Last Update: August 20, 2020
Table of Contents
- Who is the Controller
- Personal Data Protection Principles
- Age Restriction
- Categories of Data Subjects
- When We Collect Your Personal Data
- Information We Collect and How
- Purpose and Legal Basis for Processing Personal Data
- Retention Period
- The Security of Your Personal Data
- Information We Share - Data Transfer
- Personal Data Breach
- Your Rights
- Do not track signals
- Contact Us
- National Data Protection Authority in Cyprus
- Links to other Websites
It is very important for us in Scorewarrior Limited (hereinafter referred to as "the Company", “we” "us", "our") the respect and protection of your privacy and your personal data when we collect and process any personal information of yours. We ensure you that we fully respect the EU 679/2016 Regulation “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” as well as the National Law of the Republic of Cyprus 125/I/2018 accordingly (hereinafter legal framework).
- Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such (indicatively) as name, an identification number, age, address, occupation, contact details, education, work, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
- Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
- Usage data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Cookies are small pieces of data stored on your device (computer or mobile device).
3. Who is the Controller
Regarding the personal data in the cases we determine the purposes and means of the processing the Controller is the legal person Scorewarrior Limited, address 16 Spyrou Kyprianou Avenue, Divine Clock Tower, 1st floor, 3070, Limassol, Cyprus, phone +357 25 211 945, e-mail: email@example.com.
4. Personal Data Protection Principles
At Scorewarrior Limited, we are committed to and adhering to the following principles of processing personal data in accordance with Article 5 of the Regulation. The personal data are:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of ‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of ‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of ‘data minimisation’);
- accurate and, where necessary, kept up to date; we take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of ‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than it is necessary or as required by relevant Laws (principle of ‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures (principle of ‘integrity and confidentiality’).
Finally, we in Scorewarrior Limited are able to demonstrate compliance with the aforementioned principles (principle of ‘accountability’).
5. Age Restriction
We do not knowingly collect personal information about persons under the age of 16 in cases where we can control it. For example, it is not possible to control information that is communicated to us online. In any event, if we find that we have collected any personal information from a person under the age of 16 (in accordance with Article 8 of the Regulation), we will delete the information from our records immediately and we will terminate the account (if any). If you believe we may have collected information from a person under the age of 16, please contact us.
6. Categories of Data Subjects
The categories of data subjects regarding the personal data we process include:
- Natural persons interested in our services or interesting in cooperating with us as corporate collaborators, players of our game, as well as visitors to our premises.
- Natural persons involved in payment or parental and guardian activities on behalf of the players of the game.
- Clients and business partners, suppliers or collaborators who are natural persons, or even natural persons in their capacity as employees, managers or partners in a legal entity connecting as a supplier or affiliate or collaborator with us.
- Employment candidates.
- Visitors to our website or our accounts in the social media.
- Our employees.
7. When We Collect Your Personal Data
We collect personal data in the following cases:
- When you contact us directly, or through our website, or through our game-sites, steam and applications, or through social media accounts, in order to be informed or to request information about the game and the services we offer.
- When you participate through various means (game platform, mobile applications, Steam or social media) in the “total battle” game creating an account.
- When you contact us with queries or complain.
- When you are involved directly or indirectly in payment of liabilities.
- If we sign a customer or an intermediary contract or when you are involved as third person in such signing of a contract.
- When we contact you in the form of your consent or when you fill in any of our communication or other forms.
- If personal data of yours are legally disclosed to us by third party affiliates.
- When you visit us or when you are connected upon your visit in our Wi-Fi.
- When you contact us in any way as an employment candidate and sending your CV or interested in cooperating with us as partners, suppliers etc., or you give us your business card.
- When you are employed by us.
8. Information We Collect and How
Personal data that are collected and processed for the purposes of the game:
8.1 We collect information about you directly from you, automatically through your use of our Service and from third parties. We may combine the information that we collect about you from these various sources.
