Privacy Policy

This Privacy Policy has been updated on the 28th of July, 2023.

We understand the importance of protecting your personal data. Therefore, we process your personal data lawfully, transparently, and fairly for pre-determined purposes and only to the extent necessary to achieve those purposes. When we process your personal data, we make every effort to ensure that they are accurate, secure, confidential, properly stored, and protected.

When processing your personal data, we comply with the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”).

1. WHAT IS THIS DOCUMENT?

1.1. This Privacy Policy (the “Privacy Policy”) informs you of our policies regarding the collection, use, and disclosure of data when you visit our website, nobrakesgames.com (“Website”), contact us for recruiting purposes, or enter into a contract with us. The Privacy Policy applies to every person who visits the Website and to any actions you may take on the Websites.

1.2. Please read this Privacy Policy carefully to find out how we process your personal data, where we get them from, and your rights as a data subject.

1.3. The term “personal data”, as used in this Privacy Policy, means any information which could be used to identify you directly or indirectly.

2. WHO ARE WE?

2.1. The Website is managed and administered by No brakes games, UAB (company code 302918017, registered at Pilaites sodu 6th 25, LT-06230 Vilnius , Lithuania, email: info@nobrakesgames.com).

2.2. We are a controller of your personal data.

2.3. For some purposes indicated bellow We may process your personal data as joint controllers with the group company At Sea Interactive (company code B76805217, registered office address Calle Roque de Jama 12, Edf. Colina Dorada, L6, Los Cristianos, Arona, Santa Cruz de Tenerife, 38650, Spain ).

3. WHAT PERSONAL DATA DO WE PROCESS, AND FOR WHAT PURPOSES?

3.1. We process your personal data for the following purposes:

3.1.1. to make and carry out service agreements with legal or natural persons.


Personal data categories:
First name, last name, individual activity certificate number, contact information, contents of correspondence, and other details contained in the agreement


Legal basis for processing the personal data:
Processing is necessary for the performance of a contract (Article 6 1(b) of GDPR), or processing is necessary for the legitimate interest to pursue activities (Article 6 1 (f) of GDPR).


The time limit for processing personal data:
Your personal data is processed for 10 (ten) years after the agreement expires.


We receive the personal data from:
You or your employer


We provide or transfer the personal data to:
Third-party service providers whose services we normally use for data storage, website hosting purposes, and other technical services.


3.1.2. to select candidates to fill vacant positions.


Personal data categories:
First name, last name,  phone number, email address,  CV; cover letter; other information related to your professional competence that you voluntarily provide when applying for a job.

We only process your personal data that is provided in the documents sent to us, and that relates to your competence, skills, and experience, which helps us assess your potential and career opportunities better.


Legal basis for processing the personal data:
Your consent to the processing of personal data (Article 6(1)(a) of GDPR); and Our legitimate interest in selecting suitable candidates (Article 6(1)(f) of GDPR).


The time limit for processing personal data:
We will process your personal data only for as long as the selection of the candidate (usually 3-4 months) to which you have provided information about yourself is carried out.

At the end of the selection phase and with your separate consent, we will process your data for another 1 (one) year so that during this period, if a suitable position appears according to your CV, we can offer you to participate in the selection or submit a job offer.


We receive the personal data from:
You.


We provide or transfer the personal data to:
For this purpose, We process your personal data as joint controllers with At Sea Interactive (Tenerife Studio). Also, We may transfer your data to recruitment companies that assist us in recruiting candidates and provide us with services related to recruitment, candidate assessment, and internal administration and third-party service providers whose services we normally use for data storage, website hosting purposes, and other technical services.


3.1.3. to ensure the functionality of the Website, administer the Website, diagnose possible malfunctions of the Website, and perform statistical analyses to determine your needs in relation to certain functions and to analyze how and where to make the most efficient use of the available resources:


Personal data categories:
Internet Protocol (IP) address; type of web browser used; number of visits; view pages of the website; time spent on the Website; online source from which the person came; information about the device you are using; language; country; internet provider, etc.


