GENBA DIGITAL PRIVACY NOTICE

The purpose of this privacy notice (“Privacy Notice”) is to inform you about why and how we process your personal data (that is any information that can be linked or attributed to you, “Personal Data”) when an etailer customer (“Etailer Customer”) purchases digital products from our etailer partners or their licenced distributors (“Etailers”), when business representatives or game publishers use GENBA platform (“GENBA Platform” means the platform that users login via www.genbadigital.com), communicate with us in his or her capacity as an employee or representative of one of our business clients (all of which together we refer to as “GENBA Platform User”), and when a “Visitor” visit www.genbadigital.com (“Website”). This includes information regarding with whom we will share your Personal Data, how long we will retain it, and which rights you have in relation to the processing.

This Privacy Notice applies whenever you interact with Genba Digital as an Etailer Customer, GENBA Platform User, Website Visitor or use any of our other services, all of which together we refer to as “Services”.

In this Privacy Notice, we will give you general information about how we process your Personal Data. We will furthermore give you detailed information on the processes within our Services.

GENERAL INFORMATION

In this part of our Privacy Notice, you will find general information about how we process your Personal Data when you use our Services. For specific information with more details about our processing activities, please see the service specific information below.

1. Who is responsible for the processing of your Personal Data

• Genba Digital Ltd., Registered office: The Crane Building, 22 Lavington Street, London SE1 0NR, United Kingdom is responsible (“the data controller”) for the processing of your Personal Data.

2. What types of Personal Data do we process and how do we collect it?

• When you use our Services, we collect, use, store and transfer different kinds of Personal Data. As a general principle, we do not collect and do not ask you to provide any “special categories of Personal Data”, which is any particularly protected information such as data concerning health, religion, political opinions or philosophical beliefs, sexual preferences or orientation. The data we use depends on the purpose for which we process the data. We will only use your data for the purposes as described below in the next section and in the Service Specific Information section of this Privacy Notice.
• The information we collect depends on which of our Services you use and how you use them. We process the following types of your Personal Data:

2.1 Personal Data provided by you

• GENBA Platform User account information: We can create an account for GENBA Platform Users so that you can use our Platform. If GENBA creates an account, we collect and process your contact information that is provided to us within the agreement we have with you or via additional correspondence (your first name, last name and email address, company name and company address). Once an account is created on behalf of you, you need to follow the instructions and set a password for your account. Afterwards, you are able to log-in to your GENBA Platform by using our third-party login provider upon entering your email address and your password.
• Information provided in relation to our customer service: When a GENBA Platform User contacts us by submitting a request from our Contact Us page, we collect information about your request (content of your message) and your first name, last name, company name and your email address. You can also reach out to your commercial manager via email. If you submit a request from our Contact Us page, we process your request at our third-party customer service provider which automatically creates a ticket with the personal data mentioned above and also including date and time of your request.
• Information provided in relation to case studies or client testimonials: In order to demonstrate the satisfaction of GENBA Platform Users to our potential customers and any other Website Visitors, we can ask for a testimonial regarding your experience with GENBA Platform if this is agreed within the agreement we have in place with you. We publish the testimonials on our Website and for this we process your full name, job title, the company you work for and a quotation from you about your experience. You can remove your testimonials any time by requesting from us.
• Information provided to our Single Point of Contact: In line with the EU Digital Services Act (Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC), we designated a single point of contact address. When you or any representative of a supervisory authority reaches out to our single point of contact, we process your name, email address and content of your email.

2.2 Personal Data we receive or generate from your use of our Services

When you use our Services, we also process device-related information and information about how you interact with our Services, including:

• Technical information: We collect information about your device/device settings you use for the purposes described below. The information we obtain from your devices includes the type of your device, online identifiers (your IP address), device IDs, geolocation data (country based on your IP address), (sub)domains visited on our Website, browser settings, screen resolution and other technical information.
• Cookie data: A "cookie" is a file of information placed on your device when you visit a website. As further described in our Cookie Notice ("Cookie Notice"), we use cookies and similar technology such as pixels or local storage and allow third parties to use cookies and similar technologies on our Website.
• Your usage: We collect information about how you reach and use our Services. Furthermore, we collect information about the websites that led you to our Website. We also collect information about the accounts available in our publisher and etailer portals including first name and last name, email address, account creation date, date of last login, designated role within the Platform and status of the account (active or deactivated).

