Polityka prywatności
1. DEFINITIONS
1.1. Controller – Rosetta Gaming Spółka ograniczoną odpowiedzialnością with with the registered office in Kraków, Aleja 29 Listopada 20, 31 – 401 Kraków, written in the register of entrepreneurs kept by District Court for Kraków Śródmieście in Kraków 11th Commercial Division of the National Court Register under number KRS: PLN 0000756864, NIP number: 9452223453; REGON: 381807954, with the share capital of PLN 5000 paid up in full.
1.2. Personal data – information about a natural person who is identified or identifiable by one or more specific factors specifying his or her physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
1.3. Policy – the present Privacy Policy.
1.4. GDPR– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website or Site – a website together with its subpages and associated services provided through it (e.g. a form) managed by the Controller at the address: office@rosettagaming.com
1.6. User – any natural person visiting the site or using one or more of the services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
2.1. In connection with the use of the Website by the User, the Controller collects data
to the extent necessary for the provision of the individual services offered, as well as information
about the activity of the Users on the Website. The following describes detailed rules and purposes of the processing of Personal Data collected during the use of the Site by the User.
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE SITE
USING THE SITE
3.1. Personal Data of all persons using the Site (including IP address or other identifiers and information collected through the tools used by the Controller) are processed by the Controller.
3.1.1. for the purpose of providing services electronically in terms of making the content collected on the Site available to Users – in which case the legal basis for the processing is the necessity of the processing to perform the contract (Article 6(1)(b) GDPR);
3.1.2. for analytical and statistical purposes – then the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of the Users’ activities, as well as their preferences in order to improve the functionalities used and services provided;
3.1. 3. For the possible establishment, exercise or defence of claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPRRODO), consisting in defending its rights;
3.1.4. for marketing purposes of the Controller and other entities, in particular related to the presentation of behavioural advertising – the principles of processing of Personal Data for marketing purposes are described in the MARKETING section.
3.2. The User’s activity on the Site, including his/her Personal Data, is recorded in the system logs (special software used to store a chronological record containing information about events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Controller also processes it for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes – in this regard, the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
CONTACT FORM
3.3. The Controller provides the possibility to contact it with the use of an electronic contact form. Using the form requires providing Personal Data necessary to contact the User and provide an answer to the question. Provision of data marked as obligatory is required in order to carry out the requested contact or to address an enquiry, and their non-provision makes it impossible to carry out the requested contact or process the sent enquiry. The provision of other data is voluntary.
3.4. The Controller processes the personal data obtained through the above form:
3.4.1. for the purpose of identifying the sender and handling his/her enquiry sent via the form provided and for the purpose of providing an answer to the enquiry – the legal basis for the processing of obligatory data is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in providing answers to questions addressed to it regarding its business activity; with regard to data provided optionally, the legal basis for the processing is consent (Article 6(1)(a) GDPR);
3.4.2. for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting statistics of the enquires reported by Users via the Site in order to improve its functionality,
3.4.3 for the purpose of exercising or defending against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in protecting its rights.
4. MARKETING
4.1. The Controller processes the Users’ Personal Data in order to carry out marketing activities, which may consist in:
4.1.1. displaying marketing content to the User,
4.1.2. sending e-mail notifications of interesting offers or content, which in some cases contain commercial information (newsletter service).
5. COOKIE FILES AND SIMILAR TECHNOLOGY
5.1. The Controller uses cookies mainly to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Controller and other entities providing analytical and statistical services to the Controller use cookies, storing information or accessing information already stored in the User’s telecommunications terminal equipment (computer, phone, tablet, etc.). The use of cookies on the Website is not intended to identify Users. The Policy regulates the processing of data related to the use of own cookies.
5.2. Cookies are small text files installed on the equipment of the User browsing the Site. Cookies collect information to facilitate the use of the website – e.g. by remembering the User’s visits to the Website and the actions s/he has performed.
STRICTLY NECESSARY COOKIES
5.3. The Controller uses necessary cookies primarily to provide Users with the services and functionalities of the Site the User wishes to use. The necessary cookies may only be installed by the Controller through the Site.
5.4.The legal basis for the processing of data in connection with the use of necessary cookies is the necessity of the processing to perform a contract (Article 6(1)(b) of the GDPR.
PERFORMANCE COOKIE FILES
6.5. The Controller uses performance cookies to count visits and traffic sources on the Site. The cookie files may only be installed by the Controller through the Site.
5.6. The legal basis for the processing of personal data in connection with the use of functional and analytical cookies by the Controller is the User’s consent (Article 6(1)(a) of the GDPR.
