PRIVACY POLICY

Heroes of Chronar Registration system

  1. The Controller of personal data.

    The controller of Users’ personal data (the “Controller”) is Stribog Games Spółka z ograniczoną odpowiedzialnością (a limited liability company incorporated under the laws of Poland) with its registered office in Kraków at the address: ul. Promienistych 1, 31-481 Kraków, entered into the register of entrepreneurs of the Polish National Court Register by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register, under the KRS number: 0000748567, having a tax registration number NIP: 9452221951, statistical number REGON: 381299995, share capital: PLN 50.000,00.

  2. Contact with the Controller

    The Controller can be contacted via email: privacy@striboggames.com or via the Data Protection Officer.

  3. Data Protection Officer

    The Controller processes the following types of personal data:

    1. First name, last name (if indicated in email address) and email address,
    2. Nickname used by the User to register in Heroes of Chronar.

    When does the Controller collect personal data?

    Personal data is collected:
    1. During registration process on Heroes of Chronar’s website,
    2. In the case of an invitation to register – at the time of indicating the person invited by the user who transfers the invitation to register in Heroes of Chronar.

    Why does the Controller collect personal data?

    1. To allow the Users to register in Heroes of Chronar and obtain the subscription,
    2. To allow the Users to invite other Users to register in Heroes of Chronar,
    3. To provide to the Users the gift in Heroes of Chronar for the invitation sent to other User,
    4. To properly manage the operation of Heroes of Chronar and all accompanying services,
    5. To communicate with the Users who have registered in Heroes of Chronar,
    6. To prevent transmission of illegal content,
    7. For analytical and statistical purposes – in order to improve the performance of Heroes of Chronar,

    From whom is the personal data obtained?

    Personal data come from the Users who have registered in Heroes of Chronar’s website or – if the User invited another User to register – personal data of invited Users come from the User who has sent the invitation.

    On what bases does the Controller process personal data?

    1. Consent of a parent or legal guardian for Users under 16 years of age - Articles 6(1)(a) and 8(1) GDPR – to the extent within which other bases do not apply.
    2. The User's consent – Article 6(1)(a) GDPR – to the extent within which other bases do not apply, in particular with regard to registration in Heroes of Chronar.
    3. Performance of the agreement for the provision of services provided by electronic means or steps prior to entering into the agreement taken at the request of the data subject (with respect to the subscription provided to the User after registration, as well as allowing the User to obtain gifts given for invitation of other User to Heroes of Chronar) - Article 6(1)(b) GDPR.
    4. Compliance with legal obligations to which the Controller is subject to (with respect to maintaining registers and documentation in accordance with the provisions of generally applicable law, including tax-related obligations) - Article 6(1)(c) GDPR.
    5. Legitimate interests of the Controller with respect to:
      • conducting analyses and gathering statistical data to improve the performance of the Games,
      • managing the registration process,
      • establishing records and registers related to the processing of personal data in accordance with GDPR,
      • marketing purposes of the Controller and third parties related to the Controller,
      i.e. processing based on Article 6(1)(f) GDPR.
    6. To prevent transmission of illegal content,
    7. For analytical and statistical purposes – in order to improve the performance of Heroes of Chronar,

  4. Processing of childrens’ personal data

    The Controller processes the personal data of children upon the consent of their legal guardian to the extent necessary to allow them to use the Game. The Controller does not knowingly take any action to obtain personal data of children under 16 years of age from direct advertising or advertisements tailored to the recipient's interests, nor does the Controller direct such ads to children under 16 years of age.

  5. Who can be the recipient of personal data?

    The recipients of the Users' personal data processed by the Controller may be:
    1. Entities providing services to the Controller – with respect to server hosting or similar services, services concerning the analysis of data connected with Heroes of Chronar’s performance.
    2. Entities providing legal services to the Controller,
    3. Entities with equity or personal relations with the Controller – within the scope of developing, publishing and making registration to the Heroes of Chronar available to Users on behalf of the Controller,
    4. Traffic Attribution Providers and User Acquisitions Advisors

  6. How long does the Controller store personal data?

    1. The Controller stores the data for the following periods:
      1. With respect to personal data processed on the basis of consent – until the User revokes their consent or until the purpose of processing is achieved, but in no case longer than until the User ceases using the Game or the purpose of processing is achieved.
      2. With respect to personal data necessary for provision of services by electronic means and the performance of the agreement for provision of services by electronic means – for the period necessary for provision of services by electronic means, but no longer than till the expiry of the limitation periods for claims related to the services provided.
      3. With respect to personal data processed on the basis of the legitimate interests of the Controller – until an effective objection is filed or until the purpose of processing is achieved, no longer however than 15 years, calculated from the end of the year in which the processing began.
      4. With respect to personal data processed for analytical purposes or the purposes related to the administration of the Games – until the moment such data becomes outdated or no longer relevant.
    2. When a request is made to exercise the right to be forgotten, each application is considered individually.

  7. Does the Controller transfer personal data to third countries?

    1. The Controller uses services and technologies offered by third parties, including those incorporated in countries outside the European Union, such as the United States. the United Kingdom or Israel, which under GDPR are treated as third countries.
    2. GDPR restricts the possibility of transferring personal data to third countries, as such countries may not ensure an adequate level of protection of personal data of European Union citizens and as European law does not apply there. Each controller is obliged to determine the legal basis for such transfer of personal data.
    3. The Controller warrants and represents that in connection with the use of services and technology, personal data is transferred to the entities using standard contractual clauses, in accordance with the decision of the European Commission 2021/914 on standard contractual clauses for the transfer of personal data to third countries, as well as entities which guarantee compliance with previously applicable Privacy Shield, to the extent that they still ensure adequate protection of personal data
    4. The Controller will at any time provide you with additional explanations on the transfer of personal data, and you have the right to obtain a copy of the personal data transferred to a third country at any time.