Legal basis for processing the personal data:
Your consent to the processing of personal data (Article 6(1)(a) of GDPR).


The time limit for processing personal data:
Personal data is processed for as long as your consent is valid but no longer than 2 (two) years.


We receive the personal data from:
You.


We provide or transfer the personal data to:
For this purpose, We process your personal data as joint controllers with At Sea Interactive (Tenerife Studio). Also, we may transfer your personal data to third-party service providers whose services we normally use for data storage, website hosting purposes and other technical services.


3.1.4. to manage and administer our social media accounts (X, Facebook, LinkedIn, YouTube, Discord, Slack):


Personal data categories:
Name of the social network account; personal photo; personal reactions to the content we generate (likes, comments, shares)


Legal basis for processing the personal data:
Your consent to the processing of personal data (Article 6(1)(a) of GDPR).


The time limit for processing personal data:
Personal data is processed for as long as our or your social networking account is valid unless you express your wish to delete the data contained in our social networking accounts before.


We receive the personal data from:
You.


We provide or transfer the personal data to:
For this purpose, We process your personal data as joint controllers with At Sea Interactive (Tenerife Studio) and social network operators.


3.1.5. to administrate Non-disclosure agreements with office visitors. We will ask you to sign a non-disclosure agreement when you visit our office.


Personal data categories:
First name, last name, date of birth, address, email address.


Legal basis for processing the personal data:
Processing is necessary for a contract (Article 6 1(b) of GDPR).


The time limit for processing personal data:
Your personal data is processed for 10 (ten) years after the agreement expires.


We receive the personal data from:
You.


We provide or transfer the personal data to:
Third-party service providers whose services we normally use for data storage, website hosting purposes, and other technical services.


3.2. We may also use the information we collect in aggregate or otherwise anonymized form, i.e., the information that does not identify you or any specific person. We may use this general data for research, development, marketing, and analytics.

3.3.We do not collect or process your specific categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, health data, or data about your sexual life and sexual orientation. Therefore, please do not provide this personal data to us by e-mail, telephone or in any other way.

4. TO WHOM DO WE PROVIDE YOUR PERSONAL DATA?

4.1. We guarantee that your personal data will not be sold, provided, or otherwise transferred to third parties without a legitimate basis or used for purposes other than those for which they were collected. We will not transfer your personal data in any way other than under this Privacy Policy or applicable law. However, we reserve the right to provide information about you if we were required to do so by law or if required to do so by law enforcement authorities or prosecuting authorities or seeking to protect our rights or interests (including the case when your personal data is transferred to others for debt recovery purposes).

4.2. We may transfer your personal data to companies that help us operate, i.e., data processors. From such data processors, we require that your data be processed only following the instructions given by us and the applicable data protection legislation. We enter into agreements with these data processors that oblige the parties to adhere strictly to the personal data protection requirements.

4.3. We may disclose the personal data we collect about you to the following third parties:

a) group company At Sea Interactive (Tenerife Studio);

b) the partners;

c) third-party service providers whose services we normally use for data storage, website hosting purposes, and other technical services or service providers, such as debt administration/collection companies or companies providing archiving services, as legal/marketing service providers. Sometimes, your data may be transferred to third countries where other personal data protection regulations may apply. We have taken appropriate safeguards (e.g., Model Contract Clauses) to ensure that your personal data remains protected, and we require that our third-party service providers and partners also have appropriate safeguards in place;

d) law enforcement authorities, bodies, and/or other recipients to whom the data must be communicated under legal requirements.

5. HOW AND WHERE DO WE STORE YOUR PERSONAL DATA?

5.1. The personal data we collect from you will be located within the European Economic Area (EEA) but may be transferred or stored outside the EEA. When transferring your personal data outside the EEA, we will take all necessary steps to ensure that your personal data is processed securely and following this Privacy Policy. We will do this by ensuring necessary measures and safeguards, including Model Contract Clauses.

