Interaction with data collection platforms and other third parties
Registration and authentication provided directly by Mokapen
Interaction with live chat platforms
Remarketing and behavioural targeting
Transfer of Data outside the EU
Payment management
Productivity management
Protection from spam and bots
Advertising
Data Controller
Mokapen SRL - Innovative Startup
Via Francesco Arese 12, 20159, Milan (Italy)
Tax ID / VAT No. 12021740969 - R.E.A. 2635193
Data Controller email address: info@mokapen.com
Types of data we collect
Among the Personal Data collected by Mokapen, whether directly or through third parties, are:
Cookie
Usage data
email
first name
last name
profession
country
city
various types of Data
date of birth
phone number
address
company name
username
password
profile picture
website
language
Data communicated while using the service
Calendar permission
Contacts permission
Read-only access
Read metadata
Modify
Compose
payment information
billing address
purchase history
number of Users
session statistics
answers to questions
clicks
keypress events
motion sensor events
mouse movements
relative scroll position
touch events
address
contact details
Full details on each category of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific notices displayed before such Data are collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using Mokapen.
Unless otherwise specified, all Data requested by Mokapen are mandatory. If the User refuses to provide them, Mokapen may be unable to provide the Service. Where Mokapen marks certain Data as optional, Users may choose not to provide such Data without this affecting the availability or operation of the Service.
Users who are unsure which Data are mandatory are encouraged to contact the Data Controller.
Any use of Cookies—or other tracking tools—by Mokapen or by third-party service providers used by Mokapen serves to provide the Service requested by the User, as well as the further purposes described in this document and in the Cookie Policy.
The User is responsible for any third parties' Personal Data obtained, published or shared through Mokapen.
Methods and place of processing of collected data
Methods of processing
The Data Controller implements appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the purposes stated. In addition to the Data Controller, in certain cases Data may be accessed by persons involved in the operation of Mokapen (such as administrative, sales, marketing, legal and system administration staff) or by external parties (such as third-party technical service providers, postal carriers, hosting providers, IT companies and communications agencies) appointed, where necessary, as Processors by the Data Controller. An up-to-date list of Processors may always be obtained from the Data Controller.
Place
Data are processed at the Data Controller's operating premises and in any other place where the parties involved in processing are located. For further information, contact the Data Controller.
The User's Personal Data may be transferred to a country other than the one in which the User is located. For further information on the place of processing, the User may refer to the section on details of the processing of Personal Data.
Retention period
Unless otherwise stated in this document, Personal Data are processed and stored for as long as required for the purpose for which they were collected and may be retained longer where required by law or on the basis of Users' consent.
Purposes of processing of collected data
The User's Data are collected to enable the Data Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), detect any malicious or fraudulent activity, and for the following purposes:
Access to accounts on third-party services
Analytics
Contacting the User
Social features
Managing contacts and sending messages
Tag management
Managing landing pages and invitation pages
Interaction with data collection platforms and other third parties
Interaction with social networks and external platforms
Registration and authentication
Registration and authentication provided directly by Mokapen
Displaying content from external platforms
Platform and hosting services
Interaction with live chat platforms
Heat mapping and session recording
Advertising
Remarketing and behavioural targeting
Transfer of Data outside the EU
Permissions to access Personal Data on the User's device
Payment management
Productivity management
Protection from spam and bots
Facebook permissions requested by Mokapen
Mokapen may request certain Facebook permissions that allow it to perform actions with the User's Facebook account and to collect information, including Personal Data, from it. This service allows Mokapen to connect with the User's account on the Facebook social network, provided by Meta Platforms, Inc. (formerly Facebook Inc.).
For more information on the permissions listed below, see the Facebook permissions documentation and Facebook's privacy policy.
The permissions requested are as follows:
Basic information
The basic information of the User registered on Facebook, which normally includes the following Data: id, name, picture, gender and locale language and, in some cases, Facebook "Friends". If the User has made further Data publicly available, such Data may also be accessible.
Access to private data
Allows access to the User's and their friends' private data.
Details on the processing of personal data
Access to accounts on third-party services
These types of services allow Mokapen to retrieve Data from your accounts on third-party services and to perform actions with them.
These services are not activated automatically; they require the User's express authorisation.
