PRIVACY POLICY
On the basis of what
legal provisions are or may be processed your personal data?
1. "Personal data" - means any information relating to an identified or identifiable
natural person ("data subject"); an identifiable natural person is a
person who can be directly or indirectly identified, in particular on the basis
of an identifier such as name and surname, identification number, location
data, internet identifier or one or more specific physical, physiological,
genetic, mental factors, economic, cultural or social identity of a natural
person,
2. "Processing" - means any operation or set of operations which is performed on
personal data or on sets of personal data, whether or not by automated means,
such as collection, recording, organization, structuring, storage, adaptation
or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction,
3. "Controller" - means the natural or legal person, public authority, agency or
other body which, alone or jointly with others, determines the purposes and
means of the processing of personal data; where the purposes and means of such
processing are determined by Union or Member State law, the controller or the
specific criteria for its nomination may be provided for by Union or Member
State law,
4.
"Joint controller(s)" - Joint controller(s) occurs when at least two Controllers jointly
determine the purposes and means of processing, they are Joint controllers
(art. 26 GDPR),
5. "Supervisory authority" - means an independent public authority which is established by a
Member State,
6.
"Recipient" - means a natural or
legal person, public authority, agency or another body, to which the personal
data are disclosed, whether a third party or not. However, public authorities
which may receive personal data in the framework of a particular inquiry in accordance
with Union or Member State law shall not be regarded as recipients; the
processing of those data by those public authorities shall be in compliance
with the applicable data protection rules according to the purposes of the
processing,
7.
"Processor" - means a natural or legal person, public authority, agency or other
body which processes personal data on behalf of the controller,
8.
"Third party" - means a natural or legal person, public authority, agency or body
other than the data subject, controller, processor and persons who, under the
direct authority of the controller or processor, are authorized to process
personal data,
9.
"Third country" - an entity outside the EEA (European Economic Area) to which personal
data is disclosed,
10.
"Consent" - of the data subject means any freely given, specific, informed and
unambiguous indication of the data subject's wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the
processing of personal data relating to him or her,
11.
"Privacy Policy" - this document, presenting information on the principles of personal
data processing in accordance with the substantive scope indicated in art. art.
13 GDPR - information clause regarding the processing of personal data,
12.
"Cookies Policy" - information on the use of cookies on the website run by the
Controller. The Cookie Policy is available on the Controller's website,
13.
"GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 on the protection of individuals with regard to the processing
of personal data and on the free movement of such data, and repealing Directive
95/46 / EC (General Data Protection Regulation:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
Who does this Privacy Policy apply to?
This Privacy Policy (hereinafter referred to as PP) applies to the
processing of personal data of natural persons, website users and players. The
categories of personal data concerned are natural persons acting alone, natural
persons acting on behalf of organizational units without legal personality,
natural persons acting on behalf of legal persons (e.g. as members of their
bodies, proxies, contact persons), in case of contractual relations this PP
applies before the conclusion of a contract and after the conclusion
thereof.
Who is the
Controller?
Please be advised that Controller is Fulqrum
Publishing Limited, 27, 25 Martiou Str., D. MICHAEL TOWER, Office 105A, Engomi,
2408, Nicosia, Cyprus, Tax No.: CY10268076B, Register No.: HE268076.
Contact details to the Controller
Please send inquiries regarding the protection of
personal data to the Controller by traditional mail to the above-mentioned
address or by e-mail to the address DPO.CY@fulqrumpublishing.com
Data Protection
Officer
Please be advised that the Controller has not
appointed a Data Protection Officer. Inquiries regarding the protection of
personal data should be directed to the Controller by traditional mail to the
Controller's address or by e-mail to the following address: DPO.CY@fulqrumpublishing.com
For what purposes is
or can your personal data be processed?