Personal Data we collect from other third parties

In certain scenarios, we will also obtain your Personal Data from third parties, in strict compliance with applicable data protection laws and regulations. Your Personal Data are provided by the following third parties:

• Etailers: If you purchase digital products from Etailers, GENBA only receives the name of the product purchased, buying price, your IP address and the country in which the game was purchased. We receive this information via an API call from the Etailer or the licensed distributor of the Etailer.
• Single Sign-On: Upon creation of your account and logging-in to our Publisher Platform or Etailer Platform, our third-party single sign-on solution also provides technical details to allow you to log in on different devices such as date and time of account creation and date and time of log-in attempt.
• Other third parties: We also receive information about your approximate geolocation (the country you are located in) from third parties. We use this information to comply with our contractual or legal obligations applying to the processing of your Personal Data and for fraud or security purposes.

To learn more about which data is processed, please see the section with service specific information below.

3. Do we collect data from minors?

The GENBA Platform is a business to business service and is not targeted towards, nor intended for use by anyone under the age of 18. In our Website, we do not knowingly or intentionally collect personal data from minors. In the event that we learn that we have collected personal data from a user considered as a minor, we will delete that data as quickly as possible. If you believe that a GENBA Platform user or a Visitor might be a minor, please contact our support team at Genba Digital.

4. For what purpose do we process your data?

Depending on which Services you are using and which privacy settings you have selected, we process your Personal Data for the following purposes:

Provision and improvement of our Services

• to allow you to use our Services
• to notify you about changes in our Services
• to create and manage your account
• to restore your account if you ever lose access
• to communicate with you in context of account activation, password management
• to provide technical support and respond to your requests
• to provide payment processing services
• to provide product delivery services
• to identify and correct any bugs/errors
• to indicate the popularity of our Services
• to assess the quality of our Services
• to understand and improve your online experience
• to aggregate financial reports to pay our business partners
• to pay our business partners for the promotion of our Services

Personalization of your user experience

• to remember you next time you visit our Services

Prevention of fraud and illegal activity

• to investigate fraud and deal with fraud.
• to ensure security of our GENBA Platform and Website
• to enforce our policies and terms of use

Compliance with our legal or regulatory obligations

• to determine the legal requirements for processing of your Personal Data (based on your location such as your country)
• to maintain records related to purchases
• to respond to your requests related to your data subject rights
• to comply with our legal obligations (e.g. tax and accounting obligations and the EU Digital Services Act)
• to inform you about any changes to this Privacy Notice

Please see the section with service specific information below for a more detailed description of the purposes for which we process your Personal Data.

5. On Which legal basis do we process your Personal Data?

We process your Personal Data for the purposes described in this Privacy Notice, based on the following legal grounds:

• Your consent: We process your Personal Data if you have provided your consent for a specific purpose. We also show you just-in-time contextual notifications and consent pop-ups to obtain your consent for further processing activities. You have the right to withdraw your consent at any time, for example by changing your privacy settings. Please note that this will not affect any processing carried out before you withdraw your consent.
• Performance of a contract: We process your Personal Data for the performance of a contract or to take steps prior to entering into a contract to which you are party, for example, in context of customer service, where it is necessary for the creation and administration of your account, to support the operation of our Services or to facilitate the delivery of requested Services.
• Compliance with legal obligations to which we are subject: We process your Personal Data to comply with legal obligations, for example, for tax and accounting purposes or legal disputes as well as any requests or claims from legal authorities.
• Legitimate interests: We also process your Personal Data to the extent that the processing is necessary for our legitimate interests or those of third parties while applying appropriate safeguards that protect your privacy. For example, we process your Personal Data for improvement of the service provided to you. We can also disclose your Personal Data to legal authorities for prevention of a crime, facilitation of an investigation related to public safety, and to protect the security or integrity of our Services. Accordingly, when you are purchasing a product from an Etailer or licensed distributor, we can process your personal data in order to ensure that the transaction is not fraudulent based on our legitimate interests. We kindly remind you that you have the right to object to processing.

