the Services used by the User (this applies, in
particular, to our game played by the Player), the third-party applications used by the User, the User’s
privacy settings and, if applicable, the privacy settings of the User’s friends in third-party applications.
We may collect and store some or all of the following information from the provider of the third-party
application:
a) name and surname;
b) profile picture, Player ID (Facebook ID), which may be associated with publicly available user
information (profile picture);
c) the Player’s friends list and other publicly available data;
d) e-mail address provided in the respective application belonging to a third party;
e) the Player’s location and the location of the devices on which the User uses our Services;
f) gender;
g) age;
h) information regarding other activities undertaken through or in third-party applications;
i) other publicly available data made available in applications belonging to third parties.
We also collect the data regarding the Player’s purchases. If the Player makes any payments, our
payment partners collect the billing and payment information necessary to process the Player’s fees.
These data may include the Player’s mailing address, her/his e-mail address and financial data. Our
payment partners do not share the Player’s financial information with us, such as credit card numbers,
but they may share with us non-financial data relating to the Player’s purchases, such as name, surname
and purchased items.
If the Player plays our games connected with third-party apps or their platforms (such as Facebook,
Apple or Google), all purchases made by the Player will be processed by the respective third-party
application and will be subject to the terms of service and privacy policy of the respective third party.
Rortos does not come into possession of the Player’s financial data related to the above-mentioned
purchases, but may obtain access to the Player’s non-financial information related to the purchases made
by her/him, such as the Player’s name and surname and the items purchased by her/him. The type of
information we receive depends on the game the Player plays and the third-party application.
X. PROFILING
When the Player uses our Services, we collect data about her/his interactions with the Website and other
players in the game through server logs. In order to display personalized advertisements, tailored to the
User’s preferences or needs, ensure the security of our Services and analyze and monitor the use of our
Services by the User for such purposes as, for example, improving our games, we may automatically
profile and segment all data collected about the User (the information provided by the User may be
linked to her/his gamer ID, IP address or device ID). We may also undertake marketing activities related
to addressing our personalized offers and benefits to the User. We prepare them by analyzing the User’s
data and behavior and, based on them, we undertake activities, e.g. regarding the offer’s content and/or
whether to submit a given (special) offer to the User or not. The legal basis for such processing of
personal data is the contract for services (execution of the contract) and our legitimate interests.
If the data processing (profiling) is based on our legitimate interests, the User has the right to object to
such data processing at any time due to her/his particular situation. In such a case, Rortos is not entitled
to process (profile) the User’s data, unless it demonstrates compelling and justified grounds for their
processing that override the User’s interests, rights and freedoms, or when the processing is necessary to
establish, perform or defend against legal claims.
If we use the User’s data to profile them for direct marketing purposes, the User has the unconditional
right to object to such processing at any time. In such a case, the User’s personal data will no longer be
processed for such purposes, regardless of our interests, rights and freedoms.
XI. PUSH NOTIFICATIONS IN OUR GAMES
We may send push notifications to Players through our games in order to inform them about game
updates and new records, as well as to send other notifications related to the Services that may be
significant to the Players. The Player may at any time resign from receiving such notifications by
disabling them on her/his device using the settings.
XII. USER DATA SECURITY
In order to help to ensure safe gaming entertainment, we continuously develop and implement
administrative, technical and physical security measures to protect the Player’s data from unauthorized
access, loss, misuse and alteration.
However, it should be noted that none of these measures guarantee full security of the data provided to us.
No server, communications network or data transmission technology over the Internet is 100% secure.
Providing us with the data is the User’s decision. In the event such a decision is made, the Player takes
the risk of sharing data.
XIII. AGE RESTRICTIONS
If you are a minor under 14 years of age, to use our Services we must receive the consent of a parent (or
guardian) who authorizes the processing of personal data, at the following e-mail address:
legal@rortos.com, after reading this “Policy Privacy and cookies” information.
We do not knowingly collect or solicit personal data about or direct or target interest-based advertising to
anyone under the age of 14 (or other different age limit per country considered as protected age) or
knowingly allow such persons to use our Services. If you are under 14 (or other different age limit per
country considered as protected age), please do not send any data about yourself to us, including your
name, address, telephone number, or email address.
No one under the age of 14 (or other different age limit per country considered as protected age) may
provide any personal data. If we learn that we have collected personal data about a minor under age 14 (or
other different age limit per country considered as protected age), we will delete that data as quickly as
possible. If you believe that we might have any data from or about a minor under the age of 14 (or other
different age limit per country considered as protected age), please contact us at: legal@rortos.com.
XIV. INTERNET STORAGE TECHNOLOGIES/ MOBILE IDENTIFIERS
We use Internet storage technologies in our games, including mobile identifiers, in order to:
– enable the use of games and their functionalities,
– ensure their safety,
– improve the quality of games,
– conduct analytical activities enabling us to improve our games,
– conduct marketing activities,
– send PUSH notifications to the Players,
– provide the Players with the possibility to communicate with each other,
– carrying out the transactions.
