Privacy Policy
This Privacy Policy has been published on 2023-03-22
PRIVACY POLICY
We understand the importance of protection of your personal data, therefore we collect and process only your data that is connected to our services. We process your personal data lawfully, transparently, and fairly, for the pre-determined purposes and only to the extent necessary to achieve those purposes. When we process your personal data, we make every effort to ensure that they are accurate, secure, confidential, properly stored and protected.
When processing your personal data, we comply with the requirements of the Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”).
1. WHAT IS THIS DOCUMENT?
1.1. This Privacy Policy (the “Privacy Policy”) informs you of our policies regarding the collection, use and disclosure of data when you visit or make a purchase from merchantsofrund.com. The Privacy Policy applies to every person who visits the Website, as well as to any actions you may take on the Websites.
1.2. Please read this Privacy Policy carefully to find out how we process your personal data, where we get them from and what your rights as a data subject are.
1.3. The term "personal data" as used in this Privacy Policy means any information which could be used to identify you directly or indirectly.
2. WHO ARE WE?
2.1. The Website is managed and administered by TaleWorlds Entertainment Europe, UAB (company code 304459228, registered at Malūnų str. 6B-8, LT-01200 Vilnius, Lithuania).
2.2. We are a controller of your personal data.
3. WHAT PERSONAL DATA WE PROCESS AND FOR WHAT PURPOSES?
3.1. We process your personal data for the following purposes:
3.1.1. to make and cary out agreements with natural persons. When you make a purchase on our Website, we enter into an agreement with you for the performance of which the processing of the following personal data is necessary:
|
Personal data categories |
First name, last name, address, email adress |
|
Legal basis for processing the personal data |
Processing is necessary for the performance of a contract (Article 6 1(b) of GDPR). |
|
Time limit for processing of the personal data |
Your personal data is processed for 10 (ten) years after the agreement expires. |
|
We receive the personal data from |
You |
|
We provide or transfer the personal data to |
Third party service providers whose services we normally use for data storage, website hosting purposes and other technical services. |
3.1.2. to deliver orders. For the delivery of your orders, we process the following personal data:
|
Personal data categories |
First name, last name, phone number, email address, address |
|
Legal basis for processing the personal data |
Processing is necessary for the performance of a contract (Article 6 1(b) of GDPR). |
|
Time limit for processing of the personal data |
Your personal data is processed for 10 (ten) years after the agreement expires. |
|
We receive the personal data from |
You. |
|
We provide or transfer the personal data to |
Courier, delivery, postal service providers. |
3.1.3. to make refunds. If you decide to return your order, we will process the following personal data:
|
Personal data categories |
First name, last name, bank account number, other details. |
|
Legal basis for processing the personal data |
Processing is necessary for legitimate interest to ensure quality of services (Article 6 1 (f) of GDPR). |
|
Time limit for processing of the personal data |
Your personal data is processed for 10 (ten) years after the refund. |
|
We receive the personal data from |
You. |
|
We provide or transfer the personal data to |
Payment service provider. |
3.1.4. to assure quality and communication. You provide us your personal data by writing to us info@merchantsofrund.com, submitting your feedback, complaints and inquiries. Personal data that are processed for this purpose:
|
Personal data categories |
First name, last name, phone number, email address, any personal data stated in inquiries. |
|
Legal basis for processing the personal data |
Processing is necessary for the performance of a contract (Article 6 1(b) of GDPR). |
|
Time limit for processing of the personal data |
Your personal data is processed for 1 (one) year after the inquiry is solved. |
|
We receive the personal data from |
You. |
|
We provide or transfer the personal data to |
Third party service providers whose services we normally use for data storage, website hosting purposes and other technical services. |
3.1.5. to make and cary out agreements with legal persons. If you are a representative of a legal person with whom we have entered into a contract, we may process your personal data below:
|
Personal data categories |
First name, last name, contact information, contents of correspondence, other details contained in the agreement |
|
Legal basis for processing the personal data |
Processing is necessary for the legitimate interest to pursue activities (Article 6 1 (f) of GDPR). |
|
Time limit for processing of the personal data |
Your personal data is processed for 10 (ten) years after the agreement expires. |
|
We receive the personal data from |
You. |
|
We provide or transfer the personal data to |
Third party service providers whose services we normally use for data storage, website hosting purposes and other technical services. |
3.1.6. to send you direct marketing information. In some cases, we may send you direct marketing communications (newsletters, surveys, or other information about the goods and services we offer). For the purpose of sending such communications, we will process the following personal data.
|
Personal data categories |
First name, last name, e-mail address, phone number. |
|
Legal basis for processing the personal data |
Your consent (Article 6 1(a) of GDPR) or legitimate interest to offer similar goods or services to clients (Article 6 1 (f) of GDPR). |
|
Time limit for processing of the personal data |
Your personal data is processed for 2 (two) years after the consent is given or 2 (two) years after the goods have been purchased. |
|
We receive the personal data from |
You. |
|
We provide or transfer the personal data to |
Third party service providers whose services we normally use for newsletters sending solutions. |
3.2. We may also use the information we collect in aggregate or otherwise anonymized form, i.e. the information that does not identify you or any specific person. We may use this general data for research, development, marketing, analytics.
3.3. We do not collect or process your specific categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as health data or data about your sexual life and sexual orientation. Therefore, please do not provide this personal data to us by e-mail, telephone or in any other way.
