The Company enables users (hereinafter the “User”) registered on the website penky.store (hereinafter the “Website”) to benefit from an enhanced user interface. Penky is a global fantasy Celebrities game where Users can play with digital cards and earn prizes. The Website provides a marketplace for its registered Users for acquiring, collecting and exchanging Collectibles and their underlying tokens which are based on blockchain technology. (the aforementioned activities, collectively, the “Services”).
In order to make use of the Services, Users shall create an account on the Website. Each account is equipped with a wallet funded by creating a cryptocurrency wallet, loading it with Ether and connecting that wallet to the Website.
For more information regarding the Services, you are invited to read the Terms and Conditions and the Game Rules.
The Company firmly believes that trust is key to relationships with you. In this respect, the protection of your personal data and privacy is our top priority.
This is why the Company puts great emphasis on collecting and processing your personal data with utmost care and in compliance with the applicable legal framework.
By agreeing on this Policy, the User allows the use of Personal Data by the Company in line with this Policy.
The Policy is accessible at any time on the Website and prevails over any previous version.
The Policy may evolve. The up-to-date version is the one available on the Website.
3. Data collected and Purposes
The Company processes Personal Data for special purposes, each of them being duly legitimated by a valid legal basis.
First, as a User, you may have created an account enabling you to access the Services. In order to manage this account from creation to deletion, the Company will collect and process identification Personal Data (i.e. your first name, last name, username and your contact details).
The legal basis of this processing is the requirement for the Company to execute a contract you are party too.
Second, the Company is willing to understand how users interact with its Services and need to process various browsing information resulting from Cookies (see Article 8) which qualify as Personal Data, for the performance of analytic operation related to the Services’ use.
In this respect, the legal basis the Company relies upon its legitimate interest which consists of (i) understanding the way its Services agreed by Users; and (ii) improving the Services where needed.
Third, the Company collects and processes User’s Personal Data for the use of the Services. This processing requires the Company to collect and process the following categories of Personal Data:
I - for the auction: username, bids placement (on individual Collectibles and Collectible packs) and duration;
II - for the transfer, withdrawal and exchange of Collectibles: username, Collectibles withdrew from the User's account and Collectibles exchanged on the Service's Marketplace or through a third-party service;
III - for the participation in the Penky game: username, Collectibles, tournament concerned, the period during which the User may comprise one or more Collectibles to participate in a given Tournament, a strategy set up, performances, player's points and prize winners;
IV - for fraud prevention: any information added for the creation of an account, including your username, account details and transaction details;
V - for leaderboard: ranking of Collectibles and Users.
The legal basis on which the Company relies for this purpose is the performance of a contract to which you are a party.
Lastly, the Company collects and processes User’s Personal Data for managing and following up any questions and/or requests Users may submit. As such, please note that this processing is only carried out in the event you submit a question and/or request. Otherwise, your Personal Data is not processed for this purpose.
This processing requires the Company to collect and process the following categories of Personal Data: (i) identification data (i.e. your username and your contact details) and (ii) the content of the message(s) you sent to the Company as part of your question/request.
While processing your Personal Data for this purpose, the Company relies on its legitimate interest, which consists in duly managing its relationships with you.
The User is under no obligation to provide the requested Personal Data. Nevertheless, the Company draws the User’s attention that, in such case, access to some Services may be altered, if not impossible.
In any event, and disregarding the processing purpose at stake, please note that the Company will comply with a strict data minimization principle and will thus only collect and process Personal Data which is necessary for the above purposes.
4. Data recipients
The Company shares your Personal Data with third-party service providers and suppliers which assist the Company for fulfilling the purposes specified in this Policy.
For example, to accept credit card payments, the Company relies on the services of Stripe. Thus, Stripe accesses your Personal Data, notably your email and location.
Furthermore, as the case may be, the Company shares your Personal Data with competent courts and any other governmental and/or public authorities requesting access to your Personal Data, within the extent legally permitted.
In any event, the Company communicates your Personal Data to the above recipients on a strictly need-to-know basis and only as necessary for fulfilling duly identified processing purposes.
