Privacy policy

Privacy policy

Whereas Lesta Games provides access to the site and the Game/Games worldwide from this site, this policy applies to the English-speaking users around the world.

Please note, that the website and the Game/Games are not intentionally designed for or directed at children 13 years of age or younger.

In the event of any conflict between this Privacy Policy and the Agreement, this Policy shall prevail.

 

By downloading and installing the Game client/client application for launching the Games using the Game or Games website (platform), you confirm that you have fully read the text of this Policy, understand it and, acting freely, in your interest and expressing your will, fully agree with it, without any exceptions and/or reservations, as well as freely, having full information and acting in accordance with your interests, expressly express your consent to the processing of your personal data in accordance with this Policy, including with the involvement of third parties, as set out in this Policy.

If you disagree with any of the provisions of this Policy, we ask you to immediately stop using the site/Games and refuse to download and install.

In the event of a change in the procedure for processing users' personal data, we will reflect them in the text of this Policy and publish a corresponding notification on the relevant website. However, as we may make changes to this Policy that will become effective upon the publication of its updated version, we draw your attention to the need to review the Policy from time to time in order to make sure that you are familiar with its most recent version. By continuing to use the site/Game after changes to the Policy are made, you confirm your acceptance of such changes.

Due to the flexibility of technological processes, additions to the list of cookies indicating the date of change are allowed, while the current version of the document is not subject to complete replacement until the number of changes in file types requires updating this version.

In this Policy, "Lesta Games", "we", "us/us" or "our" means Lesta Games Agency LLC, TIN 9705161726, OGRN 1217700553080, registered at 127015, Moscow, vn.ter.g. municipal district Savelovsky, st. Vyatskaya, 27, building 7, as well as in some cases our authorized representatives, about which the User will be informed additionally. This Policy applies to all of our products (collectively, the "Products"):

(i) our games for PC and mobile devices that contain a link to this Policy and are available through the Websites and gaming platforms (hereinafter referred to as the "Games")

(ii) our websites that contain a link to this Policy, including at royalquest.com (hereinafter referred to as the site, website)

(iii) products and applications (including support applications and forums) related to the Games

(iv) a Lesta Games account (“Account”) and any other online games, websites, applications and products administered by us that contain a link to this Policy.

This Policy also applies to any of our offline activities that provide you with access to this Policy.

 

  1. Personal data- means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, mental factors, economic, cultural or social identity of a natural person.

  2. Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  3. Controller - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  4. Joint controller(s) - Joint controller(s) occurs when at least two Controllers jointly determine the purposes and means of processing, they are Joint controllers (art. 26 GDPR).

  5. Supervisory authority - means an independent public authority which is established by a Member State.

  6. Recipient - means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

  7. Processor - means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  8. Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  9. Third country - an entity outside the EEA (European Economic Area) to which personal data is disclosed.

  10. Consent - of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  11. Privacy Policy - this document, presenting information on the principles of personal data processing in accordance with the substantive scope indicated in art. art. 13 GDPR - information clause regarding the processing of personal data.

  12. Cookies Policy - information on the use of cookies on the website run by the Controller. The Cookie Policy is available on the Controller's website.

  13. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation)

 

Who does this Privacy Policy apply to?

This Privacy Policy (hereinafter referred to as PP) applies to the processing of personal data of natural persons, website users and players. The categories of personal data concerned are natural persons acting alone, natural persons acting on behalf of organizational units without legal personality, natural persons acting on behalf of legal persons (e.g. as members of their bodies, proxies, contact persons), in case of contractual relations this PP applies before the conclusion of a contract and after the conclusion thereof.

 

Who is the Controller?

Please be advised that Controller is Lesta Games, represented by Lesta Games Agency, LLC (OGRN: 1217700553080), located at 127015, Moscow, internal city territory Savelovsky, Vyatskaya street, bld. 27, str 7)

 

Contact details to the Controller

Please send inquiries regarding the protection of personal data to the Controller by traditional mail to the above-mentioned address or by e-mail to the address:  Email: dpo@lesta.group  or privacy@lesta.group

 

Data Protection Officer

Please be advised that the Controller has not appointed a Data Protection Officer. Inquiries regarding the protection of personal data should be directed to the Controller by traditional mail to the Controller's address or by above stipulated e-mail.  