Please see for additional information the section with service specific information below.

6. With whom do we share your Personal Data?

We will not disclose your Personal Data to any party who is not authorised to process them. To manage our services, we will share your Personal Data internally with members of our responsible departments and technical support involved in the development team and in each case only if access to your Personal Data is necessary for the performance of their roles.

Moreover, and only when necessary to fulfil the purposes mentioned above, we disclose your Personal Data to the following recipients or categories of recipients or allow the following third parties to collect your Personal Data in connection with your use of our Services:

• External service providers: We share your Personal Data with external service providers who perform services on our behalf, like hosting and content delivery services. Where we share your Personal Data with external service providers, we have appropriate agreements in place to ensure that your Personal Data is processed in compliance with applicable data protection laws.
• Etailers and Publishers: We share your personal data with various Etailers and Publishers to purchase keys for digital products.
• Single Sign-On Provider: As a Publisher or Etailer, once you share personal data of the designated employee that you would like to grant access to GENBA Platform, we share the personal data (full name and email address) with our third-party single sign-on provider to create an account.
• Fraud Detection Partner: We share the IP address of the Etailer Consumer and our fraud detection partner to have a real-time check whether the transaction is fraudulent or not.
• Customer Support: We use a third-party customer support service to be able to respond to your queries in an orderly manner and on a timely basis. We also Created a Contact Us page on our Website. When you use the form available in the Contact Us page or reach out to your commercial manager, your request or query is shared with our customer support partner and is automatically turned into a support ticket.
• Social Media Platforms: We added buttons of social media providers on our Website which enable you to share latest news and updates on our Website in your social media account or direct you to our social media page. We do not collect, receive or process any personal data for this process as any interaction such as likes, comments and shares are collected by social media platforms. We recommend you to read the privacy notice of social media providers. You can find detailed information in our “Cookie Notice”.
• Law enforcement, government authorities or courts: We disclose your Personal Data in response to lawful requests to public authorities, including law enforcement, government authorities, or courts.
• Azerion affiliates and subsidiaries: We share your personal data with our group affiliates and subsidiaries. Where we share your personal data with our group company, we have appropriate agreements (an intra-company data sharing agreement) in place to ensure that your personal data is processed in compliance.
• Other third parties: We also disclose your Personal Data in the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in any insolvency or similar proceedings).

Please see the section with service specific information below for more information about the third parties we may share your data with. Furthermore, you can find the third parties your Personal Data may be shared with at the bottom of this Privacy Notice.

7. Where will my Personal Data be processed?

In general, your personal data is stored on servers within the European Union (EU) / the European Economic Area (EEA). However, your data can also be shared with outside the UK and the EU / EEA. We have implemented appropriate safeguards to protect your Personal Data when it is transferred outside the UK and the EU/EEA, including the execution of the UK standard contractual clauses and the European Commission’s standard data protection clauses (also known as Model Clauses) to provide safeguards for your Personal Data. You can request a copy of our Standard Contractual Clauses for free of charge.

8. How do we protect your Personal Data

We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We update and test our security standards on an ongoing basis. In addition, we take reasonable steps to assure that third parties to whom we transfer your Personal Data provide sufficient protection of Personal Data. The scope of technical and organizational security measures also includes the transaction made for the key of a digital product (from Etailer Consumer to GENBA Platform and then to the Publisher). In order to ensure that the transaction is not fraudulent and does not pose a risk for the parties involved, we partnered with a real-time fraud detection and prevention solution that checks fraud in a transaction based on personal data of the Etailer Consumer. We share the IP address of the Etailer Consumer and our fraud detection partner checks in real time whether the IP can be involved in fraud or not and based on the result, we authorize the transaction and the key for the digital product is made available to the Etailer Consumer. The IP addresses are not stored afterwards.

