DATA PROCESSING AGREEMENT
INNO PLACE srl Sonora⁺

Thank you for using the services of Inno Place s.r.l.

This Data Processing Agreement (“DPA” or Priovacy Policy) specifies, in accordance with the law and for the purpose of an informed interaction between Inno Place srl and the User, the type, method and purpose of the processing of personal data, as well as the User’s rights with specific reference to the personal data provided for the purpose of using the Services offered.

This DPA applies to all services provided by Inno Place s.r.l. (including, but not limited to, our online music learning app Sonora⁺, websites such as inno.place and sonora.plus and services related to and/or connected to other interfaces related to these services).

This information is subject to periodic revisions made necessary by the evolution of legislation and/or new practices in this field. Please check regularly this agreement to be sure to be updated on the DPA terms and conditions.

On inno.place and sonora.plus, the current and updated version of the Policy will always be available.

If the changes to the Policy are substantial, the User will be informed of the changes by posting a notice on the Services or by other proper means adequate to achieve the information purpose.

Your use of the Services after the effective date of the changes constitutes your agreement and acknowledgement of the new Privacy Policy.

The communication of Data by the User is not mandatory.

If the User fails to provide certain data, Inno Place s.r.l. may not be able to provide the Services or certain parts or functions of the Services.

Inno Place s.r.l. does not intend to collect, process or store any Data belonging to special categories, such as Data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, genetic, biometric or health information, or Data concerning a person’s sex life or sexual orientation.

Inno Place s.r.l. uses appropriate technical and organisation measures, designed and continuously developed to protect User Data.

These measures are designed to provide a level of security appropriate to the risk associated with and related to the availability of personal information and consist, without limitation, of controls to restrict access to services or systems that contain personal data, pseudonymisation, database protection through firewalls, passwords and other appropriate technical measures.

For all matters not expressly provided for and governed by this Policy, the rules dictated by the GDPR – Regulation (EU) 2016/679 shall apply.

If you have any questions about this Privacy Policy, the privacy policies of Inno Place s.r.l. or for the purposes of exercising your rights to privacy, please contact us by email: privacy@inno.place.

DEFINITIONS

Personal Data (or Data): personal data is any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data: the information collected automatically through this Application (including by third party applications integrated in this Application), including: IP addresses or domain names of the computers used by the User who connects with this Application, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the date and time of the request, the date and time of the response, the date and time of the request. ), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User’s IT environment.

User: the individual who uses the Inno Place s.r.l. Services and who, unless otherwise specified, is the same as the Data Subject.

Data Subject: the natural person to whom the Personal Data refers.

Data Processor (or Data Processor): the natural person, legal entity, public administration and any other entity that processes Personal Data on behalf of the Controller, as set out in this privacy policy.

Data Controller (or Data Processor): the natural or legal person, public authority, Service or other body that, individually or jointly with others, determines the purposes and means of the processing of Personal Data and the instruments adopted, including the security measures relating to the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

Application: the hardware or software tool through which the Users’ Personal Data are collected and processed.

Service: the Service provided by the Application as defined in the contractual terms.

Tracking Tool: any technology – e.g. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting – that allows Users to be tracked, for example by collecting or storing information on the User’s device.

1. DATA CONTROLLER

For the activities described in this DPA, the data protection officer (or “Controller”) (i.e. the entity that determines the methods and reasons for the processing of Personal Data) is

Inno Place srl with registered office in Via San Secondo 42 10128 Turin Italy, in person of Mr. Strocco Domenico

The management of the services offered by Inno Place s.r.l. may involve the sharing of some of the Data provided by the User with partners, who may be independent data controllers, with specific and autonomous privacy policies, as explained below.

2. TYPES OF DATA COLLECTED

Personal data provided by the User in order to use the Services:

– Contact information, such as name, email address or other contact information, if you have provided it to us (for example, if you create an account on our Services or subscribe to our communication)

– User name and password (when you create an account on our Services)

– Profile Information (such as, but not limited to, your profile picture)

– Payment Information for processing the billing of subscriptions to the Services and other purchases made

– Your school name and contact details if you sign up to our Service as a Teacher User to ensure it is a genuine place of education

– Your messages to the Services (e.g. if you are in contact with us or our support agents to resolve problems on the Services, post messages to our forums or support)

– Your comments, feedback or other information you provide, if you participate in our surveys or other research

– Cookies

– Other Data you choose to provide to us through our Services or otherwise

Personal Data obtained from our partners

– If you choose to connect a third party account (e.g., a Facebook account) with our Services, we receive information from the provider through the third party (e.g., if you choose to sign up for our Service with Facebook login, we receive from Facebook your name, email address or other identifier to enable cross-device connection, profile picture and friend information to connect you with your friends who already use our Services).  In any event, when you connect through a Third Party, the Third Party must inform you, in accordance with its privacy policy, of what data will be shared. You will be able to verify the data shared, through the third party provider with which you have connected to our Services.

