Gam3

Data Protection and Privacy Policy

Last Updated: July 08, 2024 (Your update date may differ)

This Data Protection and Privacy Policy ("Privacy Policy") describes the practices we have implemented or will implement to collect, use, protect, and disclose any personal information or data we receive or collect when providing our services to you. These services include our website (https://gam3.ai), our Gitbook (https://docs.gam3.ai/), any subdomains of those websites, and the Gam3 Network ("Services").

Who We Are:

Throughout this Policy, "we," "us," or "our" refers to the Gam3 Foundation (the "Foundation"), a Gam3 foundation company, and our personnel, affiliates, and related companies. "You" and "your" refer to you, the user of the Services. Words written with a capital letter have specific meanings defined in the Definitions section of this Policy, elsewhere in this Policy, or in the Terms of Use. Please read the Terms of Use alongside this Privacy Policy.

1. Introduction

1.1 This Privacy Policy explains how the Gam3 Foundation ("Foundation") collects and uses Personal Data. It also details the situations where the Foundation may share Personal Data, outlines certain principles, rights, protections, and obligations regarding Data Subjects, and describes the Foundation's safeguards for protecting Personal Data.

1.2 This Privacy Policy considers the requirements of the BVIs Data Protection Act 2021 ("DPA") and general Privacy Principles. Additionally, individuals located in the European Union ("EU") and the United Kingdom ("UK") may also have rights under the EU General Data Protection Regulation 2016/679 and the UK General Data Protection Regulation (collectively, the "GDPR"). Appendix 1 provides details on these additional rights.

2. Definitions

2.1 Controller: An individual, organization, or government body that, alone or jointly with others, determines the purpose and methods for processing Personal Data as defined by Data Protection Laws. In this context, the Controller refers to the Gam3 Foundation (the "Foundation"). The Foundation may act as a joint Controller with a third party for certain processing activities.

2.2 Data Protection Laws: Applicable privacy laws, regulations, or codes issued by data protection authorities.

2.3 Data Subject: An individual who can be directly or indirectly identified through their Personal Data.

2.4 Personal Data: As used in this Privacy Policy, this refers to any information or opinion, true or not, and regardless of its storage format, about an identified individual or one who can be reasonably identified. This includes anything defined as personal information, personal data under the GDPR, personally identifiable information, or similar terms under applicable law.

2.5 Processing: Obtaining, recording, or holding Personal Data, or performing any operation or set of operations on it, including:

Organizing, adapting, or modifying the Personal Data
Retrieving, consulting, or using the Personal Data
Disclosing the Personal Data by transmission, dissemination, or otherwise making it available
Aligning, combining, blocking, erasing, or destroying the Personal Data

2.6 Processor: An individual or organization that processes Personal Data on behalf of a Controller. This includes any third-party service providers, applications, or agencies. However, for clarification, it does not include employees of the Controller. A Processor's activities are limited to the more "technical" aspects of processing and do not involve professional judgment or significant decision-making regarding Personal Data.

3. Data Protection Principles

3.1 We are committed to processing data responsibly according to Data Protection Laws, following these core principles:

(a) Fair, Lawful, and Transparent Processing: We will process your data in a way that is fair, legal, and transparent to you.

(b) Purpose Limitation: We will only collect data for specific, clearly defined, and legitimate purposes, and we will not further process it in a way incompatible with those purposes.

(c) Data Minimization: We will limit the collection of your Personal Data to what is adequate, relevant, and necessary in relation to the purposes for which it is processed.

(d) Accuracy: We will take reasonable steps to ensure that your Personal Data is accurate and up-to-date.

(e) Storage Limitation: We will only retain your Personal Data for as long as necessary for the purposes for which it was collected or as required by law.

(f) Security: We will implement appropriate technical and organizational measures to ensure the security of your Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

(g) Data Subject Rights: We will process your Personal Data in accordance with your rights as a Data Subject.

(h) Data Transfers: We will ensure an adequate level of data protection when transferring your Personal Data.

