Last Update: February 7, 2022
Previous versions: before February 7, 2022
Table of Contexts:
- Who is the Controller
- Personal Data Protection Principles
- Age Restriction
- Categories of Data Subjects
- When We Collect Your Personal Data
- Information We Collect and How
- Purpose and Legal Basis for Processing Personal Data
- Retention Period
- The Security of Your Personal Data
- Information We Share - Data Transfer
- Personal Data Breach
- Your Rights
- Do not track signals
- Contact Us
- National Data Protection Authority in Cyprus
- Links to other Websites
It is very important for us in Scorewarrior Limited (hereinafter referred to as the “Company," “we,” "us," "our") to respect and protect your privacy and your personal data when we collect and process any personal information of yours. We ensure you that we fully respect EU Regulation 2016/679 “Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),” as well as the National Law of the Republic of Cyprus 125/I/2018 accordingly (hereinafter, “legal framework”).
Personal Data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such (indicatively) as name, identification number, age, address, occupation, contact details, education, work, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorized to process personal data.
Usage data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on your device (computer or mobile device).
3. WHO IS THE CONTROLLER
4. PERSONAL DATA PROTECTION PRINCIPLES
- processed lawfully, fairly, and in a transparent manner in relation to the data subject (principle of “lawfulness, fairness, and transparency”);
collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of “purpose limitation”);
adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (principle of “data minimization”);
accurate and, where necessary, kept up to date; we take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of “accuracy”);
kept in a form which permits identification of data subjects for no longer than it is necessary or as required by relevant Laws (principle of “storage limitation”);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures (principle of “integrity and confidentiality”).
5. AGE RESTRICTION
We do not knowingly collect personal information about persons under the age of 16 in cases where we can control it. For example, it is not possible to control information that is communicated to us online. In any event, if we find that we have collected any personal information from a person under the age of 16 (in accordance with Article 8 of the Regulation), we will delete the information from our records immediately and we will terminate the account (if any). If you believe we may have collected information from a person under the age of 16, please contact us.
6. CATEGORIES OF DATA SUBJECTS
- Natural persons interested in our services or interested in cooperating with us as corporate collaborators, players of our Game, as well as visitors to our premises.
Natural persons involved in payment or parental and guardian activities on behalf of the players of the Game.
Clients and business partners, suppliers or collaborators who are natural persons, or even natural persons in their capacity as employees, managers, or partners in a legal entity connecting as a supplier or affiliate or collaborator with us.
Visitors to our website or our accounts in social media.
7. WHEN WE COLLECT YOUR PERSONAL DATA
We collect personal data in the following cases:
- When you contact us directly, or through our website, or through our Game sites, steam and applications, or through social media accounts, in order to be informed or to request information about the Game and the services we offer.
When you participate through various means (Game platform, mobile applications, Steam or social media) in the “Total Battle” Game creating an account.
When you contact us with queries or complaints.
When you are involved directly or indirectly in payment of liabilities.
If we sign a customer or an intermediary contract or when you are involved as a third person in such signing of a contract.
When we contact you in the form of your consent or when you fill in any of our communication or other forms.
If personal data of yours are legally disclosed to us by third-party affiliates.
When you visit us or when you are connected upon your visit in our Wi-Fi.
When you contact us in any way as an employment candidate and send your CV or interested in cooperating with us as partners, suppliers, etc., or you give us your business card.
When you are employed by us.
8. INFORMATION WE COLLECT AND HOW
Personal data that are collected and processed for the purposes of the Game:
8.1 We collect information about you directly from you, automatically through your use of our Service, and from third parties. We may combine the information that we collect about you from these various sources.
