PROCESSING POLICY FOR DATA
RECEIVED THROUGH THE WEBSITE
https://creepyjar.com/ (Creepy Jar S.A. with its seat in Warszawa)
WARSZAWA, 28th September 2021.
We do our utmost to protect your privacy and personal data. In order to achieve the above, we operate on the basis of the most modern standards and technologies to ensure the security of personal data, including above all minimizing the risk of interception of personal data by third parties, their unauthorised modification, loss or damage.
Please read the Policy before providing any data.
By using our website you accept the principles of the Policy, including information on the manner, scope and purpose of obtaining and processing your Personal Data.
Please note that you may visit our website without disclosing your Personal Data. In this case, we only collect data relating to visits to our website (cookies), including in particular your IP address, browser type and operating system name. They are used solely for statistical purposes and do not permit any association with your person.
I. GENERAL PROVISIONS
1. The purpose of the Policy is to explain the principles under which Personal Data is processed and to discuss the fundamental rights of persons whose Data is processed by the Administrator,
2. The terms used in the Policy mean:
|Administrator, Company||Creepy Jar S.A. with its seat in Warszawa (postal code: 01-360), ul. Człuchowska 9, registered in the District Court for m.st. Warszawa in Warszawa, XIV Department of the National Court Register under the number KRS 0000666293|
|Bill||Polish Act of 10 may 2018 r. on the protection of Personal Data (Dz.U.2018.1000 z późn. zm.)|
|Data, Personal Data||personal data which constitute information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, internet identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual|
|Person, Persons||natural person/persons whose Data is processed by Administator|
|Policy||this processing policy for data received through the website|
|Processing||an operation or set of operations which is performed upon Data or sets of Personal Data, whether or not by automatic means, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction|
|RODO||Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (EU.L.2016.119.1 as amended).|
II. ADMINISTRATOR OF PERSONAL DATA
1. The administrator of personal data provided to the Company by the website is the Company.
2. The Administrator may be contacted via the Company’s mailing address, i.e. ul. Człuchowska 9, 01-360 Warszawa, as well as via e-mail: email@example.com and under the following telephone number: +48 22 300 08 25.
3. The Administrator ensures that the Data is collected only to the extent necessary for the indicated purpose and only for the period of time necessary.
4. The Administrator ensures that the Data entrusted to him/her are Processed in accordance with the provisions of the Polish Council of Immigration Flowers and the Act, based on the Administrator’s internal documentation.
III. TYPE OF PERSONAL DATA
1. The Administrator shall Process Personal Data necessary for the performance of a specific purpose of the Processing, in particular the IP address, browser type, operating system name, number of visits.
2. The submission of the Data is voluntary. In the case of cookies, each Person has the right to refuse to provide Data by this means, as well as to configure the scope of data provided to the Administrator through cookies.
IV. SCOPE, PERIOD AND PURPOSES OF PERSONAL DATA PROCESSING
1. Scope and source of Data
a) The Administrator obtains Data directly from the Person through the cookies on the website: https://creepyjar.com/.
b) The Administrator also obtains the Data from Microsoft Corporation in connection with the publication by the Administrator of games for the XboX platform.
2. Processing objectives
In the case of Data collected by means of cookies, the Administrator processes the Data in order to keep statistics on the visits to the website and to improve the quality of users’ experience when visiting the website (legal basis: Article 6(1)(a) of the TAB, Article 6(1)(f) of the TAB).
In the case of Data obtained from Microsoft Corporation, the Administrator processes the Data solely for the purpose of correcting errors that appear in games released by the Administrator.
3. Data retention period
Personal Data will be stored for the period of CreepyJar S.A. existence. The Administrator shall Process Personal Data during the period of maintaining current relations, or until the withdrawal of consent to Data Processing. In case of Data Processing on the basis of the Administrator’s legitimate interest, the Data shall be Processed for the period enabling the fulfilment of such interest or until the effective objection to Data Processing is raised.
Data received from Microsoft Corporation will be stored for 30 days from receipt and then deleted.
The Processing Period may be extended within the limits of the law in case the Processing of Personal Data is necessary to assert or defend against claims.
After the Processing Period, the Data will be deleted or rendered anonymous.
V. RECIPIENTS OF DATA
The Personal Data obtained by the Administrator in the form of cookies will not be transferred to external entities.
VI. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
The Administrator shall not transfer Personal Data to recipients from third countries, i.e. countries outside the European Economic Area.
VII. AUTOMATED DECISION MAKING
The Administrator does not make decisions automatically in individual cases, in particular Personal Data will not be subject to profiling.
VIII. RIGHTS OF THE DATA SUBJECTS
1. Subject to the situations specified in the law, the Person whose Data was obtained by the Administrator is entitled to the following:
a) The right to access and receive a copy of their Data;
b) The right to rectify any inaccuracies or errors in the Processed Data or to supplement them;
c) The right to be informed about the Processed Data, including the purposes and grounds of the Processing;
d) the right to restrict the Processing of Personal Data;
e) the right to withdraw consent at any time without affecting the lawfulness of the Processing, provided that the Processing is based on consent;
f) the right to delete Personal Data;
g) the right to transfer the Personal Data;
h) the right to object to the Processing of Personal Data;
i) the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for the Protection of Personal Data, in case the Processing of Personal Data is found to violate the provisions of law, including the RODO.
2. Requests for exercising the above rights should be submitted in writing or electronically to the addresses indicated in the Policy.
IX. DATA SECURITY
1. The Administrator makes every effort to ensure the security of Personal Data entrusted to him.
2. The Administrator:
a) ensures the transparency of the Data Processing;
b) inform about the Data Processing at the moment of its collection, except for the situations in which it is not obliged to do so under separate provisions;
c) ensures that the Data are collected only to the extent necessary for the indicated purpose and are Processed only for the period necessary,
d) ensure the confidentiality of the Data by access to the Data only by authorized persons.
3. In a situation when, despite the security measures taken, the personal data protection has been violated and this violation could result in a high risk of violation of the rights and freedoms of the Data Subjects, the Administrator shall immediately inform the Person about such an event.
IX. FINAL PROVISIONS
1. The policy shall be reviewed and, where necessary, updated on an ongoing basis.
2. The current version of the Policy is effective from 28th September 2021.