If You have any further questions considering processing of your personal data, please do not hesitate to contact us by using contact form, which you can find here: https://gamefound.com/contact.
- Basic definitions.
- What personal data do we collect and process, what is the purpose of processing and what is the legal basis?
- How long do we process your personal data for?
- Who has access to your personal data?
- What are the „cookies”? How do we use them and in what purpose?
- What your rights regarding your personal data are?
- Children's personal data.
- California residents.
- Contact us.
1. BASIC DEFINITIONS
Personal data – any information relating to you, that allows your identification i.e.: name, surname, e-mail address, phone number, IP address etc.;
Processing – means any operation or set of operations which is performed on your personal data i.e.: collection, recording, storage, adaptation or alteration, messaging, restriction, erasure or destruction;
Customer – an adult individual with full legal capacity, a legal entity or organizational unit without legal personality but with capacity to perform legal acts, who uses the Website on the terms set out in the Terms of Service, which you can find here: https://gamefound.com/terms;
Controller – Gamefound Sp. z o.o. with its registered office in Wrocław (50-127) at the following address ul. św. Mikołaja 58, registered in the Register of Entrepreneurs conducted by the District Court for Wrocław-Fabryczna, VIth Commercial Department of the National Court Register under KRS number 0000778227, holder of Business entity statistical number (REGON): 382893080, Polish taxpayer’s identification number (NIP): 8971865043, holder of share capital in the amount of 5,000,00 PLN; („Gamefound”).
Website – https://gamefound.com;
Services – all services provided by the Controller via Website.
2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, WHAT IS THE PURPOSE OF PROCESSING AND WHAT IS THE LEGAL BASIS?
Information for Backers:
In order for you to create an account on our Website and to use our Services, we need to collect and process certain information. That may include information you provide especially by completing forms on our Website or contacting us by e-mail e.g.:
- customer’s identification data (name, surname, e-mail address, nick, IP address),
- costumer’ address data,
- transaction data,
- metadata about communication (date of contact).
Your personal data mentioned above, are processed for the purpose resulting from the function of a given form, for instance, for the purpose of responding for enquiry or providing Services.
We collect your identification and address data in order to perform the contract which is the delivery of rewards, orders and any other related services such as customer service, the legal ground for this kind of processing is the performance of a contract (Article 6 (1) letter b GDPR). We also collect this data in connection with tax and legal requirements, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c GDPR).
We collect your transaction data to identify potential threats such as fraud, terrorist financing and illegal activities, the legal ground for this kind of processing is the performance of a task carried out in the public interest (Article 6 (1) letter e GDPR).
We collect metadata about your communication in order to handle all inquiries, complaints and disputes, the legal ground for this kind of processing is our legitimate interest (Article 6 (1) letter f GDPR). We can store your personal data without your consent and upon request to delete it, if it is related to a return, warranty, complaint and dispute.
Decisions taken by the Controller are at no stage based on automated processing (including profiling) of personal data.
We can also send commercial / marketing information to electronic addresses (e-mail) but only if you give us prior marketing consent. The legal ground for this kind of processing is your consent (Article 6 (1) letter a GDPR).
If the function of given form is to conclude a contract, the processing is based on Article 6 (1) letter b, which gives us the right to process when it „is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” e.g. adjusting Services to your needs or generating settlements.
Providing all information is voluntary, but some data (appropriately marked at the registration stage) are necessary for the conclusion of the contract and for the provision of Services by us.
You can find further information about your rights regarding your personal data in section VI of the Policy.
Information for Creators:
In order for you to create a Creator account on our Website and to use our Services, you need to first create „normal” account. Any information provided above to Backers will also apply to your account. In addition to become a Creator who process payments with us you must provide Gamefound with information and documents to:
- verify your identity;
- identify the ultimate beneficial owners of your business;
- identify the purpose and intended nature of your future business relationship with us;
- monitor your transactions using automated systems which detect risks and verify the origins of your capital/assets;
- check whether a natural person representing you is competent to do so (and verify the identity of this person); and
- check whether you act on behalf of yourself or on behalf of a third party.
Gamefound must collect this information for Adyen (Gamefound’s Payment Service Provider) to conduct the Know Your Customer process to comply with its legal obligation to prevent laundering proceeds of crime or financing terrorism, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c GDPR). To carry out the above checks, we process a copy of your identification document, the address of your legal representative and shareholders, your bank account number, your contact information, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We may also ask for other documents to help verify your account.
