PLAYWAY S.A. z siedzibą w Warszawie przy ul. Bluszczańskiej 76 lok. 6, 00-712 Warszawa, wpisana do Rejestru Przedsiębiorców Krajowego Rejestru Sądowego przez Sąd Rejonowy dla m. st. Warszawy w Warszawie, XIII Wydział Gospodarczy pod numerem KRS: 0000389477, nr NIP: 5213609756, nr REGON: 14298526000000 o kapitale zakładowym w wysokości 660 000 zł (sześćset sześćdziesiąt tysięcy złotych 0/100 groszy), email: firstname.lastname@example.org, tel.: +48 535535311, jest administratorem danych osobowych w rozumieniu przepisów Rozporządzenia Parlamentu Europejskiego i Rady (UE) 2016/679 z dnia 27 kwietnia 2016 r. w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (ogólne rozporządzenie o ochronie danych) (dalej jako: rozporządzenie RODO).
PLAYWAY S.A. przetwarza dane osobowe osób fizycznych z poszanowaniem przepisów rozporządzenia RODO oraz polskich przepisów powszechnie obowiązujących, w szczególności ustawy z dnia 10 maja 2018 r. o ochronie danych osobowych (Dz. U. z dnia 24 maja 2018 r.).
PLAYWAY S.A. stosuje środki organizacyjne oraz techniczne w celu zabezpieczenia danych osobowych, które przetwarza. W spółce obowiązuje wewnętrzny Regulamin przetwarzania danych osobowych wraz z procedurą bezpieczeństwa. Administrator nie przetwarza danych z naruszeniem obowiązujących przepisów prawa a w szczególności nie udostępnia danych osobowych osobom nieupoważnionym oraz podmiotom przetwarzającym, niezapewniającym odpowiedniego stopnia ochrony przekazanych im danych osobowych. Dane osób fizycznych mogą zostać przekazane także organom administracji publicznej w uzasadniających to okolicznościach prawnych i faktycznych.
Last update: October 29, 2020
The App comprises a free game (it is also possible to buy available in-game items). For the purpose of sustaining top quality and providing a superior gaming experience we process the user’s information particularly to streamline the entire App-related experience and to support internal activities.
Collection of information
Information is collected on an automatic basis via the app
The following information is collected during the user’s access or use of the App:
- Log Information: We collect log information regarding the user’s use of the App, including the type of device, features, access times and IP address.
- Device Information: Information is stored regarding the device used by the user to access the App. This also regards information about the device producer, model, OS, time zone, language.
- Device identifiers: We collect online identifiers of the user’s device to access the App. This regards: IDFA, Google Ads ID, Google Device ID, Game Center ID, Google Play Account ID.
- Usage Information: Information is stored on the user’s use of the App. This includes game progress, scores, achievements, interactions between players of the app.
- Consumption information: We collect information regarding the user’s consumption routines concerning the use of the App, including purchases, both in virtual and real currencies and the collection of virtual goods.
Information derived from other sources
When the user logs into the App via a third party site or platform like Facebook, Apple Game Center and Google Sign-In, we receive information from that site or platform, including the user’s screen name, profile information and friend lists, in line with the authorization procedures determined by such third party site or platform, under the condition that the user has consented to this provision of information.
- Facebook: https://www.facebook.com/about/privacy/
- Game Center: https://www.apple.com/legal/internet-services/itunes/gamecenter/
- Google Play Games: https://policies.google.com/privacy
When using a third party site or platform to log into the App, the user certifies that their access and use of such features is compliant with the relevant terms and regulations, and that the user meets the minimum age limits prescribed for such third party site or platform by the relevant legislation.
Use of information – purpose and legal basis
The collected information is used for the following purposes in accordance with the legal provisions for each type of personal data:
- Information regarding log, device, usage, and consumption as well as device identifiers are processed as follows for:
- delivering the requested items and services and sending information to the user;
- delivering the App and game experience;
- providing technical notices, updates, alerts, and support and administrative notifications;
The above-mentioned processing is key for the performance of a contract to which the user is a party for the purpose of supporting the App’s functioning, facilitating the delivery of requested items and services and enabling maintenance and updating as per Article 6(1)(b) of the GDPR.
- Providing relevant updates about the App;
- personalizing the App and providing customized content;
- keeping track of App-related trends, usage, and activities;
The above-mentioned processing is accounted for by our legitimate interests in providing advertisements and content that could be of interest to the user and bettering the quality of our services as per Article 6(1)(f) of the GDPR.
- providing users that have consented to sharing their advertising IDs with our ad network partners (as specified in “Sharing of Information”) for the purpose of delivering customized advertisement in the App.
The above-mentioned processing is accounted for by our legitimate interests in delivering ads and content that could be of interest to the user as per Article 6(1)(f) of the GDPR. The disclosure of the user’s advertising ID to third parties in relation with behavioral advertising is based upon the user’s consent as per Article 6(1)(a) of the GDPR (more information in Sharing of Information).
