PRIVACY POLICY

 

This Privacy Policy describes the manner in which Krzysztof Danilewicz Whitemoon System, based in Wrocław, S. Szolc-Rogozińskiego St. No. 22, 53-209 Wrocław (hereinafter: Controller or we), handles personal information, including personal data, when you use the Controller's services. This also applies to information provided when using the Controller's websites www.brokenranks.com and www.taern.pl (hereinafter: Portal).

Personal data collected by the Controller is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).

THE FOLLOW DOCUMENT WILL PROVIDE YOU INFORMATION ABOUT:

I. WHO THE CONTROLLER OF YOUR DATA IS, WHO YOU CAN CONTACT, AND WHAT THE SOURCE OF YOUR DATA IS

II. THE SCOPE AND PURPOSE OF PERSONAL DATA PROCESSING

III. RECIPIENTS OF PERSONAL DATA

IV. THE TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

V. THE VOLUNTARINESS OF DATA TRANSFER

VI. THE RIGHTS OF DATA SUBJECTS

VII. CHANGES TO THE PRIVACY POLICY

VIII. ENTRY INTO FORCE OF THE PRIVACY POLICY

I. WHO THE CONTROLLER OF YOUR DATA IS, WHO YOU CAN CONTACT, AND WHAT THE SOURCE OF YOUR DATA IS

Who is the controller of your data?
The owner of the Portal and, at the same time, the controller of your personal data is Krzysztof Danilewicz conducting business activity under the name of Krzysztof Danilewicz Whitemoon System, based in Wrocław, S. Szolc-Rogozińskiego Street No. 22, 53-209 Wrocław, registered in the Central Register and Information on Business Activity under NIP: 8971695262, REGON: 020740661. The Controller can be contacted via the e-mail address: ido@whitemoon.com.

What is the source of your data? Where do we obtain your data?
We obtain the personal data we process directly from you.

II. SCOPE AND PURPOSES OF PERSONAL DATA PROCESSING

The scope of the collected and processed data depends on the activity undertaken by the Controller or you - the User. Your data is processed by the Controller for the following purposes:

1. Processing activities/operations

a) Conclusion and execution of the contract - registration and use of the account.

What kind of data do we collect?

- During registration: e-mail address, IP address, MAC address, date and time of account creation, user_id,

- each time a character logs in: IP address, MAC address, date, time and country of logging in and out, last logged in character on a given device,

- when deleting a character: IP address, user_id, character name, URL,

- handling the payment process: transaction number, amount, character name.

For what purpose do we collect your data?

The Controller processes your personal data provided at registration for the purpose of concluding and executing the contract, which in practice means enabling you to register an account and use its functionalities.

How long do we keep your data?

- We keep your data for the entire period of the existence of your account, and thereafter until the expiration of the statute of limitations for claims, which is generally 6 years after the deletion of your account.

What is the legal basis for processing your data?

- Article 6(1)(b) of GDPR - because the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract, and,

- article 6(1)(f) of GDPR - the basis for processing is the legitimate interest of the Controller in the form of proper execution of cooperation with the User and ensuring the possibility of pursuing claims and defending against claims.

Is the provision of data voluntary?

- Provision of such data is voluntary, however, refusal to provide such data prevents account registration. The same applies to the use of the account, i.e. logging into the account, logging into the character, deleting the character or handling the payment process. Providing the data is voluntary, but refusal to do so prevents the use of certain functionalities.
 

b) Ensuring the security of your account.

What kind of data do we collect?

- In each case: your logs (including login dates), IP address, MAC address, information on a previously logged-in character from your device,

- in case you agree to apply additional security to your account: every time you log in, we collect your IP address, MAC address, date and time of login, browser type and version, operating system.

For what purpose do we collect your data?

- The Controller processes your personal data to ensure the security of your account. To ensure an adequate level of security, the Controller performs activities to ensure the security of the service and to verify compliance with the Terms and Conditions. If you agree, the Controller may take additional measures to ensure an increased level of security of your account. The Controller will then also process your data while applying additional security measures to your account.