a. Your e-mail address;
b. Your first and last names and/or username and user ID;
c. Your date of birth;
d. Your gender;
e. Your location and time-zone;
f. Your address;
g. Desired payment method, amounts, payment terms, name and surname, place, telephone, e-mail during payment, full credit card details/ IBAN, data of depositor if defers from the payee;
h. Interface display language;
i. Your in-game chat messages and history;
j. History of all your actions in the Game and/or any blocking;
k. History of your purchases of Virtual Goods;
l. Your messages sent to our Support and history of all inquiries;
n. We may also collect certain data (like IP address, username, time of entry and re-entries, etc.) that is required for our detection, investigation, and prevention of cheating in the Game and EULA violations. These data are used for the purposes of detection, investigation and prevention of frauds and cheating in the Game. If the data can be used to prove that cheating or another fraud or EULA violation has occurred, we will further store the data for the establishment, exercise, or defense of legal claims during the applicable statute of limitations. Please note that the specific data stored for this purpose may not be disclosed to you or any third parties, since the disclosure will compromise the mechanism through which we detect, investigate, and prevent frauds and cheating in the Game, as well as other EULA violations. In such cases we might also need to pass your information to fraud prevention agencies, or any other related organizations involved in crime and fraud prevention, such as the police;
8.3 Information we collect about you automatically through your use of the service / usage data: We collect information that comes from you while you are playing our Games, interacting with the application / website and other Services. Such information includes, but not limited to, what device and browser you are using, the way you play the Game and your levels, profile visits, demographic information, geographic and geo-location information, statistical or aggregated information which does not directly identify a person, but it may be derived from personal data, and the information that you provide us with directly. Additionally, information we collect via cookies. For more information, please refer to the proper section of this policy and to our Cookies Banner/Policy.
a. Information from publicly available online sources: We may use the information made publicly available, e.g. through YouTube, Facebook, community pages, in order to find out your opinion about our Games and Services and improve our Services. Such data collection can be carried out by our Company independently or received from our partners.
b. Information from our partners / third parties: In some instances, our partners are the personal data controllers, and we receive your personal data as the data processors meaning that we use them in accordance with their policies, instructions, and applicable laws. We will use this data in accordance with the entire legal framework and especially EU Regulation 2016/679 (General Data Protection Regulation).
c. Payment Service Providers: When making online purchases in the Game, our Payment Service Providers, perform the processing of your payment. In such instances, the information you may give to our Payment Service Providers may include the desired payment method, amounts, payment terms, name and surname, place, telephone, e-mail during payment, full credit card details / IBAN, or data of depositor if defers from the payee. We may receive from our Payment Service Providers and process a part of this information, including, but not limited to, name and surname, a part of your credit card number, information about your credit card issuer, e-mail address.
d. Platforms: We may also receive and use information on other platforms like Facebook, App Store, Google Play Store, so that you can play our Game through these platforms.
We may also collect and process personal data under the following categories, either directly from you or through our processors and collaborators:
- Contact information, such as full name, address, phone/fax number, and e-mail address.
Occupational status information (occupation, position).
Information required for signing contracts, such as identity card or passport number, tax number, witnesses, attorneys, terms of agreements, etc.
Payment information, such as IBAN, desired payment method, bank name, amounts, payment terms, full credit card details, depositor’s data.
Apps or websites or social media related information, such as IP or MAC address, cookies, name under which you appear in the media, and photographs or any other public information or comments in such media.
Comments or queries you address to us or any other information subject to a query or proposal.
Data regarding assessing persons and situations.
Your image when you enter our premises where we use a CCTV system.
Your personal data that are referred to your CV if you send it to us.
9. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
- Your consent as a data subject.
The performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
For compliance with a legal obligation when we as the controller are subject to.
- For the purposes of the legitimate interests pursued by us as the controller or by a third party and only where such interests override the interests or fundamental rights and freedoms of the data subject.
Special categories of personal data according to Article 9 of the Regulation are only collected under a specific legal basis from our employees; they are internally informed through documents and manuals about this.
The personal data we process are connected with the above mentioned legal bases as follows:
Consent: when you contact us physically or electronically for any reason, or when creating an account in our Game, or when you are candidates for employment, or when informing you during our promotion activities, or when you visit our website and social media accounts, or when you connect to Wi-Fi in our premises.
10. RETENTION PERIOD
Personal data that are collected under the legal basis of “Performance of a Contract” or the legal basis of “Legal Obligations” are maintained after the expiry of the contractual and legal obligations as long as the relevant institutional framework permits.
Data that may be necessary for our legitimate interests as the controller are kept until the reason for such storage has expired.
Personal data of expression of interest through a query or a complaint are kept no longer than 6 months after the query or the complaint is answered and permanently settled.
Players’ personal data are kept for 5 years since the last day of active participation in the Game. We will delete your personal data after you request your account deletion and within one month of the request receipt rendering impossible the reactivation of your deleted account.
Cookies are kept for no longer than two years.
CCTV records are kept for up to 30 days.
Employment candidates’ personal data are kept for 12 months unless you prior withdraw your consent.
Specifically for personal data, we process based on your consent (e.g. for marketing purposes), such data is kept from obtaining your consent and until it is revoked.