Personal data is or may be processed for the following
purposes:
|
No. |
Purpose of personal data
processing |
Scope of personal data |
Lawfulness of processing |
|
1. |
Offers (Personal data processed in
connection with the Controller's receipt of an offer regarding possible
cooperation) |
1) in the case of natural persons:
name, surname, position, e-mail address, telephone number, 2) in the case of legal persons:
name, surname, position, e-mail, telephone number, |
1) in the case of natural persons:
art. 6 (1) f) GDPR, 2) in the case of legal persons:
art. 6 (1) f) GDPR, |
|
2. |
NDA (Personal data processed in
connection with the preparation, conclusion and implementation of the provisions
of the confidentiality agreement (NDA)) |
1) in the case of natural persons:
name, surname, ID number, position, e-mail address, telephone number, 2) in the case of legal persons:
name and surname, position, e-mail address, telephone number, |
1) in the case of natural persons:
art. 6 (1) b), f) GDPR, 2) in the case of legal persons:
art. 6 (1) f) GDPR, |
|
3. |
Arrangement (Personal data processed in
connection with the preparation, conclusion and implementation of the
provisions of the contract) |
Arrangement (Personal data processed in
connection with the preparation, conclusion and implementation of the
provisions of the contract) |
1) in the case of natural persons:
art. 6 (1) b), c), f) GDPR, 2) in the case of legal persons:
art. 6 (1) c), f) GDPR, |
|
4. |
To send periodic emails, such as
updates on new games release dates via e-mail (including Newsletter) |
e-mail |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
|
5. |
Personal data
processed in connection with the exercise of rights in the field of
personal data protection |
The scope of data
necessary to exercise the rights of the person |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
|
6. |
Personal
data processed in connection with the verification of sanction lists -
the sanctions lists published inter alia by the United Nations Security
Council (UN), the European Union, the United States of America (such as
the Office of Foreign Assets Control),
and the People’s Republic of China (such as the People's Bank of China, the
Ministry of Public Security, the Ministry of Commerce, the Ministry of
Foreign Affairs) and country related lists provided by competent authorities
based on applicable law, |
The
scope of personal data available in the sanctions lists |
1) in the case of
natural persons: art. 6 (1) c) GDPR, 2) in the case of
legal persons (natural persons acting on behalf of legal person)- art. 6 (1) c)
GDPR, |
|
7. |
Personal data
processed in connection with the process related to the Forum
|
Name, surname,
username, e-mail, image, information contained in the content of comments
|
1)
art. 6 (1) a) GDPR - consent of the data subject, 2)
art. 6 (1) b) GDPR - processing necessary to
conclude and implement the provisions of the contract (acceptance of the
provisions of the Regulations), 3)
art. 6 (1) f) GDPR - processing is necessary for the
purposes of the legitimate interests pursued by the controller, |
|
8. |
For other purposes - while the content of art. 13 GDPR
will then be presented individually for the respective processing purpose |
- |
- |
We hereby inform that depending on the purpose of
processing, the scope of the indicated personal data may change.
How long will personal data be processed in accordance
with the storage limitation principle (personal data retention)?
