Log in Sign up

Privacy Policy

We care deeply about our customers’ privacy, security, and online safety, all of which are a significant part of becoming a trustworthy and reliable business partner. This Privacy Policy („Policy”) is designed to inform you about how we collect, use, and share your personal data, your rights and choices regarding the information you provide to us – especially in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as General Data Protection Regulation (GDPR), that entered into force on 25th May, 2018.
If you have any further questions regarding processing of your personal data, please do not hesitate to contact us by using contact form, which you can find here: https://gamefound.com/contact.

Contents:
1. Basic definitions
2. What personal data do we collect and process, what is the purpose of processing and what is the legal basis?
3. How long do we process your personal data for?
4. Who has access to your personal data?
5. What are the „cookies”? How do we use them and in what purpose?
6. What your rights regarding your personal data are?
7. Children’s personal data
8. California residents
9. Contact us
 
1. BASIC DEFINITIONS

Personal data – any information relating to you, that allows your direct or indirect identification, i.e.: name, surname, e-mail address, phone number, IP address, etc.

Processing – any operation or set of operations which is performed on your personal data, i.e.: collection, recording, storage, adaptation or alteration, messaging, restriction, erasure or destruction.

Customer – an adult individual with full legal capacity, a legal entity or organizational unit without legal personality but with capacity to perform legal acts, that uses the Website on the terms set out in the Terms of Service, which you can find here: https://gamefound.com/terms.

Controller – Gamefound Sp. z o.o. with its registered office in Wrocław (50-127) at the following address ul. św. Mikołaja 58, registered in the Register of Entrepreneurs conducted by the District Court for Wrocław-Fabryczna, VIth Commercial Department of the National Court Register under KRS number 0000778227, holder of Business entity statistical number (REGON): 382893080, Polish taxpayer’s identification number (NIP): 8971865043, holder of share capital in the amount of 5,000,00 PLN („Gamefound”).

Website – https://gamefound.com.

Services – all services provided by the Controller via Website.
 
2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, WHAT IS THE PURPOSE OF PROCESSING AND WHAT IS THE LEGAL BASIS?

Information for Backers

In order for you to create an account on our Website and to use our Services, we need to collect and process certain information. That may include information you provide especially by completing forms on our Website or contacting us by e-mail, e.g.:
  • customer’s identification data (name, surname, e-mail address, nick, IP address); 
  • customer’s address data;
  • transaction data;
  • metadata about communication (date of contact);
  • metadata related to customer’s profile (marketing and analytics). 

Your personal data mentioned above are processed for the purpose resulting from the function of a given form, for instance, for the purpose of responding for enquiry or providing Services.
We collect your identification and address data in order to perform the contract which is the delivery of rewards, orders and any other related services such as customer service. The legal ground for this kind of processing is the performance of a contract (Article 6 (1) letter b of GDPR). We also collect this data in connection with tax and legal requirements, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c of GDPR).

We collect your transaction data to identify potential threats such as fraud, terrorist financing and illegal activities. The legal ground for this kind of processing is the performance of legal obligation (Article 6 (1) letter c of GDPR).
We collect metadata about your communication in order to handle all inquiries, complaints and disputes, the legal ground for this kind of processing is our legitimate interest (Article 6 (1) letter f of GDPR). We can store your personal data without your consent and upon request to delete it, if it is related to a return, warranty, complaint and dispute.

We can also send commercial / marketing information to electronic addresses (e-mail) but only if you give us prior marketing consent. Moreover we can analyse your choices, use your internet profile to gain better insights about you and provide you with personalised retargeting advertising. The legal ground for this kind of processing is your consent (Article 6 (1) letter a of GDPR). 

If the function of given form is to conclude a contract, the processing is based on Article 6 (1) letter b of GDPR, which gives us the right to process your data when it „is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”, e.g. adjusting Services to your needs or generating settlements.

