Skinworld

This Privacy Policy is provided to help you understand how the Pixelgate Group LTD (Cypriot company no. HE 418476, Kalymnos, 1, 'Q MERITO', Floor 4, Agios Nikolaos, Kamares 6037, Larnaca referred to herein as "Pixalgate", "Company", "us" or "we") collects data, including what data we collect, and what we use it for. Reading this policy is and will inform you how you can exercise your rights with regards to data privacy.

Privacy and security of our Users and visitors are of paramount importance for us. We are committed to protecting the data you share with us. This Privacy Policy explains how we process information that can be used to directly or indirectly identify individuals (hereinafter - the “Personal Data”) collected through the use of our website.

For the purposes of this Policy, we define the term “User” as a person who has created his or her own account on the SkinWorld website (https://skinworld.gg) and the term “Visitor” as an individual who visits our website.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using SkinWorld.

Unless specified otherwise, all Data requested by SkinWorld is mandatory and failure to provide this Data may make it impossible for SkinWorld to provide its services. In cases where SkinWorld specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact customer support.

Any use of Cookies – or of other tracking tools – by SkinWorld or by Data Controllers of third-party services used by SkinWorld serves the purpose of providing the Service required by the User.

Users are responsible for any third-party Personal Data obtained, published or shared through SkinWorld and confirm that they have the third party's consent to provide the Data.

We adhere to the following principles in order to protect your privacy:

• ▪ principle of purposefulness - we process Personal Data fairly and in a transparent manner only, aiming to achieve determined and lawful objectives, and they shall not be processed in a manner not conforming to the objectives of data processing;
• ▪ principle of minimalism - we collect Personal Data only to the extent necessary to achieve determined purposes. We do not keep Personal Data if it is no longer needed;
• ▪ principle of restricted use - we use Personal Data for all other purposes only with the consent of the data subject or if permitted by a competent authority;
• ▪ principle of data quality - we always keep Personal Data up-to-date and complete in order to achieve the end purpose of the data processing more efficiently;
• ▪ principle of security - security measures shall be applied in order to protect Personal Data from unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures;
• ▪ principle of individual participation - our Users and Visitors shall be notified of data collected in connection to them. They shall be granted access to their Personal Data and have the right to demand a correction of inaccurate or misleading data.

We may collect, record and analyze information of Visitors to our website.

We also record Usage Data. It is information collected automatically through the SkinWorld website (or third-party services employed in SkinWorld), which can include: the IP addresses or domain names of the computers utilized by the Users who use SkinWorld, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page) and the details about the path followed with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

We use this information in aggregate to assess the popularity of the web pages on our website and how we perform in providing content to you. When combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed into our website.

Processing of this information is necessary for managing and running our business and to allow us to efficiently and effectively provide a quality services including client support, product development and service level monitoring.

We may process information only if there is a legitimate interest. We do so after having given careful consideration to:

• ▪ whether the same objective could be achieved through other means;
• ▪ whether processing (or not processing) data might cause you harm;
• ▪ whether you would expect us to process your data and consider it reasonable for us to do so.

For example, we may process your data for the following purposes:

• ▪ To create anonymous, aggregated statistics about the use of our website, products, services and other programmes, which we may share with third parties and/or make available to the public.
• ▪ To develop and improve new and existing products and services, recommendations, advertisements and other communications, and learn more about our users’ preferences in general.

When you contact us, whether by telephone or email, you give us your implicit consent because you reasonably expect us to reply. We collect the data you give us in order to reply with the information you need. We record your request and our reply in order to increase the efficiency of the organisation of our client support service. We keep personally identifiable information associated with your message, such as your name, email address and mobile telephone number, so as to be able to track our communications with you in order to provide you with high quality service.

Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to use cookies.

In order to provide services to our Users, we collect their Personal Data.

We process your information on the basis that:

• ▪ there is a contract between us (when you complete the registration of an account on our website a contract is formed between you and us)
• ▪ there are legal obligations between us (International anti-money laundering counter terrorism financing legislation, provisions of the gaming license); and
• ▪ for our legitimate interests (prevention of fraud).

This information is used by us to identify our Users, provide you with services, prevent fraud, create and manage User accounts, payments and withdrawals, respond to any User complaints, prevent and detect improper use of our systems, prevent crime, detect, investigate, and report crime, manage risk for us and our Users, comply with any laws and regulations that apply to us, provide you with mailings, notification, support, marketing actions, the ability to restore account in case of loss, and to meet other obligations. Also we may use it in order to provide you with suggestions and advice on services and how to obtain the most from using our website. We use such data in ways you would reasonably expect and which have a minimal privacy impact.

Processing of Personal Data for marketing purposes is relied on the consent obtained from you.

For Visitors and Users located in the European Economic Area (EEA) privacy rights are granted and all processing of Personal Data is performed in accordance with regulations and rules of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR).