The retention period regarding the personal data of our employees is being discussed internally to them through appropriate documents.
Personal data that are no longer necessary are safely destroyed or anonymized.
11. THE SECURITY OF YOUR PERSONAL DATA
We have implemented reasonable and appropriate organizational and technical measures to protect the personal data and the entire information we collect from security risks.
12. INFORMATION WE SHARE - DATA TRANSFER
We in Scorewarrior Limited minimize the categories of recipients to the minimum possible provided that the legality of such disclosure is fully justified.
For the performance of a contract with you, compliance with a legal obligation we are subject to, and based on our legitimate interests, we may share or disclose your personal data with the following categories of third parties:
a. business partners, suppliers, and subcontractors for the performance of any contract we enter into with them or you;
b. third-party companies that perform services on our behalf, including payment processing, data analysis, marketing services, e-mail campaigns, hosting services (third-party data storage services), and customer service. Additionally, we may share with anti-cheat and anti-fraud companies the information required for our detection, investigation, and prevention of cheating in the Game and Terms of Service and EULA violations only for the purposes of detection, investigation, and prevention of cheating in the Game. While providing the services for us, these companies may access your personal information and are required to use it solely as directed by us for the purpose of our requested service;
c. third-party game developers: we may share personal data with our third-party game developers. Such data includes, but not limited to, your Game account ID, e-mail address, in-game purchases, in-game history or any blocking, in-game chats, and language;
d. advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others. We share your e-mail, username, Game account ID, IP address and other information you provide to us in order to facilitate targeting, delivery, and measurement of online advertising on third-party services, facilitate transmittal of information that may be useful, relevant, or of interest to you. These parties may act as our processors, or in certain contexts, independently decide how to process your information. In some instances, we do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 200 women aged between 40–50 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience. We may also allow our advertisers to collect anonymous or aggregated information within our Services, and they may then share that information with us. Our advertisers may collect this information through the use of tracking technologies, like cookies and web beacons. This enables our advertisers to develop and deliver targeted advertising in the Game and on the website of third parties, so that they can try to serve you with advertisement for services that are most likely to be of interest to you. Advertisers will also use this information to monitor, improve, or modify their operations;
e. player support partners: for some territories and products we engage third parties to provide you with appropriate player support services. Such companies may get access to your personal data, including personal data that you may provide in your player support requests;
g. Banks we cooperate with and only for payment related data;
h. The trainer, external consultants and training collaborators only for the necessary part of the data under proper agreements.
Some personal data of yours may be disclosed to public authorities, e.g. tax and customs authorities, auditors, or to any supervisory or persecutory authority within its role or any judicial authority where required by law, legal process, or judicial decision, after their lawful request, in accordance with Union or Member State law. We also share information to protect the rights, property, life health, security, and safety of us, the Services, or anyone else.
Our Services also have community pages and/or chat messages and/or group accounts on social media, where users can exchange ideas, communicate with each other, and make available any idea or information. If you have an idea or information that you would like to keep confidential or do not want others to use, please do not make it available on the Service since that information is being made publicly available online. We cannot guarantee that other users will not use the ideas and information that you share, and we shall have no responsibility for any information you make public.
Your information (including personal data) can only be accessed (with limited access rights to the absolutely necessary) by our authorized employees or consultants or the concerned group entities that need to have access to this data in order to be able to fulfill their given duties. In order to help ensure the security of your data, we are developing and implementing administrative, technical, and physical security measures to protect your data from unauthorized access or against accidental or unlawful loss, misuse, or alteration.
We are working with third parties that are based outside of the European Economic Area (EEA) and may transfer data about you to the countries in which these parties reside. Whenever we share personal data originating in the EU with an entity outside of the EEA, we guarantee an adequate level of personal data protection, including, but not limited to, by entering into standard data protection clauses adopted by the European Commission with these third parties, with your consent, or because such transfer is necessary performance of a contract.
Some of the information you provide to us are stored on our secure servers based in the European Economic Area (“EEA”), the United States of America, Russia, Korea, and Singapore.
By submitting your personal data, you agree to this transfer, storing or processing.
13. PERSONAL DATA BREACH
- assess it in order to implement the appropriate procedures needed to limit the breach;
examine the extent of the breach and the sensitivity of the data included;
evaluate the risk and its impact on your rights and freedoms;
endeavor to reduce as much as possible the damage that is or may be caused;
notify within a time limit of 72 hours of becoming aware of the breach the National Personal Data Protection Authority, if required;
assess the impact on your privacy and take appropriate measures to prevent the repeating of the incident.
