TOO "Dynamic Technologies"
Company number: 190640015412
Address: 070004, EAST KAZAKHSTAN REGION, UST-KAMENOGORSK, POBEDY AVE., 9, N.P. 34
E-mail: support@grnd.gg
Almaty
The variant of the 2 nd of October, 2024
1. General terms
1.1. Privacy policy (hereinafter- "Politics") determines the procedure for processing and protecting the personal data of users of the Game and the Web-site belonging to TOO "Dynamic Technologies" (registration number: 190640015412, address: Republic of Kazakhstan, Ust-Kamenogorsk, 9 Pobedy Avenue, n.p. 34 (hereinafter - "Administration").
1.2. The privacy policy may be changed by the Administration. The new version of the Policy comes into force from the moment it is posted in the public domain.
1.3. Information processing is carried out by the Administration in accordance with present Policy, internal acts of the Administration, the General Data Protection Regulation (GDPR), the legislation of the Russian Federation and the Republic of Kazakhstan.
2. Terms and definitions
2.1. Personal data - personal data - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
2.2. The subject of personal data is any individual.
2.3. Controller (operator) is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.4. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
2.5. Processing of personal data is any action (operation) or set of actions (operations) performed with personal data using automation tools or without the use of such tools.
3. Data sources
In-Game:
3.1. From the User’s personal device (in terms of device ID, IP address);
3.2. From linked accounts on social networks, if the User is authorized in the Game through his existing accounts on other platforms (Discord, VKontakte, Apple);
3.3. From the User’s account in the Game (in terms of information about his behavioral characteristics and purchase history).
On the Web-site:
3.4. From the User personally as a result of communication with the Administration via e-mail and forms filled out by the User on it;
3.5. From "cookie files" (hereinafter – "cookies") in the User's browser;
4. Purposes of processing personal data
In-Game:
4.1. Purpose: identification of the User in order to fulfill the obligations of the Administration provided for in the User Agreement.
List of data that contains or may contain personal data: login, information about linked accounts (if linked), device IDs, IP address, character’s first and last name (nickname), purchase history.
Categories of personal data subjects: Users who have registered in the Game.
Legal basis: processing is carried out with the consent of the subject of personal data.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (access, provision), blocking, deletion, destruction of personal data.
Processing methods: automated.
Processing period: until the User’s account is deleted or consent to the processing of personal data is withdrawn.
4.2. Purpose: collecting analytics, improving the quality of the Game.
List of data that contains or may contain personal data: behavioral characteristics of the User in the Game.
Categories of subjects: Game users.
Legal basis: processing is carried out with the consent of the subject of personal data and in connection with the legitimate interest of the Administration.
Processing methods: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until the User’s account is deleted or consent to the processing of personal data is withdrawn.
4.3. Purpose: receiving and sending responses to requests, complaints and providing technical support.
List of data that contains or may contain personal data: the character’s first and last name (nickname) (when interacting with the Administration in game menus).
Categories of subjects: Game users.
Legal basis: processing is carried out with the consent of the subject of personal data to the processing of his personal data.
Processing methods: both automated and non-automated (mixed).
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: within 3 (three) years from the date of receipt of such appeal, complaint, claim.
4.4. Purpose: sending Users information about changes in Game, promotional codes, promotions and other marketing activities.
List of data that contains or may contain personal data: the character’s first and last name (nickname), email address, last name, first name, patronymic (if specified during registration).
Categories of subjects: Game users.
Legal basis: processing is carried out with the consent of the subject of personal data to the processing of his personal data.
Processing methods: both automated and non-automated (mixed).
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until your account is deleted, your subscription is cancelled to informational and advertising mailing lists, your consent is revoked to the processing of personal data.
4.5. Providing personal data is necessary to conclude a contract under the terms of the user agreement and the ability to use Game. Possible consequences of failure to provide the specified data: inability to conclude an agreement on the terms of the user agreement with the subject of personal data, inability for the subject to use Game or receive the services of Game Administration in full.
On the Web-site:
4.6. Purpose: receiving and sending responses to requests, complaints, claims of Users.
List of data that contains or may contain personal data: email (when interacting via email), email address, last name, first name, patronymic, phone number (when interacting with the Administration through a form on the Site), postal address (when interacting via paper letters).
Categories of subjects: Users of the Web-site.
Legal basis: processing is carried out with the consent of the subject of personal data to the processing of his personal data.
Processing methods: both automated and non-automated (mixed).
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: within 3 (three) years from the date of receipt of such appeal, complaint, claim.
4.7. Purpose: ensuring normal functioning, improving the quality of the Web-site, collecting analytics.
List of data that contains or may contain personal data: cookies.
Categories of subjects: Users of the Web-site.
Legal basis: processing is carried out with the consent of the subject of personal data and in connection with the legitimate interest of the Administration.
Processing methods: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: until the withdrawal of consent to the processing of personal data through the appropriate settings in the User’s browser.
