1. Privacy policy

1.1 GENERAL INFORMATION

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you play our games. The term „personal data” comprises all data that can be used to personally identify you directly or indirectly.

1.2 DATA RECORDING

HOW DO WE COLLECT YOUR DATA?

On the one hand, your data is collected by you communicating it to us. This may be data that you enter in a contact form or registering to one of our services, for example. Other data is automatically collected when you download and use our games.

WHAT ARE THE PURPOSES WE USE YOUR DATA FOR and what are the legal bases?

We use your data to provide our games to you, including for the purposes of optimization, preventing fraud, customizing in-game offers, and verifying purchases. Furthermore, we gather information of how you use our services or play our games for statistical and analytical purposes. We may also use your personal data for our marketing and advertising purposes. Our marketing and advertising activities may consist in: sending or displaying targeted marketing (in order to reach you with content that is more relevant to you), any other information that we think may appear interesting to you, as well as offers and newsletters.

Pursuant to the GDPR (and other relevant laws), in general, your personal data is processed by us on the following legal bases:

• Performance of our contract with you – in this case, your personal data may be used to perform our agreements with you applicable to the Services you use (e.g. when we provide our service to you);
• To comply with a legal obligation to which the Controller is subject – in this case, your personal data may be processed in order to comply with the law and our legal obligations (e.g. when we are required to store your data in order comply with tax and accounting regulations);
• For the Controllers legitimate interests – in this case, the Controller may process your personal data in order to fulfil its legitimate interests consisting in among others – protecting, maintaining and improving the Services; developing new games, features and services; marketing and promoting our Services (including by profiling and marketing to Users); protecting our legal rights and interests; in support of mergers, acquisitions, reorganizations and other business transactions; and to generally operate and improve our business (e.g. when we are defending our legal rights or asserting claims, analyzing how you use our services, personalizing them etc.);
• In accordance with provided consent – the Controller may process personal information about you based on your consent, for example (where required by law) to send you marketing communications, surveys, news, updates and other communications. You can withdraw your consent at any time in accordance with applicable laws; please see Section 12.8 of this Privacy Policy for more information on how to withdraw your consent.

2. GENERAL AND MANDATORY INFORMATION

2.2. INFORMATION ABOUT THE RESPONSIBLE PARTY

The responsible party (referred to as the „controller” in the GDPR) is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).

The controller of your personal data is:

Pixel Storm sp z .o.o.
ul. Piękna 7/1a
50-505 Wrocław – Poland

If you have any questions or suggestions about data protection or regarding exercise of your rights, you can send us an email to info@pixelstorm.pl.

3. COLLECTION AND USE OF YOUR DATA

3.1. FACEBOOK

You do not need to register in order to play our games. You can however voluntarily connect your game with your Facebook account in order to participate in the Social Events inside the games.

If you connect your Facebook account with our game, the following data is shared with us:

• Name
• Profile picture
• Date of birth (if indicated by Facebook)
• Place of residence (if indicated by Facebook)

Please note: If you participate in the Social Events, your friends can also see that you play our game and you will also be displayed in the Highscore of your friends. In addition, when your Facebook account is connected, a list of your friends who also participate in Social Event and who have connected their Facebook account with their game is shared.

You can cancel the connection with your Facebook account at any time by logging into Facebook and selecting the “Settings” option. The connection between Facebook and the app can be deleted under “Apps and Websites.”

We collect this data in order to provide our app to you and to be able to connect your account if desired, Article 6(1)(b) GDPR.

To the extent that we, as described above, process your data for the purposes of providing the functions of our app, you are contractually required to provide us with this data. Without this data, we are not able to provide these functions to you.

You are not required to provide the above voluntary information. Without this data, however, we are not able to provide these functions of our app to you.

3.2. SUPPORT REQUESTS

If you send support requests to us by email, via chat within the game, or via messages within social media platforms, we collect and process the data from your request in order to be able to provide a response. For this purpose, it may also be necessary for you to provide us with information about your end device so that we can process the request and resolve any technical problems that may exist.

