Privacy Policy

This information is provided in accordance with articles 13-14 of the General Data Protection Regulation (GDPR) 2016/679

GOTOANDPLAY S.N.C. ("We" or "Data Controller"), trading company in the field of software development and realization of internet sites, with seat in Via IV Novembre 8, 12045 Fossano (CN), Italy, in accordance with articles 13 and 14 of GDPR 2016/679 informs you that your data will be handled according to the principles of correctness, lawfulness, transparency and protection of your privacy and your rights, with the following modalities and for the following purposes.

1. Subject of data processing

We will process the personal data of common type that you will provide us by filling in forms on our site www.smartfoxserver.com ("our site") or by corresponding with us (by phone, e-mail, electronic chat or otherwise). This includes but is not limited to name, surname, address, phone, e-mail address, username, etc, required to access one or more of our services, i.e. SmartFoxServer licenses purchase, licenses management, newsletter, etc.

Each time you visit our site, we will also collect and process automatically the following personal data:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our offices; and
  • information obtained through cookies we use on our site. For more information about the usage of cookies, please check our Cookies Policy.

We will not collect and process "special" data, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sexual life or sexual orientation of the person.

2. Purposes of data treatment

2.1 Contractual purpose

The provided personal data will be processed in relation to your requests made through our site (requests for information, purchase of licenses, etc) and contractual obligations related to the commercial relationship (refine, observe, control and manage the correct fulfillment of the contract, detect and prevent any identity fraud, etc).

2.2 Purpose of fulfillment of obligations originating from laws and regulations

The provided personal data will be handled to fulfill the obligations originating from Italian laws and regulation or European Community legislation and for civil purposes, accounting and tax.

2.3 Promotional purpose for services/products similar to those you purchased

Even without an explicit consent, we may use the contact data you provided for the purpose of direct sale of our services/products, limited to the case in which such services/products are similar to those covered by the sale, unless the concerned person does not object explicitly. This is to be considered direct marketing based on a previous user consent to the processing of personal data.

2.4 Purpose of commercial promotion of services/products different than those you purchased

The collected data may also be processed for purposes of commercial promotion, for surveys and market research with regard to products/services that the we offer, provided that you have authorized the treatment and have not opposed to such purpose. Your authorization must be explicit and will be requested if and when needed.

Taking into account the purpose of the treatment described above, the conferment of data for the purposes described in paragraphs 2.1, 2.2 and 2.3 is mandatory and implicit and their missing, partial or incorrect conferment will have, as a consequence, the impossibility of continuing the business relationship.

The conferment of data for the purpose described in paragraph 2.4 is optional.

At any time you may revoke your consent to the data processing.

3. Data treatment modalities

The treatment of personal data is carried out through the operations indicated in art. 4 n. 2) of the Regulation, and precisely: collection, recording, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

The personal data are processed both in printed and electronic form (also automatically) and in any case in such a way as to ensure the security, integrity and confidentiality of data in respect of the organizational, physical and logical measures established by the applicable regulations.

4. Data retention period

We will process your personal data for the time necessary to fulfill the purposes referred to above.

The data used to fulfill your request and no longer needed will be deleted after a maximum period of 12 months. Other data related to the purchases, required for example for contract renewals, etc, will be kept for at least 24 months or for enough time to enable us to correctly fulfill the contract with you, if any.

We will retain the data relating to fiscal and accountancy requirements for at least 10 years after the termination of the business relationship.

5. Identity and contact details of the Data Controller

The "Data Controller” is:

GOTOANDPLAY s.n.c.
Via IV Novembre 8
12045 Fossano (CN), Italy

VAT Id.: IT03121770048

Contact e-mail:
Certified e-mail:

6. Disclosure of personal data in pursuit of the treatment purposes

The collected personal data will be processed by subjects or categories of subjects who act as persons in charge for the treatment of the data in accordance with art. 28 of the Regulation or which are authorized to processing the data in accordance with art. 29 of the Regulation.

We may disclose your personal data to third parties to whom the communication is necessary for the fulfillment of legal requirements. Moreover, the personal identification data may be communicated to any other third party when required by law or to comply with other requirements of the Regulation.

Your data will be transferred to and reside at Rackspace and Google AppEngine third-party service providers, which host our site and the SmartFoxServer licenses management system respectively. Both providers are already operating in accordance to GDPR (here and here respectively).

For the management of payments we make use of the PayPal service, which is already operating in accordance to GDPR (here). Alternatively you can use other payment methods, such as bank transfer.

For our newsletter we make use of the Campaign Monitor service, which is already operating in accordance to GDPR (here).

For the treatment of cookies, please refer to the specific Cookies Policy.

With reference to art. 13, paragraph 1, letter (e) of the Regulation, we indicate the subjects or categories of subjects who may come to know your personal data as employees and/or persons in charge of the treatment. The list is up-to-date at the day of publishing of this policy.

  1. Accountant (accounting and activities related to contractual service)
  2. Employees (provide the required service)
  3. Credit institutions and digital payment services, banking/postal institutions (management of cash receipts and payments)
  4. Professionals/external consultants and consulting companies (law obligations fulfillment, exercise of rights, protection of contractual rights, recovery of credit)
  5. Financial administration, public authorities, judicial authorities, supervisory and control (law obligations fulfillment; defense of the rights; lists and registers kept by public authorities or similar bodies on the basis of specific regulations, in relation to the contractual services)
  6. Formally delegated subjects or subjects having recognized legal title (legal representatives, curators, tutors, etc)

None of your personal data will ever be subject to dissemination.

7. Transferring data outside the European Union

Some of the data we collect (for example in our online shop) are transferred and stored in the United States, where our site is hosted. These will be treated by the hosting provider on the basis of standard contractual clauses adopted by the European Commission to guarantee the adequacy of the data protection level outside EU.

The data relating to the commercial management and invoicing will not be transferred outside the EU.

8. Exercise of rights

For the purposes of articles 13, paragraph 2, subparagraphs (b) and (d), 15, 18, 19 and 21 of the Regulation, we shall inform you that you can, at any time, exercise your rights to:

  1. access your personal data;
  2. obtain the correction or cancellation of your personal data or restrict their treatment;
  3. oppose to the treatment;
  4. data portability;
  5. revoke the consent, where provided: the revocation of consent does not affect the lawfulness of the processing based on the consent provided before the withdrawal;
  6. submit a complaint to the Data Protection Authority.

You can exercise your rights by sending a request by e-mail to this address:  .