Privacy Policy

1.DEFINITIONS

1.1.Data Subject: A natural person about whom GAMETHERAPY has information enabling their identification. Data Subjects include Clients, Visitors, cooperation partners, and employees who are natural persons and whose personal data is held by GAMETHERAPY.

1.2. Privacy Policy: This document that establishes the principles for Personal Data Processing by GAMETHERAPY.

1.3. Personal Data: Any information pertaining to an identified or identifiable natural person.

1.4. Personal Data Processing: Encompasses any operation or set of operations performed on a Data Subject's Personal Data, including collection, recording, organization, storage, modification, disclosure, allowing access to, retrieval, consultation, use, transmission, cross-referencing, alignment, combination, restriction, erasure, or destruction of Personal Data, regardless of the method or means employed for these operations.

1.5. A Client is defined as any individual or legal entity that utilizes GAMETHERAPY's Services or expresses an intention to do so.

1.6. The term Agreement refers to the Service Agreement or any other formal arrangement established between GAMETHERAPY and a Client.

1.7. Website pertains to GAMETHERAPY's online platform located at www.gametherapy.eu.

1.8. A Visitor encompasses any person who uses GAMETHERAPY's Services or visits its Website.

1.9. Child's Consent Age, concerning the processing of Personal Data, is set at a minimum of 16 years when providing information society services directly to a minor.

1.10. Services encompass all offerings and products provided by GAMETHERAPY, including the information society services within GAMETHERAPY's Product Portfolio.

1.11. Cookies refer to data files from the Website that are occasionally stored on a Visitor's device. 1.12. GAMETHERAPY's Data Protection Officer is the individual responsible for overseeing the adherence to Personal Data Processing principles at GAMETHERAPY and can be contacted by Data Subjects in case of complaints.

1.13. Product Portfolio encompasses the various business entities, products, and services offered by GAMETHERAPY, with the detailed list available in GAMETHERAPY's Product Portfolio, including games and websites.

2. GENERAL PROVISIONS

2.1. GAMETHERAPY represents the legal entity known as GAMETHERAPY, s.r.o., with registration code 54 827 655, and its registered address at Radlinského 11, 949 01 Nitra, Slovakia.

2.2. GAMETHERAPY handles all matters related to Personal Data protection in Slovakia in accordance with the European General Data Protection Regulation (GDPR) requirements.

2.3. GAMETHERAPY may engage with Personal Data in the following roles: (1) As a controller, determining the purposes and methods of processing. (2) As a processor, following the instructions provided by the controller. (3) As a recipient, to the extent to which Personal Data is transferred.

2.4. This Privacy Policy of GAMETHERAPY is an integral part of the Agreement between GAMETHERAPY and the Client.

2.5. The Privacy Policy applies to Data Subjects, and the rights and obligations outlined in the Privacy Policy must be adhered to by all GAMETHERAPY employees and cooperation partners who have access to Personal Data in GAMETHERAPY's possession.

3. PRINCIPLES

3.1. GAMETHERAPY's primary goal is to process Personal Data responsibly, adhering to best practices, and consistently demonstrate the alignment of Personal Data Processing with predefined objectives while always considering the interests, rights, and freedoms of Data Subjects.

3.2. All of GAMETHERAPY's processes, guidelines, operations, and activities related to Personal Data Processing are guided by the following principles:

(1) Legality: Personal Data Processing is always grounded in a legal basis, typically through consent. (2) Fairness: Personal Data Processing is conducted fairly, providing Data Subjects with adequate information and communication about how their Personal Data is processed.

(3) Transparency: Personal Data Processing is transparent for Data Subjects, including through this Privacy Policy, which elucidates the reasons, methods, and timing of Personal Data processing.

(4) Purposefulness: Personal Data is collected for specific, clearly defined legitimate purposes and shall not be processed in any manner conflicting with these purposes.

(5) Minimization: Personal Data is kept to the minimum required for the designated purpose. GAMETHERAPY follows the principle of minimal processing, and when Personal Data is no longer needed for its original purpose, it is promptly deleted.

