Privacy Policy

Applicable from: 14.06.2023.

Contents:

In this Privacy Policy, you may find information regarding the processing of your personal data on the website at https://eternalharvest.app/ (hereinafter the “Website”) and related to the “Eternal Harvest” Game (hereinafter the “Game”) and for the services provided by ANUIN S.R.L. in the following chapters:

I. General. Besides other general information, this chapter contains the data of the Controller and some processors.

II. Ways of processing. In this chapter you may find specific information (the purpose, grounds and period of processing, the scope of data subjects and the data processed) per each purpose of the processing:

II/1. Registration

II/2. Assets, NFT’s

II/3. Cookies

II/4. Newsletters

II/5. Contact

II/6. Proving consent

II/7. Complaint-handling

III. The rights of data subjects. Here you may find a detailed description of your rights regarding the processing and the related procedure.

IV. Remedies. In this chapter you may find the detailed description of the remedies you can have if our rights related to your personal data are violated.

I. General

1 In relation to this Privacy Policy, the users of the Game or the visitors of the Website and any person whose personal data is processed shall be considered and hereinafter referred to as data subjects. The precise scopes of data subjects are specified at each way of processing.

2 The Controller (hereinafter also as: “we”):

Company name: ANUIN S.R.L.

Registered and postal address: 2120 Dunakeszi, Petőfi Sándor utca 16., Hungary

Tax No: 27347825-2-13

Registration No: 13-09-204502

Registered by: the Company Registry Court of Pest County

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

3 It is the Controller’s intention to ensure the protection of personal data of persons providing them to the Controller to the extent possible. This Privacy Policy shall be applicable in respect of the services of the Controller only.

4 The Controller shall have the right to unilaterally modify this Privacy Policy anytime on which the Controller shall inform the data subjects by email.

5 The Controller provides its services by protecting the personality rights of the data subjects, in accordance with the law, especially REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”). For residents of California, the California Consumer Privacy Act (the “CCPA”) shall also be applicable.

6 Please note that it is voluntary to provide your personal data and upon the acceptance of this Privacy Policy, the data subject gives his or her consent to the processing of the personal data if the processing is based on a voluntary consent.

7 The Controller may forward personal data to pursue its activities, to the extent required thereto, to data processors as recipients. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

8 The personal data processed by us on the Website are stored at our storage provider as a data processor: Contabo GmbH.; Aschauer Str. 32a, 81549 München, Germany, https://contabo.com;

Activities: web storage, in case no data is provided, the Controller cannot fulfil its activities.

9 We use a service provider for our payment systems:

Metamask; company name: ConsenSys Software Inc.; 5049 Edwards Ranch Road, Fort Worth, TX 76109, USA

Data: https://metamask.io/

You may find the respective cookie policy and privacy policy on the website above.

Activities: the provision of payment services, in case no data is provided, the Controller cannot fulfill its activities. Processing is required for the performance of contract, the grounds therefor are specified in point (b) of subparagraph 1 of Article 6 of the GDPR.

Forwarded data: the data requested and provided upon payment.

10 Should any court, prosecutor, investigative body, such as the authority investigating the processing of personal data, or any other bodies entitled upon law contact the Controller to provide or hand over information or data, the Controller shall provide the personal data necessary for the purpose of the request if the requesting person specifies the exact purpose and grounds for the request and scope the of personal data.

11 Data security: We have in place physical, electronic and managerial procedures to protect personal information in our custody and control against loss, theft and unauthorized access, use, modification and disclosure. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the 100% security of our Services, nor can we guarantee that the information you provide will not be intercepted while being transmitted to us over the Internet.

II. Ways of processing:

II/1. Registration

1.1 To provide our services properly we request you to register and provide us your e-mail address and a password.

1.2 The ground for processing is the performance of the contract or it is required in order to take steps at the request of the data subject prior to entering into a contract. [point (a) of subparagraph 1 of Article 6 of the GDPR].

1.3 The purpose of processing is allowing the Controller to provide its services.

1.4 Period of processing: until the deletion of the account, unless we have any grounds for further processing as specified below.

1.5 We will use the contact data provided by you (the e-mail address) to keep contact with you for the performance of the contract and to send you information and messages.

II/2. Assets, NFT’s

2.1 Payments for assets or NFT’s are made through Metamask.

2.2 When you purchase NFT’s or assets, use or sell them, we process your personal data. The purpose of processing is making payments for the use of the Game and allowing functionalities related to assets or NFT’s.

2.3 The ground for processing is the performance of the contract or it is required in order to take steps at the request of the data subject prior to entering into a contract. [point (a) of subparagraph 1 of Article 6 of the GDPR].

2.4. Processed personal data: our MetaMask wallet ID, publicly available information: your transactions and assets in the Ethereum blockchain network (EtherScan), such as your purchased NFT and/or asset, and transactional information, such as the purchase price of your NFT and/or asset, IP address and our e-mail address.

2.5 The data subjects are the natural persons making payments.

2.6 Period of processing: the legal minimum period to keep records, 8 years.

II/3. Cookies

3.1 In order to monitor the Website, the Controller uses an analytical tool (cookie) which prepares a data string and tracks how the visitors use the internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on the Controller’s pages, browsing data, exits, etc) and installs it on the computer of the visitor but these data cannot be linked to the visitor's person. This tool is instrumental in improving the ergonomic design of the website, creating and improving a user-friendly website, enhancing the online experience for visitors and preventing data loss. Cookies recognize the computer of the visitor and manage its IP address.