Please be advised that personal data are or may be
processed for the period of:
|
No. |
Purpose of processing |
Lawfulness of processing |
Processing period |
|
1. |
Offers (Personal
data processed in connection with the Controller's receipt of an offer
regarding possible cooperation) |
1) in
the case of natural persons: art. 6 (1) f) GDPR, 2) in
the case of legal persons: art. 6 (1) f) GDPR, |
a) until objective to processing, b) for internal administrative purposes related to the management of
the process of receiving offers - for a period of 10 years from the date of
receipt of the offer, |
|
2. |
NDA (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the confidentiality agreement (NDA)) |
1) in
the case of natural persons: art. 6 (1) b), f) GDPR, 2) in
the case of legal persons: art. 6 (1) f) GDPR, |
a) in order to prepare, conclude and implement the provisions of a
confidentiality agreement (NDA) - for the duration of the preparation,
conclusion and duration of the contract - for an indefinite period or until
the contract is terminated or until an objection to the processing is raised, b) for purposes related to the investigation of claims between the
parties to the contract for the performance of the provisions of the contract
(NDA) - if applicable - for the duration of the claims in accordance with
applicable law and for the period of their investigation - if applicable, c) for internal management purposes - controlling and archiving
documentation in connection with the conclusion of the contract - for a
period of 10 years from the date of the contract, which may be changed, |
|
3. |
Arrangement (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the contract) |
1) in
the case of natural persons: art. 6 (1) b), c), f) GDPR, 2) in
the case of legal persons: art. 6 (1) c), f) GDPR, |
a) in order to prepare, conclude and implement the provisions of the
contract - for the duration of the preparation, conclusion and duration of
the contract - for an indefinite period or until the termination of the
contract or until objections to processing are submitted, b) in order to make financial settlements - for a minimum period of 6
years from the end of the financial year, c) for purposes related to the investigation of claims between the
parties to the contract for the performance of the provisions of the contract
- if applicable - for the duration of the claims in accordance with
applicable law and for the period of their investigation - if applicable, d) for internal management purposes - controlling and archiving
documentation in connection with the conclusion of the contract - for a
period of 10 years from the date of the contract, which may be changed, |
|
4. |
To
send periodic emails, such as updates on new games release dates via e-mail
(including Newsletter) |
1)
art. 6 (1) a) GDPR - consent of the data subject, 2)
art. 6 (1) f) GDPR - processing is necessary for the purposes of the
legitimate interests pursued by the controller, |
1)
until the consent is withdrawn, 2)
until an objection to the processing is submitted, 3)
for an indefinite period, |
|
5. |
Personal data processed in connection with the exercise of rights
in the field of personal data protection |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is necessary for the purposes of
the legitimate interests pursued by the controller, |
1) for the period resulting from legal provisions (for an indefinite
period), 2) until an objection to the processing is submitted, |
|
6. |
Personal data processed in connection with the
verification of sanction lists - the sanctions lists published inter
alia by the United Nations Security Council (UN), the European Union, the
United States of America (such as the
Office of Foreign Assets Control), and the People’s Republic of China
(such as the People's Bank of China, the Ministry of Public Security, the
Ministry of Commerce, the Ministry of Foreign Affairs) and country related
lists provided by competent authorities based on applicable law, |
1) in the case of natural persons: art. 6 (1) c)
GDPR, 2) in the case of legal persons (natural
persons acting on behalf of legal person)- art. 6 (1) c) GDPR, |
1) for the period according to applicable law, |
|
7. |
Personal data processed in connection with the
process related to the Forum
|
1) art. 6 (1) a) GDPR
- consent of the data subject, 2) art. 6 (1) b) GDPR
- processing necessary to conclude and implement the provisions of the
contract (acceptance of the provisions of the Regulations), 3) art. 6 (1) f) GDPR
- processing is necessary for the purposes of the legitimate interests
pursued by the controller, |
1) until the consent is withdrawn, 2) until users stop using the Forum, 3) for the period resulting from legal provisions, 4) for a period of 10 years for internal
administrative purposes, |
Please be advised that the given periods of personal
data processing for individual processing purposes may change, among others, as
a result of amendments to the law or internal organizational changes.
Under what circumstances is the provision of personal
data a statutory or contractual requirement or a requirement necessary to enter
into a contract?