 

For what purposes is or can your personal data be processed?

We may process your data under legitimate interest, please note, that our legitimate interest include: (1) maintaining and administrating the website and the Game; (2) providing them to you; (3) improving the content; (4) processing of the data that was manifestly made public by you where it is accessible by other users of the Platform; (5) ensuring your Account is adequately protected; and (6) complying with any contractual, legal, or regulatory obligations under any applicable law.

Personal data is or may be processed for the following purposes:

 

No.

Purpose of personal data processing

Scope of personal data

Lawfulness of processing

1.

Offers (Personal data processed in connection with the Controller's receipt of an offer regarding possible cooperation)

1) in the case of natural persons: name, surname, position, e-mail address, telephone number, 2) in the case of legal persons: name, surname, position, e-mail, telephone number,

1) in the case of natural persons: art. 6 (1) f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

2.

NDA (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the confidentiality agreement (NDA))

1) in the case of natural persons: name, surname, ID number, position, e-mail address, telephone number, 2) in the case of legal persons: name and surname, position, e-mail address, telephone number,

1) in the case of natural persons: art. 6 (1) b), f) GDPR, 2) in the case of legal persons: art. 6 (1) f) GDPR,

3.

Arrangement (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the contract)

Arrangement (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the contract)

1) in the case of natural persons: art. 6 (1) b), c), f) GDPR,

2) in the case of legal persons: art. 6 (1) c), f) GDPR,

4.

To participate in the Forum section on the website

(https://royalquest.com/en/forum

Name, nick, avatar, image, comments, 

1) art. 6 (1) a) GDPR - consent of the data subject,

2) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

5.

Personal data processed in connection with participation in competitions

Name, surname, telephone number, e-mail address other information connected with participation in competitions

1) art. 6 (1) b) GDPR - processing necessary to conclude and implement the provisions of the contract (acceptance of the provisions of the Regulations),

2) art. 6 (1) c) GDPR - legal regulations (in the case of paid conferences),

3) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

6.

Personal data processed in connection with the exercise of rights in the field of personal data protection

The scope of data necessary to exercise the rights of the person

1) art. 6 (1) c) GDPR - legal provisions,

2) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

7.

For other purposes - while the content of art. 13 GDPR will then be presented individually for the respective processing purpose

-

-




We hereby inform that depending on the purpose of processing, the scope of the indicated personal data may change. 

How long will personal data be processed in accordance with the storage limitation principle (personal data retention)?

Please be advised that personal data are or may be processed for the period of:

 

No.

Purpose of processing

Lawfulness of processing

Processing period

1.

Offers (Personal data processed in connection with the Controller's receipt of an offer regarding possible cooperation)

1) in the case of natural persons: art. 6 (1) f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

a) until objective to processing,

b) for internal administrative purposes related to the management of the process of receiving offers - for a period of 10 years from the date of receipt of the offer,

2.

NDA (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the confidentiality agreement (NDA))

1) in the case of natural persons: art. 6 (1) b), f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR

a) in order to prepare, conclude and implement the provisions of a confidentiality agreement (NDA) - for the duration of the preparation, conclusion and duration of the contract - for an indefinite period or until the contract is terminated or until an objection to the processing is raised,

b) for purposes related to the investigation of claims between the parties to the contract for the performance of the provisions of the contract (NDA) - if applicable - for the duration of the claims in accordance with applicable law and for the period of their investigation - if applicable,

c) for internal management purposes - controlling and archiving documentation in connection with the conclusion of the contract - for a period of 10 years from the date of the contract, which may be changed,

3.

Arrangement (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the contract)

1) in the case of natural persons: art. 6 (1) b), c), f) GDPR,

2) in the case of legal persons: art. 6 (1) c), f) GDPR,

a) in order to prepare, conclude and implement the provisions of the contract - for the duration of the preparation, conclusion and duration of the contract - for an indefinite period or until the termination of the contract or until objections to processing are submitted,

b) in order to make financial settlements - for a minimum period of 6 years from the end of the financial year,

c) for purposes related to the investigation of claims between the parties to the contract for the performance of the provisions of the contract - if applicable - for the duration of the claims in accordance with applicable law and for the period of their investigation - if applicable,

d) for internal management purposes - controlling and archiving documentation in connection with the conclusion of the contract - for a period of 10 years from the date of the contract, which may be changed,

4.