How long do we keep your data?

- We keep your data for the duration of the contract and thereafter until the expiration of the statute of limitations for claims, which is generally 6 years from the end of the year in which you deleted your account. If you have consented to the application of additional safeguards, we process your data until you withdraw that consent, but no longer than for 6 years from the end of the year in which you deleted your account.

What is the legal basis for processing your data?

- article 6(1)(f) of GDPR- the basis for data processing is the legitimate interest of the Controller in the form of proper execution of cooperation with the User and ensuring the possibility of pursuing claims and defending against claims, and,

- article 6(1)(a) of GDPR- when you consent to the application of additional safeguards.

Is the provision of data voluntary?

- To ensure the security of your account, the Controller collects your data. Refusal to provide them prevents you from using your account.

 

c) Implementation of the changes you make and termination of your account.

What kind of data do we collect?

- When changing your email address and deactivating your account: e-mail address,

- when you block your own account: user_id, IP address of the operation, date of the blocking order.

For what purpose do we collect your data?

- In the event that you change your email address and block your own account, your data is collected in order to properly provide services and ensure adequate security for Users and the service. In the case of account deactivation, your data is collected for the purpose of this process.

How long do we keep your data?

- We keep your data for the duration of the contract and thereafter until the expiration of the statute of limitations for claims, which is generally 6 years from the end of the year in which you deleted your account.

What is the legal basis for processing your data?

- Article 6(1)(b) of GDPR- because the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract, and,

- article 6(1)(f) of GDPR- the basis for processing is the legitimate interest of the Controller in the form of proper execution of cooperation with the User and ensuring the possibility to assert and defend against claims.

Is the provision of data voluntary?

- In order to carry out the modifications you make, i.e. to change your email address, to block your own account, to deactivate your account, and to terminate the use of your account, you must provide your data. Providing your data is voluntary, but refusal to do so will prevent the implementation of the modifications you make.

 

d) Claims handling.

What kind of data do we collect?

- email address, IP address, MAC address, user_id and other data necessary to handle the complaint.

For what purpose do we collect your data?

- The Controller may process your personal data provided at registration for the purpose of handling complaints submitted by you.

How long do we keep your data?

- We keep your data for the duration of the contract and thereafter until the expiration of the statute of limitations for claims, which is generally 6 years from the end of the year in which you deleted your account.

What is the legal basis for processing your data?

- Article 6(1)(b) of GDPR- because the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract, and,

- article 6(1)(f) of GDPR - the basis for processing is the legitimate interest of the Controller in the form of proper execution of cooperation with the User and ensuring the possibility to assert and defend against claims.

Is the provision of data voluntary?

- In order to handle the complaints submitted by you, the Controller collects your data provided at registration. Providing the data is voluntary, but refusal to provide it will make it impossible to handle the complaints you submit.

 

e) Marketing activities.

What kind of data do we collect?

- Name, surname, address, e-mail address, telephone number.

For what purpose do we collect your data?

- The Controller may process your personal data in order to conduct marketing activities, in particular to send emails with information describing the most important updates to the game. In order for the Controller to undertake such activities, the data subject must consent to the processing of their personal data. Your consent is voluntary, and you can withdraw it through the player panel.

How long do we keep your data?

- We store your data until you withdraw your consent to do so or until you delete your account, whichever occurs first.

What is the legal basis for processing your data?

- Article 6(1)(a) of GDPR - the data subject has consented to the processing of his/her personal data.

Is the provision of data voluntary?

- In order to conduct marketing activities, the Controller collects your data. Your consent to their processing is voluntary, and refusal will not affect your ability to register an account or use its functionality.

 

f) Fulfilling the Controller's legal obligations and ensuring accountability.

What kind of data do we collect?

- Data necessary to comply with legal obligations incumbent on us and to ensure accountability, i.e. to prove compliance with the regulations on the processing of personal data.