Please be advised
that providing personal data is:
|
No. |
Purpose of processing |
Lawfulness of processing |
Processing |
|
1. |
Offers (Personal
data processed in connection with the Controller's receipt of an offer
regarding possible cooperation) |
1) in
the case of natural persons: art. 6 (1) f) GDPR, 2) in
the case of legal persons: art. 6 (1) f) GDPR, |
a) providing personal data is voluntary, and failure to provide
personal data will result in the inability to read and make a decision in
connection with the received offer for cooperation, |
|
2. |
NDA (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the confidentiality agreement (NDA)) |
1) in
the case of natural persons: art. 6 (1) b), f) GDPR, 2) in
the case of legal persons: art. 6 (1) f) GDPR, |
a) processing of personal data in order to prepare, conclude and
implement the provisions of a confidentiality agreement (NDA) - providing
personal data is contractual, and failure to provide personal data will
result in the inability to prepare, conclude and implement the provisions of
the contract, b) processing of personal data for purposes related to the
investigation of claims between the parties to the contract for the
performance of the provisions of the contract (NDA) - it is voluntary, and
failure to provide personal data will result in the inability to pursue
claims, |
|
3. |
Arrangement (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the contract) |
1) in
the case of natural persons: art. 6 (1) b), c), f) GDPR, 2) in
the case of legal persons: art. 6 (1) c), f) GDPR, |
a) processing of personal data in order to prepare, conclude and
implement the provisions of the contract - providing personal data is
contractual, and failure to provide personal data will result in the
inability to prepare, conclude and implement the provisions of the contract, b) in the case of financial settlements, it is of a statutory nature
and failure to provide personal data will result in the inability to meet the
obligations arising from the applicable law on the Controller, c) processing of personal data for purposes related to the
investigation of claims between the parties to the contract for the
performance of the provisions of the contract - it is voluntary, and failure
to provide personal data will result in the inability to pursue claims, |
|
4. |
To
send periodic emails, such as updates on new games release dates via e-mail
(including Newsletter) |
1)
art. 6 (1) a) GDPR - consent of the data subject, 2)
art. 6 (1) f) GDPR - processing is necessary for the purposes of the
legitimate interests pursued by the controller, |
1) is
voluntary, and failure to provide personal data will result in the inability
to prepare periodic emails, such as updates on new games release dates via
e-mail, including Newsletter |
|
5. |
Personal data processed in connection with the exercise of rights
in the field of personal data protection |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is necessary for the purposes of
the legitimate interests pursued by the controller, |
1) is voluntary, and failure to provide personal data will result in
the inability to exercise the rights of the person in the field of personal
data protection, 2) is of a statutory nature, and failure to provide personal data will
result in the inability to comply with the provisions of the law in the area
of personal data protection imposed on the Controller, |
|
6. |
Personal data processed in connection with the
process related to the Forum |
1) art. 6 (1) a) GDPR
- consent of the data subject, 2) art. 6 (1) b) GDPR
- processing necessary to conclude and implement the provisions of the
contract (acceptance of the provisions of the Regulations), 3) art. 6 (1) f) GDPR
- processing is necessary for the purposes of the legitimate interests
pursued by the controller, |
1) is voluntary, and
failure to provide personal data will result in the inability to use the
Forum, 2) is of a contractual
nature, and failure to provide personal data will result in the inability to
participate in the Forum (in the event of the existence of the Regulations of
participation in the Forum), |
Processing of personal data based on the consent of
the data subject
Please be advised that in the case of processing
personal data based on the consent of the data subject (Article 6 (1) (a) of
the GDPR):
|
No. |
Purpose of processing |
Lawfulness of processing |
Art. 6 (1) a) GDPR |
|
1. |
To
send periodic emails, such as updates on new games release dates via e-mail
(including Newsletter) |
1)
art. 6 (1) a) GDPR - consent of the data subject,
|
The
data subject has the right to withdraw their consent at any time. Withdrawal
of consent does not affect the lawfulness of processing based on consent
before its withdrawal. Withdrawal of the consent granted should be reported
to the e-mail address: DPO.CY@fulqrumpublishing.com |
|
2. |
Personal data processed in connection with the
process related to the Forum |
1) art. 6 (1) a) GDPR - consent of the data
subject, |
The processing of personal data based on the
legitimate interest pursued by the Controller (processing is necessary for the