  8. What are the rights of persons whose personal data are processed?

    • The User whose personal data are processed by the Controller, has the right to:
      1. Access their personal data and receive a copy thereof,
      2. Request that their personal data be corrected or supplemented,
      3. Request that their personal data be deleted – the User may request that their data be deleted if they are convinced that there are no bases for the Controller to process their personal data and that there are no grounds for the data being processed in future.
      4. Request that the processing of their personal data be restricted – the User may demand that the Controller limit the processing of the User’s personal data only to storing or performing activities agreed with the User, if the data are incorrect or processed without legal basis, or the User does want the data deleted due to the need to store the data in order to establish, pursue or defend claims, or for the time necessary for an objection to the processing of personal data to be considered.
      5. File an objection to the processing of personal data:
        • Processing of personal data for direct marketing purposes: the User has the right to object to the processing of their personal data for direct marketing purposes. Exercising this right causes the Controller to stop processing personal data.
        • Objection on grounds of particular situation: the User has the right to object to the processing of their personal data on the basis of a legitimate interest for purposes other than direct marketing. The objection should then indicate what kind of a particular situation concerns the User that justifies the request to stop processing personal data. The Controller will stop processing the personal data for these purposes unless the Controller demonstrates that the bases for further processing take precedence over the rights of the User or that the data are necessary to establish, pursue or defend a claim.
      6. Data transfer – the User has the right to receive, in a structured, commonly used machine-readable format, personal data concerning them and which have been transferred to the Controller on the basis of consent given by the User. The user may ask that the Controller transmit them directly to another entity.
    • For Users domiciled in California (USA), the California Consumer Privacy Act (CCPA) allows companies to prohibit the sale of state residents' personal information to third parties. The Controller stipulates that although the provision of personal data to advertising partners described in this Policy may be deemed as selling data within the meaning of the CCPA, the Controller does not sell any personal data. If a California resident does not want their personal information to be transmitted to other recipients, they should update the privacy settings or provide the Controller with a request not to sell their personal information.
    • The User can exercise their rights by sending an email to the address: privacy@striboggames.com.

  9. Can I withdraw my consent for processing my personal data?

    1. If the personal data is processed on the basis of the User's consent, they may at any time withdraw their consent to the processing of personal data.
    2. Withdrawal of consent to the processing of personal data shall not affect the lawfulness of processing based on consent before its withdrawal.
    3. The user can exercise their right by sending an email to the address: privacy@striboggames.com.

  10. Right of complaint to the supervisory authority

    1. If a User believes their personal data is being unlawfully processed, they may file a complaint with the supervisory authority.
    2. The lead supervisory authority with whom a complaint concerning the processing of personal data can be filed is the Polish authority – the President of the Personal Data Protection Office.

  11. Is it necessary to provide personal data?

    The provision of personal data is voluntary. It is however required if a User wishes to register in Heroes of Chronar or invite other Users to the registration process.

  12. Use of server logs

    1. Information about some events triggered by Users is saved as a server log.
    2. The data in the form of server logs are used exclusively for the purpose of proper administration of the registration process and to ensure the smooth operation of Heroes of Chronar’s website and its functionalities.
    3. They following may be recorded:
      1. device’s mark and model;
      2. hardware identifier;
      3. type and version of the operating system;
      4. date and time of login,
      5. User’s device’s IP address.
    4. User action logs may also be recorded, which are then available in the tools supporting Heroes of Chronar’s website functionalities.
    5. The data described in section 2 above are not associated with specific Users and are used only for the proper administration of the process of registration and to ensure its continuous operation via website.

  13. Does the Controller use profiling and automated decision-making?

    1. The Heroes of Chronar’s system of registration can use technologies that allow automated decision-making with respect to Users.
    2. The Heroes of Chronar’s system of registration does not use technologies that allow profiling with respect to Users. The Controller does not use profiling in regard to Users below the age of 16.
    3. Automated decision-making is based on data about the Users' who have invited other Users to the registration process.
    4. Automated decision-making is designed to enable the User to obtain gifts in the Heroes of Chronar in case of successful registration of the User who has been invited.
    5. Automated decision making is lawful as it serves the Controller's legitimate interest in ensuring that the Users who have taken additional action by inviting other Users to register in Heroes of Chronar, are given the gifts in the Heroes of Chronar.
    6. Decisions made as described above may have an impact on the User's situation, , changes in the state of the User's situation in the game due to obtaining extra House of Chronar’s internal gifts..
    7. If the User does not agree with the decision made in an automated way, he is entitled to object. The User may contact the Controller with respect to the purpose of filing and objection by sending an email to the address: privacy@striboggames.com.
    8. The Controller guarantees that each User's objection will be considered by an appropriate person authorized to analyze such requests and make decisions about them. Notifications are not analyzed through the IT system.

  14. Final provisions

    1. To the extent not covered in this Privacy Policy, the laws on personal data protection apply.
    2. The User will be notified of any changes to this Privacy Policy by publishing a new text of the Privacy Policy on the Controller's website.
    3. Any amendments hereto shall enter into force on the date of publishing of the new Privacy Policy.
    4. This Privacy Policy is effective from 1.07.2022