Decisions taken by the Controller are at no stage based only on automated processing (including profiling) of personal data. However, your personal data are processed in an automatic way and can be profiled to provide you with marketing information.

Providing all information is voluntary, but some data (appropriately marked at the registration stage) are necessary for the conclusion of the contract and for the provision of Services by us.

You can find further information about your rights regarding your personal data in section 6 of the Policy.

Information for Creators

In order for you to create a Creator account on our Website and to use our Services, you need to first create a „normal” account. Any information provided above to Backers will also apply to your account. In addition to become a Creator, who process payments with us, you must provide Gamefound with information and documents to:
  • verify your identity;
  • identify the ultimate beneficial owners of your business;
  • identify the purpose and intended nature of your future business relationship with us;
  • monitor your transactions using automated systems which detect risks and verify the origins of your capital/assets; 
  • check whether a natural person representing you is competent to do so (and verify the identity of this person) and
  • check whether you act on behalf of yourself or on behalf of a third party.

Gamefound must collect this information for Adyen (Gamefound’s Payment Service Provider) to conduct the Know Your Customer process to comply with its legal obligation to prevent laundering proceeds of crime or financing terrorism, the legal ground for this kind of processing is compliance with a legal obligation (Article 6 (1) letter c of GDPR).  To carry out the above checks, we process a copy of your identification document, the address of your legal representative and shareholders, your bank account number, your contact information, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We may also ask for other documents to help verify your account.

When we collect some of your data during a conference or any other event, in which our representatives took part, the data from the business card is processed in order to send you information about our Services. We believe that giving us your business card expresses your consent to be contacted in marketing matters. In such cases, the legal ground for our action is your consent (Article 6 (1) letter a of GDPR). If the business card was provided by mistake or by a third party not having the right to consent to marketing contact, all personal data will be deleted upon discovery of such a situation. We can also browse the Internet in search of the contact information to contact you and provide you with information about our Services, if we believe that you expressed your will to obtain information from us (Article 6 (1) letter f of GDPR. If we were mistaken we will erase your data upon your request.

3. HOW LONG DO WE PROCESS YOUR PERSONAL DATA FOR?

We store personal data not longer than is necessary, to achieve the purposes, for which they are processed.
If you are not our Customer, data collected only in connection with the current contact, are being processed for a period of a few weeks to a maximum of 2 years.

Data collected on the basis of your consent are being processed until the withdrawal of your consent or when the purpose, for which it was collected, will cease to exist.

Data collected to send commercial / marketing information to electronic addresses (e-mail), are being processed until consent withdrawal. .

Data that are necessary for the performance of a contract are being processed for the duration of the contract and usually another 6 years after its termination, which results from tax regulations and the limitation period for certain claims.

If we process your personal data to determine or assert any claims or to defend against above mentioned Customer’s claims (the legal ground for this action is our legitimate interest (Article 6(1) letter f GDPR), we store the personal data until the laps of the limitation period for that claims, which arise from the generally applicable provisions of law.

If we process your personal data to comply with a legal obligation to which the Controller is subject, we store the personal data for a period of performing this obligation. 

4. WHO HAS ACCESS TO YOUR PERSONAL DATA?

The access to your personal data is only granted to:
  • authorized employees and co-workers, who are obliged to keep them secret and not to use them for purposes other than those for which we have collected them,
  • entities that support us in service providing, based on appropriate contracts e.g. legal, consulting, telecommunication service providers, payment service provider,
  • crowdfunding and pledge manager Creators in order to fulfill their obligations such as delivering rewards, customer service, tax requirements and other contractual requirements.
All these entities have access only to necessary information. None of the above should use your data for marketing purposes without your prior consent.

By accepting the Gamefound Privacy Policy, you also accept the Privacy Policy of Adyen (https://www.adyen.com/), Gamefound’s Payment Service Provider.

By supporting the project, you may need to accept the Privacy Policy of the Creator. Please read it before supporting the project.

