Privacy Policy
We care deeply about our customers’ privacy, security, and online safety, all of which are a significant part of becoming a trustworthy and reliable business partner. This Privacy Policy („Policy”) is designed to inform you about how we collect, use, and share your personal data, your rights and choices regarding the information you provide to us – especially in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as General Data Protection Regulation (GDPR), that entered into force on 25th May, 2018.
If you have any further questions regarding processing of your personal data, please do not hesitate to contact us by using contact form, which you can find here: https://gamefound.com/contact.
Contents:
1. Basic definitions
2. What personal data do we collect and process, what is the purpose of processing and what is the legal basis?
3. How long do we process your personal data for?
4. Who has access to your personal data?
5. What are the „cookies”? How do we use them and in what purpose?
6. What your rights regarding your personal data are?
7. Children’s personal data
8. California residents
9. Contact us
1. BASIC DEFINITIONS
Personal data – any information relating to you, that allows your direct or indirect identification, i.e.: name, surname, e-mail address, phone number, IP address, etc.
Processing – any operation or set of operations which is performed on your personal data, i.e.: collection, recording, storage, adaptation or alteration, messaging, restriction, erasure or destruction.
Customer – an adult individual with full legal capacity, a legal entity or organizational unit without legal personality but with capacity to perform legal acts, that uses the Website on the terms set out in the Terms of Service, which you can find here: https://gamefound.com/terms.
Controller – Gamefound Sp. z o.o. with its registered office in Wrocław (50-127) at the following address ul. św. Mikołaja 58, registered in the Register of Entrepreneurs conducted by the District Court for Wrocław-Fabryczna, VIth Commercial Department of the National Court Register under KRS number 0000778227, holder of Business entity statistical number (REGON): 382893080, Polish taxpayer’s identification number (NIP): 8971865043, holder of share capital in the amount of 5,000,00 PLN („Gamefound”).
Website – https://gamefound.com.
Services – all services provided by the Controller via Website.
2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, WHAT IS THE PURPOSE OF PROCESSING AND WHAT IS THE LEGAL BASIS?
1. Information for Buyers:
In order for you to create an account on our Website and to use our Services especially to be able to purchase Goods in the Store on a Website - detailed Gamefound Terms of Service for Stores can be found [here ] - we need to collect and process certain information. That may include information you provide especially by completing forms on our Website or contacting us by e-mail, e.g.:
- customer’s identification data (name, surname, e-mail address, nick, IP address);
- customer’s address data;
- transaction data;
- metadata about communication (date of contact);
- metadata related to customer’s profile, including behavioural data (for marketing and analytics purposes).
Your personal data mentioned above are processed for the purpose resulting from the function of a given form, for instance, for the purpose of responding for enquiry or providing Services.
We collect your identification and address data in order to perform the contract which is the delivery of orders and any other related services such as customer service. We can also process your personal data to the extent that you share with us at your individual profile in order to create a Gamefound community and give you some space for mutual contacts and inform you about new activities of your followers and our Website Users that you follow. The legal ground for this kind of processing is the performance of a contract (Article 6 (1) letter b of GDPR). We also collect this data in connection with tax and legal requirements, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) let ter c of GDPR).
We collect your transaction data to identify potential threats such as fraud, terrorist financing and illegal activities. The legal ground for this kind of processing is the performance of legal obligation (Article 6 (1) letter c of GDPR).
We collect metadata about your communication in order to handle all inquiries, complaints and disputes and we may also process your personal data related to your opinion about our Services. The legal ground for this kind of processing is our legitimate interest (Article 6 (1) letter f of GDPR). We can store your personal data without your consent and upon request to delete it, if it is related to a return, warranty, complaint and dispute.
We can also send commercial / marketing information to electronic addresses (e-mail) but only if you give us prior marketing consent. Moreover we can analyse your choices, use your internet profile to gain better insights about you and provide you with personalised retargeting advertising. The legal ground for this kind of processing is your consent (Article 6 (1) letter a of GDPR).
If the function of given form is to conclude a contract, the processing is based on Article 6 (1) letter b of GDPR, which gives us the right to process your data when it „is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”, e.g. adjusting Services to your needs or generating settlements.
Decisions taken by the Controller are at no stage based only on automated processing (including profiling) of personal data. However, your personal data are processed in an automatic way and can be profiled to provide you with marketing information.
Providing all information is voluntary, but some data (appropriately marked at the registration stage) are necessary for the conclusion of the contract and for the provision of Services by us.