To participate in the Forum section on the website

(https://royalquest.com/en/forum

1) art. 6 (1) a) GDPR - consent of the data subject,

2) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

1) until the consent is withdrawn,

2) until users stop using the Forum,

3) for the period resulting from legal provisions,

4) for a period of 10 years for internal administrative purposes,

5.

Personal data processed in connection with participation in the competitions

1) art. 6 (1) b) GDPR - processing necessary to conclude and implement the provisions of the contract (acceptance of the provisions of the Regulations),

2) art. 6 (1) c) GDPR - legal regulations (in the case of paid conferences),

3) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

1) until an objection to the processing is submitted,

2) for the duration of the competitions,

3) for the period of 6 years after the >participation in the competitions,

4) for a period of 10 years for internal administrative purposes,

6.

Personal data processed in connection with the exercise of rights in the field of personal data protection

1) art. 6 (1) c) GDPR - legal provisions,

2) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

1) for the period resulting from legal provisions (for an indefinite period),

2) until an objection to the processing is submitted,

 

Please be advised that the given periods of personal data processing for individual processing purposes may change, among others, as a result of amendments to the law or internal organizational changes.

Under what circumstances is the provision of personal data a statutory or contractual requirement or a requirement necessary to enter into a contract?

Please be advised that providing personal data is:



No.

Purpose of processing

Lawfulness of processing

Processing

1.

Offers (Personal data processed in connection with the Controller's receipt of an offer regarding possible cooperation)

1) in the case of natural persons: art. 6 (1) f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

a) providing personal data is voluntary, and failure to provide personal data will result in the inability to read and make a decision in connection with the received offer for cooperation,

2.

NDA (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the confidentiality agreement (NDA))

1) in the case of natural persons: art. 6 (1) b), f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

a) processing of personal data in order to prepare, conclude and implement the provisions of a confidentiality agreement (NDA) - providing personal data is contractual, and failure to provide personal data will result in the inability to prepare, conclude and implement the provisions of the contract,

b) processing of personal data for purposes related to the investigation of claims between the parties to the contract for the performance of the provisions of the contract (NDA) - it is voluntary, and failure to provide personal data will result in the inability to pursue claims,

3.

Arrangement (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the contract)

1) in the case of natural persons: art. 6 (1) b), c), f) GDPR,

2) in the case of legal persons: art. 6 (1) c), f) GDPR,

a) processing of personal data in order to prepare, conclude and implement the provisions of the contract - providing personal data is contractual, and failure to provide personal data will result in the inability to prepare, conclude and implement the provisions of the contract,

b) in the case of financial settlements, it is of a statutory nature and failure to provide personal data will result in the inability to meet the obligations arising from the applicable law on the Controller,

c) processing of personal data for purposes related to the investigation of claims between the parties to the contract for the performance of the provisions of the contract - it is voluntary, and failure to provide personal data will result in the inability to pursue claims,

4.

To participate in the Forum section on the website

(https://royalquest.com/en/forum

1) art. 6 (1) a) GDPR - consent of the data subject,

2) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

1) is voluntary, and failure to provide personal data will result in the inability to participate in the Forum

5.

Personal data processed in connection with participation in the competitions

1) art. 6 (1) b) GDPR - processing necessary to conclude and implement the provisions of the contract (acceptance of the provisions of the Regulations),

2) art. 6 (1) c) GDPR - legal regulations (in the case of paid conferences),

3) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

1) is voluntary, but failure to provide personal data will result in the inability to participate in the competitions,

2) is of a contractual nature, but failure to provide personal data will result in the inability to participate in the competitions (in the event of the existence of the Rules of participation in the competitions),

3) is of a statutory nature, and failure to provide personal data will result in the inability to meet the legal provisions imposed on the Controller (in the case of organizing a paid competitions),

6.

