Last updated: April 18, 2019
2. It also explains how we use that data, where we store it, and how we protect it.
3. In short:
b. Should we need to process your data for any other purpose, we will always ask for your consent in advance.
c. Some partners, such as CD PROJEKT S.A., help us in providing our services and we may share limited data with them — but only for this purpose.
d. We will not share your data for third party advertising purposes.
In the context of order handling and customer accounts, we will process your basic personal data such as:
a. your name and surname;
b. email address;
c. residence address;
d. shipping address;
e. phone number;
f. IP address;
g. country, where you place your order;
h. order and payment history (including identifiers, order values and ordered items);
i. data resulting from your use of Store functionalities and optional data which you may provide in account settings (favorite items list, account settings, product reviews and ratings, day and month of your birthday, gender);
j. additionally — if you place your order as part of your business activity — invoicing address, business name, VAT number.
Moreover, depending on the payment method you choose, we will process the following payment-related data:
a. debit/credit card data — card number, name and surname of the card holder, validity date;
b. bank account number, name and surname of the account holder;
c. e-mail address linked to PayPal account.
a. providing access to Store services, including account registration and personalization, order history and status, favorite items list, product review and comments functionalities;
b. organizing contests, including contacting participants, evaluation of applications, distribution of prizes, payment of tax on prizes;
c. sale and delivery of goods and payment handling;
d. preventing payment fraud in the use of Store services;
e. providing technical support and customer service, as well as providing information about changes regarding goods and services of the Store;
f. monitoring operations of Store services and introducing improvements based on submitted remarks and suggestions;
g. in applicable cases - for the purposes of asserting claims and legal defense, including litigation, arbitration or mediation;
h. fulfilling the obligations resulting from provisions of law, including tax and accounting law;
i. documenting personal data processing, i.e. for accountability purposes as required by the General Data Protection Regulation (GDPR);
j. providing you with marketing information (including personalized and targeted marketing emails), which we feel may interest you. For example, we may send you newsletters or emails about our services (of course, this is optional and we will ask you for permission first).
If you decide that you no longer wish to receive personalized offers, product recommendations from us, or any advertising news at all, you can withdraw your consent at any time.
Also, we process information about you for the purpose of and in scope necessary to pursue our legitimate interests (ensuring security of payment processing and IT systems of the Store, communication with unregistered users), within the purposes indicated in points (d)-(g) of Section 5.1.
Moreover, we process your personal data to fulfill our legal obligations. This refers to the purposes indicated in points (h)-(i) of Section 5.1.
In other cases, your personal data is processed based on your consent (this primarily includes processing your data for marketing purposes, in particular providing you with our newsletter). You can withdraw your consent at any time; however, withdrawal of consent will not affect the lawfulness of prior processing.
In case of marketing purposes, we will ask you for your consent beforehand, and you will be able to withdraw it at any time.
We may process some aggregated and general non-personal data on user behavior (e.g. sales per region, number of reported technical issues) with third party partners who work with us to provide Store services to you (for example, producers of our gadgets or payment providers) in order to support, improve or amend Store services. We may also share non-personal data with data analysis services to help us run Store services. As mentioned above, everything is anonymized, so you cannot be identified.
b. if you contact us and do not use our services, we will retain correspondence with you as long as necessary to assist you, followed by a period necessary for legal or accountability purposes;
c. for marketing purposes, we will store data as long as we have valid consent, and in case of its withdrawal, we will remove it without undue delay and no later than within 30 days from the moment we receive your request to cease data processing.
a. CD PROJEKT S.A. — our parent company, who supports us in marketing activities, record keeping and correspondence handling, legal and technical support, and customer service, as well as provides us with internal management and data-sharing tools;
b. IAI S.A. — technical operator of our Store;
c. Vistra Corporate Services sp. z o.o. — a company who provides us with tax and accounting services;
d. payment providers;
e. partners providing assembly and shipping services;
f. our partners who help us in data analysis by providing us with analytical tools;
g. our partners who help us manage our newsletters and email communications by providing us with email marketing tools;
h. our professional advisors who assist us with legal, tax, audit or accounting matters;
i. advertising partners for the purpose of personalized and targeted marketing (for example, to inform you via advertisements on websites you visit about our services you may enjoy).
You can do so by clicking the appropriate link in the footer of our newsletter, or by sending us a request at: firstname.lastname@example.org.
a. right to rectify data — if data is incorrect or incomplete;
b. right to erasure of data — if your personal data is no longer necessary in relation to the purposes for which was collected by us; if you withdraw your consent on which the processing is based (in the scope of such consent); if you object to data processing; your data has been processed unlawfully; if your data must be erased in order to comply with a legal obligation;
c. right of processing: if data is incorrect — for a period enabling us to verify your data; if data has been processed unlawfully, but you don’t want it to be removed; if we no longer need your data, but you may need it for the exercise or defense of your legal claims; if you object to processing of your data - until it is verified whether our legitimate grounds override the grounds of objection;
d. right to transfer data: if the processing is based on consent or on a contract and the processing is carried out by automated means;
e. right to object to the processing of personal data: when such data is processed on a legitimate interest basis, and the objection is justified by your particular situation.
If, however, you feel we have not satisfactorily dealt with your concern, you can report it to your local data protection authority or the Polish regulator — the President of Polish Office of Data Protection (Prezes Urzędu Ochrony Danych Osobowych — "PUODO").
THE NEWSLETTER YOU’LL LOVE TO SEE
We’ve got plenty of cool stuff in store for you right now, and plenty more coming your way. New additions, merch pre-orders, or awesome deals from across our catalogue — make sure you don’t miss any of it. Sign up for our newsletter and let’s stay in touch!