9. How long do we store your Personal Data?

We will not retain your Personal Data longer than necessary to fulfill the purposes for which the data was collected or to fulfill our legal obligations or necessary for the establishment, exercise of defence of legal claims or resolving disputes. In addition to this, we determine our retention periods based on our accountability obligations (to be able to demonstrate that we complied with our obligations, e.g. preserving records when you exercised one of your data subject rights), statutory requirements in countries that we are legally present including statute of limitations, the need of Personal Data for any reference to our future actions (e.g. to be able to justify an action we took or to be able to handle payments to our partners or clients) and the need of Personal Data for business processes including but not limited to development of our product. Afterwards, we will delete or anonymize your Personal Data. Please see below for information about how long we will retain your Personal Data.

10. What are your rights in respect of your Personal Data?

To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your Personal Data:

• Access the Personal Data we hold about you, including information such as the source and categories of data, the processing purposes, the recipients (or categories thereof), and the respective retention period.
• Request the update or correction of your Personal Data so that it is always accurate.
• Receive your Personal Data in a structured, commonly used and machine-readable format, including the right to transfer your Personal Data to another data controller.
• Request the deletion of your Personal Data if you believe that retention is no longer necessary for the purposes indicated above.
• Restrict the processing of your Personal Data, for example, if you have contested the accuracy of your Personal Data, and for a period of time that is sufficient to allow us to verify its accuracy.
• Withdraw your consent at any time if your Personal Data is processed with your consent. Please note that this will not affect the lawfulness of data processing based on consent granted prior to its withdrawal.

Right to object

In the event and to the extent that we process your Personal Data based on our legitimate interests, you have the right to object to the processing on specific grounds relating to your particular situation. In such cases we will no longer process your Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

You also have the right to object where we are processing your Personal Data for direct marketing purposes (including profiling). In such a case, we will stop processing your Personal Data for marketing purposes.

You can exercise these rights by sending a request to the contact details set out below, providing your name, your email address as well as a description of your request.

If you believe we have not complied with our obligations under applicable data protection laws and regulations, you can lodge a complaint with a competent data protection authority, for example, the Autoriteit Persoonsgegevens in the Netherlands.

How can you contact us?

If you have any queries about this Privacy Notice or how we use your Personal Data, please contact our customer support or our via e-mail to [email protected].

How often do we update this Privacy Notice?

We regularly review this Privacy Notice. This Privacy Notice was last updated on: 01 October, 2024.

Additional Information for California Residents

This section for California residents supplements the information provided in this Notice and applies solely to visitors, users, and others who reside in the State of California. We provide this section to comply with the California Consumer Privacy Act of 2018 (CCPA) and the regulations issued under it; accordingly, this section addresses the specific requirements of the CCPA and should be read together with this Privacy Notice.

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. In particular, we have collected the following categories of personal information (envisaged by the CCPA) from consumers within the last twelve (12) months:

Category A – Identifiers (such as your device identifier, demographic information -such as your country, your username, email address, any information you may choose to provide -such as your age or your language-)

Category B- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Category D – Commercial information (such as purchase history)

Category F – Internet or other similar network activity (such as your IP address)

Category G – Geolocation data

The CCPA provides consumers (California residents) with specific rights regarding their personal information.

You have the right to access specific information i.e. you may request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.

You have the right to deletion which means that you may request that we delete any of your personal information we collected from you and retained, subject to certain exceptions.

You have the right to opt out of any sale of your personal data by us to third parties. Please note that your right to opt out does not apply to our sharing of personal data with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the personal data only for that function.

Finally, you have a right to not be discriminated against for exercising your rights under the CCPA.

You can exercise these rights by sending a request to the contact details set out above, providing your name, your email address as well as a description of your request.

Additional Information for Brazil Residents

Under the Brazilian General Data Protection Law (the “LGPD”), you have the right to access, rectify, port, erase, and confirm that we process your data. If you have given consent about processing your data, you have the right to withdraw consent anytime.

