Privacy and Data Protection Policy
-
Who is responsible for processing your personal data?
Your personal data is processed by the entity The Gang S.A., Org. no. 517087430, with its registered office at Rua de Santa Marta, n.º 32, 3.º C, 1150-296, Santo António, Lisbon (herein referred to as “The Gang”, “Company”, “we” or “us”).
The Gang is an international game development studio committed to developing world-leading, immersive gaming experiences.
This privacy and data protection policy (“Privacy Policy”) allows to inform you about which of your personal data is collected and processed by us, for which purpose we collect your data, how we share and protect your data, for how long is your data stored and your personal data rights under the GDPR. Please note that the protection of your personal data is of highly importance to us.
Any terms undefined in this Privacy Policy which are defined in the GDPR shall have the same meaning as in the GDPR. -
What categories of personal data do you collect?
In order to provide you with our services, we may need to collect personal data of our users meaning any information that (regardless of its nature or medium), directly or in combination with other data, can identify a natural person or can be linked to them. The Gang can only collect personal data in compliance with applicable legislation. Please do not send us any of your personal data if you do not want them to be used in the ways described in this Privacy Policy.
The information we collect about you may vary depending on the interactions we have with you. Essentially, we highlight the following data collection methods:- Information we collect directly from you – We may collect personal information about you when you interact with us, being that by performing registration, ordering a product or service, contact us via our support channels, ordering a product or service, participate in a contest or a sweepstake, filling out a survey or sending us feedback, in such cases we may require that you provide us with certain information about yourself in order to be able to provide our services. The information requested will vary depending on the service to be provided to you and it could be information such as your first and last name, username, date of birth, country of residence, contact details including mailing address and e-mail address. If ordering products or services from us, you may be asked to provide a credit card number in order to be able to complete the transaction. Please note that some of the information we ask you to provide is mandatory in order to be able to perform our services and some is voluntary.
In addition, when you interact with us, we may collect automatically technical information and usage and statistics information through means of tracking technologies and analytics services that we may use in the context of our activity. Such data includes information about your game progress and activity and information about your device including IP address and geolocation information, device ID, operating system and version.
Please note that if certain features related to our services are to be provided by third parties, those third parties may also collect data automatically regarding your use of the services through means of their own tracking technologies tools. These features are subject to those third parties ‘privacy notice and policies. - Information we collect from other sources – We may also receive information about you from third parties such as social networks or platforms that you access in connection with our services. This may include your platform ID, country, IP address, crash reports and in-game activity such as gameplay duration and your display name from platforms which you download the game from, such as Steam, for example, and your social media account ID from social media sites which you choose to connect to from with our services (if applicable). We may also receive non-personalized accumulated in-game activity statistics, said information is collected only for analytics purposes so we can improve our services and provide you the necessary support when required.
- Information we collect directly from you – We may collect personal information about you when you interact with us, being that by performing registration, ordering a product or service, contact us via our support channels, ordering a product or service, participate in a contest or a sweepstake, filling out a survey or sending us feedback, in such cases we may require that you provide us with certain information about yourself in order to be able to provide our services. The information requested will vary depending on the service to be provided to you and it could be information such as your first and last name, username, date of birth, country of residence, contact details including mailing address and e-mail address. If ordering products or services from us, you may be asked to provide a credit card number in order to be able to complete the transaction. Please note that some of the information we ask you to provide is mandatory in order to be able to perform our services and some is voluntary.
-
Lawfulness of data processing
We process your personal data as part of the execution and management of our contractual relationships with you, in our legitimate interest to improve the quality and operational excellence of the services we offer you or in compliance with certain regulatory or legislative obligations, depending on the purpose of the data processing.
Your personal data may also be processed on the basis of your prior consent in the event that, in certain circumstances, your consent is requested. -
Purpose of data processing
In general, we collect and process personal data for the purposes described below:- To operate and provide our services to you, including, managing competitions, promotions and programs, to provide you the related support including to respond to your inquiries; communicate with you about your access and use of our services; for troubleshooting and other technical support; for other customer service and support purpose and for the processing of your orders and request.
