I. General information
- Data controller – Pinewood Estonia OÜ with its registered office in Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 5, 11415, Estonia entered in the Register of Entrepreneurs of the Ministry of Justice of Republic of Estonia, with number: 14814864, share capital: 2,500 EUR, fully paid-in (the “Controller” or “we”) is the owner and the administrator of services “BitBay” available for the users (“Users” or “you”), provided at a given time by Controller and/or its affiliates – entities related to the Controller economically and/or personally (the “Affiliates”) and available to you on the "as is" basis (collectively referred here as “Services”).
- We process your personal data in accordance to the binding law, especially to Regulation 2016/679 of the European Parliament and the European Council from April 27, 2016 on the protection of individuals with regard to the processing of personal data and free movement of such data, as well as repealing Directive 95/46/WE (general regulation on data protection) (the “GDPR”) and other relevant binding provisions of law.
II. Personal Data
- We may obtain your Personal Data from you directly (especially through the websites and/or online forms); and/or from third parties, service providers that are assisting us in providing you with a Services.
- We may collect the following categories of Personal Data:
- vontact, registration and verification information such as name, surname, nickname, email, address and other information that are necessary to identify you and to prevent using your account by unauthorized parties;
- data about your account (we may create a specific ID for you when you use the Services);
- your IP address and unique mobile device identification numbers (such as your device ID, advertising ID, MAC address);
- data about your device, such as manufacturer, operating system, CPU, RAM, browser type and language;
- broad location data (e.g. country or city-level location);
- precise geolocation data (GPS, with your consent);
- data we collect with cookies and similar technologies;
- data (such as your nickname, profile picture) we receive if you link a third-party tool with the Service (such as Facebook, Google or Weibo);
- details of orders (amount spent, date, time, vouchers or offers used);
- data to fight fraud and data required by anti-money-laundering provisions;
- payment data (such as to verify payment);
- data for advertising and analytics purposes, so we can provide you a better Service;
- your messages to the Services (such as chat logs and player support tickets) any feedback you submitted about your experience with us; and/or
- other data you choose to give us.
- Provision of Personal Data in a scope indicated by the Controller for particular purposes specified, is voluntary but may be necessary to use the Services.
III. Purposes and legal grounds
- Personal Data may be processed for the following purposes, on the following legal grounds:
|Provision of the Services, especially registration, logging and using the Services and security of the Services, especially preventing cyber attacks||Article 6 p. 1 (b) of GDPR (processing for the purpose of performance of a contract)|
|Statistical measurements||Article 6 p. 1 (b) of GDPR (processing for the purpose of performance of a contract) or, if such measurements are not necessary for the purpose of contract performance - Article 6 p. 1 (f) of GDPR (legitimate interests pursued by the controller)|
|Our own marketing, such as online marketing, especially retargeting||Article 6 p. 1 (f) of GDPR (legitimate interests pursued by the controller)|
|Newsletters||Article 6 p. 1 (f) of GDPR (legitimate interests pursued by the controller)|
|External marketing (marketing of third parties)||Article 6 p. 1 (a) (consent of the data subject)|
|Tax, accounting, fraud, anti-money-laundering and other purposes necessary for compliance with legal obligations of the controller.||Article 6 p. 1 (c): (processing is necessary to comply with a legal obligation which the controller is a subject of)|
- Categories of recipients: processors acting on our behalf such as service providers, marketing, PR and HR agencies and relevant Affiliates, or other controllers (when justified), enabling/ improving the Services such as relevant Affiliates, payment agents, banks or other financial institutions.
- We may feature advertising within our Services. The advertisers may collect and use information about you, such as your Service session activity, device identifier and IP address. They may use this information to provide advertisements of interest to you. In addition, you may see our Services advertised in other services.
- Our partners are based mainly in the countries of the European Economic Area (EEA). Some of our partners may be located outside the EEA. In connection to the transfer of your data outside the EEA, we verify whether the partners provide a guarantee of a high level of protection of Personal Data. These guarantees arise in particular from the obligation to use standard contractual clauses adopted by the Commission (EU). You have the right to request us to provide copies of standard contractual clauses by sending us a relevant request.
- We only process Personal Data for as long as it is necessary, especially in relation to the Services and/or handling complaints. When the purpose of the data processing has been fulfilled, your Personal Data will be deleted in accordance with our data retention policy, unless we are legally required to retain it. In relation to the legal grounds of processing as mentioned above, Personal Data may be stored for the following periods of time:
- in the event when data are necessary for the performance of the contract, for the duration of the contract and until the expiration of the claims resulting from this contract;
- if the basis for data processing is the legitimate interest of the controller, until you file an effective objection;
- for tax, accounting, anti-money-laundering purposes, to the extent and for a period of time compliant with the applicable law;
- if Personal Data are being processed based on the consent you gave - to the moment of withdrawal, restriction or other action on your part restricting such consent.
VI. Your Rights
- Your responsibility is to ensure that all Personal Data submitted to us are correct. We may maintain the accuracy and completeness of Personal Data and keep the data up to date.
- To the extent required by the applicable law, you may have:
- right to access your Personal Data, including receiving a copy thereof;
- right of rectification of your Personal Data;
- right of erasure (only in cases foreseen by GDPR) of your Personal Data;
- right to object or restrict the processing of Personal Data;
- right to withdraw your consent - applicable to the situations when your Personal Data are processed based on your consent. Remember that withdrawal of your consent does not impact on lawfulness of processing before such withdrawal;
- right to Personal Data portability, i.e. to receive your Personal Data from us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided that the Personal Data are processed based on a consent or in order to perform the contract.
- To exercise the rights described above or in case of any questions in relation to Personal Data processing, you can use the following contact information:
- e-mail: [email protected]
- registered mail: Pinewood Estonia OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 5, 11415, Estonia.
- Your written request may be required for security reasons. We may decline the request, if there are reasonable grounds to believe that the request is fraudulent, unfeasible or may jeopardize privacy of others.
- If you think that the way we process your personal information does not comply with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority – Estonian Data Protection Inspectorate, 39 Tatari St., 10134 Tallinn , Estonia.
VIII. Age Policy
- Our Services are not directed to people younger than eighteen (18) years of age. We do not intend to collect personal data from such people. If you are under 18, please do not use the Services and do not send any information about yourself to us. In the event that we learn that we have collected personal information from a person under age 18, we will delete that data as quickly as possible.