Privacy policy

Privacy policy

CD PROJEKT RED STORE Privacy Policy
Last updated: April 18, 2019


Overview:

1. This document explains what data is collected in connection with CD PROJEKT RED STORE services.
2. It also explains how we use that data, where we store it, and how we protect it.
3. In short:
a. In order for you to use our services we need to process some of your data.
b. Should we need to process your data for any other purpose, we will always ask for your consent in advance.
c. Some partners, such as CD PROJEKT S.A., help us in providing our services and we may share limited data with them — but only for this purpose.
d. We will not share your data for third party advertising purposes.
4. Finally, it explains your rights in relation to your personal data.

Hello! This Privacy Policy is where we explain how your personal data is collected, stored or used, and what happens to it when you use CD PROJEKT RED STORE services. Like with our Terms of Use, we have put together two versions: a full text version, which is legally binding, and also section summaries, which will hopefully make the legal language a bit more accessible. If you have any questions, you can contact us at privacy-store@cdprojektred.com. Here we go!

FULL TEXT
QUICK SUMMARY
1. WHO WE ARE
1.1 We are CD PROJEKT RED STORE sp. z o.o., a company incorporated in Poland and a data controller under European Union data protection legislation (hereinafter "CDPRS" or "we"). You may contact us via email at privacy-store@cdprojektred.com or by mail: CD PROJEKT RED STORE sp. z o.o., Jagiellońska 74, 03-301 Warsaw, Poland.
Hello, we're CD PROJEKT RED STORE and we are based in Poland. You can find our contact details here!
2. WHAT THIS PRIVACY POLICY GOVERNS
2.1 This Privacy Policy applies to our online store CD PROJEKT RED STORE (further "Store") directed to customers in the European Union, available at eu.store.cdprojektred.com (including services connected with user registration, account, basket, order and payment processing, order history, wishlist, product reviews and comments) as well as customer service and technical support services connected with the Store.
This Privacy Policy explains the different kinds of data we collect from you when you use the Store services. We fully comply with privacy laws.
2.2 Specifically, this Privacy Policy governs personal data and non-personal data, which we collect from you when you use the Store services. ("Personal data" means data, which, on its own or in combination with other data, can be used to identify you).
2.3 We respect your right to privacy and will only process personal data in accordance with applicable legislation.
3. PROTECTING CHILDREN
3.1 We recognize we have a special obligation to protect personal data obtained from children. We do not and will not knowingly collect personal data from any child under 16. If for any reason we decide to collect personal information of children between the ages of 13 and 16 we will ask for their parent or guardian's consent. If you are a parent or guardian and are concerned about the transfer of your child's personal information, please contact privacy-store@cdprojektred.com.
We cannot and will not knowingly collect personal information about children under 16.
4. INFORMATION WE COLLECT
4.1 When you use Store services, we may collect the following data if relevant (how we use it is described later in this document).

In the context of order handling and customer accounts, we will process your basic personal data such as:
a. your name and surname;
b. email address;
c. residence address;
d. shipping address;
e. phone number;
f. IP address;
g. country, where you place your order;
h. order and payment history (including identifiers, order values and ordered items);
i. data resulting from your use of Store functionalities and optional data which you may provide in account settings (favorite items list, account settings, product reviews and ratings, day and month of your birthday, gender);
j. additionally — if you place your order as part of your business activity — invoicing address, business name, VAT number.

Moreover, depending on the payment method you choose, we will process the following payment-related data:

a. debit/credit card data — card number, name and surname of the card holder, validity date;
b. bank account number, name and surname of the account holder;
c. e-mail address linked to PayPal account.
In order for you to shop in our Store, we need some basic data about you, such as your name, surname and e-mail address (for full details, take a look at the text on the left).
4.2 If you take part in contests organized by CDPRS, we may additionally process data necessary for the purpose of holding contests and announcing their results, such as your correspondence address, phone number, identifiers in social media, image of yourself or your bank account number.
If you participate in contests organized by us, we may need some additional data about you.
4.3 We may also collect some non-personal data about our users (statistical information on the use of our services, information on devices used to connect to them) in order to better understand how our games and services are used and to improve them based on this knowledge.
We may also collect some statistical information on the use of our services.
4.4 In order for you to use our services, we need to process the data described above — provision of the data is voluntary, but without it, you will not be able to use our services.
The above data is necessary for us to provide our services to you.
4.5 We and our partners also collect data about you via cookies. You can find out more about this in our Cookie Policy. The Cookie Policy forms part of this Privacy Policy.
Check our Cookie Policy to find out what sorts of cookies we use to support our services.
5. HOW IS YOUR INFORMATION USED
5.1 our data may be used for the following purposes:
a. providing access to Store services, including account registration and personalization, order history and status, favorite items list, product review and comments functionalities;
b. organizing contests, including contacting participants, evaluation of applications, distribution of prizes, payment of tax on prizes;
c. sale and delivery of goods and payment handling;
d. preventing payment fraud in the use of Store services;
e. providing technical support and customer service, as well as providing information about changes regarding goods and services of the Store;
f. monitoring operations of Store services and introducing improvements based on submitted remarks and suggestions;
g. in applicable cases - for the purposes of asserting claims and legal defense, including litigation, arbitration or mediation;
h. fulfilling the obligations resulting from provisions of law, including tax and accounting law;
i. documenting personal data processing, i.e. for accountability purposes as required by the General Data Protection Regulation (GDPR);
j. providing you with marketing information (including personalized and targeted marketing emails), which we feel may interest you. For example, we may send you newsletters or emails about our services (of course, this is optional and we will ask you for permission first).
We collect your data to provide Store services to you and improve them, as well as to communicate with you and ensure your security in the payment process.
5.2 Whenever we personalize or target our marketing communications, offers and advertisements, we may profile your personal data, which means that we may use the data we collect to adjust the communication addressed to you to meet your needs. In such cases, we do not use your personal data for profiling, which would constitute automated decision-making that could affect your legal situation (for example, we will not deny you access to our services based on your activity in the Store).

