Effective date 1st March 2020
Latest update: 13th March 2020
Personal data protection has always been treated as one of important aspects of TATE Multimedia S.A. operation. Being an independent developer and game publisher operating not only in Europe, but also in North America and Asia, we feel responsible for the safety of the personal data we process in connection with our operation.
Our aim is also to adequately inform you about issues connected with personal data processing, in particular in view of the provisions on personal data protection applicable in the European Union, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU, L No. 119, p. 1) (hereinafter also referred to as “GDPR”) and other currently applicable, i.e. throughout the period in which certain data are processed, legal regulation concerning personal data protection. For this reason, in this document we inform about the legal grounds for the processing of personal data, manners in which they are collected and used, as well as about the rights connected with it.
Who is the personal data controller?
Your personal data will be processed by: “TATE MULTIMEDIA” S.A. with its registered office at: ul. Postępu 14B, 02-676 Warszawa entered in the Register of Entrepreneurs kept by the District Court for the capital city of Warsaw. in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0000134169, NIP: 9510042485, REGON: 010782874, share capital in the amount of PLN 1,200,000, hereinafter referred to as the: “DATA CONTROLLER” or “TATE”
Regarding any issues connected with the processing of personal data it is possible to get in touch with the Data Controller by a letter sent to the above-mentioned correspondence address or through the following forms of contact:
tel.: +48 22 161 50 50
What are personal data and what does their processing mean?
Personal data are information relating to an identified or identifiable natural person. In fact any activity on personal data can be described as the processing of personal data, irrespective of whether it is conducted in an automated manner or not, e.g. collection, storage, recording, sorting out, modification, browsing, use, making them available, restriction, deletion or destruction. The Data Controller processes personal data for various purposes, and depending on the purpose various ways of collection, legal bases for processing, use, disclosure and storage periods may apply.
Am I obliged to provide the personal data?
Any information relating to you which is collected through the forms available on the following websites:
hereinafter referred to as the: “WEBSITES” are provided on a voluntary basis.
For what purpose, on what basis and for how long are personal data processed?
The Data Controller exercises special care to protect the interests of data subjects, and, in particular, ensures that the data it collects are:
- processed lawfully, fairly and in a transparent manner in relation to the data subject;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Data Controller processes your personal data to the extent to which they have been made available to it through the forms available on the Websites (and, in particular, your e-mail address), on the basis of your freely given consent (Article 6.1 (a) GDPR), which, depending on its content, allows processing of personal data for:
- marketing of the services and products offered by TATE and the subsidiaries;
- sending information bulletins (newsletters),
- providing commercial information through means of electronic communication by the Data Controller,
- providing the possibility of using other services made available on the website
The personal data you have provided on the basis of the consent are stored by the Data Controller only until you object to their processing or until the moment when you withdraw consent for processing – unless the applicable regulations require a longer data storage period. You can withdraw the consent at any time through, in particular, a special link located at the bottom of each message received from the Data Controller.
The products featured on the Websites are aimed at all clients aged 16+. The Data Controller informs that it does not intentionally collect any personal data from minors (children). If the Websites’ user indicates that he/she is a minor, the Data Controller will: (1) not allow them to enter personal data, (2) collect certain data only for limited purposes, (3) block or limit the child’s access to the services and products (4) obtain the parents’ consent for use of their children’s personal data in full compliance with the applicable law.
When a reference is made to children, they should be understood as persons aged under 16 or person of the minimum age in a given area, if it is over the age of 13, as per Article 8 GDPR.
The Controller suggests that parents inform their children about rules of communication in the internet and disclosure of data in the internet, as well as the risks it involves.
Does the Data Controller provide the data to anybody else?
The access to the data processed by the Data Controller can be also granted to: persons who are employed by the Data Controller, entities which organise marketing campaigns and activities on its behalf, entities which provide analytical, programming, accounting, payroll, legal, tax, audit and other services for it, postal and courier companies, providers of storage space in the cloud, providers of services which consist in conducting mailing and telecommunications campaigns, as well as providers of e-mail services and other tools which facilitate communication with the Data Controller.
Are personal data transferred abroad?
The Data Controller will not process your personal data outside the European Economic Area (EU countries, Iceland, Lichtenstein and Norway), in which strict data protection regulations are in force. It may happen, however, that the data will be sent outside the EEA by the entities which process personal data on the Data Controller’s behalf, such as providers of electronic mail, storage space in the cloud, services which consist in conducting mailing campaigns, etc. The Data Controller will make every effort to ensure that such data flows take place in compliance with law.
