PRIVACY POLICY
Privacy Policy
1. DEFINITIONS
1.1 Controller – YABAI.GAMES Spółka z Ograniczoną Odpowiedzialnością, with its registered seat and address in Warsaw at Aleja Zjednoczenia 36, 01-830 Warsaw, entered into the Register of Business Entities kept by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register, under KRS No. 0001099474, with NIP (Tax Identification Number) 1182282245, REGON (Statistical Number) 528332532, with fully paid-up share capital in the amount of PLN 100,000.00
1.2 Personal Data – any information about a natural person, identified or
identifiable by one or several factors defining his/her physical,
physiological, genetic, psychic, economic, cultural or social identity,
including the IP of the device used to access the Controller’s website,
location data, online identifier and information collected through cookie files and other similar technologies.
1.3 Policy – this Privacy Policy.
1.4 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of individuals with regard to the
processing of personal data and on the free movement of such data and
repealing Directive 95/46/EC.
1.5 Website – an online service run by the Controller at the address
1.6 User – any natural person visiting the Website or using one or more
services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE
WEBSITE
2.1 In connection with the User’s use of the Website, the Controller collects
the data necessary to provide its services and collects information about
the User’s activity on the Website. The detailed rules and purposes of
processing the personal data collected during the use of the Website by
the User are described below.
3. PURPOSES AND LEGAL BASIS OF THE DATA PROCESSING
USE OF THE WEBSITE
3.1 The Personal Data of the User is processed by the Controller:
3.1.1 to provide services electronically and give the User access to the
content collected on the Website – in this case, the legal basis for the
processing of data is that such processing is necessary for the
performance of the relevant service provision contract (pursuant to
Article 6(1)(b) of the GDPR);
3.1.2 for analytical and statistical purposes – in this case, the legal
basis for the processing of data is the legitimate interest of the
Controller (pursuant to Article 6(1)(f) of the GDPR) in analysing the
activity of the User and his/her preferences in order to improve the
functionalities used and the services provided;
3.1.3 to determine and pursue possible claims or defend against claims– in this case, the legal basis for the processing of data is the
legitimate interest of the Controller (pursuant to Article 6(1)(f) of the
GDPR) in protecting its rights;
3.1.4 for the marketing purposes of the Controller – the rules of personal
data processing for such purposes are described in the section titled
“MARKETING”.
3.2 The activity of a User on the Website, including his/her Personal Data, is
recorded in system logs (files for storing a chronological record of
information about events and actions, used for the provision of services by
the Controller). The information collected in logs is processed mainly for
purposes related to the provision of services. The Controller also processes
the information for technical and administrative purposes and in order to
ensure the security of the IT system and manage the system, as well as for
analytical and statistical purposes – in this respect, the legal basis for the
processing is the legitimate interest of the Controller (pursuant to Article 6(1)
(f) of the GDPR).
ELECTRONIC OR REGULAR CORRESPONDENCE
3.3 If any correspondence not related to the contractual provision of
services to the User or to any other agreement concluded with him/her is
sent to the Controller by electronic or regular mail, any Personal Data
included in such correspondence is processed exclusively for the purpose of
communication and resolving the issue to which the correspondence
pertains.
3.4 The processing of Personal Data is necessary for the purposes of the
legitimate interest of the Controller (pursuant to Article 6 (1)(f) of the GDPR)
in conducting correspondence addressed to it in connection with its
business activity.
3.5 The Controller shall only process Personal Data that is relevant for the
issue to which the correspondence pertains. The correspondence shall be
stored in a manner which ensures the safety of the Personal Data (and
other information) included therein and its disclosure only to authorised
persons.
4. MARKETING
4.1 The Controller processes the Personal Data of the User for marketing
purposes in connection with contextual advertising directed to the User (i.e.
advertising which is not tailored to the User’s preferences). In this case, the
legal basis for the processing of data is the legitimate interest of the
Controller (pursuant to Article 6(1)(f) of the GDPR).
5. SOCIAL MEDIA
5.1 The Controller processes the Personal Data of the User if he/she visits
the Controller’s profiles on social media. Such
data is processed only in connection with maintaining the profile, informing
the User about the Controller’s activity, and promoting various events,
services and products. In this case, the legal basis for the processing of
data by the Controller is the legitimate interest of the Controller (pursuant
to Article 6(1)(f) of the GDPR) in promoting its own brand.