4. How We Collect and Process Personal Data

4.1 We may collect and process your Personal Data in various ways when you access, use, connect to, or interact with our Services. Here are some examples:

(a) Direct Collection: When you voluntarily provide information to us on our website, through our Services, or participate in online or in-person functions, events, or activities.

(b) Indirect Collection: When you indirectly provide information while interacting with our Services, such as through online inquiries.

(c) Third-Party Providers: When a third-party service provider or data processor collects Personal Data from you on our behalf. This may include details of your website usage from cookie and marketing providers.

(d) Publicly Available Sources: When information is available from publicly accessible sources, such as social media accounts and providers, relevant to your interactions with us.

5. Personal Data

5.1 The types of Personal Data we collect about you may include:

(a) Name

(b) Contact details (email address, name)

(d) Social media handle

(e) Digital wallet address and public blockchain data

(f) Credit card or payment details (processed through our third-party payment processor)

(g) Preferences and/or opinions

(h) Information provided through customer surveys

(i) Details of products and services provided to you or inquired about, including support requests and bug reports

(j) For games integrated with the Gam3 Network: age and game progress data (game saves, achievements)

(k) For digital wallets connected to Gam3 Network products and services: the assets held in that wallet

(l) Browser session and geolocation data, device and network information, website usage statistics (page views, sessions, acquisition sources, search queries, browsing behavior), IP address, and demographic information

(m) Information about your connections with others whose personal data we may collect

(n) Information about your access and use of our Services, including cookies, communications with our Services, browser type, operating system, and internet service provider domain name

(o) Additional personal information you provide directly or indirectly through forms, using our Services, associated applications, or social media platforms where you allow us to collect information

(p) Publicly available information from social media accounts, posts, and profiles relevant to your interactions with us or our business relationship with you

(q) Device information (mobile device type, mobile number, unauthorized third-party applications used to identify unfair advantages or cheating in our games), and device specifications

(r) Any other personal information requested by us, provided by you, or provided by a third party

5.2 We may collect this information directly from you or from third parties. We may aggregate Personal Data for reporting, statistical analysis, and business or product/service improvement purposes. This helps us understand user preferences and requirements, monitor effectiveness, and improve our offerings. We may also de-identify information for inclusion in reports or aggregated databases.

6. Collection and Use of Personal Data

6.1 We may collect, hold, use, and disclose personal information for the following purposes:

(a) Account creation and management

(b) Enabling you to access and use our Services, associated applications, and social media platforms, and personalizing your experience

(d) Facilitating communication with other users while playing games connected to the Gam3 Network

(e) Comparing information for accuracy and verification, including verifying your identity based on information you provide (where relevant to our Services)

(f) Contacting and communicating with you about our Services

(g) Analytics, market research, and business development, including operating and improving our Services, associated applications, and social media platforms

(h) Running promotions, competitions, offering additional benefits, and measuring the effectiveness of these activities

(i) Advertising and marketing, including sending promotional information about our products and services and information about third-party products and services related to the Gam3 Network that we consider may interest you

(j) Internal record keeping, administrative purposes, invoicing, and billing

(k) Investor relations and communication with regulators

(l) Investigating, reviewing, mitigating risks associated with, and informing you or authorities about any data or security breach involving your personal information

(m) Complying with legal obligations and resolving disputes

(n) Identifying, preventing, and responding to fraud and abuse, protecting our users, property, and rights

(o) As otherwise notified to you at the time of collection or in accordance with any agreements you enter into with us

7. Legal Grounds for Processing Personal Data

7.1 We believe it's necessary to collect and use your Personal Data for the purposes described above. We do this based on the following legal justifications:

(a) Consent: You, as a Data Subject, have agreed and consented to the Processing of your Personal Data for specific purposes.

(b) Contractual Necessity: Processing is necessary to fulfill a contract you, as a Data Subject, are party to, or for the Gam3 Foundation or its service providers to responsibly enter into a contract.

(d) Vital Interests: Processing is necessary to protect the vital interests of you as a Data Subject or another individual.

