In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and current data protection legislation, we hereby inform you that the Data Controller of your data is DIGITAL COLLECTIVE TOKENS, SL, holder of Tax Identification Number B04990115, whose headquarters is Calle Violetes, 32 (08197), Sant Cugat del Vallès (Barcelona) registered in the Commercial Register of Barcelona, Volume 47,777, Folio 183, Page B-561934 (hereinafter "MITO", "Company", "we" o "us") and e-mail [email protected].

The purpose herein is to provide information on how MITO processes your personal data in accordance with current Personal Data Protection legislation, specifically Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (hereinafter, "GDPR") and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, "LGPDGDD").”).

I. Purposes of processing

Why do we process your data?

The Data Controller shall process your data, in a fair and transparent manner, whether by automated or non-automated means, for the following specified and explicit purposes:

II.- Legal basis

What is the legal basis for processing your data?

The legal basis is as follows:

III. Recipients

Who may we disclose your data to?

Personal data may be transferred/communicated to the following recipients:

Will your data be transferred internationally?

MITO operates systems outside Europe. As a result, we may transfer personal data from Europe to third countries outside Europe under the following conditions:

When you have given us your prior consent to transfer to a third country, you may withdraw your consent at any time. However, please be aware that our services may not be available if we are unable to transfer personal data to third countries.

When we transfer personal data to third countries, we strive to ensure that appropriate safeguards are put in place, for example, through the use of standard contractual clauses or Privacy Shield certification.

IV. Data retention period

How long do we keep your data?

In accordance with the principle of minimisation and limitation of the retention period, the personal data provided shall be kept for a period of time not longer than necessary to fulfill the specific purpose and/or purposes for which they are collected and for as long as the business or employment relationship is maintained.

Once the relationship has come to an end, the data shall be kept for the appropriate period of time in order to comply with the statute of limitations for possible data protection infringements, as well as the statute of limitations periods pursuant to other applicable legislation, although duly blocked before destruction.