(6) Accuracy: Personal Data is accurate and regularly updated as necessary, with corrective measures taken without delay for any inaccuracies that may hinder the purpose of Personal Data Processing.

(7) Accuracy: Personal Data is accurate and updated when necessary. Reasonable steps are taken to rectify any inaccuracies that may impede the purpose of Personal Data Processing without delay.

(8) Storage Limitation: Personal Data is retained in a format allowing for the identification of Data Subjects only for the duration necessary to achieve the intended processing purpose. In cases where GAMETHERAPY seeks to retain Personal Data for a longer period than necessary, anonymization will be applied to ensure Data Subjects can no longer be identified. Data received through a Client relationship or similar interactions will be stored accordingly.

Data processed based on consent will typically be retained until the consent is withdrawn. Storage duration may also be determined by other legal grounds for processing, such as legitimate interests or compliance with GAMETHERAPY's legal obligations. Information that may contain Personal Data, like forum posts or group discussions shared by the Data Subject with Visitors or Clients, will remain public even after the account is deactivated.

(9) Security and Confidentiality: Personal Data Processing will be executed to ensure the adequate security of Personal Data, protecting them against unauthorized or unlawful Processing, accidental loss, destruction, or damage. This is achieved through reasonable technical and organizational measures. GAMETHERAPY maintains internal guidelines, employee rules, and separate agreements with processors, all specifying best practices, ongoing risk assessment, and appropriate technical and organizational measures for Personal Data Processing.

(10) Data Protection by Design and by Default: GAMETHERAPY ensures that all systems used meet the necessary technical criteria. Suitable data protection measures are incorporated when renewing or designing every information or data system. For example, information systems and business processes are constructed using pseudonymization and encryption.

3.3. In all instances of Personal Data Processing, GAMETHERAPY is committed to maintaining the ability to provide evidence of adherence to the aforementioned principles. Further information on compliance with these principles can be requested from the Data Protection Officer.

4. COMPOSITION OF PERSONAL DATA

4.1. GAMETHERAPY gathers the following categories of Personal Data:

(1) Personal Data voluntarily disclosed by the Data Subject, including: a) Contact information like nickname, email address, and in some instances, postal address, and telephone number; b) Information related to job applications, such as resumes, names, email addresses, and telephone numbers; c) Information provided in response to surveys; d) Details furnished during the account creation process, such as email, nickname, country, age, and gender; e) Information shared when inviting others to use GAMETHERAPY Services; f) Content from messages transmitted via GAMETHERAPY's chat channel or messaging system.

(2) Personal Data generated from routine interactions between the Data Subject and GAMETHERAPY.

(3) Personal Data that the Data Subject has clearly made public, for example:

a) Personal Data Obtained from Meta: If a Data Subject logs into the game using their Meta account, GAMETHERAPY may receive Personal Data from the Data Subject's Meta account, including their username and user ID. The specific information received depends on the Data Subject's Meta privacy settings. If a Data Subject's Meta account is public, GAMETHERAPY may receive data such as the username, email address, age range, gender, selected language, country, and the names and avatars of Meta friends who are already playing GAMETHERAPY games. Data Subjects have the option to limit the Personal Data shared with GAMETHERAPY. You can review Facebook's Privacy Policy here:

https://www.facebook.com/privacy/policy/.

b) Personal Data Obtained from Google: When a Data Subject logs into a GAMETHERAPY game using their Google account, GAMETHERAPY may receive Personal Data from the Data Subject's Google account, which may include the username and user ID. The specific data received depends on the Data Subject's Google privacy settings. GAMETHERAPY may receive information like the name, email address, and profile picture, and with the Data Subject's consent, their contact list. Data Subjects have the option to control the Personal Data shared with GAMETHERAPY; you can find more information on how to do this here. For Google's Privacy Policy, please visit:

https://policies.google.com/privacy?hl=en-US.