We process Personal Data as a Controller, as defined in the GDPR:

SkinWorld, with which, you as a User, have entered into an agreement when you created your User account at SkinWorld Website, will be the Controller of User Data, as outlined above in the “User” section.

Also, SkinWorld will be the Controller for Visitor Data, as outlined above in “Visitor” section.

Our Privacy Policy has to be compliant with the laws of every country or legal jurisdiction within which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you. However, ultimately it is your choice as to whether you wish to use our website.

Users may exercise certain rights regarding their Data processed by Data Controller.

In particular, Users have the right to do the following:

• ▪ Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• ▪ Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
• ▪ Access their Data. Users have the right to learn if Data is being processed by a Data Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• ▪ Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• ▪ Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, Data Controller will not process their Data for any purpose other than storing it.
• ▪ Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from Data Controller.
• ▪ Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
• ▪ Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

When we receive any request to access, edit or delete personally identifiable information, we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

Where Personal Data is processed for the purposes of the legitimate interests pursued by Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification by following the “unsubscribe” link they will find on all the email marketing messages we send them. Alternatively, you can contact us at email [email protected].

Any requests to exercise User rights can be directed to Data Controller through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by Data Controller as early as possible and typically within one month.

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

We will keep your data for the period that you are a User of SkinWorld. If you are no longer a User of SkinWorld, we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations.

Therefore:

• ▪ Personal Data collected for purposes related to the performance of a contract between Data Controller and the User shall be retained until such contract has been fully performed.
• ▪ Personal Data collected for the purposes of Data Controller’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by Data Controller.

Data Controller may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Data Controller may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Any information about the Visitors is deleted on an annual basis. Your information will be deleted if you did not communicate with the support team for more than 12 (twelve) months.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

We care to ensure the security of Personal Data. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain technical, physical, and administrative security measures to provide reasonable protection for your Personal Data. When we or our contractors process your information, we also make sure that your information is protected from unauthorized access, loss, manipulation, falsification, destruction or unauthorized disclosure. This is done through appropriate administrative, technical and physical measures.

We always use pseudonymisation as a method of securing Personal Data we process as the Processor.

There is no 100% secure method of transmission over the Internet or electronic storage. We therefore cannot guarantee its absolute security.

We may share your Personal Data within the affiliated companies and with other organisations.

We use secure hosting facilities. The infrastructure is secured through a defense-in-depth layered approach.

We use Google Analytics to monitor and analyze web traffic. Google Analytics is a web analysis service provided by Google LLC. (“Google”). Google utilizes the Data collected to track and examine the use of our website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy – Opt Out. Privacy Shield participant.

We use a support platform to interact directly from the pages of our site. It may collect Usage Data in the pages where it is installed, even if Visitors do not actively use the service. Moreover, support conversations may be logged. Personal Data collected: Cookies, Data communicated while using the support platform and Usage Data.

We work with third party service providers which provide website development, hosting, maintenance, sending emails, marketing, technical support and assistance, processing credit card payments, IT and cyber security services, law enforcement agencies, regulators and other authorities, credit reference agencies, fraud prevention agencies, identity verification agencies and third parties necessary to provide products or services which you have requested.

We may need to share your Personal Data with the third parties that provide those services. Where your Personal Data are transferred outside of the European Economic Area (“EEA”), we require that appropriate safeguards are in place. These contractors may have access to, or process Personal Data on behalf of us, as part of providing those services to us. We limit the information provided to these service providers to the extent it is reasonably necessary for them to perform their functions.

We guarantee that we have Data Processing Agreements in place with our service providers, ensuring compliance with the GDPR and our contracts with them requiring to maintain the confidentiality of such information. All data transfers inside and outside of the EEA are being done in accordance with these Data Processing Agreements. All data transfers are performed in accordance with the strictest security regulations.

For more detailed information about the international information transfers to our business partners, service providers and developers outside of the EU/EEA, please contact us using the details given in the “Contact us” section below.

We do not provide services or markets to children.

The Service is not directed to persons under the age of 18. Users declare themselves to be adult according to their applicable legislation.

We collect data about all Users and Visitors regardless of age. We do not expect that some of those users and visitors will be children.

This Privacy Policy is applicable to our Website. Our Website also contains links to other websites. Once you are redirected to another website, this Policy is no longer applicable.

We assume that all Visitors and Users have carefully read this document, understand its contents and agree to the terms and conditions stated in the Privacy Policy above. If one does not agree with this Privacy Policy, they should refrain from using our website.

We may update this policy from time to time, so please review it frequently. All changes to this Privacy Policy are effective upon being posted on this page.

If any material changes are made to this Privacy Policy we will use reasonable endeavours to inform you in advance by email or notice on the website. When we change this Policy in a material manner, we will let you know via email prior to the changes becoming effective and update the ‘effective date’ at the top of this page.