What are your rights in connection with making personal data available?
The Data Controller ensures fulfilment of all rights under GDPR, i.e. the right to obtain information about the content of the data processed, right of access to personal data and right to request that they are rectified, deleted, their processing is restricted, they are moved to another data controller, as well as the right to object to automatic processing of data (profiling).
Furthermore, to the extent to which the consent constitutes the basis for the processing of personal data you have the right to withdraw it at any time, which will, however, not affect the lawfulness of the processing that was performed on the basis of the consent prior to its withdrawal.
You also have the right to lodge a complaint with the supervisory authority which deals with personal data protection, i.e. Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, telephone 22 531 03 00, fax. 22 531 03 01, firstname.lastname@example.org, Hotline 606-950-000.
Does the Data Controller take decision automatically?
Certain information we collect in connection with the use of our Websites may be processed in an automatic manner (including, in the form of profiling), but it will not lead to any legal effects for you, or similarly have significant influence on your situation. We pay particular attention to the issue of profiling, and indicate that:
- for the needs of profiling we do not process any sensitive data,
- for the needs of profiling we usually process data which have already been subject to pseudonimisation or data which have been aggregated by us.
- if we are not able to achieve a purpose by other means than profiling of personal data which have not been pseudonimised or aggregated, we use typical data: e-mail address and IP or cookies;
- we conduct profiling in order to analyse or forecast personal preferences and interests of the persons who use our Websites, products or services, and match the content of our Websites or products to those preferences;
- we conduct profiling for marketing purposes, i.e. to match the marketing offer to the above-mentioned preferences.
In order to ensure top quality of the services and adapt the Websites to your needs, the Data Controller uses cookie files.
Cookie files (also referred to as cookies) are small pieces of information in the form of a short sequence of characters which are stored in the memory of your device. Access to those files allows the Data Controller to identify, at a later date, your device and adapt the website’s settings to it. The information stored does not introduce any configuration changes to your device and software. They can be deleted at any moment by means of the internet browser’s appropriate function.
There are various types of cookies. The website uses “session” and “persistent” cookies. “Session” cookies are removed from your computer immediately after you close the internet browser. On the other hand, “persistent” cookies are stored on your computer also after your browser is closed – the maximum period of such storage is determined separately for each cookie.
The cookies used by the Data Controller allow achieving the following purposes:
- they allow personlisation of the Websites’ appearance and content for each user,
- they allow data exchange between the platforms operating as part of the Website,
- they are used in the process of Website user’s authententication and prevent abuse in that area,
- they remember action taken by the Websites’ user, thanks to which after leaving them the user does not have to e.g. fill in forms,
- they allow personalisation of ads and marketing communication during the visit to a Website and in messages sent to the Websites’ users,
- they allow sending Data Controller’s ads outside the Website, e.g. to persons who have already visited the Website and/or can be potentially interested in the Data Controller’s services.
- they allow measuring the effectiveness and settlement of marketing activities’ effects.
- they collect statistical information about the traffic on the Websites.
On the basis of the above-mentioned rules and for the purposes described above, there are also other mechanisms used by the Websites, such as localStorage, which works on the basis of the same rules as persistent cookie files, but is able to store more information.
The Websites also feature scripts of external partners which can also store data on your device. The storage mechanisms and rules used may differ from those which are provided for in this privacy and cookies policy. More information on that can be found on the websites of our respective partners. They include, among others:
- Sony Computer Entertainment
The list of the above-mentioned entities keeps changing, and is up to date as of the day on which this document was drawn up.
You can decide about whether you want to store cookies on your device and which ones. Relevant details can be found on the website of the internet browser’s provider.
- Information on some of your behaviour is logged in the server layer. These data are used only to manage the Websites and in order to ensure the smoothest possible handling of the hosting services provided.
- The resources browsed are identified through URL addresses. Furthermore, what may also be recorded is the time of the inquiry receipt and time of sending the answer, name of the client’s station – the identification is conducted through the HTTP protocol, information about errors which occurred in performance of the http transaction, URL address, websites previously visited by the user (referer link) – in the case in which the Websites were visited through a link, the information about the user’s browser, information about the IP address.
- The above-mentioned data are not matched with specific persons who browse the Websites.
- The above-mentioned data are used only for server administration purposes.
- At the same time, we would like to inform you that we may be obliged to disclose information about the IP number of a given user of the Websites at the request of authorised state authorities – on the basis of applicable regulations – in connection with the proceedings they conduct.