404 | Not Found.
404 | Not Found.
404 | Not Found.
Effective date: 05.25.2018 / May 25th 2018
Last updated: 02.11.2022 / February 11th 2022
We at PlayForm ltd. are committed to processing personal data securely and respecting privacy of the concerned individuals.
| Version No. and date of the last update: | v. 1.0. February 11th 2022 |
| This policy shall be reviewed annually or each time when the changes in our data processing occur. | |
Scope. This Personal Data Protection Policy (the “Policy”) describes PlayForm ltd. internal rules for personal data processing and protection. The Policy applies to PlayForm ltd., including PlayForm ltd. employees and contractors (“we”, “us”, “our”, “PlayForm”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
Privacy Manager. Privacy Manager is an employee of PlayForm responsible for personal data protection compliance within PlayForm (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at PlayForm ltd. is Nikola Hristov Nikola@PlayForm.Cloud.
Definitions.
| Competent Supervisory Authority | means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. |
| Data Breach | means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. |
| Data Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. |
| Data Processor | means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. |
| Data Protection Laws | mean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). |
| Data Subject Request (DSR) | means any request from the Data Subject and concerning their personal data and/or data subject rights. |
| Data Subject | means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. |
| Personal Data | means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. |
| Processing | means any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Standard Contractual Clauses | means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). |
| Third Party | means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. |
| User | means a Data Subject who uses our services provided on PlayForm website. |
PlayForm’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that PlayForm’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
We must process the Personal Data in accordance with the following principles:
Lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency). We shall always have a legal ground for the processing (described in Section 3 of this Policy), collect the amount of data adequate to the purpose and legal grounds, and we make sure the Data Subjects are aware of the processing;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation). We must not process the Personal Data for the purposes not specified in our compliance documentation without obtaining specific approval of the Privacy Manager;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization). We always make sure the data we collect is not excessive and limited by the strict necessity;
Accurate and, where necessary, kept up to date (accuracy). We endeavor to delete inaccurate or false data about Data Subjects and make sure we update the data. Data Subjects can ask us for a correction of the Personal Data;
Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (storage period limitation). The storage periods must be limited as prescribed by Data Protection Laws and this Policy; and
Process in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (confidentiality, integrity, and availability).
Accountability.
We shall be able to demonstrate our compliance with Data Protection Laws (accountability principle). In particular, we must ensure and document all relevant procedures, efforts, internal and external consultations on personal data protection including:
the fact of appointing a person responsible for PlayForm’s data protection compliance;
where necessary, a record of a Data Processing Impact Assessment;
developed and implemented notices, policies, and procedures, such as Privacy Notice, this policy or Data Breach response procedure;
the fact of staff training on compliance with Data Protection laws; and
assessment, implementation, and testing organizational and technical data protection measures.
The Privacy Manager must maintain PlayForm’s Records of processing activities, which is an accountability document that describes personal data processing activities of PlayForm, prepared in accordance with Art. 30 of the GDPR (the “Records of processing activities”). The Records of processing activities must maintain, at least, the following information about each processing activity:
contact details of PlayForm, the EU Representative, and, where applicable, of the Data Protection Officer;
name of the activity, its purposes and legal basis along with, where applicable, the legitimate interests of PlayForm;
data subjects and personal data categories concerned;
data retention periods;
general description of applicable security measures;
recipients, including joint controllers, processors, and contractors involved, as well as the fact of the international data transfer with the safeguards applied to the transfer;
where applicable, a reference to the Data Processing Impact Assessment;
where applicable, a reference to the record of the data breach occurred involving the personal data;
if PlayForm acts as a data processor, the information to be provided includes the names and contact details of controllers, name and contact details of controller’s representative (if applicable), categories of processing (activities), names of third countries or international organizations that personal data are transferred to (if applicable), safeguards for exceptional transfers of personal data to third countries or international organizations (if applicable), and general description of technical and organizational security measures.
Legal grounds.
Each processing activity must have one of the lawful grounds specified in this Section to process the Personal Data. If we do not have any of the described, we cannot collect or further process the Personal Data.
If PlayForm is intended to use personal data for other purposes than those specified in the Records of processing activities, the Privacy Manager must evaluate, determine, and, if necessary, collect/record the appropriate legal basis for it.
Performance of the contract. Where PlayForm has a contract with the Data Subject, e.g., website’s Terms of Use or the employment contract, and the contract requires the provision of personal data from the Data Subject, the applicable legal ground will be the performance of the contract.
Consent. To process the personal data based on the consent, we must obtain the consent before the Processing and keep the evidence of the consent with the records of Data Subject’s Personal Data. The Privacy Manager must make sure that the consent collected from Data Subjects meet the requirements of Data Protection Laws and this Policy. In particular, the Privacy Manager must make sure that:
the Data Subject must be free to give or refuse to give consent.
the consent is in the form of an active indication from the Data Subject, i.e., the consent checkbox must not be pre-ticked for the user.
the request for the consent clearly articulates the purposes of the processing, and other information specified in Subsection 6.2 is available to the Data Subject.
the Data Subject must be free to give one’s consent or to revoke it.
Legitimate interests. We have the right to use personal data in our ‘legitimate interests’. The interests can include the purposes that are justified by the nature of our business activities, such as the marketing analysis of personal data. For PlayForm to use legitimate interests as a legal ground for the processing, the Privacy Manager must make sure that:
the legitimate interest in the processing is clearly defined and recorded in the Records of processing activities;
any envisaged risks to Data Subject rights and interests are spotted. The examples of the risks can be found in Subsection 7.2.;
the Data Subjects have reasonable expectations about the processing, and additional protective measures to address the risks are taken;
subject to the conditions of Subsection 6.7 (Right to object against the processing), the Data Subject is provided with the opportunity to opt-out from the processing for the described legitimate interests.
If at least one of the above conditions is not met by PlayForm, the Privacy Manager must choose and propose a different legal ground for the processing, such as consent.
Legal Compliance and Public Interest. Besides the grounds specified afore, we might be requested by the laws of the European Union or laws of the EU Member State to process Personal Data of our Users. For example, we can be required to collect, analyze, and monitor the information of Users to comply with financial or labor laws.
Whenever we have such an obligation, we must make sure that:
we process personal data strictly in accordance with relevant legal requirements;
we do not use or store the collected Personal Data for other purposes than legal compliance; and
the Data Subjects are properly and timely informed about our obligations, scope, and conditions of personal data processing.
Important: Where PlayForm has the law requirements of another country to process personal data, the Privacy Manager must propose using another legal ground for the processing under Data Protection Laws, such as legitimate interests or consent.
Access to Personal Data.
The employees must have access to the personal data on a “need-to-know” basis. The data can be accessed only if it is strictly necessary to perform one of the activities specified in the Records of processing activities. The employees and contractors shall have access to the Personal Data only if they have the necessary credentials for it.
Heads of the departments within PlayForm are responsible for their employees’ access and processing of personal data. The heads must maintain the list of employees that are entitled to access and process personal data. The Privacy Manager shall have the right to review the list and, where necessary, request the amendments to meet the requirements of this Policy.
Heads of the departments within PlayForm must ensure that the employees under their supervision are aware of the Data Protection Laws and comply with the rules set in this Policy. To make sure our employees are able to comply with the data protection requirements, we must provide them with adequate data protection training.
All employees accessing personal data shall keep strict confidentiality regarding the data they access. The employees that access personal data must use only those means (software, premises, etc.) for the processing that were prescribed by PlayForm. The data must not be disclosed or otherwise made available out of the management instructions.
The employees within their competence must assist PlayForm’s representatives, including the Privacy Manager, in any efforts regarding compliance with Data Protection Laws and/or this Policy.