Some of the Creators on our Website may be from outside the European Economic Area (EEA). You must be aware that when supporting the projects of such Creators, we will have to provide them with your personal data in order to perform the contract. By supporting the project of the Creator outside the EEA, you allow Gamefound to transfer your personal data for the purpose of performing the contract in accordance with Art. 49 (1) letter c (standard contractual clauses). Please be aware that Gamefound requires all Creators to use your personal data only for the performance of the contract and forbids the use of your data for marketing purposes without your prior consent. If any of the Creators uses your personal data in a way that goes beyond the performance of the contract without your consent, contact us.

Sometimes, the entities providing us with solutions are registered outside the EEA. In this case, if your personal data will be processed outside the EEA, we provide the appropriate legal mechanisms for their security, including standard contractual clauses adopted under the decision of European Commission, we conclude entrustment data contracts that meet the requirements of the GDPR. You can always request a copy of your personal data transferred outside EEA by contacting us by email.

We are aware that the Privacy Shield is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in light of the 16th of July 2020 judgement issued by the Court of Justice of the European Union (case C-311/18). However, in any case of processing data of non-EU countries residents, we ensure that their data processing complies with the standards indicated in the Privacy Shield program (more: https://www.privacyshield.gov/). Privacy Shield applies only to data transfer from the USA, not to the USA.

We may also be required to provide specific information relating to you, to public authorities for the purposes of proceedings conducted by them. In this case, the information is provided only if there is a proper legal ground.

5. WHAT ARE THE „COOKIES”? HOW DO WE USE THEM AND IN WHAT PURPOSE?

“Cookies” are small data files that are issued to your device when you visit a Website and that store information about your use of our Services. We use “cookies” to help recognize you as a repeat visitor, to improve the quality of our Services and to collect statistical data. 

The legal ground for the use of “cookies” is usually your consent (article 6(1) letter a GDPR “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), except when they are necessary for the functioning of our Website (“technical cookies”), when it’s based on our legally legitimate interest. Additionally, the Customer can give us consent to use the marketing and analytic “cookies” or we can process these cookies based on our legally legitimate interest in case that we need them for direct marketing.
We remind you that when data processing is based on your consent, you can withdraw your consent at any time. 

“Technical cookies” do not collect any information about the Customer that could be used for marketing purposes or to remember which places on the Internet were visited by the Customer. Not accepting these “cookies” may prevent you from using most of our Services or significantly slow down functioning of the Website, so these “cookies” can be necessary.

“Analytic cookies” obtain information about how Customers use our Website and monitor the efficiency of the Website. This allows us to quickly identify and fix any problems that Customers may encounter and ensure a high quality of browsing the Website. We use “analytic cookies” to analyze Customer visits, their duration and frequency.

“Marketing cookies” are used to obtain information about Customer’s activity on our Website. Their purpose is to display commercials that are relevant and interesting for individual Customer and therefore more valuable to third-party publishers and advertisers.

From the perspective of persistency, we use the following types of “cookies”:
  • “session cookies” – which are temporary files, stored on the Customer’s device until they log out, leaves the Website or turns off the software (the Internet browser);
  • “persistent cookies” – which are stored on the Customer’s device the entire time specified in “cookie” parameters or until the Customer deletes them.
Depending on the purposes and legal grounds for processing personal data collected by “cookies”, they may be stored for different time. The table below lists all types of cookies that we use on the Website:

Name: CONSENT
Type: Technical
Provider: YouTube
Expiry: 2 years
Data is sent to: US

Name: JSESSIONID
Type: Technical
Provider: NewRelic
Expiry: Session
Data is sent to: US

Name: PLAY_SESSION
Type: Technical
Provider: YouTube
Expiry: 1 year
Data is sent to: US

Name: _gfcse
Type: Technical
Provider: Gamefound
Expiry: 1 year
Data is sent to: N/A

Name: _gfcuid
Type: Technical
Provider: Gamefound
Expiry: 100 years
Data is sent to: N/A

