Playtopia Privacy Policy

Processing of our players' and visitors' personal data

If you are a business customer or supplier, you can learn about how we process your personal data here: https://www.cego.dk/privacy-policy-for-businesses/.

CEGO A/S (hereinafter "we" or "us") process personal data about players or visitors at playtopia.com (hereinafter referred to as "you"). We will always process your personal data in a safe and confidential manner in accordance with applicable data protection legislation, and we have implemented appropriate measures to protect the data against the risks involved in the processing.

If you have any questions in relation to the processing of your personal data, if you want to exercise your rights as described below or if you want to complain or object to our processing then please do not hesitate to contact the responsible for our data protection policies at [email protected].

1. Purpose, types of personal data and legal basis for processing

We process ordinary personal data about you for the purpose of

• establishing, maintaining and terminating private customer relationships, including
• registering customers in relevant IT systems;
• managing payments, invoicing and bookkeeping;
• marketing CEGO's games;
• analysing customer game behaviour and improving games;
• customer service and support; and
• day-to-day communications;
• handling possible claims.

The personal data will normally be provided by you when you register an account with us, through your gaming activity, when you communicate with us, etc.

Our processing of your ordinary personal data is based on:

• Legitimate interests, when carrying out registering customers in IT systems, managing payments, invoicing and bookkeeping, customer service and support, customer care, day-to-day communications, marketing CEGO's games (including publishing username when winning prizes), optimisation of sales and marketing activities.
• Performance of contract, when carrying out registering customers in IT systems, managing payments, invoicing and bookkeeping, delivery of prizes to prize winners, publishing marketing material with pictures of the customer on social media and customer service and support.
• Legal obligation, when carrying out bookkeeping activities, including storage of relevant material according to the Danish Bookkeeping Act, reporting gift taxes to the Danish Tax Agency and handling claims (including transferring necessary information to payment service providers, law firms, auditors and debt collectors).

Affected data on user deletion:

Deleted:

• Supplied personal data (gender, partner status, birthday, IP, password, profile text)
• User option choices (f.ex. acceptance of campaign e-mails )
• User site data (f.ex. dates of acceptance of features)
• User visitations, both ways
• Group relations (internal system grouping for restrictions)
• Unsuccessful payments
• Uploaded pictures.
• Galleries including pictures and comments
• Guestbook entries received by deleted user
• User game activity and statistics, including achievements (Challenges, Badges)
• Game ratings and reviews
• User site gamification data (Experience, Tokens)
• Friend relations
• Favourite users relations
• Prize tickets
• Reportings on deleted user (f.ex. regarding bad behavior)
• Shared prizes claims
• Tournament statistics

Anonymized:

• Username (prevention of username takeover on new user creation)
• IP address can be blacklisted, but not traceable back to user
• User ID (user ID can be present in system logs and error reportings)
• Successful payments (for accountants)
• Messages (only partly owned by deleted user)
• Gifts (only partly owned by deleted user)
• Guestbook entries sent by deleted user (only partly owned by deleted user)
• Prize winnings (for accountants)
• Shared prizes activated by deleted user (receivers still has the claims)
• Tournament participations and placements (deleted user is represented as “deleted user”, this is for others to see who won or participating in tournaments)

  ---

2. Storage period

In general, your personal data will be stored as long as they are relevant for a potential, existing or former business relationship with you.

Personal data contained in correspondence and inquiries will be stored for up to 3 years after the last date of contact, unless a longer storage period is necessary, e.g. for any ongoing or potential complaints proceedings, disputes or claims pending between you and us.

Personal data which must be stored under the Danish Bookkeeping Act or other accounting rules will be deleted 5 years after the end of the relevant financial year.

Personal data contained in backup copies will be deleted by routine overwriting (incremental) and cannot be accessed in the usual manner.

3. Recipients

Your personal data will be accessible only to relevant employees.

The data will be disclosed only to the persons who need them for the purposes stated above or where disclosure is required by law. We may, if relevant for a particular order or purchase, transfer your contact information to third parties, e.g. carriers for carrying out deliveries (e.g. prizes).

We have engaged data processors to process data on our behalf that will get access to your personal data subject to our specific instructions. Some of our data processors are established in the USA, however all are self-certified under the EU-U.S. Privacy Shield arrangement.

4. General

4.1 Updating your personal data

We always seek to ensure that your personal data are accurate and updated. In case of changes to your personal data, we kindly ask you to let us know by using the above contact details. If you inform us of any inaccuracies in your personal data, or if we notice such inaccuracies, we will have them rectified or deleted as soon as possible.

4.2 Your rights under the data protection legislation

As a data subject you have a number of rights which you may exercise by contacting us, using the above contact details.

You have the right to request information about which personal data we process and to receive a copy of the data. Further you have the right to data portability (i.e. to receive your data in a structured format) for those of your data which are provided by you and processed by us based on your consent or the performance of a contract.

You also have the right to object to our processing of your personal data and to request rectification or erasure of any data which you believe are incorrect, outdated, etc. Further, you may request a restriction of the processing of your personal data. For some of these rights, e.g. the right to erasure, exercising them requires satisfaction of certain concrete conditions set by data protection legislation.

4.3 Complaints

If you disagree with the way in which we process your personal data, you may file a complaint, using the above contact details. If you disagree with a decision made in any complaint proceedings (or do not wish to complain directly to us), you may also file a complaint with the Danish Data Protection Agency which can be contacted through their website at https://www.datatilsynet.dk/borger/klage-til-datatilsynet/, via e-mail: [email protected] or by phone +45 33 19 32 00.