purposes of the legitimate interests pursued by the controller)
Please be advised
that in the case of processing personal data based on the legitimate interest
pursued by the Controller (Article 6 (1) f) of the GDPR processing is necessary
for the purposes of the legitimate interests pursued by the controller):
|
No. |
Purpose of the
processing |
Lawfulness of the
processing |
Art. 6 (1) f) GDPR |
|
1. |
Offers (Personal data processed in
connection with the Controller's receipt of an offer regarding possible
cooperation) |
1) in the case of natural persons:
art. 6 (1) f) GDPR, 2) in the case of legal persons:
art. 6 (1) f) GDPR, |
Please be advised that for the
legitimate interest pursued by the Controller: a) with regard to the processing of
personal data in order to become acquainted with the cooperation offer, a
binding business relationship shall be considered, b) the processing of personal data for
internal administrative and managerial purposes related to the management of
the process of receiving offers is considered, |
|
2. |
NDA (Personal data processed in
connection with the preparation, conclusion and implementation of the
provisions of the confidentiality agreement (NDA)) |
1) in the case of natural persons:
art. 6 (1) f) GDPR, 2) in the case of legal persons:
art. 6 (1) f) GDPR, |
Please be advised that in the case of
processing personal data of natural persons and natural persons representing
or acting on behalf of a legal person, the legitimate interest pursued by the
Controller is considered to be: a) processing in order to prepare,
conclude and implement the provisions of a confidentiality agreement (NDA), b) processing for purposes related to
the investigation of claims between the parties to the contract for the
performance of the provisions of the contract (NDA) - if applicable - the
legitimate interest pursued by the Controller is the processing of personal
data for the purpose of seeking claims for the implementation of the
provisions of the contract (NDA), c) processing for internal management
purposes - the legitimate interest pursued by the Controller is the control
and archiving of documentation in connection with the conclusion of the
contract, |
|
3. |
Arrangement (Personal data processed in
connection with the preparation, conclusion and implementation of the
provisions of the contract) |
1) in the case of natural persons:
art. 6 (1) f) GDPR, 2) in the case of legal persons:
art. 6 (1) f) GDPR, |
Please be advised that in the case of
processing personal data of natural persons, natural persons representing or
acting on behalf of a legal person, the legitimate interest pursued by the
Controller is considered to be: a) processing in order to prepare,
conclude and implement the provisions of the contract, b) processing for the purpose of
financial settlements - activities related to the monitoring and payment of
payments, c) processing for purposes related to
the investigation between the parties to the contract of claims arising from
the performance of the provisions of the contract - if applicable - the
legitimate interest pursued by the Controller is the processing of personal
data for the purpose of seeking claims for the implementation of the
provisions of the contract, d) processing for internal management
purposes - the legitimate interest pursued by the Controller is the exercise
of control and archiving of documentation in connection with the conclusion
of the contract, |
|
4. |
To send periodic emails, such as
updates on new games release dates via e-mail (including Newsletter) |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is considered to be a
binding relationship, including a business relationship, an ongoing contract
with the data subject and data processing for internal administrative
purposes, also in relation to the exercise of the rights of data subjects in
connection with the possibility of exercising the rights of persons to whom
data concern and provided for by law (e.g. documenting withdrawal of granted
consent), |
|
5. |
Personal data
processed in connection with the exercise of rights in the field of
personal data protection |
1) art. 6 (1) f) GDPR - processing is necessary
for the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is to the
exercise of the rights of data subjects in connection with the possibility of
exercising the rights of persons to whom data concern and provided for by law
and demonstrate the compliance with the GDPR regulations, |
|
6. |
Personal data
processed in connection with the process related to the Forum |
1) art. 6 (1) f)
GDPR - processing is necessary for the purposes of the legitimate interests
pursued by the controller, |
The legitimate
interest of the controller is the processing of personal data in order to
administrative issues related to running the Forum, for administrative and
internal management issues also in case of the claims - if applicable |
Disclosure of
personal data by the Controller
We hereby inform that
personal data is or may be disclosed by the Controller:
1) disclosed to data recipients providing services to the
Controller pursuant to art. 28 GDPR – Data Processing Agreement.