We collect this data in order to provide our app to you and to be able to process your request, Article 6(1)(b) GDPR.

You are not required to provide the above voluntary information. In particular, you are free to send the request to us under a pseudonym, without giving your real name.

4. PERMISSIONS

Our apps use the following permissions:

5. PSEUDONYMOUS USER PROFILE

For the needs-oriented design and statistical analysis of usage of our app, we collect pseudonymous data about how our apps are used, and we evaluate this data statistically. Specifically, we use third-party analytical tools in connection with our own Services. These partners process your data only at and according to our specific instructions and may use cookies and other tracking technologies to collect information about your use of our Apps. This collected information includes, but is not limited to installation data, in-app events, uninstallation, A/B test buckets, language, platform, device type, operating system version, app version, screen resolution, date and time, device IDs such as advertising IDs and IDFA and usage information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your activity on our Services.

6. ADVERTISING NETWORKS

We use the following advertising networks in order to be able to integrate advertising within our free-of-charge apps. These collect the data described below for the purpose of providing personalized advertising:

You can object to the use of personalized advertising by making the following settings depending on your device type: On iPhone or iPad, first open “Settings,” tap on “Privacy,” and open “Advertising.” Here you can enable “Limit Ad Tracking.” If you use devices with Android and Google Play Services, first open “Google Settings,” tap on “Advertising,” then open “Disable interest-related ads,” then tap on “OK.”

Use of the aforementioned advertising networks and the transmission of the data mentioned is based on our legitimate interest consisting in recouping our investments for the operation of our app through advertising(Article 6(1)(f) GDPR).

7. Other third-party platforms

You may be able to login through to our Services or connect certain third-party accounts (hereinunder „Third-Party Account”)—such as Steam, Twitch, Xbox Live, PSN — to your account in one of the Controller’s Services, or to interact with it and other users on game forums and communities on third-party platforms. Please note, that these Third-Party Accounts and platforms are operated and managed by third parties (hereinunder „Third-Party Platform”), and are subject to their respective terms and conditions. When you link a Third-Party Account to use our Services, you may be able to connect and interact with and share game information with your friends and network from that Third-Party Account, and, in some cases, you may be able to make purchases through or earn rewards (subject to applicable program terms) from that Third-Party Account. When you access, play or use our Services through a Third-Party Platform or website, the Controller may collect or receive your identifier(s) such as XUID, PUID, IP address, MAC address, as well as other device identifiers, registered email address and other information you authorize such entities to provide them to the Controller. In addition, the Controller may allow you to login to certain Services through Third-Party Accounts. The information collection and sharing practices of these third parties are subject to their respective terms and conditions and privacy policies (e.g. , in case of Steam – https://store.steampowered.com/privacy_agreement/ in case of Google/Stadia – https://stadia.google.com/privacy). If you choose to login this way, you are asked to share certain information with us (which may include name, email, friends and public profile information); the specific information and whether it is required or optional is stated on the permissions page when you first log in with or connect the Third-Party Account. If you play or purchase our Service on your mobile device, we receive information about you from the app stores and other mobile platform providers, including your username and/or device ID.

Third-party tools: We also may use third-party tools to help us manage and analyze our social media presence, and report on comments, mentions and other content that is posted about us on Third-Party Platforms and other social media sites, other public channels and forums. The information collection and sharing practices of these third parties are subject to their respective terms and conditions and privacy policies.

8. CHANGES OF PURPOSE

In the event of further processing for purposes other than those for which the data was originally collected, we will notify you regarding those other purposes before further processing, and we will provide you with all other information relevant to this.