14. YOUR RIGHTS
a. Right to be informed. Before data is collected, you have the right to know how it will be collected, processed and stored and for what purposes. This right is exercised through this privacy and data processing notification.
b. Right of access. You have a right to inquire and know what information we hold about you, how and why we use your information, to whom we disclose your information, and request a copy of the information we hold about you. In order to exercise this right, you should contact us at email@example.com and to identify which information you would like to receive. We shall get back to you in the fullest extent possible; however, please note that we might need to verify your identity before sharing the information with you, as well as that we might not be able to provide you with certain types of information if it is related to other users’ information. Please note that we may not be able to provide all the information you ask for, for instance if the information includes personal information about another person. Where we are not able to provide you with information that you have asked for, we will endeavor to tell you why.
c. Right to correction/rectification. We put our best effort to keep the information that we hold about you accurate and up to date. Since it is not possible for us to be aware of any changes to your personal data if you do not inform us, please help us keep your information accurate by informing us of any changes to your personal information we do process. In case you have reasons to believe that the information we hold is incomplete or inaccurate, please inform us at firstname.lastname@example.org and we will act accordingly.
d. Right to erasure / right to be forgotten. We have to answer such right when:
- your personal data are no longer necessary in relation to the purposes for which we collected it;
- withdraw your consent on which the processing is based and where there is no other legal basis for the processing;
- your personal data have been unlawfully processed;
- your personal data have to be erased for compliance with a legal obligation we are subject to.
f. Right to data portability. In some circumstances, you have the right to request from us to move, copy, or transfer to you, in a safe and secure way, in a commonly used and machine-readable format, the data which you have provided to us, in order to transfer it to another data controller. Whenever technically possible, this also includes the right to have the data transferred directly from us to another controller without you having to handle the data. If you would like to exercise this right, please contact us at email@example.com.
We do not carry out any decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects any user.
You can also opt out of personalized advertising in our mobile Game applications by checking the privacy setting of your Android or iOS device and selecting “limit ad tracking” (Apple iOS) or “opt out of interested-based ads” (Android). You can adjust your mobile push notifications in your Android or iOS device settings menu. For display advertising on our Site, you can also adjust your browser settings to limit certain tracking by means of cookies (e.g. for Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en). To opt out of targeted ads on Facebook, please visit this page.
In the event that you make such request in a written or electronic form regarding any of the above rights and provided that the request is coming from the data owner and this may be verified, we will assess your request and respond within one month of its receipt, either for its satisfaction or to provide you with objective reasons preventing it from being satisfied, or, given the complexity of the request and the number of requests at the given time, request an extension of response for a further two months period (Article 12.3).
The exercise of your rights is free of charge.
If you are dissatisfied with the use of your data by us or our response after exercising your rights, you have the right to lodge a complaint with a supervisory authority. Before such a complaint, you may contact us if you wise so we can provide you with complete information and support.
15. DO NOT TRACK SIGNALS
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
16. CONTACT US
17. NATIONAL DATA PROTECTION AUTHORITY IN CYPRUS
If you wish to contact the Supervisory Authority in the country of our establishment, the contact details are: Jason 1 str., 1082 Nicosia, CYPRUS, phone +357.22818456, e-mail: firstname.lastname@example.org.
18. LINKS TO OTHER WEBSITES
Your Internet browser can be set to reject cookies generally, or to provide notification whenever a cookie is sent to you. Note that we recommend you to allow all cookies from our Sites, otherwise some of our Services may work incorrectly and some features may become unavailable.
For further information about the names of the cookies used on our Site, the cookie provider, the purpose of the cookie and the cookie life cycle, please refer to our Cookies Banner/Policy.
If you wish to limit behaviorally targeted advertising, you can do so by limiting ad tracking in your device setting. Please note that opt-outs are specific to each browser and device, and it may take additional time before your opt-out choice will take effect.
You can opt out of personalized advertising in our mobile Game applications by checking the privacy setting of your Android or iOS device and selecting “limit ad tracking” (Apple iOS) or “opt out of interested-based ads” (Android). You can adjust your mobile push notifications in your Android or iOS device settings menu.
For display advertising on our Site, you can also adjust your browser settings to limit certain tracking by means of cookies (e.g. for Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en).
As referred in the section of “Retention Period,” cookies are stored and processed for no longer than two years.