Name: _gff_cmtssn
Type: Technical
Provider: Gamefound
Expiry: 1 year
Data is sent to: N/A

Name: _gfsid
Type: Technical
Provider: Gamefound
Expiry: 10 years
Data is sent to: N/A

Name: _gfuid
Type: Technical
Provider: Gamefound
Expiry: 10 years 
Data is sent to: N/A

Name: _gftmpdata
Type: Technical
Provider: Gamefound
Expiry: Never
Data is sent to: N/A

Name: _clck
Type: Analytic
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: US

Name: _clsk
Type: Analytic
Provider: Microsoft Clarity
Expiry: 1 day
Data is sent to: US

Name: _cltk
Type: Analytic
Provider: Microsoft Clarity
Expiry: Session
Data is sent to: US

Name: _ga
Type: Analytic
Provider: Google Analytics
Expiry: 2 years
Data is sent to: US

Name: _gat
Type: Analytic
Provider: Google Analytics
Expiry: 1 day
Data is sent to: US

Name: _gid
Type: Analytic
Provider: Google Analytics
Expiry: 1 day
Data is sent to: US

Name: _hjAbsoluteSessionInProgress
Type: Analytic
Provider: HotJar
Expiry: 1 day
Data is sent to: UK

Name: _hjFirstSeen
Type: Analytic
Provider: HotJar
Expiry: 1 day
Data is sent to: UK

Name: _hjIncludedInPageviewSample
Type: Analytic
Provider: HotJar
Expiry: 1 day
Data is sent to: UK

Name: _hjIncludedInSessionSample
Type: Analytic
Provider: HotJar
Expiry: 1 day
Data is sent to: UK

Name: _hjSession_#
Type: Analytic
Provider: HotJar
Expiry: 1 day
Data is sent to: UK

Name: _hjSessionUser_#
Type: Analytic
Provider: HotJar
Expiry: 1 year
Data is sent to: UK

Name: c.gif
Type: Analytic
Provider: Microsoft Clarity
Expiry: Session
Data is sent to: Ireland

Name: CLID
Type: Analytic
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: US

Name: ANONCHK
Type: Analytic
Provider: Microsoft Clarity
Expiry: 1 day
Data is sent to: Ireland

Name: MUID
Type: Analytic
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: Ireland

Name: SM
Type: Analytic
Provider: Microsoft Clarity
Expiry: Session
Data is sent to: Ireland

Name: SRM_B
Type: Analytic
Provider: Microsoft Clarity
Expiry: 1 year
Data is sent to: US

Name: collect
Type: Analytic
Provider: Google Analytics
Expiry: Session
Data is sent to: US

Name: _fbp
Type: Marketing
Provider: Facebook
Expiry: 3 months
Data is sent to: UK

Name: tr
Type: Marketing
Provider: Facebook
Expiry: Session
Data is sent to: UK

Name: VISITOR_INFO1_LIVE
Type: Marketing
Provider: YouTube
Expiry: 178 days
Data is sent to: US

Name: YSC
Type: Marketing
Provider: YouTube
Expiry: Session
Data is sent to: US

Name: yt.innertube::nextId
Type: Marketing
Provider: YouTube
Expiry: Persistent
Data is sent to: US

Name: yt.innertube::requests
Type: Marketing
Provider: YouTube
Expiry: Persistent
Data is sent to: US

Name: yt-remote-cast-available
Type: Marketing
Provider: YouTube
Expiry: Session
Data is sent to: US

Name: yt-remote-cast-installed
Type: Marketing
Provider: YouTube
Expiry: Session
Data is sent to: US

Name: yt-remote-connected-devices
Type: Marketing
Provider: YouTube
Expiry: Persistent
Data is sent to: US

Name: yt-remote-device-id
Type: Marketing
Provider: YouTube
Expiry: Persistent
Data is sent to: US

Name: yt-remote-fast-check-period
Type: Marketing
Provider: YouTube
Expiry: Session
Data is sent to: US

Name: yt-remote-session-app
Type: Marketing
Provider: YouTube
Expiry: Session
Data is sent to: US

Name: yt-remote-session-name
Type: Marketing
Provider: YouTube
Expiry: Session
Data is sent to: US

We assure you that all information is used by us only for the purposes indicated above and in no case are harmful to you or your device, because they do not lead to any configuration changes. Your browser may give you the ability to control “cookies”, including blocking or deleting them (the procedure depends on the type of your browser).