Personal data processed in connection with the exercise of rights in the field of personal data protection

1) art. 6 (1) c) GDPR - legal provisions,

2) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

1) is voluntary, and failure to provide personal data will result in the inability to exercise the rights of the person in the field of personal data protection,

2) is of a statutory nature, and failure to provide personal data will result in the inability to comply with the provisions of the law in the area of personal data protection imposed on the Controller,



Processing of personal data based on the consent of the data subject

Please be advised that in the case of processing personal data based on the legitimate interest pursued by the Controller (Article 6 (1) а) GDPR

 

No.

Purpose of processing

Lawfulness of processing

Art. 6 (1) a) GDPR

1.

To send periodic emails, such as updates on new games release dates via e-mail (including Newsletter)

1) art. 6 (1) a) GDPR - consent of the data subject,

The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of the consent granted should be reported to the e-mail address: dpo@lesta.group

2.

To participate in the Forum section on the website

(https://royalquest.com/en/forum

1) art. 6 (1) a) GDPR - consent of the data subject,

The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of the consent granted should be reported to the e-mail address: dpo@lesta.group










The processing of personal data based on the legitimate interest pursued by the Controller (processing is necessary for the purposes of the legitimate interests pursued by the controller)

Please be advised that in the case of processing personal data based on the legitimate interest pursued by the Controller (Article 6 (1) f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller):



No.

Purpose of the processing

Lawfulness of the processing

Art. 6 (1) f) GDPR

1.

Offers (Personal data processed in connection with the Controller's receipt of an offer regarding possible cooperation)

1) in the case of natural persons: art. 6 (1) f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

Please be advised that for the legitimate interest pursued by the Controller: a) with regard to the processing of personal data in order to become acquainted with the cooperation offer, a binding business relationship shall be considered,

b) the processing of personal data for internal administrative and managerial purposes related to the management of the process of receiving offers is considered,

2.

NDA (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the confidentiality agreement (NDA))

1) in the case of natural persons: art. 6 (1) f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

Please be advised that in the case of processing personal data of natural persons and natural persons representing or acting on behalf of a legal person, the legitimate interest pursued by the Controller is considered to be: a) processing in order to prepare, conclude and implement the provisions of a confidentiality agreement (NDA),

b) processing for purposes related to the investigation of claims between the parties to the contract for the performance of the provisions of the contract (NDA) - if applicable - the legitimate interest pursued by the Controller is the processing of personal data for the purpose of seeking claims for the implementation of the provisions of the contract (NDA),

c) processing for internal management purposes - the legitimate interest pursued by the Controller is the control and archiving of documentation in connection with the conclusion of the contract,

3.

Arrangement (Personal data processed in connection with the preparation, conclusion and implementation of the provisions of the contract)

1) in the case of natural persons: art. 6 (1) f) GDPR,

2) in the case of legal persons: art. 6 (1) f) GDPR,

Please be advised that in the case of processing personal data of natural persons, natural persons representing or acting on behalf of a legal person, the legitimate interest pursued by the Controller is considered to be: a) processing in order to prepare, conclude and implement the provisions of the contract,

b) processing for the purpose of financial settlements - activities related to the monitoring and payment of payments,

c) processing for purposes related to the investigation between the parties to the contract of claims arising from the performance of the provisions of the contract - if applicable - the legitimate interest pursued by the Controller is the processing of personal data for the purpose of seeking claims for the implementation of the provisions of the contract,

d) processing for internal management purposes - the legitimate interest pursued by the Controller is the exercise of control and archiving of documentation in connection with the conclusion of the contract,

4.

To participate in the Forum section on the website

(https://royalquest.com/en/forum

1) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

The legitimate interest of the controller is the processing of personal data in order to administrative issues related to running the Forum, for administrative and internal management issues also in case of the claims - if applicable

5.

Personal data processed in connection with participation in the competitions

1) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

The legitimate interest of the controller is the processing of personal data in order to administrative issues related to running the competitions, for administrative and internal management issues also in case of the claims - if applicable

6.