Depending on the purpose of personal data processing, the categories of data
recipients may be: IT infrastructure providers (software and hardware), website
hosting, tools for conducting meetings, conferences, online webinar, external
recruiting companies. The list of the processors to whom the Controller
entrusts the processing of personal data is available at the request of the
data subject,
2) disclosure of data to recipients cooperating with
the Controller. Depending on the purpose of personal data processing, the
categories of recipients to whom personal data may be disclosed are entities
operating in the field of audits, postal services, courier services, law
offices. We would like to inform you that after disclosing personal data, the
data recipient becomes the Controller. The list of recipients to whom the
Controller discloses personal data is available at the request of the data
subject,
3) disclosure of data to recipients who are public /
state authorities. Depending on the purpose of personal data processing,
the categories of data recipients may be such bodies as the Tax Office, Police,
courts, the Supervisory Authority or other entities to which the Controller
discloses personal data under applicable law. Please be advised that after
disclosing personal data, their recipient becomes the Controller of the data.
The list of recipients to whom the Controller discloses personal data is
available at the request of the data subject,
4) disclosure of personal data to third parties.
The list of third parties to whom the Controller discloses personal data is
available at the request of the data subject.
What are the rights
of the data subject?
We would like to
inform you about the right to request the Controller to exercise the following
rights:
1) the right to access personal data relating to the data
subject,
2) the right to rectify personal data,
3) the right to delete personal data (erasure of personal
data),
4) the right to limit the processing of personal data
(restriction of processing),
5) the right to object to the processing,
6) the right to transfer data (the right to data
portability),
7) the right to receive a copy of your personal data,
8) the right to lodge a complaint with the supervisory
body.
Please be advised
that due to the individual purposes of processing listed in this Privacy
Policy, the exercise of the rights of data subjects may be fully or partially
limited, e.g. due to applicable law, which obliges the Controller to process
them. Please send
inquiries regarding the protection of personal data to the Controller by
traditional mail to the above-mentioned address or by e-mail to the address: DPO.CY@fulqrumpublishing.com.
Who is the supervisory authority?
We would like to inform you about the right to lodge a
complaint to the supervisory body, Office of the Commissioner for Personal Data
Protection.
Information on automated decision making, including
profiling
What is the source of the data?
1) come directly from the data subject,
2) come indirectly from the data subject. The source of
personal data may be publicly available registers, i.e. sanctions lists.
Personal data may come from a legal entity that provides personal data of
persons designated on behalf of the legal entity to represent it or to contact
it, or to implement the provisions concluded between the parties.
What scope of personal data is processed?
The Controller processes personal data to the extent
necessary to achieve the purposes of processing indicated in the Privacy
Policy. In accordance with the principle of minimization, we process only the
scope of personal data necessary to achieve the purpose of processing.
How do we secure
personal data?
Please be advised that in order to protect privacy and
personal data, the Controller has implemented appropriate physical, technical,
organizational and legal measures to ensure the security of personal data
processing and to ensure the implementation of the rights and freedoms of
natural persons.
References to other sites
1. Please be advised that the website of the Controller
may contain references to other websites (e.g. business partners cooperating
with the Controller).
2. Please be advised that the Controller is not
responsible for the processing of personal data of other websites. Information
on the processing of personal data is made available by the Controllers to
which the abovementioned websites belong.
Processing of personal data via sales platforms
1. Please be advised that the Controller, as part of
cooperation with sales platforms, may process personal data in connection with
the offer of products and services.
2. Information on the processing of personal data to the
extent to which the Controller determines the purposes and means of the
processing of personal data, is available in the dedicated Privacy Policy
provided by the Controller on the sales platform - if applicable.
Personal data breach
notifications
We hereby inform that pursuant to Art. 34 GDPR, in the
event of a breach of personal data protection that may result in a high risk of
violation of the rights or freedoms of natural persons, the Controller shall
notify the data subject of such a personal data breach without undue delay.
Please be advised that pursuant to Art. 34 GDPR, personal data may be processed
in connection with the personal data breach referred to above. Please be noted
that the legal basis for the processing of personal data is art. 6 sec. 1 lit.
c) GDPR. Please be advised that in the event of a personal data breach, the
Controller will take all possible and available technical and organizational
measures to meet the requirements set out in art. 33 and art. 34 GDPR.
