- The Data Controller
The controller of the personal data is QUBICGAMES JOIN-STOCK COMPANY based in Siedlce (postcode 08-110), ul. Katedralna 16, entered in the Register of Entrepreneurs of the National Court Register under KRS number 598476, whose registration files are held by the District Court Lublin Wschód in Lublin with registered office in Świdnik, VI Commercial Division of the National Court Register, with share capital of 982 000.00 PLN fully paid, NIP: 8212515641, REGON: 141229265 (hereinafter referred to as the controller). In matters related to personal data, please contact: email@example.com.
- Personal data
Personal data means information about an identified or identifiable natural person. The processing of personal data is basically any action on personal data, whether or not carried out by automated means, such as collection, storage, recording, organisation, modification, consultation, use, disclosure, restriction, erasure or destruction.
The controller collects from persons (hereinafter also referred to as the Users) visiting the controller’s website personal data collected by cookies, i.e. the controller processes the data the user provides or makes available in the browsing history as part of using the controller’s services – website or application (together with automated analysis of the user’s activity on the website and in the applications). The controller also processes data collected during the user’s activity on the controller’s website, including, but not limited to, the places visited on the controller’s website, the time of the visit to a given place, information about the end device or browser.
The data controller processes personal data obtained from visitors to the controller’s website:
1) on the basis of Article 6(1)(a) GDPR, i.e. on the basis of a separate consent, in order to:
(a) to conduct analyses and statistics;
b) marketing the controller’s own services;
2) on the basis of Article 6 (1) (c) GDPR, in order:
b) fulfilment of a legal obligation to the controller;
3) on the basis of Article 6(1)(f) GDPR, i.e. the controller’s legitimate interest, in order to:
(a) marketing of own services,
(b) analyse the quality of the services provided.
The controller indicates that whenever the controller processes personal data on the basis of the legitimate interest of the controller, the controller endeavours to analyse and balance the interest of the controller and the potential impact on the data subject (positive as well as negative) and the data subject’s rights under data protection legislation. The controller shall not process personal data on the basis of its legitimate interest if it concludes that the impact on the data subject would prevail over the interest of the controller (in such a case the controller may process the personal data, e.g. with the data subject’s consent).
The period of personal data processing by the controller depends on the legal basis justifying the processing of personal data by the controller:
- where the controller processes personal data on the basis of consent, the period of processing shall last until the data subject withdraws that consent;
- where the controller processes personal data on the basis of a legitimate interest of the controller, the processing period lasts until the abovementioned interest ceases to exist or until the data subject objects to further processing – in situations where such an objection is legitimate under the law;
- where the controller processes personal data because it is necessary as a result of applicable legislation, the data processing periods for that purpose shall be determined by that legislation.
Individuals whose personal data is processed by the Controller have the following rights:
1) the right of access to the content of one’s personal data, i.e. the right to obtain confirmation as to whether or not the controller is processing the data and information on such processing,
2) The right to rectify the data, if the data processed by the controller are incorrect or incomplete,
3) The right to request the controller to delete the data,
4) The right to demand from the controller the restriction of data processing,
5) the right to data portability, i.e. the right to receive personal data provided to the controller and to send them to another controller,
6) The right to object to the processing of data on the basis of a legitimate interest of the controller or to the processing for direct marketing purposes,
7) the right to lodge a complaint to the Polish supervisory authority or to the supervisory authority of another Member State of the European Union competent for the place of habitual residence or work of the data subject, or for the place of the alleged breach of the GDPR,
8) the right to withdraw consent at any time (without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal),
9) The right to obtain human intervention on the part of the controller, to express one’s point of view and to contest a decision based on automated data processing.
The rights mentioned in points. 1)-6) and points. 8)-9) above can be exercised, among others, by contacting the e-mail address: firstname.lastname@example.org or the controller’s address.
Transfer of personal data to other entities
The recipients of the personal data may be, in particular, entities directly or indirectly related to the controller, in particular in an organisational or personal capacity, which would be established in one of the Member States of the European Union, as well as external service providers (e.g. IT service providers, entities providing services within the scope of marketing and promotional activities, other entities processing data on behalf of the controller on the basis of an agreement on entrusting the processing of personal data), accountants, auditors, lawyers.
Personal data are processed on the controller’s premises. Personal data may be transferred to countries outside the European Union. In case of transferring personal data to third countries outside the EU, the controller shall apply appropriate instruments to ensure the security of personal data.
The controller does not process personal data by automated means (including profiling).
To a limited extent the controller collects personal data automatically by means of cookies on the controller’s website. Cookies are small text files saved on the user’s computer or other mobile device (phone, tablet) when the user uses the controller’s website. These files are used, among others, to make use of various functions provided for on the website or to confirm that a given user has seen certain content.
The controller uses two types of cookies: session and permanent. Session files are temporary files that are stored on the user’s device until the user leaves the controller’s website or closes the browser. Permanent files are stored on the user’s device for the time specified in the parameters of these files or until they are deleted by the user.
The controller uses the following cookies:
- files necessary for the operation of services and applications – enabling the use of controller services, e.g. authentication cookies used for services that require authentication;
- cookies used to ensure security, e.g. used to detect abuse of authentication
- performance files – enabling the collection of information on the use of websites and applications;
- functional – enabling “remembering” the user’s selected settings and personalizing the user interface, e.g. font size, appearance of the website and applications, etc;
- statistical files – used to count the statistics of websites and applications.
By setting your device’s browser to allow cookies to be stored, you consent to cookies being stored on your device.
4 Final provisions
Due to the continuous development and progress of technology the rules set out in this document may change. The controller shall inform about any change of the rules by publishing an appropriate announcement on its website.