Privacy Policy

1. General Provisions

This privacy policy for the Web Application is informational, meaning that it does not impose obligations on Users of the Web Application. The privacy policy primarily contains principles regarding the processing of personal data by the Administrator in the Web Application, including the bases, purposes, and duration of personal data processing, as well as the rights of individuals whose data is processed, and information on the use of cookies and analytical tools in the Web Application.

The Administrator of the personal data collected through the Web Application is Sirius Entertainment LLC, 680 S Cache St, Ste 100, 83002 Jackson, email address: [email protected] – hereinafter referred to as the “Administrator,” which is also the Service Provider in the Web Application.

Personal data in the Web Application is processed by the Administrator in accordance with applicable law, particularly in accordance with the regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation can be found at: eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

Using the Web Application, including entering into contracts, is voluntary. Similarly, the provision of personal data by the User of the Web Application is voluntary, with two exceptions: (1) entering into contracts with the Administrator – failing to provide the personal data specified on the Web Application page and in the Terms and Conditions of the Web Application and this privacy policy necessary for concluding and executing a contract with the Administrator (e.g., an agreement to use Electronic Services) will result in the inability to enter into such a contract. Providing personal data is, in this case, a contractual requirement, and if the individual whose data concerns wishes to enter into a specific contract with the Administrator, they are obliged to provide the required data. The scope of data required to enter into a contract is always indicated in advance on the Web Application page and in the Terms and Conditions of the Web Application; (2) legal obligations of the Administrator – providing personal data is a statutory requirement resulting from universally applicable legal provisions imposing on the Administrator the obligation to process personal data (e.g., for accounting purposes), and failing to provide them will prevent the Administrator from fulfilling these obligations.

The Administrator takes special care to protect the interests of individuals whose personal data he processes, and in particular, is responsible for and ensures that the data he collects is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) accurate and adequate in relation to the purposes for which it is processed; (4) stored in a form which permits identification of the data subjects for no longer than is necessary for the purposes of processing; and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Considering the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of individuals with varying degrees of probability and severity of risk, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.

All words, expressions, and acronyms used in this privacy policy that begin with a capital letter (e.g., Service Provider, Web Application, Electronic Service) should be understood according to their definitions contained in the Terms and Conditions of the Web Application available on the Web Application pages.

2. Legal Bases for Data Processing

The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

The processing of personal data by the Administrator requires the existence of at least one of the bases indicated in point 2.1 of the privacy policy each time. The specific bases for processing the personal data of Users of the Web Application by the Administrator are indicated in the following section of the privacy policy – in relation to the specific purpose of processing personal data by the Administrator.

3. Purpose, Basis, and Duration of Data Processing in the Web Application

The purpose, basis, duration, and recipients of personal data processed by the Administrator result from actions taken by a specific User in the Web Application.

The Administrator may process personal data in the Web Application for the following purposes, on the following bases, and for the following periods:

• Execution of a contract concluded with the Administrator or taking actions at the request of the data subject before concluding the contract. Article 6(1)(b) of the GDPR (execution of the contract) – processing is necessary for the performance of a contract to which the data subject is a party or for taking actions at the request of the data subject before concluding the contract. Data is stored for the period necessary for the performance, termination, or otherwise expiration of the concluded contract.
• Responding to an inquiry sent to the Administrator. Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which involve the need to familiarize oneself with the content of the inquiry sent by the data subject via the Contact Form available in the Web Application, and then, if necessary, to respond to that inquiry. Data is stored for the time needed for the Administrator to familiarize themselves with the content of the data subject’s inquiry and to respond to it, but no longer than the duration of the legitimate interest pursued by the Administrator regarding the information contained in this inquiry.
• Conducting direct marketing. Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which involve safeguarding the interests and good image of the Administrator, their Web Application, and striving for the sale of services. Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of claims of the Administrator against the data subject arising from the business activities conducted by the Administrator. The limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activities is three years). The Administrator may not process data for direct marketing purposes if the data subject has effectively objected to this processing.
• Processing marketing data. Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Administrator. Data is stored until the data subject withdraws their consent for further processing of their data for this purpose.
• Keeping accounting records. Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395, as amended) – processing is necessary for the fulfillment of a legal obligation incumbent on the Administrator. Data is stored for the period required by legal provisions mandating the Administrator to keep accounting records (5 years, counting from the beginning of the year following the financial year to which the data pertains).
• Establishing, pursuing, or defending claims that the Administrator may raise or that may be raised against the Administrator. Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which involve establishing, pursuing, or defending claims that the Administrator may raise or that may be raised against the Administrator. Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).
• Using the Web Application and ensuring its proper operation. Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which involve operating and maintaining the Web Application. Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the data subject arising from the business activities conducted by the Administrator. The limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activities is three years).
• Conducting statistics and analyzing traffic in the Web Application. Article 6(1)(f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which involve conducting statistics and analyzing traffic in the Web Application to improve its functioning. Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the data subject arising from the business activities conducted by the Administrator. The limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activities is three years).