Processing of personal data using social media or
platforms
1. Please be advised that the Controller runs or can run
a fanpage(s) on social media or platforms,
2. Please be noted that the Controller is responsible for
the processing of personal data only to the extent to which he decides about
the purposes and means of processing personal data via the fanpage,
3. Please be advised that using the above-mentioned
fanpage, information on the processing of personal data is available at the
following links:
|
No. |
Entity name |
Link to the privacy
information |
|
1. |
Facbook |
|
|
2. |
LinkedIn |
|
|
3. |
X |
|
|
4. |
YouTube |
|
|
5. |
VK |
|
|
6. |
Discord |
https://discord.com/privacy |
|
7. |
Instagram |
https://help.instagram.com/519522125107875/?helpref=uf_share |
|
8. |
Steam |
|
|
9. |
TikTok |
Information about Joint controllers
The joint controllership with Facebook
|
No. |
Concerns |
Fulqrum Publishing Limited Information about joint controllership |
Facebook Ireland
Limited Information about
joint controllership |
|
1. |
Controller |
Fulqrum Publishing Limited, 27, 25 Martiou
Str., D. MICHAEL TOWER, Office 105A, Engomi, 2408, Nicosia, Cyprus, Tax No.: CY10268076B, Register No.: HE268076 |
Facebook Ireland
Limited, with its registered office at 4 Grand Canal Square, Grand Canal
Harbor, Dublin 2, Ireland |
|
2. |
Common arrangements |
Joint controllers’
common arrangements: https://www.facebook.com/legal/controller_addendum |
Joint controllers’
common arrangements: https://www.facebook.com/legal/controller_addendum |
|
3. |
Data Protection Officer (DPO) |
The Controller did not appoint the Data
Protection Officer. Inquiries regarding the protection of personal data
should be directed to the Controller by traditional mail to the Controller's
address or by e-mail to the following address DPO.CY@fulqrumpublishing.com, |
Contact details to the Data Protection Officer: https://www.facebook.com/privacy/explanation |
|
4. |
Supervisory authority |
Office of the Commissioner for Personal Data
Protection: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/contact_en/contact_en?opendocument |
Data Protection Commission, 21 Fitzwilliam
Square South, Dublin 2, D02 RD28, Ireland: https://www.dataprotection.ie/ |
The joint controllership with Instagram
|
No. |
Concerns |
Fulqrum Publishing Limited Information about joint controllership |
Facebook Ireland
Limited Information about
joint controllership |
|
5. |
Controller |
Fulqrum Publishing Limited, 27, 25 Martiou
Str., D. MICHAEL TOWER, Office 105A, Engomi, 2408, Nicosia, Cyprus , Tax No.:
CY10268076B, Register No.: HE268076 |
Facebook Ireland
Limited, with its registered office at 4 Grand Canal Square, Grand Canal
Harbor, Dublin 2, Ireland |
|
6. |
Common arrangements |
Joint controllers’
common arrangements: https://www.facebook.com/legal/controller_addendum
|
Joint controllers’
common arrangements: https://www.facebook.com/legal/controller_addendum
|
|
7. |
Data Protection Officer (DPO) |
The Controller did not appoint the Data
Protection Officer. Inquiries regarding the protection of personal data
should be directed to the Controller by traditional mail to the Controller's
address or by e-mail to the following address DPO.CY@fulqrumpublishing.com, |
Contact details to the Data Protection Officer: https://www.facebook.com/privacy/explanation |
|
1. |
Supervisory authority |
Office of the Commissioner for Personal Data
Protection: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/contact_en/contact_en?opendocument |
Data Protection Commission, 21 Fitzwilliam
Square South, Dublin 2, D02 RD28, Ireland: https://www.dataprotection.ie/ |
The joint controllership with LinkedIn
|
No. |
Concerns |
Fulqrum Publishing Limited Information about joint controllership |
Facebook Ireland
Limited Information about
joint controllership |
|
1. |
Controller |
Fulqrum Publishing Limited, 27, 25 Martiou Str., D. MICHAEL TOWER, Office
105A, Engomi, 2408, Nicosia, Cyprus Tax No.: CY10268076B, Register No.:
HE268076 |
Facebook Ireland
Limited, with its registered office at 4 Grand Canal Square, Grand Canal
Harbor, Dublin 2, Ireland |
|
2. |
Common arrangements |
Joint controllers’
common arrangements: https://legal.linkedin.com/pages-joint-controller-addendum |
Joint controllers’
common arrangements: https://legal.linkedin.com/pages-joint-controller-addendum
|
|
3. |
Data Protection Officer (DPO) |
The Controller did not appoint the Data