9. DISCLOSURE OF DATA

As a matter of principle, your personal data will not be disclosed to others without your explicit prior consent, except in the following circumstances:

• If needed to investigate unlawful use of our services or to prosecute a criminal offense, personal data can be forwarded to law enforcement agencies and, if appropriate, to any victims. However, this only happens if there are concrete clues pointing to unlawful behavior. Disclosure may likewise occur for the purpose of enforcing terms of use or other agreements. In addition, we are also required by law to disclose information to certain government agencies upon request, namely to law enforcement, to government agencies prosecuting misdemeanors punishable by fines, and to tax authorities. Such data are disclosed by virtue of our legitimate interest in combating abuse, for prosecuting criminal offenses and for securing, asserting, and enforcing claims, and because your rights and your interest in the protection of your personal data do not prevail pursuant to Article 6(1)(f) GDPR. If we are legally required to disclose data, the disclosure occurs on the basis of Article 6(1)(c) GDPR.
• To provide our services, we outsource work to outside companies under contract and to service providers (“processors”). In such cases, personal data will be transferred to such processors to allow further processing to take place. These processors are carefully selected and regularly reviewed by us to ensure your privacy. Processors may only use data for the purposes specified by us. Moreover, processors are contractually bound to process your data only in accordance with this data protection policy and with statutory data protection laws. The transfer of data to processors is based on Article 28(1) GDPR. Alternatively, the transfer can be warranted on grounds of our legitimate interest in the economic and technical benefits of using specialized processors, and due to the fact that your rights and interests in protecting your personal data do not prevail under Article 6(1)(f) GDPR.
• We also process data in countries outside the European Economic Area (“EEA”). In order to ensure the protection of your personal privacy rights within these data transfers, we employ the standard agreement clauses of the EU Commission in accordance with Article 46(2)(c) GDPR for the development of contractual relations with third countries. These are available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF, alternatively, you can also request these documents from us by using the contact options specified below.
• As our business evolves, Pixel Storm sp. z o.o. may undergo organizational changes such as the adoption of a new legal form or the establishment, purchase, or sale of subsidiaries and divisions or components of companies. Whenever such changes take place, customer information for each business unit is transferred together with the business unit. Each time personal information is disclosed to third parties as described above, we will ensure that the disclosure complies with this Privacy Policy and with applicable data protection laws.
• In other cases, in connection with provision of services, personal data will be disclosed to external entities that process the data on our behalf, including in particular vendors responsible for the supply and maintenance of IT systems, advertising and analytics services, as well as data storage and other support services. The transfer of data to processors is based on Article 28(1) GDPR.

10. DELETION OF YOUR DATA

We will delete or anonymize your personal information as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data as long as you use the site or for the term of any applicable contract, unless the data must be kept longer for legal reasons, for a criminal prosecution, or to secure, assert, or enforce legal claims, or it is required to satisfy our legitimate interests, or until you successfully object to such processing.

11. AGE LIMITS

To use our services you must confirm full legal capacity or, in case of restricted legal capacity, obtain the consent of your legal guardian. We do not knowingly collect or ask for personal information from children. In case you can’t confirm full legal capacity, please do not send us any personal data, including name, address, or email address. If we learn that we have collected personal data of a child, we will delete these as soon as possible. If you think that we might have data from a child, please contact us at info@pixelstorm.pl.

12. YOUR RIGHTS AS A DATA SUBJECT

12.1. RIGHT TO INFORMATION

You are entitled at any time, upon request, to obtain information from us about your personal data within the scope of Article 15 GDPR. To request such information you may submit an application by mail or by email to the address given above.

12.2. RIGHT TO RECTIFICATION OF INACCURATE DATA

You have the right to demand that we correct forthwith any inaccurate personal data concerning you. For this purpose, please use the contact addresses listed above.

12.3. RIGHT TO DELETION

Under the conditions described in Article 17 GDPR, you have the right to demand the deletion of your personal data. The deletion of the personal data will occur if only such data is no longer needed for the purposes for which it was collected, if an successful objection has been submitted or if deletion is mandatory under EU law or under the law of a Member State to which we are subject. For the period of data storage, please also see Section 14 of this Privacy Policy. To assert the aforesaid right, please use the contact addresses listed above.

