ugrnd
newsgamingtechmovies

PRIVACY POLICY

TABLE OF CONTENTS:

  • GENERAL PROVISIONS
  • BASIS FOR PROCESSING PERSONAL DATA
  • PURPOSE, BASIS, DURATION, AND SCOPE OF DATA PROCESSING ON THE WEBSITE
  • DATA RECIPIENTS ON THE WEBSITE
  • PROFILING ON THE WEBSITE
  • RIGHTS OF THE DATA SUBJECT
  • COOKIES ON THE WEBSITE, OPERATIONAL DATA, AND ANALYTICS
  • FINAL PROVISIONS

GENERAL PROVISIONS

This Privacy Policy of the Online Service is for informational purposes only, which means that it does not create obligations for Users of the Online Service. The Privacy Policy primarily defines the rules regarding the processing of personal data by the Administrator on the Online Service, including the bases, purposes, and scope of processing personal data, as well as the rights of individuals whose data is processed. It also includes information regarding the use of cookies and analytical tools on the Online Service.

Personal data on the Online Service is processed by the Administrator in accordance with applicable laws, particularly in compliance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – referred to as “GDPR” or “Regulation GDPR.” Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

The use of the Online Service, including entering into agreements, is voluntary. Similarly, providing personal data by the User of the Online Service is voluntary, with two exceptions: (1) entering into agreements with the Administrator – failure to provide personal data in cases and to the extent indicated on the Online Service page and in the Online Service Regulations and this Privacy Policy, which is necessary to conclude and perform an agreement for the provision of electronic services with the Administrator, will result in the inability to conclude such an agreement. Providing personal data in such cases is a contractual requirement, and if the individual wishes to enter into an agreement with the Administrator, they are required to provide the necessary data. The scope of data required for agreement conclusion is always indicated in advance on the Online Service page and in the Online Service Regulations; (2) statutory obligations of the Administrator – providing personal data is a legal requirement arising from universally binding legal regulations obligating the Administrator to process personal data (e.g., processing data for maintaining tax or accounting records), and failure to provide such data will prevent the Administrator from fulfilling these obligations.

The Administrator exercises particular care to protect the interests of individuals whose personal data is processed, and specifically ensures that the data collected is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) materially accurate and adequate for the purposes for which they are processed; (4) stored in a form that allows the identification of individuals for no longer than necessary to achieve the processing purpose; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Considering the nature, scope, context, and purposes of processing, as well as the risks of rights or freedoms of natural persons with varying probabilities and severity of threats, the Administrator implements appropriate technical and organizational measures to ensure processing is conducted in compliance with this Regulation and to demonstrate compliance. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized individuals from obtaining and modifying personal data transmitted electronically.

All words, expressions, and acronyms used in this Privacy Policy and starting with a capital letter (e.g., Service Provider, Online Service, Electronic Service) should be understood in accordance with their definition contained in the Online Service Regulations available on the Online Service pages.

BASIS FOR PROCESSING PERSONAL DATA

The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, particularly if the data subject is a child.

The processing of personal data by the Administrator requires the existence of at least one of the bases mentioned in Section 2.1 of this Privacy Policy. Specific bases for processing the personal data of Online Service Users by the Administrator are indicated in the subsequent section of this Privacy Policy concerning the purpose of processing personal data by the Administrator.

PURPOSE, BASIS, PERIOD, AND SCOPE OF DATA PROCESSING IN THE ONLINE SERVICE

The purpose, basis, period, scope, and recipients of personal data processed by the Administrator are determined by the actions taken by the specific User on the Online Service.

The Administrator may process personal data on the Online Service for the following purposes, based on the following grounds, for the following periods, and within the following scope:

  • Execution of an agreement for the provision of Electronic Services or taking actions at the request of the person whose data is involved prior to the conclusion of the aforementioned agreements
  • Direct marketing
  • Marketing
  • Maintaining tax or accounting records

RECIPIENTS OF DATA IN THE ONLINE SERVICE

For the proper functioning of the Online Service, including the execution of agreements for the provision of electronic services, it is necessary for the Administrator to use the services of external entities (such as software providers). The Administrator uses only the services of such data processors that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that processing complies with the requirements of the GDPR and protects the rights of data subjects.