(e) Public or Legitimate Interests: Processing is necessary for a task carried out in the public interest or for legitimate interests pursued by the Foundation or a third party, except where such interests are outweighed by your countervailing interests or fundamental rights and freedoms as a Data Subject and require protection of your Personal Data from Processing.

7.2 Processing Personal Data may be allowed under multiple categories listed above.

8. Children's Privacy and Data Protection

8.1 Our Services are not intended for use by children under eighteen (18). We do not seek or knowingly collect any Personal Data about children under eighteen (18) years of age. If we discover we've unknowingly collected information about a child under eighteen (18), we will make commercially reasonable efforts to delete such Personal Data and other information.

8.2 If you are the parent or guardian of a child under eighteen (18) who has provided us with their Personal Data or other information, you can contact us to request its deletion.

9. Your Rights as a Data Subject

9.1 By written notice to the Controller, you may be entitled to receive, in a clear format, the Personal Data we hold about you; the legal basis for collecting that Personal Data; and any information available to us regarding the source of that Personal Data, provided that the Personal Data can be disclosed without revealing Personal Data of another Data Subject. We may request additional information from you to confirm your identity or locate the information you seek. We are not obligated to provide you with Personal Data unless you meet our requirements. We will endeavor to respond to a request for Personal Data within 30 days.

9.2 By written notice to the Controller, you may be entitled to request that we stop processing, or not begin processing, or stop processing for a specified purpose or in a specified manner, your Personal Data. We will comply with your request unless Processing is necessary for the performance of a contract you're a party to; processing is necessary for compliance with any obligation you are subject to; processing is necessary to protect your vital interests; or processing is necessary in other circumstances as may be prescribed by regulations.

9.3 By written notice to the Controller, you may be entitled to correct any errors or omissions in your Personal Data held by or under the control of the Gam3 Foundation. As far as is practical, we will comply with your request, inform you of the correction, and inform third parties to whom the data has been disclosed. We will make a reasonable effort to verify that your Personal Data processed by or on behalf of the Foundation is accurate and complete. Personal Data is generally obtained directly from you as the Data Subject.

9.4 In the event of a known data breach involving any loss, misuse, or alteration of your Personal Data that is likely to result in a material risk to your rights and freedoms, and unless Data Protection Laws require otherwise, the Gam3 Foundation will use reasonable efforts to notify you and applicable supervisory or data protection authorities within five days barring exceptional circumstances.

9.5 You may have additional rights under Data Protection Laws applicable in your jurisdiction.

10. Disclosure of Personal Information to Third Parties

10.1 The Gam3 Foundation may transfer or provide access to your Personal Data, for legitimate purposes, to service providers across jurisdictions (including jurisdictions other than the jurisdictions applicable to you as a Data Subject) and entities in accordance with this Policy, data protection agreements, and intercompany agreements, all of which are intended to be aligned with Data Protection Laws applicable to you as a Data Subject. Here are some examples of who we may disclose personal information to:

(a) Third-Party Service Providers: To enable them to provide services to us, such as IT service providers, data storage, web-hosting and server providers, maintenance or problem-solving providers, marketing or advertising providers, professional advisors, and payment systems operators.

(b) Third-Party Integrations: Third parties who integrate our Services into their own products and services, and who may use your personal information for their own purposes independent of the Gam3 Foundation. In these cases, we are not responsible for the independent use of your personal information by those third parties.

(c) Affiliates: Our employees, contractors, and/or related entities. This includes sharing personal information between companies within our group for use and disclosure as described in this Privacy Policy in relation to any Services they may provide to you.

(d) Verification Services: Government agencies or identity verification service providers who may access third-party databases, document issuers, official record holders, and other sources to perform identity verification services.

(e) Digital Asset Transactions: Merchants and the recipients of digital assets to identify you as the sender of the assets and to a party who sends you digital assets in connection with a transfer to you of digital assets.

(f) Business Partners: Our existing or potential agents or business partners.

(g) Promotions and Competitions: Sponsors or promoters of any promotions or competitions we run.

(h) Business Transfers: Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred.