(4) Personal Data Generated through Service Usage and Website Visits, including:

a) User credentials such as username and password;

b) Profile information such as gender, photo, age, and date of birth;

c) Links to Data Subjects' profiles on social networks;

d) Mobile device identifiers, including unique mobile device IDs, hardware type, media access control ("MAC") address, international mobile equipment identity ("IMEI"), and device name;

e) General information regarding Data Subject's location, and precise geographical device location data (only with consent);

f) Game-related data, encompassing interactions within the game and with other users, logged through server records;

g) Player ID;

h) Duration of Website usage and Service consumption; IP address; device operating system, browser type, language settings, access times, and the web addresses from which the Data Subject accessed GAMETHERAPY's Website;

i) Insights on interaction with our Services, such as gaming activity details.

(5) Information Collected through Cookies and Similar Technologies.

(6) Personal Data Received from Third Parties, including: a) Data Subject's characteristics and interests; b) Information regarding other games and services used.

(7) Personal Data Created and Combined by GAMETHERAPY, such as: a) Electronic correspondence; b) Information related to Data Subject's interactions with GAMETHERAPY on social media networks.

5. COMPOSITION, PURPOSES AND BASES FOR PROCESSING OF PERSONAL DATA

5.1. GAMETHERAPY shall Process Personal Data only on the basis of consent or on any other legal basis. Legal bases for Processing of Personal Data include, but are not limited to, legitimate interests or an Agreement between the Data Subject and GAMETHERAPY

5.2. GAMETHERAPY shall Process Personal Data on the basis of consent precisely within the limits, to the extent and for the purposes determined by the Data Subject. As for consents, GAMETHERAPY shall follow the principle that every consent shall be clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language. Consent may be given in writing or by electronic means or as an oral statement. A Data Subject shall give the consent freely, specifically, informedly and unambiguously, for example by ticking a box or by clicking a button.

5.3. Upon entry into and performance of an Agreement, Personal Data Processing may be additionally provided for in the specific Agreement, but GAMETHERAPY may Process Personal Data for the following Purposes:

(1) To perform actions requested by the Data Subject prior to entering into an Agreement;

(2) To establish the Client's identity as required for due diligence, which may include identity verification for account recovery;

(3) To fulfill obligations to the Client, including providing suitable versions of GAMETHERAPY's Services on various devices, creating game accounts, allowing Data Subjects to play GAMETHERAPY's games, and storing game-related data; providing Services upon Data Subject's requests;

(4) To maintain communication with the Client, including sending confirmations, invoices, technical updates, security notifications, support, and administrative messages;

(5) To ensure compliance with the Client's payment obligations;

(6) To assert, realize, and defend legal claims.

5.4. For the establishment of an employment contract, GAMETHERAPY's processing of a job applicant's Personal Data, based on the agreement and legitimate interest, will encompass:

(1) Processing the data submitted by the job applicant to GAMETHERAPY for the purpose of entering into an employment contract;

(2) Processing Personal Data received from the job applicant's provided referee;

(3) Processing Personal Data obtained from state databases, registers, and public (social) media.

In cases where a job applicant is not selected, GAMETHERAPY will retain the Personal Data collected for employment contract purposes for one year, in order to make a job offer to the applicant should a suitable position become available. After one year from the submission of a job application, the Personal Data of an unsuccessful applicant will be deleted.

5.5. Legitimate interest refers to GAMETHERAPY's interest in managing and directing its business to offer the best possible Services in the market. GAMETHERAPY will only process Personal Data on legal grounds after careful consideration, ensuring that the processing aligns with GAMETHERAPY's legitimate interests and respects the interests and rights of Data Subjects. This involves following a three-step test to determine that Personal Data Processing is necessary for GAMETHERAPY's legitimate interests while complying with Data Subjects' interests and rights. Specifically, Personal Data Processing based on legitimate interest may occur for the following purposes:

(1) To establish a trust-based relationship with a client, such as Personal Data Processing that is strictly necessary for identifying ultimate beneficiaries or preventing fraud.