5. Storage period
The Company stores Personal Data for a limited duration, not exceeding the fulfillment of purposes described in Article 3 of this Policy.
Nevertheless, the Company may store some Personal Data for a longer duration than required in the immediate and current needs due to legitimate interests and legal obligations.
6. Subcontracting and Data transfer
The Company may use service providers and other third parties to facilitate, maintain, improve, analyze and secure the use of the Website and its Services. The service providers may have access to Personal Data for the sole and exclusive purpose of carrying out the missions assigned to them. The Company ensures that the service providers have sufficient guarantees for the performance of the mission and comply with the applicable laws and regulations.
The Personal Data may be processed outside the European Union territory. In that situation, the Company shall take all necessary precautions and alternatively or cumulatively ensure that an adequacy decision has been taken by the European Commission regarding the country of destination; that contractual clauses adopted by the European Commission or the supervisory authority have been signed with the recipient; that the recipient adhered to an approved code of conduct or certification mechanism, etc.
7. Rights of the User
The User is informed that he has a right of access, a right to rectification and erasure, a right to restriction of processing, a right to Personal Data portability under the conditions provided for in articles 15 to 22 of Regulation 2016/679 of 27 April 2016.
The User also has the right to specify instructions defining the way Personal Data shall be managed after his death under the conditions provided for in articles 84 to 86 of act n°78-17 of 6 January 1978.
To exercise his rights or for any question on Personal Data protection, the User shall make a request accompanied by proof of identity by email to firstname.lastname@example.org
The Company shall strive to reply without undue delay and at the latest within one month of receipt of the request. The Company reserves the right to extend this period to three (3) months in the case of a complex request.
Finally, the User has the option to refer to the competent supervisory authority, the Commission Nationale Informatique et Libertés (“CNIL”), in order to submit a claim.
The Company is committed to protect your Personal Data and comply with the applicable data protection legal framework.
This is the reason why the Company requires your assistance to this end. Thus, you commit to inform the Company in case the Personal Data you shared with the Company would become obsolete or inaccurate.
In addition, in the event you would provide the Company with information enabling to identify directly or indirectly any other natural persons (e.g. you sent a request to the Company with the contact email address available on the Services and share personal data concerning another natural person in your email), you represent and warrant that, prior to sharing this information with the Company, such other natural persons have been provided with this Policy and, to the extent applicable, have consented to the processing of their data.
The User is informed that information may be transmitted to his browser by the Services (“Cookies”). When the User browses the Services for the first time, a Cookie banner may display requesting the User to accept Cookies or to configure them.
Presentation of Cookies on the Website:
|__cfduid||This cookie is set by the CloudFlare service to identify trusted web traffic. It does not store any personally identifiable information. More information on https://www.cloudflare.com/it-it/privacypolicy/.||1 year|
|fcaid||These cookies are set by our live chat platform FrontApp Inc. and allow it to function correctly. Information on Front's GDPR compliance can be https://help.front.com/t/m22vyb/front-is-compliant-with-gdpr (viewed on this page).||Session|
|fccid||These cookies are set by our live chat platform FrontApp Inc. and allow it to function correctly. Information on Front's GDPR compliance can be https://help.front.com/t/m22vyb/front-is-compliant-with-gdpr (viewed on this page).||Session|
|fcuid||These cookies are set by our live chat platform FrontApp Inc. and allow it to function correctly. Information on Front's GDPR compliance can be https://help.front.com/t/m22vyb/front-is-compliant-with-gdpr (viewed on this page).||Session|
|xsrftoken||This cookie is set by Penky as a security measure.||Session|
|_penky_session||This cookie is set by Penky when you are logged in order to remember the current user.||Session|
The maximum storage period for Cookies is thirteen (13) months from the time they are placed on the browser of the User or his Equipment. At the end of this period, new consent will be required.
The User may accept, refuse and delete certain or all Cookies.
The User is informed that the refusal of certain Cookies may affect Services provided and navigation on the Website.
Last update: Nov 9, 2021