POLICY ON THE PROCESSING OF PERSONAL DATA OBTAINED THROUGH THE WEBSITE https://creepyjar.com/
(the website of the company Creepy Jar S.A. based in Warsaw)
We make the utmost effort to protect your privacy and personal information. In order to implement the above, we operate on the basis of the most modern standards and technologies to ensure the security of personal data, including, in particular, minimizing the risk of interception of personal data by third parties, unauthorized modification, loss or damage.
Please read the Policy before submitting any data.
By using our website, you accept the Policy, which includes information about the manner, scope and purpose of obtaining and processing your Personal Data.
We would like to inform you that you can visit our website without disclosing your Personal Data. In this case, we only collect data about your visits to our site (cookies), including in particular your IP address, browser type, operating system name. They are used for statistical purposes only and do not allow association with your person.
I. GENERAL PROVISIONS
1. The purpose of the Policy is to explain the principles under which Personal Data is processed and to discuss the basic rights of persons whose Data is processed by the Controller,
2. Terms used in the Policy mean:
Creepy Jar S.A., based in Warsaw, Poland (zip code: 01-360) at ul. Człuchowska 9, registered in the District Court for the City of Warsaw in Warsaw, XIV Economic Department of the National Court Register under the number KRS 0000666293
Data, Personal data
personal data which is information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person
Persons natural person(s) whose Data is Processed by the Controller Policy this Personal Data Processing Policy
an operation or set of operations performed on Personal Data or sets of Personal Data by automated or non-automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
( OJ.EU.L.2016.119.1 as amended)
act of 10 May 2018 on the protection of personal data ( Dz.U.2018.1000 as amended)
II. PERSONAL DATA CONTROLLER
1. The Controller of the Personal Data provided to the Company by the website is the Company.
2. Contact with the Controller is possible through the Company’s mailing address, i.e. ul. Człuchowska 9, 01- 360 Warsaw, as well as via e-mail address: email@example.com and at tel: +48 22 300 08 25.
3. The Controller shall ensure that the Data is collected only to the extent necessary for the indicated purpose and only for the period of time for which it is necessary.
4. The Controller shall ensure that the Data entrusted to it is Processed in accordance with the provisions of the GDPR and the Act, based on the Controller’s internal documentation.
III. TYPE OF PERSONAL DATA
1. The Controller processes Personal Data necessary for the specific purpose of Processing, in particular, IP address, browser type, operating system name, number of visits.
2. Provision of Data is voluntary. In the case of cookies, each Person has the right to refuse to provide data by this means, as well as to configure the scope of data provided to the Controller through cookies.
IV. SCOPE, DURATION AND PURPOSES OF PERSONAL DATA PROCESSING
1. Scope and source of Data
a. The Controller obtains Data directly from a Person by collecting data as part of the visitor’s cookies https://creepyjar.com/ .
b. The Controller also obtains Data from Microsoft Corporation, in connection with the Controller’s release of games for the XboX platform.
2. Purpose of the Processing
In the case of Data collected via cookies, the Controller processes the Data in order to keep statistics on website visits and to improve the experience of users visiting the website (legal basis: Article 6(1)(a) of the GDPR, Article 6(1)(f) of the GDPR).
In the case of Data obtained from Microsoft Corporation, the Controller shall process the Data solely for the purpose of correcting bugs that appear in games released by the Controller.
3. Data retention period
Personal Data will be kept for the period of Creepy Jar S.A.’s existence. The Controller will process Personal Data during the period of maintaining the ongoing relationship, or until the consent to Data Processing is withdrawn. In the case of Data Processing based on the legitimate interest of the Controller, the Data will be Processed for a period of time that allows the fulfillment of this interest or until an effective objection to the Data Processing is made. Data received from Microsoft Corporation will be kept for 30 days after receipt and will then be deleted.
The Processing period may be extended within the limits of the law in case the Processing of Personal Data is necessary for the investigation or defense against claims.
After the Processing period, the Data will be deleted or anonymized.
V. DATA RECIPIENTS
Personal data obtained by the Controller in the form of cookies will not be transferred to external entities.
VI. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
The Controller does not transfer Personal Data to recipients from third countries, i.e. countries outside the European Economic Area.
VII. AUTOMATED DECISION-MAKING
The Controller does not make decisions in an automated manner in individual cases, in particular, Personal Data will not be subject to profiling.
VIII. RIGHTS OF DATA SUBJECTS
1. Subject to the situations stipulated by law, Data Subjects have:
a. the right to access the content of their Data and to receive a copy thereof;
b. the right to rectify inconsistencies or errors in the Processed Data or to supplement them;
c. the right to information about the Processed Data including the purposes and grounds for the Processing;
d. the right to restrict the Processing of Personal Data;
e. the right to withdraw consent at any time without affecting the lawfulness of the Processing, as long as the Processing is carried out on the basis of consent;
f. the right to delete Personal Data;
g. the right to portability of Personal Data;
h. the right to object to the Processing;
i. the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection, if the Processing of Personal Data is found to violate the law, including the GDPR.
2. Requests to exercise the above rights should be submitted in writing or electronically to the addresses
indicated in the Policy.
IX. DATA SECURITY
1. The Controller is committed to ensuring the security of the Personal Data entrusted to it.
2. The Controller:
a. ensures transparency of the Data Processing;
b. informs about the Data Processing at the time of its collection, except in situations where it is not obliged to do so under separate regulations;
c. ensures that the Data is collected only to the extent necessary for the indicated purpose and Processed only for the period of time it is necessary,
d. ensures the confidentiality of the Data by access to the Data only by authorized persons.
3. In a situation where, despite the security measures taken, a breach of the protection of Personal Data has occurred and the breach could result in a high risk of violation of the rights and freedoms of Data Subjects, the Controller shall immediately inform Data Subjects of such event.
IX. FINAL PROVISIONS
1. The Policy is reviewed on an ongoing basis and updated as necessary.
2. The current version of the Policy is effective as of 28 September 2021.