For us at MUV, our users’ privacy is a top priority. Your security is at the heart of the way we design the services and challenges you appreciate so that you can fully trust us and enjoy your gaming experience.
We value the trust you place in us when you provide us with your personal information, and we are well aware that this is not something to be taken lightly.
That’s why we strive to be transparent regarding the way we treat your data. Since we use many of the same online services as you, we know that privacy policies are often characterized by fragmentary information or unnecessarily complicated language.
Enjoy your reading,
The MUV legal team
Thank you for taking the time to read it.
We really appreciate your trust in us and we intend to keep that belief intact over time. This means making sure that you understand the information we collect, why we collect it, how it is used and your choices regarding your data. This policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum.
MUV S.r.l. S.B.
Legal representative: Salvatore Di Dio
via Belgio, 8
VAT number: 06837280822
MUV S.r.l. S.B. (“us”, “we” or “our”) operates www.muvgame.com and MUV mobile application. For the sake of simplicity, in this policy, we refer to all of these as our “Service”.
SERVICE means the www.muvgame.com website and MUV mobile application operated by MUV S.r.l. S.B..
PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from the Service infrastructure itself (for example, the duration of a page visit).
COOKIES are small files stored on your device (computer or mobile device).
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
We collect several different types of information for various purposes but always in order to provide and constantly improve our Service to you.
It goes without saying that in order to reward your sustainable travel and allow you to take part in tournaments and challenges we need some specific information, such as your location and your most frequent trips.
We also collect information generated during the use of our services, such as GPS data or your activities when you choose to track yourself with MUV, access logs or information from third parties, for instance when you access our services through a social account (Apple, Google, Facebook, Instagram, etc.). If you wish, you can find more detailed information below.
While using our Service, particularly when you create an account, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Such information may include, but is not limited to:
We may use your Personal Data to send you newsletters, communications containing marketing or promotional materials and other information that may be of interest to you. You may choose at any time to opt-out of receiving any or all of these communications by clicking the unsubscribe link included in each message.
When you use our services you choose to share certain information with us. This include:
In addition to the information you give us directly, we receive information about you from others, including:
C.1 Social Media
You can use your social accounts (such as Apple, Facebook, Google or Instagram) to create and access your MUV account. By doing so you will avoid having to keep in mind yet another username and password and you will be able to share with us some information about your social profiles such as the list of your friends or your city of residence.
C.2 Other partners
We may receive information about you from our partners, i.e. when an electric car-sharing service interfaces with MUV and allows you to provide points for electric car trips, it may provide you with information about the duration of the journey, the route and the start and end times of the service.
When you use our services, we passively collect certain information (not actively provided by you) through various technologies (e.g. the operating system of the device you are using), information about what features you have used, how you have used them and the devices you use to access our services (“Usage Data”). In particular:
D.1 Information about your use
We collect information related to your activity and the use of our services such as date and time of access, features you have used, searches, clicks, content shown to you, browsing habits, shares, number of people invited to MUV, friend request sent, etc..
D.2 Device information
We collect information from and about the devices used to access our services, including:
D.3 Tracking information
Whenever you decide to track a sustainable trip with the MUV app you have to activate the tracking function by pressing the “PLAY” button (➤) and selecting the sustainable travel mode from the available ones. Only in this case, your movements will be tracked and we will collect some of your data, including:
As you will understand, monitoring your location is one of the essential conditions for MUV services to work, but at the same time, we would like to emphasise that we only collect location data when you start the MUV app and simultaneously press the PLAY button, and until you press the STOP button.
If you shut down the app after pressing the start button (without pressing the stop one), we will only collect location data if you have authorized your operating system to do so. This will allow you to retrieve your route and points as soon as you reopen the app.
D.4 Game information
By playing MUV, both in the basic game dynamics and in those in which you decide to take part yourself, you will produce a set of data strictly related to the game such as:
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. We also use other tracking technologies such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to notify when a cookie is being sent. However, if you do not accept cookies, you may not be able to use certain parts of our Service. Below are some examples of cookies we use:
Advertising Cookies: they are used to serve you with advertisements that may be relevant to you and your interests.