– Data from the platforms on which the applications run (e.g. To verify payments)

– We also receive personal information from our advertising and analytics partners, such as information about your interactions with our ads outside of our Services (e.g., on third-party websites), including information about how you were directed to our Services.

– If you make purchases in-app or through our Services, we receive Transaction Data from the third party payment service providers involved in those transactions to validate purchases;

Data acquired automatically as a result of your use of the Services:

– Information about your use of the Services, such as Data about your use of our Services (e.g., Progress, tracks played, levels, session duration, visits to our websites) and your interactions in the Services (such as Data or purchases made by you, original creation or UGC, or content you choose to share), as well as logs of crashes and other information related to bugs, errors, and other issues in our Services;

– Your IP address to bring our product and Services to your device, but also to get an idea of your location or otherwise the location of the User through IP Geolocation Data (at the city, state or country level) so that we can manage the content available on the Service in your territory or to show you prices in your currency and also to analyse our Service and its usage.

– Device identifiers (such as device ID, advertising ID, IMEI), identifiers we assign to your account, other technical information about the device you use for our Services (such as device type, operating system, language or browser type and version)

– Cookies and other similar technologies (such as software development kits, SDKs) that we use may collect some Data automatically. You can find more details about our use of cookies at the end of this document in the “Cookies” section.

– We may also generate and assign a User ID when you access or use our Services.

3. METHODS OF DATA PROCESSING

LEGAL BASIS FOR PROCESSING

The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

– the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be allowed to process Personal Data without the User’s consent or any of the other legal bases specified below, until the User objects (“opts-out”) to such processing. However, this does not apply where the processing of Personal Data is governed by European legislation on the protection of Personal Data;

– processing is necessary for the performance of a contract with the User and/or the performance of pre-contractual measures;

– the processing is necessary for the performance of a legal obligation to which the Controller is subject;

– processing is necessary for the performance of a task carried out in the public interest or in the exercise of public powers vested in the Controller;

– the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.

However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, provided for by a contract or necessary to conclude a contract.

LOCATION

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located, including through servers located in international territories.

The Services are global in nature and, therefore, the Data may be transferred and processed in countries outside the European Union (“EU”) and the European Economic Area (“EEA”), as some of the branches and servers used to host the Services may be located in the United States or other territories and as some partners for the provision of the Services may be located outside the EU.

Inno Place s.r.l. takes every measure to ensure that adequate safeguards are in place to protect your Personal Data (such as, but not limited to, standard contractual clauses approved by the EU Commission or other legal safeguards in place).

For more details about our international advertising and social media partners, please contact us or see the terms of the providers through which you are logged in.

The User is entitled to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or formed by two or more countries, such as the UN, as well as about the security measures taken by the Data Controller to protect the Data.

The User may at any time request information from the Data Controller by contacting it at the contact details given at the beginning of this paragraph and at the addresses indicated on the Inno Place s.r.l. websites.

PERIOD OF STORAGE

The Data are processed and stored for the time required by the purposes for which they were collected.

Therefore:

– Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of that contract is completed.

– Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information on the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller at the contact details given at the beginning of this document.

– When the processing is based on the User’s consent, the Data Controller may keep the Personal Data longer until such consent is revoked. In addition, the Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an Authority.

At the end of the retention period the Personal Data will be deleted.

Therefore, at the end of this period, the right of access, cancellation, rectification, and the right to Data portability can no longer be exercised.

PURPOSE OF PROCESSING

The User’s Data are collected to allow Inno Place s.r.l. to provide the Service, fulfil legal obligations, respond to requests or enforcement actions, protect its own rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the purposes of interaction with social networks and external platforms, statistics, User contact and tag management.

Specifically, User Data may be processed in order to:

operate the Services

For the purposes of carrying out the relationship and providing the Services, Inno Place s.r.l. processes and treats the Data required to

– configure and manage your user account in the Services

– provide and enable the User to use the Services

– manage the Services

– process transactions and verify and confirm payments

– send communications related to the Service (e.g. confirmations, administrative messages, technical notices)

make the Services more suitable to your needs.