When an employee detects or believes there is suspicious activity, data breach, non-compliance with Data Protection Laws and/or this Policy, or a DSR was not routed to the competent department within PlayForm, the employee must report such activity to the Privacy Manager.
Employees that are unsure about whether they can legitimately process or disclose Personal Data must seek advice from the Privacy Manager before taking any action.
Any occasional access to personal data for activities not specified in the Records of processing activities is prohibited. If there is a strict necessity for immediate access, the Privacy Manager must approve the access first.
Before sharing personal data with any person outside of PlayForm, the Privacy Manager must ensure that this Third Party has an adequate data protection level and provide sufficient data protection guarantees in accordance with Data Protection Laws, including, but not limited to the processorship requirements (Art. 28 of the GDPR) and international transfers compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager must make sure that PlayForm enters into the appropriate data protection contract with the third party.
An employee can share personal data with third parties only if and to the extent that was directly prescribed by the manager and specified in the Records of processing activities.
If we are required to delete, change, or stop the processing of the Personal Data, we must ensure that the Third Parties, with whom we shared the Personal Data, will fulfill these obligations accordingly.
Whenever PlayForm is engaged as a data processor on behalf of another entity, the Privacy Manager must make sure PlayForm complies with the processorship obligation. In particular, the appropriate data processing agreement in accordance with the Data Protection Laws must be in place. The Privacy Manager must supervise the compliance with data processing instructions from the controller, including regarding the scope of processing activities, involvement of sub-processors, international transfers, storage, and further disposal of processed personal data. The personal data processed under the processor role must not be processed for any other purposes than specified in the relevant instructions, agreement or other legal act regulating the relationships with the controller.
If we have the employees, contractors, corporate affiliates, or Data Processors outside of the EEA, and we transfer Personal Data to them for the processing, the Privacy Manager must make sure PlayForm takes all necessary and appropriate safeguards in accordance with Data Protection Laws.
The Privacy Manager must assess the safeguards available and propose to the PlayForm’s management the appropriate safeguard for each international transfer. The following regimes apply to the transfers of Personal Data outside of the EU:
where the European Commission decides that the country has an adequate level of personal data protection, the transfer does not require taking additional safeguards. The full list of adequate jurisdictions can be found on the relevant page of the European Commission’s website1.
to transfer Personal Data to our contractors or partners (Data Processors or Controllers) in other third countries, we must conclude Standard Contractual Clauses with that party. The draft version along with the guidance can be found on the relevant page of the European Commission’s website2;
if we have a corporate affiliate or an entity in other countries, we may choose to adopt Binding Corporate Rules in accordance with Article 47 of the GDPR or an approved code of conduct pursuant to Article 40 of the GDPR;
we also can transfer Personal Data to entities that have an approved certification in accordance with Article 42 of the GDPR, which certifies an appropriate level of company’s data protection.
As a part of the information obligations, PlayForm must inform the Data Subjects that their Personal Data is being transferred to other countries, as well as provide them with the information about the safeguards used for the transfer. The information obligation is to be performed in accordance with Subsection 6.2.
In the exceptional cases (the “Derogation”), where we cannot apply the safeguards mentioned afore and we need to transfer Personal Data, we must take an explicit consent (active statement) from the Data Subject or it must be strictly necessary for the performance of the contract between us and the Data Subject, or other derogation conditions apply in accordance with the Data Protection Laws. The Privacy Manager must pre-approve any Derogation transfers and document the approved Derogations, as well as the rationale for them.
Our Responsibilities.
Privacy Manager is ultimately responsible for handing all DSR received by PlayForm. In the case of receiving any outstanding or unusual DSR, the employee must seek advice from the Privacy Manager before taking any action.
DSR Team within PlayForm is responsible for handling DSRs from PlayForm Users on a daily basis. The Human Resources department is responsible for handling the DSR from PlayForm employees.
All DSRs from the Users must be addressed at and answered from the following e-mail address: dsr@playform.cloud. DSR from the employees can be addressed directly to the HR manager or at dsr@playform.cloud.
The responsible employee must answer to the DSR within one (1) month from receiving the request. If complying with the DSR takes more than one month in time, the responsible employee must seek advice from the Privacy Manager and, where necessary, inform the Data Subject about the prolongation of the response term for up to two (2) additional months.
The responsible employee must analyze the received DSR for the following criteria:
Data Subject identification. Before considering the DSR content, the responsible employee must make sure the Data Subject is the same person he/she claims to be. For this purpose, the connection between the personal data records and the data subject must be established.
Personal data. The responsible employee must check whether PlayForm has access to the personal data requested. If PlayForm does not have the personal data under the control, the responsible employee must inform the Data Subject, and, if possible, instruct on the further steps on how to access the data in question;
Content of the request. Depending on the content of the DSR, the responsible employee must define the type of the request and check whether it meets the conditions prescribed by this Policy and Data Protection Laws. The types of requests and the respective conditions for each of them can be consulted in Subsections 6.3-6.9. If the request does not meet the described criteria, the responsible employee must refuse to comply with the DSR and inform the Data Subject about the reasons for refusing;
Free of charge. Generally, all requests of Data Subjects and exercises of their rights are free of charge. If the responsible employee finds that the Data Subject exercises the rights in an excessive or unfound way (e.g., intended to harm or interrupt PlayForm’s business activities), the employee must seek the advice from the Privacy Manager, and, upon receiving of the latter, may either charge the Data Subject a reasonable fee or refuse to comply with the request;
Documenting. Whenever PlayForm receives the DSR, the Privacy Manager must make sure that the data and time, Data Subject, type of the request and the decision made regarding it are well documented. In the case of refusing to comply with the request, the reasons for refusing must be documented as well;
Recipients. When addressing the DSR, the Privacy Manager must make sure that all concerned recipients were informed the necessary actions were taken.
The right to be informed.
PlayForm must notify each Data Subject about the collection and further processing of the Personal Data.
The information to be provided includes: the name and contact details of PlayForm; generic purposes of and the lawful basis for the data collection and further processing; categories of Personal Data collected; recipients/categories of recipients; retention periods; information about data subject rights, including the right to complain to the competent Supervisory Authority; the consequences of the cases where the data is necessary for the contract performance and the Data Subject does not provide the required data; details of the safeguards where personal data is transferred outside the EEA; and any third-party source of the personal data, without specification for the particular case (except if we receive the direct request from the Data Subject).
The Users must be informed by the Privacy Policy accessible at PlayForm’s website and provided during the user registration. The employees and contractors must be informed by a standalone employee privacy statement, which explains the details described in p. 6.2.2 in a case-based manner, describing the particular purposes and activities.
PlayForm must inform Data Subjects about data processing, including any new processing activity introduced at PlayForm within the following term:
if personal data is collected from the data subject directly, the data subject must be informed at the time we collect Personal Data from the Data Subjects by showing the Data Subject our privacy statement;
if the personal data is collected from other sources: (a) within one month from collecting it; (b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or (c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
upon the request of the Data Subject; and
within one (1) month after any change of our personal data practices, change of the controller of Personal Data or after significant changes in our privacy statements.
The right to access the information.
The Data Subject must be provided only with those personal data records specified in the request. If the Data Subject requests access to all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all personal data of the Data Subject is mapped and provided.
A Data Subject has the right to:
learn if we process the Data Subject’s Personal Data;
obtain disclosure regarding aspects of the processing, including detailed and case-specific information on purposes, categories of Personal Data, recipients/categories of recipients, retention periods, information about one’s rights, details of the relevant safeguards where personal data is transferred outside the EEA, and any third-party source of the personal data; and
obtain a copy of the Personal Data undergoing processing upon the request.
The right to verify the Data Subject’s information and seek its rectification. The information we collect can be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of birth, info on debts, economic activities). If we reveal that the Personal Data is inaccurate or the Data Subject requests us to do so, we must ensure that we correct all mistakes and update the relevant information.
