RODO | Gamehag
  • Sign in Sign up

    Get more

    Collect the rewards

    Community

    How it works

    GPRD

    Owner of Gamehag.com Portal / Personal Data Controller : „Gaming sp. z o. o.”, ul. Romana Abrahama 18, 61-615 Poznań NIP: 7831749141 REGON: 365698526 by the District Court entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division, under KRS number 000064337

    GDPR - INFORMATION OBLIGATION

    Dear Sir/Madam,

    On 25 May 2018 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation so called „GDPR”) enters into force.

    The mentioned act of European law, which will apply directly in all European Union countries as of 25 May 2018 regulates the processing of personal data throughout Europe. It's about to protect your information.

    However, it should be remembered that the aim of the GDPR is not to block the movement of personal data. On the contrary, this data is necessary, e.g., that we could sign an agreement with you or send you our offer. However, owing to the GDPR, you have more control over who and how processes your personal data.

    As for the entry of the GDPR into force, certain information obligations have arisen on our side, which we hereby comply with by providing you with information required by the GDPR.

    [Role of the Gaming Sp. z o. o. in the context of GDPR]

    As defined by GDPR the Gaming sp. z o. o. processes your personal data acting as the Personal Data Controller ( „Controller”, „PDC”).

    [Purpose: contract performance]

    The Controller processes your personal data for the purpose of execution of the contract/ provision of services by electronic means, including, in particular, for providing technical support - technical assistance, ensuring the security of services provided by electronic means (including possible transactions) and adjusting the Portal to individual preferences and expectations of the user.

    • The legal basis for the processing of personal data is:
      • Art. 6(1b) of GDPR - processing is necessary for the performance of a contract, to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
    • The following data is processed in particular:
      • E-mail address (from the user) - Used to login to the website and to receive marketing content. Provided by the user during the registration process, or collected from his Facebook account during the login or registration process through that service. Requires confirmation.
      • Password - Used to login to the service, stored in the database as encrypted hash bcrypt function. Provided by the user during the registration process.
      • Gender - Provided by the user during the registration process, or while updating the profile information.
      • Company - Used to withdraw funds and to generate the invoice. Provided by the user at the time of updating profile information.
      • NIP - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • PESEL - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Postal code - User to withdraw funds. Provided by the user at the time of updating profile information.
      • Address - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Name - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Last name - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Phone number - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Skype - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Bank - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Bank account number - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Paypal - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Withdrawals - information about withdrawals requested by the Partners.
      • Donations - Contains information about donations registered through the pp.gamehag.com service.
      • Liabilities - Contains information about liabilities of pp.gamehag.
      • Date of birth - Provided by the user during the registration process, or at the time of updating profile information.
      • City - Provided by the user during the registration process, or while updating the profile information.
      • User’s photo (“avatar”) - A picture, which is uploaded by the user during the registration process, updated through the profile configuration, or collected from the Facebook account at the time of logging in or registration through that portal. Used to be displayed on the user’s profile.
      • Fbld (from the user) - Collected during logging in using the Facebook service. It is user’s ID on that service.
      • Youtube URL - The URL address of the user’s profile on the Youtube service, willingly provided by the user.
      • Twitch URL - The URL address of the user’s profile on the Twitch service, willingly provided by the user.
      • Twitter URL - The URL address of the user’s profile on the Twitter service, willingly provided by the user.
      • Facebook URL - The URL address of the user’s profile on the Facebook service, willingly provided by the user.
      • Language (from the user) - Collected from user’s browser. The user is able to change the language of the service.
      • Steam trade URL - The URL address of the user’s profile on the Steam platform, willingly provided by the user. Used to send the rewards to the Steam platform.
      • Localization - other sources - Collected from the user’s browser. Location of the user.
      • Youtube ID - other sources (Youtube API) - ID of the user’s profile on the Youtube service, collected at the time of linking user’s Gamehag account to his Youtube account.
      • Steam ID - other sources (Steam API) - Collected at the time of linking user’s pp.gamehag account to his Steam account.
      • ID of the campaign - other sources (URL) - It is the ID of a certain marketing campaign, used to collect statistics.
      • Twitter ID - other sources (Twitter API) - Collected at the time of linking the user’s pp.gamehag account with his Twitter account.
      • IP and the agent - other sources (browser) - Collected at the time of entering pp.gamehag.
      • E-mail notifications settings (from users) - User to select the kinds of e-mail messages, which are sent to the user.
      • UUID - other sources (from the mobile device) - The unique ID of the device, collected at the time of using the pp.gamehag mobile application.
      • Operating system version - other sources (from the mobile device) - Collected at the time of using the pp.gamehag mobile application.
      • Platform - other sources (from the mobile device) - Collected at the time of using mobile application. Android or iOS.
      • Device - other sources (from the mobile device) - Model of the device on which the pp.gamehag mobile application is installed. Collected at the time of enabling the Gamehag application.

    [Purpose: legitimate interests]

    The Controller also processes your data to promote/ marketing own products or of Trusted Partners, and to better adjust services to your individual preferences.

