The following document explains the terms in which Cereasly-cerealgames.net S.A. (from now on referred to as Cereal Games) receives, utilises and proceeds to handle its users’ data regarding their use of the Customer Relationship Manager (CRM) Platform.
If you require any additional clarification, we’d appreciate your contact over e-mail and/or phone, which can be found on Cereal Games website (www.cerealgames.net).
1. Data Processing
The required personal data that we require are the essential bare minimums we need, to be able to send you news and offer our services.
By providing your e-mail, the only data we receive is your user name and e-mail address. If you happen to register using any social media network, you authorize said network to share some of your data with our platform.
2. Collection and Use of Data
When registering on Cereal Games CRM Platform, we collect some of your data, such as: name, user name and e-mail. You can choose to fill out additional data after receiving access to the platform,
The collected data will be used to:
- Allow the user to access the CRM Platform’s contents;
- Statistical Analyses.
Attention: The data provided by you will only be used for the creation of an internal statistics database.
2.1 Data from Minors
Cereal Games does not seek to intentionally collect (or is able to distinguish) data from minors under 16 years of age. If any case is made known, Cereal Games will proceed to delete all associated data relevant to the case.
4. Data Transmission
Cereal Games does not seek to share its users’ personal data with any third parties. However, if ever a case should arise, all users will be notified and will have to consent to the (partial, total or null) transmission of the data.
4. Safety measures
The safety measures we have in place seek to protect your personal data against the accidental or illegal destruction, loss, alteration, transmission or unauthorized access against other illegal ways of data processing.
Although Cereal Games CRM Platform’s web pages are encrypted (HTTPS), we cannot guarantee that the security measures in place for the protection of the site, data transmission and the user information will impede or exclude any risk of unauthorized access or data loss.
As such, we advise you to take any and all precautionary measure for the preservation and safekeeping of your data, in order to protect it from being accessed by unauthorized partiesm such as:
- Equip your devices with internet access, with software that assists in the protection of data transmission (like up-to-date anti-virus software);
- Make sure your web browser posesses adequate security measures to ensure the protection of data transmission (like anti-virus, firewall and anti-spam filters).
4.1. What are “Cookies”?
Cookies are text files sent by websites the user visits, that are stored on the user’s device. This information enhances the efficiency of websites, facilitating the user’s access to the information they seek, eliminating the need to type out the same information repeatedly.
Cookies are not used to store personal information, they just identify the device used. All information collected by the website is used to improve the service and facilitate the user’s navigation.
4.2. What kind of Cookies do we use?
4.2.1. Analytic Cookies
These are used anonimously, with the purpose of collecting information regarding the way the site is used. They are essential for statistic creation and analysis.
4.2.2. Essential, Functional and Segmentation Cookies
These cookies serve the purpose of remembering information about your account, ensuring your connection is secure and that the website is being displayed consistently. And more:
- Reduces loading times of the pages you frequent;
- Allow the site to recognize that the user has previously typed in his user name and password when conenction to the customer area, so that the user doesn’t have to retype them every time he visits the page.
4.3. Cookie Control
Any browser allows the user to have some control over cookies through the user’s settings. This means you can accept, refuse or delete cookies.
If you wish to know more about how cookies work, please visit www.allaboutcookies.org.
Data Owners’ Rights
European Union Regulation
(Approved April 27th 2016, in effect since May 25th 2018)
The rights of Data Owners are directly applicable in the 28 (27) Member States, without need of any transposing ruling of any country.
Regarding personal data, users have any and all control over said data and should, if necessary, exercise their rights before the agent responsible for data processing of Cereal Games
1. Right of Access
The Data Owner has the right of being provided confirmation if their personal data is being processed or not and, if so is the case, the right to access their personal data.
The responsible agent is obligated to provide a copy of the requested personal data being processed. To provide other copies solicited by the Data Owner, the responsible agent may demand the payment of a reasonable fee for administrative costs. If the Data Owner presents its request by electronic means, the requested information will be provided in a currently used electronic format, unless otherwise requested by the Data Owner.
- Right of Rectification
The Data Owner has the right to request the responsible agent, without unjustified delay, the rectification of innacurate personal data pertaining to the Owner.
Having the purpose of the processing of data in mind, the Data Owner has the right to complete any incomplete personal data, including through means of an additional declaration.
- Right to Data Erasure
The Data Owner has the right to request the responsible agent the deletion of its personal data, with the agent being obligated to do so, whenever one of the following conditions apply:
- The personal data has ceased being useful for the purpose that motivated its collection or processing.;
- The Data Owner has withdrawn consent regarding the processing of its data, in cases where such is permitted;
- The Data Owner is opposed to the data processing in the terms where such is permitted, and there is an absence of prevalent legitimate interest to justify the data processing;
- The personal data was processed ilegally;
The right to data erasure is not applicable if the data processing is necessary to:
- The fulfillment of any legar obligation;
- Safeguard public interest in the domain of public health safety, as regulated accordingly;
- Safeguard the archival of public interest, to assist in scientific or historical investigation or for statistical purposes.
- Be provided for the purpose of declaration, exercise or defense of a right during a judicial process.
- Right to the Limitation of Processing
The Data Owner has the right to request the responsible agent for the limitation of processing, if the Owner’s data is incorrect, if the processing is illegal, if the responsible agent no longer needs the data or if the Owner is opposed to the processing of data.
- Right to the Portability of Data
The Data Owner has the right to receive its pertaining personal data provided, in a structured format, of current use and of automatic reading, and the right to transmit that same data to another responsible agent, without being able to be impeded by the original agent, if:
- The processing is based on the provided consent or contract;
- The processing is performed by automated means.
- By exercising its right of data portability, the Data Owner has the right that its personal data be directly transmitted between any responsible agents, every time it is techcnically possible.
- Right to Opposition
The Data Owner has the right to oppose, at any time, by reasons related to its particular situation, the processing of pertaining personal data based out of the necessity of exercising public interest functions or of public authority, or for different purposes other than those that the data was collected for, including the definition of profiles based on those dispositions.
The responsible agent should cease any and all processing of personal data, unless if presenting legitimate reasons for the processing, that are of greater importance than the rights of the Data Owner, or for declaration, exercise or defense of a right during a judicial process.
- Right to Opt Out of Automated Individual Decisions and Profiling
The Data Owner has the right to opt out of any decision taken exclusively with a basis on the automated processing, including the definition of profiles (profiling), that produces efects within its judicial sphere or that significally affects the Data Owner in a similar capacity.
The previous is not applicable if the decision:
- Is necessary for the fulfillment or execution of a contract between the Data Owner and the agen responsible for processing;
- Is authorized by law;
- Is based on the explicit consent of the Data Owner.
- Right to file a complaint to the CNPD
Without the influence of any other administrative or judicial measure, all Data Owners have the right to file a complaint to the CNPD – “Comissão Nacional de Proteção de Dados”, if the Owner deems the processing of personal data pertaining to the Owner to be violating the regulations.
- Right to Judicial Action against an Agent Responsible for Processing
Without the influence of any other administrative or judicial measure, namely the right to file a complaint to a control authority, all Data Owners have the right to pursue legal action if they deem that a violation of the Owner’s rights under the terms of these regulations has ocurred, following the processing of the Owner’s personal data done in breach of the regulations.
- Right to Restitution
Anyone who has suffered material or immaterial damages as a consequence of a violation of the regulations, has the right to receiving restitution from the responsible agent for the suffered damages.