Privacy Policy
Applicable from: 14.06.2023.
Contents:
In this Privacy Policy, you may find
information regarding the processing of your personal data on the website at https://eternalharvest.app/ (hereinafter the “Website”) and related to the
“Eternal Harvest” Game (hereinafter the “Game”) and for the services
provided by ANUIN S.R.L. in the
following chapters:
I. General. Besides other general information, this
chapter contains the data of the Controller and some processors.
II. Ways of
processing. In
this chapter you may find specific information (the purpose, grounds and period
of processing, the scope of data subjects and the data processed) per each
purpose of the processing:
II/1. Registration
II/2. Assets, NFT’s
II/3. Cookies
II/4. Newsletters
II/5. Contact
II/6. Proving consent
II/7. Complaint-handling
III. The rights of
data subjects. Here
you may find a detailed description of your rights regarding the processing and
the related procedure.
IV. Remedies. In this chapter you may find the detailed
description of the remedies you can have if our rights
related to your personal data are violated.
I. General
1 In relation to this
Privacy Policy, the users of the Game or the visitors of the Website and any
person whose personal data is processed shall be considered and hereinafter
referred to as data subjects. The precise scopes of data subjects are
specified at each way of processing.
2 The Controller
(hereinafter also as: “we”):
Company name: ANUIN S.R.L.
Registered
and postal address: 2120 Dunakeszi, Petőfi Sándor utca
16., Hungary
Tax No: 27347825-2-13
Registration No: 13-09-204502
Registered by: the Company Registry Court of Pest
County
‘Controller’
means the natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the
processing of personal data; where the purposes and means of such processing
are determined by Union or Member State law, the controller or the specific
criteria for its nomination may be provided for by Union or Member State law;
3 It is the Controller’s
intention to ensure the protection of personal data of persons providing them to
the Controller to the extent possible. This Privacy Policy shall be applicable
in respect of the services of the Controller only.
4 The Controller shall
have the right to unilaterally modify this Privacy Policy anytime on which the
Controller shall inform the data subjects by email.
5 The Controller
provides its services by protecting the personality rights of the data subjects,
in accordance with the law, especially REGULATION (EU) 2016/679 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data
and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation, “GDPR”). For residents of
California, the California Consumer Privacy Act (the “CCPA”) shall also
be applicable.
6 Please note that it
is voluntary to provide your personal data and upon the acceptance of this
Privacy Policy, the data subject gives his or her consent to the processing of
the personal data if the processing is based on a voluntary consent.
7 The Controller may
forward personal data to pursue its activities, to the extent required thereto,
to data processors as recipients. “Processor”
means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the controller;
8 The personal data
processed by us on the Website are stored at our storage provider as a data processor: Contabo
GmbH.; Aschauer Str.
32a, 81549 München, Germany, https://contabo.com;
Activities: web storage, in case no data is
provided, the Controller cannot fulfil its activities.
9 We use a service provider for our payment
systems:
Metamask; company name: ConsenSys Software Inc.; 5049 Edwards Ranch Road,
Fort Worth, TX 76109, USA
Data: https://metamask.io/
You may find the respective cookie policy and
privacy policy on the website above.
Activities: the provision of payment services,
in case no data is provided, the Controller cannot fulfill
its activities. Processing is required for the performance of contract, the
grounds therefor are specified in point (b) of
subparagraph 1 of Article 6 of the GDPR.
Forwarded data: the data requested and
provided upon payment.
10 Should any court, prosecutor, investigative
body, such as the authority investigating the processing of personal data, or
any other bodies entitled upon law contact the Controller to provide or hand
over information or data, the Controller shall provide the personal data
necessary for the purpose of the request if the requesting person specifies the
exact purpose and grounds for the request and scope the of personal data.
11 Data security: We have in place
physical, electronic and managerial procedures to protect personal information
in our custody and control against loss, theft and unauthorized access, use,
modification and disclosure. However, as effective as these measures are, no
security system is impenetrable. We cannot guarantee the 100% security of our
Services, nor can we guarantee that the information you provide will not be
intercepted while being transmitted to us over the Internet.
II. Ways of processing:
II/1. Registration
1.1 To provide our services properly we request you to register and
provide us your e-mail address and a password.
1.2 The ground for processing is the performance of the contract or it is
required in order to take steps at the request of the data subject prior to entering
into a contract. [point (a) of
subparagraph 1 of Article 6 of the GDPR].
1.3 The purpose of processing is allowing the Controller to provide its
services.
1.4 Period of processing: until the deletion of the account, unless we
have any grounds for further processing as specified below.
1.5 We will use the contact data provided by you (the e-mail address) to
keep contact with you for the performance of the contract and to send you
information and messages.
