TOO "Dynamic Technologies"
Company number: 190640015412
Address: 070004, EAST KAZAKHSTAN REGION, UST-KAMENOGORSK, POBEDY AVE., 9, N.P. 34
E-mail: support@grnd.gg
As amended on July 1, 2025
1. General Provisions
1.1. This Privacy Policy (hereinafter referred to as the “Policy”) defines the procedure for processing and protecting the personal data of users of the Game and the Website owned by LLP “Dynamic Technologies” (registration number: 190640015412, address: Republic of Kazakhstan, Ust-Kamenogorsk, Pobedy Ave., 9, N.P. 34) (hereinafter referred to as the “Administration”).
1.2. The Privacy Policy may be amended by the Administration. The new version of the Policy comes into force upon its publication and public availability.
1.3. The processing of information is carried out by the Administration in accordance with this Policy, the internal regulations of the Administration, the General Data Protection Regulation (GDPR), and the legislation of the Russian Federation and the Republic of Kazakhstan.
2. Terms and Definitions
2.1. Personal Data – any information relating to an identified or identifiable natural person (data subject), either directly or indirectly.
2.2. Data Subject – any natural person.
2.3. Controller (Operator) – any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.4. Processor – any natural or legal person, public authority, agency, or other body which processes personal data on behalf of and under instructions from the controller (operator). The Administration acts as the controller (operator) of personal data.
2.5. Processing of Personal Data – any operation or set of operations which is performed on personal data, whether or not by automated means.
3. Data Sources
In the Game:
3.1. From the User’s personal device (including device ID, IP address);
1 The term is used depending on the applicable legislation.
2 The term is used depending on the applicable legislation.
3.2. From linked social media accounts, in case the User authorizes access to the Game through their existing accounts on other platforms (Discord, VKontakte, Apple);
3.3. From the User’s account in the Game (including information about behavioral characteristics and purchase history).
On the Website:
3.4. Data provided directly by the User through communication with the Administration via email and through forms completed by the User on the Website;
3.5. From cookies stored in the User’s browser.
4. Purposes of Personal Data Processing
In the Game:
4.1. Purpose: Identification of the User for the purpose of fulfilling the obligations of the Administration as provided in the User Agreement.
List of data that contains or may contain personal data: login, information about linked accounts (if linked), device ID, IP address, character’s first and last name (nickname), purchase history.
Categories of data subjects: Users who have registered in the Game.
Legal basis: Processing is carried out with the consent of the personal data subject.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (access, provision), blocking, deletion, destruction of personal data.
Processing method: automated.
Processing period: until the User’s account is deleted or the consent to personal data processing is withdrawn.
4.2. Purpose: collection of analytics.
List of data that contains or may contain personal data: User’s behavioral characteristics in the Game.
Categories of data subjects: Game Users.
Legal basis: processing is carried out with the consent of the data subject and based on the legitimate interest of the Administration.
Processing method: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until the account is deleted or consent to personal data processing is withdrawn.
4.3. Purpose: handling and responding to requests and complaints, and providing technical support.
List of data that contains or may contain personal data: character’s first and last name (nickname) (when interacting with the Administration through the in-game menu).
Categories of data subjects: Game Users.
Legal basis: processing is carried out with the data subject’s consent to the processing of their personal data.
Processing method: both automated and non-automated (mixed).
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: for three (3) years from the date the request, complaint, or claim is received.
4.4. Purpose: sending Users information about changes in the Game, promo codes, promotions, and other marketing activities.
List of data that contains or may contain personal data: character’s first and last name (nickname), email address, full name (if provided during registration).
Categories of data subjects: Game Users.
Legal basis: processing is carried out with the data subject’s consent to the processing of their personal data.
Processing method: both automated and non-automated (mixed).
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until the account is deleted, the User unsubscribes from informational and marketing communications, or consent to personal data processing is withdrawn.
4.5. Purpose: improving the Game’s interface and features, informing users, and enabling technical capabilities to increase device usage time.
List of data that contains or may contain personal data: device ID, IP address.
Categories of data subjects: Game Users.
Legal basis: processing is carried out in accordance with the User Agreement for the Game.
Processing method: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until the account is deleted or consent to personal data processing is withdrawn.
As part of fulfilling this purpose, personal data of Users may be transferred to third parties with whom the Controller has entered into a civil law contract, based on separately obtained consent from the User, specifying the processing and storage periods for the personal data to be transferred.
4.6. The provision of personal data is necessary for the conclusion of the agreement under the terms of the User Agreement and for the ability to use the Game.
Possible consequences of failure to provide such data: inability to conclude the agreement under the User Agreement with the data subject, inability of the data subject to use the Game and receive the full scope of services provided by the Game Administration.
On the Website:
4.7. Purpose: receiving and responding to User inquiries, complaints, and claims.
List of data that contains or may contain personal data: email address (in case of interaction via email), full name, phone number (when contacting the Administration through the Website form), postal address (when interacting via physical letters).
