1. Who is responsible for processing your data?

PLANETA JUNIOR S.L., with Tax ID B62395918 (hereinafter, the “Developer”), shall be responsible for the personal data provided through the MILO application (the “Application”). The company is located at Av. Diagonal, 662-664, and can be contacted via email at gaming@deaplaneta.com.

You may contact our Data Protection Officer by writing to dpo@planeta.es or to Grupo Planeta, Attn.: Data Protection Officer, Avda. Diagonal 662-664, 08034, Barcelona.

The Developer’s responsibility for data processing applies without prejudice to, and in addition to, the responsibility of the marketplace operators where the application is downloaded or purchased (e.g., Apple via the App Store or Google via Google Play) regarding the processing activities they may carry out for payment, billing, and delivery of the purchased product or service.

In fact, the Developer does not have access to nor does it process the personal data of users who choose any paid product/service and make payment through those platforms.

For more information on how Apple or Google may process your personal data, please consult their respective Privacy Policies.

• What are the sources of your data?

• When you subscribe to the newsletter, the data is provided by the user themselves if they are of legal age, or by their parent or legal guardian if they are a minor.

• What categories of personal data do we process?

The following categories of personal data may be collected:

• Identification and contact data: the user’s email address.

• For what purpose do we process your personal data, what legitimizes us to process it, and how long will we retain it?

Treatment	Purpose	Legal Basis	Retention Period
Newsletter	If you register for our newsletter, we will process your identification and contact data in order to periodically send you updates about our products and/or services.	Consent.	Until you unsubscribe or withdraw your consent.
Cookies	We may obtain information about you through cookies. This information will be used to improve the functioning and performance of the website, analyze traffic and website usage, evaluate navigation, understand and determine areas of greatest interest, and manage advertising spaces on our website and the advertising displayed on other websites, according to aspects we consider may be of interest to you.   For more information about cookies, please refer to the Cookie Policy.	Consent (except for strictly necessary or technical cookies).	Until cookies are rejected (for non-persistent cookies). Necessary cookies will be retained for 2 years (please review the information provided in our Cookie Manager).
Pseudonymization   (for subsequent use for statistical purposes)	Personal data will be pseudonymized for aggregated statistical analysis regarding the functioning of the Application and the newsletter.	Legitimate interest.	Until the user exercises their right to object.
Compliance with legal, tax, and accounting obligations	The Developer will need to process the user’s personal data in order to comply with the various legal obligations of an accounting, legal, tax, and administrative nature that may be applicable at any given time. These include, primarily and among others, those provided for in the following regulations:   Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).   Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (“LOPD”), which requires the Developer, as the entity legally responsible for processing personal data, to handle requests, the exercise of rights, and claims submitted in connection with data protection.   If requested by any Court or Tribunal, State Security Forces and Bodies, or any other competent Authority or Public Administration, we may also be required to provide personal data, as we are legally obliged to do so.   Royal Legislative Decree 1/2007 of 16 November, approving the consolidated text of the General Law for the Defence of Consumers and Users and other complementary laws, in order to address requests, the exercise of rights, and claims submitted by you when you have the status of a consumer.	Legal obligation.	According to legally established time limits.

• Who will receive your data?

Only where there is a legal obligation requiring us to do so will your data be disclosed to the administrations, authorities, public bodies, or courts and tribunals indicated by the applicable legislation.

Without prejudice to the foregoing, certain service providers may also assist us in the management of your personal data. In such cases, these providers will always process the data on our behalf, under a data processing agreement, and never for their own purposes.

Specifically, the Developer may contract services from third-party providers operating, by way of example, in the following sectors: logistics services, legal advisory services, supplier certification, multidisciplinary professional services firms, maintenance-related companies, technology service providers, IT service providers, instant messaging service providers, and infrastructure management and maintenance companies.

• Do we carry out international data transfers?

As a general rule, we will not carry out international data transfers. However, if any processing activities involve the transfer of your data outside the European Union or the European Economic Area, the Developer will inform you in advance of such transfer and will ensure that your data is always protected with appropriate safeguards, which may include, among others, (i) Standard Contractual Clauses approved by the European Commission, and (ii) third-party certifications.

• Do we process data based on legitimate interest?

In accordance with data protection regulations, certain processing activities may be based on legitimate interest. In order to assess legitimate interest, a balancing test is carried out in which our own benefits as data controller, as well as the benefits of third parties, are analyzed, concluding that our legitimate interest in the processing prevails over the interests, rights, and freedoms of users and/or third parties.

You may request further information at any time regarding the legitimate interest assessment by contacting our Data Protection Officer.

We also take this opportunity to remind you that you have the right to object to processing activities based on legitimate interest.

• How long will we retain your data?

All data provided will be processed for the period established in section four of this Privacy Policy (“For what purpose do we process your personal data? What legitimizes us to process it? And for how long will we retain your data?”). However, once these periods have elapsed, your data will be duly blocked to prevent further processing, except where the data must be made available to courts and tribunals, the Public Prosecutor’s Office, or the competent Public Administrations, for the establishment of any potential liabilities arising from the processing, and only for the applicable statutory limitation period. Once this period has elapsed, the data will be deleted.

Without prejudice to the above retention periods, and whenever possible, your data may be retained in an anonymized form for statistical purposes or market research.

• What security measures do we apply?

We adopt the necessary measures to ensure that your personal data collected through the Application is not lost, accessed, altered, or disclosed by unauthorized third parties.

To this end, we have implemented technical measures (such as firewalls) to protect your data against unlawful or accidental destruction, alteration, or loss, misuse, and unauthorized access, alteration, or disclosure.

In addition, organizational measures (such as data access authorization management systems, etc.) help to preserve the confidentiality of your data. For example, access to your personal data is strictly limited to expressly authorized Developer personnel and to our partners and subcontractors, who act in accordance with our instructions and in compliance with our contractual provisions and applicable legislation.

1. What are your rights?

Any person has the right to obtain confirmation as to whether or not the Developer is processing personal data concerning them.

Likewise, data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain it for the exercise or defense of legal claims.

At any time, data subjects have the right to withdraw any consent they have given. This will not affect the contractual relationship with the Developer nor the lawfulness of any processing carried out up to that point; in other words, the withdrawal of consent does not have retroactive effect and only applies from that moment onwards.

In certain circumstances, and for reasons related to their particular situation, data subjects may object to the processing of their data. The Developer will cease processing the data unless there are compelling legitimate grounds, or for the exercise or defense of potential legal claims.

Data subjects also have the right to receive the personal data concerning them that they have provided to us, in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Data subjects may exercise these rights and revoke any consent given, at any time, by sending a letter to the Developer, P.O. Box 221, Barcelona, or by sending an email to info@deaplaneta.com. In this regard, we inform you that templates for exercising these rights are available on the website of the Spanish Data Protection Agency (https://www.aepd.es/reglamento/derechos/index.html).

Where deemed appropriate, you may file a complaint with the Spanish Data Protection Agency, particularly if you consider that we have not adequately addressed the exercise of your rights. Such a complaint may be submitted to the said authority through the various options offered by the electronic headquarters of the Spanish Data Protection Agency.

1. Data Deletion Request

 Users can request the deletion of their personal data associated with the app by contacting us at:

Email: info@deaplaneta.com

 Please include:
– Your account email
– App name
– Deletion request

We will delete all associated personal data (account information, stored content, and usage data) within 30 days.

If you have questions, contact us at the same email.

1. Changes to the Privacy Policy

This policy was last updated on 17/12/2025.

The Developer recommends that you review this document each time you access the Application in order to remain properly informed about the processing of your personal data and to be aware of any changes that may occur.