Privacy Policy

This Privacy Policy defines the rules for storing and accessing data on Users' Devices using the Service to provide electronic services by the Administrator, and the rules for collecting and processing Users' personal data that has been provided by them personally and voluntarily through the tools available in the Service.

This Privacy Policy is an integral part of the Service Terms and Conditions, which defines the rules, rights, and obligations of Users using the Service.

§1 Definitions

Service - the "Gra Privé" online service operating at https://privegame.com
External Service - online services of partners, service providers, or service recipients cooperating with the Administrator
Administrator of the Service/Data - The Administrator of the Service and Data (hereinafter referred to as the Administrator) is the company "elnino Pawel Gniadkowski," operating at: Sygneczow 311, 32-020 Sygneczow, with the Tax Identification Number (VAT ID): PL5732576742, providing electronic services via the Service
User - a natural person for whom the Administrator provides electronic services via the Service.
Device - an electronic device along with software, through which the User accesses the Service
Cookies - text data collected in the form of files placed on the User’s Device
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Personal Data - means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Processing - means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction
Restriction of Processing - means the marking of stored personal data with the aim of limiting their future processing
Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
Consent - means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them
Personal Data Breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
Pseudonymization - means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Anonymization - Anonymization of data is an irreversible process of modifying data in such a way that it is no longer possible to identify or associate a specific record with a specific user or person.

§2 Data Protection Officer

In accordance with Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

Internal Cookies - files placed and read from the User's Device by the Service's IT system
External Cookies - files placed and read from the User’s Device by the IT systems of External Services. The scripts of External Services, which may place Cookies on the User’s Device, are intentionally embedded in the Service through scripts and services provided and installed on the Service
Session Cookies - files placed and read from the User's Device by the Service during a single session of a given Device. After the session ends, the files are deleted from the User’s Device.
Persistent Cookies - files placed and read from the User's Device by the Service until they are manually deleted. The files are not deleted automatically after the Device session ends unless the configuration of the User’s Device is set to delete Cookie files after the Device session ends.

§4 Data Storage Security

Mechanisms for storing and reading Cookie files - The mechanisms for storing, reading, and exchanging data between the Cookie Files stored on the User's Device and the Service are carried out through built-in mechanisms of web browsers and do not allow for the retrieval of other data from the User's Device or data from other websites visited by the User, including personal data or confidential information. The transmission of viruses, trojans, and other malware to the User's Device is practically impossible.
Internal Cookies - The Cookie files used by the Administrator are safe for Users' Devices and do not contain scripts, content, or information that could endanger the security of personal data or the security of the Device used by the User.
External Cookies - The Administrator makes every effort to verify and select the Service's partners in terms of User safety. The Administrator collaborates with reputable, large partners with global social trust. However, the Administrator does not have full control over the content of the Cookie files from external partners. To the extent permitted by law, the Administrator is not responsible for the security of Cookie files, their content, or their legal use by scripts installed in the Service from External Services. The list of partners is provided in a later section of the Privacy Policy.
Cookie Control
- The User may independently change the settings regarding the storage, deletion, and access to data stored in Cookie files from any website at any time.
- Information on how to disable Cookie files in the most popular web browsers:
- The User may delete all stored Cookie files at any time by using the tools on the User's Device through which the User accesses the Service.
User-Related Risks - The Administrator uses all possible technical measures to ensure the security of data stored in Cookie files. However, it should be noted that ensuring the security of these data depends on both parties, including the User's activity. The Administrator is not responsible for the interception of these data, impersonation of the User's session, or their deletion as a result of conscious or unconscious activity of the User, viruses, trojans, and other spyware that may or have infected the User's Device.
Storage of personal data - The Administrator ensures that every effort is made to keep the personal data provided voluntarily by Users safe, access to them is limited, and processing is carried out according to their intended purposes. The Administrator also ensures that every effort is made to protect the data against loss by applying appropriate physical and organizational security measures.

