Privacy Policy

We care deeply about our customers’ privacy, security, and online safety, all of which are a significant part of becoming a trustworthy and reliable business partner. This Privacy Policy („Policy”) is designed to inform you about how we collect, use, and share your personal data, your rights and choices regarding the information you provide to us – especially in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as General Data Protection Regulation (GDPR), that entered into force on 25th May, 2018.

If you have any further questions regarding processing of your personal data, please do not hesitate to contact us by using contact form, which you can find here: https://gamefound.com/contact.

1. Basic definitions

2. What personal data do we collect and process, what is the purpose of processing and what is the legal basis?

3. How long do we process your personal data for?

4. Who has access to your personal data?

5. What are the „cookies”? How do we use them and in what purpose?

6. What your rights regarding your personal data are?

7. Children’s personal data

8. California residents

9. Contact us

 

Personal data – any information relating to you, that allows your direct or indirect identification, i.e.: name, surname, e-mail address, phone number, IP address, etc.

Processing – any operation or set of operations which is performed on your personal data, i.e.: collection, recording, storage, adaptation or alteration, messaging, restriction, erasure or destruction.

Customer – an adult individual with full legal capacity, a legal entity or organizational unit without legal personality but with capacity to perform legal acts, that uses the Website on the terms set out in the Terms of Service, which you can find here: https://gamefound.com/terms.

Controller – Gamefound Sp. z o.o. with its registered office in Wrocław (50-127) at the following address ul. św. Mikołaja 58, registered in the Register of Entrepreneurs conducted by the District Court for Wrocław-Fabryczna, VIth Commercial Department of the National Court Register under KRS number 0000778227, holder of Business entity statistical number (REGON): 382893080, Polish taxpayer’s identification number (NIP): 8971865043, holder of share capital in the amount of 5,000,00 PLN („Gamefound”).

Website – https://gamefound.com.

Services – all services provided by the Controller via Website.

 

In order for you to create an account on our Website and to use our Services, we need to collect and process certain information. That may include information you provide especially by completing forms on our Website or contacting us by e-mail, e.g.:

Your personal data mentioned above are processed for the purpose resulting from the function of a given form, for instance, for the purpose of responding for enquiry or providing Services.

We collect your identification and address data in order to perform the contract which is the delivery of rewards, orders and any other related services such as customer service. The legal ground for this kind of processing is the performance of a contract (Article 6 (1) letter b of GDPR). We also collect this data in connection with tax and legal requirements, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c of GDPR).

We collect your transaction data to identify potential threats such as fraud, terrorist financing and illegal activities. The legal ground for this kind of processing is the performance of legal obligation (Article 6 (1) letter c of GDPR).

We collect metadata about your communication in order to handle all inquiries, complaints and disputes, the legal ground for this kind of processing is our legitimate interest (Article 6 (1) letter f of GDPR). We can store your personal data without your consent and upon request to delete it, if it is related to a return, warranty, complaint and dispute.

We can also send commercial / marketing information to electronic addresses (e-mail) but only if you give us prior marketing consent. Moreover we can analyse your choices, use your internet profile to gain better insights about you and provide you with personalised retargeting advertising. The legal ground for this kind of processing is your consent (Article 6 (1) letter a of GDPR). 

If the function of given form is to conclude a contract, the processing is based on Article 6 (1) letter b of GDPR, which gives us the right to process your data when it „is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”, e.g. adjusting Services to your needs or generating settlements.

Decisions taken by the Controller are at no stage based only on automated processing (including profiling) of personal data. However, your personal data are processed in an automatic way and can be profiled to provide you with marketing information.

Providing all information is voluntary, but some data (appropriately marked at the registration stage) are necessary for the conclusion of the contract and for the provision of Services by us.

You can find further information about your rights regarding your personal data in section 6 of the Policy.

In order for you to create a Creator account on our Website and to use our Services, you need to first create a „normal” account. Any information provided above to Backers will also apply to your account. In addition to become a Creator, who process payments with us, you must provide Gamefound with information and documents to:

Gamefound must collect this information for Adyen (Gamefound’s Payment Service Provider) to conduct the Know Your Customer process to comply with its legal obligation to prevent laundering proceeds of crime or financing terrorism, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c of GDPR).  To carry out the above checks, we process a copy of your identification document, the address of your legal representative and shareholders, your bank account number, your contact information, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We may also ask for other documents to help verify your account.