II/2. Assets, NFT’s
2.1 Payments for assets or NFT’s are made through Metamask.
2.2 When you purchase NFT’s or assets, use or sell them, we process your
personal data. The purpose of processing is making payments for the use of the
Game and allowing functionalities related to assets or NFT’s.
2.3 The ground for processing is the performance of the contract or it is
required in order to take steps at the request of the data subject prior to entering
into a contract. [point (a) of subparagraph 1 of Article 6 of the GDPR].
2.4. Processed personal data: our MetaMask
wallet ID, publicly available information: your transactions and assets in the
Ethereum blockchain network (EtherScan), such as your
purchased NFT and/or asset, and transactional information, such as the purchase
price of your NFT and/or asset, IP address and our e-mail address.
2.5 The data subjects are the natural persons making payments.
2.6 Period of processing: the legal minimum period to keep records, 8
years.
II/3. Cookies
3.1 In order to
monitor the Website, the Controller uses an analytical tool (cookie) which
prepares a data string and tracks how
the visitors use the internet pages. When a page is viewed, the system
generates a cookie in order to record the information related to the visit
(pages visited, time spent on the Controller’s pages, browsing data, exits,
etc) and installs it on the computer of the visitor but these data cannot be
linked to the visitor's person. This tool is instrumental in improving the
ergonomic design of the website, creating and improving a user-friendly
website, enhancing the online experience for visitors and preventing data loss.
Cookies recognize the computer of the visitor and manage its IP address.
3.2 Most internet
browsers accept cookies, but visitors have the option of deleting or
automatically rejecting or allowing them. The visitor has the option to decline
the installation of cookies. Since all browsers are different, visitors can set
their cookie preferences individually with the help of the browser toolbar.
Users might not be able to use certain features on the Website if they decide
not to accept cookies.
3.3 Using cookies, the
websites seen by the visitor and the internet use customs of the visitor may be
monitored. Only upon revisiting the Website and exclusively the respective
service provider can link such data to the person of the visitor. The duration
of the storing of such data depends on the type of the cookies. Session cookies
erase the data upon closing the Website, Flash-cookies, however
may store the data up to one year of inactivity.
3.4 For the use of
functional cookies required to provide our services, the ground for processing
is our legal interest to provide the services. For other cookies, the ground
for processing is the voluntary consent of the data subject (the
visitor) in accordance with point (a) of subparagraph 1 of Article 6 of
the GDPR.
3.5 Processed data:
browser history, identification No, date, time of visit.
3.6 The purpose of
processing: improvement of the user experience, storing of the data of the
respective session, prevention of data loss, identification and tracking of the
data subjects, web analytics.
3.7 In the Menu of
most browsers, there is a “Help” function providing information for the data
subject, where to disable cookies in his or her browser; how to accept new
cookies; how to instruct the browser to set new cookies; or turn off other
cookies.
3.8 The Controller
uses the following cookies:
Cookie
name |
Source |
Type |
purpose |
Lapse |
acces-token
|
Own |
Functional |
Identifies
users’ sessions, checks whether you are checked in. |
until
the end of the session |
II/4. Newsletters:
4.1 The User may
subscribe to the newsletter with his/her expressed, voluntary and active
declaration.
4.2 The purpose of
processing is informing the data subjects on the services, products, news and
events of the Controller and any changes thereto.
4.3 The ground for
processing is the voluntary consent of the data subject in accordance with point
(a) of subparagraph 1 of Article 6 of the GDPR.
Processed personal
data:
- name (surname and
first name)
- email address
4.4 Period of
processing: lasts until the data subject requests to unsubscribe from the
newsletters.
II/5. Contact
5.1 When somebody
contacts the Controller e.g. via e-mail or phone for
the first time without any further processing, the Controller processes
personal data.
5.2 The purpose of
processing is keeping contact between the data subjects and the Controller.
5.3 The ground for
processing is the voluntary consent of the data subject in accordance with
point (a) of subparagraph 1 of Article 6 of the GDPR.
5.4 Period of
processing: 5 years after the closing of the communication or until the data
are processed on new grounds (e.g. entering into a
contract).
5.5 The provision of
the data is not necessary to enter into the contract,
the consequence of failure to provide such data is that contact cannot be kept.
5.6 The scope of the
processed personal data: any personal data voluntarily provided by the data
subject upon making a contact, especially name, e-mail address, phone number,
title, position.
5.7 The recipient of
the processing is our colleague dealing with customer relationships, or the
addressee of the message sent by the data subject or our colleague handling the
matter.
II/6. Proving consent
6.1 Where processing
is based on consent, the controller shall be able to demonstrate that the data
subject has consented to processing of his or her personal data. To this end,
the Controller will store and if needed use in front of the acting
authority/court the personal data of the data subject.