In order to provide Services that correspond as closely as possible to the expectations of the User and in order to provide the best possible experience for the User, Inno Place s.r.l. processes and treats the Data necessary to

– analyse, develop and improve the Services and the User’s experience

– customise the content of the Services

– manage the relationship with users

– provide social functions related to the Services (for example, rankings, trends or other)

– Provide technical and administrative support to Users

– analyse the use of our Services in order to personalise your experience

– Send you updates, notices, news, notifications and other information related to the Services or other related and/or connected initiatives.

– troubleshoot or debug any errors or other problems with the Services

– aggregate individual Data collected in an anonymous and non-identifiable manner

– Conduct surveys or other research on the content of the Services.

promote the Services

In order to promote the Services and to identify relevant interest, Inno Place s.r.l. processes and treats Data necessary to

– send communications about events or other news related to the Services

– communicate offers on the Services or other websites or by email

– track installations of our applications (including the source of each installation)

– serve, target, provide, measure and improve our advertising and Services (including our advertising outside of our Services)

– require our advertising partners to display personalized advertisements outside of our Services.

For information on how to opt-out of personalized advertisements, see the “Your Rights” section below.

Keep the Services fair and secure.

In order to ensure acceptable, safe and fair use of the Services and to safeguard the proper functioning of the system, Inno Place s.r.l. processes and treats Data necessary to:

– monitor that the use of the Services is acceptable and to prevent unlawful, improper activities contrary to the content of the agreement from being carried out within or by means of the use of the Services and, if necessary, take any action to obtain the cessation of the unlawful/non-compliant activity and to protect the resulting rights of Inno Place s.r.l. and/or third parties;

– monitor and control operations or processes

Interacting with social networks and external platforms

In order to ensure that the Services can be used to the fullest extent possible, Inno Place s.r.l. allows two-way interaction with the main social networks or other external platforms via its application and website. For this purpose, Inno Place s.r.l. processes and treats the Data necessary to:

– enable interactions and monitor the information acquired from each social network/external platform referred to the User and in respect of which the User has authorised interaction.

Interactions and information acquired are in any case subject to the User’s privacy settings for each social network/external platform used, to which reference should be made.

EXTERNAL PARTIES

In order to ensure the functionality and usability of the Services, Inno Place s.r.l. may share, for the purposes described above, Data with certain recipients outside its organisation, and specifically with

Other users: through the social or geolocation functionality of the Services, other users may come in contact with certain Data such as, but not limited to, Profile Data and geolocation, the instrument played, other activities performed on the Services, the content of comments or profile features posted on their public or private account.

Inno Place s.r.l. companies: Companies or other legal or virtual entities that are part of the Inno Place s.r.l. group and with which Inno Place s.r.l. has relationships for the development or operation of the Services.

Partner companies: companies or other legal entities external to the Inno Place s.r.l. group that are authorised to process Personal Data in the name of, on behalf of and in accordance with the instructions and under the control of Inno Place s.r.l., such as, for example, hosting service providers, payment processors and processors of administrative and tax-related activities, banks and financial institutions, providers of analysis services for the purpose of monitoring and improving the Services, providers of user support services, server operators, etc.

Advertising and social media partners: companies or other legal entities outside the Inno Place s.r.l. group that use advertising identifiers (such as, for example, cookies, APIs and/or SDKs) as part of the Services in order to collect and analyse Data and information relating to the User and the device, such as, for example, advertising partners or partners that provide social media tools that enable the sharing of content from our Services in accordance with their own specific privacy policies that can be found on their respective websites.

Public authorities and other entities: law enforcement agencies, purchasers (potential or actual) in connection with any business acquisition, corporate restructuring or other extraordinary corporate transactions, any person or entity (public or private) to whom disclosure of Data is necessary to combat fraud or illegal activities, or to exercise or defend rights or protect vital interests.

TRACKING TOOLS – COOKIES

In order to offer a personalised Service and to perform analyses or promote activities through targeted advertisements, the Services, also in the context of interactions with external subjects, may involve the use of technologies – e.g. cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting – that allow tracking Users also by collecting or saving information on the User’s device.

Some of the tracking tools used in the Service are “first party” cookies, i.e. from the site itself, and others are third party (partner) cookies belonging to advertising, analytics or social networking entities.

Some of the purposes for which Tracking Tools are used may also require the User’s consent. If consent is given, it can be freely revoked at any time. If consent has been granted through third-party services, it must be revoked through these services.