For what purpose do we collect your data?

- The Controller may process your personal data provided at registration in order to fulfill a legal obligation (Article 6(1)(c) of GDPR). In practice, this means that personal data must be processed in connection with the fulfillment of legal obligations, in particular obligations under the Law on Provision of Electronic Services.

How long do we keep your data?

- We will store your data for the duration of the processing required by law. If it is necessary to provide data in connection with ongoing proceedings, we will store your data until the legal conclusion of the proceedings. With regard to accountability, we will retain your data for as long as is necessary to document compliance with legal requirements and enable inspection by authorized public authorities.

What is the legal basis for processing your data?

- Article 6(1)(c) of GDPR - because it is necessary to fulfill a legal obligation of the Controller, and,

- article 6(1)(f) of GDPR - the basis for data processing is the legitimate interest of the Controller in the form of proper execution of cooperation with the User and ensuring the possibility of asserting and defending against claims.

Is the provision of data voluntary?

- The Controller collects your personal data provided at registration in order to fulfill its legal obligation. Provision of this data is voluntary, however, refusal to provide such data prevents account registration.

 

g) Pursuing and defending against claims.

What kind of data do we collect?

- Data to the extent necessary to pursue and defend against claims.

For what purpose do we collect your data?

- In the event of a violation of the Terms and Conditions, the Controller may pursue claims against you, including, but not limited to, damages. If you direct claims against the Controller, the Controller will process your personal data in order to defend against such claims.

How long do we keep your data?

- We keep your data until the pursued claim is enforced or the statute of limitations has expired, whichever occurs first.

What is the legal basis for processing your data?

- Article 6(1)(f) of GDPR - the basis for data processing is the legitimate interest of the Controller in the form of proper execution of cooperation with the User and ensuring the possibility of pursuing claims and defending against claims.

Is the provision of data voluntary?

- Provision of this data is voluntary, however, refusal to provide it prevents registration of the account.

 

h) Website operations.

What kind of data do we collect?

- Personal data collected through necessary cookies.

For what purpose do we collect your data?

- Your data is collected to ensure the proper operation of the website.

How long do we keep your data?

- We store your personal information collected through cookies of our own until you log out of your Portal Account, close the Portal website or turn off your web browser. If you consent to the installation of third-party cookies, these third parties will store the information collected through cookies for the periods indicated in the Cookies Policy, unless you first delete the cookies yourself from your browser.

What is the legal basis for processing your data?

- Article 6(1)(a) of GDPR - the basis for processing personal data (in the case of non-essential cookies) is your consent,

- article 6(1)(f) of GDPR - the basis for data processing is the Controller's legitimate interest in ensuring proper operation of the website.

Is the provision of data voluntary?

- To ensure the proper functioning of the website, the Controller uses the necessary cookies, which may involve the processing of your personal data. Provision of this data is voluntary, however, refusal to provide it will prevent you from using the site.

 

Display of advertisements - based on Article 6(1)(f) of GDPR

 

Among other things, the Controller uses cookies to help advertisers and publishers display and manage ads on this and other partner websites. Ads may be displayed based on interests linked to information about online activity that does not identify you. Such information includes, but is not limited to, data about the content you view. Ads may also be displayed based on previous activity on a particular advertiser's site. This non-personally identifiable information is stored separately from User Account data and other personally identifiable information held by the Controller.

            Our website also uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter referred to as "Google"), while we do not process your personal data in the course of using this tool. Google Analytics collects cookies representing information about your web page views and your system profile (including your IP address). This information is transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your use of the website, to create reports on website traffic for website operators and to provide other services related to website traffic and Internet use. Users' IP addresses are not combined with any other data held by Google. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. Google will not combine your IP address with any other data stored by Google. You can block the use of cookies by selecting the appropriate settings in your browser, but if you do so, some of the functions may not be available.

