Responsible Processor and Data Protection Officer
3. The responsible processor for the Customer’s personal data is Brolexy grupp OÜ, registration number 14235362, address Harju County, Tallinn, Turki, 10152.
4. For questions related to the terms of privacy and the processing of personal data, we ask the Client to send requests to the email address [email protected]
Principles of personal data processing
5. Brolexy grupp processes personal data submitted by the Client in accordance with the requirements established by the applicable law, and when processing personal data always proceeds from the interests, rights and freedoms of the Client.
6. The goal of Brolexy grupp is responsible personal data processing, in which we are guided by the best practice, given the constant willingness to demonstrate the compliance of personal data processing with the goals set.
7. All processes, instructions, operations and actions of the Brolexy grupp related to the processing of personal data, proceed from the following principles:
7.1. Legality. There is a legal basis for the processing of personal data, for example, consent;
7.2. Justice. The processing of personal data is fair, ensuring, above all, that the Client has sufficient data and information on how personal data are processed;
7.3. Transparency. The processing of personal data is transparent to the Client;
7.4. Compliance with the goal. Personal data is collected for precise and well-defined and legitimate purposes, and is not subsequently processed in a manner that is contrary to these goals;
7.5. Minimality. Only the collection of reasonable and important data is made, the collection is limited to the data that are necessary from the point of view of the purpose of processing personal data. When processing personal data, Brolexy grupp proceeds from the principle of minimal processing, and if personal data are not necessary or are no longer needed for the purpose for which they were collected, they are deleted;
7.6. Credibility Personal data is reliable and, if necessary, updated, and all reasonable measures are taken to immediately remove or correct data that is not reliable in terms of the purpose of processing;
7.7. Storage Restriction. Personal data is stored in a form that allows identification of the Client, only as long as it is necessary to achieve the goal for which personal data are processed. This means that if, in accordance with the purpose, the Brolexy grupp wishes to keep personal data longer than necessary, the Brolexy grupp ensures the anonymity of the data in a way that no longer identifies the Client;
7.8. Reliability and privacy. The processing of personal data is carried out in a manner that ensures the proper security of personal data, including protecting it from processing without permission or illegal processing, as well as accidental loss, destruction or damage using reasonable technical or organizational measures.
7.9. Data protection by default and integrated data protection. Brolexy grupp ensures compliance with the required technical criteria of all systems used. Appropriate protection measures are planned for each update and design of an information system, as well as a database (for example, information systems and business processes are formed based on the prerequisites of pseudonymization and encryption).
8. When processing personal data, Brolexy grupp proceeds from the goal of always being able to confirm the implementation of the above principles. Additional information about these principles can be requested by email ([email protected]).
Purpose of processing personal data
9. Gamekeys processes Customer’s personal data for the following purposes:
9.1. To conclude an agreement with the Client and register as a regular client, including for registering the Client in the Brolexy grupp environment and performing registration-related operations, contacting the Client in connection with membership, and identifying the Client in case he contacts now;
9.2. To provide services to the Client, including the sale of goods to the Client and the delivery of ordered goods;
9.3. For making automated decisions, including the Client’s profile analysis in connection with the products he prefers, and, through this, offering the Client discounts;
9.4. To conduct satisfaction surveys, including management of research results and their analysis;
9.5. To send marketing messages, discounts and news to the Client;
9.6. To fulfill obligations arising from legislation, including the fulfillment of accounting and tax obligations, as well as orders of the competent state institutions and their bodies.
Personal data processed
10. Brolexy grupp processes the following personal data:
10.1. in the cases described in clause 9.1 - the name and surname, telephone number, email address, country, IP-address of the Client;
10.2. in cases specified in clause 9.2 - the name and surname, telephone number, e-mail address of the Client;
10.3. in the cases specified in clause 9.3 - the name and surname, telephone number, email address, Client's IP address, list of goods ordered by the Client;
10.4. in the cases specified in clause 9.4 - the name and surname, telephone number, e-mail address of the Client; the list of goods ordered by the Client and data about the Client, indicated by him during the research;
10.5. in the cases specified in clause 9.5 - the name and surname, the email address of the Client;
10.6. in the cases specified in clause 9.5 - in accordance with the provisions of the law or orders of state institutions and / or their bodies.
Legal basis for the processing of personal data
11. Brolexy grupp processes the Client's data because it is necessary for the fulfillment of the contract concluded with the Client’s participation (see clause 9.2 above) or for taking measures preceding the conclusion of the contract (clause 9.1 above). In such a case, the legal basis for data processing is the contract concluded with the Client or the Client's request for negotiations prior to the conclusion of the contract.
12. Brolexy grupp processes the client’s personal data in order to transfer marketing materials and offers, as well as conduct satisfaction surveys and analyze the results only if the Client has agreed to this (see clauses 9.4 and 9.5 above). In this case, the legal basis for data processing is the consent given by the Client.
13. The basis for making automated decisions is the justifiable interest of the Brolexy grupp (see paragraph 9.3 above). The justified interest of the Brolexy grupp is to offer the Client suitable offers and corresponding to his interests offers. Brolexy grupp processes the Client’s personal data to make automated decisions and to compile a profile analysis mainly anonymously and in a non-personalized form.