You can find further information about your rights regarding your personal data in section 6 of the Policy.
2. Information for Backers:
In order for you to create a Backer account on our Website and to use our Services, we need to collect and process certain information. Any information provided above to Buyers will also apply to your account. In addition to become a Backer, you must provide Gamefound with such information:
- Backer’s profile data public to other people visiting Website (privacy settings can be changed at any time via your account), especially it can be nickname, your avatar, your description, links to your social media profiles, all projects that you follow or back, all your comments at Website, profiles at Website that follows you or you follow;
- opinion about our Services.
In addition to the types and purposes of collecting your personal data that we have indicated above in Section 1 “Information for Buyers", we process the following types of data.
We collect your identification and address data in order to perform the contract which is the delivery of rewards and any other related services such as customer service. We can also process your personal data to the extent that you share with us at your individual profile in order to create a Gamefound community and give you some space for mutual contacts and inform you about new activities of your followers and our Website Users that you follow. The legal ground for this kind of processing is the performance of a contract (Article 6 (1) letter b of GDPR). We also collect this data in connection with tax and legal requirements, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c of GDPR).
We collect your transaction data to identify potential threats such as fraud, terrorist financing and illegal activities. The legal ground for this kind of processing is the performance of legal obligation (Article 6 (1) letter c of GDPR).
We collect metadata about your communication in order to handle all inquiries, complaints and disputes and we may also process your personal data related to your opinion about our Services. The legal ground for this kind of processing is our legitimate interest (Article 6 (1) letter f of GDPR). We can store your personal data without your consent and upon request to delete it, if it is related to a return, warranty, complaint and dispute.
We can also send commercial / marketing information to electronic addresses (e-mail) but only if you give us prior marketing consent. Moreover we can analyse your choices, use your internet profile to gain better insights about you and provide you with personalised retargeting advertising. The legal ground for this kind of processing is your consent (Article 6 (1) letter a of GDPR).
If the function of given form is to conclude a contract, the processing is based on Article 6 (1) letter b of GDPR, which gives us the right to process your data when it „is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”, e.g. adjusting Services to your needs or generating settlements.
Decisions taken by the Controller are at no stage based only on automated processing (including profiling) of personal data. However, your personal data are processed in an automatic way and can be profiled to provide you with marketing information.
Providing all information is voluntary, but some data (appropriately marked at the registration stage) are necessary for the conclusion of the contract and for the provision of Services by us.
You can find further information about your rights regarding your personal data in section 6 of the Policy.
3. Information for Creators and Sellers:
In order for you to create a Creator or Seller account on our Website and to use our Services, you need to first create a „normal” account. Any information provided above to Backers or Buyers will also apply to your account.
In addition to become a Creator or Seller, who process payments with us, you must provide Gamefound with information and documents to:
- verify your identity;
- identify the ultimate beneficial owners of your business;
- identify the purpose and intended nature of your future business relationship with us;
- monitor your transactions using automated systems which detect risks and verify the origins of your capital/assets;
- check whether a natural person representing you is competent to do so (and verify the identity of this person) and
- check whether you act on behalf of yourself or on behalf of a third party.
Gamefound, as the operator of a platform that is available to Creators, Sellers, Buyers and Backers and enables them to communicate with others, is obliged by the law to report on tax issues in the scope of information collected in connection to supply of rewards. As a Creator or Seller you are a Website user, either an individual or an legal entity, that is registered on our Website at any moment during the reportable calendar year in respect of which reporting is being completed by Gamefound. During our Website using you can carry out a relevant activity which is supply of rewards like games and accessories. Gamefound shall collect all or some of the following personal data for each Creator or Seller who is an individual:
- your first and last name;
- your primary address - address that is your primary residence;
- your Taxpayer Identification Number;
- your VAT identification number, where available;
- scan of your ID (in some cases);
- Tax Residence certificate;
- your date of birth;
- your place of birth (if you do not have any Taxpayer Identification Number).
Gamefound shall collect all of the following information for each Creator or Seller that is a legal entity using our Website to supply of reward:
- the legal name;
- the primary address - the address of the registered office;
- the Taxpayer Identification Number;
- the VAT identification number, where available;
- the business registration number;
- the existence of any permanent establishment through which supply of rewards are carried out in the European Union, where available, indicating each respective Member State, where such a permanent establishment is located.
Gamefound is obliged to process above-mentioned personal data on the basis of Article 6 (1) letter c of GDPR in order to fulfill legal due diligence, KYC and reporting obligation in the field of taxation.
