Data Protection

WHAT IS DATA PRIVACY AND PERSONAL DATA?
Data Privacy refers to the practices, safeguards, and regulations designed to protect your personal information. It’s about ensuring that your data is handled in a way that respects your privacy and autonomy, allowing you to control your own information. We prioritize data privacy by implementing robust security measures, adhering to privacy laws, internal requirements, and being transparent about how we use your data.

Personal data, also known as personal information or personally identifiable information, includes any information that can be used on its own or with other information to identify an individual. This information can range from your name, email address, and phone number to data like your playstyle, achievements or purchased products.

OUR PRIVACY AMBITIONS
Our privacy requirements cover every company within our group, no company is exempt. We have adopted a Group Privacy Policy that sets expectations and requirements on our companies. The policy is mandatory and all Silcaz Group companies must fulfill the requirements listed in the Policy, even if their local or national laws does not contain specific privacy requirements. Respectively, it there are laws that place additional requirements on one or more of our companies then naturally those companies required comply with those laws as well. In this way we ensure that all companies have a common and stringent approach to working with personal data.

To support this a strong focus on group collaboration is our key, for a high level of awareness, coordination and communication among the different entities within the Group, as well as a clear allocation of roles and responsibilities. Driving this focus for the group is our Head of Privacy and AI Governance that maintains requirements, controls, forums, guidelines and information beneficial to all entities within the group.

PROVIDING RIGHTS TO INDIVIDUALS REGARDING THE CONTROL OF THEIR DATA
We take the privacy of our users very seriously and we respond to all requests for individual rights promptly. The rights generally available to a user include:

The right to access, rectify, erase, restrict or object to the processing or sale of their personal data;
The right to data portability, which means the right to receive their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller;
The right to withdraw consent at any time, if the processing is based on consent;
The right to lodge a complaint with a supervisory authority, if they consider that the processing infringes their rights.
If you want to exercise your rights, contact the company that processes your personal data (where you have an account or similar) and they will be happy to assist you. Contact details are listed in the same place that you first registered your personal data with us.

HOW DO WE PROTECT YOUR PERSONAL DATA?
The protection of personal data is always our top priority across the group. We value the trust that our players give us when you share their personal data with us and we want to make sure that we maintain that trust.

Data within our companies is encrypted with industry standard techniques and we use industry leading software and practices to protect our IT environment. Access to any data is permitted on a least privilege principle where access is granted only to that data the individual needs to perform its task.

Furthermore, we always use established data storage companies whose security measures are audited by independent third parties, this includes both non-personal data as well as personal data. Our requirements also extend to our suppliers and businesses partners through our business contracts.

DATA BREACH / INCIDENT RESPONSE
As stated previously we are committed to protecting your personal data. This includes incidents such as unauthorized or unlawful access, disclosure, alteration or destruction. In case of any data breach or incident, we have implemented a robust response plan focusing on the detection, mitigation, reporting and post breach review of data breaches. To enable this, we have both internal and external resources available to prepare for a breach and act swiftly if a breach occurs. Our response plan ensures that we work in a structured and effective manner with any breach and that we also learn from the breach to ensure that it cannot be repeated.

YEARLY AUDITS AND REVIEWS
To follow up on our progress and maturity within data privacy we perform yearly audits both internally as well as together with an external auditor. These audits focus on the use of personal data, information security practices, AI use and the maturity of governance processes within our companies to ensure we use both personal data as well as AI in a safe, ethical, business friendly and compliant way.

HOW DO WE HANDLE CONSENT FOR PERSONAL DATA?
Not all processing of personal data require consent. Processing can be based on other legal basis such as the fulfilment of a contract, as is often the case when an employer is processing personal data of employees for instance. The most common legal basis we use is legitimate interest, or some variant of it depending on the local legislation, where a company has the right to process personal data for limited purposes without requiring a user’s consent. Such processing may for instance be when preventing fraud or ensuring the security of our IT systems. For more detailed information please refer to each privacy notice.

For processing activities when consent is required, we do so according to the legal requirements. The collected consent fulfills the strict requirements to ensure it is valid, such as clear and concise information on how and why your personal data will be used as well as you giving your consent freely. Any consent you give can also be revoked by you in an easy way. In newsletters or marketing emails for instance you can always revoke your consent through the link in the bottom of the email.

MINIMIZING DATA COLLECTION AND HOW LONG WE KEEP YOUR DATA
When processing personal data we always follow the data minimization principle. This is a central part of data protection that emphasizes limiting the collection, processing and storage of personal data to what is strictly necessary to fulfill a specific purpose. This also includes limiting how long we retain personal data so that the personal data only is kept for as long as is necessary to complete the processing.

SALE OF CUSTOMER DATA
We do not sell your personal data.

Your data may be transferred to another company within Silcaz Group and also sent to companies that perform data processing tasks on our behalf (processors in GDPR) but these are only allowed to process the personal data in the way we have instructed them and the legal responsibility for the processing remains with us. We place the same high security requirements on our processors as if we had processed the data ourselves.

HOW DO WE KEEP OUR EMPLOYEES INFORMED ABOUT DATA PROCESSING REQUIREMENTS?
We ensure that all employees, regardless of their role or location, receive recurring and relevant training on how to handle personal and sensitive data, how to prevent and report data breaches, and how to comply with applicable laws and regulations. Our training also covers topics such as data classification, encryption, access control, password management, phishing, and data subject rights. We monitor and evaluate the effectiveness of our training program and update it as needed to reflect changes in the data protection landscape.

Number of requests from government authorities for personal data

Here we publish the number of legal demands for customer data that we receive from government agencies and entities and are allowed to disclose. Any requests received must comply with applicable laws for Silcaz Group to supply any data and we only supply the data strictly required to fulfill the specific request. Depending on the legal landscape a subpoena, warrant or court order is generally required for Silcaz Group to comply with a request. We always check the legal status of requests before fulfilling them.