Products
Markets
$YNG
Business
About us
Blog
Support
$YNG
Tokenomics
Clubs
Chart
Leadership
Ecosystem
Work with us
Talking About Us
Sicurezza
Legal & Privacy
Information Notice on the Processing and Protection of Personal Data

Article 13 of EU Regulation No. 679/2016

Last Update: 02/12/2025

This information notice describes the processing of your personal data and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter “GDPR”) and the applicable national legislation on privacy and personal data protection.

Identity and Contact Details of the Data Controller

YOUNG PLATFORM S.p.A. with registered office in Turin (TO), Via Cigna n. 96/17, (Tax Code and VAT no. 11931440017), in the person of its pro tempore legal representative Alexandru Stefan Gheban (Tax Code: GHBLND98T22Z129Y), e-mail [email protected] as the personal data controller (hereinafter “Young Platform” or the “Controller”).

Should the Controller avail itself of data processors or sub-processors pursuant to Art. 28 GDPR, the updated list of processors and persons in charge of processing is kept at the Controller’s registered office.

Young Platform’s Privacy Roles in relation to the services provided on the platform

Please note that, depending on the service you use, your personal data may be processed by different entities as data controllers:

  • Young Platform is an autonomous Controller for all data collected and processed in relation to your registration and use of the Young Platform platform, the Young Platform and Young Platform Step Apps, the Crypto Account, and ancillary services directly provided by the Company (including the Cashback Program).
  • The Payment Account service and the related Young Card are provided exclusively by the payment institution TPPay S.r.l. (Tax Code and VAT no. 12511320967) with registered office in 20135 Milan (MI), Via Serviliano Lattuada 25, which acts as an autonomous Data Controller for all purposes related to the opening and management of the Account, the execution of payment operations, the issuing and management of the Card, and anti-money laundering (AML/CFT) regulatory compliance. For such processing, please refer explicitly to the TPPay S.r.l. privacy policy, available at the following link: link.youngplatform.com/r/cashprivacy

For the performance of some purely technical and instrumental activities for the use of the Payment Account through the Young Platform digital infrastructure – such as, by way of non-exhaustive example, technical support and assistance to Users in relation to the Payment Account and the Young Card, acting as the main contact point according to the instructions given by TPPay S.r.l. – Young Platform acts as Data Processor, pursuant to Art. 28 GDPR, on behalf of TPPay S.r.l., based on a specific agreement.
This information notice primarily concerns the processing carried out by Young Platform as an autonomous Controller.

Data Protection Officer

Pursuant to Art. 37 of the GDPR, the Controller has appointed the lawyer Angelo Giunta as the Data Protection Officer (hereinafter briefly “DPO”), domiciled at Young Platform’s registered office and contactable at the e-mail address [email protected].

What types of personal data we process

The types of personal data we collect depend on the purpose for which they are collected.

In general, we may collect the following types of personal data directly from you:

Through the Young Platform Step App:

  • ordinary personal data (such as, by way of non-exhaustive example: first name, last name, date and place of birth, residence address, e-mail address, telephone number);
  • geolocation data;
  • usage, navigation, functional, session, statistical, and profiling data, including the device identifier;
  • images, photographs uploaded by you to your personal profile.

Through the website and the Young Platform App and related services:

  • ordinary personal data (such as, by way of non-exhaustive example: first name, last name, date and place of birth, residence address, tax code, e-mail address, telephone number);
  • economic and transactional information (e.g., information relating to transactions carried out by you, etc.);
  • geolocation data (e.g., information on the device used);
  • bank and tax identification data;
  • personal data provided through communications or attachments to communications;
  • usage, navigation, functional, session, statistical, and profiling data, including the device identifier or the user’s IP address, the time the user visits the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment;
  • images, photographs uploaded by you to your personal profile.

Through the Cashback Program:

  • data relating to spending transactions made with the Young Card, in order to calculate the accrued cashback;
  • data relating to your membership in one of Young Platform’s Loyalty Clubs, for the application of the correct cashback percentage;
  • data relating to the YNG tokens credited to your Cashback Wallet and subsequent transfers to the YNG Crypto Wallet.

hereinafter “Personal Data”.