The main reason we use your information is to provide our Service, constantly improving it. In addition, we use your information to help you ensure your security and to deliver game modes that may be of interest to you.
In particular, we use your information to:
Please note that the provision of data for the purposes referred to in this paragraph 5 is necessary for the delivery of the services you requested: in case of refusal it will not be possible to complete the registration process and MUV S.r.l. S.B. will not be able to fulfil its contractual obligations.
Informed consent options
Consent n. 1 – Invitations to MUV Challenges and Tournaments
Receiving invitations to competitions, such as challenges or tournaments promoted by MUV or its partners or sponsors and winning the prizes awarded.
Consent n. 2 – Sponsorship Offers
Receiving personalized sponsorship offers from MUV’s partners and sponsors like a real athlete and be rewarded with prizes or discounts.
Consent n. 3 – Promotional communications
Receiving communications regarding updates, promotions or special offers concerning MUV or other related services. We promise to only send you a few messages from time to time.
As one of our objectives is creating a MUVement, a community of MUVers that shares the same values and aims to protect the environment, we share some of your information with other users.
We also share some information with service providers who support us in managing our Service, with partners who want to sponsor our competitions by offering prizes and discounts, with companies or entities that choose to make our Service available to their users and, in some cases, with legal authorities.
In particular, we may share your information:
With other users
Your public profile information (i.e. nickname, avatar, community, experience level, role, sustainability indexes, points, coins) is visible to other MUV users.
Conversely, your private profile information (CO2 saved, general MUV performance statistics, trophies, calories burned) is only shared with your friends within MUV. In order to turn a MUV user into a friend, you must accept or send a friend request (as long as the selected user in turn accepts it).
With other service providers
We may employ third party companies or individuals (“Service Providers”) to help us offer our Service in an optimal manner, provide Service on our behalf, perform Service-related activities or assist us in analyzing how our Service is used.
These third parties support us in various areas, including hosting and data management, analytics, customer support, marketing, advertising and security operations. They have access to your Personal Data only to perform these tasks on our behalf and are obliged not to disclose or use it for any other purpose.
These are therefore subjects who must be identified and indicated as data processing partners, data controllers, data processors or system administrators, depending on the characteristics they assume (e.g. because they access databases or because they manage data storage activities, management of storage media, etc.).
Below is a list of the service providers that currently support us:
With our partners
We may also share information with partners who chose to engage some types of MUV users through a series of customised sponsorship campaigns and reward the most sustainable ones with prizes and discounts. In this case, any sharing of your information with such partners is regulated by the competition-specific Terms and Conditions document, be it a challenge or a tournament, which you will be asked to read and accept before finalizing your registration.
We follow a rigorous verification process before involving any service provider or entering into a partnership with any partner.
With companies and other entities adopting MUV
In case a company, organization, university or school decides to adopt MUV as an internal tool to encourage safe and sustainable mobility among its users, it must subscribe to one of the available subscription plans.
By subscribing to the Service, it will have the opportunity to create its own team and invite users to sign up, take part in specific competitions and measure the impact generated in terms of CO2 by all those who decide to join the aforementioned team.
The entity in this case will assume the role of joint data controller only for the users who will join the team and in relation to the following types of data:
Data that falls under category D, and that is collected during the use of the service, is shared with the entity from the moment the user agrees to become part of the team and for the time afterwards. If you decide to leave the team, this information will no longer be shared with the entity.
In addition, the above-mentioned types of data may be processed only for the purposes described in Article 5 of this policy in letters l), q) and t).
The joint data control for entities that decide to subscribe to MUV is therefore limited in relation to:
For business transactions
We may transfer your information if we are involved, in whole or in part, in a merger, sale, acquisition, disposal, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
When required by law
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests from public authorities: (i) to comply with legal process, such as a court order, law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of criminal offences (subject in any event to applicable law); or (iii) to protect the safety of any person.
