Privacy Policy
Last edit: 02 Mar 2023


Information on the processing of personal data pursuant to Article 13 of EU Regulation 679/2016 (GDPR)




Reflex Token S.R.L., with registered office in Cosenza in via E. De Nicola n. 42, C.F/P.IVA: 03767240785, e-mail address: [email protected],  as Data Controller, undertakes to protect Personal Data.  


The aforementioned regulatory provisions regulate the confidentiality of personal data and impose a series of obligations on those who process information referring to other subjects. Among the obligations to be respected is that of adequately informing the natural person to whom the data refer (Data Subject) about the use that is made of the related data, so that consent to the processing of the same is freely expressed and unequivocal.


In order to identify the interested recipient of this information, we define as a Customer the natural person who registers with the MetaReflex app  to access the services as  a user, payer or purchaser of the services rendered by the Operator.


All information and data provided to reflex Token S.R.L. ("Data Controller") by Customers as part of the activation of the Services (as better defined in the "Conditions and Terms of Contract" area) and in particular when creating the account, will be processed by the Data Controller according to the principles of correctness, lawfulness, transparency and protection of the privacy and rights of the interested party.




Through the Services offered on Metareflex, Reflex Token S.R.L. collects and processes information relating to the Customer.  Informationthat makes the Customer identified or identifiable is classified as "Personal Data".  They are distinguished:

·         Personal Data that may be processed by through the Services provided. These data are: name, surname, tax code, mobile phone number, e-mail address, bank details

·         Navigation and use data of the Application (e.g. pages visited, actions performed, duration of sessions, etc.). The software procedures used to operate this site acquire some personal data during normal operation that are implicitly transmitted in the use of internet communication protocols;  these are data that by their nature, being related to electronic traffic, are not immediately associated with identified interested parties, but could allow, through processing through associations with data held by third parties, to identify users of the site (eg IP addresses)

·         Data provided voluntarily by users. Thesedata are kept for the period strictly necessary and in any case in compliance with the current regulatory provisions on the subjectof

·         Geolocation data that accurately identifies the person's location (e.g. exact geographic coordinates from a GPS)

·         Tax and payment data (e.g. tax code, VAT number, bank account details, etc.)


ü  Session cookies: on this site will be used technical session "cookies" that will allow faster access to the site. The User can always request the deactivation of cookies by changing the browser settings, this deactivation, however, may slow down or prevent access to some parts of the site.

ü  Profiling cookies (if any): profiling cookies will be used on this site used to track the user's web browsing and create profiles on his tastes, habits, choices, etc. With these cookies, advertising messages can be transmitted to the user's terminal in line with the preferences already expressed by the same user in online browsing.





The Personal Data described above will be processed for the following purposes:


  • Activation of any services related to the  management of activities related to the use of the Metareflex app, accessto the services of market place and vaucher own and / or companies affiliated with Reflex Token S.R.L.
  • The need to execute a contract of which the interested party is a party or to perform pre-contractual activities at the request of the same represents the legal basis that legitimizes the consequent processing. The provision of the data necessary for these purposes represents, depending on the case, a contractual obligation or a necessary requirement for the conclusion of the contract; in the absence of them, the Data Controller would be unable to establish the relationship or to execute it;
  • Fulfill any national and EU, accounting and tax legal obligations (e.g.: customer due diligence obligations and communications of your Personal Data in accordance with the provisions on anti-money laundering as well as any future obligations deriving from national and European regulations)


  • Sending newsletters and periodic communications regarding products and services of the Data Controller: sending promotional and informative material concerning products and services similar to those that the Customer has already used and updates on the establishment of partnerships


  • Finding specific requests for assistance, information or advice received through the appropriate "Contacts" section




The legal bases used by the Data Controller to process your Personal Data, according to the purposes indicated in Paragraph 3 above, are as follows:


  • Consulting and Provision of Services: the processing for these purposes is based on the need to be able to provide the customer with feedback or a Service. The need to execute a contract of which the interested party is a party or to perform pre-contractual activities at the request of the same represents the legal basis that legitimizes the consequent processing. The provision of the data necessary for these purposes represents, depending on the case, a contractual obligation or a necessary requirement for the conclusion of the contract; in the absence of them, the Data Controller would be unable to establish the relationship or to execute it;
  • Purposes related to the obligations established by laws, regulations or community legislation, by provisions / requests of authorities legitimated by law and / or by supervisory and control bodies: Your contact details and your payment data could be processed by the Data Controller to fulfill the obligations to which the same is bound. The prerequisite for processing in this case is the fulfillment of a legal obligation. The provision of Personal Data for this purpose is mandatory because in default Reflex Token S.R.L. will be unable to fulfill specific legal obligations.
  • E-mail marketing by sending newsletters on similar products and services offered by the Data Controller: the processing for this purpose is based on the specific consent of the customer. Giving consent for this purpose is not mandatory, therefore failure to provide consent does not have consequences on contractual relationships. The customer can revoke the consent previously given. The termination of this type of treatment may be requested using the links at the bottom of the communications





Personal Data may be shared with:


  • natural persons authorized by the Data Controller to process Personal Data on the basis of a specific appointment (e.g. employees – shareholders – system administrators Reflex Token S.R.L.);
  • subjects acting as data processors appointed pursuant to art. 38 GDPR as Consultants responsible for providing information and assistance on the Services;
  • subjects acting as independent Data Controllers such as Merchants (those who offer the Customer their products using the metareflex app  );
  • subjects to whom the communication must be made in fulfillment of an obligation established by law, by a regulation, by community legislation or by provisions issued by Authorities legitimated by law and by Supervisory and Control Bodies;
  • Payment infrastructures and Cloud service providers operating as self-employed Data Controllers






The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.





Some Personal Data of Customers are shared with Recipients who may be located outside the European Economic Area such as Payment Infrastructures and Cloud Service Providers.


Reflex Token S.R.L. ensures that the processing of users' Personal Data by these Recipients takes place in compliance with applicable legislation. Indeed, transfers are made through appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legal instruments.





With reference to the purposes of Provision of Services related to  the use of the metareflex app, they will be kept for the entire time of use  of the  entertainment and gaming services and until the   account is voluntarily closed by the user or the company for the cases provided for in paragraph 17 of the General Terms and Conditions of Use. For the purposes of Consulting and Sending Newsletters, as identified in point 4, Personal Data are kept until consent is revoked.


With particular reference to the judicial protection of our rights or in case of requests from the authority, the processed data will be kept for the time necessary to process the request or to pursue the protection of one's right.





Under the conditions of the GDPR, you have the right to ask us:


  • access to your personal data,
  • a copy of the personal data you have provided to us (so-called portability),
  • the correction of the data in our possession,
  • the deletion of any data for which we no longer have any legal basis for processing,
  • the withdrawal of your consent, in the event that the processing is based on consent,
  • the limitation of the way in which we process your personal data, within the limits established by the legislation on the protection of personal data.


Right to object: in addition to the rights listed above, you always have the right to object at any time to the processing of your data carried out by the Data Controller for the pursuit of its legitimate interest. Furthermore, you can always object at any time if the Data are processed for Marketing purposes.


The exercise of these rights, which can be done through the contact details indicated in Paragraph 1, is free of charge and is not subject to formal constraints. In the event that you exercise any of the aforementioned rights, it will be the responsibility of the Company to verify that you are entitled to exercise it and to give you feedback, as a rule, within one month.


If you believe that the processing of Personal Data referred to you is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Guarantor for the protection of personal data, using the references available on the website, or to take the appropriate judicial offices.



This information may be supplemented with further indications, also in consideration of regulatory changes or provisions of the European Commission and the Privacy Guarantor. Reflex Token S.R.L. therefore invites customers to pay attention to the latest version of the information shown through these channels in order to be always updated on the data collected and on the use made of it by Reflex Token S.R.L.


Contact Us

If you have any questions or concerns about this privacy policy, please contact us at [email protected].