If you decide that you no longer wish to receive personalized offers, product recommendations from us, or any advertising news at all, you can withdraw your consent at any time.
We gather data about when and how you use Store services in order to offer you the best service and communication possible. However, we will never put your fate in the hands of a robot (i.e. we will not make decisions impacting your legal situation based solely on automated processing of your data).
6. WHY DO WE USE YOUR DATA (LEGAL BASIS FOR DATA PROCESSING)
6.1 We process your personal data to perform the agreement between us, which includes enabling you to use our Store. This happens in the case of purposes (a)-(c) and (e) of Section 5.1. above (if you contact us as a registered customer).

Also, we process information about you for the purpose of and in scope necessary to pursue our legitimate interests (ensuring security of payment processing and IT systems of the Store, communication with unregistered users), within the purposes indicated in points (d)-(g) of Section 5.1.

Moreover, we process your personal data to fulfill our legal obligations. This refers to the purposes indicated in points (h)-(i) of Section 5.1.

In other cases, your personal data is processed based on your consent (this primarily includes processing your data for marketing purposes, in particular providing you with our newsletter). You can withdraw your consent at any time; however, withdrawal of consent will not affect the lawfulness of prior processing.
We may use your data in order for you to use the Store, to fulfill our legal obligations and for other reasons important to us, such as ensuring security of the Store or communicating with unregistered users.