            For detailed information about the Controller's use of cookies, see our Cookie Policy.

III. RECIPIENTS OF PERSONAL DATA

In connection with the processing of your personal data, the Controller may share your data with the following categories of entities:

1. entities providing IT services - in connection with maintaining the operation of the Portal;
2. entities responsible for providing cookies - see the Cookies Policy for details;
3. entities providing marketing services to the Controller - in case of consent to the Controller's marketing activities;
4. entities responsible for handling the payment process, entities providing legal services and authorized bodies.

IV. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

As a general rule, your data is not transferred to entities outside the European Economic Area. In the event that you accept cookies installed on the Portal site by third parties, data collected through these cookies may be transferred to third countries in accordance with the information provided in the Cookie Policy.

V. RIGHTS OF DATA SUBJECTS

As the Controller of your data, we provide you with the right to access your data, you can also rectify it, request its deletion or limit its processing. You can also exercise the right to object to the Controller against the processing of your data, and the right to data portability to another data controller. The right to exercise your rights depends on the legal basis for processing your personal data. If you wish to exercise any of these rights - please contact us via email at ido@whitemoon.com. If you want your data to be removed due to account deletion, please contact us directly through our support available at: 3d - https://support.brokenranks.com/ and 2d - https://support.taern.com/

 

If we process your data on the basis of consent, you may withdraw it at any time without affecting the lawfulness of the processing before withdrawal.

 

We would also like to inform you that you have the right to lodge a complaint to the authority overseeing compliance with data protection regulations (Prezes Urzędu Ochrony Danych Osobowych, 2 Stawki Street, 00-193 Warszawa, Poland).

VI. PRIVACY POLICY CHANGES

We cannot exclude the possibility that we may need to update our Privacy Policy in the future. The latest version will always be available on our website. In addition, we will notify you of any changes to the contents of the document, such as changes to the purpose for which we use your personal information, how you can contact us, or your rights.

VII. ENTRY INTO FORCE OF PRIVACY POLICY

The privacy policy is effective as of 20.03.2024.

 

COOKIES AND OTHER TRACKING TECHNOLOGIES

 

1. During the use of the website, the Service Provider (Krzysztof Danilewicz Whitemoon System, hereinafter: Whitemoon) installs cookies on the end device of the Service Recipient.

 

2. Cookies are IT data, in particular text files, which are stored on your end device and can be read either by Whitemoon's ICT system (own cookies) or by the ICT system of third parties (third-party cookies). Cookies usually contain the name of the website from which they come, the time they are stored on your end device, and a unique number.

 

3. The website uses two main types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on your end device until you log out of your Account on the website, close the website, or turn off your web browser. Persistent cookies are stored on your end device for the time specified in the parameters of the cookies or until you delete them.

 

4. Whitemoon uses necessary cookies for the proper operation of the website. If you give your consent, Whitemoon will also use analytical/performance cookies (we have described the details of the cookies used in Section 8 below).

 

5. When you first access the website, you will be presented with a message about the use of cookies. In the aforementioned message, you will be able to agree or disagree to the use of certain cookies. Agreeing to the installation of cookies other than those necessary for the proper operation of the website is voluntary. Once you have given your consent, you can always reverse your decision and change the cookie settings from the level of your browser, the website, or delete cookies altogether. Changing the settings of your browser or changing the settings on the website resulting in the withdrawal of your consent to the installation of cookies does not affect the legality of the processing of data collected through cookies before the withdrawal of the aforementioned consent.

 

6. Whitemoon informs that restrictions on the use of cookies may affect some of the functionality available on the website.

 

7. Comprehensive information on how to change the way cookies are stored or accessed is available in the settings of your web browser. Details for those using each of the most popular web browsers are available at the following links:

- Chrome: LINK

- FireFox: LINK

- Opera: LINK

- Internet Explorer: LINK

- Safari: LINK

 

8. We use the following cookies on our site:

 

a) necessary/functional cookies ─ cookies necessary for the operation of the Portal, enabling the use of services available on the Portal.