(2) For client base administration and analysis, aiming to enhance the availability, selection, and quality of Services and products, and to offer the most personalized options to the Client with their consent.

(3) To utilize identifiers and Personal Data collected during website, mobile application, and other Services usage. This data will be used for web analysis, analysis of mobile and information society services, ensuring and enhancing Service functionality, statistical purposes, analyzing Visitor behavior and user experience, and providing improved and personalized Services.

(4) For campaign organization, including personalized and targeted campaigns, conducting satisfaction surveys for Clients and Visitors, and evaluating the effectiveness of marketing activities.

(5) To monitor the service. GAMETHERAPY may record messages and instructions given in its facilities and through communication channels (e.g., email, telephone), as well as information and other actions taken by GAMETHERAPY. These recordings will be used as needed to document instructions or other activities.

(6) To maintain the integrity of GAMETHERAPY's Services, including network, information, and cyber security considerations. This involves combating piracy, ensuring Website security, and implementing backup measures to protect GAMETHERAPY, its employees, and others.

(7) For corporate purposes, especially in financial management and the processing of Personal Data for Clients or employees.

(8) To receive feedback.

(9) For online targeted advertising (including on third-party websites) where Data Subjects can opt out (refer to section 12: Important Guidelines).

(10) For providing Data Subjects with third-party online advertising, from which Data Subjects can opt out (refer to section 12: Important Guidelines).

(11) For the establishment, exercise, or defense of legal claims.

5.6. When fulfilling a legal obligation, GAMETHERAPY will Process Personal Data to meet the requirements mandated by law or to engage in activities permitted by law. Legal obligations may arise, for instance, in the context of adhering to payment processing regulations and preventing money laundering.

5.7. If Personal Data Processing is conducted for a new purpose, distinct from the original intent for which the Personal Data were initially collected, and is not based on the Data Subject's consent, GAMETHERAPY will meticulously evaluate the permissibility of such new Processing. Details of these new Processing purposes will always be publicly accessible in the register of processing operations (refer to section 12: Important Guidelines). To determine whether the Processing for the new purpose aligns with the initial purpose for which the Personal Data were collected, GAMETHERAPY will take into consideration, among other factors:

(1) The connection between the initial purposes for collecting the Personal Data and the new intended purposes for Processing.

(2) The context in which the Personal Data were originally gathered, with a particular focus on the relationship between the Data Subject and GAMETHERAPY.

(3) The characteristics of the Personal Data, especially whether any special categories of Personal Data or data related to criminal convictions and offenses are involved.

(4) The potential implications of the intended further Processing for Data Subjects.

(5) The presence of suitable protective measures, including encryption and pseudonymization, if applicable.

6. DISCLOSURE AND/OR TRANSFER OF CLIENT DATA TO THIRD PARTIES

6.1. GAMETHERAPY collaborates with entities to whom GAMETHERAPY may disclose information about Data Subjects, including their Personal Data, within the context of their cooperative efforts.

6.2. These third parties may include entities within the same corporate group as GAMETHERAPY, its advertising and marketing partners, firms conducting client satisfaction surveys, debt collection agencies, credit bureaus, IT partners, intermediaries or providers of (electronic) mail services, on the condition that:

(1) The specific purpose and Processing comply with legal requirements.

(2) Personal Data Processing adheres to GAMETHERAPY's policies and is based on a valid agreement.

(3) Data regarding the relevant processors are disclosed to the Data Subjects (refer to section 12: Important Guidelines).

6.3. GAMETHERAPY will only transfer Personal Data out of the European Union under certain conditions: when there is adequate protection in the recipient country; when protection measures have been agreed upon (e.g., binding internal rules within the group or standard data protection clauses); when the Data Subject has provided clear and informed consent for the transfer; when the transfer is explicitly required by an agreement with the Data Subject; when the transfer is not recurring and involves only a limited number of Data Subjects; when it is necessary to protect GAMETHERAPY's legitimate interests that are not overridden by the interests, rights, or freedoms of the Data Subject; when all circumstances related to the transfer have been assessed, and suitable protection measures have been established to safeguard the Personal Data; or if there is another legal basis for the transfer. GAMETHERAPY will inform the Data Protection Inspectorate of such transfers based on a legitimate interest.