Access to the Google Drive account
Company: Google LLC +1
Place of processing: United States +1
Personal Data processed: various types of Data as specified in the service's privacy policy
This service allows Mokapen to connect with the User's Google Drive account, provided by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of Data.
Personal Data processed:
various types of Data as specified in the service's privacy policy
By registering for the mailing list or newsletter, the User's email address is automatically added to a contact list to which email messages containing information about Mokapen, including of a commercial and promotional nature, may be sent. The User's email address may also be added to this list as a result of registering with Mokapen or after making a purchase.
Personal Data processed:
city
last name
Cookie
email
country
first name
profession
Service provided by:
Mokapen
Contact form
Company: Mokapen
Personal Data processed: city +5
By filling in the contact form with their Data, the User authorises Mokapen to use such information to respond to requests (for example for quotations and any other type of request).
Personal Data processed:
city
last name
email
country
first name
various types of Data
Service provided by:
Mokapen
Social features
Invite and suggest friends
Company: Mokapen
Personal Data processed: various types of Data
Mokapen may use the Personal Data provided to allow Users to invite their friends—for example via the address book, where access has been authorised—and to suggest friends or connections within the service.
Personal Data processed:
various types of Data
Service provided by:
Mokapen
Managing contacts and sending messages
These types of services allow management of a database of email contacts, telephone contacts or contacts of any other type used to communicate with the User.
These services may also collect data relating to the date and time at which the User viewed messages, as well as the User's interaction with them, such as information on clicks on links included in the messages.
MailerLite
Company: UAB "Mailerlite"
Place of processing: Lithuania
Personal Data processed: last name +10
MailerLite is an address management and email sending service provided by UAB "Mailerlite".
Unless otherwise specified, Mokapen processes all payments by credit card, bank transfer or other means through external payment service providers. In general, and unless otherwise indicated, Users should provide payment details and personal information directly to such payment service providers.
Mokapen is not involved in the collection or processing of such information: it will only receive a notification from the relevant payment service provider that payment has been completed.
Stripe
Company: Stripe Inc +2
Place of processing: United States +2
Personal Data processed: last name +6
Stripe is a payment service provided by Stripe Inc, Stripe Technology Europe Ltd or Stripe Payments Ltd, depending on how the Data Controller manages the processing of Data.
Personal Data processed:
last name
purchase history
email
billing address
payment information
first name
various types of Data as specified in the service's privacy policy
These types of services support centralised management of the tags or scripts used on Mokapen.
Use of such services involves the User's Data flowing through them and, where applicable, being retained.
Google Tag Manager
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Usage data
Google Tag Manager is a tag management service provided by Google Ireland Limited.
These types of services help the Data Controller manage tasks, work projects and, in general, productivity-related activities. When this type of service is used, Users' Data will be processed and may be retained, depending on the purposes of the activity in question.
These services may be integrated with a wide range of third-party services referred to in this privacy policy to allow the Data Controller to import or export the Data necessary for the relevant activity.
Gmail
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Usage data +1
Gmail is a service that handles email communications provided by Google Ireland Limited. Such email communications are not analysed by Google for advertising purposes. Furthermore, Google does not collect or use data within this service for advertising purposes in any other way.
These types of services allow building and managing landing pages and invitation pages, i.e. pages presenting a product or service, which may allow users to enter their contact details, such as an email address.
Managing these pages involves processing by these services of the Personal Data collected through such pages, including Usage Data.
MailerLite Landing Pages
Company: UAB "Mailerlite"
Place of processing: Lithuania
Personal Data processed: Cookie +2
MailerLite Landing Pages is a landing page management service provided by UAB "Mailerlite" that allows Mokapen to collect email addresses of Users interested in its service.
Heat mapping services are used to identify areas of Mokapen with which Users interact most frequently, in order to determine which attract the most interest. These services allow traffic data to be monitored and analysed and are used to track the User's behaviour.
Some of these services may record sessions and make them available for later viewing.
Hotjar Heat Maps and Recordings
Company: Hotjar Ltd.
Place of processing: Malta
Personal Data processed: Cookie +2
Hotjar is a heat mapping and session recording service provided by Hotjar Ltd.
