PRIVACY POLICY
In this document we describe all information and practices used in the processing of personal data by SUPERKAMI Joint Stock Company based in Warsaw, hereinafter referred to as the “Company” or “Administrator”.
The Administrator protects personal data and privacy of customers and users of the service. The Administrator complies with the applicable legal provisions on the protection of personal data, and also protects personal data from the side of IT security.
WE ACT IN ACCORDANCE WITH THE LAW
The Administrator ensures the security of personal data, in particular protects it from access by unauthorized persons. In addition, the Administrator ensures the exercise of the rights arising from:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, (hereinafter “GDPR”),
- the Act of 18 July 2002 on the provision of services by electronic means.
- the Act of 10 May 2018 on the protection of personal data.
WHAT PERSONAL DATA WE COLLECT AND PROCESS
The Administrator does not currently collect and process any personal data. Personal data should be understood as any information about an identified or identifiable natural person, in particular such as a name, an identification number, location data, an online identifier or one or more specific factors identifying the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA ?
If the Administrator begins to collect and process any personal data, the administrator of such data within the meaning of the provisions of the GDPR will be Superkami Joint Stock Company with its registered office in Warsaw, 115a Puławska Street, premises 11, 02-707 Warsaw, entered in the register of entrepreneurs kept by the District Court for the capital city of Warsaw in Warsaw, XIII Economic Department of the National Court Register under KRS number: 0000908392, holding NIP number: 5213933623 and REGON number: 389387121.
HOW TO CONTACT THE ADMINISTRATOR ?
The Administrator has not appointed a Data Protection Officer. In matters concerning the processing of your personal data by the Administrator, please contact us as follows:
- by post to the address of the Company’s registered office, or
- by the dedicated email address: hello@superkami.games
ON WHAT BASIS AND FOR WHAT PURPOSE MAY YOUR PERSONAL DATA BE PROCESSED ?
The Administrator may process personal data in order to:
- to ensure the proper provision of the services provided on the basis of the contract concluded with the Administrator, in which case the basis for data processing will be Article 6(1) b GDPR;
- to provide the newsletter service, in which case the basis for the processing of personal data shall be Article 6(1) a GDPR;
- to carry out marketing activities, if the data subject gives marketing consent, in which case the basis for the processing of personal data will be Article 6(1) a GDPR.
The basis for the processing of personal data may also be Article 6(1)(c) of the GDPR, if the processing will take place for the purpose of performing settlements and other legal obligations imposed on the Administrator.
The basis for the processing of personal data may be Article 6(1)(f) GDPR i.e. the Company’s legitimate interest, if the processing will take place in order to comply with obligations under GDPR in order not to expose ourselves to financial penalties and any other liability, to pursue the Company’s claims or to defend against claims made against the Company.
WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA ?
Any person whose personal data will be processed by the Administrator has the following rights:
- the right of access to your personal data – you may exercise your right to access your data at any time.
- right to rectification and completion of personal data – you have the right to request from the Administrator the immediate rectification of your personal data that is inaccurate, as well as to request the completion of incomplete personal data.
- the right to erasure of personal data – you have the right to request the Administrator to immediately erase your personal data in any of the following cases:
- when the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
- when the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
- when you have lodged an objection to the processing referred to in (e) below and there are no overriding legitimate grounds for the processing;
- when the personal data are processed unlawfully;
- when the personal data must be erased in order to comply with a legal obligation under European Union or Polish law;
- when the personal data was collected in connection with the offering of information society services.
However, the Administrator will not be able to delete your personal data to the extent that the processing is necessary for:
- exercise your right to freedom of expression and information;
- comply with a legal obligation requiring processing under European Union or Polish law;
- to establish, assert or defend claims.