Using online storage technologies is a common practice of mobile game providers. You don’t need to
worry about your device’s security – technologies used by us have no negative impact on devices. Also,
we don’t use technologies the aim of which is to obtain from you more data than those necessary to
provide our services.
You can write to us at any time to learn more about the technologies we use in our games.
XV. USE OF COOKIES
What are cookies?
Cookies are small text files that the sites visited by users send to their terminals, where they are stored
and then retransmitted to the same sites on the next visit. The cookies of the so-called “third party” are,
instead, set by a Website other than the one the user is visiting. This is because on each site can be present
elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers
other than that of the visited site.
What are cookies used for?
Cookies can be used for different purposes: execution of computer authentication, monitoring of sessions,
storage of information on specific configurations concerning users accessing the server, storing
preferences, etc.
Cookie Policy
The site (www.rortos.it) uses cookies to make its services simple and efficient for users who view the
pages of this site.
Users who view www.rortos.it site will see minimal amounts of information inserted in the devices in use,
which are computers and Mobile devices, in small text files called “cookies” saved in the directories used
by the user’s web browser.
There are various types of cookies, some to make the use of the site more effective, others to enable
certain features.
How can I disable cookies and manage user preferences?
We inform you that you can authorize, limit or block cookies through your browser settings. However, we
remember that disabling navigation or functional cookies can cause malfunction on websites and / or limit
the service that we offer.
For more information on cookies and to manage your preferences on third-party profiling cookies, please
visit the website of your browser.
We inform you that, at any time, you can obtain information on third-party cookies and you can authorise,
limit or disable these cookies by consulting the information and using the relative consent form, if
present, made available by the third parties (see par. XVI).
XVI. TYPES OF COOKIES USED AND RELATED PURPOSES
1) Technical cookies
These cookies, always sent by the domain www.rortos.it, are necessary to correctly view the site and in
relation to the technical services offered, they will therefore always be used and sent, unless the user
changes the settings in the browser (thus affecting viewing the site pages).
Their use is not instrumental to the collection of personal identification data of users, but to improve
navigation, such as returning to the same page if the internet connection is lost; or remember the
preferences selected by the user while browsing.
2) Statistics
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”).
Google uses the personal data collected for the purpose of tracking and examining the use of this online
space, compiling reports and sharing them with other services developed by Google.
Google may use personal data to contextualize and personalize the advertisements of its advertising
network. Personal Data collected: statistical navigation data.
Place of treatment: USA
Privacy Policy: https://policies.google.com/privacy?hl=en-US
3) Other types of Cookies or third-party tools that may install them
Facebook social widgets (Facebook, Inc.)
are services of interaction with the social network Facebook, provided by Facebook, Inc. Personal Data
collected: Cookies and Usage Data
Place of processing: USA
Policy privacy: https://www.facebook.com/policy.php
Twitter social widgets (Twitter, Inc.)
Social widgets are services of interaction with Twitter social network, provided by Twitter, Inc. Personal
Data Collected: Cookies and Usage Data.
Place of processing: USA
Policy privacy: https://twitter.com/en/privacy
YouTube Video Widgets (Google Inc.)
YouTube is a video content display service managed by Google Inc. that allows this application to
integrate such content within its pages.
Personal Data collected: Cookies and Usage Data
Place of processing: USA
Privacy Policy: https://policies.google.com/privacy?hl=en
Instagram widgets (Instagram, Inc.)
Is an image visualization service provided by Instagram, Inc. that allows this site to incorporate content of
this kind on its pages.
Personal Data collected: Cookie and Usage data.
Place of processing: USA
Privacy Policy: https://help.instagram.com/519522125107875
Discord
Discord, Inc. provides a social online and mobile chat platform via the Discord website, the Discord
application (the “App”) and related Internet services. The Service is operated by Discord, Inc.
Personal Data collected: Cookie and Usage data.
Place of processing: USA
Privacy Policy: https://discord.com/privacy
For more information on the Italian legislation regarding cookies visit: www.garanteprivacy.it/cookie.
XVII. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS.
This paragraph supplements the information contained in the “Privacy Policy and Cookies” of RORTOS
S.r.l. and applies only to California residents, defined as “consumers”, pursuant to the California
Consumer Privacy Act of 2018 (” CCPA“).
RORTOS S.r.l., in fully complying with EU Regulation 2016/679, guarantees, even to citizens residing in
the State of California, more restrictive privacy protections than the provisions of the aforementioned
CCPA.
All general information in the previous paragraphs remains valid and in particular the categories of data
processed (“The Data we collect”), the purposes of the processing (“Why we collect your data”), the
recipients of the data or who contribute to the treatment (“Who can see your data”).
It also specifies the following.