Gamefound must collect this information for Adyen (Gamefound’s Payment Service Provider) to conduct the Know Your Customer process to comply with its legal obligation to prevent laundering proceeds of crime or financing terrorism, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c of GDPR). To carry out the above checks, we process a copy of your identification document, the address of your legal representative and shareholders, your bank account number, your contact information, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We may also ask for other documents to help verify your account.
When we collect some of your data during a conference or any other event, in which our representatives took part, the data from the business card is processed in order to send you information about our Services. We believe that giving us your business card expresses your consent to be contacted in marketing matters. In such cases, the legal ground for our action is your consent (Article 6 (1) letter a of GDPR). If the business card was provided by mistake or by a third party not having the right to consent to marketing contact, all personal data will be deleted upon discovery of such a situation. We can also browse the Internet in search of the contact information to contact you and provide you with information about our Services, if we believe that you expressed your will to obtain information from us (Article 6 (1) letter f of GDPR. If we were mistaken we will erase your data upon your request.
3. HOW LONG DO WE PROCESS YOUR PERSONAL DATA FOR?
We store personal data not longer than is necessary, to achieve the purposes, for which they are processed.
If you are not our Customer, data collected only in connection with the current contact, are being processed for a period of a few weeks to a maximum of 2 years.
Data collected on the basis of your consent are being processed until the withdrawal of your consent or when the purpose, for which it was collected, will cease to exist.
Data collected to send commercial / marketing information to electronic addresses (e-mail), are being processed until consent withdrawal.
Data that are necessary for the performance of a contract are being processed for the duration of the contract and usually another 6 years after its termination, which results from tax regulations and the limitation period for certain claims.
If we process your personal data to determine or assert any claims or to defend against above mentioned Customer’s claims (the legal ground for this action is our legitimate interest (Article 6(1) letter f GDPR), we store the personal data until the laps of the limitation period for that claims, which arise from the generally applicable provisions of law. In other cases of processing your personal data based on our legitimate interest, we will delete them if you object to this processing or if we no longer have a legitimate interest in processing it.
If we process your personal data to comply with a legal obligation to which the Controller is subject, we store the personal data for a period of performing this obligation.
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
The access to your personal data is only granted to:
- authorized employees and co-workers, who are obliged to keep them secret and not to use them for purposes other than those for which we have collected them,
- entities that support us in service providing, based on appropriate contracts e.g. legal, consulting, telecommunication service providers, payment service provider,
- crowdfunding and pledge manager Creators in order to fulfill their obligations such as delivering rewards, customer service, tax requirements and other contractual requirements;
- Sellers in order to fulfill their obligations such as delivering orders, customer service, tax requirements and other contractual requirements
- competent authorities to which Gamefound is obliged to report information about Creators in the scope of taxation and fulfilling due diligence obligations in accordance with generally applicable law.
If you have a public account at our Website, other users of the Website (including those who have or have not an account at our Website) can have access to your personal data. However you can change your account to private at any time to disable other users to gain access to any information about you. Moreover, your personal data will not be visible to other Website’s users until you enter your nickname at your account.
All these entities have access only to necessary information. None of the above should use your data for marketing purposes without your prior consent.
By accepting the Gamefound Privacy Policy, you also accept the Privacy Policy of Adyen (https://www.adyen.com/), Gamefound’s Payment Service Provider.
By supporting the project, you may need to accept the Privacy Policy of the Creator. Please read it before supporting the project.
Some of the Creators on our Website may be from outside the European Economic Area (EEA). You must be aware that when supporting the projects of such Creators, we will have to provide them with your personal data in order to perform the contract. By supporting the project of the Creator outside the EEA, you allow Gamefound to transfer your personal data for the purpose of performing the contract in accordance with Art. 49 (1) letter c (standard contractual clauses) or EU-US Data Privacy Framework. Please be aware that Gamefound requires all Creators to use your personal data only for the performance of the contract and forbids the use of your data for marketing purposes without your prior consent. If any of the Creators uses your personal data in a way that goes beyond the performance of the contract without your consent, contact us.
Sometimes, the entities providing us with solutions are registered outside the EEA. In this case, if your personal data will be processed outside the EEA, we provide the appropriate legal mechanisms for their security, including standard contractual clauses adopted under the decision of European Commission, we conclude entrustment data contracts that meet the requirements of the GDPR. You can always request a copy of your personal data transferred outside EEA by contacting us by email.
We may also be required to provide specific information relating to you, to public authorities for the purposes of proceedings conducted by them. In this case, the information is provided only if there is a proper legal ground.