7. SECURITY OF PERSONAL DATA PROCESSING

7.1. GAMETHERAPY will strictly adhere to legal requirements for the storage of Personal Data, keeping it for the minimum necessary duration. Expired Personal Data will be securely destroyed according to GAMETHERAPY's established procedures and best practices.

7.2. GAMETHERAPY has implemented guidelines and procedural rules to ensure the security of Personal Data. Further details regarding these security measures can be obtained from GAMETHERAPY's Data Protection Officer.

7.3. In the event of a Personal Data-related incident, GAMETHERAPY will take all necessary steps to mitigate the consequences and prevent future risks. This includes documenting all incidents and notifying the Data Protection Inspectorate and Data Subjects directly (e.g., via email) or publicly (e.g., through news releases) as required by regulations.

7.4. GAMETHERAPY stores Personal Data using services such as Amazon Web Services and Google Cloud, as well as on servers and equipment located in European Union countries.

8.PROCESSING OF PERSONAL DATA CONCERNING MINORS

8.1 GAMETHERAPY's Services, including information society services, are not intended for individuals under the age of 16.

8.2 GAMETHERAPY does not intentionally gather any information about individuals under the age of 16. If any such information is provided, we will take action in accordance with the requests of a parent or guardian.

8.3 If GAMETHERAPY becomes aware that it has obtained Personal Data related to a minor under the age of 16, the company will make every effort to cease the Processing of the respective Personal Data.

9.RIGHTS OF DATA SUBJECTS

9.1. Rights Regarding Consent:

(1) Data Subjects always have the right to inform GAMETHERAPY of their desire to withdraw consent for Personal Data Processing.

(2) You can change and withdraw your consents given to GAMETHERAPY by contacting GAMETHERAPY or, in some cases, by clicking the unsubscribe button. Contact details can be found in section 13 of this Privacy Policy.

9.2. Data Subjects also possess the following rights in relation to Personal Data Processing:

(1) Right to Information: This is the right of a Data Subject to receive information about the Personal Data collected concerning them.

(2) Right to Access Data: This right allows a Data Subject to confirm whether their Personal Data is being processed and, if so, to obtain a copy of the processed Personal Data.

(3) Right to Rectify Inaccurate Personal Data: Data Subjects can request the correction of inaccurate data.

(4) Right to Erasure of Data: In certain cases, Data Subjects have the right to request the deletion of Personal Data, especially if the Processing is based solely on consent. However, please note that in some instances, Personal Data displayed during gameplay, such as usernames, avatars, scores, and chat messages, may be stored on other players' devices, and these cannot be erased by GAMETHERAPY, for instance, when the device is not connected to a Wi-Fi network.

(5) Right to Request Personal Data Processing Restriction: This right may be invoked when Personal Data Processing is not permitted by law or when the Data Subject disputes the accuracy of their Personal Data. The Data Subject has the right to request a restriction of Personal Data Processing for a period that allows the processor to verify the accuracy of the Personal Data or when the Personal Data Processing is considered unlawful, but the Data Subject does not request the deletion of the Personal Data.

(6) Right to Data Portability: In specific cases, a Data Subject has the right to receive their Personal Data in a machine-readable format and to transfer these data to another data controller.

(7) Right to Object: In certain situations, the Data Subject may have the right to object to the Processing of their Personal Data at any time, provided there are valid reasons based on their specific circumstances.