3.2 Most internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting or allowing them. The visitor has the option to decline the installation of cookies. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. Users might not be able to use certain features on the Website if they decide not to accept cookies.

3.3 Using cookies, the websites seen by the visitor and the internet use customs of the visitor may be monitored. Only upon revisiting the Website and exclusively the respective service provider can link such data to the person of the visitor. The duration of the storing of such data depends on the type of the cookies. Session cookies erase the data upon closing the Website, Flash-cookies, however may store the data up to one year of inactivity.

3.4 For the use of functional cookies required to provide our services, the ground for processing is our legal interest to provide the services. For other cookies, the ground for processing is the voluntary consent of the data subject (the visitor) in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.

3.5 Processed data: browser history, identification No, date, time of visit.

3.6 The purpose of processing: improvement of the user experience, storing of the data of the respective session, prevention of data loss, identification and tracking of the data subjects, web analytics.

3.7 In the Menu of most browsers, there is a “Help” function providing information for the data subject, where to disable cookies in his or her browser; how to accept new cookies; how to instruct the browser to set new cookies; or turn off other cookies.

3.8 The Controller uses the following cookies:

Cookie name	Source	Type	purpose	Lapse
acces-token	Own	Functional	Identifies users’ sessions, checks whether you are checked in.	until the end of the session

II/4. Newsletters:

4.1 The User may subscribe to the newsletter with his/her expressed, voluntary and active declaration.

4.2 The purpose of processing is informing the data subjects on the services, products, news and events of the Controller and any changes thereto.

4.3 The ground for processing is the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.

Processed personal data:

- name (surname and first name)

- email address

4.4 Period of processing: lasts until the data subject requests to unsubscribe from the newsletters.

II/5. Contact

5.1 When somebody contacts the Controller e.g. via e-mail or phone for the first time without any further processing, the Controller processes personal data.

5.2 The purpose of processing is keeping contact between the data subjects and the Controller.

5.3 The ground for processing is the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.

5.4 Period of processing: 5 years after the closing of the communication or until the data are processed on new grounds (e.g. entering into a contract).

5.5 The provision of the data is not necessary to enter into the contract, the consequence of failure to provide such data is that contact cannot be kept.

5.6 The scope of the processed personal data: any personal data voluntarily provided by the data subject upon making a contact, especially name, e-mail address, phone number, title, position.

5.7 The recipient of the processing is our colleague dealing with customer relationships, or the addressee of the message sent by the data subject or our colleague handling the matter.

II/6. Proving consent

6.1 Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. To this end, the Controller will store and if needed use in front of the acting authority/court the personal data of the data subject.

6.2 The data subject is the person providing his or her consent.

6.3 This obligation is specified in paragraph (1) of Article 7 of the GDPR [processing in accordance with point (c) of subparagraph 1 of Article 6 of the GDPR].

6.4 Scope of processed personal data: the time of providing the consent, IP-address, data required for identification, such as e-mail address, first name and surname.

6.5 Period of processing: the Hungarian civil law expiry period (5 years in general).

II/7. Complaint-handling

7.1 Processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint.

7.2 The data subject is the person making a complaint.

7.3 The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

7.4 Processed personal data: name, address, e-mail address, phone number.

7.5 Period of processing: 3 years, as provided for by law.

III. The rights of the data subjects

The data subject may exercise his or her rights via the contacts of the Controller listed above.

III/1. Right for information and access:

1.1 The Controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

1.2 Information may be requested in writing through the contact data of the Controller specified above. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

1.3 The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

1.4 The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

1.5 The Controller shall be obliged to respond to requests from the data subject at the latest within one month.

III/2. Right to rectification:

2.1 The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her.

III/3. Right to erasure (‘right to be forgotten’):

3.1 The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,;

- the personal data have been unlawfully processed;

- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

- the personal data have been collected in relation to the offer of information society services.

3.2 Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.

III/4. Right to restriction of processing:

4.1 The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

4.2 Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

4.3 A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

III/5. Right to data portability:

5.1 The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

III/6. Right to object:

6.1 The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

6.2 Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

III/7. Right to object against automated individual decision-making:

7.1 The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right may not be exercised if the processing is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or is based on the data subject's explicit consent.

III/8. Right of withdrawal:

8.1 The data subject shall have the right to withdraw his or her consent anytime. The withdraw of the consent shall not affect affecting the lawfulness of processing based on consent before its withdrawal.

III/9. Rules on the procedure of the enforcement of rights:

9.1 Deadline: The Controller shall provide information on actions taken on a request under Chapter III hereof to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such Game within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

9.2 If the controller does not take action on the request of the data subject, the Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

9.3 Information shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.

9.4 The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

III/10. California law provisions: As a California resident, you have certain rights over your Personal Information held by the under the California Consumer Privacy Act (the “CCPA”). California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year.

The rights afforded to you as a California resident are as follows:

- the right to request the deletion of any personal information about you that has been collected from you;

- the right to request disclosures regarding the collection of your personal information;

- the right to request disclosures regarding the sale of your personal information or disclosures made for a business purpose;

- the right not to be discriminated against for exercising your rights under the CCPA;

- the right to opt-out of the sale of your personal information.

IV. Remedies

1 Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

2 Each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with the GDPR. Proceedings against a controller or a processor shall be brought before the courts of the member state where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the member state where the data subject has his or her habitual residence. Any person who has suffered material or non-material damage as a result of an infringement of the GDPR shall have the right to receive compensation from the controller or processor for the damage suffered.