This minimizes the risk with respect to the rights and interests of the data subject.
14. Brolexy grupp processes the Client’s personal data in order to fulfill the duties arising from the legislation in each specific case if there is a legal basis that follows from the law (see paragraph 9.6 above).
Transfer of personal data to third parties
15. Brolexy grupp does not transfer Client’s personal data to third parties, except for:
15.1. Providers of IT-services and advertising services of Brolexy grupp, to the extent necessary for managing Brolexy grupp databases, providing services to Clients and communicating with Clients (for example, Amazon);
15.2. e-mail service providers in cases where a Brolexy grupp sends marketing materials and offers to the Client (for example, SendPulse);
15.3. accounting service provider Brolexy grupp, as well as government agencies and their agencies, to the extent necessary to fulfill the Brolexy grupp duties arising from legislation.
16. All authorized processors mentioned in clause 15 must ensure the same level of personal data protection as the Brolexy grupp. If the Brolexy grupp in the above cases transfers the Client’s personal data outside the European Economic Area, he is convinced that for such transfer of personal data there is an appropriate adequacy mechanism in the context of the General Regulation on Personal Data Protection (GDPR) and the Client’s personal data is protected at European Union
Storage of personal data
17. Client's personal data is stored:
17.1. before the client deletes his account, in the part in which the Brolexy grupp processes personal data submitted when creating an account in the Brolexy grupp environment and for 5 years after the last use by the Client of his account in any way (see paragraph 9.1 above);
17.2. up to 3 years after the termination of the contractual relationship, in the part in which the Brolexy grupp processes the client’s personal data in connection with the provision of the service (see paragraph 9.2 above);
17.3. In the part where Brolexy grupp processes Client’s personal data due to the presence of a valid interest (see clause 9.3 above), Brolexy grupp processes Client’s personal data until the Client deletes his account or has passed 5 years since the last use by the Client your account in any way;
17.4. indefinitely until revocation of consent by the Client, in the part in which the Brolexy grupp processes personal data for the transmission of marketing materials and offers (see clauses 9.4 and 9.5 above);
17.5. up to 7 years after the occurrence of the original accounting document reflecting the Client's personal data, in the part in which the Brolexy grupp has the obligation to store accounting documents following the law (see paragraph 9.6 above).
Client rights in the processing of personal data
18. The client has the right at any time to apply to the Brolexy grupp ([email protected]
) to exercise their rights following from the law:
18.1. the right to request access to the personal data of the Client in the amount in which it cannot be obtained by logging into the Client's account;
18.2. the right to demand correction of data in the extent in which this cannot be done by logging into the Client's account;
18.3. the right to request the deletion of data in the amount in which this cannot be done by logging into the Client's account;
18.4. the right to limit the processing of personal data;
18.5. the right to submit objections to the processing of personal data;
18.6. the right to demand the transfer of personal data;
18.7. the right to require that a decision not be made in relation to the Client, which is based on automated processing;
18.8. the right to withdraw consent;
18.9. the right to file a complaint with the Data Protection Inspectorate.
19. We will respond to the Client’s applications and petitions no later than within 30 days after receiving the petition.
20. If the Client has expressed a desire to receive news and / or personal offers of the Brolexy grupp, the Customer always has the right to refuse them by clicking on the link located near each offer and on the user profile page or sending a message of the relevant content to [email protected]
22. Cookies are small text files that are downloaded via the Internet environment server to the user's computer. As a result, the browser may, at every use of the Internet environment, transmit information from the cookie back to the Internet environment to ensure user recognition. Cookies can be disabled at the choice of the Client in the browser settings.
23. Brolexy grupp uses session and persistent cookies. Session cookies collect information about the session and the customer’s shopping cart.
24. Session cookies are used each time a client visits a Brolexy grupp site, each session cookie is valid until the page closes. After visiting the site, all session cookies and information collected with their help are deleted.
25. Persistent cookies allow you to remember the preferences and / or actions of the Client on the site. Persistent cookies are not deleted when the page is closed, but are valid for the time specified in each permanent cookie. Persistent cookies are stored on the Client’s device and are activated each time the Client visits the site that created the cookie.
26.1. To provide services to the Client (for example, if the Client wishes, he does not have to enter the username and password on the Brolexy grupp site each time, the site can be remembered by the Client);
26.2. For the development of the services offered by the Brolexy grupp (for example, the Brolexy grupp receives information on the most popular sections of the site Balticgame.codes and from which sites Clients go to the site Balticgame.codes, as well as which sites Clients switch from the site Balticgame.codes and how much time they spend on the Brolexy grupp site);
26.3. To compile an analysis and statistics on the use of the Brolexy grupp site (for example, the number of site visitors is estimated and, thus, the effectiveness of the advertising used);
27. In addition to the above, the Brolexy grupp site may contain links to websites, products and services of third parties, as well as the expansion of social networks (for example, Facebook, Google Analytics plugins) for marketing and statistics purposes. Such services or third-party applications are subject to the rules for the protection of third-party personal data.
Refusing of cookies and deleting them
28. Some browsers automatically accept cookies. Some browsers automatically refuse third-party cookies and accept first-party cookies.