Hotjar honours generic "Do Not Track" headers. This means the browser can tell the script not to collect any of the User's data. This setting is available in all major browsers. Further opt-out information for Hotjar is available here.
Personal Data processed:
Cookie
Usage data
various types of Data as specified in the service's privacy policy
These types of services allow interaction with live chat platforms, operated by third parties, directly from Mokapen's pages. This allows the User to contact Mokapen's support service or Mokapen to contact the User while they browse its pages.
Where a live chat interaction service is installed, it may collect Usage Data relating to the pages on which it is installed even if Users do not use the service. In addition, live chat conversations may be recorded.
Facebook Messenger Customer Chat
Company: Meta Platforms, Inc.
Place of processing: United States
Personal Data processed: Cookie +2
Facebook Messenger Customer Chat is a service for interacting with the Messenger live chat platform, provided by Meta Platforms, Inc.
Interaction with data collection platforms and other third parties
These types of services allow Users to interact with data collection platforms or other services directly from Mokapen's pages in order to save and reuse data.
Where one of these services is installed, it may collect Usage Data relating to the pages on which it is installed even if Users do not use the service.
MailerLite Widget
Company: UAB "Mailerlite"
Place of processing: Lithuania
Personal Data processed: various types of Data
The MailerLite widget allows interaction with the MailerLite email address management and messaging service provided by UAB "Mailerlite".
Interaction with social networks and external platforms
These types of services allow interaction with social networks or other external platforms directly from Mokapen's pages.
Interactions and information obtained by Mokapen are in any case subject to the User's privacy settings for each social network.
This type of service may nevertheless collect traffic data for pages where the service is installed, even when Users do not use it.
Users are advised to log out of the relevant services to ensure that data processed on Mokapen is not linked back to the User's profile.
Socialize
Company: Solialize Inc.
Place of processing: United States
Personal Data processed: Cookie +1
Socialize is a service provided by Socialize, Inc. that displays a widget enabling interaction with social networks and external platforms and sharing of Mokapen's content.
Depending on the configuration, this service may display widgets belonging to third parties, for example social network providers on which to share interactions. In that case, the third parties that provide the widget will also learn of the interaction carried out and the Usage Data relating to the pages on which this service is installed.
Permissions for access to Personal Data on the User's device
Mokapen requests that the User grant certain permissions, thereby authorising access to Data on the User's device, on the terms set out below.
Permissions for access to Personal Data on the User's device
Company: Mokapen
Personal Data processed: Calendar permission +1
Mokapen requests that the User grant certain permissions, thereby authorising access to Data on the User's device, as summarised here and on the terms stated in this document.
Personal Data processed:
Calendar permission
Contacts permission
Service provided by:
Mokapen
Google API Services User Data Policy
Notwithstanding any other provision of this Privacy Policy, if you grant the App access to your Google data, the App's use of such data will be subject to these additional restrictions: The app will use the access only to read, write, modify or control Gmail message bodies (including attachments), metadata, headers and settings in order to provide a webmail client that allows users to compose, send, read and process email, and will not transfer this Gmail data to others unless necessary to provide and improve these features, comply with applicable law or as part of a merger, acquisition or sale of assets. The app will not use this Gmail data for serving advertisements. The App will not allow humans to read this data unless we have your affirmative consent for specific messages, it is necessary for security purposes such as investigating abuse, to comply with applicable law or for the App's internal operations, and even then only when the data has been aggregated and anonymised. The App's use of information received from Google APIs and the App's transfer of information to any other app received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements.
Protection from spam and bots
This type of service analyses Mokapen's traffic, which may contain Users' Personal Data, in order to filter it from unwanted traffic, messages and content recognised as SPAM or to protect it from malicious bot activity.
Google reCAPTCHA
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: clicks +8
Google reCAPTCHA is a spam protection service provided by Google Ireland Limited.
Some of the services listed below may use Tracking Tools to identify the User, or use behavioural retargeting, i.e. display personalised advertising based on the User's interests and behaviour, or measure ad performance. For further information, we recommend that you review the privacy notices of the respective services.
Services of this type generally offer the ability to disable such tracking. In addition to any opt-out function provided by any of the services listed in this document, the User can read more about how to disable interest-based advertising in the dedicated section "How to opt out of interest-based advertising" in this document.