When we collect some of your data during a conference or any other event in which our representatives took part, the data from the business card are processed in order to send you information about our Services. We believe that giving us your business card expresses your consent to be contacted in marketing matters. In such cases, the legal ground for our action is your consent (Article 6 (1) letter a GDPR). If the business card was provided by mistake or by a third party not having the right to consent to marketing contact, all personal data will be deleted upon discovery of such a situation.
3. HOW LONG DO WE PROCESS YOUR PERSONAL DATA FOR?
We store personal data not longer than is necessary, to achieve the purposes, for which they are processed.
If you are not our Customer, data collected only in connection with the current contact, are being processed for a period of few weeks to a maximum of 2 years.
Data collected on the basis of your consent are being processed until the withdrawal of your consent or when the purpose, for which it was collected, will cease to exist.
Data collected to send commercial / marketing information to electronic addresses (e-mail), are being processed no longer than for 3 years from the last activity of the Customer towards the Controller.
Data that are necessary for the performance of a contract are being processed for the duration of the contract and usually another 6 years after its termination, which results from tax regulations and the limitation period for certain claims.
If we process your personal data to determine or assert any claims or to defend against above mentioned Customer’s claims (the legal ground for this action is our legitimate interest (Article 6(1) letter f GDPR)), we store the personal data until the laps of the limitation period for that claims, which arise from the generally applicable provisions of law.
If we process your personal data to compliance with a legal obligation to which the Controller is subject, we store the personal data for a period of performing this obligation.
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
The access to your personal data is only granted to:
- authorized employees and co-workers, who are obliged to keep them secret and not to use them for purposes other than those for which we have collected them,
- entities that support us in service providing, based on appropriate contracts e.g. legal, consulting, telecommunication service providers, payment service provider,
- crowdfunding and pledge manager Creators in order to fulfill their obligations such as delivering rewards, customer service, tax requirements, and other contractual requirements.
All these entities have access only to necessary information. None of the above should use your data for marketing purposes without your prior consent.
Some of the Creators on our Website may be from outside the European Economic Area (EEA). You must be aware that when supporting the projects of such Creators, we will have to provide them with your personal data in order to perform the contract. As Creators are very often natural persons or small entities from whom we cannot require meeting standards of GDPR appropriate safeguards pursuant to Article 46, including binding corporate rules, each time you decide to support such a Creator, you accept the risk that your personal data may be used in a manner inconsistent with the GDPR, due to the fact that these subjects operate on a daily basis in a different legal environment. By supporting the project of the Creator outside the EEA, you accept this risk and allow Gamefound to transfer your personal data for the purpose of performing the contract in accordance with Art. 49 (1) letter b. Please be aware that Gamefound requires all Creators to use your personal data only for the performance of the contract and forbids the use of your data for marketing purposes without your prior consent. If any of the Creators uses your personal data in a way that goes beyond the performance of the contract without your consent, contact us.
Sometimes, the entities providing us with solutions are registered outside the EEA. In this case, if your personal data will be processed outside the EEA, we provide the appropriate legal mechanisms for their security, including standard data protection clauses adopted under the decision of European Commission, we conclude entrustment data contracts that meet the requirements of the GDPR, and, in the case of transferring data to the USA, we verify the participation of our partners in the Privacy Shield program (more: https://www.privacyshield.gov/). You have the right to access the list of such recipients and a copy of the security we use.
We may also be required to provide specific information relating to you, to public authorities for the purposes of proceedings conducted by them. In this case, the information is provided only if there is a proper legal ground.
5. WHAT ARE THE „COOKIES”? HOW DO WE USE THEM AND IN WHAT PURPOSE?
“Cookies” are small data files that are issued to your device when you visit a Website and that store information about your use of our Services. We use “cookies” to help recognize you as a repeat visitor, to improve the quality of our Services and to collect statistical data.
The legal ground for the use of “cookies” is usually your consent (article 6(1) letter a GDPR “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), except when they are necessary for the functioning of our Website (“technical cookies”), when it’s based on our legally legitimate interest. Additionally, the Customer can give us a consent to use the marketing and analytic “cookies”.
We remind you that when data processing is based on your consent, you can withdraw your consent at any time.
“Technical cookies” do not collect any information about the Customer that could be used for marketing purposes or to remember which places on the Internet were visited by the Customer. Not accepting these “cookies” may prevent you from using most of our Services or significantly slow down functioning of the Website, so we recommend you to accept the use of technical “cookies”.