6.2 The data subject
is the person providing his or her consent.
6.3 This obligation is
specified in paragraph (1) of Article 7 of the GDPR [processing in accordance
with point (c) of subparagraph 1 of Article 6 of the GDPR].
6.4 Scope of processed
personal data: the time of providing the consent, IP-address, data required for
identification, such as e-mail address, first name and surname.
6.5 Period of
processing: the Hungarian civil law expiry period (5 years in general).
II/7. Complaint-handling
7.1 Processing shall
be made for the purpose of complaint-handling, the Contractor is obligated to
keep the complaint.
7.2 The data subject
is the person making a complaint.
7.3 The ground for
processing is compliance with a legal obligation, in accordance with paragraph
(7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act
C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].
7.4 Processed personal
data: name, address, e-mail address, phone number.
7.5 Period of
processing: 3 years, as provided for by law.
III. The rights of the data subjects
The data subject may
exercise his or her rights via the contacts of the Controller listed above.
III/1. Right for information and access:
1.1 The Controller
shall take appropriate measures to provide any information relating to
processing to the data subject in a concise, transparent, intelligible and
easily accessible form, using clear and plain language.
1.2 Information may be
requested in writing through the contact data of the Controller specified
above. When requested by the data subject, the information may be provided
orally, provided that the identity of the data subject is proven by other
means.
1.3 The data subject
shall have the right to obtain from the controller confirmation as to whether
or not personal data concerning him or her are being processed, and, where that
is the case, access to the personal data and the following information: the
purposes of the processing; the categories of personal data concerned; the
recipients or categories of recipient to whom the personal data have been or
will be disclosed, in particular recipients in third countries or international
organisations; the envisaged period for which the personal data will be stored;
the existence of the right to request from the controller rectification or
erasure of personal data or restriction of processing of personal data
concerning the data subject or to object to such processing; the right to lodge
a complaint with a supervisory authority; the existence of automated
decision-making, including profiling and, at least in those cases, meaningful
information about the logic involved, as well as the significance and the
envisaged consequences of such processing for the data subject. Where personal
data are transferred to a third country or to an international organisation,
the data subject shall have the right to be informed of the appropriate
safeguards relating to the transfer.
1.4 The Controller
shall provide a copy of the personal data undergoing processing. For any
further copies requested by the data subject, the Controller may charge a
reasonable fee based on administrative costs. Where the data subject makes the
request by electronic means, and unless otherwise requested by the data
subject, the information shall be provided in a commonly used electronic form.
1.5 The Controller
shall be obliged to respond to requests from the data subject at the latest
within one month.
III/2. Right to rectification:
2.1 The data subject
shall have the right to obtain from the Controller without undue delay the
rectification of inaccurate personal data and the completion of incomplete
personal data concerning him or her.
III/3. Right to erasure (‘right to be
forgotten’):
3.1 The data subject shall
have the right to obtain from the controller the erasure of personal data
concerning him or her without undue delay and the controller shall have the
obligation to erase personal data without undue delay where one of the
following grounds applies:
- the
personal data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed;
- the data
subject withdraws consent on which the processing is based, and where there is
no other legal ground for the processing;
- the data
subject objects to the processing and there are no overriding legitimate
grounds for the processing,;
- the
personal data have been unlawfully processed;
- the
personal data have to be erased for compliance with a legal obligation in Union
or Member State law to which the controller is subject;
- the
personal data have been collected in relation to the offer of information
society services.
3.2 Erasure may not be
requested to the extent that processing is necessary: for exercising the right
of freedom of expression and information; for compliance with a legal
obligation which requires processing by Union or Member State law to which the
controller is subject or for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the
controller; for reasons of public interest in the area of public health; for
archiving purposes in the public interest, scientific or historical research
purposes or statistical purposes; or for the establishment, exercise or defence
of legal claims.
III/4. Right to restriction of processing:
4.1 The data subject
shall have the right to obtain from the controller restriction of processing
where one of the following applies:
- the accuracy of the personal
data is contested by the data subject, for a period enabling the controller to
verify the accuracy of the personal data;
- the processing is unlawful and the
data subject opposes the erasure of the
personal data and requests the restriction of their use instead;
- the controller no
longer needs the personal data for the purposes of the processing, but they are
required by the data subject for the establishment, exercise or defence of
legal claims;
- the data subject has
objected to processing pending the verification whether the legitimate grounds
of the controller override those of the data subject.
4.2 Where processing
has been restricted, such personal data shall, with the
exception of storage, only be processed with the data subject's consent
or for the establishment, exercise or defence of legal claims or for the
protection of the rights of another natural or legal person or for reasons of
important public interest of the European Union or of a Member State.