4.8. Purpose: studying proposals for cooperation, concluding and executing civil contracts with counterparties.
List of data that contains or may contain personal data: last name, first name, patronymic; place of work, mobile phone number; email address, in-messenger nickname.
Categories of subjects: representatives of counterparties.
Legal basis: processing is carried out with the consent of the subject of personal data and in connection with the legitimate interest of the Administration.
Processing methods: automated.
List of actions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
Processing period: within 3 (three) years from the date of receipt of such proposal, or within 3 (years) from the date of fulfillment of the obligations of the parties under the contract.
5. Automated decision-making
The administration does not use automated decision making. The Administration also does not use personal data to automatically assess aspects of the Users’ personality (automated profiling, profiling).
6. Principles for processing personal data
6.1. The administration processes personal data based on the following principles:
— processing of personal data is carried out on a legal and fair basis;
— the processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes;
— processing of personal data that is incompatible with the purposes of collecting personal data is not permitted;
— it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
— only personal data that meets the purposes of their processing are subject to processing;
— the content and volume of personal data processed correspond to the stated purposes of processing. Redundancy of processed personal data in relation to the stated purposes of their processing is not allowed.;
— when processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data is ensured, the necessary measures are taken to delete or clarify incomplete or inaccurate personal data;
— storage of personal data is carried out in a form that makes it possible to identify the subject of personal data, no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by law, consent to processing, or an agreement to which the subject is a party, beneficiary or guarantor personal data
— the processed personal data is destroyed upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law;
— the processing of personal data is not used for the purpose of causing property and/or moral harm to the subjects of personal data, or hindering the exercise of their rights and freedoms.
— the processing of personal data is carried out so that information regarding the processing of personal data is easily accessible, understandable and presented in simple language. The operator notifies the subject about the processing of his personal data before such processing begins.
— only Administration employees who have received special skills in working with personal data and have completed instructions on working with personal data have access to personal data of subjects.
— The administration has to be ready to confirm the legality of the processing of personal data.
7. Rights of personal data subjects
7.1. Data subjects shall have the right of access to the following information: (a) the purposes of the processing; (b) a description of the personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) where possible, the envisaged period for which the personal data are to be stored or, failing that, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of the personal data concerned, or restriction of their processing, or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data do not come from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of the processing for the data subject.
7.2. The data subject has the right to demand that the Administration correct their inaccurate personal data without undue delay. Taking into account the purposes of processing, the personal data subject has the right to make additions to incomplete personal data, including by submitting an additional application.
7.3. The data subject has the right to demand that the Administration delete personal data concerning him/her without undue delay. The Administration is obliged to delete personal data without delay if one of the following grounds applies: (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (b) the data subject withdraws his/her consent on the basis of which the processing is carried out, and if there is no other legal basis for the processing; (c) the data subject objects to the processing and there are no prevailing legitimate grounds for the processing, or the data subject objects to the processing; (d) the personal data were processed unlawfully; (e) the personal data have to be destroyed in fulfillment of a legal obligation under applicable law; (f) the personal data were collected in relation to the provision of information society services.
7.4. The data subject has the right to request the Administration to restrict processing under one of the following conditions: (a) the data subject contests the accuracy of the personal data - for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that their use be restricted; (c) the controller no longer needs the personal data for the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims and lawsuits; (d) the data subject has filed an objection to the processing in accordance - pending the verification whether the legitimate grounds of the controller outweigh the grounds of the data subject's objection.
7.5. The data subject, on grounds related to his/her particular situation, has the right to object at any time to the processing of his/her personal data, including profiling based on these provisions. The Administration may not further process the personal data until it demonstrates compelling legitimate grounds for the processing that prevail over the interests, rights and freedoms of the data subject, or for the assertion, exercise or contestation of legal claims and lawsuits.
7.6. The data subject has the right to receive the personal data concerning him/her, which he/she has provided to the Administration, in a structured, commonly used and machine-readable format and he/she has the right to transmit the said data to another controller without hindrance from the controller to whom the personal data have been provided, if: (a) the processing is carried out on the basis of consent or on the basis of a contract (b) the processing is carried out using automated means.
7.7. If the processing is based on consent, the data subject has the right to withdraw his or her consent at any time, notwithstanding the lawfulness of the processing based on consent prior to its withdrawal;
7.8. The personal data subject has the right to file a complaint with the supervisory authority.
8. Cross-border transfer of personal data
8.1. The Administration may carry out cross-border transfer of personal data in compliance with legal requirements.
8.2. The transfer of personal data to a third country or international organization may take place when the Administration has concluded that the third country, territory or one or more specific industries within that third country or international organization provides an adequate level of protection.
9. Measures to ensure the security of personal data
9.1. The administration takes all necessary organizational and technical measures to protect personal data of subjects from unauthorized or accidental access to it, destruction, modification, blocking, distribution, as well as from other unlawful actions with it.