- right to restrict processing of personal data – you have the right to request the Administrator to restrict the processing of your data in cases where:
- you question the accuracy of the personal data – for a period of time allowing the Administrator to verify the accuracy of the data;
- the processing is unlawful and you object to the erasure of the personal data, requesting instead the restriction of its use;
- the Administrator no longer needs the personal data for the purposes of the processing, but the data are needed by you to establish, assert or defend claims;
- you have objected to the processing referred to in (e) below – until such time as it is determined whether the legitimate grounds on the part of the Administrator override your grounds for objection.
- right to object – you have the right to object to the Administrator’s processing of your personal data.
- right to withdraw consent – to the extent that the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal;
- right to data portability – to the extent that your data is processed for the purpose of entering into and performing a contract or processed on the basis of consent and the processing is carried out by automated means, you have the right to receive from the Administrator in a structured, commonly used machine-readable format your personal data that you have provided prior to or in the course of your relationship with the Company. You also have the right to send this personal data to another administrator.
- right to complain – you have the right to lodge a complaint about the processing of your personal data by the Administrator to the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
The rights referred to in points a) – g) above can be performed by contacting the Administrator:
– by post to the address of the Company’s registered office,
– by dedicated e-mail address: hello@superkami.games
WITH WHOM DO WE SHARE YOUR PERSONAL DATA ?
If the Administrator starts to collect and process your personal data, it may be shared with the following recipients or categories of recipients:
- service providers providing services on behalf of or for the Administrator. We require compliance with applicable data protection legislation, including the provisions of the GDPR, in our contracts with such service providers;
- if such an obligation arises from mandatory legal provisions, to the extent necessary also to other third parties, in particular to authorized state authorities.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES.
The Administrator does not intend to transfer personal data to third countries. However, in the case of transfer of personal data to third countries, i.e. to recipients located outside the European Economic Area or Switzerland, in countries which, according to the European Commission, do not provide sufficient data protection, the Company transfers them using mechanisms in accordance with the applicable law, which include, among others, the following
- EU “Standard Contractual Clauses”;
- obtaining a third-party certification of compliance with the Privacy Shield (where based in the United States);
- where the data transfer is to a third country for which the European Commission has determined by decision that the third country meets an adequate level of protection.
HOW LONG DO WE KEEP YOUR PERSONAL DATA ?
The Administrator makes every effort to ensure that personal data are processed adequately and for as long as necessary for the purposes for which they were collected. With this in mind, the Administrator shall keep your personal data for no longer than is necessary to fulfil the purposes for which the data were collected or, if necessary, to comply with applicable law, in particular the duration of the contract and the period of limitation of claims. In the case of processing based on consent, data will be processed until such consent is withdrawn.
AUTOMATED DECISION-MAKING
The Administrator does not intend to process personal data in an automated manner and to use so-called profiling.
Profiling is the collection of information about a person and the assessment of his or her characteristics or behavioral patterns in order to place him or her in a specific category or group, carried out, for example, to analyze the interests of that person. The controller does not make automated decisions that produce legal effects on the data subject.
IS THE PROVISION OF DATA MANDATORY?
If the Administrator initiates the processing of data, the data subject will be informed whether, in the case in question, the requirement to provide the data is a statutory or contractual requirement or a condition for entering into a contract and whether the data subject is obliged to provide the data and what are the possible consequences of failing to do so;
AMENDMENT OF THE PRIVACY POLICY
This document may be amended in particular if the Administrator intends to process any personal data or the need or obligation to do so arises from a change in the relevant legislation, including changes in the recipients of the data. Persons whose data is processed in accordance with this Privacy Policy will be notified of changes to it with reasonable notice.
METHODS OF PERSONAL DATA PROTECTION
The Administrator shall carefully select and apply technical and organizational measures to ensure the protection of personal data against unlawful processing. These include internal controls, storage and processing procedures and physical security measures to protect against unauthorized access to systems where personal data may be stored. The Administrator shall maintain documentation describing the manner in which personal data are processed and the technical and organizational measures ensuring the protection of the personal data processed, appropriate to the risks and categories of data to be protected.