4. Recipients of Data in the Web Application

For the proper functioning of the Web Application, including the proper provision of Electronic Services by the Administrator, it is necessary for the Administrator to use the services of external entities (such as software providers, payment processors). The Administrator only uses the services of such processing entities that provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

Data transfer by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator only transfers data when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.

The personal data of Users of the Web Application may be transferred to the following recipients or categories of recipients:

• Entities handling electronic payments or payment cards – in the case of a User who uses electronic payment methods or payment cards in the Web Application, the Administrator provides the collected personal data of the User to the selected entity handling such payments in the Web Application at the request of the Administrator to the extent necessary for processing the payment made by the User.
• Providers of opinion survey systems – in the case of a User who has used specific Electronic Services, the Administrator may provide the collected personal data of the User to a selected entity providing an opinion survey system for the contracts contained in the Web Application at the request of the Administrator to the extent necessary for the User to express their opinion using the opinion survey system.
• Providers of services supplying the Administrator with technical, IT, and organizational solutions that enable the Administrator to conduct business, including the Web Application and the Electronic Services provided through it (in particular, software providers for conducting the Web Application, email and hosting providers, and providers of software for managing the company and providing technical support to the Administrator) – the Administrator provides the collected personal data of the User to a selected provider acting on their behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
• Providers of accounting, legal, and consulting services that provide the Administrator with accounting, legal, or advisory support (in particular, accounting offices, law firms, or debt collection companies) – the Administrator provides the collected personal data of the User to a selected provider acting on their behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

5. Profiling in the Web Application

The GDPR regulation imposes an obligation on the Administrator to inform about automated decision-making, including profiling as mentioned in Article 22(1) and (4) of the GDPR, and—at least in these cases—significant information about the rules governing such decisions, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information regarding possible profiling in this section of the privacy policy.

The Administrator may use profiling in the Web Application for direct marketing purposes, but decisions made based on profiling by the Administrator do not pertain to the conclusion or refusal to conclude a specific contract with the Administrator or the ability to use Electronic Services in the Web Application. The effects of using profiling in the Web Application may include, for example, reminders about unfinished actions in the Application, sending discounts, or offering services that may match the interests or preferences of a specific individual, or proposing better terms compared to the standard offer of the Web Application. Despite profiling, the individual freely decides whether they want to take advantage of, for instance, the offer or discount received in this manner.

Profiling in the Web Application involves the automatic analysis or prediction of an individual’s behavior on the Web Application site, or through the analysis of past purchases or the history of actions taken in the Web Application. A condition for such profiling is that the Administrator possesses the personal data of the individual to subsequently send them, for example, a discount code or an offer.

The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6. Rights of the Data Subject

Right of access, rectification, restriction, deletion, or portability – The data subject has the right to request from the Administrator access to their personal data, rectification, deletion (“right to be forgotten”), or restriction of processing and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.

Right to withdraw consent at any time – The individual whose data is processed by the Administrator based on expressed consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority – The individual whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, particularly the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

Right to object – The data subject has the right to object at any time for reasons related to their particular situation to the processing of their personal data based on Article 6(1)(e) (public interest or task) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator is no longer allowed to process that personal data unless they demonstrate the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

Right to object concerning direct marketing – If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

To exercise the rights mentioned in this section of the privacy policy, individuals may contact the Administrator by sending a relevant message in writing or by email to the Administrator’s address indicated at the beginning of the privacy policy.

