Privacy Policy

Effective date: June 22nd, 2025
Version: 1.0
Website: www.horshare.club

1. Data Controller

The data controller is:

MR Group Srl
Registered office: Via Olmetto 5, 20123 Milan (MI), Italy
Email: info@horshare.club
Website: www.horshare.club

This privacy policy applies to the data collected through the digital platform operated on the website.

2.Categories of data Subjects

This privacy policy applies to the following categories of individuals:

    • Visitors (unauthenticated users of the website)

    • Token Holders

    • Prospective Investors

    • Syndicate Members

    • Breeders or Owners of Horses

    • Business Partners or Affiliates

3. Types of Personal Data Collected

The Company may process the following categories of personal data:

    • Identifiers (e.g. name, surname, email address, telephone number)

    • Wallet Address (public blockchain address)

    • Identification Documents (e.g. national ID, passport – for AML/KYC purposes)

    • Financial and Payment Data

    • Usage Data (e.g. access logs, interaction data, device type)

    • Cookies and Tracking Data (subject to separate Cookie Policy)

4. Purposes of the Processing

The personal data is collected and processed for the following purposes:

    • User registration and account management

    • Purchase of NFTs and participation in ownership syndicates

    • Compliance with Anti-Money Laundering (AML) and Know-Your-Customer (KYC) obligations

    • Customer service and support

    • Analytics and performance tracking

    • Direct marketing communications (e.g. newsletters and special offers)

    • Compliance with legal obligations

    • Performance of contractual obligations

5. Legal Basis for Processing

Pursuant to Article 6 of the GDPR, the legal bases for processing are:

Purpose Legal Basis
User registration and account management Performance of a contract (Art. 6(1)(b))
NFT purchase and syndicate participation Performance of a contract (Art. 6(1)(b))
AML/KYC compliance Legal obligation (Art. 6(1)(c))
Customer support Performance of a contract or legitimate interest (Art. 6(1)(b) / (f))
Performance analytics Legitimate interest (Art. 6(1)(f))
Marketing communications (newsletter, offers) Consent (Art. 6(1)(a))
Compliance with legal obligations Legal obligation (Art. 6(1)(c))
Enforcement or performance of contractual obligations Performance of a contract (Art. 6(1)(b))

Where data processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of prior processing.

6. International Data Transfer

No personal data will be transferred to countries outside the European Economic Area (EEA).

7. Processors and Service Providers

Personal data may be processed by third-party service providers acting as data processors, including:

    • Hosting infrastructure providers

    • KYC and AML verification services

    • Smart contract and blockchain deployment partners

These providers will act in accordance with data processing agreements under Article 28 GDPR.

8. Data Retention

Personal data will be retained for the following periods:

    • For the duration of the user’s registration and/or contractual relationship with the platform;

    • For the period necessary to comply with applicable legal, accounting, and regulatory obligations;

    • For a limited period following the end of the relationship for the establishment, exercise, or defense of legal claims;

    • For optional data (e.g. marketing), until consent is withdrawn.

9. Data Subjects’ Rights

In accordance with GDPR (Articles 15–22), users have the following rights:

    • Right of access to their personal data;

    • Right to rectification of inaccurate or incomplete data;

    • Right to erasure of data (“right to be forgotten”);

    • Right to restriction of processing;

    • Right to data portability;

    • Right to object to processing (including for direct marketing);

    • Right to withdraw consent at any time (where applicable);

    • Right to lodge a complaint with the competent Data Protection Authority.

The competent authority is:
Garante per la Protezione dei Dati Personali (Italian Data Protection Authority)
www.garanteprivacy.it

10. Cookies and Tracking Tools

The website uses cookies and similar technologies. A dedicated Cookie Policy will be made available separately.

11. Automated Decision-Making

No personal data is subject to automated decision-making or profiling pursuant to Article 22 GDPR.

12. Changes to this Privacy Policy

The Company reserves the right to amend or update this Privacy Policy from time to time. Any material changes will be communicated by appropriate means, including on the website. Users are encouraged to review this policy periodically.