REDDEER.GAMES PRIVACY POLICY

Effective Date: October 16, 2025

1. Introduction and Data Controller Information

This Privacy Policy sets out the rules for the processing of personal data by RedDeer.Games sp. z o.o. (“RedDeer.Games” or “we”) in connection with its video game publishing and distribution activities, including on websites, within games, and in business relations. This policy does not cover issues related to cookies, which are governed by a separate document.

Data Controller (ADO/Controller): RedDeer.Games Sp. z o.o.  address ul. Zielna 41/43 lok. 4 piętro, 00-108 Warsaw, Poland, KRS: 0000351315, NIP: 7010226258. RedDeer.Games  determines the purposes of your personal data processing and is responsible for it.

Contact for Data Protection Matters: All questions and requests regarding personal data processing should be directed to email:  play@reddeergames.com

General Principles: This Policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and applies to the processing of personal data of individuals worldwide. RedDeer.Games extends the key rights of the GDPR to all its Users globally, in line with adopted professional standards.

2. Categories of Data Subjects We Process

We process personal data belonging to the following categories of individuals:

1. Players/Users: Individuals who use games published by Reddeer.Games, participate in contests, subscribe to the newsletter, visit our website, or participate in our competitions.
2. Candidates for Employment or Cooperation: Individuals who submit applications (CVs, cover letters) for open positions or future recruitment processes.
3. Contractors and Their Representatives: Entrepreneurs and contact persons (e.g., employees, proxies) at our business partners, including developers, service providers, marketing agencies, and distribution platforms.

3. Categories of Data, Purposes, and Legal Basis for Processing

Category of Person	Purpose of Processing	Processed Personal Data (detailed)	Legal Basis (GDPR)
I. Candidates for Employment
1. Recruitment Process (Current)	Conducting the recruitment process, assessing qualifications and experience of candidates.	Name, Surname, Contact details, Education, Professional experience, Qualifications, Skills, Image (photo, if included in CV).	Art. 6(1)(c) – Compliance with a Legal Obligation (e.g., Polish Labour Code) for data strictly required by law; Art. 6(1)(b) for other data provided by candidate or information for positions under civil law contracts; Art. 6(1)(a) – Consent (for future recruitment).
II. Players/Users
1. Distribution and In-Game Services (via PlayFab)	Providing access to games, ensuring in-game service functionality, including saves, statistics, and PlayFab analysis.	Username (changeable), PlayerID (generated by PlayFab), Login data (including IP Address, login location: city/country), Registration date, Friend list, Game-specific data (progress, division, match history, achievements), Presence in game, Linked accounts (e.g., Steam, Xbox Live).	Art. 6(1)(f) – Legitimate Interest of the Controller (game quality assessment, gameplay analysis, optimisation)  Art. 6(1)(b) – Performance of a Contract (for correct game use).
2. Customer Support (Technical Support)	Resolving technical issues related to the game (support tickets).	Email address, Name and Surname, Description of the issue, Computer aspects (e.g., hardware specification, operating system version).	Art. 6(1)(f) – Legitimate Interest of the Controller (ensuring quality and support for products).
3. Direct Marketing and Surveys	Sending newsletters, information about new games, promotional offers, satisfaction and research surveys.	Email address.	Art. 6(1)(f) – Legitimate Interest of the Controller (marketing our own products and services). Right to object/opt-out required.
4. Contest Organization	Conducting the contest, selecting winners, delivering prizes, contact.	Email address, Name and Surname, Correspondence address (for prize delivery).	Art. 6(1)(b) – Performance of a Contract (contest regulations).
III. Contractors and Their Representatives
1. Establishing and Executing Cooperation	Concluding and performing agreements (development, distribution, marketing).	Contractors (Natural Persons): Name and Surname, Address, Email address, Tax Number/NIP. Representatives: Name and Surname, Position, Business Email and Phone Number, Messenger contact details (Discord, WhatsApp).	Art. 6(1)(b) – Performance of a Contract (or taking steps prior to entering into a contract).
2. Financial Settlements	Fulfilling tax and accounting obligations.	Data from section III.1 to the extent necessary for invoicing and settlements.	Art. 6(1)(c) – Compliance with a Legal Obligation (e.g., tax, accounting regulations).

Important: if we process your data on the basis of your consent (table above – legal basis –  Art. 6(1)(c), you have the right to withdraw your consent and we will no longer process your data. However, this will not affect the lawfulness of our processing of your data prior to your withdrawal of consent.

Important:, we do not usually process data on the basis of legal provisions (the main exception here is the need to archive accounting documentation related to contractors). We process data on the basis of concluded agreements and on a voluntary basis. This means that, as a rule, you do not have to provide your data, but this will drastically affect your ability to cooperate with us, may limit the quality of our service and the quality of our games, and will also exclude the possibility of recruitment in our company.