SERVICE SPECIFIC INFORMATION

In this part of our Privacy Notice, you will find specific information on how your Personal Data is processed. For general information about data processes that apply, please see above.

Hosting and content delivery

GENBA is hosted by external companies providing web servers and web content delivery. Every time you make a request, for example by clicking on a link on our platform, the information allowing this request (e.g. device information and information on requested content) as well as online identifiers (your IP address) will be sent to the external servers. This data is used to show you the content you requested in a faster way. We process this data on the basis of our legitimate interest, to provide and improve our service and ensure its functionality.

Creation/administration of your account

GENBA can create accounts for GENBA Platform Users via its third-party single sign-on partner. If GENBA creates an account, we collect your log-in data (your first name, last name, email address, password (hashed), account ID, account creation technical details (e.g. time of account creation) to allow you to log in on different devices, company name and company address.

Your account data will be stored for as long as your account exists, based on the performance of a contract. You can delete your GENBA account at any time, for example by submitting a deletion request to our support team using the Contact Us page within the Website or by contacting our Data Protection Officer through sending an email to [email protected]. GENBA may retain your account data after a deletion request due to legal or regulatory requirements or for the reasons stated in this Privacy Notice.

Login

Our Website transmits the data you have provided in the log-in page (normally your email address and password) and a service URL to the authentication server. The authentication server then uses this data to verify the login request. If the login request is accepted on that basis, the user ID assigned to you will be transmitted to the server of GENBA and you will be able to access the Publisher or Etailer Platform. We process this data on the basis of performance of the contract.

Customer service:

If you contact us for customer support, an external customer service company will process your full name, company name, email address, and the content of your request. In order to provide you with support, this information will be processed together with the date and time of your request, The request history is stored for your account lifetime to enable handling of newer requests based on your previous request and to improve our services.

We process this data on the basis of the performance of a contract as far as the information is required to answer your request. The continued storage of your request history is based on our legitimate interest, in order to improve our services.

Order Requests

If an Etailer Customer purchases digital products via an order request from Etailers, GENBA only receives the name of the product purchased, buying price, your IP address and the country in which the game was purchased. GENBA Platform communicates with such partners through API calls. We store this information for at least 6 years.

We process your Personal Data in connection with your normal order requests on the basis of the performance of a contract in order to facilitate your purchase.

Fraud Detection

In order to verify that the Order Requests and transactions by Etailer Customers are valid and genuine, we work with a fraud detection provider which completes fraud checks on a real time basis. If you are an Etailer Customer, your IP address received from the Etailer or its licensed distributor through API calls is shared with the fraud detection provider. After checking the IP address on potential fraud, the fraud detection provider determines whether there is potential fraud or not and the transaction completes based upon the verification. The IP addresses are only collected and shared during the transaction and deleted after the transaction is completed. This process is based on our legitimate interests.

Reporting

If you are using our Publisher Platform or Etailer Platform, we provide you a reporting dashboard about your products, promotion and campaigns. This information includes the name of the promotion ID, promotion name, product name, SKU, SKU ID, country information and currency. Additionally, for Publishers, we provide information on whether a digital product is on the shopping cart of an Etailer Customer (buffered) or actually delivered (net sold). This information is provided by the Etailer to us via API calls based on the IP address of the Etailer Customer. This process is based on our legitimate interests.

Role Manager

In a Publisher or Etailer account, a number of employees can have sub accounts based on their roles. Roles determine the features, access level and authorizations available to a particular user. Roles can be assigned either by GENBA (admin of GENBA platform) or admin of the Publisher or Etailer accounts. Under the role admin dashboard, each user is listed with their full name, email address, their role, date and time of the last login, date and time of the account creation and status of the user (active or inactive). This process is based on performance of a contract.

Email Delivery Services

We send emails about operational updates (like issues about key delivery or maintenance) to GENBA Platform Users via third party Email Delivery Services. We will process this personal data based on performance of a contract.

Third parties: Below you will see an overview of the third parties we may share your Personal Data with, or that may share your Personal Data with us.