§5 Purposes for Which Cookie Files Are Used

Improving and facilitating access to the Service
Personalizing the Service for Users
Marketing, remarketing in external services
Compiling statistics (user statistics, visit counts, types of devices, connection types, etc.)

§6 Purposes of Processing Personal Data

Personal data voluntarily provided by Users is processed for one of the following purposes:

Providing electronic services:
- Game For Couples service
- Newsletter services (including sending advertising content with consent)
Communication between the Administrator and Users regarding the Service and data protection
Ensuring the legitimate interest of the Administrator

Data about Users collected anonymously and automatically is processed for the following purposes:

Compiling statistics
Remarketing
Ensuring the legitimate interest of the Administrator

§7 External Service Cookies

The Administrator in the Service uses JavaScript scripts and web components of partners, who may place their own Cookies on the User's Device. Please be aware that in your browser settings, you can determine the permitted Cookies that may be used by individual websites. Below is a list of partners or their services implemented in the Service, which may place Cookies:

Newsletter services:
- Mailjet
Statistical analysis:

Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, the purpose of data processing, and the use of Cookie files at any time.

§8 Types of Data Collected

The Service collects data about Users. Some of the data are collected automatically and anonymously, while others are personal data voluntarily provided by Users when registering for specific services offered by the Service.

Anonymous data collected automatically:

IP address
Browser type
Screen resolution
Approximate location
Pages visited in the Service
Time spent on a given page
Operating system type
Previous page URL
Referring URL
Browser language
Internet connection speed
Internet service provider

Data collected during registration:

First name / last name / nickname
Email address
Interests, including sexual preferences
Gender
IP address (collected automatically)

Data collected when signing up for the Newsletter service:

First name / last name / nickname
Email address
IP address (collected automatically)

Some data (excluding identifying data) may be stored in Cookie files. Some data (excluding identifying data) may be shared with statistical service providers.

§9 Access to Personal Data by Third Parties

As a rule, the only recipient of personal data provided by Users is the Administrator. The data collected as part of the services provided are not shared or resold to third parties.

Access to data (usually based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to run the Service, such as:

Hosting companies that provide hosting or related services for the Administrator
Companies providing the Newsletter service
Companies that process online payments for goods or services offered through the Service (if purchases are made in the Service)

Entrusting personal data processing - Newsletter

To provide the Newsletter service, the Administrator uses a third-party service provider, Mailjet. Data entered into the Newsletter signup form is transferred, stored, and processed by this external service provider.

Please note that the mentioned partner may modify their privacy policy without the Administrator’s consent.

Entrusting personal data processing - Hosting, VPS, or Dedicated Server services

The Administrator uses an external hosting provider, VPS, or Dedicated Server services to operate the Service - Amazon Web Services EMEA SARL, ("AWS Europe"). All data collected and processed by the Service is stored and processed in the provider’s infrastructure located within the European Union. There may be access to data as a result of maintenance work carried out by the provider's personnel. Access to this data is regulated by the agreement concluded between the Administrator and the Service Provider.

Processing of data in the case of online payments

If online payments are made, all payment-related data is transferred directly by the User to the payment provider Stripe. The selected data necessary for the transaction is then shared by this entity with the Administrator. Data sharing is regulated by the agreement between the Administrator and the Service Provider.

§10 Methods of Processing Personal Data

Personal data voluntarily provided by Users:

Personal data is transferred outside the European Union.
The transfer of data outside the EU is due to the use of services from entities located outside the EU or the publication resulting from the User's individual activity (e.g., posting comments or entries), making the data available to anyone visiting the service.
In cases of transfer or entrustment of personal data processing outside the EU, such data is processed based on an agreement between the Administrator and the Service Provider.
Personal data is used for automated decision-making (profiling).
Profiling personal data does not have legal effects or significantly affect the person whose data is subject to automated decision-making.
Personal data will not be sold to third parties.