- cookielawinfo-checkbox-necessary - determines whether the user has accepted the checkbox regarding cookie files (expires after 1 year),

- cookielawinfo-checkbox-non-necessary - determines whether the user has accepted the checkbox regarding cookie files (expires after 1 year),

- PHPSESSID - retains the user's session state in all page requests (expires after session),

- _dc_gtm_UA-* - Google Analytics sets this cookie to load the Google Analytics script tag (expires after 1 minute),

- bwcms_session - a cookie responsible for verifying a user's access level to the website. (expires after session).

 

b) analytical/performance cookies ─ cookies that allow us to collect information about how you use the Service, which helps us understand how our Service is used or allows us to customize it.

- _ga - Google Analytics sets this cookie to calculate visitor, session, and campaign data and to track Site usage for the Site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors (expires after 1 year),

- _gat - used by Google Analytics to limit the number of requests (expires after 1 day),

- _gid - Google Analytics sets this cookie to store information about how visitors use the website while creating an analytics report on website performance. Some of the data collected includes the number of visitors, their source and the pages they visit anonymously (expires after 1 day),

- collect - is used to send data to Google Analytics about a visitor's device and behavior. It tracks the user across different devices and marketing channels (expires after session),

- td - records statistical data about user behavior on the site. Used for internal analysis by the site operator (expires after session),

- SRM_B - used by Microsoft Advertising as a unique identifier for visitors (expires after 1 year),

- CLID - Microsoft Clarity sets this cookie to store information about how visitors interact with the site. The cookie helps provide an analytics report. The data collected includes the number of visitors, where they visit the site from, and the pages they visit (expires after 1 year),

- _ga_* - Google Analytics sets this cookie to store and count page views (expires after 1 year),

- _fbp - Facebook sets this cookie to display ads on Facebook or a digital platform served by Facebook ads when you visit a website (expires after 3 months),

- _clck - Microsoft Clarity sets this cookie to retain the Clarity browser user ID and settings exclusively for this website. This ensures that actions taken on subsequent visits to the same website will be associated with the same user ID (expires after 1 year),

- _clsk - Microsoft Clarity sets this cookie to store and consolidate user views into a single session record (expires after 1 day),

- MR - this cookie, set by Bing, is used to collect information about users for analytics purposes (expires after 7 days),

- SM - Microsoft Clarity cookie sets this cookie to synchronize MUID across Microsoft domains (expires after session),

- _gcl_au - Google tag manager sets this cookie to study the effectiveness of ads on websites using its services (expires after 3 months).

 

c) advertising cookies - cookies that enable promotional activities, allows us to customize advertising to the user, and to measure the implemented advertising campaigns.

- _rdt_uuid - Reddit sets this cookie to create a profile of the user's interests and display relevant ads to the user (expires after 3 months),

- MUID - Bing sets this cookie to recognize the unique browsers of visitors to Microsoft sites. This cookie is used for advertising, site analytics and other operations (expires after 1 year),

- ANONCHK - The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify clicks on Bing search ads. The cookie also helps with reporting and personalization (expires after 10 minutes).

 

9. Information collected through cookies installed by Google LLC may be transferred to servers located in the USA, where they are then stored. The transfer of personal data to the USA has been secured by a decision of the European Commission regarding the transfer of data to the USA and through the relevant standard contractual clauses adopted by the European Commission.

 

10. You may withdraw your consent to the installation of cookies other than those necessary for the delivery of the electronically provided service at any time in the browser settings of the device you are using. Withdrawal of consent does not affect the legality of the processing of data collected through cookies before the withdrawal of the consent.

 

11. Cookies installed by Whitemoon or information collected through them may be considered personal data under certain circumstances. You can find information about the processing of your personal data in our Privacy Policy.

 

12. This cookie policy is effective as of 20.03.2024.

 

Previous versions of the document:

- effective until: 19.03.2024