Personal data processed in connection with the exercise of rights in the field of personal data protection

1) art. 6 (1) f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller,

A legally legitimate interest is to the exercise of the rights of data subjects in connection with the possibility of exercising the rights of persons to whom data concern and provided for by law and demonstrate the compliance with the GDPR regulations,

Disclosure of personal data by the Controller

We hereby inform that personal data is or may be disclosed by the Controller:

1. disclosed to data recipients providing services to the Controller pursuant to art. 28 GDPR – Data Processing Agreement. Depending on the purpose of personal data processing, the categories of data recipients may be: IT infrastructure providers (software and hardware), website hosting, tools for conducting meetings, conferences, online webinar, external recruiting companies. The list of the processors to whom the Controller entrusts the processing of personal data is available at the request of the data subject,

2. disclosure of data to recipients cooperating with the Controller. Depending on the purpose of personal data processing, the categories of recipients to whom personal data may be disclosed are entities operating in the field of audits, postal services, courier services, law offices. We would like to inform you that after disclosing personal data, the data recipient becomes the Controller. The list of recipients to whom the Controller discloses personal data is available at the request of the data subject,

3. disclosure of data to recipients who are public / state authorities. Depending on the purpose of personal data processing, the categories of data recipients may be such bodies as the Tax Office, Police, courts, the Supervisory Authority or other entities to which the Controller discloses personal data under applicable law. Please be advised that after disclosing personal data, their recipient becomes the Controller of the data. The list of recipients to whom the Controller discloses personal data is available at the request of the data subject,

4. disclosure of personal data to third parties. The list of third parties to whom the Controller discloses personal data is available at the request of the data subject.

 

Transferring personal data to a third country (i.e. outside the EEA). We may transfer and maintain some of your personal information on our servers or databases outside the European Economic Area (EEA), including in CIS. The countries to which we transfer your data may not have the same data protection laws as your jurisdiction. We take reasonable cyber security measures and/or put in place the contractual clauses to ensure your data is adequately protected.

 

Please be advised that personal data may be transferred to a third country, i.e. outside the EEA. In the event of transferring personal data outside the European Economic Area, such transfer may only take place on the terms set out in Chapter V of the GDPR:

1. pursuant to art. 45 GDPR - transfer based on an adequacy decision,

2. pursuant to art. 46 GDPR - transfer subject to appropriate safeguards, including the use of standard data protection clauses adopted by the European Commission,

3. We hereby inform that the transfer of personal data outside the EEA may involve the risk of not ensuring sufficient security of personal data. In the event of a risk related to the transfer of personal data outside the EEA, the Controller provides such information in this Privacy Policy,

3. Please be advised that the list of entities outside the EEA to which the Controller discloses personal data is available at the request of the data subject,

4. List of entities that may transfer personal data outside the EEA, which may not provide sufficient protection of personal data provided for in the GDPR:



No.

The name of the entity

Link to information

The risk related to the transfer of data outside the EEA and the negative effects that may arise for the data subject

1.

Twitter

https://twitter.com/en/tos#intlTerms 

1) unauthorized access to data,

2) loss of control over your data,

3) no possibility of exercising the rights under the GDPR,

4) other, negative effects indicated in recital (75) of the preamble to the GDPR: material and non-material effects,

2.

YouTube

https://www.youtube.com/t/terms  

1) unauthorized access to data,

2) loss of control over your data,

3) no possibility of exercising the rights under the GDPR,

4) other, negative effects indicated in recital (75) of the preamble to the GDPR: material and non-material effects,

3.

Google

https://policies.google.com/terms?hl=en&gl=be  

1) unauthorized access to data,

2) loss of control over your data,

3) no possibility of exercising the rights under the GDPR,

4) other, negative effects indicated in recital (75) of the preamble to the GDPR: material and non-material effects,

4.

Google Maps

https://www.google.com/intl/en_be/help/terms_maps/  

1) unauthorized access to data,

2) loss of control over your data,

3) no possibility of exercising the rights under the GDPR,

4) other, negative effects indicated in recital (75) of the preamble to the GDPR: material and non-material effects,

What are the rights of the data subject?