To enforce legal and negotiating rights
We can also share your Personal Data: (i) where disclosure could mitigate our liability in an actual or threatened lawsuit; (ii) if necessary to protect our legal and negotiating rights and the legal and negotiating rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent or take other action regarding illegal activities, suspected fraud or other unlawful acts.
Finally, we may disclose your information also: (i) to our subsidiaries and affiliates; (ii) to contractors, service providers and other third parties we use to support our business; (iii) to fulfill the purpose for which you provide it; (iv) for the purpose of including your company or entity logo on our website; (v) with your consent in any other cases.
We store and process your data mainly within the European Economic Area (EEA). However, in accordance with the Data Protection Agreement (DPA), your data may be transferred to countries outside the EEA, including storage in a database managed by sub-processor acting on behalf of the data controller (i.e. MUV S.r.l. S.B.). In this case, the management of the database and the processing of the data is linked to the purposes of the processing and are carried out with appropriate safeguards in line with the provisions of Chapter V of the GDPR. The updated list of data processors and sub-processors can be requested at any time from MUV S.r.l. S.B..
We will also retain your Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to enhance security or to improve the functionality of our Service, or we are legally obligated to retain it for longer periods of time.
To protect the security of our users, we apply a security retention window of three months after your account is deleted. During this period, your account information will be retained, even if your account is no longer visible within the Service.
Specifically, we will delete personal information when you delete your account (after the security retention window), while we anonymize information registered through MUV, such as routes, points, CO2 saved, etc., and keep it for statistical or research purposes, such as calculating the total CO2 saved through our platform or monitoring the change in mobility habits of our users.
Subsequently, at the end of a two-year continuous inactivity interval, we will also permanently delete anonymous information, unless:
In accordance with Article 32 of the GDPR and the Personal Data Processing Agreement (DPA), the data controller, data processors and officers shall take technical, organizational and protective measures to ensure a level of security appropriate to the risk and prevent the loss of data, unlawful or incorrect use, unauthorized access to the user’s account, alteration, disclosure or destruction of Personal Data collected.
Specifically, we store your information in encrypted databases and we maintain the different data separate (i.e., your personal and travel-related data, for example, are stored in two different databases in order to increase security); in addition, all communications between the back-end and front-end of our Service (i.e., between our servers and the App) are carried out through the secure HTTPS protocol; finally, we do not show other MUV users your personal information such as your first name, last name, email address or your travels, but only your nickname and aggregated game data (e.g. number of points, routes travelled, CO2 saved, modal split or trophies won).
The controller and the joint data processors shall take measures to ensure that any natural person acting under their authority who has access to your personal data does not process it except in accordance with the instructions received from the joint data processors, unless they are required to do so by EU or Member State law.
We value your privacy and we do everything we can to protect your data. Unfortunately, however, no system is completely secure, so we cannot guarantee that any information you provide to us in relation to the data we collect through MUV will be immune from unauthorised access by third parties. We are not responsible for events beyond our direct control.
In particular, your password is an important component of your security system and it is your responsibility to protect it properly. Do not share it with third parties and if you believe that your password or account has been compromised, change it immediately and contact us at email@example.com.
We regularly monitor our systems for possible vulnerabilities and attacks and periodically review our information collection, storage and processing procedures to update our physical, technical and organizational security measures.
In accordance with Articles 13, paragraph 2, 15, 18, 19, 20 and 21 of the GDPR, you have the following rights:
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You can exercise your rights by sending a written request to firstname.lastname@example.org. We will provide you with the information or take the action you have requested within 30 days.
We may provide paid products and/or services within our Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
We recognize the importance of protecting the privacy and safety of children. For this reason, we encourage parents and carers to play an active role in monitoring their children’s online activities and interests.
Our services are not intended for use by children under the age of 17 (“Child” or “Children”). We do not allow users under 17 years of age to access our platform and we do not knowingly collect personal information from anyone under 17 years of age. If you become aware that a Child has provided us with Personal Data, please contact us at email@example.com. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.