PRIVACY POLICY

BY ACCESSING THE WEBSITE, OR PROVIDING YOUR PERSONAL DATA TO US, AND SUBJECT TO YOUR RIGHTS AT LAW, YOU
CONFIRM THAT YOU HAVE READ, UNDERSTOOD AND ACCEPTED THESE TERMS AND CONDITIONS UNDER THIS PRIVACY
POLICY.

PLEASE ENSURE YOU HAVE READ IT CAREFULLY, PARTICULARLY THE SECTION DETAILING YOUR RIGHTS ABOUT THE
PERSONAL DATA THAT WE COLLECT ABOUT YOU. IF YOU DO NOT AGREE WITH ANY ASPECT OF THE PRIVACY POLICY, PLEASE
DO NOT ACCESS THE WEBSITE.

Last Updated: 20.08.2024

Notice of changes: 20.08.2024

1. WHAT THIS POLICY COVERS

  • 1.1. The Privacy Policy (the “Policy”) outlines how NEKKI LTD (“we”, “us”, or “Nekki”)
    collects, uses, stores, and discloses your Personal Data when using the website https://dev.spine.game/ (the “Website”).
  • 1.2. This Policy should be read together with, and forms part of, our Terms and Conditions
    (the “Terms”), which are available at [please specify the link when it’s available] on the Website. Unless
    otherwise defined herein, capitalized terms in this Policy have the meaning given to them in the Terms.
  • 1.3. To ensure your privacy, we:
    • do not collect any Personal Data without sufficient lawful basis, namely your consent;
    • collect only a minimum amount of Personal Data that is needed;
    • do not monetize your Personal Data;
    • do not check your Personal Data, except where such a check is necessary for us to fulfill our
      obligations to you;
    • process your Personal Data as transparently as practically possible.
  • 1.4. By providing access to our Website, we act reasonably as well as in good faith and
    believe that you:

    • have all necessary rights to access the Website;
    • provide true, accurate, current, and complete information about yourself;
    • reach the minimum age in the relevant territory or your parents or other legal representatives agree
      that you access the Website;
    • carefully read, understand, and accept this Policy.
  • 1.5. Nekki is guided by relevant laws and regulations regarding privacy and Personal Data
    protection, including but not limited to the Regulation (EU) 2016/679 or General Data Protection Regulation
    (“GDPR”). Please note that some terms, procedures, rights and obligations related to privacy may vary in
    different countries, depending on the applicable local laws.
  • 1.5.[1.6.] This Policy supplements but does not supersede or replace any other consents you
    may have previously provided to us in respect of your Personal Data, and your consents herein are additional
    to any rights which Nekki may have at law to collect, use or disclose your Personal Data.
  • 1.6.[1.7.] We may from time to time update this Policy to ensure that it is consistent with
    future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your
    rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time
    following Section 3 of the Policy. Please check back regularly for updated information on how to handle your
    personal data
  • 1.7.[1.8.] For purposes of this Policy, “Personal Data” means any information that directly
    or indirectlyidentifies a particular individual, including any other information that is subject to
    applicabledata protection laws
  • 1.9. This Policy applies to our collection, use and disclosure of Personal Data related to
    the users visiting the Website. This Policy does not apply to job applicants or to Nekki employees and
    non-employee contractors, whose Personal Data is subject to different privacy notices.

2. About us

  • 2.1. Nekki is a data controller. This means that we determine the purposes and means of the
    Personal Data processing and, therefore, are responsible for your Personal Data.
  • 2.2. Our contact details are the following:
    • official email: info@nekki.com
    • correspondence address: Kimonos, 43Aa, 3095, Limassol, Cyprus.
  • 2.3. For questions or complaints about processing your Personal Data or our handling of
    Personal Data, please contact our Data Protection Officer (DPO), Sergey Sorokin, at any of the following:
    official email:

    • official email: info@nekki.com
    • correspondence address: Kimonos, 43Aa, 3095, Limassol, Cyprus.
  • 2.4. After receiving the request, we will contact you to find out how we can help. If you have
    any complaints about how we process your Personal Data, we will always prefer that you contact us first.
  • 2.5. Before responding to your request, we will take reasonable steps to verify the identity of
    the person making the request.
  • 2.6. If we have doubts as to the identity of the person making the request, we may ask for
    additional information to confirm your identity.
  • 2.7. If, having requested additional information, we are still not able to identify you, we may
    refuse to act on your request