8.2 Information you give us directly / Personal Data: When you are using the Game or by corresponding with us by email or otherwise, you may give us information about you. This includes but not limited to information you provide when you register to use the Game, subscribe to our Service, or when you report a problem with our Game. The information you give us may include:
a. Your email address;
b. Your first and last names and/or username and user ID;
c. Your date of birth;
d. Your gender;
e. Your location and time-zone;
f. Your address;
g. Desired payment method, amounts, payment terms, name and surname, place, telephone, e-mail during payment, full credit card details/ IBAN, data of depositor if defers from the payee;
h. Interface display language;
i. You in-game chat messages and history;
j. History of all your actions in the Game and or any blocking;
k. History of your purchase of Virtual Goods;
l. Your messages sent to our Support and history of all inquiries;
n. We may also collect certain data (like IP address, username, time of entry and re-entries etc.) that is required for our detection, investigation and prevention of cheating in the Game and EULA violations. These data are used for the purposes of detection, investigation and prevention of frauds and cheating in the Game. If the data can be used to prove that cheating or another fraud or EULA violation has occurred, we will further store the data for the establishment, exercise or defense of legal claims during the applicable statute of limitations. Please note that the specific data stored for this purpose may not be disclosed to you or any third parties, since the disclosure will compromise the mechanism through which we detect, investigate and prevent frauds and cheating in the Game, as well as other EULA violations. In such cases we might also need to pass your information to fraud prevention agencies, or any other related organizations involved in crime and fraud prevention, such as the police.
o. We might use your data for the purposes of, in case you are living in EU, including it in the VAT invoices where we are legally required to do so.
8.3 Information we collect about you automatically through your use of the service/ Usage Data: We collect information that comes from you while you are playing our games, interacting with the application / website and other Services. Such information includes but not limited to what device you are using, the way you play the game and your levels, profile visits and the information that you provide us with directly. Additionally, information we collect via cookies. For more information, please refer to the proper section of this policy and to our Cookies Policy here.
8.4 Information we receive from other sources: If you use any of the other services we provide, we may receive information about you from them. Furthermore, we may receive information about you from third parties with whom we are working closely including but not limited Facebook, business partners, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
We may also collect and process personal data under the following categories either directly from you or through our processors and collaborators:
- Contact information such as full name, address, telephone /fax number and email address.
- Occupational status information (occupation, position).
- Information required for signing contracts such as Identity Card or Passport Number, tax number, witnesses, attorneys, terms of agreements etc.).
- Payment Information such as IBAN, desired payment method, bank name, amounts, payment terms, full credit card details, depositor’s data.
- Apps or websites or social media related information such as IP or MAC address, cookies, name under which you appear in the media and photographs or any other public information or comments in such media.
- Comments or queries you address to us or any other information subject to a query or proposal.
- Data regarding assessing persons and situations.
- Your image when you enter our premises where we use a CCTV system.
- Your personal data that are referred to your CV if you send it to us.
In the case of our employees we collect some more necessary personal data; they are internally informed through documents and manuals.
9. Purpose and Legal Basis for Processing Personal Data
The processing of your personal data is based on one of the "legal bases" referred to Article 6 (or Article 9 for specific categories of data) of the Regulation EU 679/2016. The process of personal data we in Scorewarrior Limited are processing as Controller is based on one of the following acceptable legal bases.
- Your consent as data subject.
- The performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
- For compliance with a legal obligation when we as ‘the controller’ are subject to.
- For the purposes of the legitimate interests pursued by us as the controller or by a third party and only where such interests override the interests or fundamental rights and freedoms of the data subject.
Special categories of personal data according Article 9 of the Regulation are only collected under a specific legal basis from our employees; they are internally informed through documents and manuals about this.
The personal data we process are connected with the above mentioned legal bases as follows:
Consent: when you contact us physically or electronically for any reason, or when creating an account in our game, or when you are candidates for employment, or when informing you during our promotion activities, or when you visit our website and social media accounts, or when you connect to Wi-Fi in our premises.
Performance of a contract: when you are involved in the capacity of natural person in any contact we sign, when you are one of our employees, when you are an employee of an affiliate or supplier for the compliance with the contractual terms, or when we communicate with you prior or under the contract as well as for the payment of our liabilities.
Legal Obligations: for the compliance with our legal obligations towards authorities such as prosecuting authorities, police, labor law and regulatory authorities, tax and auditing authorities or judicial authorities.
Legitimate interests: for improving our services, for our payment, for assessing and evaluating persons and situations or when you visit our premises where a CCTV is operating.
10. Retention Period
We store personal data for as long as required by the respective processing purpose and any other lawful linked purpose.
Personal data that are collected under the legal basis of ‘Performance of a contract’ or the legal basis of ‘Legal Obligations’ are maintained after the expiry of the contractual and legal obligations as long as the relevant institutional framework permits.
Data that may be necessary for our legitimate interests as the controller are kept until the reason for such storage has expired.
Personal data of expression of interest through a query or a complaint are kept no longer than 6 months after the query or the complaint is answered and permanently settled.
Players’ personal data are kept for 5 years since the last day of active participation in the game. We will delete your Personal Data after you request your Account deletion and the grace period of 45 (forty - five) calendar days, during which we can restore your Account, expires.