We would like to inform you about the right to request the Controller to exercise the following rights:

1. the right to access personal data relating to the data subject,

2. the right to rectify personal data,

3. the right to delete personal data (erasure of personal data),

4. the right to limit the processing of personal data (restriction of processing),

5. the right to object to the processing,

6. the right to transfer data (the right to data portability),

7. the right to receive a copy of your personal data,

8. the right to lodge a complaint with the supervisory body.

Please be advised that due to the individual purposes of processing listed in this Cookie Policy, the exercise of the rights of data subjects may be fully or partially limited, e.g. due to applicable law, which obliges the Controller to process them. Please send inquiries regarding the protection of personal data to the Controller by traditional mail to the above-mentioned address or by e-mail to the address: dpo@lesta.group.

 

Please note, that if you do not want us to process sensitive and special categories of data about you (including data relating to your health, racial or ethnic origin, political opinion, religious or philosophical beliefs, sex life, and/or your sexual orientation), you have to take care not to post this information or share this data on the website. Once you have provided this data, it will be accessible by other Users and it becomes difficult for us to remove this data.

Please note, that if you withdraw your consent to data processing or you do not provide the data that we require in order to maintain and administer the website, you may not be able to access the website.

If we intend to further process your data for any other purpose besides those set out in this Privacy Policy, we shall provide you with details of these purposes before we commence data processing.

 

Information on automated decision making, including profiling

Please be advised that by entering the Controller's website, you are not subject to automated decision making, including profiling. Information on the data cookies used by the Controller is available in the Cookie Policy available on the website as a separate document: https://royalquest.com/en/agreements/cookie

 

What is the source of the data?

Personal data may:

  1. come directly from the data subject,

  2. come indirectly from the data subject. The source of personal data may be publicly available registers. Personal data may come from a legal entity that provides personal data of persons designated on behalf of the legal entity to represent it or to contact it, or to implement the provisions concluded between the parties.

 

What scope of personal data is processed?

The Controller processes personal data to the extent necessary to achieve the purposes of processing indicated in the Privacy Policy. In accordance with the principle of minimization, we process only the scope of personal data necessary to achieve the purpose of processing.



How do we secure personal data?

Please be advised that in order to protect privacy and personal data, the Controller has implemented appropriate physical, technical, organizational and legal measures to ensure the security of personal data processing and to ensure the implementation of the rights and freedoms of natural persons.



Processing of personal data using social media or platforms

Please be advised that the Controller runs or can run a fanpage(s) on social media or platforms runs:

1. Facebook,

2. LinkedIn,

3. Twitter,

4. YouTube,

5. VK



Please be noted that the Controller is responsible for the processing of personal data only to the extent to which he decides about the purposes and means of processing personal data via the fanpage.

 

Please be advised that using the above-mentioned fanpage, information on the processing of personal data is available at the following links:

 

No.

Entity name

Link to information

1.

Facbook

https://www.facebook.com/legal/terms  

2.

LinkedIn

https://www.linkedin.com/legal/user-agreement  

3.

Twitter

https://twitter.com/en/tos#intlTerms 

4.

YouTube

https://www.youtube.com/t/terms  

5.

VK

https://connect.vk.com/privacy 





References to other sites

1. Please be advised that the website of the Controller may contain references to other websites (e.g. business partners cooperating with the Controller).

2. Please be advised that the Controller is not responsible for the processing of personal data of other websites. Information on the processing of personal data is made available by the Controllers to which the abovementioned websites belong.



Processing of personal data via payment/sales platforms

Please be advised that the Controller, as part of cooperation with sales platforms, may process personal data in connection with the offer of products and services.

Information on the processing of personal data to the extent to which the Controller determines the purposes and means of the processing of personal data, is available in the dedicated Privacy Policy provided by the Controller on the sales platform - if applicable.



Personal data breach notifications

We hereby inform that pursuant to Art. 34 GDPR, in the event of a breach of personal data protection that may result in a high risk of violation of the rights or freedoms of natural persons, the Controller shall notify the data subject of such a personal data breach without undue delay. Please be advised that pursuant to Art. 34 GDPR, personal data may be processed in connection with the personal data breach referred to above. Please be noted that the legal basis for the processing of personal data is art. 6 sec. 1 lit. c) GDPR. Please be advised that in the event of a personal data breach, the Controller will take all possible and available technical and organizational measures to meet the requirements set out in art. 33 and art. 34 GDPR.