4. TO WHOM DO WE PROVIDE YOUR PERSONAL DATA?
4.1. We guarantee that your personal data will not be sold, provided or otherwise transferred to third parties without a legitimate basis, as well as used for purposes other than those for which they were collected. We will not transfer your personal data in any way other than in accordance with this Privacy Policy or applicable law. However, we reserve the right to provide information about you if we were required to do so by law or if required to do so by law enforcement authorities or prosecuting authorities or seeking to protect our rights or interests (including the case when your personal data is transferred to others for debt recovery purposes).
4.2. We may transfer your personal data to companies that help us operate, i.e. data processors. From such data processors, we require that your data be processed only in accordance with the instructions given by us and the applicable data protection legislation. We enter into agreements with these data processors that oblige the parties to adhere strictly to the personal data protection requirements.
4.3. We may disclose the personal data we collect about you to the following third parties:
a) the partners;
b) third party service providers whose services we normally use for data storage, website hosting purposes and other technical services or service providers as debt administration/collection companies or companies providing archiving services, also to legal/marketing service providers. In some cases, your data may be transferred to the third countries where other personal data protection regulations may apply. We have taken appropriate safeguards (e.g. Model Contract Clauses) to ensure that your personal data remains protected, and we require that our third-party service providers and partners also have appropriate safeguards in place.
5. HOW AND WHERE DO WE STORE YOUR PERSONAL DATA?
5.1. The personal data we collect from you will be located within the European Economic Area (EEA) but may be transferred or stored outside the EEA. Personal data may also be handled by our own or our suppliers' staff working outside the EEA. When transferring your personal data outside the EEA, we will take all necessary steps to ensure that your personal data is processed securely and in accordance with this Privacy Policy, we will do this by ensuring necessary measures and safeguards, including Model Contract Clauses.
5.2. The security of your information is important to us. We have a team dedicated to protecting your information and have put in place physical, electronic, and procedural safeguards. These measures include limiting access, using encryption, testing for vulnerabilities, advanced malware detection, employing pseudonymization and anonymization techniques, and more.
5.3. Unfortunately, the transmission of information over the internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the complete security of it. Therefore, please be informed that you provide us with information at your own risk.
5.4. Should unlikely circumstances arise and we become aware of a personal data breach that could seriously jeopardize your rights or freedoms, we will notify you immediately as soon as we become aware of it and determine what information has been accessed.
6. HOW LONG DO WE STORE YOUR PERSONAL DATA?
6.1. We store your personal data for no longer than required by the purposes of the processing or as required by law if it provides a longer storage period. Section 3 of the Privacy Policy specifies the terms of storage of your personal data separately for each purpose of use of personal data.
7. WHAT RIGHTS DO YOU HAVE?
7.1. When processing the personal data, we ensure your rights in accordance with the GDPR. As a personal data subject, you have the following rights:
a) to know (be informed) about the processing of your personal data;
b) to access your personal data that we process;
c) to request the correction or supplementation of incorrect, inaccurate, incomplete personal data;
d) to require the destruction of your personal data when they are no longer needed for the purposes for which they were collected;
e) to demand the destruction of personal data if they are processed unlawfully or if you withdraw your consent to the processing of personal data or do not give such consent, which is necessary;
f) to object to the processing of personal data or to withdraw prior consent;
g) to demand the suspension (other than storage) of your personal data processing in the event of a dispute or verification of the lawfulness of the processing, the accuracy of the data, as well as in cases when we no longer need your personal data but you do not want us to destroy them;
h) to require the submission, if technically possible, of your personal data collected with your consent or for the purposes of the performance of the agreement in an easy-to-read format or request their transfer to another controller.
7.2. We will endeavor to guarantee the exercise of your rights as a personal data subject and to create all conditions for the effective exercise of these rights, but we reserve the right not to comply with your requirements when it is required by the relevant legal grounds. If we refuse to comply with your request, we will clearly state the grounds for such refusal.
7.3. You can submit requests related to the exercise of your rights to us in person, by post or by electronic means. Upon receipt of your request, we may ask you to provide proof of identity, as well as any additional information we require regarding your request.
7.4. Upon receipt of your request, we will respond to you no later than within 30 calendar days from the receipt of your request and the date of submission of all documents required for the response. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
7.5. If we refuse to comply with your request, we will clearly state the grounds and reasons for such refusal.
7.6. If you do not agree with our actions or the response to your request, you may appeal against our actions and decisions to the competent public authority.
8. TO WHOM CAN YOU MAKE A COMPLAINT?
8.1. If you wish to make a complaint about our processing of your personal data, please provide it in writing, providing as much information as possible, using the contact details indicated at the end of this Privacy Policy. We will immediately try to resolve any issues.
8.2. If you consider that the collection and processing of personal information relating to you infringes the GDPR and yours rights, you have the right to lodge a complaint with the State Data Protection Inspectorate (www.vdai.lrv.lt) or a supervisory authority in another Member State of the European Union in which you have habitual residence or place of work (list of supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_lt#member-lt ), or to apply to the court. Although, above all, we seek to resolve all disputes with you promptly and amicably.
9. HOW WILL WE CHANGE THIS PRIVACY POLICY?
9.1. We will continue to update our policies and practices as needed. We will notify you of any changes to our Privacy Policy by posting any changes here. If we do, you'll see that the date at the top of this Privacy Policy has changed.
10. HOW TO CONTACT US?
10.1. Please send all documents related to this Privacy Policy or contact us at the following contacts:
UAB “TaleWorlds Entertainment Europe”
Company code: 30445922
Registered at Malūnų str. 6B-8, LT-01200 Vilnius, Lithuania
Email: info@merchantsofrund.com