1.1. The Privacy Policy (the "Policy") outlines how NEKKI LTD ("we", "us", or "Nekki") collects, uses, stores, and discloses your Personal Data when using the website https://spine.game/ (the "Website")..

1.2. This Policy should be read together with, and forms part of, our Terms and Conditions (the "Terms"), which are available at [please specify the link when it's available] on the Website. Unless otherwise defined herein, capitalized terms in this Policy have the meaning given to them in the Terms.

1.3. To ensure your privacy, we:

• do not collect any Personal Data without sufficient lawful basis, namely your consent;
• collect only a minimum amount of Personal Data that is needed;
• do not monetize your Personal Data;
• do not check your Personal Data, except where such a check is necessary for us to
• fulfill our obligations to you;
• process your Personal Data as transparently as practically possible.

1.4. By providing access to our Website, we act reasonably as well as in good faith and believe that you:

• have all necessary rights to access the Website;
• provide true, accurate, current, and complete information about yourself;
• reach the minimum age in the relevant territory or your parents or other legal representatives agree that you access the Website;
• carefully read, understand, and accept this Policy.

1.5. Nekki is guided by relevant laws and regulations regarding privacy and Personal Data protection, including but not limited to the Regulation (EU) 2016/679 or General Data Protection Regulation ("GDPR"). Please note that some terms, procedures, rights and obligations related to privacy may vary in different countries, depending on the applicable local laws.

1.5.[1.6.] This Policy supplements but does not supersede or replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which Nekki may have at law to collect, use or disclose your Personal Data.

1.6.[1.7.] We may from time to time update this Policy to ensure that it is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time following Section 3 of the Policy. Please check back regularly for updated information on how to handle your personal data

1.7.[1.8.] For purposes of this Policy, "Personal Data" means any information that directly or indirectly
identifies a particular individual, including any other information that is subject to applicable
data protection laws.

1.9. This Policy applies to our collection, use and disclosure of Personal Data related to the users visiting the Website. This Policy does not apply to job applicants or to Nekki employees and non-employee contractors, whose Personal Data is subject to different privacy notices.

2.1. Nekki is a data controller. This means that we determine the purposes and means of the Personal Data processing and, therefore, are responsible for your Personal Data.

2.2 Our contact details are the following:

• official email: info@nekki.com
• correspondence address: Kimonos, 43Aa, 3095, Limassol, Cyprus.

2.3 For questions or complaints about processing your Personal Data or our handling of Personal Data, please contact our Data Protection Officer (DPO), Sergey Sorokin, at any of the following:

• official email: info@nekki.com
• correspondence address: Kimonos, 43Aa, 3095, Limassol, Cyprus.

2.4 After receiving the request, we will contact you to find out how we can help. If you have any complaints about how we process your Personal Data, we will always prefer that you contact us first.

2.5 Before responding to your request, we will take reasonable steps to verify the identity of the person making the request.

2.6 If we have doubts as to the identity of the person making the request, we may ask for additional information to confirm your identity.

2.7 If, having requested additional information, we are still not able to identify you, we may refuse to act on your request

3.1. We reserve the right to change the terms of this Policy at any time and at our discretion

3.2.[3.3.] If we decide to update the Policy, we will notify you about the changes in advance and before the changes take effect via the Website

3.3 Additionally, we will always:

• post the new version of the Policy here so that you always know about our approach to your Personal Data processing;
• provide all updates made compared to the previous version of the Policy by modifying the section "Notice of Changes" above.

3.4. We encourage you to periodically check our Policy to monitor the updates on it. We will always
post the date our Policy was last updated at the top

4.1. The scope of Personal Data we process varies based on the purpose for which we process it.

4.2 The table below contains specific information about the purposes of Personal Data processing, their scope, the lawful basis for processing, and the Personal Data retention period:

4.3. Cookies. We use cookies and other tracking technologies on our Website. Cookies are small text files that are downloaded to your device when you visit the Website and that identify your browser or device. The next time you visit the Website, it will recognize the cookies as well as your device and send this information back to the Website, which originally created the cookies, or to another Website, platform, or application that recognizes them. Other types of tracking technologies work similarly to cookies and place small data files on your devices or
monitor your Internet activity to enable us to collect information about how you use theWebsite. Cookies and other tracking technologies we use do not harm your device.

4.4 The Website is integrated with the services of the third-party suppliers in some cases. In such a scenario, the respective third parties may place their own cookies and other tracking technologies, which are governed by their relevant policies

4.5 Generally, cookies and other tracking technologies help us to recognize your device and track your activities, thereby allowing us to improve our Website, adapt it to your interests and needs as well as ensure your security

4.6 The table below contains information regarding cookies:

4.7 We use сookies and other tracking technologies only if you provide your respective consent. Otherwise, in the absence of it, we will use strictly necessary cookies only (if they are used), because they are needed for the functioning of the Website. We will not be able to ensure that the Website is working for you without such cookies. The usage of strictly necessary cookies is based on our legitimate interest in guaranteeing the smooth operation of the Website

4.8 We may also collect information about you from any emails or letters that you send to us. We only use any such information in accordance with this Policy. Such information may be received by us, for example, by email, or via Discord server

4.9 We do not process any special categories of Personal Data. If such data accidentally falls into our possession, we immediately delete it and use any other reasonable measures to prevent the disclosure of such information to third parties.