Hotjar Form Analysis and Conversion Funnels
Company: Hotjar Ltd.
Place of processing: Malta
Personal Data processed: Usage data +1
Hotjar is an analytics service provided by Hotjar Ltd.
Hotjar honours generic "Do Not Track" headers. This means the browser can tell the script not to collect any of the User's data. This setting is available in all major browsers. Further opt-out information for Hotjar is available here.
Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms, Inc. that links data from the Meta ads network with actions taken within Mokapen. The Meta pixel tracks conversions that may be attributed to ads on Facebook, Instagram and Audience Network.
Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that links data from the Google Ads network with actions taken within Mokapen.
Google Ads enhanced conversions is an advertising service provided by Google Ireland Limited that allows the Data Controller to send hashed first-party conversion data to Google in order to improve conversion measurement.
Google Conversion Linker is an analytics service provided by Google Ireland Limited that links Data from Google's advertising services with actions taken within Mokapen. Depending on the service settings, such Data may also be processed for retargeting purposes.
By registering or authenticating, the User allows Mokapen to identify them and to grant them access to dedicated services.
Depending on what is stated below, registration and authentication services may be provided with the help of third parties. Where this is the case, Mokapen may access some Data stored by the third-party service used for registration or identification.
Some of the services listed below may collect Personal Data for targeting and profiling purposes; for more information, please refer to the description of each service.
LinkedIn OAuth
Company: LinkedIn Corporation
Place of processing: United States
Personal Data processed: Usage data +2
LinkedIn OAuth is a registration and authentication service provided by LinkedIn Corporation and connected to the LinkedIn social network.
Personal Data processed:
Usage data
Tracking tools
various types of Data as specified in the service's privacy policy
Personal Data processed: various types of Data as specified in the service's privacy policy
Google OAuth is a registration and authentication service provided by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of Data, and connected to the Google network.
Personal Data processed:
various types of Data as specified in the service's privacy policy
Gmail permissions for access to User Data (OAuth add-on)
Company: Google LLC +1
Place of processing: United States +1
Personal Data processed: Read-only access +3
To provide its service, Mokapen uses Gmail limited-use purposes that allow access to the User's Data relating to this Google service (as indicated below). This access is provided by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of Data, under strict terms. What this means for such User Data is set out below:
Use of User Data is limited to providing or improving user-facing features. User Data will not be used to serve ads, or for retargeting or personalised or interest-based advertising.
User Data will be transferred to third parties only where necessary to provide or improve user-facing features and where necessary to comply with applicable law or as part of a merger, acquisition or sale of assets, with prior notice to Users.
Data will not be read by humans unless:
the Data Controller has obtained the User's affirmative agreement for specific messages;
it is necessary for security and/or to comply with applicable law; or
use is limited to internal operations and the Data (including derivations thereof) have been aggregated and anonymised.
Registration and authentication provided directly by Mokapen
By registering or authenticating, the User allows Mokapen to identify them and to grant them access to dedicated services. Personal Data are collected and stored solely for registration or identification purposes. Only the Data necessary to provide the service requested by the User are collected.
Direct registration
Company: Mokapen
Personal Data processed: last name +11
The User registers by filling in the registration form and providing their Personal Data directly to Mokapen.
Personal Data processed:
last name
Cookie
Usage data
email
profile picture
address
language
first name
phone number
password
website
username
Service provided by:
Mokapen
Remarketing and behavioural targeting
These types of services allow Mokapen and its partners to communicate, optimise and serve advertising based on the User's past use of Mokapen.
This activity is facilitated by tracking Usage Data and using Tracking Tools to collect information that is then transferred to partners that manage remarketing and behavioural targeting activities.
Some services offer remarketing based on email address lists.
In addition to the opt-out features offered by the services listed below, the User may opt out by visiting the Network Advertising Initiative opt-out page.
Users may also opt out of certain advertising features through the corresponding device settings, such as mobile device advertising settings or generic advertising settings.
Facebook Remarketing
Company: Meta Platforms, Inc.
Place of processing: United States
Personal Data processed: Cookie +1
Facebook Remarketing is a remarketing and behavioural targeting service provided by Meta Platforms, Inc. that links Mokapen's activity with the Meta advertising network.