The right to restrict processing.
The restriction of processing allows Data Subjects to temporarily stop the use of their information to prevent the possible harm caused by such use.
This right applies when the Data Subject:
contests the accuracy of the Personal Data;
believes that we process the Personal Data unlawfully; and
objects against the processing and wants us not to process Personal Data while we are considering the request.
In the case of receiving the restriction request, we must not process Personal Data in question for any other purpose than storing it or for legal compliance purposes until the circumstances of restriction cease to exist.
The right to withdraw the consent. For the activities that require consent, the Data Subject can revoke their consent at any time. If the Data Subject revokes the consent, we must record the changes and must not process the Personal Data for consent-based purposes. The withdrawal of consent does not affect the lawfulness of the processing done before the withdrawal.
The right to object against the processing.
If we process the information in our legitimate interests, e.g., for direct marketing emails or for our marketing research purposes, the Data Subject can object against the processing.
In the case of receiving the objection request case, we must consider Data Subject’s request and, where we do not have compelling interests, stop the processing for the specified purposes. If the personal data is still to be processed for other purposes, the Privacy Manager must make sure that the database has a record that the data cannot be further processed for the objected activities.
The objection request can be refused only if the personal data in question is used for scientific/historical research or statistical purposes and was appropriately protected, i.e., by anonymization or pseudonymization techniques.
Right to erasure/to be forgotten.
The Data Subjects have the right to request us to erase their Personal Data if one of the following conditions are met:
Personal Data is no longer necessary for the purposes of collection. For example, a user has provided personal data for a one-time activity, such as data validation or participation in a contest, and the purpose is already fulfilled;
the Data Subject revokes one’s consent or objects to the processing (where applicable) and there is no other legal ground for the processing; or
we process the Personal Data unlawfully or its erasure is required by the applicable legislation of the European Union or one of the Member countries of the European Union.
Conditions, under which we have the right to refuse the erasure:
Personal Data is processed for scientific/historical research or statistical purposes and is appropriately protected, i.e., pseudonymized or anonymized;
Personal Data is still necessary for legal compliance (e.g., financial or labor laws compliance).
Only those personal data records must be deleted that were specified in the request. If the Data Subject requests the deletion of all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all the data about the Data Subject is mapped and can be deleted.
If the User still has an account with us and requests the erasure of information necessary for maintaining the account, we must inform the User that the erasure will affect user experience or can lead to the closure of the account.
Data portability.
Data Subjects can ask us to transfer all the Personal Data and/or its part in a machine-readable format to a third party. This right applies in two cases:
personal data was collected for the purpose of provision of our services (performance of the contract); or
collected based on consent.
To determine whether one of the p.6.9.1 conditions are met, the employee must seek advice from the Privacy Manager and check the applicable legal basis in the Records of processing activities. If the answer is negative, the request can be refused by PlayForm, and the Privacy Manager must decide whether to comply with the request on a voluntary basis.
To comply with the request, the responsible employee must consolidate requested Personal Data and send the data in the format we are usually working with to the requested organization. The Data Subject must provide the necessary contact details of the organization.
Notification to Privacy Manager.
Before introducing any new activity that involves the processing of personal data, an employee responsible for its implementation must inform the Privacy Manager.
Upon receiving information about a new activity, Privacy Manager must:
determine whether the data processing impact assessment (DPIA) and/or the consultation with the Supervisory Authority is necessary. If the answer is positive, the Privacy Manager must make sure the DPIA is conducted and/or the Supervisory Authority is consulted in accordance with the requirements of this Section and Data Protection Laws;
determine the legal basis for the processing and, where necessary, take further action for its fixation;
make sure the processing activity is done in accordance with this Policy, other PlayForm’s policies, as well as the Data Protection Laws;
add the processing activity to the Records of processing activities;
amend the privacy information statements and, where necessary, inform the concerned Data Subject accordingly.
Data Processing Impact Assessment.
To make sure that our current or prospective processing activities do not/will not violate the Data Subjects’ rights, PlayForm must, where required by Data Protection Laws, conduct the Data Processing Impact Assessment (DPIA), a risk-based assessment of the processing and search for the measures to mitigate the risks. The Privacy Manager must make sure the DPIA is conducted in accordance with this Section.
The Privacy Manager, where necessary, involving the competent employees and/or external advisors, must conduct a DPIA if at least one of the following conditions are met:
the processing involves the use of new technologies, such as the Artificial Intelligence, use of connected and autonomous devices, etc. that creates certain legal, economic or similar effects to the Data Subject;
we systematically assess and evaluate personal aspects of the Data Subjects based on automated profiling, assigning the personal score/rate, and create legal or similar effects for the Data Subject by this activity;
we process on a large-scale sensitive data, which includes Personal Data relating to criminal convictions and offences, the data about vulnerable data subjects, the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
we collect or process Personal Data from a publicly accessible area or public sources on a large scale, or combine or match two different data sets; and
the Supervisory Authority in its public list requires conducting a DPIA for a certain type of activity we are involved in. The list of processing activities requiring conducting DPIA can be found on the website of each Supervisory Authority.
The assessment shall contain at least the following details:
a systematic description of the processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by us. The description must include the envisaged data categories and data subjects concerned, the scale of processing activities, such as its frequency, volume, envisaged number of records, etc.; recipients of the data, retention periods and, where applicable, international transfers;
an assessment of the necessity and proportionality of the processing operations in relation to the purposes. The DPIA must explain whether the activity is necessary for the purpose and whether the purpose can be achieved by less intrusive methods;
an assessment of the risks to the rights and freedoms of data subjects, including the rights of Data Subjects regarding their Personal Data.
The examples of risks are the processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects; and
the measures to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation.
Where the DPIA did not provide how to effectively address the risks, the Privacy Manager must initiate the consultation with the competent Supervisory Authority to receive help with searching for the solution. In this case, PlayForm must not conduct the activity before the Supervisory Authority approves the processing activity in question.
General Rule.
The Privacy Manager must make sure that PlayForm clearly defined the data storage periods and/or criteria for determining the storage periods for each processing activity it has. The periods for each processing activity must be specified in the Records of processing activities.
Each department within PlayForm must comply with the data storage periods in accordance with the retention schedule provided in Records of processing activities. The Privacy Manager must supervise each department and make sure they comply with this requirement.
After the storage period ends, the personal data must be removed from the disposal of the department responsible for the processing or, in cases where the data is not needed for any other purposes, destroyed completely, including from back-up copies and other media.
Whenever the storage period for a processing activity has ended, but the personal data processed is necessary for other processing purposes, the department manager must make sure that the personal data is not used for the ceased processing activity, and the responsible employees do not have the access to it unless required for any other activity.
Exemptions. The rules specified in Subsection 8.1 have the following exceptions:
Business needs. Data retention periods can be prolonged, but no longer than 60 days, in the case that the data deletion will interrupt or harm our ongoing business. The Privacy Manager must approve any unforeseen prolongation;
Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For example, deletion of the information may lead to breach of system integrity, or it is impossible to delete the information from the backup copies. In such a case, the information can be further stored, subject to the approval by the Privacy Manager and making respective amendments to the Records of processing activities; and
Anonymization. The Personal Data can be further processed for any purposes (e.g., marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data. To consider Personal Data anonymous, it must be impossible to reidentify the Data Subject from the data set.
Each department within PlayForm shall take all appropriate technical and organizational measures that protect against unauthorized, unlawful, and/or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of unauthorized persons regarding the personal data under their responsibility.
The employee responsible for the supervision after the security of personal data within PlayForm shall be DSR Officer. This person implements the guidelines and other specifications on data protection and information security in his area of responsibility. He/she advises PlayForm management on the planning and implementation of information security in PlayForm, and must be involved in all projects at an early stage in order to take security-related aspects into account as early as the planning phase.