- The purpose of processing information from other sources is:
- providing and delivering the requested items and services and sending relevant notices;
The above-mentioned processing is essential for execution of a contract to which the user is a party for the purpose of facilitating the delivery of requested products and services, more information in Section 6(1)(b) of the GDPR.
- linking or combining information received by us from other sources to better understand the user’s needs and deliver improved service;
- delivering notices and updates about the App that could be of interest to the user;
The above-mentioned processing is accounted for by our legitimate interests in delivering content that could be of interest to the user and bettering our services as per Article 6(1)(f) of the GDPR (otherwise called “the balancing-of-interest rule”).
The user’s information is processed solely in the scope necessary to achieve the purposes for which the information has been collected.
Storage of information
PlayWay shall store the user’s personal information for the time necessary to deliver the App to the user or otherwise satisfy the above-mentioned purposes, unless there is a need for further storage to establish, exercise or defend a legal claim or in relation to relevant law, including accounting rules.
The user’s personal information shall be either disposed of or made anonymous immediately after it no longer serves any of the abovementioned purposes and no later than three (3) years after termination of the user’s interaction with PlayWay.
Sharing of information
The user’s information is disclosed to the following types of recipients, based upon legal foundations identified in sections 6(1)(b), 6(1)(c), and 6(1)(f) of the GDPR (for more information, see description of legal bases above):
- social networks, more information available under “Social Sharing features”;
- third parties, if disclosure of the user’s personal data was required by relevant law, ruling, regulation, legal process or in association with, or in the course of negotiations of, any merger, sale of company assets, financing or acquisition of all or a part of our establishment by another party;
- the authorities, if it is believed that the user’s actions are not in line with the spirit or language of our policies or if the disclosure of such information is needed to protect the rights, property and safety of PlayWay or other parties;
- other players for the purpose of delivering certain in-app features, e.g. leaderboards, if the user logs into the App via a third-party service;
Furthermore, if the user has consented as per Section 6(1)(a) of the GDPR, we shall share the user’s device identifiers to advertising network enterprises for purposes serving behavioral advertisements within the App. The following advertising network firms could be a part of this process:
- Facebook, Inc. https://www.facebook.com/about/privacy/
- Google LLC https://policies.google.com/privacy
- Unity Technologies https://unity3d.com/legal/privacy-policy
- IronSource http://www.ironsrc.com/wp-content/uploads/2019/03/ironSource-Privacy-Policy.pdf
- Applovin Corporation https://www.applovin.com/privacy/
- Vungle, Inc. https://vungle.com/privacy/
As regards our processing, we use processors of data such as server hosting providers, technical service providers for the purpose of supporting in-house activities, user login services and analytics service providers:
- Tenjin, Inc. https://www.tenjin.io/privacy
- Facebook Analytics (Facebook, Inc.) https://www.facebook.com/about/privacy/
- Firebase (Google LLC) https://firebase.google.com/support/privacy
Social sharing features
The App features social sharing features as well as other integrated tools (e.g. the Facebook “Like” button) for the purpose of sharing actions taken by users in the App with other media. The user must meet the minimum age limit indicated by the relevant legislation in individual jurisdictions for the purpose of using any sharing features featured in the App. The use of such features allows to share information with the user’s friends on social media or with the public, depending on the chosen user settings selected with the provider of the feature.
In the case of any questions regarding PlayWay's privacy policies related to children under the applicable age limit, please contact contact@PlayWay.com
Transfer to third countries
As regards the processing of information, upon certain circumstances the user’s personal data will be conveyed to non-EEU recipients.
As a consequence, the transfers of data will occur solely as follows:
- If the entity has certification to comply with the principles regarding data protection as part of the US-EU Privacy Shield Framework (“Privacy Shield”) (find out more about the entities certified in Privacy Shield at https://www.privacyshield.gov/), or
- If standard data protection clauses have been employed by the European Commission with the entity, which will offer sufficient safeguards in reference to the protection of privacy and fundamental rights and freedoms of individuals.
PlayWay shall pursue reasonable measures for the protection of the user’s personal data from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction.
Push notifications or alerts shall be sent to the user’s mobile device to provide game-related notices, service updates, marketing communications, and other relevant notifications, if the user have consented to such notifications. These notices can be deactivated by changing the notification settings on the user’s device.
Does PlayWay “sell” personal information?
PlayWay does not, and shall not, provide the user’s personal information in direct exchange for money. Hence, in the literal sense, the user’s data is not sold by PlayWay. Certain categories of personal data collected by PlayWay are disclosed (more information under “Sharing of information”) to third parties for purposes listed in “Use of information – purpose and legal basis”.
As regarding the scope that this activity is interpreted as a representation of a “sale” as part of the CCPA, please contact contact@PlayWay.com to excercise the user’s right to withdraw consent on sharing the user’s personal information with third parties.