(8) Rights Related to Automated Processing: These rights encompass the right to object, based on reasons related to the Data Subject's particular situation, to Personal Data Processing that relies on automated decision-making. GAMETHERAPY may use automated Processing for business purposes, including Visitor segmentation for marketing purposes, sending personalized messages, managing employment relationships, and ensuring employees' compliance with internal security regulations. Automated Processing may also involve data collected from public sources. Data Subjects have the right to avoid decisions based on automated Personal Data Processing, especially those that qualify as profiling. This includes the right to opt out of targeted advertising (see section 12: Important Guidelines).

(9) Right to Request an Assessment by a Supervisory Authority to Determine the Lawfulness of Personal Data Processing.

(10) Right to Compensation for Damages: This right applies in cases where the Data Subject's rights have been violated and GAMETHERAPY is held liable for the resulting damages.

10.EXERCISING RIGHTS AND LODGING COMPLAINTS

10.1. Exercising Your Rights: Data Subjects have the right to contact GAMETHERAPY or the Data Protection Officer of GAMETHERAPY using the contact details provided in section 13 if they have any questions, requests, or complaints regarding the Processing of their Personal Data.

10.2. Filing Complaints: Data Subjects have the right to file complaints with GAMETHERAPY and the Data Protection Officer of GAMETHERAPY, lodge claims with the Data Protection Inspectorate, or take the matter to court if they believe their rights have been violated in the context of Personal Data Processing.

11.COOKIES AND OTHER WEB TECHNOLOGIES

11.1. Collection of Visitor Data: GAMETHERAPY may collect data from Visitors of the Websites and other information society services using Cookies (small pieces of information stored by the Visitor's browser on their computer or another device) or other similar technologies (e.g., IP address, device information, location information, and advertising identifiers) and process this data.

11.2. Use of Collected Data: The data collected is used to personalize the Services according to a Visitor or Client's preferences, enhance Service quality, inform Visitors and Clients about content and provide recommendations, optimize advertisements, improve marketing efforts, and facilitate secure logins. This data is also used for Visitor analytics and recording their usage habits.

11.3. Types of Cookies: GAMETHERAPY utilizes session Cookies, persistent Cookies, and advertising Cookies. Session Cookies are automatically deleted after each visit, while persistent Cookies remain after repeated use of the Website. Advertising Cookies and third-party Cookies are employed by GAMETHERAPY's partner Websites linked to the GAMETHERAPY Website. GAMETHERAPY does not control the generation of these Cookies (or other third-party tracking), so information about them can be obtained from third parties. Additional information on Cookies can be found in the guidelines (see section 12: Important Guidelines).

11.4. Cookie Usage Consent: By using the Website, information society service devices, or web browsers, Visitors are agreeing to the use of Cookies.

11.5. Cookie Management: Most web browsers allow Cookies. Some functions of the Website may not be available to Visitors who do not fully enable Cookies. Visitors have control over enabling or disabling Cookies and similar technologies through their web browser settings, information society service settings, and platforms designed to enhance privacy (see section 12: Important Guidelines).

12.IMPORTANT INFORMATION

12.1. The implementation of GAMETHERAPY's Privacy Policy is based on the following documents, guidelines, and procedures: (1) Cookie Descriptions: Descriptions of cookies and other web technologies used by GAMETHERAPY. (2) Your Online Choices; About Ads; Network Advertising: A platform for controlling and monitoring cookies and other web technologies, allowing Data Subjects to independently change and control how their Personal Data is used and collected. (3) Information about processors can be found here.

13.CONTACT INFORMATION AND DETAILS

13.1. Important contact information for GAMETHERAPY and Data Subjects: (1) For inquiries related to Personal Data, you can reach GAMETHERAPY via email at [email protected]. (2) GAMETHERAPY's Data Protection Officer, Andrej Gero, can be contacted via email at [email protected].

14.OTHER TERMS AND CONDITIONS

14.1. GAMETHERAPY reserves the right to unilaterally amend this Privacy Policy. Any amendments will be communicated to Data Subjects through GAMETHERAPY's website, via email, or by other means.

14.2. Latest Amendments and Effective Date of the Privacy Policy: October 12, 2023.