Categories of data subjects: Website Users.
Legal basis: processing is carried out with the consent of the personal data subject.
Processing method: both automated and non-automated (mixed).
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: for three (3) years from the date of receipt of such inquiry, complaint, or claim.
4.8. Purpose: ensuring the proper functioning of the Website, improving its quality, and collecting analytics.
List of data that contains or may contain personal data: cookies.
Categories of data subjects: Website Users.
Legal basis: processing is carried out with the consent of the personal data subject and based on the legitimate interest of the Administration.
Processing method: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until the consent to personal data processing is withdrawn through appropriate browser settings by the User.
4.9. Purpose: reviewing partnership proposals, and concluding and performing civil law contracts with counterparties.
List of data that contains or may contain personal data: full name; place of employment; mobile phone number; email address; messenger nickname.
Categories of data subjects: representatives of counterparties.
Legal basis: processing is carried out with the consent of the personal data subject and based on the legitimate interest of the Administration.
Processing method: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: for three (3) years from the date of receipt of such proposal, or for three (3) years from the date of fulfillment of the Parties’ obligations under the contract.
5. Automated Decision-Making
5.1. The Administration does not use automated decision-making. The Administration also does not use personal data for automated evaluation of Users’ personal characteristics (automated profiling or profiling).
6. Principles of Personal Data Processing
6.1. The Administration processes personal data based on the following principles:
— Personal data is processed lawfully and fairly;
— The processing of personal data is limited to achieving specific, pre-defined, and lawful purposes;
— Processing of personal data that is incompatible with the purposes of data collection is not allowed;
— Combining databases containing personal data, the processing of which is carried out for incompatible purposes, is not permitted;
— Only personal data relevant to the purposes of processing is subject to processing;
— The content and scope of personal data being processed must correspond to the stated purposes of processing. Excessive processing of personal data in relation to the stated purposes is not permitted;
— Personal data must be accurate, sufficient, and, where necessary, kept up to date with respect to the purposes of processing. Necessary measures must be taken to delete or clarify incomplete or inaccurate personal data;
— Personal data must be stored in a form that allows identification of the data subject for no longer than is necessary for the purposes of processing, unless a different storage period is established by law, consent, or a contract to which the data subject is a party, beneficiary, or guarantor;
— Processed personal data must be destroyed once the purposes of processing have been achieved or when they are no longer needed for such purposes, unless otherwise provided by federal law;
— Personal data processing must not be used to cause property and/or moral harm to data subjects or to obstruct the realization of their rights and freedoms;
— Personal data must be processed in a way that ensures information regarding its processing is easily accessible, understandable, and presented in plain language. The operator must inform the data subject about the processing of their personal data before such processing begins;
— Access to personal data is granted only to Administration employees who have received special training in working with personal data and have been instructed on personal data handling;
— The Administration must be prepared to confirm the lawfulness of its personal data processing activities.
7. Rights of Data Subjects
7.1. Data subjects have the right to access the following information:
(a) the purposes of processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the intended period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller the rectification or erasure of personal data or restriction of processing, or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data is not collected from the data subject, any available information as to its source;
(h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
7.2. The data subject has the right to obtain from the Administration without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.
7.3. The data subject has the right to request from the Administration the erasure of personal data concerning them without undue delay, and the Administration is obligated to erase such personal data without undue delay where one of the following grounds applies:
(a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
(c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
(d) the personal data has been unlawfully processed;
(e) the personal data must be erased to comply with a legal obligation under applicable law;
(f) the personal data has been collected in relation to the offer of information society services.
7.4. The data subject has the right to request the restriction of processing from the Administration where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise, or defense of legal claims;
(d) the data subject has objected to processing pending the verification of whether the legitimate grounds of the controller override those of the data subject.
7.5. The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data, including profiling based on those provisions. The Administration shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
7.6. The data subject has the right to receive the personal data concerning them, which they have provided to the Administration, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
(a) the processing is based on consent or on a contract; and
(b) the processing is carried out by automated means.
7.7. Where the processing is based on consent, the data subject has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
7.8. The data subject has the right to lodge a complaint with a supervisory authority.
8. Cross-Border Transfer of Personal Data
8.1. The Administration may carry out cross-border transfers of personal data in compliance with legal requirements.
8.2. The transfer of personal data to a third country or an international organization may take place when the Administration has determined that the third country, a territory within that country, one or more specific sectors within that country, or the international organization ensures an adequate level of data protection.
9. Measures to Ensure the Security of Personal Data
9.1. The Administration takes all necessary organizational and technical measures to protect the personal data of data subjects from unlawful or accidental access, destruction, alteration, blocking, dissemination, as well as from other unlawful actions involving such data.