Meta Custom Audience is a remarketing and behavioural targeting service provided by Meta Platforms, Inc. that links Mokapen's activity with Meta's advertising network.
Users may choose not to have Meta's Tracking Tools used for ad personalisation by visiting this opt-out page.
These services are intended to host and operate key components of Mokapen, making it possible to deliver Mokapen from a single platform. These platforms provide the Data Controller with a wide range of tools such as, for example, analytics tools, user registration management, comment and database management, e-commerce, payment processing, etc. Use of such tools involves the collection and processing of Personal Data.
Some of these services operate through servers located in different geographical areas, which makes it difficult to determine the exact place where Personal Data are stored.
WordPress.com
Company: Automattic Inc.
Place of processing: United States
Personal Data processed: various types of Data as specified in the service's privacy policy
WordPress.com is a platform provided by Automattic Inc. that allows the Data Controller to develop, operate and host Mokapen.
Any disclosed WordPress extension or plugin that processes Personal Data processes such data via WordPress.com, unless otherwise specified.
Personal Data processed:
various types of Data as specified in the service's privacy policy
The services contained in this section enable the Data Controller to monitor and analyse traffic data and are used to track the User's behaviour.
Google Analytics (Universal Analytics)
Company: Google LLC +1
Place of processing: United States +1
Personal Data processed: Cookie +1
Google Analytics (Universal Analytics) is a web analytics service provided by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of Data ("Google"). Google uses the Personal Data collected to track and examine use of Mokapen, to compile reports and share them with other services developed by Google.
Google may use Personal Data to contextualise and personalise ads in its own advertising network.
Google Analytics (Universal Analytics) with anonymised IP
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Cookie +1
Google Analytics (Universal Analytics) is a web analytics service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected to track and examine use of Mokapen, to compile reports and share them with other services developed by Google.
Google may use Personal Data to contextualise and personalise ads in its own advertising network.
This Google Analytics integration anonymises your IP address. Anonymisation works by shortening Users' IP addresses within the territory of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server and shortened in the United States.
Google Analytics is an analytics service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected to track and examine use of Mokapen, to compile reports and share them with other services developed by Google.
Google may use Personal Data to contextualise and personalise ads in its own advertising network.
In Google Analytics 4, IP addresses are used at the time of collection and then discarded before data are logged in any data centre or server. For more information, see Google's official documentation.
Meta Events Manager is an analytics service provided by Meta Platforms Ireland Limited. By integrating the Meta pixel, Meta Events Manager can provide the Data Controller with information on traffic and interactions on Mokapen.
These types of services allow content hosted on external platforms to be viewed directly from Mokapen's pages and to interact with it.
This type of service may nevertheless collect data on web traffic relating to the pages where the service is installed, even when users do not use it.
Google Fonts
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Usage data +1
Google Fonts is a typeface display service operated by Google Ireland Limited that allows Mokapen to integrate such content into its pages.
In addition to any opt-out function provided by any of the services listed in this document, Users
can read more about how to disable interest-based advertising
in the relevant section of the Cookie Policy.
Further information on the processing of personal data
Google Ads - Data management
We do not sell or transfer/disclose Google user data to third parties for purposes other than providing and improving the features requested by the user, complying with legal obligations or corporate transactions with appropriate safeguards and notice.
Address book access
Mokapen may request access to your address book.
Analysis of User Data and predictions ("profiling")
The Data Controller may process usage data collected through Mokapen to create or update user profiles. This type of processing allows the Data Controller to assess the User's choices, preferences and behaviour for the purposes specified in the respective sections of this document.
User profiles may also be created using automated tools, such as algorithms, which may also be provided by third parties. For further information on profiling, the User may refer to the respective sections of this document.
The User may at any time object to such profiling. To learn more about the User's rights and how to exercise them, the User may refer to the section of this document on Users' rights.
Personal Data collected from sources other than the User
The Data Controller of Mokapen may have lawfully collected Personal Data relating to the User without their involvement, drawing on sources provided by third parties, in accordance with the legal bases described in the section on legal bases of processing.
Where the Data Controller has collected Personal Data in this way, the User may find specific information about the sources in the respective sections of this document or by contacting the Data Controller.