6. COOKIES AND SIMILAR TECHNOLOGY
6.1 The Controller uses cookies mainly to provide the User with electronic
services and improve the quality of such services. In connection with that,
the Controller uses cookies to store information or obtain access to
information already stored in the User’s end device (computer, telephone,
tablet, etc.). The use of cookies within the Website is not intended to
identify Users. The Policy regulates the processing of data related to the
use of the Controller’s own cookies.
6.2 Cookies are small text files stored in the device of the User browsing the
Website. Cookies contain information that is used to facilitate the use of a
website, e.g., by remembering the User’s visits on the Website and the
activities performed by him/her.
NECESSARY COOKIES
6.3 The Controller uses necessary cookies mainly to provide the User with
services and functionalities of the Website that he/she wants to use.
Necessary cookies may only be provided by the Controller through the
Website.
6.4 The legal basis for the processing of data in connection with the use of
necessary cookies is that such processing is necessary for the performance
of the relevant service provision contract (pursuant to Article 6 (1)(b) of the
GDPR).
FUNCTIONALITY COOKIES AND ANALYTICS COOKIES
6.5 Functionality cookies are used in order to remember and adjust the
Website to the User’s preferred products, including with respect to
language preferences. Functionality cookies may be provided by the
Controller and its partners via the Website.
6.6 Analytics cookies make it possible to obtain information such as the
number of visits and the sources of traffic on the Website. They are used for
identifying more popular and less popular sites and to understand how
Users navigate a site by keeping statistics regarding traffic on the Website.
The processing of data is carried out to improve the Website’s performance.
Information gathered by such cookies is aggregated; therefore, it is not
intended to establish the User’s identity. Functionality cookies may be
provided by the Controller and its partners via the Website.
6.7 The legal basis for the processing of data in connection with the use of
functionality and analytics cookies by the Controller is the consent of the
User (pursuant to Article 6 (1)(a) of GDPR).
6.8 The processing of Personal Data in connection with the use of
functionality and analytics cookies requires the obtaining of the User’s
consent. Such consent may be withdrawn at any time.
ADVERTISING COOKIES
6.9 Advertising cookies allow the adaptation of the advertising content
displayed to the User's interests within and outside the Website. Based on
information from these cookies and the User's activity on other services, a
profile of the User's interests is built. Advertising cookies may be provided by
the Controller and its partners through the Website.
6.10 The legal basis for the processing of Personal Data in connection with
the use of advertising cookies by the Controller is the consent of the User
(pursuant to Article 6(1)(a) of the GDPR).
6.11 The processing of Personal Data in connection with the use of
advertising cookies requires the obtaining of the User’s consent. Such
consent may be withdrawn at any time.
7. ANALYTICAL TOOLS USED BY THE CONTROLLER
7.1 The Controller uses various solutions and tools for analytical purposes.
Below please find basic information on such tools. Detailed information in
this respect can be found in the privacy policy of the relevant partner.
GOOGLE ANALYTICS
7.2 Google Analytics cookies are files used by Google to analyse the use of
the Website by the User and to create statistics and reports concerning the
functioning of the Website. Google does not use the data gathered by it to
identify the User, nor does it combine such information in order to enable
identification. Detailed information on the scope and principles of
collecting data in connection with such service can be found under the
following link: https://www.google.com/intl/pl/policies/privacy/partners.
8. MANAGEMENT OF COOKIE SETTINGS
8.1 The User’s consent is required for the collection of data through such
cookies, in particular the data saved on the User’s device. On the Website
the Controller receives the User’s consent through the cookies
management platform.
8.2 Consent is not required only for cookies that are necessary for providing
telecommunication services (i.e. data transmission in order to view the
content) – the User cannot opt out of receiving such cookies if he/she
wants to use the Website.
8.3 The User can withdraw his/her consent by changing the browser
settings.
8.4 The User can at any time verify the status of his/her current privacy
settings for his/her browser using tools available under the following links:
8.4.1 http://www.youronlinechoices.com/pl/twojewybory
8.4.2 http://optout.aboutads.info/?c=2&lang=EN.