Response Team.
In case of revealing the Data Breach, CEO of PlayForm shall urgently form the Data Breach Response Team (the “Response Team”), which will handle the Data Breach, notify the appropriate persons, and mitigate its risks.
The Response Team must be а multi-disciplinary group headed by CEO of PlayForm and comprised of the Privacy Manager, privacy laws specialist (whether internal or external), and knowledgeable and skilled information security specialists within PlayForm or outsourcing professionals, if necessary. The team must ensure that all employees and engaged contractors/processors adhere to this Policy and provide an immediate, effective, and skillful response to any suspected/alleged or actual Data Breach affecting PlayForm.
The potential members of the Response Team must be prepared to respond to а Data Breach. The Response Team shall perform all the responsibilities of PlayForm mentioned in this Policy. The duties of the Response Team are:
to communicate the Data Breach to the competent Supervisory Authority(-ies);
in case of high risk to the rights and freedoms of Data Subjects, to communicate the Data Breach to the Data Subject;
if PlayForm obtain data from any third party as a processor, and a Data Breach involves obtained data, to inform the third parties about the Data Breach;
to communicate PlayForm’s contractors or any other third parties that process the Personal Data involved in the Data Breach; and
to take all appropriate technical and organizational measures to cease the Data Breach and mitigate its consequences;
to record the fact of the Data Breach in the Records of processing activities and file an internal data breach report that describes the event.
The Response Team shall perform its duties until all the necessary measures required by this Policy are taken.
Notification to Supervisory Authority.
PlayForm shall inform the Competent Supervisory Authority about the Data Breach without undue delay and, where it is possible, not later than 72 hours after having become aware of the Data Breach.
The Competent Supervisory Authority shall be determined by the residence of the Data Subjects, whose information was involved in the Data Breach. If the Data Breach concerns the Personal Data of Data Subjects from more than one country, PlayForm shall inform all Competent Supervisory Authorities.
To address the notification to the authority, the Response Team should use Annex 1 to this Policy. Annex 1 contains all the necessary contact information of the EU supervisory authorities. If the Data Breach concerns Data Subjects from other than the EU countries, the Response Team shall ask a competent privacy specialist for advice.
The notification to the Competent Supervisory Authority shall contain, at least, following information:
the nature of the Data Breach including where possible, the categories and an approximate number of Data Subjects and Personal Data records concerned;
the name and contact details of the Response Team, Privacy Manager or, if not applicable, of the CEO;
the likely consequences of the Data Breach. Explain PlayForm’s point of view on the purposes and possible further risks of the Data Breach. E.g., the Personal Data may be stolen for the further sale, fraud activities or blackmailing the concerned Data Subjects; and
the measures taken or proposed to be taken by PlayForm to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
To file a notification, the Response Team should use PlayForm’s Data Breach Notification Form to the Supervisory Authority.
Notifications to Data Subjects.
When the Data Breach is likely to result in a high risk to the rights and freedoms of Data Subjects (e.g., stealing of funds, assets, proprietary information), we must also communicate the Data Breach to the concerned Data Subjects without undue delay. The Privacy Manager must determine if there is a high risk based on the risk factors specified in Subsection 7.2.3 of this Policy.
The notification shall contain the following information:
description of the Data Breach - what happened and what led to the Data Breach, such as a security breach, employee’s negligence, error in the system work. If the Response Team decided not to disclose the causes of the Data Breach, then this clause must not be mentioned;
the measures taken by PlayForm regarding the Data Breach, including security measures, internal investigations, and supervisory authority notice;
recommendations for the concerned Data Subjects how to mitigate risks and possible consequences, such as guidelines on how to restore access to an account, preventing measures (change of a password); and
the contact information of the Response Team or one of its members.
The notification to the Data Subjects should be carried out by the email letter or, where it is impossible to use the email, by other available means of communication.
Exemptions. We do not have to send the notification to the Data Subjects if any of the following conditions are met:
PlayForm has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, in particular, those that leave the Personal Data inaccessible to any person who is not authorized to access it, such as encryption;
PlayForm has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects referred to in this section is no longer likely to materialize; or
it would involve a disproportionate effort to communicate with every concerned Data Subject. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
In the case we apply one of the exemptions, we must document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
Communication with Third Parties.
In the case a Data Breach concerns the Personal Data shared with us or processed by us on behalf of a Third Party, we must also notify the Third Party about it within 24 hours. If we process the Personal Data as a Data Processor, the notification of the Third Party does not exempt us from the duty to mitigate the Data Breach consequences, but we must not inform the Competent Supervisory Authority and Data Subjects.
In case of receiving the notification about the Data Breach from the Data Processor or other Third Parties that have access to the Personal Data, CEO of PlayForm shall, in accordance with this Section:
form the Response Team;
request the Third Party to send the information mentioned in Subsections 10.2-3 of this Policy;
where necessary, inform the Competent Supervisory Authority(-ies) and Data Subjects; and
perform other steps of the Data Breach response procedure.
List of Persons Briefed on Personal Data Protection Policy
Full Name | Status | Date |
| Nikola Hristov | Briefed | 05.25.2018 |
European National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Wien
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
E-mail: dsb@dsb.gv.at
WebSite: https://www.dsb.gv.at
Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische Datenschutzbehörde
Belgium
Commission de la protection de la vie privée
Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
E-mail: commission@privacycommission.be
WebSite: https://www.privacycommission.be
Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy commission
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
Tel. +359 2 915 3580
Fax +359 2 915 3525
E-mail: kzld@cpdp.bg
WebSite: https://www.cpdp.bg
Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for Personal Data Protection
Art 29 WP Alternate Member: Ms. Mariya MATEVA
Croatia
Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-mail: azop@azop.hr or info@azop.hr
WebSite: https://www.azop.hr
Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection Agency
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
WebSite: https://www.dataprotection.gov.cy
Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU
Art 29 WP Alternate Member: Mr. Constantinos GEORGIADES
Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail: posta@uoou.cz
WebSite: https://www.uoou.cz
Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data Protection
Art 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the Office
Denmark
Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-mail: dt@datatilsynet.dk
WebSite: https://www.datatilsynet.dk
Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection Agency (Datatilsynet)
Art 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International Division at the Danish Data Protection Agency (Datatilsynet)
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Väike-Ameerika 19
10129 Tallinn
Tel. +372 6274 135
Fax +372 6274 137
E-mail: info@aki.ee
WebSite: https://www.aki.ee/en
Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Maarja Kirss
Finland
Office of the Data Protection Ombudsman
P.O. Box 315
FIN-00181 Helsinki Tel. +358 10 3666 700
Fax +358 10 3666 735
E-mail: tietosuoja@om.fi
WebSite: https://www.tietosuoja.fi/en
Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection Authority
Art 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
France
Commission Nationale de l’Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
WebSite: https://www.cnil.fr
Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL
Art 29 WP Alternate Member: Ms. Florence RAYNAL
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail: poststelle@bfdi.bund.de
WebSite: https://www.bfdi.bund.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of Information
Art 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the federal states
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-mail: contact@dpa.gr
WebSite: https://www.dpa.gr
Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA
Art 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
Hungary
National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C H-1125 Budapest
Tel. +36 1 3911 400
E-mail: peterfalvi.attila@naih.hu
WebSite: https://www.naih.hu
Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for Data Protection and Freedom of Information
Art 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commissioner
Canal House Station Road Portarlington Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
E-mail: info@dataprotection.ie
WebSite: https://www.dataprotection.ie
Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner
Art 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale SUNDERLAND, Deputy Commissioner
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail: garante@garanteprivacy.it
WebSite: https://www.garanteprivacy.it
Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei dati personali
Art 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate Director: Ms. Daiga Avdejanova
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-mail: info@dvi.gov.lv