4.3 A data subject who
has obtained restriction of processing shall be informed by the controller
before the restriction of processing is lifted.
III/5. Right to data portability:
5.1 The data subject
shall have the right to receive the personal data concerning him or her, which
he or she has provided to a controller, in a structured, commonly used and
machine-readable format and have the right to transmit those data to another
controller without hindrance from the controller to which the personal data
have been provided.
III/6. Right to object:
6.1 The data subject
shall have the right to object, on grounds relating to his or her particular
situation, at any time to processing of personal data concerning him or her
which is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller or
processing is necessary for the purposes of the legitimate interests pursued by
the controller or by a third party, including profiling based on those
provisions. The Controller shall no longer process the personal data unless the
Controller demonstrates compelling legitimate grounds for the processing which
override the interests, rights and freedoms of the data subject or for the
establishment, exercise or defence of legal claims.
6.2 Where personal
data are processed for direct marketing purposes, the data subject shall have
the right to object at any time to processing of personal data concerning him
or her for such marketing, which includes profiling to the extent that it is
related to such direct marketing. Where the data subject objects to processing
for direct marketing purposes, the personal data shall no longer be processed
for such purposes.
III/7. Right to object
against automated individual decision-making:
7.1 The data subject
shall have the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning him or
her or similarly significantly affects him or her. This right may not be
exercised if the processing is necessary for entering into, or performance of,
a contract between the data subject and a data controller; is authorised by
Union or Member State law to which the controller is subject
and which also lays down suitable measures to safeguard the data subject's
rights and freedoms and legitimate interests; or is based on the data subject's
explicit consent.
III/8. Right of withdrawal:
8.1 The data subject
shall have the right to withdraw his or her consent anytime. The withdraw of
the consent shall not affect affecting the lawfulness of processing based on
consent before its withdrawal.
III/9. Rules on the procedure of the
enforcement of rights:
9.1 Deadline: The Controller shall provide information on
actions taken on a request under Chapter III hereof to the data subject without
undue delay and in any event within one month of receipt of the request. That
period may be extended by two further months where necessary, taking into
account the complexity and number of the
requests. The Controller shall inform the data subject of any such Game within
one month of receipt of the request, together with the reasons for the delay.
Where the data subject makes the request by electronic form means, the
information shall be provided by electronic means where possible, unless
otherwise requested by the data subject.
9.2 If the controller
does not take action on the request of the data
subject, the Controller shall inform the data subject without delay and at the
latest within one month of receipt of the request of the reasons for not taking
action and on the possibility of lodging a complaint with a supervisory
authority and seeking a judicial remedy.
9.3 Information shall be
provided free of charge. Where requests from a data subject are manifestly
unfounded or excessive, in particular because of their repetitive character,
the controller may either charge a reasonable fee taking into
account the administrative costs of providing the information or
communication or taking the action requested; or refuse to act on the request.
9.4 The Controller
shall communicate any rectification or erasure of personal data or restriction
of processing to each recipient to whom the personal data have been disclosed,
unless this proves impossible or involves disproportionate effort.
III/10. California law
provisions: As
a California resident, you have certain rights over your Personal Information
held by the under the California Consumer Privacy Act (the “CCPA”). California
residents are entitled once a year, free of charge, to request and obtain certain
information regarding our disclosure, if any, of certain categories of personal
information to third parties for their direct marketing purposes in the
preceding calendar year.
The rights afforded to
you as a California resident are as follows:
- the right to request
the deletion of any personal information about you that has been collected from
you;
- the right to request
disclosures regarding the collection of your personal information;
- the right to request
disclosures regarding the sale of your personal information or disclosures made
for a business purpose;
- the right not to be
discriminated against for exercising your rights under the CCPA;
- the right to opt-out
of the sale of your personal information.
IV. Remedies
1 Every data subject
shall have the right to lodge a complaint with a supervisory authority, in particular
in the Member State of his or her habitual
residence, place of work or place of the alleged infringement if the data
subject considers that the processing of personal data relating to him or her
infringes the GDPR.
2 Each data subject
shall have the right to an effective judicial remedy where he or she considers
that his or her rights under the GDPR have been infringed as a result of the
processing of his or her personal data in non-compliance with the GDPR.
Proceedings against a controller or a processor shall be brought before the
courts of the member state where the controller or processor has an
establishment. Alternatively, such proceedings may be brought before the courts
of the member state where the data subject has his or her habitual residence.
Any person who has suffered material or non-material damage as a result of an
infringement of the GDPR shall have the right to receive compensation from the
controller or processor for the damage suffered.