    • The legal basis for the processing of personal data is:
    • Art. 6(1f) of GDPR - processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party, except when the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail over those interests, in particular when the data subject is a child.

    • The following data is processed in particular:
      • E-mail address (from the user) - Used to login to the website and to receive marketing content. Provided by the user during the registration process, or collected from his Facebook account during the login or registration process through that service. Requires confirmation.
      • Password - Used to login to the service, stored in the database as encrypted hash bcrypt function. Provided by the user during the registration process.
      • Gender - Provided by the user during the registration process, or while updating the profile information.
      • Company - Used to withdraw funds and to generate the invoice. Provided by the user at the time of updating profile information.
      • NIP - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • PESEL - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Postal code - User to withdraw funds. Provided by the user at the time of updating profile information.
      • Address - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Name - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Last name - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Phone number - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Skype - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Bank - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Bank account number - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Paypal - Used to withdraw funds, and to generate the invoice. Provided by the user at the time of updating profile information.
      • Withdrawals - information about withdrawals requested by the Partners.
      • Donations - Contains information about donations registered through the pp.gamehag.com service.
      • Liabilities - Contains information about liabilities of pp.gamehag.
      • Date of birth - Provided by the user during the registration process, or at the time of updating profile information.
      • City - Provided by the user during the registration process, or while updating the profile information.
      • User’s photo (“avatar”) - A picture, which is uploaded by the user during the registration process, updated through the profile configuration, or collected from the Facebook account at the time of logging in or registration through that portal. Used to be displayed on the user’s profile.
      • Fbld (from the user) - Collected during logging in using the Facebook service. It is user’s ID on that service.
      • Youtube URL - The URL address of the user’s profile on the Youtube service, willingly provided by the user.
      • Twitch URL - The URL address of the user’s profile on the Twitch service, willingly provided by the user.
      • Twitter URL - The URL address of the user’s profile on the Twitter service, willingly provided by the user.
      • Facebook URL - The URL address of the user’s profile on the Facebook service, willingly provided by the user.
      • Language (from the user) - Collected from user’s browser. The user is able to change the language of the service.
      • Steam trade URL - The URL address of the user’s profile on the Steam platform, willingly provided by the user. Used to send the rewards to the Steam platform.
      • Localization - other sources - Collected from the user’s browser. Location of the user.
      • Youtube ID - other sources (Youtube API) - ID of the user’s profile on the Youtube service, collected at the time of linking user’s pp.gamehag account to his Youtube account.
      • Steam ID - other sources (Steam API) - Collected at the time of linking user’s pp.gamehag account to his Steam account.
      • ID of the campaign - other sources (URL) - It is the ID of a certain marketing campaign, used to collect statistics.
      • Twitter ID - other sources (Twitter API) - Collected at the time of linking the user’s pp.gamehag account with his Twitter account.
      • IP and the agent - other sources (browser) - Collected at the time of entering pp.gamehag.
      • E-mail notifications settings (from users) - User to select the kinds of e-mail messages, which are sent to the user.
      • UUID - other sources (from the mobile device) - The unique ID of the device, collected at the time of using the pp.gamehag mobile application.
      • Operating system version - other sources (from the mobile device) - Collected at the time of using the pp.gamehag mobile application.
      • Platform - other sources (from the mobile device) - Collected at the time of using mobile application. Android or iOS.
      • Device - other sources (from the mobile device) - Model of the device on which the pp.gamehag mobile application is installed. Collected at the time of enabling the pp.gamehag application.

    [Profiling]

    The above data together with other "technical" data obtained during use of the Portal (which also includes data obtained through the use of Cookies), can be used to profile individual preferences of users, in accordance with the idea of ​​functionality of this type Portals (e.g. preferences for offered digital products). It can also be used to create aggregated statistics. The data may also be used for marketing purposes on the basis of Art. 6(1f) of GDPR, including the purpose of displaying advertisements adequate to the user's interests.

    • Cookies
      • gh_aff - Your ACLID;
      • laravel_session - Identifies and saves the user session on the portal.
      • gh_ref - Saved only when the user has entered another user's referring link, the user ID who recommended the site is saved.
      • gh_camp - Indicates our ID for a given campaign conducted on Google Analytics.
      • gh_recommend - Saves the previous website of a given user.
      • gh_campclick - Your own GCLID if it comes from a campaign saved in Google Analytics.
      • gh_clid - GCLID.
      • __cfduid - Used to identify individual customers with a shared IP address and apply security settings for individual customers from Cloudflare
      • XSRF_TOKEN - Individual ID of each session on the portal.
      • _ga - Used to distinguish users for the purposes of gathering information about visits on the website by Google Analytics.
      • _gid - Used to distinguish users by Google Analytics
      • _gat - It is used by Google Analytics to throttle request rate for own servers.
      • Timezone - Saves information about the user's time zone.
      • _OneSignal_session - Saved when the user allows the website to send browser notifications.
    • Google Analytics
    • The Controller may use the Portal for profiling technology under the name Google Analytics or other similar systems from external suppliers. In particular, Google Analytics mainly uses its own Cookies to report user interactions on the websites of Google Analytics customers (in particular our Portal). Google advertising Cookies are used to support Google Analytics Advertising Features (such as remarketing) on ​​Google Display Network services, e.g. AdWords. You can learn more about this technology, additional Cookies that it uses, and how to disable this technology on the websites concerning data security published by an external manufacturer of this technology at: https://support.google.com/analytics/answer/6004245?hl