To this end, specifying that such an operation may lead to the malfunctioning of some parts of the Service, the User may change the settings of his browser to disable cookies or to delete cookies that have been saved in the browser, according to the instructions available at the following addresses (with reference to the most popular browsers):

– Google Chrome

– Mozilla Firefox

– Apple Safari

– Microsoft Internet Explorer

– Microsoft Edge

– Brave

– Opera

For the same purpose, Users may manage certain Tracking Tools for mobile applications by deactivating them through the appropriate settings of the device in use, such as the mobile advertising settings or the settings related to tracking in general, by consulting the specific manuals related to the device in use. A similar operation on the device/browser settings can be carried out in order to limit interest-based advertising, by using for Android or iOS devices the “Limit ad tracking” (Apple iOS) or “Disable interest-based ads” (Android) functions in the settings and, for access to the Services via the web, by modifying the browser settings in order to limit certain tracking by cookies. (Apple iOS) or “Disable interest-based ads” (Android) in the settings and, as regards access to the Services via the web, by adjusting the browser settings to limit certain tracking by cookies.

For further information, please visit www.youradchoices.com and/or www.networkadvertising.org.

Inno Place s.r.l. may make use of partners and third parties to provide parts of the Services and the User accepts their involvement by accepting the conditions set out in this information notice.

The list of third parties engaged to provide services can be consulted at the following web address: XXXinno.placeXXX.

If Inno Place s.r.l. intends to engage new suppliers or partners or third parties useful for the operation and performance of the Services, the list of these can be updated at any time and can be consulted at the above web address.

If Inno Place s.r.l. engages partners or third parties to provide the services, these shall be selected in accordance with Art. 44 of the GDPR.

4. USER RIGHTS

The User, with reference to the Data processed by the Controller, may exercise specific rights, and, in particular, the User has the right to

– revoke consent at any time. The User may at any time revoke the consent to the processing of his or her Personal Data previously expressed, even though this may result in the loss of the functionality and usability of the Services.

– oppose the processing of their Data. You may object to the processing of your Data when it is done on a legal basis other than consent. When Personal Data are processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.

Where the Data are processed for direct marketing purposes, the User may object to the processing without providing any reasons.

– Access to their Data. The User has the right to obtain information on the Data processed by the Controller, on the specific aspects and methods of processing and to receive a copy of the Data processed.

– verify and request rectification. The User may verify the correctness of its Data and request its update or correction.

– obtain the limitation of the processing. When certain conditions are met, the User may request the limitation of the processing of its Data. In this case, the Data Controller will not process the Data for any purpose other than to preserve them.

– obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User may request the deletion of its Data by the Data Controller. If the User chooses to delete his/her profile, such choice will result in the deletion of all Personal Data that has been collected through the application, thereby also anonymizing all Analysis Data based on such Personal Data, unless, for a legitimate reason, there is a legal right or obligation to retain all or some of such Personal Data.

– receive your Data or have it transferred to another data controller. The User has the right to receive his or her Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures related thereto.

– Propose a complaint. The User may lodge a complaint with the competent Data protection supervisory authority or take legal action.

The rights of the User (revocation, objection, access, verification, rectification, restriction, cancellation, transfer) may be exercised by accessing the settings of the application in the “privacy” menu or on the page of your User profile, or via the email address privacy@inno.place.

In the Sonora Application, Your preferences on the use of Personal Data and marketing communications (push and email) can be changed in the privacy tab in the Sonora Application settings or by following the relevant instructions.

5. ADDITIONAL CCPA NOTICE FOR USERS RESIDING IN CALIFORNIA(U.S.A.)

The California Consumer Privacy Act of 2018, as amended (” CCPA “), establishes specific rights to control personal information and requires companies to provide specific disclosures about how personal information is collected, used, and shared.

This California Resident Supplemental Privacy Policy applies only to individual Users who are residents of the State of California and use our Services and provides the information required by the CCPA, as well as a list of rights under the CCPA.

This Privacy Policy supplements (and replaces only where inconsistent with) the information contained in the Privacy Policy above, which provides more complete information about the legal basis, purpose, and actual manner in which Personal Data is processed.

COLLECTION AND USE OF PERSONAL DATA

Personal Information” means information that identifies, relates to, describes, refers to, is reasonably capable of being associated with, or could reasonably be linked to, you and your family, directly or indirectly.