5. WHAT ARE THE „COOKIES” AND OTHER TRACKING TECHNOLOGIES? HOW DO WE USE THEM AND IN WHAT PURPOSE?
“Cookies” are small data files that are issued to your device when you visit a Website and that store information about your use of our Services. We use “cookies” to help recognize you as a repeat visitor, to improve the quality of our Services and to collect statistical data.
The legal ground for the use of “cookies” and other tracking technologies is usually your consent (article 6(1) letter a GDPR “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), except when they are necessary for the functioning of our Website (“technical cookies”), when it’s based on our legally legitimate interest. Additionally, the Customer can give us consent to use the marketing and analytic “cookies” or we can process these cookies based on our legally legitimate interest in case that we need them for direct marketing.
We remind you that when data processing is based on your consent, you can withdraw your consent at any time.
“Technical cookies” do not collect any information about the Customer that could be used for marketing purposes or to remember which places on the Internet were visited by the Customer. Not accepting these “cookies” may prevent you from using most of our Services or significantly slow down functioning of the Website, so these “cookies” can be necessary.
“Analytic cookies” obtain information about how Customers use our Website and monitor the efficiency of the Website. This allows us to quickly identify and fix any problems that Customers may encounter and ensure a high quality of browsing the Website. We use “analytic cookies” to analyze Customer visits, their duration and frequency.
“Marketing cookies” are used to obtain information about Customer’s activity on our Website. Their purpose is to display commercials that are relevant and interesting for individual Customer and therefore more valuable to third-party publishers and advertisers.
From the perspective of persistency, we use the following types of “cookies”:
- “session cookies” – which are temporary files, stored on the Customer’s device until they log out, leaves the Website or turns off the software (the Internet browser);
- “persistent cookies” – which are stored on the Customer’s device the entire time specified in “cookie” parameters or until the Customer deletes them.
Besides cookies, we may use other tracking technologies such as e.g. Facebook Conversion API, described in detail below.
Depending on the purposes and legal grounds for processing personal data collected by “cookies”, they may be stored for different time. The table below lists all types of cookies that we use on the Website:
Analytic cookies
Name: _clck
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: US
Name: _clsk
Provider: Microsoft Clarity
Expiry: 1 day
Data is sent to: US
Name: _cltk
Provider: Microsoft Clarity
Expiry: Session
Data is sent to: US
Name: _ga
Provider: Google Analytics
Expiry: 2 years
Data is sent to: US
Name: _gat
Provider: Google Analytics
Expiry: 1 day
Data is sent to: US
Name: _gid
Provider: Google Analytics
Expiry: 1 day
Data is sent to: US
Name: _hjAbsoluteSessionInProgress
Provider: HotJar
Expiry: 1 day
Data is sent to: UK
Name: _hjFirstSeen
Provider: HotJar
Expiry: 1 day
Data is sent to: UK
Name: _hjIncludedInPageviewSample
Provider: HotJar
Expiry: 1 day
Data is sent to: UK
Name: _hjIncludedInSessionSample
Provider: HotJar
Expiry: 1 day
Data is sent to: UK
Name: _hjSession_#
Provider: HotJar
Expiry: 1 day
Data is sent to: UK
Name: _hjSessionUser_#
Provider: HotJar
Expiry: 1 year
Data is sent to: UK
Name: c.gif
Provider: Microsoft Clarity
Expiry: Session
Data is sent to: Ireland
Name: CLID
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: US
Name: ANONCHK
Provider: Microsoft Clarity
Expiry: 1 day
Data is sent to: Ireland
Name: MUID
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: Ireland
Name: SM
Provider: Microsoft Clarity
Expiry: Session
Data is sent to: Ireland
Name: SRM_B
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: US
Name: collect
Provider: Google Analytics
Expiry: Session
Data is sent to: US
Marketing cookies
Name: _fbp
Provider: Facebook
Expiry: 3 months
Data is sent to: UK
Name: tr
Provider: Facebook
Expiry: Session
Data is sent to: UK
Technical cookies
Name: JSESSIONID
Provider: NewRelic
Expiry: Session
Data is sent to: US
Name: _gfcse
Provider: Gamefound
Expiry: 1 year
Data is sent to: N/A
Name: _gfcuid
Provider: Gamefound
Expiry: 100 years
Data is sent to: N/A
Name: _gff_cmtssn
Provider: Gamefound
Expiry: 1 year
Data is sent to: N/A
Name: _gfsid
Provider: Gamefound
Expiry: 10 years
Data is sent to: N/A
Name: _gfuid
Provider: Gamefound
Expiry: 10 years
Data is sent to: N/A
Name: _gftmpdata
Provider: Gamefound
Expiry: Never
Data is sent to: N/A
Besides cookies, we use the Conversion API for marketing purposes. The conversion API is designed to create a direct connection between marketing data from our server and Meta servers.
