- The Data Controller
The controller of the personal data is QUBICGAMES JOIN-STOCK COMPANY based in Siedlce (postcode 08-110), ul. Katedralna 16, entered in the Register of Entrepreneurs of the National Court Register under KRS number 598476, whose registration files are held by the District Court Lublin Wschód in Lublin with registered office in Świdnik, VI Commercial Division of the National Court Register, with share capital of 982 000.00 PLN fully paid, NIP: 8212515641, REGON: 141229265 (hereinafter referred to as the controller). In matters related to personal data, please contact: rodo@qubicgames.com.
This Privacy Policy applies to all cases in which the data controller processes personal data collected from visitors to the controller’s website.
This Privacy Policy also fulfils the information obligation referred to in Article 13 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as General Data Protection Regulation or GDPR).
- Personal data
Personal data means information about an identified or identifiable natural person. The processing of personal data is basically any action on personal data, whether or not carried out by automated means, such as collection, storage, recording, organisation, modification, consultation, use, disclosure, restriction, erasure or destruction.
The controller collects from persons (hereinafter also referred to as the Users) visiting the controller’s website personal data collected by cookies, i.e. the controller processes the data the user provides or makes available in the browsing history as part of using the controller’s services – website or application (together with automated analysis of the user’s activity on the website and in the applications). The controller also processes data collected during the user’s activity on the controller’s website, including, but not limited to, the places visited on the controller’s website, the time of the visit to a given place, information about the end device or browser.
The data controller processes personal data obtained from visitors to the controller’s website:
1) on the basis of Article 6(1)(a) GDPR, i.e. on the basis of a separate consent, in order to:
(a) to conduct analyses and statistics;
b) marketing the controller’s own services;
2) on the basis of Article 6 (1) (c) GDPR, in order:
b) fulfilment of a legal obligation to the controller;
3) on the basis of Article 6(1)(f) GDPR, i.e. the controller’s legitimate interest, in order to:
(a) marketing of own services,
(b) analyse the quality of the services provided.
The controller indicates that whenever the controller processes personal data on the basis of the legitimate interest of the controller, the controller endeavours to analyse and balance the interest of the controller and the potential impact on the data subject (positive as well as negative) and the data subject’s rights under data protection legislation. The controller shall not process personal data on the basis of its legitimate interest if it concludes that the impact on the data subject would prevail over the interest of the controller (in such a case the controller may process the personal data, e.g. with the data subject’s consent).
The period of personal data processing by the controller depends on the legal basis justifying the processing of personal data by the controller:
- where the controller processes personal data on the basis of consent, the period of processing shall last until the data subject withdraws that consent;
- where the controller processes personal data on the basis of a legitimate interest of the controller, the processing period lasts until the abovementioned interest ceases to exist or until the data subject objects to further processing – in situations where such an objection is legitimate under the law;
- where the controller processes personal data because it is necessary as a result of applicable legislation, the data processing periods for that purpose shall be determined by that legislation.
Individuals whose personal data is processed by the Controller have the following rights:
1) the right of access to the content of one’s personal data, i.e. the right to obtain confirmation as to whether or not the controller is processing the data and information on such processing,
2) The right to rectify the data, if the data processed by the controller are incorrect or incomplete,
3) The right to request the controller to delete the data,
4) The right to demand from the controller the restriction of data processing,
5) the right to data portability, i.e. the right to receive personal data provided to the controller and to send them to another controller,
6) The right to object to the processing of data on the basis of a legitimate interest of the controller or to the processing for direct marketing purposes,
7) the right to lodge a complaint to the Polish supervisory authority or to the supervisory authority of another Member State of the European Union competent for the place of habitual residence or work of the data subject, or for the place of the alleged breach of the GDPR,
8) the right to withdraw consent at any time (without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal),
9) The right to obtain human intervention on the part of the controller, to express one’s point of view and to contest a decision based on automated data processing.
The rights mentioned in points. 1)-6) and points. 8)-9) above can be exercised, among others, by contacting the e-mail address: rodo@qubicgames.com or the controller’s address.
Transfer of personal data to other entities
The recipients of the personal data may be, in particular, entities directly or indirectly related to the controller, in particular in an organisational or personal capacity, which would be established in one of the Member States of the European Union, as well as external service providers (e.g. IT service providers, entities providing services within the scope of marketing and promotional activities, other entities processing data on behalf of the controller on the basis of an agreement on entrusting the processing of personal data), accountants, auditors, lawyers.
Personal data are processed on the controller’s premises. Personal data may be transferred to countries outside the European Union. In case of transferring personal data to third countries outside the EU, the controller shall apply appropriate instruments to ensure the security of personal data.
No profiling
The controller does not process personal data by automated means (including profiling).
3 Cookies
To a limited extent the controller collects personal data automatically by means of cookies on the controller’s website. Cookies are small text files saved on the user’s computer or other mobile device (phone, tablet) when the user uses the controller’s website. These files are used, among others, to make use of various functions provided for on the website or to confirm that a given user has seen certain content.
The controller uses two types of cookies: session and permanent. Session files are temporary files that are stored on the user’s device until the user leaves the controller’s website or closes the browser. Permanent files are stored on the user’s device for the time specified in the parameters of these files or until they are deleted by the user.
The controller uses the following cookies:
- files necessary for the operation of services and applications – enabling the use of controller services, e.g. authentication cookies used for services that require authentication;
- cookies used to ensure security, e.g. used to detect abuse of authentication
- performance files – enabling the collection of information on the use of websites and applications;
- functional – enabling “remembering” the user’s selected settings and personalizing the user interface, e.g. font size, appearance of the website and applications, etc;
- statistical files – used to count the statistics of websites and applications.
Most browser settings allow the storing of cookies by default. If you do not agree to save these files on your device, you must change the settings of your Internet browser accordingly. The change can consist in not storing cookies on your device or informing you each time when a given file is stored on your device. You can also delete files from your device each time after visiting the controller’s website. Detailed information on the possibility and methods of using cookies are available in the settings and in the Help section of your Internet browser. However, the controller asks you to remember that restrictions on the use of cookies can make it difficult or impossible to use the website.
By setting your device’s browser to allow cookies to be stored, you consent to cookies being stored on your device.
4 Final provisions
Due to the continuous development and progress of technology the rules set out in this document may change. The controller shall inform about any change of the rules by publishing an appropriate announcement on its website.