Data controller with regard to personal data processed under this Policy is Direct Cursus Technology L.L.C (“Direct Cursus”).
Postal address: UAE, Dubai, Al Barsha First, AL KHAIMAH BUILDING II, office No. 3F-78.
2. Categories of processed personal data
The table below sets out the categories of personal data Service collects and processes. Service collects personal data only from the data subjects themselves.
|Users of the Service||User data required to create an account on Playhop website|
Personal data that we need to create your account at the Service. This includes:
In addition to this, when you use the Service or interact with Service, you may choose to provide us certain personal data about yourself. In particular, this is the case when you contact Service team on various matters or subscribe to informational or promotional materials about the Service. To do so, we may collect information about your name, age, and contact details. Please note that this does not require registration of the account.
If you decide to play games available on the Service, we may need to receive certain additional information about you. This may include:
3. Purposes and legal bases for the processing
We process your personal data only when we have one of the legal bases mentioned below:
3.1. Performance of the Agreement. We may process your personal data in order to provide you the Service under the Agreement.
3.2. Legitimate Interest. We may process your personal data when we (or a third party) have an interest in using your personal data in a certain way, which is necessary and justified in light of the possible risks.
3.3. Consent. Where required by applicable laws, we will process your personal data based on your consent.
3.4. Legal Obligations. When we must process your personal data to comply with applicable laws.
3.5. Other. We can also process your personal data to exercise our legal rights or on the other legal bases provided by applicable law.
The table below sets out:
- Service’s purpose for processing your personal data;
- Service’s legal basis for each purpose under applicable law;
- categories of personal data which Service uses for each purpose.
|Purpose for processing Your data||Legal basis||Categories of personal data used for the purpose|
|To provide the Service||Agreement||User data, Player data, Automatically collected information.|
|To improve the Service||Legitimate interest||User data, Player data, Automatically collected information|
|To proceed payments of Players||Agreement||Player data|
|To market, promote, and advertise the Service||Consent, legitimate interest||User data, Player data, Automatically collected information|
|To comply with legal obligations and law enforcement requests||Legal obligation, legitimate interest||User data, Player data, Automatically collected information|
|To establish, exercise, or defend legal claims||Legitimate interest||User data, Player data, Automatically collected information|
|To detect and prevent fraud||Legitimate interest||User data, Player data, Automatically collected information|
|To provide security||Legitimate interest||User data, Player data, Automatically collected information|
|To conduct research, contests, surveys||Agreement, Legitimate interest, Consent||User data, Player data, Automatically collected information|
4. Recipients and sources of personal data
4.1. We disclose certain personal data to the following recipients to the extent required or permitted by applicable law and/or based on their legitimate and reasonable requests:
- affiliate entities of Direct Cursus which are a part of the same group of companies;
- payment services providers;
- partners providing sales and marketing services;
- partners assisting us in gathering statistical and aggregated information about how Users and Players interact with the Service;
- various state and municipal authorities if strictly required to respond to their legitimate formal inquiries;
- their legitimate formal inquiries; other third parties when it is required for compliance with applicable laws.
4.2. Direct Cursus collects personal data from the Users and Players and visitors of Direct Cursus’s website themselves. We can also get personal data from social networks or Xsolla Login if Users and Players choose to register and/or authorize on the Service using the functionality of the relevant social network or Xsolla Login.
5. Transfers to third countries
We may transfer personal data to third countries, including those that do not provide the same level of data protection as in the country of your residence. When doing so, we ensure implementation of security measures aimed at protection of your personal data in an appropriate manner. In particular, when provision of the Service is subject to the GDPR and implies performance of the restricted data transfer, we rely on the standard contractual clauses issued by the European Commission.
6. Storage periods
7. Basic rights of data subjects
Please see your rights and their descriptions in this table. Please note that you can realize these rights if it is provided by the law applicable to relations between Direct Cursus and you.
|Access||You can ask us to confirm whether or not we process your personal data. If so, you can access these personal data and ask us to explain certain details of the processing.|
|Rectification||You can ask us to correct inaccurate personal data concerning you. If it complies with the purposes of the processing, you can ask us to rectify incomplete or inaccurate personal data.|
|Erasure (“right to be forgotten”)||You can ask us to erase personal data concerning you under applicable law. For example, this applies if (1) the personal data are no longer necessary in relation to the purposes for which they were processed; (2) you withdraw consent to the processing and there is no other legal ground for the processing; (3) the personal data have been unlawfully processed.|
|Restriction on processing||You can ask us to mark the stored personal data with the aim to limit their processing in the future under applicable law. This applies if (1) you contest the accuracy of the personal data; (2) you ask to restrict the use of the personal data when their processing is unlawful; (3) you need personal data to protect your rights when Service no longer needs the personal data; (4) you have objected the processing based on the legitimate interests pursued by us or by a third party.|
|Objection to processing (if provided to the data subject under applicable laws)||You can object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the legitimate interests pursued by Service or by a third party. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms establishment, exercise or defense of legal claims.|
|Portability (if provided to the data subject under applicable laws)||When the processing is based on your consent or on the agreement with you, you can receive personal data, which you have provided to Service, in a structured, commonly used and machine-readable format and can freely transmit those data to another controller. Where technically feasible, the data subject can also ask Service to transmit the personal data directly to another controller.|
8. Withdrawal of consent
9. Right to lodge a complaint with a supervisory authority
When Article 77 of the GDPR (or the relevant provision of other applicable laws) applies, you have the right to lodge a complaint with a supervisory authority in the area of data protection in the country of your residence.