WebSite: https://www.dvi.gov.lv
Art 29 WP Alternate Member: Ms. Aiga BALODE
Lithuania
State Data Protection
Žygimantų str. 11-6a 011042 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-mail: ada@ada.lt
WebSite: https://www.ada.lt
Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of Complaints Investigation and International Cooperation Division
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
Fax +352 2610 60 29
E-mail: info@cnpd.lu
WebSite: https://www.cnpd.lu
Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour la Protection des Données
Art 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
Malta
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr. Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549 Tel. +356 2328 7100
Fax +356 2328 7198
E-mail: commissioner.dataprotection@gov.mt
WebSite: https://idpc.org.mt
Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection Commissioner
Art 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme Implementation
Netherlands
Autoriteit Persoonsgegevens
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
Fax +31 70 888 8501
E-mail: info@autoriteitpersoonsgegevens.nl
WebSite: https://autoriteitpersoonsgegevens.nl/nl
Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens
Poland
The Bureau of the Inspector General for the Protection of Personal Data – GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
WebSite: https://www.giodo.gov.pl
Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection of Personal Data
Portugal
Comissão Nacional de Protecção de Dados - CNPD
R. de São. Bento, 148-3° 1200-821 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-mail: geral@cnpd.pt
WebSite: https://www.cnpd.pt
Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção de Dados
Art 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
Romania
The National Supervisory Authority for Personal Data Processing President: Mrs. Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
E-mail: anspdcp@dataprotection.ro
WebSite: https://www.dataprotection.ro
Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory Authority for Personal Data Processing
Art 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and Communication Department
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-mail: statny.dozor@pdp.gov.sk
WebSite: https://dataprotection.gov.sk
Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data Protection of the Slovak Republic
Art 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
Slovenia
Information Commissioner
Ms. Mojca Prelesnik Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-mail: gp.ip@ip-rs.si
WebSite: https://www.ip-rs.si
Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic of Slovenia
Spain
Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail: internacional@agpd.es
WebSite: https://www.agpd.es
Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data Protection Agency
Art 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
Sweden
Datainspektionen
Drottninggatan 29 5th Floor
Box 8114
20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-mail: datainspektionen@datainspektionen.se
WebSite: https://www.datainspektionen.se
Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data Inspection Board
Art 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
E-mail: international.team@ico.org.uk
WebSite: https://ico.org.uk
Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner
Art 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
EUROPEAN FREE TRADE AREA (EFTA)
Iceland
Icelandic Data Protection Agency
Rauðarárstíg 10
Reykjavík
Tel. +354 510 9600; Fax +354 510 9606
E-mail: postur@personuvernd.is
WebSite: https://www.personuvernd.is
Liechtenstein
Data Protection Office
Kirchstrasse 8, P.O. Box 684
9490 Vaduz
Principality of Liechtenstein Tel. +423 236 6090
E-mail: info.dss@llv.li
WebSite: https://www.datenschutzstelle.li
Norway
Datatilsynet
Data Protection Authority: Mr. Bjørn Erik THORN
The Data Inspectorate
P.O. Box 8177 Dep 0034 Oslo
Tel. +47 22 39 69 00; Fax +47 22 42 23 50
E-mail: postkasse@datatilsynet.no
WebSite: https://www.datatilsynet.no
Switzerland
Data Protection and Information Commissioner of Switzerland
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian Lobsiger
Feldeggweg 1
3003 Bern
Tel. +41 58 462 43 95; Fax +41 58 462 99 96
E-mail: contact20@edoeb.admin.ch
WebSite: https://www.edoeb.admin.ch
Effective date: 05.25.2018 / May 25th 2018
Last updated: 02.11.2022 / February 11th 2022
We at PlayForm ltd. are committed to processing personal data securely and respecting privacy of the concerned individuals.
| Version No. and date of the last update: | v. 1.0. February 11th 2022 |
| This policy shall be reviewed annually or each time when the changes in our data processing occur. | |
Scope. This Personal Data Protection Policy (the “Policy”) describes PlayForm ltd. internal rules for personal data processing and protection. The Policy applies to PlayForm ltd., including PlayForm ltd. employees and contractors (“we”, “us”, “our”, “PlayForm”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
Privacy Manager. Privacy Manager is an employee of PlayForm responsible for personal data protection compliance within PlayForm (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at PlayForm ltd. is Nikola Hristov Nikola@PlayForm.Cloud.
Definitions.
| Competent Supervisory Authority | means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. |
| Data Breach | means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. |
| Data Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. |
| Data Processor | means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. |
| Data Protection Laws | mean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). |
| Data Subject Request (DSR) | means any request from the Data Subject and concerning their personal data and/or data subject rights. |
| Data Subject | means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. |
| Personal Data | means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. |
| Processing | means any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Standard Contractual Clauses | means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). |
| Third Party | means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. |
| User | means a Data Subject who uses our services provided on PlayForm website. |
PlayForm’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that PlayForm’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
We must process the Personal Data in accordance with the following principles:
Lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency). We shall always have a legal ground for the processing (described in Section 3 of this Policy), collect the amount of data adequate to the purpose and legal grounds, and we make sure the Data Subjects are aware of the processing;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation). We must not process the Personal Data for the purposes not specified in our compliance documentation without obtaining specific approval of the Privacy Manager;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization). We always make sure the data we collect is not excessive and limited by the strict necessity;
Accurate and, where necessary, kept up to date (accuracy). We endeavor to delete inaccurate or false data about Data Subjects and make sure we update the data. Data Subjects can ask us for a correction of the Personal Data;
Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (storage period limitation). The storage periods must be limited as prescribed by Data Protection Laws and this Policy; and
Process in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (confidentiality, integrity, and availability).
Accountability.
We shall be able to demonstrate our compliance with Data Protection Laws (accountability principle). In particular, we must ensure and document all relevant procedures, efforts, internal and external consultations on personal data protection including:
the fact of appointing a person responsible for PlayForm’s data protection compliance;
where necessary, a record of a Data Processing Impact Assessment;
developed and implemented notices, policies, and procedures, such as Privacy Notice, this policy or Data Breach response procedure;
the fact of staff training on compliance with Data Protection laws; and
assessment, implementation, and testing organizational and technical data protection measures.
The Privacy Manager must maintain PlayForm’s Records of processing activities, which is an accountability document that describes personal data processing activities of PlayForm, prepared in accordance with Art. 30 of the GDPR (the “Records of processing activities”). The Records of processing activities must maintain, at least, the following information about each processing activity:
contact details of PlayForm, the EU Representative, and, where applicable, of the Data Protection Officer;
name of the activity, its purposes and legal basis along with, where applicable, the legitimate interests of PlayForm;
data subjects and personal data categories concerned;
data retention periods;
general description of applicable security measures;
recipients, including joint controllers, processors, and contractors involved, as well as the fact of the international data transfer with the safeguards applied to the transfer;
where applicable, a reference to the Data Processing Impact Assessment;
where applicable, a reference to the record of the data breach occurred involving the personal data;
if PlayForm acts as a data processor, the information to be provided includes the names and contact details of controllers, name and contact details of controller’s representative (if applicable), categories of processing (activities), names of third countries or international organizations that personal data are transferred to (if applicable), safeguards for exceptional transfers of personal data to third countries or international organizations (if applicable), and general description of technical and organizational security measures.
Legal grounds.
Each processing activity must have one of the lawful grounds specified in this Section to process the Personal Data. If we do not have any of the described, we cannot collect or further process the Personal Data.
If PlayForm is intended to use personal data for other purposes than those specified in the Records of processing activities, the Privacy Manager must evaluate, determine, and, if necessary, collect/record the appropriate legal basis for it.
