Privacy policy

 

  1. Introduction
At Ellipsecave OÜ (https://ellipseroleplays.com), referred to as 'we' or 'the Company', we are dedicated to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines the principles and practices we follow in the collection, use, and protection of your information. It is designed to inform you about the personal data we collect, the reasons behind its collection, and how we use and safeguard it.We encourage you to take a moment to review this document, as your trust and satisfaction are paramount to us.By continuing to use our website or services, you indicate that you have read, understood, and accepted the terms outlined in this document. If, however, you disagree with these provisions, we kindly request that you discontinue the use of our website or services.
  1. Data Controller
Ellipsecave OÜ, registration No. 16467881, located at Harju maakond, Tallinn, Mustamae linnaosa, Ehitajate tee 110, 13517, Estonia, is the data controller responsible for the processing of your personal data. If you have any questions or concerns about your privacy, please contact us at [email protected]
  1. What Data We Collect About You
The information that we collect about you includes:
  • Contact Information: Phone number; Email; Billing and Residence address.
  • User Account Data: Username and Login information; Activity logs and Session data; Account preferences and Account usage-related data; Other similar data.
  • Payments Related Data: Credit or debit card details; Bank account details; Payment transaction details; Payment method preferences; Payment history; Other similar data.
  • Transactions Data: Billing information; Order details; Order history; Payment details; Transaction history; Current balance; Other similar data.
  • Legal Compliance Information: Information and documents related to compliance with Know Your Customer (KYC), Anti-Money Laundering (AML), and other similar legal requirements.
  • Identity Related Data: Full name; Identification number; Date of birth; Details of identification documents; Other similar data.
  • Financial Data: Bank account information; Source of funds; Employment status; Other similar data.
  • Identification and Authentication Data: Biometrics; Multi-Factor Authentication (MFA) data; ID verification documents, etc.
  • Marketing Information: Your interests; Participation in our loyalty programs; Communication preferences.
  • Communication Information: Email communication; Phone communication (records of incoming and outgoing calls with us); User support events; Other related data.
  • Physical Security Data: Records from on premises video surveillance; Metadata; Other related data.
  • Technical Data: Technical logs and events; Information about device type, identifiers, and settings; Information about the operating system; Network and connection information (including IP address); Cookies and similar technologies information; Other related data.
 