Data transfer by the Administrator does not occur in every instance and not to all recipients or categories of recipients mentioned in this Privacy Policy. The Administrator transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary to achieve that purpose.

The personal data of Users of the Online Service may be transferred to the following recipients or categories of recipients:

PROFILING IN THE ONLINE SERVICE

The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and—at least in such cases—provide significant information about the principles of such decision-making, as well as the importance and anticipated consequences of such processing for the data subject. In view of this, the Administrator provides the following information about possible profiling in this Privacy Policy.

The Administrator may use profiling on the Online Service for direct marketing purposes, but decisions made based on profiling do not concern the conclusion or refusal to conclude a contract for the provision of services electronically, or the ability to use Electronic Services on the Online Service. The result of profiling on the Online Service may include, for example, sending proposals that may align with the interests or preferences of a person, or offering better terms compared to the standard offer of the Online Service. Despite profiling, the individual freely decides whether to take advantage of the received discount or better terms and proceed with a purchase on the Online Service.

Profiling on the Online Service involves the automated analysis or forecasting of an individual's behavior on the website or through the analysis of past activity history on the Online Service. Such profiling requires the Administrator to have personal data of the individual in order to send, for example, a discount code.

RIGHTS OF THE DATA SUBJECT

Right to access, rectify, restrict, delete, or transfer data - The data subject has the right to request access to their personal data, its rectification, deletion (“right to be forgotten”), restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising these rights are specified in Articles 15-21 of the GDPR.

Right to withdraw consent at any time - If the Administrator processes data based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), the data subject has the right to withdraw their consent at any time without affecting the lawfulness of processing carried out based on the consent before its withdrawal.

Right to lodge a complaint with a supervisory authority - A person whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in accordance with the procedures specified in the GDPR and Polish law, particularly the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

Right to object - The data subject has the right to object at any time—on grounds relating to their particular situation—to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such cases, the Administrator may no longer process the personal data unless it demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

Right to object to direct marketing - If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, insofar as it is related to such direct marketing.

To exercise the rights mentioned in this section of the Privacy Policy, you can contact the Administrator by sending a relevant message in writing or by email to the address provided at the beginning of this Privacy Policy, or by using the contact form available on the Online Service’s website.

COOKIES IN THE ONLINE SERVICE, OPERATIONAL DATA, AND ANALYTICS

Cookies are small text files sent by a server and saved on the side of the person visiting the Online Service (e.g., on the hard drive of a computer, laptop, or smartphone memory card—depending on the device used to visit our Online Service). Detailed information about cookies and their history can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.

The Administrator may process data contained in cookies when visitors use the Online Service for the following purposes: identifying Users as logged into the Online Service and showing that they are logged in.

By default, most web browsers available on the market accept the storage of cookies. However, it is possible for everyone to define the terms of use for cookies via their web browser settings. This means, for instance, limiting (e.g., temporarily) or completely disabling the ability to store cookies—in the latter case, however, this may affect some functionalities of the Online Service.

The web browser settings regarding cookies are significant in terms of consent to use cookies by our Online Service—according to the regulations, such consent can also be expressed through the settings of the web browser. If such consent is not provided, the web browser settings for cookies should be appropriately changed.

Detailed information about changing cookie settings and independently deleting cookies in the most popular web browsers can be found in the help section of the respective web browser.

The Administrator may use services such as Google Analytics, Universal Analytics, and Google Tag Manager provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA); tools provided by Gemius SA (ul. Domaniewska 48, 02-672 Warsaw); and tools provided by Alexa Internet, Inc. (Presidio Building 37, San Francisco, CA 94129-0141, USA). These services help the Administrator analyze traffic on the Online Store. The collected data is processed within these services in an anonymized way (these are so-called operational data that do not allow the identification of a person) to generate statistics that help in administering the Online Store. These data are aggregated and anonymous, meaning they do not include identifying features (personal data) of people visiting the Online Store. By using these services, the Administrator collects such data as the sources and medium of acquisition of visitors to the Online Store, their behavior on the Online Store’s page, information about devices and browsers used to visit the site, IP and domain data, as well as geographic, demographic (age, gender), and interest data.