9.2. The Administration’s personal data security measures include, but are not limited to, the following:
— Keeping records of the categories and list of personal data being processed, categories of data subjects whose personal data is processed, data retention periods, and procedures for the destruction of such data;
— Describing the nature of personal data processing at the design stage of any process or system, including processing purposes, legal grounds, categories and number of data subjects, list of personal data, actions performed on personal data, procedures for data transfer, including cross-border transfers, and information about third parties to whom the data is transferred;
— Keeping records of data storage media and information systems used for processing personal data;
— Determining the required level of security for personal data processed in information systems;
— Identifying threats to personal data security during processing in information systems;
— Determining and implementing technical and organizational protection measures prior to the launch of new personal data processing procedures and new information systems;
— Assessing and documenting potential harm that could be caused to data subjects and evaluating the adequacy of the protective measures implemented by the Administration in relation to that harm;
— Establishing access rules to personal data processed in information systems and ensuring the registration and logging of actions performed with personal data in such systems;
— Applying information protection tools that have successfully passed conformity assessment procedures;
— Detecting unauthorized access to personal data and other incidents, and taking measures to eliminate and mitigate their consequences;
— Restoring personal data that has been modified or destroyed due to unauthorized access;
— Accounting for the job positions of employees whose access to personal data (processed both manually and automatically) is necessary for the performance of their duties;
— Ensuring that Administration employees directly involved in the processing of personal data are familiar with personal data legislation, confirmed by signature, and providing appropriate training;
— Monitoring and assessing the effectiveness of personal data security measures before launching the relevant information system into operation;
— Conducting regular internal audits to assess compliance with applicable data protection laws and regulations regarding personal data processing and security;
— Appointing a person responsible for organizing the processing of personal data.
10. Use of analytics services, cookies
10.1. Data collected in Game may also be received and processed by third party providers. Analytics services in Game:
Google Analytics | More | USA |
Google Firbase | More | USA |
Adjust | More | Germany |
AppMetrica | More | Russia |
10.2. Cookies are small files that are created and stored on the device when visiting the Website. Cookies are stored on the device for no longer than one year and are used to adapt the Website’s functionality and ensure its most efficient operation on the User’s device.
10.3. Visiting and using the Website by default involves the generation and storage of cookies. However, the User may delete cookies from their device at any time through the settings of their browser. The User may also refuse to accept cookies, but in that case, the functionality of the Website may not be fully guaranteed.
10.4. The following types of cookies are used on the Website:
Technical and functional cookies | These files, generated by the engines, are used to ensure smooth operation and also to remember the settings selected by the user. |
10.5. The following analytics services are used on the Web-site:
Yandex.Metrica | More | Russia |
Google Analytics | More | USA |
11. Contact Information for Personal Data Processing Inquiries
11.1. If you have any questions or requests related to the processing of personal data, including withdrawal of consent to the processing of personal data, you may contact us via email at privacy@grnd.gg or send a written request to the following address:
070004, Republic of Kazakhstan, Ust-Kamenogorsk, Pobedy Ave., 9, N.P. 34.
11.2. The Controller ensures the rights of data subjects in accordance with Section 7 of this Policy and fulfills its obligations in accordance with applicable law.
11.3. Information regarding the processing of a data subject’s personal data is provided to the data subject or their authorized representative upon request within the time limits established by applicable law. If no time frame is specified by law, the information shall be provided within 10 (ten) business days.
11.4. The request must include: the number of the primary identification document of the data subject or their representative, the date of issuance and the issuing authority, information confirming the data subject’s relationship with the Controller (e.g., contract number, date of conclusion, reference term and/or other details), or other information confirming the fact of personal data processing by the Controller, and the signature of the data subject or their representative.
11.5. The Controller undertakes to provide the data subject or their representative with free access to the personal data related to that data subject. Within no more than 7 (seven) business days from the date the data subject or their representative submits documentation confirming that the personal data is incomplete, inaccurate, or outdated, the Controller shall make the necessary corrections.
Within no more than 7 (seven) business days from the date the data subject or their representative submits documentation confirming that the personal data was obtained unlawfully or is not necessary for the declared purpose of processing, the Controller shall delete such data. The Controller shall notify the data subject or their representative of the changes made and the actions taken, and shall take reasonable steps to inform any third parties to whom the personal data was disclosed.
12. Procedure for the Destruction of Personal Data
12.1. Upon the achievement of the purposes of processing, or in the event that such purposes are no longer necessary - unless otherwise required by law or separately agreed upon by the parties - the personal data being processed must be destroyed.
12.2. Personal data stored on electronic media shall be destroyed using certified data destruction software. Personal data on paper shall be destroyed using technical means to ensure complete destruction. Personal data stored in information systems shall be destroyed by deleting the relevant entries from the databases.
12.3. During the destruction of personal data, the Controller shall prepare a formal destruction certificate (act of destruction).
13. Final Provisions
13.1. The requirements of this Policy apply to all data subjects regardless of their citizenship or location.
13.2. This Policy may be updated periodically in accordance with the requirements of applicable law.