The Service is not directed at children under 13
Users declare that they are of legal age under the law applicable to them. Minors may use Mokapen only with the assistance of a parent or guardian. In no case may children under 13 use Mokapen.
Push notifications
Mokapen may send push notifications to the User to achieve the purposes described in this privacy policy.
In most cases, Users can choose not to receive push notifications by checking their device settings, such as mobile phone notification settings, and then changing those settings for Mokapen, for some or all apps on the device in question.
Users should be aware that disabling push notifications may negatively affect use of Mokapen.
Push notifications for direct marketing
Mokapen may send push notifications to the User for direct marketing purposes (to offer services and products provided by third parties or not related to the service or product provided by Mokapen).
In most cases, Users can choose not to receive push notifications by checking their device settings, such as mobile phone notification settings, and then changing those settings for Mokapen, or for all apps on the device in question.
Users should be aware that disabling push notifications may negatively affect use of Mokapen.
In addition to applicable device settings, the User may also rely on the rights described in the relevant section of this privacy policy.
Automated decision-making
Automated decision-making occurs when a decision that may produce legal effects concerning the User or similarly significantly affects them is taken solely by technological means without human involvement.
Within the purposes described in this document, Mokapen may use the User's Personal Data to make decisions based wholly or partly on automated processes.
Mokapen uses automated decision-making to the extent necessary to conclude or perform a contract between the User and the Data Controller or, where required by law, subject to the User's prior consent.
Automated decisions rely on technological tools provided by the Data Controller or third parties and are generally based on algorithms that apply predefined criteria.
The logic underlying automated decision-making is intended to:
enable or improve the decision-making process;
ensure fair and impartial treatment of Users;
reduce potential harm from human error, personal bias or similar circumstances that could lead to discrimination or imbalance in the treatment of individuals;
reduce the risk of the User failing to meet contractual obligations.
For further information on purposes, any third-party services and the specific logic of automated decision-making processes used by Mokapen, the User may refer to the respective sections of this document.
Effects of automated decision-making and rights of Users subject to it
Users subject to this type of processing may exercise specific rights aimed at preventing or limiting the potential effects of automated decision-making.
In particular, Users have the right to:
receive an explanation of any decision taken as a result of automated decision-making and express an opinion on it;
challenge the decision by asking the Data Controller to reconsider it or to take a new decision on a different basis;
request and obtain human intervention in the processing from the Data Controller.
For further information on Users' rights and how to exercise them, the User may refer to the section of this document on Users' rights.
Online sale of goods and services
The Personal Data collected are used to provide services to the User or to sell products, including payment and any delivery.
Personal Data collected to complete payment may include those relating to the credit card, the bank account used for the transfer or other payment instruments provided. Payment Data collected by Mokapen depend on the payment system used.
Cookie Policy
Mokapen uses Tracking Tools. For more information, Users may consult the Cookie Policy.
Further information for users in the European Union
Legal basis of processing
The Data Controller processes Personal Data relating to the User if one of the following applies:
the User has given consent for one or more specific purposes;
processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;
processing is necessary to comply with a legal obligation to which the Data Controller is subject;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
In any case, the User may always ask the Data Controller to clarify the concrete legal basis of each processing and in particular whether processing is based on the law, required by a contract or necessary to enter into a contract.
Further information on retention period
Unless otherwise stated in this document, Personal Data are processed and stored for as long as required for the purpose for which they were collected and may be retained longer due to legal obligations or on the basis of Users' consent.
Therefore:
Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until such contract has been fully performed.
Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
Where processing is based on the User's consent, the Data Controller may retain Personal Data longer until such consent is withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period to comply with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Accordingly, the right of access, erasure, rectification and the right to data portability can no longer be exercised after that period.
User rights under the General Data Protection Regulation (GDPR)
Users may exercise certain rights regarding Data processed by the Data Controller.
In particular, to the extent permitted by law, the User has the right to:
withdraw consent at any time. The User may withdraw previously given consent to the processing of their Personal Data.
object to processing of their Data. The User may object to the processing of their Data when it is carried out on a legal basis other than consent.
access their Data. The User has the right to obtain information on Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
verify and seek rectification. The User may verify the accuracy of their Data and request that it be updated or corrected.
obtain restriction of processing. The User may request restriction of processing of their Data. In this case the Data Controller will not process the Data for any purpose other than storage.
obtain erasure or removal of their Personal Data. The User may request erasure of their Data by the Data Controller.
receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted without hindrance to another controller.
lodge a complaint. The User may lodge a complaint with the competent supervisory authority for personal data protection or bring proceedings before the courts.