7. Cookies in the Web Application and Analytics

Cookies are small text files sent by the server and stored on the device of the person visiting the Web Application (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone—depending on the device used by the visitor of the Web Application).

The cookies that may be sent by the Web Application can be divided into different categories based on the following criteria:

• First-party cookies (created by the Administrator’s Web Application) and third-party cookies (those belonging to entities other than the Administrator).
• Session cookies (stored until the user logs out of the Web Application or closes the web browser) and persistent cookies (stored for a defined period specified by the parameters of each cookie or until manually deleted).
• Essential cookies (necessary for the proper functioning of the Web Application), functional/preference cookies (allowing the Web Application to be tailored to the preferences of the person visiting the site), analytical and performance cookies (collecting information about how the Web Application is used), and marketing, advertising, and social cookies (collecting information about the visitor to the Web Application to display personalized ads and conduct other marketing activities, including on websites separate from the Web Application, such as social media platforms).

The Administrator may process the data contained in cookies during the use of the Web Application by visitors for the following specific purposes:

• Identifying Users as logged in to the Web Application and indicating that they are logged in (essential cookies).
• Displaying data on the Member Account (essential cookies).
• Remembering data from completed forms, surveys, or login data for the Web Application (essential and/or functional/preference cookies).
• Customizing the content of the Web Application to the individual preferences of the User (e.g., regarding colors, font size, page layout) and optimizing the use of the Web Application (functional/preference cookies).
• Conducting anonymous statistics showing how the Web Application is used (statistical cookies).
• Remarketing, which involves examining the behavior characteristics of visitors to the Web Application through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create their profiles and provide them with ads tailored to their anticipated interests, even when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising, and social cookies).

It is possible to check in the most popular web browsers which cookies (including their lifespan and provider) are currently being sent by the Web Application in the following way:

• In Chrome – (1) Click on the lock icon on the left side of the address bar, (2) go to the “Cookies” tab.
• In Firefox – (1) Click on the shield icon on the left side of the address bar, (2) go to the “Allowed” or “Blocked” tab, (3) click on “Third-party tracking cookies,” “Social media tracking elements,” or “Content with tracking elements.”
• In Internet Explorer – (1) Click on the “Tools” menu, (2) go to the “Internet Options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click on “View Files.”
• In Opera – (1) Click on the lock icon on the left side of the address bar, (2) go to the “Cookies” tab.
• In Safari – (1) Click on the “Preferences” menu, (2) go to the “Privacy” tab, (3) click on “Manage Website Data.”

Regardless of the browser, it can also be checked using other cookie-checking tools.

By default, most web browsers available on the market accept cookies. Everyone has the option to determine the conditions for using cookies via the settings of their web browser. This means that one can, for example, partially limit (e.g., temporarily) or completely disable the ability to save cookies—however, in the latter case, this may affect certain functionalities of the Web Application.

The settings of the web browser regarding cookies are significant in terms of consent to the use of cookies by the Web Application—according to the regulations, such consent may also be expressed through the settings of the web browser. Detailed information on changing cookie settings and manually deleting them in the most popular web browsers is available in the help section of the respective web browser.

The Administrator may use services such as Google Analytics and Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and Hotjar services provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) in the Web Application. These services help the Administrator maintain statistics and analyze traffic in the Web Application. The collected data are processed within the above services to generate statistics that aid in administering the Application and analyzing traffic in the Web Application. These data are aggregated. By using these services in the Web Application, the Administrator collects data such as the sources and medium of visitors to the Web Application and their behavior on the site, information about devices and browsers used to visit the site, IP address and domain, geographical data, as well as demographic data (age, gender) and interests.

8. Final Provisions

The Web Application may contain links to other websites. The Administrator encourages users to familiarize themselves with the privacy policy established on those other sites after navigating away from this Web Application. This privacy policy applies only to the Administrator’s Web Application.