Your privacy is important to Asmodee. This Privacy Notice explains how we handle and treat your personal data when you use the products or services that Asmodee provides.
This Privacy Notice explains our approach to any personal data that we collect from you or that we have obtained about you from a third party and the purposes for which we process your personal data. It also sets out your rights in respect of our processing of your personal data.
We may collect personal data from you in the course of our business, including when you use our when you enter in our competitions or participate in tournaments, or when you contact or request information from us.
Protecting the safety and privacy of children is very important to us. We do not knowingly collect or use personal data from anyone under the age of 18 years old. Therefore, if you are under the age of 18 years old, please ask for your parent or legal guardian's permission before contacting us.
3. What personal data do we collect about you?
We collect information regarding you, such as:
- Identification data such as your first and last names and your birthdate,
- Contact details such as your email or postal address,
- Other information necessary to provide our products and services, and to respond to your inquiries.
4. How do we use your personal data?
We process your personal data in order to manage the relationship with you and to provide customer service. In that regard, we process your personal data for several purposes. In the table below, you can read more about the various purposes of our processing of your personal data in various situations. You can also see which data we process in the different situations and what the legal basis for our processing is.
Purpose for processing
1.Communication with you
When you contact us (e.g. by email), your inquiry will often contain personal data, including your contact details and other personal data that you may disclose to us. We process such data e.g. to be able to process and answer your enquiries and provide general customer service etc.
The legal basis for our processing is article 6(1)(f) of the GDPR as we pursue our legitimate interest in being able to communicate with you and provide customer service.
When throwing tournaments, we process your identification data.
The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in being able to communicate with you in relation to tournaments and serve you meals.
If you win a competition, we process your identification data in order to deliver your reward.
The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in being able to deliver your reward to you.
5. Who do we disclose your personal data to?
5.1 Disclosure to external third parties We disclose personal data included in our accounting records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. We may also disclose personal data to logistics services. Further, we may disclose your personal data to our relevant business partners, including external advisors, in connection with particular inquiries, agreements or cases.
5.2 Use of processors We make your personal data available to our processors who e.g. host and support our IT systems.
6. Do we transfer your personal data to third countries?
Asmodee uses service providers that are located outside the EU and the EEA. The basis for such transfer is the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council as we have entered into such standard contractual clauses with the relevant recipients of the data.
If you want additional information about our transfer of Personal Data outside the EU and EEA, including a copy of the relevant security measures, etc., you may make a request for such additional information by contacting us (see section 10 below).
7. How long do we retain your personal data?
We are required to only store your personal data for the period necessary for us to fulfil the purposes for which they were collected. For that reason, we have established the time limits for erasure set out in the table below. As a general rule, we erase or anonymise your personal data according to the time limits stated below unless it is necessary that we continue to store them, e.g. for the purpose of particular cases or the like.
Storage and time limits for erasure
1.Communication with you
As a general rule, we erase data not related to particular case or agreement 6 months after the end of the financial year in which your last inquiry was closed.
As a general rule, data related to tournaments will be erased 6 months after the tournament. Data related to food preferences will be deleted immediately after the tournament.
As a general rule, data related to competitions will be erased as soon as we have sent the award to the winner of the competition.
8. Security of your personal data
We are committed to keeping your personal data secure and we have implemented appropriate information security policies, rules and technical measures to protect it from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
9. What are your rights?
You have a number of rights in relation to your personal data. More information about each of these rights is set out below:
- Right to withdraw consent. You have the right to withdraw your consent at any time. You may do so by contacting Asmodee Nordics using the contact details below. If you decide to withdraw your consent, it will not affect the lawfulness of processing based on your consent until the time of withdrawal. If you withdraw your consent, it will not become effective until such time.
- Right to access. If you ask us, we will confirm whether we process your personal data, and if so, we will give you a copy of them.
- Right to rectification. If your personal data are inaccurate or incomplete, you have a right to ask us to correct or complete them.
- Right to erasure. In certain circumstances, you may ask us to erase your personal data. You can ask us to erase your personal data in the following cases: where it is no longer necessary for the purposes for which it was collected; you withdrew your consent; you objected to the processing of your personal data; your personal data has been processed unlawfully; or if the data have to be erased for compliance with a legal obligation. We are not required to comply with your request, e.g. if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
- Right to restriction. In certain circumstances, you may ask us to restrict our use of your personal data. You can ask us to restrict the processing of your personal data where: the accuracy of your personal data is contested; the processing is unlawful, but you do not want it erased; we no longer need the personal data for the purpose of the processing, but they are required to establish, exercise or defend legal claims; to verify the existence overriding grounds following the exercise of your right of objection. Where processing has been restricted, apart from storing, we can only process the data with your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Right to data portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have the data transmitted to another data controller, but only where the processing is based on your consent or on the performance of a contract with you, and the processing is carried out by automated means.
- Right to object. In certain circumstances, you have the right to object to our processing of personal data, e.g. where the processing is based on our legitimate interests (see section 3) and with regard to processing related to direct marketing.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. In Denmark, the supervisory authority for the protection of personal data is the Danish Data Protection Agency, or Datatilsynet, see www.datatilsynet.dk.
10. Contact and complaints
For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data, please contact firstname.lastname@example.org.
11. Changes to this Privacy Notice
We may occasionally change this Privacy Notice, for example, to comply with new requirements imposed by the applicable laws, technical requirements or good commercial practices. We will notify you in case of material changes.