“Analytic cookies” obtain information about how Customers use our Website and monitor the efficiency of the Website. This allows us to quickly identify and fix any problems that Customers may encounter and ensure a high quality of browsing the Website. We use “analytic cookies” to analyze Customer visits, their duration and frequency.
“Marketing cookies” are used to obtain information about Customer’s activity on our Website. Their purpose is to display commercials that are relevant and interesting for individual Customer and therefore more valuable to third-party publishers and advertisers.
From the perspective of persistency, we use the following types of “cookies”:
- “session cookies” – which are temporary files, stored on the Customer’s device until he/she logs out, leaves the Website or turns off the software (the Internet browser);
- “persistent cookies” – which are stored on the Customer’s device the entire time specified in “cookie” parameters or until the Customer deletes them.
Depending on the purposes and legal grounds for processing personal data collected by “cookies”, they may be stored for the time indicated in Section III of this Policy.
We assure you that all information is used by us only for the purposes indicated above and in no case are harmful to you or your device, because they do not lead to any configuration changes. Your browser may give you the ability to control “cookies”, including blocking or deleting them (the procedure depends on type of your browser).
6. WHAT YOUR RIGHTS REGARDING YOUR PERSONAL DATA ARE?
For efficient implementation of Customer’s rights, please send all requests to the e-mail address: firstname.lastname@example.org, with the subject: “GDPR’s demand”, indicating which right you want to exercise. Every Customer has the following rights:
1. Right of access - In any time, you can obtain from us confirmation as to whether or not your personal data are being processed, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- who are the recipients;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Right to rectification - If you feel that the information relating to you is incorrect or incomplete, you have the right to request the rectification of the data.
3. Right to withdraw the consent – you can withdraw your consent at any time, without affecting the legality of the processing, which was performing prior to this withdrawal.
4. Right to erasure (‘right to be forgotten’) - The GDPR gives you the right to obtain from us the erasure of all your personal data. We are obligated to make your request, only if one of the following grounds applies:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdrew consent on which the processing is based and where there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- you object to the processing for direct marketing purposes;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
5. Right to restriction of processing - You can also obtain the restriction of processing, where one of the following applies:
- you contest the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful but you oppose the erasure of your personal data and you request the restriction of their use instead;
- we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims,
- you have objected to processing – only until the dispute is resolved.
6. Right to data portability - You have right to receive your personal data in a structured, commonly used and computer-readable format and have the right to transmit those data to another controller, when:
- the processing is based on your consent or on a contract and
- the processing is carried out by automated means.
7. Right to object - According to GDPR you have right to object:
- to processing of personal data, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Controller – on grounds relating to your particular situation;
- to processing of personal data, when it is necessary for the purposes of the legitimate interests pursued by Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling – on grounds relating to your particular situation;
- at any time – to processing of personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing;
- to processing of personal data for scientific or historical research purposes or statistical purposes – on grounds relating to your particular situation.
If, in spite of the Customer's objection, we consider that there are important, legally valid grounds for processing personal data, which override the Customer's interests, rights and freedoms, we can continue processing the Costumer’s personal data.
If you disagree with above mentioned Controller’s situation assessment, you have the right to lodge a complaint with a supervisory authority (for more information, see point VII below).
8. Right to lodge a complaint with a supervisory authority - Due to our actions as a Controller, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
If you want to lodge a complaint in Poland, since 25th May 2018 the function of the supervisory authority is held by the President of the Data Protection Office / Prezes Urzędu Ochrony Danych Osobowych (PUODO). A detailed description of the procedure for lodging a complaint to PUODO is available on the website maintained by PUODO which you can access by clicking the following link: https://uodo.gov.pl/.
7. CHILDREN’S PERSONAL DATA
Gamefound customers must be 18 years (or the legal age in your jurisdiction) or older. Therefore, we do not collect personal data of children.
If you believe and / or have evidence that a Gamefound user is under the age of 18 years, please contact us. If this is confirmed, we will delete personal data of children.
8. CALIFORNIA RESIDENTS
If you are a California resident, please be aware that we do not use your personal data for marketing purposes without your consent.
In the above sections, we have described what personal data we collect, for what purpose, how to request information about it and how to request to delete it. If you have additional questions or want to submit a request, please contact us.
9. CONTACT US
The Controller of your personal data is Gamefound Sp. z o.o. with its registered office in Wrocław at the following address: ul. Św. Mikołaja 58, Wrocław, 50-127, Poland.
E-mail address: email@example.com.