Performance of the contract. Where PlayForm has a contract with the Data Subject, e.g., website’s Terms of Use or the employment contract, and the contract requires the provision of personal data from the Data Subject, the applicable legal ground will be the performance of the contract.
Consent. To process the personal data based on the consent, we must obtain the consent before the Processing and keep the evidence of the consent with the records of Data Subject’s Personal Data. The Privacy Manager must make sure that the consent collected from Data Subjects meet the requirements of Data Protection Laws and this Policy. In particular, the Privacy Manager must make sure that:
the Data Subject must be free to give or refuse to give consent.
the consent is in the form of an active indication from the Data Subject, i.e., the consent checkbox must not be pre-ticked for the user.
the request for the consent clearly articulates the purposes of the processing, and other information specified in Subsection 6.2 is available to the Data Subject.
the Data Subject must be free to give one’s consent or to revoke it.
Legitimate interests. We have the right to use personal data in our ‘legitimate interests’. The interests can include the purposes that are justified by the nature of our business activities, such as the marketing analysis of personal data. For PlayForm to use legitimate interests as a legal ground for the processing, the Privacy Manager must make sure that:
the legitimate interest in the processing is clearly defined and recorded in the Records of processing activities;
any envisaged risks to Data Subject rights and interests are spotted. The examples of the risks can be found in Subsection 7.2.;
the Data Subjects have reasonable expectations about the processing, and additional protective measures to address the risks are taken;
subject to the conditions of Subsection 6.7 (Right to object against the processing), the Data Subject is provided with the opportunity to opt-out from the processing for the described legitimate interests.
If at least one of the above conditions is not met by PlayForm, the Privacy Manager must choose and propose a different legal ground for the processing, such as consent.
Legal Compliance and Public Interest. Besides the grounds specified afore, we might be requested by the laws of the European Union or laws of the EU Member State to process Personal Data of our Users. For example, we can be required to collect, analyze, and monitor the information of Users to comply with financial or labor laws.
Whenever we have such an obligation, we must make sure that:
we process personal data strictly in accordance with relevant legal requirements;
we do not use or store the collected Personal Data for other purposes than legal compliance; and
the Data Subjects are properly and timely informed about our obligations, scope, and conditions of personal data processing.
Important: Where PlayForm has the law requirements of another country to process personal data, the Privacy Manager must propose using another legal ground for the processing under Data Protection Laws, such as legitimate interests or consent.
Access to Personal Data.
The employees must have access to the personal data on a “need-to-know” basis. The data can be accessed only if it is strictly necessary to perform one of the activities specified in the Records of processing activities. The employees and contractors shall have access to the Personal Data only if they have the necessary credentials for it.
Heads of the departments within PlayForm are responsible for their employees’ access and processing of personal data. The heads must maintain the list of employees that are entitled to access and process personal data. The Privacy Manager shall have the right to review the list and, where necessary, request the amendments to meet the requirements of this Policy.
Heads of the departments within PlayForm must ensure that the employees under their supervision are aware of the Data Protection Laws and comply with the rules set in this Policy. To make sure our employees are able to comply with the data protection requirements, we must provide them with adequate data protection training.
All employees accessing personal data shall keep strict confidentiality regarding the data they access. The employees that access personal data must use only those means (software, premises, etc.) for the processing that were prescribed by PlayForm. The data must not be disclosed or otherwise made available out of the management instructions.
The employees within their competence must assist PlayForm’s representatives, including the Privacy Manager, in any efforts regarding compliance with Data Protection Laws and/or this Policy.
When an employee detects or believes there is suspicious activity, data breach, non-compliance with Data Protection Laws and/or this Policy, or a DSR was not routed to the competent department within PlayForm, the employee must report such activity to the Privacy Manager.
Employees that are unsure about whether they can legitimately process or disclose Personal Data must seek advice from the Privacy Manager before taking any action.
Any occasional access to personal data for activities not specified in the Records of processing activities is prohibited. If there is a strict necessity for immediate access, the Privacy Manager must approve the access first.
Before sharing personal data with any person outside of PlayForm, the Privacy Manager must ensure that this Third Party has an adequate data protection level and provide sufficient data protection guarantees in accordance with Data Protection Laws, including, but not limited to the processorship requirements (Art. 28 of the GDPR) and international transfers compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager must make sure that PlayForm enters into the appropriate data protection contract with the third party.
An employee can share personal data with third parties only if and to the extent that was directly prescribed by the manager and specified in the Records of processing activities.
If we are required to delete, change, or stop the processing of the Personal Data, we must ensure that the Third Parties, with whom we shared the Personal Data, will fulfill these obligations accordingly.
Whenever PlayForm is engaged as a data processor on behalf of another entity, the Privacy Manager must make sure PlayForm complies with the processorship obligation. In particular, the appropriate data processing agreement in accordance with the Data Protection Laws must be in place. The Privacy Manager must supervise the compliance with data processing instructions from the controller, including regarding the scope of processing activities, involvement of sub-processors, international transfers, storage, and further disposal of processed personal data. The personal data processed under the processor role must not be processed for any other purposes than specified in the relevant instructions, agreement or other legal act regulating the relationships with the controller.
If we have the employees, contractors, corporate affiliates, or Data Processors outside of the EEA, and we transfer Personal Data to them for the processing, the Privacy Manager must make sure PlayForm takes all necessary and appropriate safeguards in accordance with Data Protection Laws.
The Privacy Manager must assess the safeguards available and propose to the PlayForm’s management the appropriate safeguard for each international transfer. The following regimes apply to the transfers of Personal Data outside of the EU:
where the European Commission decides that the country has an adequate level of personal data protection, the transfer does not require taking additional safeguards. The full list of adequate jurisdictions can be found on the relevant page of the European Commission’s website1.
to transfer Personal Data to our contractors or partners (Data Processors or Controllers) in other third countries, we must conclude Standard Contractual Clauses with that party. The draft version along with the guidance can be found on the relevant page of the European Commission’s website2;
if we have a corporate affiliate or an entity in other countries, we may choose to adopt Binding Corporate Rules in accordance with Article 47 of the GDPR or an approved code of conduct pursuant to Article 40 of the GDPR;
we also can transfer Personal Data to entities that have an approved certification in accordance with Article 42 of the GDPR, which certifies an appropriate level of company’s data protection.
As a part of the information obligations, PlayForm must inform the Data Subjects that their Personal Data is being transferred to other countries, as well as provide them with the information about the safeguards used for the transfer. The information obligation is to be performed in accordance with Subsection 6.2.
In the exceptional cases (the “Derogation”), where we cannot apply the safeguards mentioned afore and we need to transfer Personal Data, we must take an explicit consent (active statement) from the Data Subject or it must be strictly necessary for the performance of the contract between us and the Data Subject, or other derogation conditions apply in accordance with the Data Protection Laws. The Privacy Manager must pre-approve any Derogation transfers and document the approved Derogations, as well as the rationale for them.
Our Responsibilities.
Privacy Manager is ultimately responsible for handing all DSR received by PlayForm. In the case of receiving any outstanding or unusual DSR, the employee must seek advice from the Privacy Manager before taking any action.
DSR Team within PlayForm is responsible for handling DSRs from PlayForm Users on a daily basis. The Human Resources department is responsible for handling the DSR from PlayForm employees.
All DSRs from the Users must be addressed at and answered from the following e-mail address: dsr@playform.cloud. DSR from the employees can be addressed directly to the HR manager or at dsr@playform.cloud.
The responsible employee must answer to the DSR within one (1) month from receiving the request. If complying with the DSR takes more than one month in time, the responsible employee must seek advice from the Privacy Manager and, where necessary, inform the Data Subject about the prolongation of the response term for up to two (2) additional months.