4. Recipients of Data and Transfer of Data Outside the EEA

Personal data may be shared and transferred to third parties in accordance with the following rules:

A. Categories of Recipients:

1. Distribution Platforms: Valve (Steam), Sony Interactive Entertainment (PlayStation), Microsoft (Xbox), Nintendo, Epic Games Store – to the extent necessary for distribution, sales, and providing in-game services. Important – these platforms are generally independent data controllers and operate according to their own rules; they can usually also provide data about RedDeer.Games’ players to RedDeer.Games
2. Specific Game and Analytics Service Providers (PlayFab): The PlayFab service (provided by Microsoft Corporation) is used to ensure proper game functionality, in-game analytics, and technical support.
3. Other IT Service and Technical Support Providers: Entities providing hosting, service, and maintenance of systems and the website.
4. Support Entities: Providers of accounting, legal, advisory services, and marketing agencies.

B. Transfer of Data Outside the European Economic Area (EEA):

Due to the global nature of its business, RedDeer.Games transfers data to third countries (outside the EU and EEA), particularly to the USA and Japan, by applying appropriate legal safeguards:

Country	Legal basis for transfer	Justification
Japan (e.g., Nintendo)	Adequacy Decision of the European Commission (Art. 45 GDPR)	The European Commission has recognized that Japan ensures an adequate level of personal data protection, allowing for safe transfer.
United States (e.g., PlayFab/Microsoft, Valve, Sony, Other IT Service Providers)	EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs) (Art. 46 GDPR)	The transfer takes place to entities, including those providing the PlayFab service, that are either certified under the DPF or apply Standard Contractual Clauses approved by the European Commission, combined with additional security measures.

5. Children’s Personal Data

RedDeer.Games’ services are not directed at children under the age of 13. We do not knowingly collect personal data from individuals under this age, unless local laws permit (e.g., where parental/guardian consent is required). If we become aware that we have collected personal data from a child under the age of 13, we will take steps to delete it immediately.

6. Data Retention Period

We store personal data for the period necessary to achieve the purposes for which it was collected:

1. Candidate Data: For the duration of the current recruitment process. If the candidate grants consent for future recruitment processes, the data is stored for a maximum period of 12 months (unless local law dictates a longer or shorter period) or until the consent is withdrawn.
2. Player Data (ID, Nickname, Telemetry, Support): For the duration of game use and for 5 years after the player’s account is deleted or support for the game is discontinued, due to the Controller’s legitimate interests (defence against potential claims).
3. Contractor/Agreement Data: For the entire duration of the agreement, and after its termination, for the period of civil law claims limitation (usually 3 or 6 years) and for 5 years from the end of the fiscal year in which the tax payment deadline passed (legal obligation).
4. Marketing/Survey Data (Legitimate Interest): Until the User effectively objects or until the data becomes outdated (e.g., after 5 years of no contact).

7. Rights of the Data Subjects (Global Scope)

In line with the adopted transparency policy and best practices in the gaming industry, RedDeer.Games extends the rights resulting from the GDPR to all its Users worldwide, regardless of their location.

All Users (including Candidates) have the right to:

1. Right of Access: The right to obtain information about what personal data we process and a copy of that data.
2. Right to Rectification: The right to demand immediate correction of inaccurate data.
3. Right to Erasure („Right to be Forgotten”): The right to demand deletion of data if there is no legal basis for its further processing.
4. Right to Restriction of Processing: The right to demand the suspension of processing in specific situations.
5. Right to Data Portability: The right to receive data in a structured, commonly used, and machine-readable format.
6. Right to Object: The right to object to processing based on legitimate interest (including direct marketing and surveys).
1. Important: The User is provided with an easy and free mechanism to unsubscribe (unsubscribe link) from receiving marketing correspondence in every email sent.
7. Right to Lodge a Complaint with a Supervisory Authority: A User whose data is processed in the EEA has the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO) in Poland or another competent supervisory authority in another EU/EEA country.

8. Final Provisions

1. No Profiling: RedDeer.Games does not automatically analyse any personal data in a way that could have any impact on the interests or rights of individuals.
2. No Data Selling: RedDeer.Games does not sell the personal data of Users to third parties.
3. Sensitive Data: RedDeer.Games does not knowingly and intentionally process special categories of personal data (sensitive data, e.g., health data), unless such data (e.g., health information related to a disability) is voluntarily provided by a candidate for the recruitment process. In such cases, the processing is based on explicit consent (Art. 9(2)(a) GDPR).
4. Changes to the Policy: The Policy may be updated periodically. We will inform Users of any significant changes via the website or electronic correspondence.
5. Industry Practices: In matters not regulated in detail, RedDeer.Games applies practices consistent with the standards of transparency and data minimization adopted by reputable video game publishers and developers.