Through the use of the Services, the following categories of Data may have been collected in the last 12 months of use by the following methods (sources):

Typer of Personal information Sources
Identifiers, such as aliases, IP address, e-mail address, device ID or other identifiers that may have been assigned or associated with your account – Directly by the User (including automatically as a result of interaction with the Services);

– Through advertising partners, through interaction with ads external to the Services;

– Through Third-Party Account Providers, in the case of linking a Third-Party Account to the Services;

– Through third-party payment service providers, in the event you purchase Services

Categories of personal information listed in California customer records statute (Cal. Civ. Code § 1798.80(e)), such as name – Directly by you (including automatically as a result of your interaction with the Services);

– Through third party account providers, if you link a third party account to the Services and authorize them to share your name

Commercial information, such as information on purchases made – Directly by the User (including automatically as a result of interaction with the Services);

– Through third party payment service providers, in the case of purchase of the Services.

Information about Internet or other electronic network activity, such as information about your interaction with the Services, including your progress in the app and your interactions with external advertisements with respect to the Services – Directly by the User (including automatically as a result of interaction with the Services);

– Through advertising partners, through interaction with ads external to the Services

– Through service providers

Geolocation data, such as general location determined by IP address, – Directly by the User (including automatically as a result of interaction with the Services);

– Through service providers

Financial Information

Payment processing systems provided by third parties (partners) are used to process payment transactions related to the Services. These systems have access to the data on the means of payment used (e.g. credit card). Inno Place s.r.l. may only be permitted access to partial payment data for the sole purpose of resolving problems with purchases.

– Directly by the User (including automatically as a result of interaction with the Services);

– Through service providers

Information acquired in the above manner may be used for the following business purposes in accordance with the provisions of the CCPA:

– auditing an interaction with you and competing transactions

– detecting security incidents, protecting against malicious, deceptive, fraudolent or illegal activities, and potentially prosecuting those responsible for such activities

– debugging to identify and repair errors in our Services

– short-term transient uses

– performing our Services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, and advertising and marketing,

– internal research for technological development.

– activities to verify or maintain the security quality of our Services, improve, update, enhance our Services, and activities to verify and maintain the quality of our Services.

SHARING AND AVAILABILITY OF PERSONAL DATA

Please refer to the content of the “EXTERNAL PARTIES” section of the Privacy Policy, noting that we restrict access to your personal information to the following categories of entities:

– Inno Place s.r.l. group companies.

– Customer support platforms

– Providers of hosting services

– Payment processors

– Analysis partners

– Third party account providers

– Social Media Services

– Advertising partners

ONLINE ADVERTISING

Some third-party advertising partners are permitted to collect the categories of personal information identified above for online advertising purposes.

These third-party companies collect personal information directly from a device or browser via cookies or similar tracking technologies when you visit or interact with the Services through websites or apps, or when you otherwise interact with the Services.

Personal information may be used to serve relevant ads outside of the Services, to deliver personalized advertising based on your interests and behaviors, and to perform other Services related to online advertising, such as analytics, reporting, and tracking the source of ad placements displayed outside of the Services.

Personal information collected will be used for our own purposes and in accordance with our partners’ privacy policies.

Because this disclosure of information may be construed as a “sale” within the meaning and effect of the CCPA, you may opt out of the disclosure of personal information to advertising partners.

USER RIGHTS

The CCPA grants California residents various rights over their personal information.

The Data Controller is required to verify the identity of the individual claiming to exercise these rights with respect to personal information and the ownership of the right. For these purposes, the Data Controller reserves the right to request any information useful and necessary to proceed with the identification of the applicant and the ownership of the right, as well as the right, in certain circumstances and in particular when there are doubts about identity/ownership, to reject the request to exercise a specific right.

For anything not expressly provided for in this section, the rules contained in the “USER RIGHTS” section of the above-mentioned Privacy Policy shall apply.

The User’s rights may be exercised in the manner specified in the “USER RIGHTS” section of the above-mentioned Privacy Policy.

Right to know

You have the right to request and be informed about the categories of personal information collected in the last 12 months and the sources of the collection, the purposes for which the personal information was collected and the identity of any third parties with whom such personal information was shared.

You have the right to request a copy of the specific personal information collected.

Right to request deletion

You have the right to request the deletion of the personal information collected.

Right to opt out

The User has the right to opt out of the sale of personal information for the purposes set out in the “ON-LINE ADVERTISING” section above.

Right to non-discrimination

The User has the right not to receive discriminatory treatment for the exercise of any of the rights described above.

OBLIGATION TO NOTIFY DATA BREACH

Should Inno Place s.r.l.  become aware of or become aware of a breach of the conditions of this privacy statement, of the laws on the protection of privacy or of the User’s instructions and requests, Inno Place s.r.l. will endeavour to notify the User by private or public communication.