Privacy & Cookie Policy

Privacy Policy Maenoox Website

Information on the processing of personal data art. 13 Reg. (EU) 2016/679 (“GDPR”)

Pursuant to Regulation (EU) 2016/679 (hereinafter, "GDPR"), this page describes the methods of processing personal data of Users who consult the Maenoox Website related to the Web service for the creation (hereinafter also "mint" or "minting") of DigitalAssetNFT and Certificates of Authenticity (hereinafter also the "Service" or "Services"), accessible electronically at the following address: https://www.maenoox.com (hereinafter also "Website" or "Site").

The present information does not concern other sites, pages, or online services reachable through hypertext links possibly published on the sites but referring to resources external to the Dot Beyond domain.

Identity and contact details of the Data Controller and the DPO

Pursuant to Article 13 of the European Regulation 679/2016 on the protection of personal data (hereinafter GDPR), you are informed that the provided data will be processed by Dot Beyond s.r.l. with sole shareholder (hereinafter "Dot Beyond"), which is the Data Controller and can be contacted at the address: [email protected]. The Data Protection Officer of the Controller can be contacted at the address [email protected].

Legal basis for processing

The personal data processed by the Data Controller, as specified below, are collected to allow the User to register and correctly use the Website, including, without limitation, the creation, purchase, and sale in the primary market of DigitalAssetNFT (hereinafter also referred to as the "Service"). It should be noted that "DigitalAssetNFT" refers to a pair consisting of an original digital file inextricably linked to its metadata, which determines a non-fungible token, implemented on one or more public global blockchains (for example, but not limited to, Ethereum), forever associated with it.

The legal basis for the processing, therefore, is represented by art. 6, paragraph 1, letter b), GDPR since the processing is aimed at fulfilling pre-contractual or contractual obligations to which the Data Subject is a party (use of the Website and activation of the related services requested by the User and are retained by the Data Controller to fulfill legal obligations).

In particular, the personal data provided by the Interested Parties (identification and contact data, such as name, surname, email address, and tax code) are necessary to allow the User to use the services of the Website and, specifically, they are needed by users to mint digital files into an NFT Token using the minting method called "Vanilla minting." Furthermore, the data is necessary to allow users to purchase the Certificates of Authenticity for the NFTs minted through Maenoox. The failure to provide personal data by the Data Subject will result in the inability to use the aforementioned services.

The User's personal data may be used for the ascertainment, exercise, or defense of legal actions or whenever judges intervene in judicial proceedings, against unlawful acts and abuses in the use of the same or related services by the User. For more information regarding the Maenoox marketplace and its operation, Users are invited to review the Terms and Conditions here.

Types of data processed, purposes of processing, and retention periods

Navigation data

The computer systems and software procedures responsible for the operation of this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. In this category of data fall the IP addresses or domain names of the computers and terminals used by the Users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the User's operating system and computing environment. Such data, necessary for the use of Web services, are also processed for the purpose of:

  • obtain statistical information on the use of services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
  • check the proper functioning of the services offered.

The browsing data persists for the strictly necessary time to achieve the indicated purposes (unless there are any needs for criminal investigations by the judicial authority).

Cookies and other tracking systems

Session cookies (non-persistent) are used strictly to the extent necessary for secure and efficient navigation within the Site. The storage of session cookies on terminals or browsers is under the control of the User, whereas on servers, at the end of HTTPS sessions, information related to cookies remains recorded in the service logs, with retention times, however, not exceeding the time strictly necessary to achieve the indicated purposes, similar to other browsing data. For the other types of cookies used, please refer to the specific cookie policy.

Necessary data for User Account registration

During the User's registration on the Site, a Wallet (an electronic wallet protected by cryptographic keys) is required. The User can choose to set a nickname that will be displayed on the site. To allow for any economic transactions in the event of the sale and purchase of available works, the User must also provide an IBAN and a series of billing details (such as email address, first name, last name, address, Tax Code, VAT number if applicable, and PEC if a legal entity). The data provided by the User is stored for 10 years from its receipt, in compliance with the statutory time limits for the investigation of any cybercrimes. If the User requests the deletion of their User Account, it will be disabled for future access. It is possible to view the Terms and Conditions of the service here

Further data communicated by the User

The optional, explicit, and voluntary sending of messages to the contact addresses of the Data Controller involves the acquisition of the sender's contact data, necessary to respond, as well as all personal data that the Data Subject freely decides to include in the communications. The Data Controller proceeds to delete the requests submitted by the Data Subjects within 6 months from the moment they are processed.