When we collect some of your data during a conference or any other event, in which our representatives took part, the data from the business card is processed in order to send you information about our Services. We believe that giving us your business card expresses your consent to be contacted in marketing matters. In such cases, the legal ground for our action is your consent (Article 6 (1) letter a of GDPR). If the business card was provided by mistake or by a third party not having the right to consent to marketing contact, all personal data will be deleted upon discovery of such a situation. We can also browse the Internet in search of the contact information to contact you and provide you with information about our Services, if we believe that you expressed your will to obtain information from us (Article 6 (1) letter f of GDPR. If we were mistaken we will erase your data upon your request.

We store personal data not longer than is necessary, to achieve the purposes, for which they are processed.

If you are not our Customer, data collected only in connection with the current contact, are being processed for a period of a few weeks to a maximum of 2 years.

Data collected on the basis of your consent are being processed until the withdrawal of your consent or when the purpose, for which it was collected, will cease to exist.

Data collected to send commercial / marketing information to electronic addresses (e-mail), are being processed until consent withdrawal. .

Data that are necessary for the performance of a contract are being processed for the duration of the contract and usually another 6 years after its termination, which results from tax regulations and the limitation period for certain claims.

If we process your personal data to determine or assert any claims or to defend against above mentioned Customer’s claims (the legal ground for this action is our legitimate interest (Article 6(1) letter f GDPR), we store the personal data until the laps of the limitation period for that claims, which arise from the generally applicable provisions of law.

If we process your personal data to comply with a legal obligation to which the Controller is subject, we store the personal data for a period of performing this obligation. 

The access to your personal data is only granted to:

All these entities have access only to necessary information. None of the above should use your data for marketing purposes without your prior consent.

By accepting the Gamefound Privacy Policy, you also accept the Privacy Policy of Adyen (https://www.adyen.com/), Gamefound’s Payment Service Provider.

By supporting the project, you may need to accept the Privacy Policy of the Creator. Please read it before supporting the project.

Some of the Creators on our Website may be from outside the European Economic Area (EEA). You must be aware that when supporting the projects of such Creators, we will have to provide them with your personal data in order to perform the contract. By supporting the project of the Creator outside the EEA, you allow Gamefound to transfer your personal data for the purpose of performing the contract in accordance with Art. 49 (1) letter c (standard contractual clauses). Please be aware that Gamefound requires all Creators to use your personal data only for the performance of the contract and forbids the use of your data for marketing purposes without your prior consent. If any of the Creators uses your personal data in a way that goes beyond the performance of the contract without your consent, contact us.

Sometimes, the entities providing us with solutions are registered outside the EEA. In this case, if your personal data will be processed outside the EEA, we provide the appropriate legal mechanisms for their security, including standard contractual clauses adopted under the decision of European Commission, we conclude entrustment data contracts that meet the requirements of the GDPR. You can always request a copy of your personal data transferred outside EEA by contacting us by email.

We are aware that the Privacy Shield is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in light of the 16th of July 2020 judgement issued by the Court of Justice of the European Union (case C-311/18). However, in any case of processing data of non-EU countries residents, we ensure that their data processing complies with the standards indicated in the Privacy Shield program (more: https://www.privacyshield.gov/). Privacy Shield applies only to data transfer from the USA, not to the USA.

We may also be required to provide specific information relating to you, to public authorities for the purposes of proceedings conducted by them. In this case, the information is provided only if there is a proper legal ground.

“Cookies” are small data files that are issued to your device when you visit a Website and that store information about your use of our Services. We use “cookies” to help recognize you as a repeat visitor, to improve the quality of our Services and to collect statistical data. 

The legal ground for the use of “cookies” is usually your consent (article 6(1) letter a GDPR “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), except when they are necessary for the functioning of our Website (“technical cookies”), when it’s based on our legally legitimate interest. Additionally, the Customer can give us consent to use the marketing and analytic “cookies” or we can process these cookies based on our legally legitimate interest in case that we need them for direct marketing.

We remind you that when data processing is based on your consent, you can withdraw your consent at any time. 

