General: Your privacy is imporant to us. The following describes how CRG AB (“CRG”, “we”, “our”, “us”) processes your personal data when you visit the website www.naramunz.com (“Website”), register for and use the online game Crystals of Naramunz (“CoN”) or when we process your data in any other way. More information about CRG as well CoN is available on the Website. If you have any questions about this privacy notice or our processing of your personal data, please do not hesitate to contact us at [email protected].

Data controller: CRG is the data controller for the processing of your personal data in connection with your use of the Website and CoN as well when we process your data in any other way. You can reach us as follows:

The personal data we collect: Whenever you access or make use of the Website or CoN or in the context of any other communication between you and CRG, we may collect the following types of information from you:

1. information you provide directly to CRG, including:

   1. when you create an CRG member account (“Member Account”), your email address, user name and password;

   2. if you choose to purchase merchandise, your name, email address and postal address as well as your purchase history and other information relating to transactions made through the Website; and

   3. information contained in your correspondence with CRG, for example, when you send us an email.

2. information collected during the course of your use of the Website or CoN, including:

   1. character names and gameplay information;

   2. comments, statements and images posted by you;

   3. your credited name (if any);

   4. ‘crash reports’ in the event that a CoN software crash occurs, which may include details of your Member Account, a portion of the memory state of the CoN game when the crash occurred and the game settings you were using, but not other information from your computer or its memory; and

   5. the IP address of your computer when connected to the internet, the operating system and the browser your computer uses and any search engine you are using, the date and time you are visiting, the URLs of the Website pages you visit and any telemetry details (such as speed of your connection and how well CoN game client is running) associated with your access and use of CoN.

3. information collected from third parties when you link your Member Account with an approved third party account (currently Epic Games), where you have authorised this or where the information is publicly available; and

4. information collected through our use of cookies or similar technologies. Please refer to CRG’ Cookie Notice [insert link to cookie notice] for further information, including information on how you can disable these technologies.

If you choose to purchase merchandise from us, you may be asked to provide billing information in, including your billing address and credit card information.

How we use yor personal data:

1. CRG uses the personal data provided by you:

   1. to provide the Website and CoN to you;

   2. to verify your identity and verify that your Member Account is not being used by others;

   3. to fulfil any orders for merchandise ordered ny you;

   4. to market products and services to you, including contacting you via email that you may choose (or opt in) to receive. You can stop receiving CRG’ promotional emails by following the unsubscribe instructions included in those emails; and

   5. to respond to communications from you.

2. CRG uses the information generated by your access or use of the Website and CoN:

   1. to monitor the performance of the Website and CoN and to and ensure that the Website and CoN Services perform in the best manner possible; and

   2. for security and system integrity purposes.

3. CRG may also use your personal data:

   1. to protect and/or enforce CRG’ legal rights and interests, including defending any claim;

   2. for any other purpose authorised by you; and

   3. to respond to lawful requests by public authorities, including to meet law enforcement requirements.

Legal basis for our processing of your personal data:

1. When you visit the Website: When you visit the Website we may collect personal data through the use of cookies. The legal basis for processing your personal data depends on the type of cookie through which the information has been obtained. Our use of essential cookies is based on our legitimate interest in providing a functional website. Our use of other cookies depends on your consent (which you can withdraw at any time), which is also our legal basis for processing. 

2. When you sign up for a Member Account and use CoN: The legal basis for processing your basic Member Account data (name, email address, user name and) is the contract between us and us. Data about your use of CoN (general use, ‘crash reports’ and your computer’s hardware configuration) is processed based on our legitimate interest to performe troubleshooting, performance enhancements and general improvements to CoN. We may also process your basic Member Account data for marketing purposes. The legal basis for this is our legitimate interest of communicating with you about new and improved products and services.

3. If you purchase merchandise: If you purchase merchandise from us we process you personal data related to the purchase for fulfilling our conctratual obligations, which is the legal basis for the processing. Your purchase history may also be processed for fulfilling our legal obligations to maitain financial records.