4.10 Direct marketing. You agree that by entering your email address in the “Subscribe” field on the Website and by pressing the “Subscribe” button you give consent to receive regular newsletter or marketing messages from us related to our products.

4.10 If you wish to stop receiving our marketing communications, you can unsubscribe at any time by clicking the "unsubscribe" link at the bottom of our emails or by contacting us directly at [insert email address]. Your request will be processed promptly, and you will no longer receive marketing emails from us.

5.1 We will start processing your Personal Data when we determine your country via IP address

5.2. Your Personal Data will not be collected and processed by us if you do not access our Website

5.3. The provision of Personal Data is not a statutory or contractual requirement, as well as is not a requirement necessary to enter into a contract. You are free to refuse the processing of your Personal Data

5.4. However, if you refuse to consent to our processing of your Personal Data, we may limit your access to our Website functionality. Nekki is not liable if the missing Personal Data processing prevents the adequate use of the Website.

5.5 We process the Personal Data that:

• you or your legal representative provide to us;
• can be tracked (e.g., using cookies and similar technologies).

5.6 We deem confidential any of your Personal Data. Nevertheless, we can disclose them in cases
stipulated in applicable local laws, including GDPR. In particular, to public authorities

5.7 We do not receive your Personal Data from publicly accessible sources

5.8 We use the services of some processors in order to process your Personal Data, namely:

5.9 These processors store your Personal Data on their servers and provide us with other services of support systems for the Website.

5.10 They process your Personal Data in accordance with the terms of the written contracts concluded between Nekki and its processors. These contracts provide that the processors shall process and use your Personal Data only to the extent provided in the contract. The terms of the contracts do not violate the processors’ obligations and your rights as a data subject.

5.11 We do not process your Personal Data automatically so you cannot be the subject to a decision based solely on automated processing, including profiling.

6.1 We are committed to protecting the security of your personal information. We use reasonable information security measures, including physical, administrative, and technical safeguards, including but not limited to, firewalls, antivirus and SSL encryption in order to protect your personal information from:

• unauthorised access;
• improper use or disclosure;
• unauthorised modification or alteration;
• unlawful destruction or accidental loss.

6.2. These measures vary based on the sensitivity of the information that we collect, process, and store and the current state of technology.

6.3. Our employees and third parties are obliged to keep Personal Data confidential when accessing your information. Anyone who has such access is subject to strict contractual obligations regarding confidentiality and may be subject to disciplinary action if he does not fulfill these obligations.

6.4. We are constantly improving our data security systems and doing everything in our capacity to prevent its breach. In case such a breach occurs, we undertake to notify you and the regulators about the incident as quickly as possible, as well as to make every effort to minimize negative consequences.

7.1. Personal Data we collect may be stored and processed for the purposes set out in this Policy in any country in which we operate. Besides, your Personal Data may be transferred, stored, and processed by recipients in various countries around the world where our servers are located, and our databases are operated. We do all necessary to make sure all recipients understand the necessity to process Personal Data only on a legal basis considering any and all applicable legislation.

7.2. Our servers are located in the European Economic Area (EEA), namely in Germany and the Netherlands. Such servers are provided by Amazon, so it should be noted that it has access to your Personal Data.

7.3. We do not sell your Personal Data. We also do not allow any Personal Data to be used by third parties for their own marketing purposes, except in cases where you explicitly request or provide consent for us to do so. However, we do need to share Personal Data to provide smooth Website operation to you. Below are the different scenarios under which we may share your data with third parties.

7.4 We may transfer your Personal Data to the following third parties’ categories:

• any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
• any national or international regulatory, enforcement, exchange body, central or local government department, and other statutory or public bodies or court where we are required to do so by applicable law or regulation at their request;
• any third parties, if you expressed your consent to such transfer or transfer of your Personal Data;
• third parties mentioned in Subsection 5.8 of the Policy.

7.5 The use of our Website often involves the transfer of Personal Data to recipients and third parties both inside and outside the EuropeanEconomic Area (EEA). We take care to ensure our partners regardless of location have sufficient safeguards in place to properly process and protect your Personal Data in line with our own data protection and information security standards.

7.6. One of the important steps we take when it comes to international data transfers involving third parties is due diligence and vetting. As part of the third-party vetting process, we ensure that Personal Data will only be transferred to a third party located outside the EEA with the required cross-border transfer mechanism and safeguards in place. This means that when we engage a third party that is located outside of the EEA, we agree on the appropriate level of data protection, including additional contractual, technical, and organizational measures and the execution of a transfer impact assessment where necessary, to ensure the ongoing protection of the rights and freedoms of all individuals, inside and outside the EU. We consistently monitor changes to the international transfer mechanisms permitted under applicable privacy laws to ensure ongoing compliance with international data protection standards.

8.1. 8.1 You have many rights over your Personal Data and how it is used. Here are set out the major rights, which are available to you and how to make use of those rights:

8.2 Before we process any request, we may ask you for certain information in order to verify your identity. Where permitted by local law, we may reject requests that are unreasonable or impractical. We will respond to your requests in a reasonable timeframe.