“Technical cookies” do not collect any information about the Customer that could be used for marketing purposes or to remember which places on the Internet were visited by the Customer. Not accepting these “cookies” may prevent you from using most of our Services or significantly slow down functioning of the Website, so these “cookies” can be necessary.

“Analytic cookies” obtain information about how Customers use our Website and monitor the efficiency of the Website. This allows us to quickly identify and fix any problems that Customers may encounter and ensure a high quality of browsing the Website. We use “analytic cookies” to analyze Customer visits, their duration and frequency.

“Marketing cookies” are used to obtain information about Customer’s activity on our Website. Their purpose is to display commercials that are relevant and interesting for individual Customer and therefore more valuable to third-party publishers and advertisers.

From the perspective of persistency, we use the following types of “cookies”:

Depending on the purposes and legal grounds for processing personal data collected by “cookies”, they may be stored for different time. The table below lists all types of cookies that we use on the Website:

Name: CONSENT

Type: Technical

Provider: YouTube

Expiry: 2 years

Data is sent to: US

Name: JSESSIONID

Type: Technical

Provider: NewRelic

Expiry: Session

Data is sent to: US

Name: PLAY_SESSION

Type: Technical

Provider: YouTube

Expiry: 1 year

Data is sent to: US

Name: _gfcse

Type: Technical

Provider: Gamefound

Expiry: 1 year

Data is sent to: N/A

Name: _gfcuid

Type: Technical

Provider: Gamefound

Expiry: 100 years

Data is sent to: N/A

Name: _gff_cmtssn

Type: Technical

Provider: Gamefound

Expiry: 1 year

Data is sent to: N/A

Name: _gfsid

Type: Technical

Provider: Gamefound

Expiry: 10 years

Data is sent to: N/A

Name: _gfuid

Type: Technical

Provider: Gamefound

Expiry: 10 years 

Data is sent to: N/A

Name: _gftmpdata

Type: Technical

Provider: Gamefound

Expiry: Never

Data is sent to: N/A

Name: _clck

Type: Analytic

Provider: Microsoft Clarity

Expiry: 1 year

Data is sent to: US

Name: _clsk

Type: Analytic

Provider: Microsoft Clarity

Expiry: 1 day

Data is sent to: US

Name: _cltk

Type: Analytic

Provider: Microsoft Clarity

Expiry: Session

Data is sent to: US

Name: _ga

Type: Analytic

Provider: Google Analytics

Expiry: 2 years

Data is sent to: US

Name: _gat

Type: Analytic

Provider: Google Analytics

Expiry: 1 day

Data is sent to: US

Name: _gid

Type: Analytic

Provider: Google Analytics

Expiry: 1 day

Data is sent to: US

Name: _hjAbsoluteSessionInProgress

Type: Analytic

Provider: HotJar

Expiry: 1 day

Data is sent to: UK

Name: _hjFirstSeen

Type: Analytic

Provider: HotJar

Expiry: 1 day

Data is sent to: UK

Name: _hjIncludedInPageviewSample

Type: Analytic

Provider: HotJar

Expiry: 1 day

Data is sent to: UK

Name: _hjIncludedInSessionSample

Type: Analytic

Provider: HotJar

Expiry: 1 day

Data is sent to: UK

Name: _hjSession_#

Type: Analytic

Provider: HotJar

Expiry: 1 day

Data is sent to: UK

Name: _hjSessionUser_#

Type: Analytic

Provider: HotJar

Expiry: 1 year

Data is sent to: UK

Name: c.gif

Type: Analytic

Provider: Microsoft Clarity

Expiry: Session

Data is sent to: Ireland

Name: CLID

Type: Analytic

Provider: Microsoft Clarity

Expiry: 1 year

Data is sent to: US

Name: ANONCHK

Type: Analytic

Provider: Microsoft Clarity

Expiry: 1 day

Data is sent to: Ireland

Name: MUID

Type: Analytic

Provider: Microsoft Clarity

Expiry: 1 year

Data is sent to: Ireland

Name: SM

Type: Analytic

Provider: Microsoft Clarity

Expiry: Session

Data is sent to: Ireland

Name: SRM_B

Type: Analytic

Provider: Microsoft Clarity

Expiry: 1 year

Data is sent to: US

Name: collect

Type: Analytic

Provider: Google Analytics

Expiry: Session

Data is sent to: US

Name: _fbp

Type: Marketing

Provider: Facebook

Expiry: 3 months

Data is sent to: UK

Name: tr

Type: Marketing

Provider: Facebook

Expiry: Session

Data is sent to: UK

Name: VISITOR_INFO1_LIVE

Type: Marketing

Provider: YouTube

Expiry: 178 days

Data is sent to: US

Name: YSC

Type: Marketing

Provider: YouTube

Expiry: Session

Data is sent to: US

Name: yt.innertube::nextId

Type: Marketing

Provider: YouTube

Expiry: Persistent

Data is sent to: US

Name: yt.innertube::requests

Type: Marketing

Provider: YouTube