Anonymous data (without personal data) collected automatically:

Anonymous data (without personal data) will be transferred outside the European Union.
Anonymous data (without personal data) may be used for automated decision-making (profiling).
Profiling anonymous data (without personal data) does not have legal effects or significantly affect the person whose data is subject to automated decision-making.
Anonymous data (without personal data) may be sold to third parties (e.g., paid sharing of Service statistics).

§11 Legal Grounds for Processing Personal Data

The Service collects and processes Users' data based on:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(b)
  Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract
- Article 6(1)(f)
  Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
The Act of May 10, 2018, on the Protection of Personal Data (Journal of Laws 2018, item 1000)
The Act of July 16, 2004, Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
The Act of February 4, 1994, on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)

§12 Duration of Personal Data Processing

Personal data voluntarily provided by Users:

In principle, the specified personal data is stored only for the duration of the provision of services by the Service Administrator. They are deleted or anonymized up to 30 days after the end of the service (e.g., deleting a registered user account, unsubscribing from the Newsletter, etc.).

An exception to this rule is the situation where the processing of these data is necessary to pursue legally justified purposes of further processing by the Administrator. In such cases, the Administrator will store the data indicated, from the moment the User requests their deletion, for no longer than 3 years in case of violation or suspicion of violating the provisions of the Service's regulations by the User.

Anonymous data (without personal data) collected automatically:

Anonymous statistical data, not constituting personal data, is stored by the Administrator for an indefinite period to maintain statistics for the Service.

§13 User Rights Related to the Processing of Personal Data

Right to access personal data
Users have the right to access their personal data, which can be exercised by submitting a request to the Administrator.
Right to rectify personal data
Users have the right to request the Administrator to promptly correct personal data that is incorrect or to complete incomplete personal data, which can be done by submitting a request to the Administrator.
Right to erasure of personal data
Users have the right to request the Administrator to promptly delete personal data. In the case of user accounts, the deletion of data involves the anonymization of data that enables user identification. The Administrator reserves the right to delay the fulfillment of a data deletion request to protect the Administrator's legitimate interests (e.g., if the User has violated the Service's regulations or the data has been obtained as a result of correspondence).
In the case of the Newsletter service, the User has the option to delete their personal data independently by using the link included in each email message sent.
Right to restrict the processing of personal data
Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, including when they contest the accuracy of the personal data, by submitting a request to the Administrator.
Right to data portability
Users have the right to obtain from the Administrator personal data concerning them in a structured, commonly used, and machine-readable format, which can be exercised by submitting a request to the Administrator.
Right to object to the processing of personal data
Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, which can be exercised by submitting a request to the Administrator.
Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority dealing with the protection of personal data.

§14 Contact with the Administrator

The Administrator can be contacted in one of the following ways:

Postal address - elnino Pawel Gniadkowski, Sygneczow 311, 32-020 Sygneczow
Email address - prive@privegame.com

§15 Service Requirements

Restricting the saving and access to Cookie files on the User's Device may cause some functionalities of the Service to malfunction.
The Administrator is not responsible for malfunctioning Service functionalities in cases where the User restricts the possibility of saving and reading Cookie files in any way.

§16 External Links

The Service – articles, posts, entries, or comments made by Users – may contain links to external websites with which the Service Owner does not cooperate. These links and the pages or files they point to may pose a risk to your Device or the security of your data. The Administrator is not responsible for the content found outside the Service.

§17 Changes to the Privacy Policy

The Administrator reserves the right to change this Privacy Policy at any time without the need to inform Users regarding the use and handling of anonymous data or Cookie files.
The Administrator reserves the right to make any changes to this Privacy Policy regarding the processing of Personal Data, of which Users with user accounts or subscribed to the Newsletter will be notified via email within 7 days of the changes being made. Continued use of the services implies that the changes to the Privacy Policy have been read and accepted. If a User does not agree with the changes, they are obliged to delete their account from the Service or unsubscribe from the Newsletter.
Changes made to the Privacy Policy will be published on this subpage of the Service.
The changes take effect upon their publication.