Tainted Grail

We care deeply about our customers’ privacy, security, and online safety, all of which are a significant part of becoming trustworthy and reliable business partner. This Privacy Policy („Policy”) is designed to inform you about how we collect, use, and share your personal data, your rights and choices regarding the information you provide to us – especially in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as General Data Protection Regulation (GDPR), that entered into force on 25th May, 2018.

Contents:

1. Basic definitions.

2. What personal data do we collect and process, what is the purpose of processing and what is the legal basis?

3. How long do we process your personal data for?

4. Who has access to your personal data?

5. What your rights regarding your personal data are?

1. BASIC DEFINITIONS

Personal data – any information relating to you, that allows your identification i.e.: name, surname, e-mail address, phone number, IP address etc.;

Processing – means any operation or set of operations which is performed on your personal data i.e.: collection, recording, storage, adaptation or alteration, messaging, restriction, erasure or destruction;

Customer – an adult individual with full legal capacity, a legal entity or organizational unit without legal personality but with capacity to perform legal acts;

Controller – AR Digital Sp. z o.o. with its registered office in Wrocław (50-127) at the following address ul. św. Mikołaja 58, registered in the Register of Entrepreneurs conducted by the District Court for Wrocław-Fabryczna, VIth Commercial Department of the National Court Register under KRS number 0000771777, holder of Business entity statistical number (REGON): 382570595, Polish taxpayer’s identification number (NIP): 8971863860, holder of share capital in the amount of 150,000,00 PLN; („AR Digital”).

Services – all services provided by the Controller.

2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, WHAT IS THE PURPOSE OF PROCESSING AND WHAT IS THE LEGAL BASIS?

AR Digital currently does not have a database on the basis of which it could link a player with a natural person. Any data collected during the game by AR Digital is not Personal Data within the meaning of the General Data Protection Regulation. AR Digital collects gameplay data using services of GameAnalytics Ltd. and Gamesight Inc. in order to provide the necessary information for game development. Gameplay data is linked to a unique Player ID, to which AR Digital does not collect and assign data of a natural person.

By accepting the Privacy Policy of AR Digital, you also accept the Privacy Policy of GameAnalytics Ltd. and Gamesight Inc. Please check what data GameAnalytics Ltd. and Gamesight Inc. collect by clicking on these links:

https://gameanalytics.com/privacy, https://console.gamesight.io/privacy-policy. If you ever want to withdraw your consent to data processing, you can do it any time by changing the privacy settings in the game or by contacting GameAnalytics Ltd. or Gamesight Inc. using the form of contact suggested by them.

Please be aware that when you contact us or create a claim, we will collect and store your Personal Data such as name, surname, e-mail address, phone number, etc. in accordance with our legitimate interest for the period specified in point 3. We may also process your Personal Data if it is necessary for us to comply with our legal obligation.

3. HOW LONG DO WE PROCESS YOUR PERSONAL DATA FOR?

We store personal data not longer than the time necessary to achieve the purposes, for which they are processed.

Data collected on the basis of your consent are being processed until the withdrawal of your consent or by the time the purpose, for which it was collected, ceases to exist.

If we process your personal data to determine or assert any claims or to defend against above mentioned Customer’s claims (the legal ground for this action is our legitimate interest (Article 6(1) letter f GDPR)), we store the personal data until the laps of the limitation period for that claims, which arise from the generally applicable provisions of law.

If we process your personal data to comply with our legal obligation, we store the personal data for a period of performing this obligation.

4. WHO HAS ACCESS TO YOUR PERSONAL DATA?

In order to analyze the gameplay, our data is sent to GameAnalytics Ltd. and Gamesight Ltd. Currently we do not collect the Personal Data of our players, however, by accepting this Privacy Policy you also accept the Privacy Policy of GameAnalytics Ltd. (https://gameanalytics.com/privacy) and Gamesight Privacy Policy (https://console.gamesight.io/privacy-policy) and you commit to checking for changes to their policies.

If we ever collect your Personal Data you can rest assured that the access to your personal data will be granted only to:

authorized employees and co-workers, who are obliged to keep them secret and not to use them for purposes other than those for which we have collected them,
entities that support us in service providing, based on appropriate contracts e.g. legal, consulting, telecommunication service providers.

All these entities will have access only to necessary information.

Sometimes, the entities providing us with solutions are registered outside the European Economic Area (EEA). In this case, if your personal data is processed outside the EEA, we will provide the appropriate legal mechanisms for their security, including standard data protection clauses adopted under the decision of the European Commission, and - if necessary - we conclude data processing agreements that meet the requirements of the GDPR, . You have the right to access the list of such recipients and a copy of the security measures we use. If we do not provide adequate security measures, we will inform you about it and ask for your consent to transfer such data. Without adequate protection or possible consent, we will not undertake the transfer of your Personal Data outside the EEA.

We may also be required to provide specific information relating to you, to public authorities for the purposes of proceedings conducted by them. In this case, the information is provided only if there is a proper legal ground.

5. WHAT YOUR RIGHTS REGARDING YOUR PERSONAL DATA ARE?

Every Customer has the following rights:

1. Right of access - In any time, you can obtain from us confirmation as to whether or not your personal data are being processed, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
who are the recipients;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Right to rectification - If you feel that the information relating to you is incorrect or incomplete, you have the right to request the rectification of the data.

3. Right to withdraw the consent – you can withdraw your consent at any time, without affecting the legality of the processing, which was performing prior to this withdrawal.

4. Right to erasure (‘right to be forgotten’) - The GDPR gives you the right to obtain from us the erasure of all your personal data. We are obligated to make your request, only if one of the following grounds applies:

your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdrew consent on which the processing is based and where there is no other legal ground for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing;
you object to the processing for direct marketing purposes;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

5. Right to restriction of processing - You can also obtain the restriction of processing, where one of the following applies:

you contest the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful but you oppose the erasure of your personal data and you request the restriction of their use instead;
we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
you have objected to processing – only until the dispute is resolved.

6. Right to data portability - You have right to receive your personal data in a structured, commonly used and computer-readable format and have the right to transmit those data to another controller, when:

the processing is based on your consent or on a contract and
the processing is carried out by automated means.

7. Right to object - According to GDPR you have right to object:

to processing of personal data, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Controller – on grounds relating to your particular situation;
to processing of personal data, when it is necessary for the purposes of the legitimate interests pursued by Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling – on grounds relating to your particular situation;
at any time – to processing of personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing;
to processing of personal data for scientific or historical research purposes or statistical purposes – on grounds relating to your particular situation.

If, in spite of the Customer's objection, we consider that there are important, legally valid grounds for processing personal data, which override the Customer's interests, rights and freedoms, we can continue processing the Costumer’s personal data.

If you disagree with above mentioned Controller’s situation assessment, you have the right to lodge a complaint with a supervisory authority (for more information, see point VII below).

8. Right to lodge a complaint with a supervisory authority - Due to our actions as a Controller, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If you want to lodge a complaint in Poland, since 25th May 2018 the function of the supervisory authority is held by the President of the Data Protection Office / Prezes Urzędu Ochrony Danych Osobowych (PUODO). A detailed description of the procedure for lodging a complaint to PUODO is available on the website maintained by PUODO which you can access by clicking the following link: https://uodo.gov.pl/.

EULA