Expiry: Persistent

Data is sent to: US

Name: yt-remote-cast-available

Type: Marketing

Provider: YouTube

Expiry: Session

Data is sent to: US

Name: yt-remote-cast-installed

Type: Marketing

Provider: YouTube

Expiry: Session

Data is sent to: US

Name: yt-remote-connected-devices

Type: Marketing

Provider: YouTube

Expiry: Persistent

Data is sent to: US

Name: yt-remote-device-id

Type: Marketing

Provider: YouTube

Expiry: Persistent

Data is sent to: US

Name: yt-remote-fast-check-period

Type: Marketing

Provider: YouTube

Expiry: Session

Data is sent to: US

Name: yt-remote-session-app

Type: Marketing

Provider: YouTube

Expiry: Session

Data is sent to: US

Name: yt-remote-session-name

Type: Marketing

Provider: YouTube

Expiry: Session

Data is sent to: US

We assure you that all information is used by us only for the purposes indicated above and in no case are harmful to you or your device, because they do not lead to any configuration changes. Your browser may give you the ability to control “cookies”, including blocking or deleting them (the procedure depends on the type of your browser).

For efficient implementation of Customer’s rights, please send all requests to the e-mail address: privacy@gamefound.com, with the subject: “GDPR’s demand”, indicating which right you want to exercise. Every Customer has the following rights:

1. Right of access - In any time, you can obtain from us confirmation as to whether or not your personal data are being processed, access to the personal data and the following information:

2. Right to rectification - If you feel that the information relating to you is incorrect or incomplete, you have the right to request the rectification of the data.

3. Right to withdraw the consent – You can withdraw your consent at any time, without affecting the legality of the processing, which was performed prior to this withdrawal. 

4. Right to erasure (‘right to be forgotten’) - The GDPR gives you the right to obtain from us the erasure of all your personal data. We are obligated to make your request, only if one of the following grounds applies:

5. Right to restriction of processing - You can also obtain the restriction of processing, where one of the following applies:

6. Right to data portability - You have right to receive your personal data in a structured, commonly used and computer-readable format and have the right to transmit those data to another controller, when:

7. Right to object - According to GDPR you have right to object: 

If, in spite of the Customer's objection, we consider that there are important, legally valid grounds for processing personal data, which override the Customer's interests, rights and freedoms, we can continue processing the Customer's personal data.

If you disagree with the above mentioned Controller’s situation assessment, you have the right to lodge a complaint with a supervisory authority (for more information, see point 8 below). 

8. Right to lodge a complaint with a supervisory authority - Due to our actions as a Controller, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If you want to lodge a complaint in Poland, since 25th May 2018 the function of the supervisory authority is held by the President of the Data Protection Office / Prezes Urzędu Ochrony Danych Osobowych (PUODO). A detailed description of the procedure for lodging a complaint to PUODO is available on the website maintained by PUODO which you can access by clicking the following link: https://uodo.gov.pl/.

Gamefound customers must be 18 years (or the legal age in your jurisdiction) or older. Therefore, we do not collect personal data of children. 

If you believe and / or have evidence that a Gamefound user is under the age of 18 years, please contact us. If this is confirmed, we will delete the personal data of children.

If you are a California resident, please be aware that we do not use your personal data for marketing purposes without your consent.

In the above sections, we have described what personal data we collect, for what purpose, how to request information about it and how to request to delete it. If you have additional questions or want to submit a request, please contact us.

The Controller of your personal data is Gamefound Sp. z o.o. with its registered office in Wrocław at the following address: ul. Św. Mikołaja 58, Wrocław, 50-127, Poland.

E-mail address: privacy@gamefound.com.