The responsible employee must analyze the received DSR for the following criteria:
Data Subject identification. Before considering the DSR content, the responsible employee must make sure the Data Subject is the same person he/she claims to be. For this purpose, the connection between the personal data records and the data subject must be established.
Personal data. The responsible employee must check whether PlayForm has access to the personal data requested. If PlayForm does not have the personal data under the control, the responsible employee must inform the Data Subject, and, if possible, instruct on the further steps on how to access the data in question;
Content of the request. Depending on the content of the DSR, the responsible employee must define the type of the request and check whether it meets the conditions prescribed by this Policy and Data Protection Laws. The types of requests and the respective conditions for each of them can be consulted in Subsections 6.3-6.9. If the request does not meet the described criteria, the responsible employee must refuse to comply with the DSR and inform the Data Subject about the reasons for refusing;
Free of charge. Generally, all requests of Data Subjects and exercises of their rights are free of charge. If the responsible employee finds that the Data Subject exercises the rights in an excessive or unfound way (e.g., intended to harm or interrupt PlayForm’s business activities), the employee must seek the advice from the Privacy Manager, and, upon receiving of the latter, may either charge the Data Subject a reasonable fee or refuse to comply with the request;
Documenting. Whenever PlayForm receives the DSR, the Privacy Manager must make sure that the data and time, Data Subject, type of the request and the decision made regarding it are well documented. In the case of refusing to comply with the request, the reasons for refusing must be documented as well;
Recipients. When addressing the DSR, the Privacy Manager must make sure that all concerned recipients were informed the necessary actions were taken.
The right to be informed.
PlayForm must notify each Data Subject about the collection and further processing of the Personal Data.
The information to be provided includes: the name and contact details of PlayForm; generic purposes of and the lawful basis for the data collection and further processing; categories of Personal Data collected; recipients/categories of recipients; retention periods; information about data subject rights, including the right to complain to the competent Supervisory Authority; the consequences of the cases where the data is necessary for the contract performance and the Data Subject does not provide the required data; details of the safeguards where personal data is transferred outside the EEA; and any third-party source of the personal data, without specification for the particular case (except if we receive the direct request from the Data Subject).
The Users must be informed by the Privacy Policy accessible at PlayForm’s website and provided during the user registration. The employees and contractors must be informed by a standalone employee privacy statement, which explains the details described in p. 6.2.2 in a case-based manner, describing the particular purposes and activities.
PlayForm must inform Data Subjects about data processing, including any new processing activity introduced at PlayForm within the following term:
if personal data is collected from the data subject directly, the data subject must be informed at the time we collect Personal Data from the Data Subjects by showing the Data Subject our privacy statement;
if the personal data is collected from other sources: (a) within one month from collecting it; (b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or (c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
upon the request of the Data Subject; and
within one (1) month after any change of our personal data practices, change of the controller of Personal Data or after significant changes in our privacy statements.
The right to access the information.
The Data Subject must be provided only with those personal data records specified in the request. If the Data Subject requests access to all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all personal data of the Data Subject is mapped and provided.
A Data Subject has the right to:
learn if we process the Data Subject’s Personal Data;
obtain disclosure regarding aspects of the processing, including detailed and case-specific information on purposes, categories of Personal Data, recipients/categories of recipients, retention periods, information about one’s rights, details of the relevant safeguards where personal data is transferred outside the EEA, and any third-party source of the personal data; and
obtain a copy of the Personal Data undergoing processing upon the request.
The right to verify the Data Subject’s information and seek its rectification. The information we collect can be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of birth, info on debts, economic activities). If we reveal that the Personal Data is inaccurate or the Data Subject requests us to do so, we must ensure that we correct all mistakes and update the relevant information.
The right to restrict processing.
The restriction of processing allows Data Subjects to temporarily stop the use of their information to prevent the possible harm caused by such use.
This right applies when the Data Subject:
contests the accuracy of the Personal Data;
believes that we process the Personal Data unlawfully; and
objects against the processing and wants us not to process Personal Data while we are considering the request.
In the case of receiving the restriction request, we must not process Personal Data in question for any other purpose than storing it or for legal compliance purposes until the circumstances of restriction cease to exist.
The right to withdraw the consent. For the activities that require consent, the Data Subject can revoke their consent at any time. If the Data Subject revokes the consent, we must record the changes and must not process the Personal Data for consent-based purposes. The withdrawal of consent does not affect the lawfulness of the processing done before the withdrawal.
The right to object against the processing.
If we process the information in our legitimate interests, e.g., for direct marketing emails or for our marketing research purposes, the Data Subject can object against the processing.
In the case of receiving the objection request case, we must consider Data Subject’s request and, where we do not have compelling interests, stop the processing for the specified purposes. If the personal data is still to be processed for other purposes, the Privacy Manager must make sure that the database has a record that the data cannot be further processed for the objected activities.
The objection request can be refused only if the personal data in question is used for scientific/historical research or statistical purposes and was appropriately protected, i.e., by anonymization or pseudonymization techniques.
Right to erasure/to be forgotten.
The Data Subjects have the right to request us to erase their Personal Data if one of the following conditions are met:
Personal Data is no longer necessary for the purposes of collection. For example, a user has provided personal data for a one-time activity, such as data validation or participation in a contest, and the purpose is already fulfilled;
the Data Subject revokes one’s consent or objects to the processing (where applicable) and there is no other legal ground for the processing; or
we process the Personal Data unlawfully or its erasure is required by the applicable legislation of the European Union or one of the Member countries of the European Union.
Conditions, under which we have the right to refuse the erasure:
Personal Data is processed for scientific/historical research or statistical purposes and is appropriately protected, i.e., pseudonymized or anonymized;
Personal Data is still necessary for legal compliance (e.g., financial or labor laws compliance).
Only those personal data records must be deleted that were specified in the request. If the Data Subject requests the deletion of all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all the data about the Data Subject is mapped and can be deleted.
If the User still has an account with us and requests the erasure of information necessary for maintaining the account, we must inform the User that the erasure will affect user experience or can lead to the closure of the account.
Data portability.
Data Subjects can ask us to transfer all the Personal Data and/or its part in a machine-readable format to a third party. This right applies in two cases:
personal data was collected for the purpose of provision of our services (performance of the contract); or
collected based on consent.
To determine whether one of the p.6.9.1 conditions are met, the employee must seek advice from the Privacy Manager and check the applicable legal basis in the Records of processing activities. If the answer is negative, the request can be refused by PlayForm, and the Privacy Manager must decide whether to comply with the request on a voluntary basis.
To comply with the request, the responsible employee must consolidate requested Personal Data and send the data in the format we are usually working with to the requested organization. The Data Subject must provide the necessary contact details of the organization.
Notification to Privacy Manager.
Before introducing any new activity that involves the processing of personal data, an employee responsible for its implementation must inform the Privacy Manager.
Upon receiving information about a new activity, Privacy Manager must:
determine whether the data processing impact assessment (DPIA) and/or the consultation with the Supervisory Authority is necessary. If the answer is positive, the Privacy Manager must make sure the DPIA is conducted and/or the Supervisory Authority is consulted in accordance with the requirements of this Section and Data Protection Laws;
determine the legal basis for the processing and, where necessary, take further action for its fixation;
make sure the processing activity is done in accordance with this Policy, other PlayForm’s policies, as well as the Data Protection Laws;
add the processing activity to the Records of processing activities;
amend the privacy information statements and, where necessary, inform the concerned Data Subject accordingly.
Data Processing Impact Assessment.
To make sure that our current or prospective processing activities do not/will not violate the Data Subjects’ rights, PlayForm must, where required by Data Protection Laws, conduct the Data Processing Impact Assessment (DPIA), a risk-based assessment of the processing and search for the measures to mitigate the risks. The Privacy Manager must make sure the DPIA is conducted in accordance with this Section.