For these purposes, we use the user's technical data, such as the operating system used, browser type and version, device (smartphone, tablet, etc.), date and time the page was accessed, etc. and data related to the usage of our services.
This allows us to display interest-based ads to users of this site when they visit the Facebook social network or other sites that also use this tool. In this way, we tailor content to your interests, presenting personalized ads to make our site or offers more appealing to you.
Provided that you consent to the described data processing, Facebook will also have access to your technical data and data related to your behavior as a user.
We assure you that all information is used by us only for the purposes indicated above and in no case are harmful to you or your device, because they do not lead to any configuration changes. Your browser may give you the ability to control “cookies”, including blocking or deleting them (the procedure depends on the type of your browser).
6. WHAT YOUR RIGHTS REGARDING YOUR PERSONAL DATA ARE?
For efficient implementation of Customer’s rights, please send all requests to the e-mail address: privacy@gamefound.com, with the subject: “GDPR’s demand”, indicating which right you want to exercise. Every Customer has the following rights:
1. Right of access - In any time, you can obtain from us confirmation as to whether or not your personal data are being processed, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- who are the recipients;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Right to rectification - If you feel that the information relating to you is incorrect or incomplete, you have the right to request the rectification of the data.
3. Right to withdraw the consent – You can withdraw your consent at any time, without affecting the legality of the processing, which was performed prior to this withdrawal.
4. Right to erasure (‘right to be forgotten’) - The GDPR gives you the right to obtain from us the erasure of all your personal data. We are obligated to make your request, only if one of the following grounds applies:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdrew consent on which the processing is based and where there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- you object to the processing for direct marketing purposes;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
5. Right to restriction of processing - You can also obtain the restriction of processing, where one of the following applies:
- you contest the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful but you oppose the erasure of your personal data and you request the restriction of their use instead;
- we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims,
- you have objected to processing – only until the dispute is resolved.
6. Right to data portability - You have right to receive your personal data in a structured, commonly used and computer-readable format and have the right to transmit those data to another controller, when:
- the processing is based on your consent or on a contract and
- the processing is carried out by automated means.
7. Right to object - According to GDPR you have right to object:
- to processing of personal data, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Controller – on grounds relating to your particular situation;
- to processing of personal data, when it is necessary for the purposes of the legitimate interests pursued by Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling – on grounds relating to your particular situation;
- at any time – to processing of personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing;
- to processing of personal data for scientific or historical research purposes or statistical purposes – on grounds relating to your particular situation.
If, in spite of the Customer's objection, we consider that there are important, legally valid grounds for processing personal data, which override the Customer's interests, rights and freedoms, we can continue processing the Customer's personal data.
If you disagree with the above mentioned Controller’s situation assessment, you have the right to lodge a complaint with a supervisory authority (for more information, see point 8 below).
8. Right to lodge a complaint with a supervisory authority - Due to our actions as a Controller, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
If you want to lodge a complaint in Poland, since 25th May 2018 the function of the supervisory authority is held by the President of the Data Protection Office / Prezes Urzędu Ochrony Danych Osobowych (PUODO). A detailed description of the procedure for lodging a complaint to PUODO is available on the website maintained by PUODO which you can access by clicking the following link: https://uodo.gov.pl/.
7. CHILDREN’S PERSONAL DATA
Gamefound customers must be 18 years (or the legal age in your jurisdiction) or older. Therefore, we do not collect personal data of children.
If you believe and / or have evidence that a Gamefound user is under the age of 18 years, please contact us. If this is confirmed, we will delete the personal data of children.
8. CALIFORNIA RESIDENTS
If you are a California resident, please be aware that we do not use your personal data for marketing purposes without your consent.
In the above sections, we have described what personal data we collect, for what purpose, how to request information about it and how to request to delete it. If you have additional questions or want to submit a request, please contact us.
9. CONTACT US
The Controller of your personal data is Gamefound Sp. z o.o. with its registered office in Wrocław at the following address: ul. Św. Mikołaja 58, Wrocław, 50-127, Poland.
E-mail address: privacy@gamefound.com.