8.5 In order to exercise the rights of access, rectification, erasure, restriction
or data portability, or the right to object to the processing of Personal Data,
or to lodge a complaint or ask any type of question related to cookies, an
inquiry should be sent using the Controller’s contact details indicated in the
Policy.
9. PERIOD OF PERSONAL DATA PROCESSING
9.1 The period of data processing by the Controller depends on the type of
service provided and the purpose of such processing. In principle, data is
processed for the entire period of the provision of the service until the
moment consent is withdrawn or an effective objection is filed in relation to
such data processing in cases where the legal basis for the processing is
the legitimate interest of the Controller.
9.2 The data processing period may be extended if processing is necessary
for determining and pursuing possible claims or defending against claims
and, after that time, only when and to the extent required by law. After the
lapse of the processing period, the data is irreversibly deleted and
anonymised.
10. USER’S RIGHTS
10.1 A User has the right to: access the content of the Personal Data,
demand the rectification, erasure, portability or restriction of the processing
of such data, and object to the processing of such data, as well as the right
to lodge a complaint with the supervisory authority responsible for personal
data protection.
10.2 To the extent that a User’s data is processed on the basis of his/her
consent, the consent may be withdrawn at any moment by contacting the
Controller or using the functionalities available on the Website.
10.3 The User has the right to object to data processing for marketing
purposes if the processing is done in connection with the legitimate interest
of the Controller and also – for reasons connected with the User’s particular
situation – in other cases where the legal basis for data processing is the
legitimate interest of the Controller (e.g. in connection with pursuing
analytical and statistical objectives).
11. DATA RECIPIENTS
11.1 In connection with the provision of services, personal data will be
disclosed to external entities, including, in particular, vendors responsible
for maintenance of IT systems, marketing agencies (regarding the
marketing services), accountants, auditors and lawyers.
11.2 If a User’s consent is obtained, his/her data may also be made
available to other entities for their own purposes, including marketing
purposes.
11.3 The Controller reserves the right to disclose selected information items
referring to the User to relevant authorities or third parties who demand
that they be provided such information based on legitimate legal grounds
and in compliance with prevailing laws.
12. TRANSFER OF DATA OUTSIDE THE EEA
12.1 The level of protection of Personal Data outside the European Economic
Area (EEA) differs from that provided within the EEA. For this reason, the
Controller shall only transfer Personal Data outside the EEA when it is
necessary and having ensured an appropriate degree of protection, in
particular through:
12.1.1 cooperation with entities processing Personal Data in countries
with respect to which a relevant decision of the European Commission
on the adequate level of protection of Personal Data has been issued;
in some cases, the European Commission further requires such
processing entity to participate in programs approved by it and
equivalent entities outside the EEA are obliged to ensure the same
protection of Personal Data as is available in the European Union
(detailed information can be found here );
12.1.2 the use of standard contractual clauses issued by the European
Commission, along with any required additional safety measures that
ensure the same level of protection of Personal Data as is available in
the European Union; standard forms of agreements can be found here;
12.1.3 the use of binding corporate rules, approved by the relevant
supervisory body.
12.2 The Controller shall always notify the User regarding its intention to
transfer Personal Data outside the EEA at the stage of gathering such data.
13. PERSONAL DATA SECURITY
13.1 The Controller conducts risk analyses on an ongoing basis to ensure
that Personal Data is processed in a secure manner, guaranteeing that
access to the data is provided only to authorised persons and only to the
extent necessary for them to perform their tasks. The Controller makes sure
that any operations on Personal Data are recorded and performed only by
authorised employees or collaborators.
13.2 The Controller takes any necessary actions, so that its subcontractors
and other cooperating entities also apply the appropriate security
measures each case they process Personal Data on the Controller’s behalf.
14. CONTACT DATA
14.1 The Controller may be contacted by email: contact@yabai.games or
by letter sent to its mailing address: Aleja Zjednoczenia 36, 01-830 Warsaw.
15. AMENDMENTS TO THE PRIVACY POLICY
15.1 The policy is verified on an ongoing basis and updated as needed. The
present version of the Policy was approved and has been in force since April
25, 2025