Why we process your personal data and on what legal bases

The processing of your Personal Data by the Controller takes place:

A) without your explicit consent (Art. 6 letters b) – f) GDPR), for the following purposes:

  • to activate and manage the user profile in the Young Platform Step and Young Platform Apps and on the platform referred to on the website https://youngplatform.com/ as well as to provide the services connected to the Crypto Account (legal basis: execution of pre-contractual measures and of the contract to which you are a party – Art. 6, par. 1, letter b) GDPR);
  • to execute the contract relating to the Payment Account and Young Card service, for purposes such as the opening and technical management of the Account, the routing of payment operations, customer assistance, transaction security and the prevention of fraud and abuse (legal basis: execution of the contract – Art. 6, par. 1, letter b) GDPR; fulfillment of legal obligations, e.g., anti-money laundering – Art. 6, par. 1, letter c) GDPR; legitimate interest in preventing fraud – Art. 6, par. 1, letter f) GDPR);
  • to comply with obligations established by law, regulation, Community legislation or an order of the Authority (e.g., tax and accounting obligations);
  • to pursue a legitimate interest of the Controller or of third parties, provided that the interests or fundamental rights and freedoms of the data subject which require the protection of Personal Data do not prevail (e.g., the Controller’s right to legal defense).

B) Only with your specific and distinct consent (Art. 6 letter a) and Art. 7 GDPR), for the following marketing purposes:

  • sending via e-mail, post and/or SMS push notification and/or telephone contacts, newsletters, commercial communications and/or advertising material on the services offered by the Controller and detection of the degree of satisfaction with the quality of the services.

C) Only with your specific and distinct consent (Art. 6 letter a) and Art. 7 GDPR), for the following profiling purposes:

  • sending advertising communications, offers and promotions, via e-mail, post and/or SMS and/or telephone contacts, which are consistent with the data subject’s profile.

Profiling will allow the Controller to personalize the offering of products and services offered to Users, including in relation to the Cashback Program. To this end, the Controller will evaluate the type and number of requests for information submitted, including through the Website, purchases of goods or services made from the Controller, personal and contact information (e.g., place of residence), as well as further information relating to the Customer released by them (e.g., age and profession).

D) Only with your specific and distinct consent (Art. 6 letter a) and Art. 7 GDPR) to manage your participation in the Cashback Program, including the calculation, attribution and reporting of the accrued YNG tokens.

Should you deny your consent, it will not be possible to carry out the aforementioned activities under B) C) and D) and should you have given consent to the processing activities under B) and C) and D), you will in any case have the right to revoke the given consent at any time.

How long we store and process personal data

Your Personal Data will be processed by the Controller for the period of time necessary to achieve the purposes of the processing referred to in the previous Article 4.

In particular:

  • Data processed for the provision of the Young Platform platform services and the Crypto Account will be stored for the entire duration of the contractual relationship and, after its termination, for a period of 10 years for administrative, accounting purposes and to assert or defend a right in court.
  • Personal Data relating to the Payment Account service and payment operations will be stored for 10 years from the closure of the Account, in fulfillment of legal obligations regarding anti-money laundering (Legislative Decree 231/2007) and civil and tax regulations.
  • Personal Data processed for the marketing purposes referred to in letter B) of the previous Art. 4 will be processed by the Controller for a maximum of 24 months from the collection of consent.
  • Personal Data processed for the profiling purposes referred to in letter C) of the previous Art. 4 will be processed by the Controller for a maximum of 12 months from the collection of consent.

At the end of these periods, the data will be deleted or irreversibly anonymized.

How we process your personal data

Personal Data are subject to both paper-based and electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Controller or by duly authorized and/or appointed persons to carry out these tasks, constantly identified and/or named, appropriately instructed and made aware of the constraints imposed by law, as well as through the use of security measures designed to guarantee the protection of confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized or non-compliant processing with the purposes mentioned above.