Retention period

We will retain your personal information for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information during the term that is required and/or permissible under applicable/relevant law.

You may delete your personal data by removing the data from your Account; alternatively, you can delete your Account.

You may request to remove your Account and data by contacting the support service or via e-mail: dpo@lesta.group 

We may remove your Account or the information you post, as provided by the EULA.



Privacy notice for parents/legal guardians 

We encourage parents to discuss with their children the importance of personal data protection.

We will not require a child to provide more information than is reasonably necessary in order to use the website or Game.

If under applicable law a parental consent is required, children can use the website or Game only with the parental consent. For the purpose of parental consent, when setting up an Account, a child must provide email address of his/her parent/ legal guardian. We use that email address to contact the child’s parent/legal guardian to ask for his/her consent for child’s registration and our use of the child’s personal data in respect thereof. We will use email address of parent/ legal guardian solely for parental consent purposes.

At any time, parent/legal guardian can refuse to permit us to collect further personal data of their children in association with a particular Account, and can request that we cease collecting of such personal data, by sending a corresponding request via dpo@lesta.group For the matters related to children’s personal data collecting parents/legal guardians can contract us at dpo@lesta.group.



BRAZIL

This section applies to users located in Brazil: in case you need a text in Portuguese, we will do our best to provide you with the version as soon as possible

Сonsent revocation. Whenever we use your personal information based on your consent, you may revoke the consent that you have previously given for the collection, use and disclosure of your personal information, subject to contractual or legal limitations. To revoke such consent, you may terminate your account through our Support Team via website or you can contact legal and support via rq.support@lesta.games  or privacy via privacy@lesta.group. This may affect our provision of the service and the Game to you.

 

Parental and guardian consent. If you are under the age of 12, this website is not for you, if you are of the age of adolescence (that is from 12 to 18) you should not use the website and the Game for any purpose without first obtaining parental/guardian agreement to this Privacy Policy (both for themselves and on your behalf). We do not knowingly collect personal information from any children without such consent. Please contact our privacy team at privacy@lesta.group if you believe we have any personal information from any children without such parental/guardian consent – we will promptly investigate (and remove) such personal information.

 

BY ACCEPTING THIS PRIVACY POLICY, YOU EXPRESSLY STATE THAT YOU AUTHORISE US TO COLLECT, USE, STORE, AND PROCESS YOUR PERSONAL INFORMATION, INCLUDING, DISCLOSING TO THIRD PARTIES, TO THE EXTENT PROVIDED BY THIS PRIVACY POLICY.



FRANCE

You have the right to provide us with general or specific instructions for the retention, deletion, and communication of your personal data after your death.

The specific instructions are only valid for the processing activities mentioned therein and the processing of these instructions is subject to your specific consent.

You may amend or revoke your instructions at any time.

You may designate a person responsible for the implementation of your instructions. This person will be informed of your instructions in the event of your death, and be entitled to request their implementation from us. In the absence of designation or, unless otherwise provided for, in the event of the death of the designated person, their heirs will have the right to be informed of your instructions and to request their implementation from us.

 

When you wish to make such instructions, please contact us via support page on the website, or via e-mail rq.support@lesta.games  or privacy@lesta.group



MEXICO

This Privacy Policy is provided in English, in case you need a text in Spanish, we will do our best to provide you with the version as soon as possible 

Some of the purposes of processing stated above are for voluntary purposes, including to show you personalised recommendations and advertising. We may also use your personal data for the voluntary purpose of sending information to your email that we may consider relevant to you. You may object the processing of your personal data for voluntary purposes.

 

Please, be informed that we may also use your personal data to comply with legal obligations or requests from competent authorities, assert or defend our rights before the competent authorities / courts, respond to requests you send us in relation to your personal data and to carry out the transfer of personal data. 

You also have the right to revoke the consent that you have provided us to process your personal data.