Rights of EEU residents
We process and answer the user’s requests promptly and in any event within one month of our receipt of the request, unless in view of a complex request, an extended period is required. In such case, our response time can extend to three months as foreseen by Article 12 of the GDPR.
User’s right to request access
The user is eligible to request access to their processed data. More information in Article 15 of the GDPR, including regarding:
- the aim of processing;
- the categories of personal data concerned;
- the recipients of data or categories of recipient of data to whom the personal data have been or shall be disclosed;
- the assumed period of storing personal data.
What is more, the user has the right to request for a copy of the personal data that is processed. It must be noted that some forms of access could be restricted in connection with intellectual property or trade secrets.
The right to object
The user has the right to object to the processing of their personal data in relation with a concrete instance when the processing of data occurs based on the balancing-of-interest rule provided in Section 6(1)(f) of the GDPR (more information in Article 21 of the GDPR). In such case, the processing shall be terminated unless there exist compelling legitimate grounds for such processing which override the user’s interests and rights or there is a need for processing of data for the establishment, exercise, or defence of legal claims.
The user can, at any time, object to the processing of their personal data for direct marketing purposes. We will abandon the processing of the user’s personal data for this purpose after the user has objected to it.
Right to rectification
The user has the right to rectify inaccurate personal information (more information in Article 16 of the GDPR).
The right to restriction
The user has the right to request for limited processing in some circumstances (more information in Article 18 of the GDPR). If the user is eligible for restriction, data of the user will be processed only with their consent or for the establishment, exercise, or defence of a legal claim or for the purpose of protection of a party or in view of considerable grounds of public interest.
The right to withdraw consent
If the user has been asked for allowing the processing of their data, the user can, at any time, withdraw their consent (more information in Article 7 of the GDPR).
If the user’s consent is withdrawn, processing of data for which the user has withdrawn consent shall be terminated, unless there exists a legal obligation to maintain data of all data of the user.
Withdrawal of the user’s consent does not impact the lawfulness of processing based on the user’s consent before withdrawal.
The right to data portability
The user has the right to receive the provided personal information that is processed in a structured, commonly used and machine-readable format and the user can transmit such data to another controller if the processing is based on consent or contract performance, more information in Article 20 of the GDPR.
Rights of California residents
Verified requests are usually attended in 45 days of making contact. If an extended time is required (up to 90 days), the user shall be notified of the reason and extension period in written format. Our written response shall be provided by mail.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response provided by us will also explain the grounds for not being able to comply with a request, where relevant. For requests related with data portability, a format will be chosen to provide the user’s personal data that is readily useable and should allow unhindered transmission of information from one entity to another .
Right to opt out
Under CCPA each California citizen has the right to request that any business stop disclosing personal information to third parties.
Right to be informed
Right to disclosure
The user has the right to request disclosure of what personal data related to the user have been collected in the past 12 months.
The user also has the right to obtain a free copy of their personal information shared in a readily usable and readable form (right of access). This request can be made for free, twice per year.
Providing information as part of the right of access, the user will be provided the following information:
- The categories of collected personal data,
- The categories of sources of the personal data,
- The aim for collecting the user’s personal data,
- The categories of any third parties with whom the user’s personal data is shared,
- The concrete items of collected personal data about the user.
Right to deletion
The user has the right to request deletion of personal data related to them that has been collected in the past 12 months.
The user’s right to deletion is recognized. Nevertheless, it is noted that there are cases in which we must maintain records of the user’s personal data for a specific time. For example, if we must provide services to the user, identify or close issues associated with security or functionality, comply with the law, perform research in the public interest, safeguard the right to free speech, or perform any activities for in-house purposes that can be reasonably expected. If we are not obliged to perform any of the abovementioned, the user’s personal information can be deleted as per their request.
Right to equal services and prices
California residents shall be protected against any discrimination which they could experience from a business, based on their CCPA rights.
We will not discriminate against the user for exercising any of the user’s CCPA rights. Unless permitted by the CCPA, we will not:
- Deny the user the App,
- Charge the user different prices or rates for the App, including through granting discounts or other benefits, or imposing penalties,
- Provide the user a different level or quality of the App,
- Suggest that the user may receive a different price or rate for services or a different level or quality of the App.
How can the user’s right be exercised
If the user would like to use any rights described below, they may contact us at any time at iod@PlayWay.com
Mandatory verification: The user’s identity must be verified before their request can be processed. Nevertheless, because the user cannot set up an account in the App, and no information is provided directly by the user, and information is collected on an automatic basis, restricted verification methods can be used. To verify the user’s identity, in general we will require the data in our systems to match with the information we can process when the user is making a request. In some instances, the request could be declined, mainly if the user’s identity cannot be verified, for example, if cookies are disabled, the device used to access the App is changed or if deletion of personal data has already been requested.
If the user have any questions, please contact PlayWay at:
Address: Bluszczańska 76 paw 6 00-712 Warszawa, Poland
Contact with Data Protection Officer:
Tel.: +48 786589483