Version of 21 February 2023

Privacy policy

This Privacy Policy is intended to describe why and how Mangrovia Blockchain Solutions S.r.l. of Corso Venezia 54, 20121 Milan, Italy, VAT 10301800966 (“MBS”, “Company” or “Data Controller”), collects and processes the personal data relating to the user (“User”) who interacts with the website and application available at Datome.
The usage of Datome and the other services provided by MBS are here collectively defined “Services”.

Datome is a proprietary application, set of APIs and back-end technology, owned by MBS, that allows software developers to benefit from blockchain technologies to track processes within a business organization.

Datome Users are usually employees or collaborators of a company (“Client”) that either started a free trial period for Datome or purchased the Services from MBS. The Users are authorized by the Client to access and to use Datome and the Client has informed the Users in relation to the Datome’s purposes for the Client’s goals.

The information contained in this Privacy Policy is provided pursuant to art. 13 of the EU Regulation of 27 April 2016 n. 679 (“Regulations”), under the applicable provisions of the law, for the protection of personal data as per the Guidelines set out by the European authorities.

The information related to the processing of data concerns only the User activity on Datome and does not extend to the processing operations performed by third parties of other sites the User may visit via links. With respect to these further processing operations, the Company assumes no responsibility and the User must refer to the individual Privacy Policy of third-party websites.

1. Owner and place of processing
The data controller is the Company. Personal data collected and processed by the Data Controller through Datome will be stored and retained in our servers in Germany, Finland and Ireland.

2. Responsible for the protection of personal data (Data Protection Officer)
The Data Protection Officer (“Data Protection Officer” or “DPO”), designated in accordance with the provisions of the Regulations, can be contacted at the following address:

3. Methods of data processing
The Company processes User’s data by adopting all appropriate security measures to prevent unauthorized access and the disclosure, modification or destruction of unauthorized data. The processing is carried out with both manual and computerized tools and is strictly limited to the purposes indicated.

4. Purposes and legal basis of data processing
The Company, through Datome, processes the User’s data for the following purposes:

- Manage the User registration in Datome and its usage, manage the information provided by the User or collected by the application in order to execute the services required by the Client.

- Inform the User about actions that shall be taken via Datome or that were taken already and provide support to the User as well as inform the User about new features.

- The legal basis of these data processing is the execution of service required by the Client and, in particular, the need to allow Users to use Datome.

- Perform aggregated and individual statistical analysis on the usage of Datome. The legal basis of the data processing is the legitimate interest of the Company to maintain and develop its technologies.

- Comply with all legal obligations to which the Company is subject, that are also the legal basis for the relevant data processing.

5. Categories of data processed
The Company acquires and processes the following information:

- name and surname;
- email address;
- usage data of the Datome app.

The above mentioned information are necessary to perform Datome functionalities and to carry out the services required by the Client. Lacking the personal data processed, it will be not possible to ensure the operation of Datome itself.

6. Communication of data to third parties
The data provided by the User as well as those collected by Datome may be communicated for the purposes and methods described in this Privacy Policy, to the following third parties:

- the Client;

- companies, collaborators, consultants or freelancers used by the Company to perform technical or organizational tasks (such as IT service providers), or with which the Company collaborates , for the purpose of providing its services or carrying out communication activities;

- persons, companies or professional firms that provide assistance and advice to the Company, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;

- subjects whose right to access data is recognized by legal provisions or by authorities’ orders.

The subjects belonging to the above categories will use the data as independent data controllers in accordance with the law or data processors duly appointed by the Company.

These subjects may be established in EU and non-EU countries. In particular, if said subjects are established in non-EU countries, the Company adopts the measures outlined by the Regulations to legitimize the transfer of personal data to them.

7. Data retention
The data is processed only for the time necessary to carry out the activities indicated in paragraph 4 above.

In particular, the Company will delete the personal data of the User who has requested it be deleted by writing to unless the personal data shall be necessary to defend or protect rights or interest of the Company or third parties. In the absence, the Company shall delete the data of Users after 24 months of inactivity. The information collected shall be used by the Company in anonymous way to improve the app functions, the relevant methodologies and to develop its maintenance.

8. Rights of the User and contacts
The User may exercise where applicable, in the cases expressly set out by law, the rights outlined by the Regulations. In particular, the User has the right to:

- request confirmation that the Data is being processed and, in this case, ask the Data Controller to access the information related to the processing;

- request the correction of inaccurate or incomplete Data;

- ask the Data Controller to delete the Data;

- request the limitation of processing;

- request to receive, in readable format, the data concerning him/her or to directly transmit the data to another holder, where technically feasible (“data portability”).

The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him or her.These rights can be exercised directly by sending a request to the following email address:

Finally, if the user believes that the processing of their data violates the legislation on the protection of personal data, they have the right to lodge a complaint with the Authority for the protection of personal data.

9. Changes to the Privacy Policy
The Company reserves the right to make changes to this Privacy Policy at any time, by giving notice of it by publishing it on its website

If the changes are particularly significant and / or impact the User’s rights, the Company may communicate them to the User through a different method (for example by sending an email).