To whom we may disclose your personal data

For the purposes indicated above, your collected data may be made accessible or disclosed to:

  • employees and collaborators of the Controller, in their capacity as authorized persons in charge of processing, within the scope of their respective duties and in accordance with the instructions received. These individuals are in any case subject to confidentiality and secrecy obligations;
  • to third parties who carry out outsourcing activities on behalf of the Controller, whose activity is connected, instrumental or supportive to that of the Controller (e.g., management software providers, remote identification service providers – KYC, fraud prevention services, technical management);
  • to all those public and/or private entities, natural and/or legal persons (such as, by way of example, legal, administrative and tax consulting firms, Judicial Offices, Chambers of Commerce), if the disclosure is necessary or functional for the correct fulfillment of the contractual obligations assumed, as well as the obligations deriving from the law;
  • to all those entities (including Public Authorities) who have access to Personal Data by virtue of regulatory or administrative provisions;
  • The Controller may also disclose, with your consent, your data to business partners (Bitcashback) who will process your data as autonomous data controllers.
    In any case, your collected personal data will not be subject to dissemination.

Transfer of personal data outside the EU area

The management and storage of your Personal Data will normally take place in Europe. However, for the provision of some services, including those relating to the Payment Account, the Controller may use suppliers or technological partners who may transfer Personal Data to third countries.

Should such a transfer take place to countries that do not provide the same level of protection as provided by the GDPR or applicable legislation, Young Platform will ensure that each of these recipient subjects assumes specific contractual obligations in accordance with the applicable regulations on personal data protection (including the signing of the Standard Contractual Clauses “SCC” approved by the European Commission). In the absence of an adequacy decision pursuant to Article 45, paragraph 3 GDPR, or adequate safeguards pursuant to Article 46 GDPR, you may be required, pursuant to Art. 49 of the GDPR, to provide specific consent for the transfer to a Third Country.

In any case, you may request more information regarding the transfer of your Personal Data by writing to the e-mail address [email protected].

Your rights

Pursuant to Arts. 15 et seq. of the GDPR and applicable national legislation on privacy and personal data protection, you have the right to:

  1. obtain from the Controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • where the data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling.
  2. Obtain from the Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  3. Obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller shall have the obligation to erase personal data without undue delay within the limits and cases provided for by current legislation.
  4. Obtain from the Controller restriction of processing.
  5. Receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to data portability and thus to transmit those data to another controller without hindrance from the controller to which the personal data have been provided where the processing is based on consent or on a contract and the processing is carried out by automated means.
  6. Object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
  7. Should you consider that your rights have been violated by the Controller, you may lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) and/or another competent supervisory authority pursuant to the GDPR.

Following the exercise of the rights referred to in points 2), 3) and 4), the Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed within the limits and in the manner provided for by current legislation.

To exercise the rights listed above towards the Controller, you must submit a written request by sending a registered letter with return receipt to YOUNG PLATFORM S.p.A. Via Cigna n. 96/17, 10155, Turin or by sending an e-mail to the address [email protected]

For rights relating to processing carried out by TPPay S.r.l. as an autonomous controller, you must contact the latter directly, according to the methods indicated in its privacy policy.

What happens in case of changes to the Privacy Policy

This policy may be modified and/or updated at any time. Should the Controller intend to process your Personal Data for purposes other than those provided for in the previous Art. 4, it undertakes to provide you, before such further processing, with adequate information regarding these different purposes and to carry out such further processing in compliance with current legislation, collecting your specific consent where necessary.

This Privacy policy was published on 02/12/2025. Any updates will be published on this page.

Products
Learn
About us
Support
footer-logo
en-flags
en
Download
play-store-logo
Young Platform S.p.A. is registered in the relevant Register as a payment services agent of TPPay S.r.l., which is authorised by the Organismo Agenti e Mediatori (OAM), identification number SP5627. TPPay S.r.l. is registered under no. 27 in the Register of Electronic Money Institutions (IMEL), Mechanographic Code 36928, maintained by the Bank of Italy pursuant to Article 114-quater, paragraph 1 of Legislative Decree no. 385 of 1 September 1993, as subsequently amended (Consolidated Law on Banking), with its registered office at Via Serviliano Lattuada, 25, 20135 Milan (MI).
2025 Young Platform S.p.a. All rights reserved-Young Platform S.p.a. Via Francesco Cigna 96/17, 10155 Torino (TO), Italia P. Iva 11931440017
Update cookie settings