The CCPA grants rights to California consumers:
a) The right to know what personal information is collected, used, shared or sold, both as to the
categories and specific pieces of personal information;
b) The right to delete personal information held by businesses and by extension, a business’s service
provider;
c) The right to opt-out of sale of personal information. Consumers are able to direct a business that sells
personal information to stop selling that information. Children under the age of 16 must provide opt in
consent, with a parent or guardian consenting for children under 13.
d) The right to non-discrimination in terms of price or service when a consumer exercises a privacy right
under CCPA.
A consumer shall have the right to request that a business that collects personal information about the
consumer disclose to the consumer the following:
a) The categories of personal information it has collected about that consumer.
b) The categories of sources from which the personal information is collected.
c) The business or commercial purpose for collecting or selling personal information.
d) The categories of third parties with whom the business shares personal information.
e) The specific pieces of personal information it has collected about that consumer.
f) RORTOS S.r.l. does not directly sell the aggregate personal data of consumers.
RORTOS S.r.l. sells advertising space, within its applications/games, to commercial partners, who can
collect consumer data, in order to offer targeted offers or resell information, which contain the
consumer’s personal data, to third parties.
The commercial partners of RORTOS S.r.l., independently determine the purposes and methods of the
treatments and are required to guarantee the rights and privacy protections compliant with the applicable
regulations.
The complete list of partners is shown in this document, users are invited to read their respective “Privacy
Policies”.
Consumer rights under the California Consumer Privacy Act
Art. 1798.120.(a) A consumer shall have the right, at any time, to direct a business that sells personal
information about the consumer to third parties not to sell the consumer’s personal information. This right
may be referred to as the right to opt out.
(b) A business that sells consumers’ personal information to third parties shall provide notice to
consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that
consumers have the right to opt out of the sale of their personal information.
(c) A business that has received direction from a consumer not to sell the consumer’s personal
information or, in the case of a minor consumer’s personal information has not received consent to sell
the minor consumer’s personal information shall be prohibited, pursuant to paragraph (4) of subdivision
(a) of Section 1798.135, from selling the consumer’s personal information after its receipt of the
consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the
consumer’s personal information.
(d) Notwithstanding subdivision (a), a business shall not sell the personal information of consumers if the
business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the
case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of
consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s
personal information. A business that wilfully disregards the consumer’s age shall be deemed to have had
actual knowledge of the consumer’s age. This right may be referred to as the “right to opt in.”
Art. 1798.135.
(a) A business that is required to comply with Section 1798.120 shall, in a form that is reasonably
accessible to consumers:
(1) Provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My
Personal Information”, to an Internet Web page that enables a consumer, or a person authorized by the
consumer, to opt out of the sale of the consumer’s personal information. A business shall not require a
consumer to create an account in order to direct the business not to sell the consumer’s personal
information.
(2) Include a description of a consumer’s rights pursuant to Section 1798.120, along with a separate link
to the “Do Not Sell My Personal Information” Internet Web page in:
(A) Its online privacy policy or policies if the business has an online privacy policy or policies.
(B) Any California-specific description of consumers’ privacy rights.
(3) Ensure that all individuals responsible for handling consumer inquiries about the business’s privacy
practices or the business’s compliance with this title are informed of all requirements in Section 1798.120
and this section and how to direct consumers to exercise their rights under those sections.
(4) For consumers who exercise their right to opt out of the sale of their personal information, refrain
from selling personal information collected by the business about the consumer.
(5) For a consumer who has opted out of the sale of the consumer’s personal information, respect the
consumer’s decision to opt out for at least 12 months before requesting that the consumer authorize the
sale of the consumer’s personal information.
(6) Use any personal information collected from the consumer in connection with the submission of the
consumer’s opt-out request solely for the purposes of complying with the opt-out request.
(b) Nothing in this title shall be construed to require a business to comply with the title by including the
required links and text on the homepage that the business makes available to the public generally, if the
business maintains a separate and additional homepage that is dedicated to California consumers and that
includes the required links and text, and the business takes reasonable steps to ensure that California
consumers are directed to the homepage for California consumers and not the homepage made available
to the public generally.
(c) A consumer may authorize another person solely to opt out of the sale of the consumer’s personal
information on the consumer’s behalf, and a business shall comply with an opt out request received from
a person authorized by the consumer to act on the consumer’s behalf, pursuant to regulations adopted by
the Attorney General.
To exercise the rights illustrated above, we invite the consumer to send an e-mail
to legal@rortos.com with the subject “Request Rights provided by CCPA”.
RORTOS S.r.l. can provide services, including apps with simulators and video games, thanks to the
financial support that its business partners recognize. The player or his/her parent / guardian on behalf of
the minor, can interrupt the processing of his/her personal data for commercial purposes at any time but in
this case RORTOS S.r.l. cannot guarantee services under the same economic conditions.
XVIII. UPDATES
We may update this Privacy Policy by posting its new versions on the website and in the relevant games.
If we make any material modifications, we shall inform the Player about this fact by notification in the
Service before the modification comes into force. Further use of the Service after the modifications
become effective will be subject to the updated Privacy Policy.
Last update: 13.03.2023