Cookies are kept for no longer than two years.
CCTV records are kept for up to 30 days.
Employment candidates’ personal data are kept for 12 months unless you prior withdraw your consent.
Specifically for personal data we process based on your consent (e.g. for marketing purposes), such data are kept from obtaining your consent and until it is revoked.
The retention period regarding the personal data of our employees is been discussed internally to them through appropriate documents.
Personal data that are no longer necessary are safely destroyed or anonymized.
11. The Security of Your Personal Data
We have implemented reasonable and appropriate organisational and technical measures to protect the personal data and the entire information we collect from security risks.
We do follow the rules of Regulation (EU) 2016/679 (General Data Protection Regulation) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the generally accepted industry standards to protect the personal information submitted, both during transmission and once we receive it. Therefore, while our goal is to use commercially acceptable ways to protect your personal information, we cannot guarantee it is absolutely secure, since no method of data transmission over the Internet, or method of electronic storage is 100% secure. Please note that information that you voluntarily make public, or which you disclose by posting comments or inserting of the Content will be publicly available and viewable by others. We do not hold any liability for any information that you voluntarily choose to make public through such and/or other explicit actions.
12. Information We Share - Data Transfer
We in Scorewarrior Limited, minimize the categories of recipients to the minimum possible provided that the legality of such disclosure is fully justified.
For the performance of a contract with you, compliance with a legal obligation we are subject to, and based on our legitimate interests, we may share or disclose your personal data with the following categories of third parties:
a) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
b) third party companies that perform services on our behalf, including payment processing, data analysis, marketing services, email campaigns, hosting services, and customer service. While providing the services for us, these companies may access your personal information, and are required to use it solely as directed by us for the purpose of our requested service;
c) advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 200 women aged between 40-50 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
d) Player Support partners: for some territories and products we engage third parties to provide you with appropriate player support services. Such companies may get access to your personal data, including personal data that you may provide in your player support requests;
e) Banks we cooperate with and only for payment related data;
f) The trainer, external consultants and training collaborators only for the necessary part of the data under proper agreements.
We may disclose your information when you give us your consent to do so, including if we notify you on the Game that the information you provide will be shared/disclosed in a particular manner and you provide such information.
Some personal data of yours may be disclosed to public authorities, e.g., tax and customs authorities, auditors, or to any supervisory or persecutory authority within its role or any judicial authority where required by law or judicial decision, after their request, in accordance with Union or Member State law.
Your information (including personal data) can only be accessed (with limited access rights to the absolutely necessary) by our authorized employees or consultants or the concerned group entities that need to have access to this data in order to be able to fulfil their given duties. In order to help ensure a secure of your data, we are developing and implementing administrative, technical and physical security measures to protect your data from unauthorized access or against accidental or unlawful loss, misuse or alteration.
We are working with third parties that are based outside of the European Economic Area (EEA), and may transfer data about you to the countries in which these parties reside. Whenever we share personal data originating in the EU with an entity outside of the EEA, we guarantee an adequate level of personal data protection and we will do so on the basis of the EU standard contractual clauses, with your consent, or because such transfer is necessary performance of a contract.
Some of the information you provide to us are stored on our secure servers, based in the European Economic Area (“EEA”), in the United States of America, in Russia, Korea and Singapore.
13. Personal Data Breach
In the event of a breach of the security and integrity of the personal data processed, we will take the following measures (in accordance with Article 33 and 34 of the Regulation) and we will:
- assess it in order to implement the appropriate procedures needed to limit the breach
- examine the extent of the breach and the sensitivity of the data included
- evaluate the risk and its impact on your rights and freedoms
- endeavour to reduce as much as possible the damage that is or may be caused
- notify within a time limit of 72 hours of becoming aware of the breach, the National Personal Data Protection Authority, if required
- assess the impact on your privacy and take appropriate measures to prevent the repeating of the incident
In the event we are the processor, we will inform the Controller as soon as possible.
14. Your Rights
Under the General Data Protection Regulation, you have certain data protection rights when it comes to having access to your personal data, which you can exercise by contacting us at the email address provided below.