3. THE POLICY CAN BE CHANGED

  • 3.1. We reserve the right to change the terms of this Policy at any time and at our discretion
  • 3.2. If we decide to update the Policy, we will notify you about the changes in advance and
    before the changes take effect via the Website
  • 3.3. Additionally, we will always:

    • post the new version of the Policy here so that you always know about our approach to your Personal Data
      processing;
    • provide all updates made compared to the previous version of the Policy by modifying the section “Notice
      of Changes” above.
  • 3.4. We encourage you to periodically check our Policy to monitor the updates on it. We will
    always post the date our Policy was last updated at the top

4. WHAT PERSONAL DATA WE PROCESS AND HOW WE DO THIS

  • 4.1. The scope of Personal Data we process varies based on the purpose for which we process
    it.
  • 4.2. The table below contains specific information about the purposes of Personal Data
    processing,their scope, the lawful basis for processing, and the Personal Data retention period:
    • Purpose of processing Scope of Personal Data Lawful basis for processing Retention period
    To send you main news and other information about our product – the “Spine” videogame Email address IP addres We process your Personal Data under the consent given by you. Such consent is deemed given by you
    if you put a tick in the “I agree to the processing of my Personal Data” box that will appear when
    you register on the Website.    		 We only store your Personal Data for as long as necessary for the purpose the data was collected
    for. This means that Personal Data collection based on your consent will be deleted if you withdraw
    your consent or delete your account unless we are required to retain all or part of the data under
    applicable law. After that, Personal Data is destroyed by erasing from the cloud server.
  • 4.3. Cookies. We use cookies and other tracking technologies on our Website. Cookies are
    small text files that are downloaded to your device when you visit the Website and that identify your
    browser or device. The next time you visit the Website, it will recognize the cookies as well as your device
    and send this information back to the Website, which originally created the cookies, or to another Website,
    platform, or application that recognizes them. Other types of tracking technologies work similarly to
    cookies and place small data files on your devices or monitor your Internet activity to enable us to collect
    information about how you use the Website. Cookies and other tracking technologies we use do not harm your
    device.
  • 4.4. The Website is integrated with the services of the third-party suppliers in some cases.
    In such a scenario, the respective third parties may place their own cookies and other tracking
    technologies, which are governed by their relevant policies
  • 4.5. Generally, cookies and other tracking technologies help us to recognize your device and
    track your activities, thereby allowing us to improve our Website, adapt it to your interests and needs as
    well as ensure your security
  • 4.6. The table below contains information regarding cookies:
    • Name Domain Description Expiration Type
    YSC .youtube.com YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages. Session Advertisement
    VISITOR_ INFO1_ LIVE .youtube.com A cookie set by YouTube to measure band width determines whether the user gets the new or old
    player interface.    		 6 months Advertisement
    VISITOR_ PRIVACY_ METADATA .youtube.com YouTube sets this cookie to store the user’s cookie consent state for the current domain. 6 months Advertisement
    sessionid store.steam powered.com Protects users and services from certain attacks (also called cross-site request forgery or CSRF
    attacks)    		 Session Other
    _ga_* .spine.game Google Analytics sets this cookie to store and count page views. 2 years Analytics
    _ga .spine.game Cookie, installed by Google Analytics, calculates visitor,session and campaign data and also keeps
    track of siteusage for the site’s analytics report. The cookie stores information anonymously and
    assigns a randomly generated number to recognize unique visitors    		 2 years Analytics
    yt-remote- device-id youtube.com YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. Permanent Functional
    yt-player- headers- readable youtube.com The cookie is used by YouTube to store user preferencesrelated to video playback and interface,
    enhancing the user’s viewing experience    		 Permanent Functional
    yt-remote- connected- devices youtube.com YouTube sets this cookie to store the video preferences of the user using embedded YouTube video Permanent Functional
    yt-remote- session- app youtube.com The cookie is used by YouTube to store user preferences and information about the interface of the
    embedded YouTube video player    		 Session Functional
    yt-remote- cast- installed youtube.com The cookie is used to store the user’s video player preferences using embedded YouTube video Session Functional
    yt-remote- session-name youtube.com The cookie is used by YouTube to store the user’s video player preferences using embedded YouTube
    video    		 Session Functional
    yt-remote- fast-check- period youtube.com The cookie is used by YouTube to store the user’s video player preferences for embedded YouTube
    videos    		 Session Functional
  • 4.7. We use сookies and other tracking technologies only if you provide your respective
    consent. Otherwise, in the absence of it, we will use strictly necessary cookies only (if they are used),
    because they are needed for the functioning of the Website. We will not be able to ensure that the Website
    is working for you without such cookies. The usage of strictly necessary cookies is based on our legitimate
    interest in guaranteeing the smooth operation of the Website
  • 4.8. We may also collect information about you from any emails or letters that you send to
    us. We only use any such information in accordance with this Policy. Such information may be received by us,
    for example, by email, or via Discord server/
  • 4.9. We do not process any special categories of Personal Data. If such data accidentally
    falls into our possession, we immediately delete it and use any other reasonable measures to prevent the
    disclosure of such information to third parties.
  • 4.10. Direct marketing. You agree that by entering your email address in the
    “Subscribe”     field on the Website and by pressing the “Subscribe” button you give consent to
    receive regular newsletter or marketing messages from us related to our products.
  • 4.11. If you wish to stop receiving our marketing communications, you can unsubscribe
     at any time by clicking the “unsubscribe” link at the bottom of our emails or by contacting us directly
    at [insert email address]. Your request will be processed promptly, and you will no longer receive marketing
    emails from us.

