Privacy Notice for GOG Partners
Last updated at: 2020-04-24
TL;DR: we're sharing this with all our business partners and PR partners to help explain what personal data we collect, why, when, how, where – you get the idea. Yes, it’s due to GDPR (surprise!) We’ll try to keep it brief but, y’know, data protection and lawyers 😊.
Who is this notice for?
Our business vendors, affiliates and partners and their representatives (“Business Partners”), journalists, youtubers, streamers and influencers with whom we work (“PR Partners”) and people who communicate with us regarding other matters (e.g. reporting software bugs) (“Other Partners”).
Who controls your personal data when you work with GOG?
GOG sp. z o.o. (“GOG” or “we”). We are based in Poland, ul. Jagiellońska. 74, 03-301 Warsaw.
Who can you contact to get more information?
Email us at firstname.lastname@example.org or by traditional mail at: Data Protection Officer, GOG sp. z o.o., ul. Jagiellońska 74, 03-301 Warsaw, Poland.
How does GOG obtain your data?
Through our business or work together in meetings/calls/discussions (even giving us a business card!), through any documentation between us (e.g. contracts, proposals, statements, bills or invoices) and communication between us (e.g. via emails or our support center) or through publicly available sources (e.g. websites, LinkedIn, YouTube or Twitch channels).
Why does GOG process your data?
For Business Partners and Other Partners:
to maintain day-to-day communication with partners;
to conclude agreements with GOG partners;
for our legal, financial and tax obligations;
to store documentation regarding rights and obligations of GOG;
to inform you about GOG products, services or projects; or
for reporting, budgeting or auditing purposes;
For PR Partners, GOG processes your personal data for the following purposes:
to perform public relations activities, including day-to-day communication with partners, sending samples and press notes, inviting to events organized by GOG.
Plus for all our partners we process personal data for other applicable legal purposes (e.g. dispute resolution) and to document our personal data processing as required by GDPR.
Why is GOG entitled to process your data?
(i) On legal grounds (e.g. tax law). (ii) Under a contract with you (or at your request before we conclude a contract together). (iii) For our legitimate interest (which is a legal principle under the GDPR).
Are you required to provide your personal information to GOG?
No, but without you doing so it may become difficult or impossible for us to communicate or work with you.
What are your rights regarding data processing?
You have: the right to access, correct and delete your data, limit its processing, transfer it and a right not to be a subject to automated decision-making, including profiling.
You also have the right to object to the processing of personal data when they are processed on a legitimate interest basis and the objection is justified by your particular situation.
If you are not happy with how we apply these rights for you, you can lodge a complaint to your local data protection authority or to the President of the Polish Office of Data Protection - Prezes Urzędu Ochrony Danych Osobowych.
Who does GOG share your personal data with?
(i) Our trusted parent company CD Projekt S.A. on a need-to-know basis.
(ii) Our GOG service providers (AKA “data processors”) like:
digital signature providers;
partners providing project management and content sharing tools;
email/communication tool providers;
professional advisors dealing f.ex. with legal, tax, audit or accounting matters.
Those providers act on our behalf and are required to comply with data protection law, so fear not!
(iii) If Courts, law enforcement authorities or regulators to comply with legal requirements.
How long will GOG store your data?
in case of day-to-day communication – for as long as we are working together;
if we conclude a contract – for the duration of the contract, and then for the duration and to the extent required by law (e.g. tax laws) or for GOG’s legitimate interest e.g. in defending against potential claims related to the contract;
if storing documentation evidencing rights of GOG– for the duration of existence of these rights;
if for your data privacy requests - as long as necessary to comply with our legal and accountability requirements.
Will your data be transferred outside EEA?
Potentially yes, your personal data could be processed, stored and transferred outside your country of residence and beyond the European Economic Area (EEA) and Switzerland (e.g. to the USA for our use of digital signature operators’ services. If so, we will protect your personal data using EU standard contractual clauses or the EU-US Privacy Shield Framework (these are standard measures to transfer and protect your personal data).
Does GOG process your personal data automatically (including profiling) in a way that affects your rights?
No. Your personal data will not be used for automated decision making, including profiling (i.e. the processing of your data by using them to evaluate certain information about you, in particular to analyze or forecast your personal preferences and interests).