    [Processing time]

    Your personal data will usually be processed for the duration of the contract (e.g. for the provision of services by electronic means via the Portal) - for the purpose of performing the contract (Art. 6(1b) of the GDPR), as well as for purposes resulting from legitimate interests conducted by the Controller or by a third party (Art. 6(1f) of the GDPR).

    After performance/ completion of the contract (e.g. deleting an account in the Portal), the data will be still processed - however for archiving purposes, including pursuant to art. 74 of the Accounting Act of 29 September 1994 (Art. 6(1c) of the GDPR).

    [Passing on to other entities]

    Your personal data may be transferred to other entities in order to perform the contract/ service (Art. 6(1b) of the GDPR) as well as for the purposes set out in Art. 6(1f) of the GDPR and for marketing purposes (in the case of an appropriate legal basis, e.g. consent or in pursuit of objectives arising from legitimate interests pursued by the Controller or by a third party).

    The Controller declares that they shall not transfer the Data to a third country or an international organisation, i.e. outside the European Economic Area ("EEA"). The Controller also declares that they shall not use subcontractors who provide data outside the EEA. In the event that the situation changes, in the event of necessity to use subcontractors or partners from outside the EEA, the Controller declares that with the help of appropriate contracts, they shall ensure that such third parties adequately meet the requirements of the GDPR.

    [Data recipient categories]

    The Controller may share personal data only to entities authorised to obtain it on the basis of legal provisions and/ or relevant agreements, including personal data processing agreement.

    In addition, your personal data may be, in particular, transferred to processors at the request of the Controller, including to IT service providers, hosting service providers, paying agents (e.g. electronic payments), companies that carry out advertising mailings, marketing agencies (if the right legal basis exists, e.g. consent or e.g. in pursuit of objectives arising from legitimate interests pursued by the Controller or by a third party - Art. 6(1f) of the GDPR), etc.

    The above-mentioned entities process data on the basis of appropriate personal data processing agreements entered into with the Controller, and the transfer of the data is covered by security measures and control on the part of the Controller as Personal Data Controller.

    The processing of personal data for marketing purposes takes place either on the basis of appropriate consent (Art. 6(1a) of the GDPR), or in connection with the occurrence of other legal bases than consent - e.g. Art. 6(1f) of the GDPR.

    [Legal bases, including other than consent]

    The often abused consent to the processing of personal data is only one of many possible legal bases for the processing of personal data. There are many other legal bases for the processing of personal data, other than the consent of the persons whose data will be processed. In particular, personal data may be processed in order to perform a contract, or e.g., where processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party. Legal bases for processing personal data are regulated by art. 6 of the GDPR.

    [Your rights]

    • You can get information on whether we process your personal data.
      • If so, you can access them, e.g. ask for a copy. You can also receive detailed information including but not limited to what your data is being processed and for what purpose, to whom it is transferred. If you have not provided the data yourself to this company/ institution, you can also ask for information from where it was transferred to this particular company
      • You can also ask to delete or limit the processing of your data. Of course, not in every case. When we have a contract concluded with you, we can process it in accordance with the law and your request will not be effective. However, if it is processed unlawfully or there are no bases to process it - your data should be deleted
      • If you feel that your rights are being violated, you can complain to the supervisory body handling with the protection of personal data​.
    • In addition, if the Controller processes your personal data:
      • You have the right to access your personal data and the right to request its rectification, deletion or limitation of its processing;
      • Where the basis for the processing of your personal data is the premise of a legally legitimate interest of the Controller, you have the right to object to the processing of your personal data;
      • In particular, you have the right to object to the processing of data for direct marketing and profiling purposes;
      • Where the basis for the processing of your personal data is consent, you have the right to withdraw your consent. The withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal.
      • To the extent that your data is processed for the purpose of entering into and executing a contract or processed on the basis of consent, you have the right to transfer data, i.e. to receive your personal data from the Controller in a structured, commonly used machine readable format.
      • In order to exercise the above rights, please contact the Data Controller or the Data Protection Officer (if appointed), using the above-mentioned contact details or the appropriate form on the website https://gamehag.com/contact

    [Information about the requirement to provide data]

    To the extent that the processing of your personal data takes place in order to conclude and execute the contract with the Controller, providing the data is necessary to conclude the contract. Providing personal data is voluntary, however, it is not possible to enter into and execute the contract without providing it. Providing personal data for marketing purposes is voluntary, however, the processing of personal data for marketing purposes may also take place under a different legal basis than consent, e.g. based on Art. 6(1f) of the GDPR.