Nature of consent and consequences in case of non-provision

The User has the right, but not the obligation, to enter their personal data necessary for the payment of economic transactions for the use of the Site's services at the time of purchase. Such data will not be used in any way for purposes other than those strictly necessary for the service. It should be noted that granting consent for the collection and processing of personal data is optional, but necessary for the Data Controller, due to legal and contractual obligations, in order to provide the services requested by the User and to allow them to benefit from them. The failure by the User to provide certain Personal Data, identified as "mandatory fields" and necessary to identify and integrate services aimed at interaction between well-identified and selected Users through the aforementioned data, or the partial or inaccurate provision of such data, may therefore prevent the correct use of the Site and the inability to create DigitalAssetNFT. The User is aware of the criminal liability they may incur in the event of false statements, or the presentation of false documents or documents containing data that is no longer true, pursuant to Article 76 of the Presidential Decree 28.12.2000 n.445, and assumes responsibility for their own and third-party Personal Data published or shared through this Website, ensuring that they have the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

Treatment methods

The Data Controller processes Users' personal data by adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification, or destruction of personal data. The services provided by the Maenoox platform include: collection, registration, organization, storage, consultation, processing, extraction, use, deletion, and destruction of data. The processing is carried out using manual, computer-based, and/or telematic tools, with organizational and logical methods strictly related to the indicated purposes. If the Data Controller intends to further process the personal data for a purpose other than that for which it was collected, information related to that different purpose and any other relevant information will be provided before such further processing.

To ensure the security and confidentiality of data, Dot Beyond uses protected data networks, among other things, by industry-standard firewalls and password protection, and has adopted the technical and organizational measures required for the protection of personal data.

The processing does not involve the activation of an automated decision-making process, including profiling.

Recipients and categories of people who have access to the data

In addition to the Data Controller, categories of employees involved in the organization of the Site (administrative, commercial, marketing, legal, system administrators) who have been trained and instructed for this purpose in personal data protection will also have access to the Data.

Any other parties who, due to their assigned tasks, access the collected data (such as third-party technical service providers, IT companies) will be appointed, where necessary, as Data Processors or Sub-Processors in accordance with and for the purposes of Article 28 of the GDPR. A complete and updated list of the external data processors appointed can be requested from the Data Controller through the contact channels specified above.

The personal data processed will not be communicated to third parties, nor will they be subject to dissemination. The collected and processed data may be communicated, in accordance with the law and upon explicit request, to law enforcement agencies, the judiciary, intelligence and security bodies, or other public entities for the purposes of national defense or security, or for the prevention, investigation, or prosecution of crimes.

Transfer of data abroad

The personal data collected are stored, according to the described timelines, on servers located within the European Economic Area. Should the need arise to transfer the collected Data abroad, the Data Controller guarantees that this will be done in accordance with the provisions of Articles 45 et seq. of the GDPR, to countries that have been deemed adequate by the European Commission or that provide adequate guarantees regarding the protection of personal data, or, where necessary, by using the standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93, paragraph 2.

Rights of the Data Subjects

Data subjects have the right to obtain from the Data Controller, in the cases provided for, access to their personal data and the rectification or deletion of the same or the restriction of processing concerning them or to object to the processing (Articles 15 et seq. of the Regulation). The appropriate request must be submitted by contacting the Data Protection Officer at the email address [email protected] or by sending a registered letter with acknowledgment of receipt to the addresses of the Data Controller specified above. If the conditions are met, the Data Subjects may file a complaint with the Data Protection Authority (Article 77 of Regulation (EU) 2016/679). The complaint can be delivered in person at the offices of the Guarantor (at the address indicated below) or by sending:

  • registered letter with return receipt addressed to: Data Protection Authority, Piazza Venezia, 11 – 00187 Rome;
  • certified email message addressed to: [email protected] Alternatively, one can appeal to the judicial authority.

Updates to the policy

You are informed that this Notice, provided pursuant to Article 13 of the GDPR, will be subject to periodic updates of which notice will be given. Date of last modification: This information was updated on 02/12/2025.