5. DETAILS OF DATA PROCESSING

  • 5.1. We will start processing your Personal Data when we determine your country via IP
    address
  • 5.2. Your Personal Data will not be collected and processed by us if you do not access our
    Website
  • 5.3. The provision of Personal Data is not a statutory or contractual requirement, as well as
    is not a requirement necessary to enter into a contract. You are free to refuse the processing of your
    Personal Data
  • 5.4. However, if you refuse to consent to our processing of your Personal Data, we may limit
    your access to our Website functionality. Nekki is not liable if the missing Personal Data processing
    prevents the adequate use of the Website.
  • 5.5. We process the Personal Data that:
    • you or your legal representative provide to us;
    • can be tracked (e.g., using cookies and similar technologies).
  • 5.6. We deem confidential any of your Personal Data. Nevertheless, we can disclose them in
    cases stipulated in applicable local laws, including GDPR. In particular, to public authorities
  • 5.7. We do not receive your Personal Data from publicly accessible sources
  • 5.8. We use the services of some processors in order to process your Personal Data, namely:
    • Processor What it does More information
    Google LLC Provides us with Google Analytics – the tool that helps us understand how people use our Website,
    so we can take action to improve users’ experience. Also provides us with Youtube features, i.e.
    views tracking etc.    		 Privacy policy
    Amazon Web Services, Inc Provides servers for the Website hosting. Privacy policy
  • 5.9. These processors store your Personal Data on their servers and provide us with other
    services of support systems for the Website.
  • 5.10. They process your Personal Data in accordance with the terms of the written contracts
    concluded between Nekki and its processors. These contracts provide that the processors shall process and
    use your Personal Data only to the extent provided in the contract. The terms of the contracts do not
    violate the processors’ obligations and your rights as a data subject.
  • 5.11. We do not process your Personal Data automatically so you cannot be the subject to a
    decision based solely on automated processing, including profiling.

6. SECURITY

  • 6.1. We are committed to protecting the security of your personal information. We use
    reasonable information security measures, including physical, administrative, and technical safeguards,
    including but not limited to, firewalls, antivirus and SSL encryption in order to protect your personal
    information from:

    • unauthorised access;
    • improper use or disclosure;
    • unauthorised modification or alteration;
    • unlawful destruction or accidental loss.
  • 6.2. These measures vary based on the sensitivity of the information that we collect,
    process, and store and the current state of technology.
  • 6.3. Our employees and third parties are obliged to keep Personal Data confidential when
    accessing your information. Anyone who has such access is subject to strict contractual obligations
    regarding confidentiality and may be subject to disciplinary action if he does not fulfill these
    obligations.
  • 6.4. We are constantly improving our data security systems and doing everything in our
    capacity to prevent its breach. In case such a breach occurs, we undertake to notify you and the regulators
    about the incident as quickly as possible, as well as to make every effort to minimize negative
    consequences.