In case of marketing purposes, we will ask you for your consent beforehand, and you will be able to withdraw it at any time.
6.2 Non-personal data.
We may process some aggregated and general non-personal data on user behavior (e.g. sales per region, number of reported technical issues) with third party partners who work with us to provide Store services to you (for example, producers of our gadgets or payment providers) in order to support, improve or amend Store services. We may also share non-personal data with data analysis services to help us run Store services. As mentioned above, everything is anonymized, so you cannot be identified.
Some of the data we process is considered by law to be non-personal data. It’s anonymous, so don’t worry. See opposite for more information.
7. HOW DO WE HANDLE YOUR PERSONAL INFORMATION
7.1 Where do we store it? The data we collect from you is stored on our secure servers in Europe or — only if necessary — by those of our Trusted Partners as described below. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. We will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
We will store your data on our secure servers in Europe or on those of our Trusted Partners. We will do our best to keep your data secure.
7.2 How long will we store your data?
We will retain your personal data only for as long as needed in order to fulfill the purposes outlined in this Privacy Policy. In certain special cases, a longer retention period might be required by law, such as for tax reasons, accounting purposes or other legal requirements and obligations. When we no longer require your personal information in order to provide our Store-related services to you, we will either delete it or anonymize it. In particular:
a. we will keep data that is associated with the services you use for the duration of the agreement to access the services (ex. Store Terms of Use). Following account closure, the limited data that we collect about you will still be retained for an additional few years for tax, legal or accounting purposes;
b. if you contact us and do not use our services, we will retain correspondence with you as long as necessary to assist you, followed by a period necessary for legal or accountability purposes;
c. for marketing purposes, we will store data as long as we have valid consent, and in case of its withdrawal, we will remove it without undue delay and no later than within 30 days from the moment we receive your request to cease data processing.
In general, we will store your data until you use our services. After that, we may still use limited data about you for tax, legal or accounting reasons.
8. DATA SHARING
8.1 Please remember that any communications you have via CDPRS services (e.g. reviews or comments published on product pages in the Store) may reveal details about you. Also, any data you post publicly using CDPRS services will be publicly available for Store users and others. We are not responsible for your use of any private personal data which you choose to make available via CDPRS services, or the activities of other users or other third parties to whom you give or make available your data.
When you use CDPRS services, you have the option to share your own personal data with others or publicly. Be aware that you are responsible for this type of data sharing.
9. THIRD PARTY INFORMATION COLLECTION AND EXTERNAL SERVICES
9.1 CDPRS services may, from time to time, contain links to and from the websites or services of third parties. Our Privacy Policy does not extend to these external sites or companies, so please refer directly to their privacy policies.
We may sometimes provide links directing you outside the Store — be aware that these places can have privacy policies which differ from ours.
10. OUR TRUSTED PARTNERS AND OTHER CASES OF DATA SHARING
10.1 We may share your data with the following Trusted Partners, who were engaged by us to help deliver our services and functionalities to you. Please rest assured that we always provide our partners with the minimum data necessary for them to achieve the purpose of their cooperation with us. They may have access to limited data about you and process it on our behalf for the purposes set out below:
a. CD PROJEKT S.A. — our parent company, who supports us in marketing activities, record keeping and correspondence handling, legal and technical support, and customer service, as well as provides us with internal management and data-sharing tools;
b. IAI S.A. — technical operator of our Store;
c. Vistra Corporate Services sp. z o.o. — a company who provides us with tax and accounting services;
d. payment providers;
e. partners providing assembly and shipping services;
f. our partners who help us in data analysis by providing us with analytical tools;
g. our partners who help us manage our newsletters and email communications by providing us with email marketing tools;
h. our professional advisors who assist us with legal, tax, audit or accounting matters;
i. advertising partners for the purpose of personalized and targeted marketing (for example, to inform you via advertisements on websites you visit about our services you may enjoy).
We sometimes share data with our Trusted Partners. They usually take care of stuff like supporting Store services, processing payments, product shipping or marketing activities.
10.2 When required by law, we may also share your data with the police or other government authorities (including your IP address and details of suspected unlawful or fraudulent activity such as unauthorized use of payment methods and security risk scores - so if, e.g. it seems for us your card was stolen, we can inform the police about it).
10.3 Your data may be processed, stored and transferred to countries outside your country of residence and beyond the European Economic Area (EEA), such as the United States. Privacy laws in these countries may not offer the same level of protection as in your country or in the EEA. But whenever we share your personal data outside the EEA, we will ensure the adequate protection of your personal data and apply lawful measures of data transfer, such as EU standard contractual clauses or the Privacy Shield Framework.
Whenever we share your personal data outside Europe, we make sure that the data is duly protected.
10.4 Please be aware that we are subject to various laws and may be required to release personal data to comply with law enforcement and other legal requirements.
We may be required to comply with law enforcement requests to release personal data.
10.5 In the unlikely event of a reorganization or merger of CDPRS, we may transfer personal data to an involved third party who will ensure protection of at least the same level as what we ensure in this Privacy Policy.
In the event of any reorganizations, acquisitions, etc., your personal data will still be given at least the same level of protection as it is now.
11. YOUR RIGHTS
11.1 You can withdraw your consent for processing of your personal data, including processing for marketing purposes, at any time.
You can do so by clicking the appropriate link in the footer of our newsletter, or by sending us a request at: privacy-store@cdprojektred.com.
You have a number of rights regarding your personal data. They include the rights to make requests regarding how your personal data is used, to access your data, to make amendments in it, to have us delete all of your data, to restrict the processing of your data or to have your data transferred to another entity. You can always send an email to privacy-store@cdprojektred.com and we will do our best to assist you.
11.2 You may exercise the following rights:
a. right to rectify data — if data is incorrect or incomplete;
b. right to erasure of data — if your personal data is no longer necessary in relation to the purposes for which was collected by us; if you withdraw your consent on which the processing is based (in the scope of such consent); if you object to data processing; your data has been processed unlawfully; if your data must be erased in order to comply with a legal obligation;
c. right of processing: if data is incorrect — for a period enabling us to verify your data; if data has been processed unlawfully, but you don’t want it to be removed; if we no longer need your data, but you may need it for the exercise or defense of your legal claims; if you object to processing of your data - until it is verified whether our legitimate grounds override the grounds of objection;
d. right to transfer data: if the processing is based on consent or on a contract and the processing is carried out by automated means;
e. right to object to the processing of personal data: when such data is processed on a legitimate interest basis, and the objection is justified by your particular situation.
11.3 You can exercise these rights on your own (for example, by correcting your data in account settings) or by contacting us at privacy-store@cdprojektred.com.
11.4 In case of any concerns or questions about your privacy, please do contact us and we will do our best to assist you.

If, however, you feel we have not satisfactorily dealt with your concern, you can report it to your local data protection authority or the Polish regulator — the President of Polish Office of Data Protection (Prezes Urzędu Ochrony Danych Osobowych — "PUODO").
12. CHANGES TO THIS PRIVACY POLICY
12.1 We may change this Privacy Policy if we deem it necessary, such as for legal reasons or to reflect changes in our services. If we do so, we will make the altered Privacy Policy available online, update the “Last Updated” date and notify you about the changes.
We may make changes to our Privacy Policy. Whenever we do, we will publish the changed version online and notify you.
13. TERMS OF USE
13.1 We would also like to remind you that our Terms of Use contain more information about CDPRS Services. You can read them here.
This page uses cookie files to provide its services in accordance to Cookies Usage Policy. You can determine conditions of storing or access to cookie files in your web browser.
Close
pixel