9.2. Measures to ensure the security of personal data of the Administration include the following:
— accounting the categories being processed and the list of personal data, categories of subjects whose personal data is being processed, storage periods and the procedure for destroying such personal data;
— at the design stage of a process or system, a description of the nature of the processing of personal data, including the purposes of processing, legal grounds for processing, categories and number of subjects of personal data, a list of personal data, actions performed with personal data, the procedure for transfer, including cross-border, and information about third parties to whom personal data is transferred.
— accounting of computer storage media of personal data and information systems in which personal data is processed;
— determination of the required level of security of personal data processed in personal data information systems;
— identification of threats to the security of personal data during their processing in information systems;
— identification and implementation before the introduction of new personal data processing processes and new personal data information systems of technical and organizational measures to ensure the protection of personal data;
— implementation and documentation of the assessment of the harm that may be caused to personal data subjects, the relationship between the said harm and the measures taken by the Administration;
— establishing rules for access to personal data processed in information systems, as well as ensuring the registration and accounting of actions performed with personal data in information systems;
— application of information security tools that have undergone the established procedure for assessing the conformity of information;
— detection of facts of unauthorized access to personal data and other incidents, taking measures to eliminate and mitigate the consequences;
— restoration of personal data modified or destroyed due to unauthorized access to it;
— accounting the positions of employees whose access to personal data processed both with and without the use of automation tools is necessary to perform official (labor) duties;
— ensuring that Administration employees directly involved in the processing of personal data are familiarized with the provisions of the legislation on personal data, and training Administration employees;
— control and assessment of the effectiveness of the measures taken to ensure the security of personal data before the commissioning of the personal data information system;
— implementation of regular internal control/audit of compliance of processing and ensuring the security of personal data with applicable legislation in the field of processing and protection of personal data.
— a person responsible for organizing the processing of personal data is appointed.
10. Use of analytics services, cookies
10.1. Data collected in Game may also be received and processed by third party providers. Analytics services in Game:
| Google Analytics | More | USA |
| Google Firbase | More | USA |
| Adjust | More | Germany |
| AppMetrica | More | Russia |
10.2. Cookies are small files that are created and stored by your device when you visit the Web-site. Cookies are stored on the device for no more than a year and allow you to adapt the operation of the Web-site and provide the User with the most effective work on the User’s device.
10.3. Visiting and using web-sites by default generates and stores cookies, but the User can delete cookies from the device at any time through the settings of the browser used. The user can also refuse to accept cookies, but this does not guarantee that all functions of the Web-site will work.
10.4. The following types of cookies are used on the Web-site:
| Technical and functional cookies | These files, generated by the engines, are used to ensure smooth operation and also to remember the settings selected by the user. |
10.5. The following analytics services are used on the Web-site:
| Yandex.Metrica | More | Russia |
| Google Analytics | More | USA |
11. Contacts regarding the processing of personal data
11.1. If you have any questions or requests regarding the processing of personal data, in particular to revoke consent to the processing of personal data, you can contact privacy@grnd.gg or send a written request to: 070004, Kazakhstan, East Kazakhstan region, city Ust-Kamenogorsk, 9 Pobedy Avenue, n.p. 34, postal code 070004
11.2. The operator ensures the rights of personal data subjects in accordance with paragraph 7 of this Policy and performs its duties in the manner prescribed by applicable law.
11.3. Information regarding the processing of the subject's data is provided to the subject of personal data or his representative upon receipt of a request from the subject of personal data or his representative within the time limits specified in the applicable legislation, if no time limits are specified, then within 10 (ten) business days.
11.4. The request must contain the number of the main document certifying the identity of the personal data subject or his representative, information on the date of issue of the said document and the body that issued it, information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator, the signature of the personal data subject or his representative.
11.5. The Operator undertakes to provide the personal data subject or his representative with the opportunity to review the personal data related to this personal data subject free of charge. Within a period not exceeding 7 (seven) business days from the date of provision by the personal data subject or his representative of information confirming that the personal data are incomplete, inaccurate or outdated, the Operator undertakes to make the necessary changes to them. Within a period not exceeding 7 (seven) business days from the date of provision by the personal data subject or his representative of information confirming that such personal data were illegally obtained or are not necessary for the stated purpose of processing, the Operator undertakes to destroy such personal data. The Operator undertakes to notify the personal data subject or his representative of the changes made and the measures taken and to take reasonable measures to notify third parties to whom the personal data of this subject were transferred.
12. Procedure for destruction of personal data
12.1. Upon achievement of the processing purposes or in the event of loss of the need to achieve these purposes, unless otherwise provided by law or otherwise separately agreed upon by the parties, the processed personal data are subject to destruction.
12.2. The Operator destroys personal data recorded on electronic media using a guaranteed destruction program, and on paper media – using technical means for complete destruction. The Operator destroys personal data located in information systems by deleting the record in the databases.
12.3. During the destruction of personal data, the Operator draws up a special destruction report.
13. Final provisions
13.1. The requirements of the Policy apply to all personal data subjects, regardless of the citizenship and location of the personal data subject.
13.2. This Policy may be amended from time to time in accordance with the requirements of applicable law.