5.2. The security of your information is important to us. We have a team dedicated to protecting your information and have put physical, electronic, and procedural safeguards in place. These measures include limiting access, using encryption, testing for vulnerabilities, advanced malware detection, employing pseudonymization and anonymization techniques, and more.

5.3. Unfortunately, the transmission of information over the internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the complete security of it. Therefore, please be informed that you provide us with information at your own risk.

5.4. Should unlikely circumstances arise and we become aware of a personal data breach that could seriously jeopardize your rights or freedoms, we will notify you immediately as soon as we become aware of it and determine what information has been accessed.

6. HOW LONG DO WE STORE YOUR PERSONAL DATA?

6.1. We store your personal data for no longer than required by the purposes of the processing or as required by law if it provides a longer storage period. Section 3 of the Privacy Policy specifies the terms of storage of your personal data separately for each use of personal data.

7. WHAT RIGHTS DO YOU HAVE?

7.1. When processing personal data, we ensure your rights following the GDPR. As a personal data subject, you have the following rights:

a) to know (be informed) about the processing of your personal data;

b) to access your personal data that we process;

c) to request the correction or supplementation of incorrect, inaccurate, or incomplete personal data;

d) to require the destruction of your personal data when they are no longer needed for the purposes for which they were collected;

e) to demand the destruction of personal data if they are processed unlawfully or if you withdraw your consent to the processing of personal data or do not give such consent, which is necessary;

f) to object to the processing of personal data or to withdraw prior consent;

g) to demand the suspension (other than storage) of your personal data processing in the event of a dispute or verification of the lawfulness of the processing, the accuracy of the data, as well as in cases when we no longer need your personal data but you do not want us to destroy them;

h) to require the submission, if technically possible, of your personal data collected with your consent or for the purposes of the performance of the agreement in an easy-to-read format or request their transfer to another controller.

7.2. We will endeavor to guarantee the exercise of your rights as a personal data subject and to create all conditions for the effective exercise of these rights, but we reserve the right not to comply with your requirements when the relevant legal grounds require it. If we refuse to comply with your request, we will clearly state the grounds for such refusal.

7.3. You can submit requests related to the exercise of your rights to us in person, by post or by electronic means. Upon receipt of your request, we may ask you to provide proof of identity, as well as any additional information we require regarding your request.

7.4. Upon receipt of your request, we will respond to you no later than within 30 calendar days from the receipt of your request and the date of submission of all documents required for the response. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

7.5. If we refuse to comply with your request, we will clearly state the grounds and reasons for such refusal.

7.6. If you do not agree with our actions or the response to your request, you may appeal against our actions and decisions to the competent public authority.

8. TO WHOM CAN YOU MAKE A COMPLAINT?

8.1. If you wish to make a complaint about our processing of your personal data, please provide it in writing, providing as much information as possible, using the contact details indicated at the end of this Privacy Policy. We will immediately try to resolve any issues.

8.2. If you consider that the collection and processing of personal information relating to you infringe the GDPR and your rights, you have the right to lodge a complaint with the State Data Protection Inspectorate vdai.lrv.lt or a supervisory authority in another Member State of the European Union in which you have a habitual residence or place of work (list of supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_lt#member-lt ), or to apply to the court. Although above all, we seek to resolve all disputes with you promptly and amicably.

9. COOKIES

9.1. Please be advised that the Website uses Cookies. You can find more information about Cookies in the “Cookie Policy”, which is an integral part of the Privacy Policy.

10. HOW WILL WE CHANGE THIS PRIVACY POLICY?

10.1. We will continue to update our policies and practices as needed. We will notify you of any changes to our Privacy Policy by posting any changes here. If we do, you’ll see that the date at the top of this Privacy Policy has changed.