5.7. The processing of Personal Data in connection with the use of performance cookies is subject to the User’s consent to use them via the cookie consent management platform.
This consent can be withdrawn at any time through this platform.
FUNCTIONAL AND ANALYTICAL COOKIE FILES
5.8. Functional cookies are used to remember and adjust the Site to the User’s choices in terms of, inter alia, language preferences.
Functional cookies may be installed by the Controller and its partners through the Site.
5.9. Analytical cookies make it possible to obtain information such as the number of visits and sources of traffic on the Site. They are used to determine which pages are more and which are less popular, and to understand how Users navigate the Site by keeping statistics on Site traffic. The data processing is done to improve the Site performance. The information collected by these cookies is aggregated, so they are not intended to establish your identity. Functional cookies may be installed by the Controller and its partners through the Site.
5.10. The legal basis for the processing of personal data in connection with the use of functional and analytical cookies by the Controller is the User’s consent (Article 6(1)(a) of the GDPR.
5.11. The processing of Personal Data in connection with the use of functional and analytical cookies is subject to the User’s consent to use (separately) functional and analytical cookies via the cookie consent management platform. This consent can be withdrawn at any time through this platform.
ADVERTISING COOKIE FILES
5.12. Advertising cookies allow adapting the displayed advertising content to the User’s interests on and off the Website. Based on the information from these cookies and the User’s activity on other websites, a profile of the User’s interests is built. Advertising cookies may be installed by the Controller and its partners through the Website.
5.13. The legal basis for the processing of personal data in connection with the use of advertising cookies by the Controller is the User’s consent (Article 6(1)(a) of the GDPR.
5.14. The processing of Personal Data in connection with the use of advertising cookies is subject to the User’s consent to use them via the consent management platform. This consent can be withdrawn at any time through this platform.
6. MANAGING COOKIES SETTINGS
6.1. The use of cookies for the purpose of collecting data through them, including to gain access to the data stored on the User’s device, requires the User’s consent. On the Site, the Controller collects consent from the User through the cookie consent management platform. This consent may be withdrawn at any time.
6.2. Consent is not required only in the case of cookies the use of which is necessary to provide the telecommunication service (data transmission to display content) – the User does not have the possibility to opt out of these cookies if s/he wishes to use the Site.
6.3. In order to receive advertising tailored to the User’s preferences, apart from accepting the the installation of cookies through the cookie consent management platform, it is necessary to maintain appropriate browser settings that allow storing cookies coming from the Website on the User’s terminal equipment.
6.4. Withdrawal of consent for the collection of cookies on the Site is possible via email: office@rosettagaming.com
6.5. The user also has the possibility to withdraw consent by changing the browser settings. Detailed information can be found at the following links:
6.5. 1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
6.5. 2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
6.5. 3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
6.5. 4. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
6.5. 5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB.
6.6. At any time the user can verify the status of his/her current privacy settings for the used browser using the tools available at the links below:
6.6.1. http://www.youronlinechoices.com/pl/twojewybory
6.6.2. http://optout.aboutads.info/?c=2&lang=EN.
6.7. To exercise your rights to access, rectify, erase, restrict, transfer, object to the processing of your personal data, lodge a complaint or ask any other question regarding cookies, please send your request at the Controller’s contact details indicated in the Privacy Policy.
7. PERIOD OF PROCESSING PERSONAL DATA
7.1. The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service provision, until the granted consent is withdrawn or an effective objection is made to data processing in cases where the legal basis for data processing is the legitimate interest of the Controller.
7.2. The period of data processing may be extended if the processing is necessary to establish and exercise possible claims or defend against such claims, and thereafter only if and to the extent required by law. After the end of the processing period, the data are irreversibly deleted or anonymised.