4. When you contact us in general matters: When we process your name, email address and phone number to be able to communicate to you in general matters, the processing of your data is based on our legitimate interest to be able to carry out such communication.

How long we keep your personal data:

1. When you sign up for a Member Account and use CoN: We will retain your Member Account data as long as you are registered with a Member Account and an additional a period of up to 1 year after your account has been terminated and all our obligations under the agreement between you and us have been fulfilled. The same applies to to your use of CoN (general use, ‘crash reports’ and your computer’s hardware configuration). Should we for any reason be legally obliged to maintain your personal data for a long period of time than as set out above, your data will deleted as soon as we are no longer obliged to retain it
   

2. If you purchase merchandise: If you purchase merchandise from us, your personal data related to the purchase will be retained for a period of 3 years. Such portions of the data that we need to retain to fulfill our legal obligations to maitain financial records will be retained for 7 years.

3. When you contact us in general matters: When we communicate with you in a general matter we delete personal data associated with the communication within 6 months from the when the matter has been closed.

Disclosure of your personal data:

1. Subject to the exceptions below, CRG does not dicslose your personal data to third parties or provide such data to direct marketing companies or other organisations without your prior consent.

2. CRG may disclose your personal data if it is necessary:

   1. to manage payments when you purchase merchandise (where certain purchase related data is shared with our payment services providers); 

   2. to enforce these Terms of Use or any other agreement that CRG may have with you; and

   3. to comply with legal requirements.

3. CRG uses third-party providers that hosts or maintains underlying IT systems and or data centres that CRG uses to provide the Website and CoN, however such service providers process your data exclusively on our behalf of CRG and may not share your data with other third parties.

International transfers: We always aim to process your personal data within the EU/EEA. However, in certain situations, such as when we share your information with, for example, an IT provider with operations outside the EU/EEA, your personal data may be processed outside the EU/EEA. If and when your data is processed outside the EU/EEA, we will ensure that there is an adequate level of protection and that appropriate safeguards are in place (for example, through the use of the European Commission’s standard contractual clauses).

Your rights as a data subject: As a data subject, you have certain rights in relation to the processing of your personal data. If you wish to exercise any of them, please contact us at [email protected]. Your rights include:

1. right of access – if you ask us, we will confirm whether we are processing you’re your personal data and provide you with a copy of such personal data.

2. right to rectification – if the personal data CRG holds about you is inaccurate or incomplete, you have the right to have it rectified or completed. CRG will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have has shared your personal data with any third parties, we will tell them about the rectification where possible.

3. right to erasure – CRG will delete your personal data when it is no longer needed for the purposes for which you provided it. You may request that CRG delete your personal data and it will do so if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete such personal data.

4. right to withdraw consent – if the basis of CRG’ processing of your personal data is consent, you can withdraw that consent at any time.

5. right to restrict processing – you may request that CRG restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell them about this request where possible.

6. right to object to processing – you may request that we stop processing your personal data at any time and we will do so to the extent required by the applicable data protection law.

7. right to data portability – you may obtain your personal data from CRG that you have consented to give us or that is necessary to perform a contract with you. CRG will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.

8. right to object to direct maketing – where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing. 

Children: CRG does not intend to collect personal data from children in the EU aged under 16. If you have reason to believe that a child in the EU under the age of 16 has provided personal data to CRG through use of any of the Website or CoN, please contact CRG at [email protected].

Contact us: If you have any questions about this privacy notice, CRG’s privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact CRG at [email protected].

If you are not happy with us: If you are not satisfied with the way we process your personal data, please contact our at [email protected]. You can also contact the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, www.imy.se, [email protected]).

Changes to this privacy notice: CRG may change or update this privacy notice as needed to reflect changes in our products and services. The current version of the privacy notice is available on www.naramunz.com. If significant changes are made to this privacy notice or with regard to how CRG processes your personal data, we will notify you either by posting a notice of the changes before they take effect or by sending you a direct message. We encourage you to periodically review this privacy notice to understand how GRG uses and protects your data.