7. TRANSFER AND STORAGE

  • 7.1. Personal Data we collect may be stored and processed for the purposes set out in this
    Policy in any country in which we operate. Besides, your Personal Data may be transferred, stored, and
    processed by recipients in various countries around the world where our servers are located, and our
    databases are operated. We do all necessary to make sure all recipients understand the necessity to process
    Personal Data only on a legal basis considering any and all applicable legislation.
  • 7.2. Our servers are located in the European Economic Area (EEA), namely in Germany and the
    Netherlands. Such servers are provided by Amazon
  • 7.3. We do not sell your Personal Data. We also do not allow any Personal Data to be used by
    third parties for their own marketing purposes, except in cases where you explicitly request or provide
    consent for us to do so. However, we do need to share Personal Data to provide smooth Website operation to
    you. Below are the different scenarios under which we may share your data with third parties.
  • 7.4. We may transfer your Personal Data to the following third parties’ categories:
    • any third party to whom we assign or novate any of our rights or obligations under a relevant
      agreement;
    • any national or international regulatory, enforcement, exchange body, central or local government
      department, and other statutory or public bodies or court where we are required to do so by applicable
      law or regulation at their request;
    • any third parties, if you expressed your consent to such transfer or transfer of your Personal Data;
    • third parties mentioned in Subsection 5.8 of the Policy.
  • 7.5. The use of our Website often involves the transfer of Personal Data to recipients and
    third parties both inside and outside the EuropeanEconomic Area (EEA). We take care to ensure our partners
    regardless of location have sufficient safeguards in place to properly process and protect your Personal
    Data in line with our own data protection and information security standards.
  • 7.6. One of the important steps we take when it comes to international data transfers
    involving third parties is due diligence and vetting. As part of the third-party vetting process, we ensure
    that Personal Data will only be transferred to a third party located outside the EEA with the required
    cross-border transfer mechanism and safeguards in place. This means that when we engage a third party that
    is located outside of the EEA, we agree on the appropriate level of data protection, including additional
    contractual, technical, and organizational measures and the execution of a transfer impact assessment where
    necessary, to ensure the ongoing protection of the rights and freedoms of all individuals, inside and
    outside the EU. We consistently monitor changes to the international transfer mechanisms permitted under
    applicable privacy laws to ensure ongoing compliance with international data protection standards.

8. DATA SUBJECT’S RIGHTS

  • 8.1. You have many rights over your Personal Data and how it is used. Here are set out the
    major rights, which are available to you and how to make use of those rights:
    • Right to access your Personal Data At any time, you can ask us about what your Personal Data we have, what we do with them, why we
    process them, who we have told about you, etc. You also can ask us to give you a copy of the
    Personal Data processing, if you like. To request access, send us an email via [ ] headed “Subject
    Access Request”.
    Right to rectify your Personal Data At any time, you can request that we update, block or delete your Personal Data if the data is
    incomplete, outdated, incorrect, unlawfully received or there is no need to proceed with it anymore.
    Right to erasure At any time, you can ask us to delete all Personal Data that we have about you – it is your right
    to be forgotten, as if we have never met before. However, we have the right not to erase your
    Personal Data and process it insofar as the processing is permitted by the applicable law on
    Personal Data, including but not limited to the purposes ofsettling claims and disputes, as well as
    sending responses to requests from state authorities.
    Right to restrict the use of your Personal Data For example, if you think that your Personal Data is not accurate and we need time to check it, we
    can pause in processing your Personal Data enough to clarify, whether it is so or not
    Right to object to the processing of your Personal Data At any time, you can tell us to stop and we will no longer process your Personal Data, but we can
    still keep them if there is legitimate ground for that.
    Personal Data legitimate ground for that.
    Right to data portability If you wish, you can ask us to download (export) all Personal Data that we have in the format
    acceptable to give it to someone else or ask us to give them your data directly
    Right not to be subject to an automated decision If we process your Personal Data automatically and we make some decisions according to it, and it
    affects you in any serious way, you can express your point of view and contest such a decision. But
    in reality, we do not do this.
    Right to lodge a complaint with a supervisory authority You always can complain about us and about the way we are processing your Personal Data
  • 8.2. Before we process any request, we may ask you for certain information in order to verify
    your identity. Where permitted by local law, we may reject requests that are unreasonable or impractical. We
    will respond to your requests in a reasonable timeframe.