(i) Debt Collection and Legal Matters: Debt collection agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you, or as required or authorized by law in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights.

(j) Analytics Providers: Third parties that collect and process data to provide services to us, such as Google Analytics (see the "Cookies" section below for more information about Google's use of such data) or other relevant businesses.

(k) Legal Requirements: Any other third parties as required or permitted by law, such as where we receive a subpoena.

10.2 The Gam3 Foundation does not allow Processors to process your Personal Data for their own purposes. Processors are only permitted to process your Personal Data for specified purposes and in accordance with the Foundation's instructions. However, the Gam3 Foundation may share your Personal Data with third parties to process on their own behalf. Such third parties would be considered joint Controllers of such Personal Data. Although joint Controllers have shared discretion over the purposes of Processing, all such Controllers should Process such shared Personal Data in accordance with Data Protection Laws applicable to you as a Data Subject. We will provide you with the names of the third parties processing your Personal Data upon written request. We encourage you to review the privacy policies of those third parties.

11. Important Note on Data Transfers to the United States

11.1 Some of the third-party service providers mentioned in this Privacy Policy may be located in the United States (USA). The USA government may have surveillance measures in place that allow them to access Personal Data of individuals whose data has been transferred to the USA. These measures are broad and may not consider the purpose of the data collection or the individual's rights.

11.2 In the USA, individuals may not have the same legal rights to access, correct, or delete their Personal Data as they do in other jurisdictions. Additionally, legal protections against government access to data may be limited. While the Gam3 Foundation will use commercially reasonable efforts to ensure your Personal Data is protected through contractual agreements with these third-party service providers, we cannot guarantee the same level of protection as in your home jurisdiction.

12. Security Measures for Your Personal Data

12.1 The Gam3 Foundation prioritizes data privacy and security. We implement a combination of technical and physical safeguards to protect your Personal Data from unauthorized access, unlawful processing, or accidental loss. This includes using various security systems and applications to keep your data secure at all times.

12.2 We take a risk-based approach to data security. We assess the potential risks associated with different types of data processing, considering the likelihood and severity of any potential harm to your rights and freedoms. These risks could include accidental or unlawful destruction, loss, disclosure, alteration, or unauthorized access to your Personal Data. We strive to implement appropriate technological and organizational controls to mitigate these risks. This may include limiting access to your data through access control systems and password protections.

13. Third-Party Websites and Social Media

13.1 Our websites may contain links to third-party websites and social media platforms (collectively, "Social Media") that are not owned or controlled by the Gam3 Foundation, such as Twitter, Discord, or Medium. The Gam3 Foundation is not responsible for the privacy practices or content displayed on these third-party sites and Social Media. We recommend that you review their privacy policies and terms of use before using them. We do not guarantee or endorse the privacy or security of these sites, and we are not responsible for the accuracy, completeness, or reliability of information found on them.

13.2 When you interact with the Gam3 Foundation's content on Social Media or a third-party website, the Gam3 Foundation may collect Personal Data associated with your account on that platform.

13.3 Clicking on a link to Social Media used by the Gam3 Foundation may establish a direct connection between your browser and the server of the Social Media platform. This tells the Social Media platform that you have visited our website with your IP address and accessed the link. If you access a link while logged into your account on the Social Media platform, the content of our website may be linked to your profile. To prevent this, you should log out of your Social Media account before clicking on relevant links.

13.4 Some features of our Services may require you to connect a compatible third-party digital wallet. By using such a wallet with our Services, you agree that your interactions with that wallet are governed by the wallet's privacy policy and terms of use. The Gam3 Foundation is not responsible for the actions of third-party wallets, including the use or disclosure of your personal information by those wallets.

14. When You Visit Our Websites

14.1 When you visit our websites, our servers temporarily record each access in a log file. This data may be collected and stored by the Gam3 Foundation until deletion, as permitted by applicable laws:

IP address of the requesting computer
Internet access provider
Date and time of access
Name and URL of the retrieved file
Referring webpage address
Search terms used (if applicable)
Country of access
Operating system and browser information
Transmission protocol used

14.2 We collect and process this data to enable website functionality (connection establishment), ensure system security and stability, optimize our website, and for internal statistical purposes. We rely on our legitimate interest to process data for these purposes.