- To protect the integrity of the services provided by us, including to verify your identity; to detect and prevent fraud, cheating, and unauthorized activity; to facilitate software updates; to protect our systems and services; to prevent hacks, cheating, and spam and to protect your rights and safety.
- To improve and analyse our services, including to your access and use of our services; to evaluate and improve the services and our business operations; to develop new games, features, offerings and services; to conduct research and other evaluations; and for other research and analysis purposes.
- To personalize our services, including to select the content we send or display on our websites and other services; to offer personalized help and instructions; to modify your gameplay experiences; and to further personalize your experiences with the services.
- For promotional, advertising or marketing purposes, including to send or display targeted marketing to users and others who may be interested in our services; to direct you to more relevant advertisements and to evaluate, analyse and improve the effectiveness of our advertising campaigns; to send you newsletters, offers and other information that we think may be of interest to you; to contact you about our services or information that we think may be of interest to you; and to run promotions and competitions. Where required by applicable law, we will obtain your consent to use your personal information for marketing purposes and related matters.
- To provide enhanced security and safety for our business: including to protect and provide enhanced security for our business operations and assets, services, network and information resources and technology; to investigate, prevent, detect and respond to fraud, cheating, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct.
- To defend our rights under the law: including to manage and respond to potential and actual disputes and lawsuits, and further, to establish, defend or protect our rights or interests, including in the context of actual or anticipated litigation with users or third parties.
- To conduct audits, whistleblowing, corporate governance and internal operations: including financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk and compliance with legal obligations; our general business, accounting, tax responsibilities and legal functions; to manage appropriate business records; to enforce company policies and procedures; and in connection with any actual or planned merger, acquisition, sale of assets or transfer, financing, bankruptcy or restructuring of all or part of our business.
- To comply with applicable regulatory or legal obligations, including as part of a judicial proceeding or as part of an investigation or request, whether formal or informal, from law enforcement or government authorities.
-
How we share your data
We may share your personal data with third parties, if: (a) you have consented to such disclosure; (b) we are under a legal obligation to do so; (c) it is necessary for the purpose of legal proceedings or in relation thereto, or to exercise or protect our rights and; (d) we are required to disclose your personal data to new entities or third parties due to organizational changes within the Company or in connection with the transfer of our business or any part thereof.
We may also share your personal data with some reliable third parties in accordance with contracts entered into with them. They include, for example:- our professional advisors and auditors;
- suppliers to whom we outsource certain ancillary services, such as word processing, translation, photocopying and review of documents, notary services, registry administration and archiving services;
- third parties involved in hosting or organizing of events or seminars.
- IT technology providers;
- user login services, hosting server services and analytics service providers:
- LootLocker and their respective Privacy Policy link: https://lootlocker.com/privacy-policy
- AWS Game Lift and their respective Privacy Policy link: https://aws.amazon.com/privacy/?nc1=f_pr
- Game Analytics and their respective Privacy Policy link: https://gameanalytics.com/privacy
-
Do you perform international data transfers?
As general practice, the Company does not transfer data outside the European Economic Area ("EEA"). However, in an exceptional case when your personal data may need to be shared with a third country outside the EEA, we will observe all respective requirements set out in the GDPR and any other applicable legal provisions in order to ensure protection of such data, in particular as regards determining the suitability of such country with regard to data protection or by providing appropriate guarantees. -
How long will your personal data be processed?
The Company processes the personal data only for the period strictly necessary to fulfil the purposes identified on section 4, within the legal limits. At the end of the defined retention period, the Company undertakes to delete, destroy or anonymize your personal data. -
How is your personal data protected?
The Company employs the best means at its disposal to protect personal data against unauthorized access, disclosure, modification or unauthorized destruction of data. In order to guarantee the security of data and maximum confidentiality, the Company treats information in an absolutely confidential manner, in accordance with internal security and confidentiality policies and procedures, which are updated periodically according to needs, as well as in accordance with the terms and conditions provided by law. Depending on the nature, scope, context and purposes of the processing of the data, as well as the risks arising from the processing for the rights and freedoms of the user, the Company undertakes to apply, both when defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organizational measures for the protection of the data and compliance with legal requirements. -
What is your data protection rights and how can you exercise them?