Users have the right to be informed about the legal basis for transfers of Data abroad including to any international organisation governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Data Controller to protect their Data.
Details on the right to object
Where Personal Data are processed in the public interest, in the exercise of official authority vested in the Data Controller or for the purposes of the legitimate interests pursued by the Data Controller, Users have the right to object to processing on grounds relating to their particular situation.
Users are informed that, where their Data are processed for direct marketing purposes, they may object to processing at any time, free of charge and without providing any reason. Where Users object to processing for direct marketing purposes, Personal Data will no longer be processed for such purposes. To find out whether the Data Controller processes Data for direct marketing purposes, Users may refer to the respective sections of this document.
How to exercise rights
Any requests to exercise User rights may be addressed to the Data Controller using the contact details provided in this document. The request is free of charge and the Data Controller will respond as soon as possible, in any event within one month, providing the User with all information required by law. Any rectification, erasure or restriction of processing will be communicated by the Data Controller to each recipient, if any, to whom Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller will inform the User of those recipients if the User so requests.
Transfer of personal data outside the European Union
Transfer to third countries on the basis of standard contractual clauses
If this is the basis for the transfer of Data, the transfer of Personal Data from the EU to third countries is carried out on the basis of standard contractual clauses for the protection of Personal Data adopted by the European Commission.
In such cases, recipients of Data have agreed to process Personal Data in accordance with the levels of protection provided for by EU law. Users may request further information by contacting the Data Controller at the details set out in this document.
Further information on processing
Legal defence
The User's Personal Data may be used by the Data Controller in court or in stages preparatory to possible legal proceedings for the defence against abuse in the use of Mokapen or related Services by the User.
The User acknowledges that the Data Controller may be required to disclose Data by order of public authorities.
Specific notices
Upon the User's request, in addition to the information contained in this privacy policy, Mokapen may provide the User with additional and contextual notices regarding specific Services, or the collection and processing of Personal Data.
System logs and maintenance
For operation and maintenance needs, Mokapen and any third-party services it uses may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User's IP address.
Information not contained in this policy
Further information relating to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, where possible, on Mokapen as well as, where technically and legally feasible, by sending a notice to Users through any contact details held. Users should therefore consult this page frequently, referring to the last modified date at the bottom.
Where changes concern processing whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.
Definitions and legal references
Personal Data (or Data)
Personal data means any information that, directly or indirectly, including in connection with any other information, including a personal identification number, identifies or makes identifiable a natural person.
Usage Data
Information collected automatically through Mokapen (including from third-party applications integrated into Mokapen), including: the IP addresses or domain names of the computers used by the User who connects with Mokapen, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server's response (success, error, etc.), the country of origin, the features of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and details of the path followed within the Application, with particular reference to the sequence of pages viewed, parameters relating to the operating system and the User's IT environment.
User
The individual using Mokapen who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refer.
Processor (or Data Processor)
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller, as described in this privacy policy.
Data Controller (or Controller)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of Mokapen. Unless otherwise specified, the Data Controller is the owner of Mokapen.
Mokapen (or this Application)
The hardware or software means by which Users' Personal Data are collected and processed.
Service
The service provided by Mokapen as defined in the relevant terms (if any) on this site/application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union contained in this document is deemed to extend to all current member states of the European Union and the European Economic Area.
Cookie
Cookies are Tracking Tools consisting of small pieces of data stored in the User's browser.
Tracking Tool
By Tracking Tool is meant any technology—e.g. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting—that allows Users to be tracked, for example by collecting or storing information on the User's device.
Read-only access
Read all resources and their metadata—no write operations.
Read metadata
Read metadata of resources, including labels, history records and email message headers, but not the message body or attachments.
Modify
All read/write operations except the immediate and permanent deletion of conversations and messages, bypassing Trash.
Compose
Create, read, update and delete drafts. Send messages and drafts.
Legal references
Unless otherwise specified, this policy applies exclusively to Mokapen.