Protection Officer. Inquiries regarding the protection of personal data
should be directed to the Controller by traditional mail to the Controller's
address or by e-mail to the following address DPO.CY@fulqrumpublishing.com, |
Contact details to the Data Protection
Officer: https://www.linkedin.com/legal/privacypolicy?src=direct%2Fnone&veh=direct%2Fnone |
|
2. |
Supervisory authority |
Office of the Commissioner for Personal Data
Protection: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/contact_en/contact_en?opendocument |
Data Protection Commission, 21 Fitzwilliam
Square South, Dublin 2, D02 RD28, Ireland: https://www.dataprotection.ie/ |
Transferring personal
data to a third country
1. Please be advised that personal data may be
transferred to a third country, i.e. outside the EEA. In the event of
transferring personal data outside the European Economic Area, such transfer
may only take place on the terms set out in Chapter V of the GDPR:
1) pursuant to art. 45 GDPR - transfer based on an
adequacy decision,
2) pursuant to art. 46 GDPR - transfer subject to
appropriate safeguards, including the use of standard data protection clauses
adopted by the European Commission,
2. We hereby inform that the transfer of personal data
outside the EEA may involve the risk of not ensuring sufficient security of
personal data. In the event of a risk related to the transfer of personal data
outside the EEA, the Controller provides such information in this Privacy
Policy,
3. Please be advised that the list of entities outside
the EEA to which the Controller discloses personal data is available at the
request of the data subject,
4. List of entities that may transfer personal data
outside the EEA, which may not provide sufficient protection of personal data
provided for in the GDPR:
|
No. |
The name of the entity |
Link to information |
The risk related to the transfer of data outside
the EEA and the negative effects that may arise for the data subject |
|
1. |
Facebook |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
2. |
LinkedIn |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
3. |
X |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
4. |
YouTube |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
5. |
Google |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
6. |
Google Maps |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
7. |
TikTok |
https://www.tiktok.com/legal/page/us/privacy-policy/en |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative
effects indicated in recital (75) of the preamble to the GDPR: material and
non-material effects, |
Cooperation with
Platforms
The Controller
(developer) may use the services of companies specializing in providing
solutions for the video game industry, such as Xsolla. In certain cases, Xsolla
may independently determine the purposes and means of personal data processing
(e.g., for fraud prevention, compliance with financial regulations, or tax
reporting). In such instances, Xsolla acts as a separate Controller and is
fully responsible for the processing of personal data in accordance with
applicable laws.
When Xsolla
processes players’ personal data on behalf of and under the instruction of the
Controller, it acts as a data processor in the following scenarios:
1) Payment Processing on behalf of the developer
(Xsolla Pay Station) – when a player makes a payment within a game or on the
developer’s website. The player’s personal data (name, email address, IP
address, payment details) is processed to execute the transaction,
2) E-commerce Services (e.g., in-game store or game
website) – Xsolla creates and operates online stores for the developer's games.
Xsolla processes personal data of users (players) who purchase in-game items,
currency, DLC, etc.,
3) User Account Management (Account Management /
Login System) – Xsolla provides systems for login, account management, and user
registration. It may process data such as login credentials, email address,
hashed passwords, and user preferences,
4) Loyalty and Promotional Programs – including
promotional codes, marketing campaigns, and bonus activations, when carried out
on behalf of the developer. Xsolla processes player data solely for the
purposes of the developer’s specific campaign.
Further
information regarding personal data processing in cooperation with the platform
is available at: https://xsolla.com/legal-agreements.