14.3 Only in the event of a cyberattack or suspected unauthorized or abusive website use will the IP address be used for investigation and defense. If necessary, it may also be used in legal proceedings to identify and take action against the users involved. We rely on our legitimate interest to process data for these purposes.

15. Cookies

15.1 When you visit our website, we may use a common practice of placing small data files called cookies, flash cookies, pixel tags, or other tracking tools (collectively, "Cookies") on your computer or other devices. These Cookies are tiny bits of information that are automatically stored on your device's web browser and can be retrieved by us. You can find more information about cookies on this website.

15.2 The information we collect through Cookies may include unique identifiers and details about your browsing preferences. We use these technologies for several purposes:

Recognize you as a user: This allows us to personalize your experience on our website.
Improve our services and content: By understanding how you use our website, we can tailor our offerings to better suit your needs.
Ensure account security: We use Cookies to help detect irregular or suspicious activity on your account, protecting your security.

By using our website, you acknowledge and understand that we may collect and share data collected through Cookies with third-party service providers, such as analytics providers, who may also use similar technologies. If you block or delete Cookies, some features of our website may not function properly.

16. Tracking Tools

16.1 We use various web analytics services to monitor activity on our websites, including but not limited to Gam3 Foundation Analytics (powered by Google Analytics). Gam3 Foundation Analytics uses cookies and similar technologies to collect information about your use of our website. This information may include:

The pages you visit on our website
How long you spend on each page
The links you click
The device you are using
Your approximate location
Your browser type and operating system
The referring website (if applicable)
The date and time of your visit

16.2 Gam3 Foundation Analytics transmits this information to servers in the United States and stores it there. However, Gam3 Foundation uses anonymization techniques to obscure your IP address before it is transmitted. According to Google, anonymized IP addresses are not merged with other Google data. Only in exceptional circumstances will your full IP address be transmitted to a Google server in the U.S. and anonymized there. In these cases, Gam3 Foundation will use reasonable efforts to ensure that Google implements appropriate data protection measures.

16.3 We use this information to evaluate website usage, compile reports on website activity, and improve our website and services. We may share this information with third-party service providers who help us analyze website data. However, we will not associate your IP address with any other personally identifiable information.

16.4 The legal basis for processing this data is your consent, which you provide by accepting our Terms of Use. You can withdraw your consent at any time by contacting us.

17. Updates to this Privacy Policy

17.1 The Gam3 Foundation reviews this Privacy Policy at least annually and may update it from time to time to reflect changes in applicable Data Protection Laws, our privacy practices, data protection practices, or security measures. If we make significant changes to the Policy, we will update the "Last Revised" date at the top of this Policy, make reasonable efforts to notify you (such as through a notification on our Services or other means consistent with applicable law), and take any additional steps required by law.

17.2 If you disagree with any updates to this Policy, you should discontinue using our Services. Your continued use of the Gam3 Foundation website or Services after any updates constitutes your acknowledgment and understanding of the revised Policy.

18. Contacting Us

18.1 You can contact the Gam3 Foundation by email or through Social Media.

18.2 You are responsible for the content of any messages you send to the Gam3 Foundation. We recommend that you avoid sending confidential information. We only collect Personal Data that you voluntarily provide to us. Therefore, you are responsible for the information you transmit. We may ask you for additional information to answer your inquiries. We will only collect Personal Data from you if it is necessary to respond to your questions or provide the services you request.

18.3 The Gam3 Foundation has a legitimate interest in processing your data when responding to your inquiries. You can object to this data processing at any time by contacting us.

19. Contact Information

19.1 If you have any questions about our privacy practices, your Personal Data, or this Policy, please contact us at [email protected].

19.2 If you have a privacy or data use concern that we have not addressed to your satisfaction, you may contact the data protection regulator in your jurisdiction.