These rights are the following:
a) Right to be informed. Before data is collected, you have the right to know how it will be collected, processed and stored and for what purposes. This right is exercised through this privacy and data processing notification.
b) Right of access. You have a right to inquire and know what information we hold about you how and why we use your information, to whom we disclose your information, and request a copy of the information we hold about you. In order to exercise this right, you should contact us at firstname.lastname@example.org and to identify which information would you like to receive. We shall get back to you in the fullest extent possible, however please note, that we might need to verify your identity before sharing the information with you, as well as that we might not be able to provide you with certain types of information if it is related to other users information Please note that we may not be able to provide all the information you ask for, for instance if the information includes personal information about another person. Where we are not able to provide you with information that you have asked for, we will endeavor to tell you why.
c) Right to correction/ Rectification. We put our best effort to keep the information that we hold about you accurate and up to date. Since it is not possible for us to be aware of any changes to your personal data if you do not inform us, please help us keep your information accurate by informing us of any changes to your personal information we do process. In case you have reasons to believe that the information we hold is incomplete or inaccurate, please inform us at email@example.com and we will act accordingly.
d) Right to erasure / Right to be forgotten. We have to answer such right when:
• your personal data are no longer necessary in relation to the purposes for which we collected it
• withdraw your consent on which the processing is based and where there is no other legal basis for the processing
• your personal data have been unlawfully processed
• have to be erased for compliance with a legal obligation we are subject to
We reserve the right to refuse this right of immediate implementation if the processing is necessary for compliance with any legal obligation, we are subject to, or for reasons of public interest, or for the foundation and exercise or support of our legal claims (according Article 17 § 3 of the Regulation).
In case you want to exercise such a right, please let our us know via e-mail at firstname.lastname@example.org. Be informed, that in order for us to process your request and to prevent us from collecting any future information about you, you should delete the game application from your devices and terminate your account with us and clear your cookies from any device where you have played our Games in a web browser.
e) Right to restriction of processing of your personal data. You may have the right to request to block or suppress processing of your personal data, when certain conditions apply. If you would like to exercise this right, please contact us at email@example.com.
f) Right to data portability. In some circumstances, you have the right to request from us to move, copy or transfer to you, in a safe and secure way, in a commonly used and machine- readable format, the data which you have provided to us, in order to transfer it to another data controller. Whenever technically possible, this also includes the right to have the data transferred directly from us to another controller without you having to handle the data. If you would like to exercise this right, please contact us at firstname.lastname@example.org.
g) Right to object to processing / right to withdraw consent. You have the right to object to the processing of your personal data for specific reasons such as direct marketing purposes, purposes of historical/ scientific research or for the performance of a task in the public interest. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. After your request, we shall no longer process your personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms. If you would like to exercise this right, please contact us at email@example.com.
h) Rights related to automated decision-making including profiling. We do not carry out any decision-making based solely on automated processing, including profiling unless we have your consent, or we need to do so to perform a contract with you.
Additionally, you have the right to opt-out of direct marketing. Specifically, if you have elected to receive direct marketing communications from us, you can change your mind at any time by following the opt out link in any marketing communication that is sent to you. If you have elected to receive more than one type of marketing communications from us, you may need to opt out of all of them individually. It may take a few days for us to update our records before any opt out is effective.
In the event that you make such request in a written or electronic form regarding any of the above rights and provided that the request is coming from the data owner and this may be verified, we will assess your request and respond within one month of its receipt, either for its satisfaction or to provide you with objective reasons preventing it from being satisfied, or, given the complexity of the request and the number of requests at the given time, request an extension of response for a further two months period (Article 12.3).
The exercise of your rights is free of charge.
If you are dissatisfied with the use of your data by us, or our response after exercising your rights, you have the right to lodge a complaint with a supervisory authority. Before such complaint, you may contact us if you wise so we can provide you with complete information and support.
15. Do not track signals
We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
16. Contact Us
For any questions regarding the processing of your personal data and the exercise of your rights mentioned above, you may contact us by telephone at +357 25 211 945 (working hours 09:00 - 17:00 Cyprus time zone), by e-mail at firstname.lastname@example.org and by post at: 16 Spyrou Kyprianou Avenue, Divine Clock Tower, 1st floor, 3070 Limassol, Cyprus.
17. National Data Protection Authority in Cyprus
If you wish to contact with the Supervisory Authority in the country of our establishment, the contact details are: Jason 1 str., 1082 Nicosia, CYPRUS, telephone +357.22818456, e-mail: email@example.com.
Additional information and the Regulation in European languages can be found on the website https://eur-lex.europa.eu/eli/reg/2016/679/oj.
18. Links to other Websites
Your Internet browser can be set to reject cookies generally. Note that we recommend you to allow all cookies from our Sites, otherwise some of our Services may work incorrectly and some features may become unavailable.
For further information please refer to our Cookies Policy here.
As referred in the section of “Retention Period” cookies are stored and processed for no longer than two years.
This policy is effective from May 25, 2018 and will be reviewed when there is a significant change. This review will be available on the same website. We advise you to check for the latest versions which will always be published on our website.