6. WHAT YOUR RIGHTS REGARDING YOUR PERSONAL DATA ARE?

For efficient implementation of Customer’s rights, please send all requests to the e-mail address: privacy@gamefound.com, with the subject: “GDPR’s demand”, indicating which right you want to exercise. Every Customer has the following rights:

1. Right of access - In any time, you can obtain from us confirmation as to whether or not your personal data are being processed, access to the personal data and the following information:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • who are the recipients;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Right to rectification - If you feel that the information relating to you is incorrect or incomplete, you have the right to request the rectification of the data.

3. Right to withdraw the consent – You can withdraw your consent at any time, without affecting the legality of the processing, which was performed prior to this withdrawal. 

4. Right to erasure (‘right to be forgotten’) - The GDPR gives you the right to obtain from us the erasure of all your personal data. We are obligated to make your request, only if one of the following grounds applies:
  • your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdrew consent on which the processing is based and where there is no other legal ground for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing;
  • you object to the processing for direct marketing purposes;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

5. Right to restriction of processing - You can also obtain the restriction of processing, where one of the following applies:
  • you contest the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful but you oppose the erasure of your personal data and you request the restriction of their use instead;
  • we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims,
  • you have objected to processing – only until the dispute is resolved.

6. Right to data portability - You have right to receive your personal data in a structured, commonly used and computer-readable format and have the right to transmit those data to another controller, when:
  • the processing is based on your consent or on a contract and
  • the processing is carried out by automated means.

7. Right to object - According to GDPR you have right to object: 
  • to processing of personal data, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Controller – on grounds relating to your particular situation;
  • to processing of personal data, when it is necessary for the purposes of the legitimate interests pursued by Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling – on grounds relating to your particular situation;
  • at any time – to processing of personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing;
  • to processing of personal data for scientific or historical research purposes or statistical purposes – on grounds relating to your particular situation.
If, in spite of the Customer's objection, we consider that there are important, legally valid grounds for processing personal data, which override the Customer's interests, rights and freedoms, we can continue processing the Customer's personal data.

If you disagree with the above mentioned Controller’s situation assessment, you have the right to lodge a complaint with a supervisory authority (for more information, see point 8 below). 

8. Right to lodge a complaint with a supervisory authority - Due to our actions as a Controller, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If you want to lodge a complaint in Poland, since 25th May 2018 the function of the supervisory authority is held by the President of the Data Protection Office / Prezes Urzędu Ochrony Danych Osobowych (PUODO). A detailed description of the procedure for lodging a complaint to PUODO is available on the website maintained by PUODO which you can access by clicking the following link: https://uodo.gov.pl/.

7. CHILDREN’S PERSONAL DATA

Gamefound customers must be 18 years (or the legal age in your jurisdiction) or older. Therefore, we do not collect personal data of children. 

If you believe and / or have evidence that a Gamefound user is under the age of 18 years, please contact us. If this is confirmed, we will delete the personal data of children.

8. CALIFORNIA RESIDENTS

If you are a California resident, please be aware that we do not use your personal data for marketing purposes without your consent.

In the above sections, we have described what personal data we collect, for what purpose, how to request information about it and how to request to delete it. If you have additional questions or want to submit a request, please contact us.

9. CONTACT US

The Controller of your personal data is Gamefound Sp. z o.o. with its registered office in Wrocław at the following address: ul. Św. Mikołaja 58, Wrocław, 50-127, Poland.

E-mail address: privacy@gamefound.com.