Under the terms of the applicable legislation, you may request the following data protection rights at any time:- Right of access – You have the right to obtain confirmation as to whether your personal data is being processed and, if so, the right to access your personal data and certain information.
- Right of rectification – You have the right to rectify your inaccurate personal data or request that incomplete personal data be completed.
- Right to erasur – You have the right to have your personal data erased without undue delay if there are no valid grounds for retaining it, such as when it has to be retained to comply with a legal obligation or because legal proceedings are underway.
- Right to restriction of processing – You have the right to request restriction of the processing of your personal data, in form of suspension of processing or limitation of the scope of processing to certain categories of data or processing purposes, as set out in Article 18 of the GDPR.
- Right to data portability – You have the right to receive personal data concerning you that you have provided in a structured, commonly used and machine-readable format and/or the right to have such data transmitted to another controller.
- Right to object – You have the right to object to the processing of data concerning you, provided that there are no legitimate reasons for such processing which prevail over your interests, rights and freedoms, or for the purpose of declaring, exercising or defending a right in legal proceedings.
- Right to withdraw consent – In case that your personal data are processed based on your consent, you shall have the right to withdraw such consent at any time in the same form and manner as the consent was originally given, without such revocation invalidating the processing of the data while the consent was in force.
- Right to contact the Data Protection Officer or Supervisory Authority – You shall have right to contact Data Protection Officer of the Company at [email protected] (Katherine Siano, HR Generalist) with inquiries and / or complaints regarding personal data processing. You shall also have the right to lodge a complaint with the Supervisory Authority, the National Office for Protection of Personal Data or another competent data protection authority, which you can find via the following link: (https://edpb.europa.eu/about-edpb/board/members_en ).
- Final provisions
- Additional privacy information for California residents
If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA) provides consumers residing in California certain rights with respect to their personal information we retain about you. Under CCPA, you have the right to (a) request access to your personal information including how it is used and shared by us; (b) request deletion of your personal information; (c) opt-out of the sale or sharing of your personal information (when applicable); (d) not to be discriminated against for exercising any of your rights under the CCPA; (e) request the correction of inaccurate personal information and (f) request to limit the use and disclosure of sensitive personal information collected about them.
Should you have any questions or concerns about this section or should you wish to exercise any of your rights, please contact us through the instructions in the section “contact us” in this Privacy Policy. - Cookies
The Company does not use cookies to collect, store, or share any personal data. - Minors
We do not solicit or collect any personal information from children under the age of 13 when aware of such information. If you believe that we have collected personal information from a child under the age of 13, please contact us as described in Section 10, e) and we will act as necessary to delete that information securely.
Without prejudice to the preceding paragraph, if you are under the age of 16, we will require the express consent of the holder of parental responsibility, for example, your parents or legal guardians. We shall take reasonable steps to verify as much as possible that consent is given or authorised by the holder of parental responsibility. - Governing law and jurisdiction
This Privacy Policy, as well as the processing of personal data by the Company, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th. April 2016 (“GDPR”) and the applicable laws and regulations in Portugal.
Any disputes arising from the validity, interpretation or execution of the Privacy Policy, or which are related to the collection, processing or transmission of your data must be submitted exclusively to the jurisdiction of the district court of the Company´s head office, without prejudice to the applicable mandatory legal rules. - Changes and updates to the Privacy Policy
This Privacy Policy may be updated to reflect changes in our practices or legal requirements. The latest version will be available on our website. - Contact us
Should you have any questions regarding the processing of your personal data and the exercise of your rights under the applicable legislation and, in particular those referred to in this Privacy Policy, please feel free to contact us at https://www.thegang.io/contact
- Additional privacy information for California residents
Last updated: 19th. August 2024