12.4. RIGHT TO RESTRICTION OF PROCESSING

You have the right to demand that we restrict processing in accordance with Article 18 GDPR.In case you exercise this right, the Controller ceases the performance of operations on the personal data- except for operations consented to by the data subject – and their storage, in accordance with the adopted retention rules or until the reasons of the proessing restriction no longer exist (e.g. a supervisory authority decision is issued that allows further data processing).

12.5. RIGHT TO DATA PORTABILITY

On this basis, within the scope of data processed by automated means in connection with concluded contract or given consent – the Controller issues the data provided by you in a format which can be read by a computer. It is also possible to request the data to be sent to another entity, provided however, that there is technical capacity in this regard on the part of both the Controller and the designated entity.

12.6 RIGHT TO OBJECT

Pursuant to Article 21 GDPR,you may at any time object to the processing of personal data, on the grounds relating to your particular situation, which is carried out on the basis of the legitimate interest of the Controller (e.g. for analytical or  statistical purposes or for reasons relating to the protection of property); the objection in this respect should include a justification.

Moreover, you may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection..

12.7. RIGHT TO COMPLAIN

You also have the to lodge a complaint with the competent data protection authority – in particular in your EU Member State habitual residence, workplace or place of perpetration of an alleged violation The competent supervisory authority in Poland is:

Urząd Ochrony Danych Osobowych

8. Stawki 2 
   00-193 Warszawa
   tel. 22 531-03-00
   working hours: 8.00–16.00
   kancelaria@uodo.gov.pl

12.8. RIGHT TO withdraw consent

In case personal data processing is based on a given consent, the data subject has the right to withdraw it at any time, nonetheless this does not affect the lawfulness of the processing carried out prior to the withdrawal of consent.

13. SUBMITTING REQUESTS RELATED TO THE EXERCISE OF RIGHTS

Any requests regarding the exercise of the abovementioned data subjects’ rights shall be submitted:

• In writing to the Controller’s address;
• By e-mail to the following address: […].

The request should, as far as possible, indicate precisely what is requested, i.e. in particular:

• What right the applicant wishes to exercise (e.g. right to erasure data, right to obtain a copy of the data);
• What process is concerned by the request (e.g. use of a specific service, activity in a specific app, receiving newsletter etc.);
• What are purposes of the processing involved in the request (e.g. marketing purposes, analytical purposes, etc.).

If the Controller is unable to identify the person submitting a request based solely on the request submitted, the Controller will ask this person for additional information. The provision of such data is not obligatory, but failure to provide such data will result in a refusal to fulfill the request.

A reply to the request shall be given within one month of its receipt. If it is necessary to extend this deadline, the Controller shall inform the person making the request of the reasons for such extension.

14. DATA RETENTION

The period of data processing by the Controller depends on the type of provided service and the purpose of given processing. In principle, data are processed for the entire period of providing the service or fulfilling a purchase order until the moment of withdrawing consent or an effective objection to the data processing in cases where the legal basis for the processing is the Controller’s legitimate interest.

The data processing period may be extended if processing is necessary to determine and pursue possible claims or to defend against claims and, after that time, only when and to the extent required by law. After the elapse of the processing period, the data are irreversibly deleted and anonymized.

15. Voluntariness

Providing the Controller with personal data is voluntary, in general. If you decide, however, to use certain our services or games the provision of personal data is mandatory. Without data provision, some services may not be available to you, as well as the Controller may not be able to fully address your inquiry.

16. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy, if necessary, in compliance with the applicable data protection regulations. This way, we can adapt it to the current legal requirements and make changes in our services into account, e.g. when introducing new services. The most current version always applies to your visit.

The current version of this Privacy Policy is always available at https://pixelstorm.pl/privacy-policy/.