  1. How We Use the Data
We process the collected personal data with specific purposes in mind, relying on legal bases that align with the nature of these activities. Here is an overview of the purposes for which we process your data:
  • User Account Creation and Management:
Legal Basis: Contractual NecessityDescription: We process your data to create and manage your account, ensuring seamless access to our services.
  • Identity Verification and Authentication:
Legal Bases: Legal Obligation, Legitimate InterestsDescription: We verify user identity and authenticate users to meet legal obligations and safeguard the security of our website and services.
  • Provision of Services:
Legal Basis: Contractual NecessityDescription: We process your data to fulfill our contractual obligations in providing the services you have requested.
  • Order Execution and Management:
Legal Basis: Contractual NecessityDescription: We process data to fulfill and manage your orders as per contractual requirements.
  • Transaction Execution and Management
Legal Bases: Contractual Necessity, Legitimate InterestsDescription: We process data to execute and manage transactions, ensuring a smooth and secure gaming experience.
  • User Communication and Support:
Legal Bases: Contractual Necessity, Legitimate InterestsDescription: We process data to interact with you, provide user support, and share essential information related to our services, aligning with contractual necessity and legitimate interests.
  • Marketing:
Legal Bases: Consent, Legitimate InterestsDescription: We use data to provide you with marketing information and customized content, tailoring your gaming experience to your preferences.
  • Risk Management:
Legal Bases: Contractual Necessity, Legal Obligations, Legitimate InterestsDescription: We process data to manage different risks that are relevant for our business, make informed decisions, and fulfill legal obligations, ensuring the stability and reliability of our services.
  • Fraud and Service Misuse Prevention
Legal Bases: Legal Obligation, Legitimate InterestsDescription: Processing data is crucial to prevent fraud and misuse of our services, adhering to legal obligations and protecting the integrity of our website and services.
  • Ensuring Security:
Legal Bases: Contractual Necessity, Legal Obligation, Legitimate InterestsDescription: Security is paramount. We process data to ensure security of our information and assets.
  • Solving Technical Issues:
Legal Basis: Contractual NecessityDescription: Technical issues can arise when using or website or services. We process data to address these issues, troubleshoot problems, and maintain the functionality of our website and services.
  • Service Improvement and Development
Legal Basis: Legitimate InterestsDescription: To offer you an evolving and enhanced gaming experience, we process data to improve and develop our services, ensuring they align with your interests.
  • Resolution of Claims and Disputes
Legal Bases: Contractual Necessity, Legal Obligation, Legitimate InterestsDescription: Processing data is crucial for addressing claims and resolving disputes that could arise during our cooperation with you.
  • Legal Compliance
Legal Bases: Legal Obligation, Public TaskDescription: We process data to comply with legal and regulatory requirements, fulfilling our legal obligations and contributing to the public task of maintaining a secure online environment.
  1. Where the Data Is Collected From
We primarily collect data directly from you when you interact with our website or services. However, we may also receive information from third-party sources, such as payment processors, state authorities and publicly available sources.
  1. Who Can Receive Your Data
Your personal data is shared only on a need-to-know basis with recipients, such as authorized individuals within the Company who require access to fulfill their job responsibilities; service providers who assist in the delivery of our services; state authorities or other recipients if there is an appropriate legal basis (for example – your consent).
  1. Where the Data Can Be Transferred
Your data may be transferred outside of the European Union and European Economic Area. We ensure that such transfers comply with applicable data protection laws and take necessary steps to protect your information. We also implement appropriate safeguards to ensure the security and confidentiality of your data.
  1. For How Long We Keep Your Data
We understand the significance of responsibly managing the lifecycle of your personal data. Our data retention practices are carefully crafted to retain information only for the necessary duration to fulfill the purposes for which it was collected. The retention periods for personal data are assessed based on the nature of the data and the specific purposes for which it is processed. We retain your information for the duration required to fulfill these specified purposes. Certain personal data may be retained for extended periods to comply with legal and regulatory obligations, such as those related to anti-money laundering and fraud prevention requirements. Once the retention period concludes or if the data is no longer necessary for the specified purposes, we take meticulous measures to securely delete or anonymize your personal data.
  1. What Rights You Have vis-à-vis Your Data
Respecting your rights and ensuring the transparency of our data processing practices is fundamental at Ellipsecave OÜ. Here is an overview of the rights you have concerning your personal data:
  • Right to Access: You have the right to know what personal data we hold about you.
  • Right to Rectification: If you notice any inaccuracies or incompleteness in your personal data, you can request corrections.
  • Right to Erasure: Under certain circumstances, you can request the deletion of your personal data. We will assess each request in accordance with applicable legal requirements.
  • Right to Restriction of Processing: You can request a temporary suspension of data processing in specific situations, such as inaccurate data or unlawful processing.
  • Right to Object to Processing: If there are particular reasons related to your situation, you have the right to object to the processing of your personal data. We will carefully consider and evaluate your objections.
  • Right to Data Portability: You can receive your personal data in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit it to another controller, facilitating a smooth transition if you choose to switch services.
  • Right to Withdraw Consent: If we rely on your consent for processing your personal data, you can withdraw it at any time. The withdrawal does not impact the lawfulness of processing conducted before consent withdrawal.
To exercise any of these rights, reach out to us via the email provided in Section 16. While exercising your rights is important, please be aware that certain rights may be subject to specific preconditions or criteria outlined by applicable laws. These conditions are in place to ensure that the process aligns with legal requirements. In cases where reasonable doubts arise, we reserve the right to seek additional information to verify the identity of the individual making a request.
  1. Why Should You Provide Data to Us
We believe in transparency and empowering you to make informed choices about providing or not providing your personal data. Here is a brief explanation:Certain data is necessary for us to offer you basic services and ensure important features and functionality, such as the security of your account. This, for example, includes details such as your name, email address, and payment information. Without providing this mandatory information, it may not be possible to create an account or complete transactions.In addition to mandatory information, there are aspects where you have a choice. Providing optional information, such as your gaming preferences, allows us to tailor our services to better suit your interests. It is entirely up to you whether you want to share this information, and you can update or modify it at any time in your account settings.Where applicable, we will add respective markings for you to distinguish between these two types of information.
  1. Do We Use Automated Decisions and Profiling
We may use automated decision-making processes, such as fraud detection algorithms, to ensure the security of our platform. However, these processes do not have a significant impact on you without human intervention. For instance, our system may temporarily suspend an account for further review if suspicious activity is detected. Additionally, we may utilize profiling to provide personalized recommendations and enhance your overall gaming experience. Profiling enhances your experience by tailoring our services to align with your interests and preferences.
  1. How Your Data Is Secured by Us
We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. To achieve this, we employ robust technical and organizational measures, designed to protect your data from unauthorized access, disclosure, alteration, and destruction. This includes, for example, employing encryption technologies to safeguard data during transit and storage, conducting regular audits of our security infrastructure to identify and address potential vulnerabilities promptly, establishing incident response procedures to address and mitigate any potential impact swiftly, engaging only with reputable third-party service providers (for example, in case of payment services providers we select only those who adhere to industry-standard security practices, such as the Payment Card Industry Data Security Standard (PCI DSS)), providing regular trainings to our employees, and implementing other similar controls.
  1. How You Can Secure Your Data
We are committed to ensuring the security and confidentiality of your personal data. Your active participation in maintaining good security practices is crucial to creating a safe online environment for everyone. Here are some obligations we kindly request you to adhere to:
  • Use a strong password that is unique and combines a mix of uppercase and lowercase letters, numbers, and symbols.
  • Keep your password confidential and never share it with anyone. If you suspect any unauthorized access to your account, change your password immediately.
  • Always log out of your account after sessions, especially when using shared devices or public computers.
  • Stay vigilant against phishing emails or messages that may attempt to trick you into revealing sensitive information.
  • Ensure the security of the devices you use to access our services. Keep your operating system, antivirus, and other software up to date to protect against vulnerabilities.
By following these good security practices, you play an essential role in safeguarding your personal data and contributing to the overall security of our online gaming community.
  1. How To Lodge a Complaint
If you have concerns about how we handle your personal data, please contact us at [email protected]. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate.
  1. How This Policy Can Be Updated
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant updates through our website or other communication channels. We also encourage you to revisit this policy from time to time to stay updated.
  1. How To Address Us Your Questions
If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at [email protected]. We are here to assist you and ensure your experience with us is secure and enjoyable.Thank you for entrusting us with your data. We value your privacy and strive to make your gaming experience the best it can be.Last updated: 12 January 2024