We use "cookies" to help personalize and optimize your online experience and time online, including for general improvement of the Service. A cookie is a small file placed on your device. Cookies store bits of information that we use to help make our Service work and enable us to personalize your experience in line with your settings. They can’t run any code and don’t contain viruses.
We use the following types of cookies:
Technical (strictly necessary) cookies: These cookies are necessary for the website/app to function and cannot be switched off in our systems. They are usually only set in response to actions made by visitors which amount to a request for services, such as setting privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but this may cause parts of the site/app to not work properly. These cookies do not store any personal data.
Marketing cookies: Marketing cookies are necessary to track visitors across the website/app and display ads that are relevant.
Analytical cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site/app. They help us to know which pages are the most and least popular and see how visitors move around the site/app. If these cookies are disabled, we will not know when a user like yourself has visited our site/app or be able to monitor the site’s/app's performance.
Most browsers allow you to control cookies through their setting preferences. Limiting the ability of websites to set cookies, however, may deteriorate the overall user experience or deactivate features that you wished to utilize.
11. Children’s privacy
STATE/COUNTRY SPECIFIC PRIVACY POLICIES AND NOTIFICATIONS.
Privacy Information for California Residents
Personal Information Collected over the last 12 Months
Categories of Personal Information Sold in the last 12 months
We do not sell your personal information to third parties.
Categories of Personal Information Disclosed over the last 12 months
Information we sell
We do not sell your personal information to third parties. Please note that “sale” of personal information does not include those instances when such information is part of a merger, acquisition, or other transaction involving all or part of our business. If we sell all or part of our business, make a sale or transfer of assets, or are otherwise involved in a merger or other business transaction, we may transfer your personal information to a third party as part of that transaction. If such transaction materially affects the manner in which your personal information is processed, we will notify you of such change prior to its implementation.
Your California Privacy Rights
We have in place policies and procedures to facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, you may be entitled to the following:
Right to Access: to have access to your personal information upon simple request – that is, you may receive a copy of such information upon receipt of a verifiable request, along with other information related to the collection or processing.
Disclosure of Direct Marketers: to have access upon simple request, and free of charge, the categories and names/addresses of third parties that have received personal information for direct marketing purposes.
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information: upon receipt of a verifiable request, you may obtain a list of:
- the specific pieces of your personal information Service holds;
- the categories of personal information collected about you, sold to third parties, or disclosed to third parties for business purposes;
- the categories of personal information sold within the last 12 months;
- the categories of sources from which personal information is collected;
- the business or commercial purpose for collecting or selling personal information;
- the categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.
Right to Opt-Out of the Sale of Personal Information: California residents have the right to opt-out of the sale of their personal information under certain circumstances.
Right to Deletion: to obtain the deletion of your personal information in the situations set forth by applicable data protection law and upon receipt of a verifiable request.
Right to Non-Discrimination: as defined under relevant law, you have a right to non- discrimination in the services or quality of services you receive from us for exercising your rights.
Submitting a Verifiable Request under the CCPA
As mentioned above, California residents have certain rights to access, delete, or otherwise exercise rights regarding their personal information under the California Consumer Privacy Act of 2018 (“CCPA”). Service will respond to an individual’s “verifiable request” to exercise his or her rights under the CCPA – that is, where Service has received a request purporting to be from a particular individual, and Service has been able to verify the individual’s identity. The need to verify an individual’s identity is critical to protecting your information, and to ensuring that your information is not shared with anyone pretending to be you or someone who is not authorized to act on your behalf.
Submitting a request through an authorized agent. Under California law a California resident can appoint an “authorized agent” to make certain verifiable requests upon their behalf, such as the right to know what information we collect about the consumer or to request deletion of the consumer’s information. An authorized agent may submit a request by following the steps outlined above. An authorized agent must identify the consumer he or she is submitting a request on behalf of, and provide the information requested by Service to verify the consumer’s identity. We will also require the purported authorized agent to submit proof that he or she has been authorized by the consumer to act on the consumer’s behalf.
Because the security and privacy of your information is paramount, we will ask that you identify and provide permission in writing for such persons to act as your authorized agent and exercise your applicable rights under California law in such situations. This may require us to contact you directly and alert you that an individual has claimed to be your agent and is attempting to access or delete your information. We will also independently verify your identity to ensure that an unauthorized person is not attempting to impersonate you and exercise your rights without authorization. We will not share your information or honor any other requests in those situations where you cannot or do not grant permission in writing for an identified authorized agent to act on your behalf, or where we cannot independently verify your identity.
Submitting a Request for Removal of Minor Information
To request the removal of information about a minor from this site, parents or guardians may submit a request with the subject line “Removal of Minor Information”. Such requests must come from the minor’s parents or guardian; minors may not submit information to Your submission should include the following information:
- the nature of your request;
- the identity of the content or information to be removed;
- whether such content or information is found on the Service;
- the location on content or information on the Service (e.g., providing the URL for the specific web page the content or information is found on);
- that the request is related to the “Removal of Minor Information”;
- your name, street address, city, state, zip code, and e-mail address.
Pursuant to 47 U.S.C. Section 230(d), Service hereby notifies you that parental control protections (such as computer hardware, software, or filtering services) are commercially available that may assist in limiting access to material that is harmful to minors. Information regarding providers of such protections may be found on the Internet by searching “parental control protection” or similar terms.
Our Policy on “Do Not Track” Signals under the California Online Protection Act
We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the “Preferences” or “Settings” page of your web browser.
Third parties may collect data that relates to you. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
How to Contact Us/Submit a CCPA Inquiry
Date of publication: 01.09.2023