8. RIGHTS OF DATA SUBJECTS
8.1. Data subjects have the following rights:
8.1.1. the right to the information about the processing of personal data – on this basis the Controller will provide a natural person making a request with information about the processing of data, including, in particular, the purposes and legal grounds for the processing, the scope of the data held, the entities to which the data are disclosed, and the planned date of erasure of the data;
8.1.2. the right to obtain a copy of the data – on this basis the Controller provides a copy of the processed data concerning the natural person making the request;
8.1.3. right to rectification – the Controller is obliged to rectify any inconsistencies or errors in the processed Personal Data and to complete them if they are incomplete;,
8.1.4. the right to erasure – on this basis it is possible to request the erasure of Data, the processing of which is no longer necessary to perform any of the purposes for which they were collected,
8.1.5. right to restriction of processing – if such a request is made, the Controller discontinues performing operations on the Personal Data – with the exception of operations the Data Subject had accepted – and their storage, in accordance with the adopted retention rules or until the reasons for restriction of processing cease to exist (e.g. a decision of a supervisory authority authorising further processing is issued);
8.1.6. the right to data portability – on this basis – to the extent that the data are processed by automated means in connection with the concluded contract or the consent given – the Controller provides the data provided by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity, provided, however, that the technical capacity to do so exists both on the part of the Controller and the designated entity;
8.1.7. right to object to the processing of data for marketing purposes – if applicable, the Data Subject may object at any time to the processing of Personal Data for marketing purposes, without the need to justify such an objection;
8.1.8. right to object to other purposes of processing – the Data Subject may object at any time, on grounds relating to their particular situation, to the processing of Personal Data that is carried out on the basis of a legitimate interest of the Controller (e.g. reasons relating to the protection of property); the objection in this respect should contain a reason;
8.1.9. right to withdraw consent – if the Data are processed on the basis of the consent given, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing performed before the withdrawal of the consent;
8.1.10.right to lodge a complaint – if the processing of Personal Data is considered to be in breach of the provisions of GDPR or other provisions relating to the protection of Personal Data, the Data Subject may lodge a complaint with the supervisory authority for the processing of Personal Data, which has jurisdiction over the Data Subject’s habitual place of residence, place of work or place where the alleged breach has been committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
9. REPORTING DEMANDS CONNECTED WITH THE EXERCISE OF RIGHTS
9.1. A demand concerning the exercise of Data Subjects’ rights may be made:
9.1.1. in writing to the Controller’s address;
9.1. 2. via email to the email address: office@rosettagaming.com
9.2. The request should, as far as possible, indicate precisely what the request concerns, i.e. in particular:
9.2.1. what right the requester wishes to exercise (e.g. the right to obtain a copy of the data, the right to erasure, etc.);
9.2.2. what processing process the request relates to (e.g. use of a particular service, etc.);
9.2.3. what processing purposes the request relates to (e.g. purposes connected with the provision of services, etc.).
9.3. If the Controller is unable to identify the natural person on the basis of the request made, the Controller will request additional information from the requester. It is not obligatory to provide such data, but failure to do so will result in the request being refused.
9.4. The request may be made in person or through a proxy (e.g. a family member).
9.5. The response should be provided within one month following its receipt. If it is necessary to extend this period, the Controller informs the requester of the reasons for such action.
9.6. In the case in which a request was addressed to the Controller electronically, a response is given in the same form, unless the requester demanded a response in another form. In other cases, the response is given in writing. If the period to carry out the request makes it impossible to respond in writing and the extent of the applicant’s data processed by the Controller allows for electronic contact, a response should be provided electronically.
10. DATA RECIPIENTS
10.1. In connection with the provision of services, Personal Data may be disclosed to external entities to the extent necessary for the provision of the services available on the Site.
10.2. The Controller reserves the right to disclose selected information concerning the User to competent authorities or to third parties who make a request for providing such information, based on the relevant legal basis and in accordance with the provisions of binding law.
11. TRANSFER OF DATA OUTSIDE THE EEA
11.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, above all by:
11.1.1. cooperation with processors of Personal Data in countries in relation to which a relevant decision of the European Commission was issued regarding the determination of an adequate level of protection for Personal Data;
11.1.2. applying the standard contractual clauses issued by the European Commission; together with the required additional security measures, these provide Personal Data with the same protection as it enjoys in the European Union:
12. SECURITY OF PERSONAL DATA
12.1. The Controller conducts a risk analysis on an ongoing basis to ensure that the Personal Data is processed by it in a secure manner – ensuring, in particular, that only authorised persons have access to the data and only to the extent necessary for the tasks they perform. The Controller makes sure that all operations on Personal Data are recorded and performed only by authorised employees and collaborators.
12.2. The Controller takes all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures each time they process Personal Data on behalf of the Controller.
13. CONTACT DATA
13.1. Contact with the Controller is possible via email address office@rosettagaming.com or address for correspondence:
Rosetta Gaming sp. z o.o.
Aleja 29 Listopada 20
31 – 401 Kraków
14. AMENDMENTS TO THE PRIVACY POLICY
14.1. The Policy is verified on an ongoing basis and updated if needed.
14.2. The valid version of the Policy was adopted and is effective as of 1st of December 2022
contact
contact
aleja 29 Listopada 20
31-401 Kraków
Polityka prywatności