The Privacy Manager, where necessary, involving the competent employees and/or external advisors, must conduct a DPIA if at least one of the following conditions are met:
the processing involves the use of new technologies, such as the Artificial Intelligence, use of connected and autonomous devices, etc. that creates certain legal, economic or similar effects to the Data Subject;
we systematically assess and evaluate personal aspects of the Data Subjects based on automated profiling, assigning the personal score/rate, and create legal or similar effects for the Data Subject by this activity;
we process on a large-scale sensitive data, which includes Personal Data relating to criminal convictions and offences, the data about vulnerable data subjects, the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
we collect or process Personal Data from a publicly accessible area or public sources on a large scale, or combine or match two different data sets; and
the Supervisory Authority in its public list requires conducting a DPIA for a certain type of activity we are involved in. The list of processing activities requiring conducting DPIA can be found on the website of each Supervisory Authority.
The assessment shall contain at least the following details:
a systematic description of the processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by us. The description must include the envisaged data categories and data subjects concerned, the scale of processing activities, such as its frequency, volume, envisaged number of records, etc.; recipients of the data, retention periods and, where applicable, international transfers;
an assessment of the necessity and proportionality of the processing operations in relation to the purposes. The DPIA must explain whether the activity is necessary for the purpose and whether the purpose can be achieved by less intrusive methods;
an assessment of the risks to the rights and freedoms of data subjects, including the rights of Data Subjects regarding their Personal Data.
The examples of risks are the processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects; and
the measures to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation.
Where the DPIA did not provide how to effectively address the risks, the Privacy Manager must initiate the consultation with the competent Supervisory Authority to receive help with searching for the solution. In this case, PlayForm must not conduct the activity before the Supervisory Authority approves the processing activity in question.
General Rule.
The Privacy Manager must make sure that PlayForm clearly defined the data storage periods and/or criteria for determining the storage periods for each processing activity it has. The periods for each processing activity must be specified in the Records of processing activities.
Each department within PlayForm must comply with the data storage periods in accordance with the retention schedule provided in Records of processing activities. The Privacy Manager must supervise each department and make sure they comply with this requirement.
After the storage period ends, the personal data must be removed from the disposal of the department responsible for the processing or, in cases where the data is not needed for any other purposes, destroyed completely, including from back-up copies and other media.
Whenever the storage period for a processing activity has ended, but the personal data processed is necessary for other processing purposes, the department manager must make sure that the personal data is not used for the ceased processing activity, and the responsible employees do not have the access to it unless required for any other activity.
Exemptions. The rules specified in Subsection 8.1 have the following exceptions:
Business needs. Data retention periods can be prolonged, but no longer than 60 days, in the case that the data deletion will interrupt or harm our ongoing business. The Privacy Manager must approve any unforeseen prolongation;
Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For example, deletion of the information may lead to breach of system integrity, or it is impossible to delete the information from the backup copies. In such a case, the information can be further stored, subject to the approval by the Privacy Manager and making respective amendments to the Records of processing activities; and
Anonymization. The Personal Data can be further processed for any purposes (e.g., marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data. To consider Personal Data anonymous, it must be impossible to reidentify the Data Subject from the data set.
Each department within PlayForm shall take all appropriate technical and organizational measures that protect against unauthorized, unlawful, and/or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of unauthorized persons regarding the personal data under their responsibility.
The employee responsible for the supervision after the security of personal data within PlayForm shall be DSR Officer. This person implements the guidelines and other specifications on data protection and information security in his area of responsibility. He/she advises PlayForm management on the planning and implementation of information security in PlayForm, and must be involved in all projects at an early stage in order to take security-related aspects into account as early as the planning phase.
Response Team.
In case of revealing the Data Breach, CEO of PlayForm shall urgently form the Data Breach Response Team (the “Response Team”), which will handle the Data Breach, notify the appropriate persons, and mitigate its risks.
The Response Team must be а multi-disciplinary group headed by CEO of PlayForm and comprised of the Privacy Manager, privacy laws specialist (whether internal or external), and knowledgeable and skilled information security specialists within PlayForm or outsourcing professionals, if necessary. The team must ensure that all employees and engaged contractors/processors adhere to this Policy and provide an immediate, effective, and skillful response to any suspected/alleged or actual Data Breach affecting PlayForm.
The potential members of the Response Team must be prepared to respond to а Data Breach. The Response Team shall perform all the responsibilities of PlayForm mentioned in this Policy. The duties of the Response Team are:
to communicate the Data Breach to the competent Supervisory Authority(-ies);
in case of high risk to the rights and freedoms of Data Subjects, to communicate the Data Breach to the Data Subject;
if PlayForm obtain data from any third party as a processor, and a Data Breach involves obtained data, to inform the third parties about the Data Breach;
to communicate PlayForm’s contractors or any other third parties that process the Personal Data involved in the Data Breach; and
to take all appropriate technical and organizational measures to cease the Data Breach and mitigate its consequences;
to record the fact of the Data Breach in the Records of processing activities and file an internal data breach report that describes the event.
The Response Team shall perform its duties until all the necessary measures required by this Policy are taken.
Notification to Supervisory Authority.
PlayForm shall inform the Competent Supervisory Authority about the Data Breach without undue delay and, where it is possible, not later than 72 hours after having become aware of the Data Breach.
The Competent Supervisory Authority shall be determined by the residence of the Data Subjects, whose information was involved in the Data Breach. If the Data Breach concerns the Personal Data of Data Subjects from more than one country, PlayForm shall inform all Competent Supervisory Authorities.
To address the notification to the authority, the Response Team should use Annex 1 to this Policy. Annex 1 contains all the necessary contact information of the EU supervisory authorities. If the Data Breach concerns Data Subjects from other than the EU countries, the Response Team shall ask a competent privacy specialist for advice.
The notification to the Competent Supervisory Authority shall contain, at least, following information:
the nature of the Data Breach including where possible, the categories and an approximate number of Data Subjects and Personal Data records concerned;
the name and contact details of the Response Team, Privacy Manager or, if not applicable, of the CEO;
the likely consequences of the Data Breach. Explain PlayForm’s point of view on the purposes and possible further risks of the Data Breach. E.g., the Personal Data may be stolen for the further sale, fraud activities or blackmailing the concerned Data Subjects; and
the measures taken or proposed to be taken by PlayForm to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
To file a notification, the Response Team should use PlayForm’s Data Breach Notification Form to the Supervisory Authority.
Notifications to Data Subjects.
When the Data Breach is likely to result in a high risk to the rights and freedoms of Data Subjects (e.g., stealing of funds, assets, proprietary information), we must also communicate the Data Breach to the concerned Data Subjects without undue delay. The Privacy Manager must determine if there is a high risk based on the risk factors specified in Subsection 7.2.3 of this Policy.
The notification shall contain the following information:
description of the Data Breach - what happened and what led to the Data Breach, such as a security breach, employee’s negligence, error in the system work. If the Response Team decided not to disclose the causes of the Data Breach, then this clause must not be mentioned;
the measures taken by PlayForm regarding the Data Breach, including security measures, internal investigations, and supervisory authority notice;
recommendations for the concerned Data Subjects how to mitigate risks and possible consequences, such as guidelines on how to restore access to an account, preventing measures (change of a password); and
the contact information of the Response Team or one of its members.
The notification to the Data Subjects should be carried out by the email letter or, where it is impossible to use the email, by other available means of communication.
Exemptions. We do not have to send the notification to the Data Subjects if any of the following conditions are met:
PlayForm has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, in particular, those that leave the Personal Data inaccessible to any person who is not authorized to access it, such as encryption;
PlayForm has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects referred to in this section is no longer likely to materialize; or
it would involve a disproportionate effort to communicate with every concerned Data Subject. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
In the case we apply one of the exemptions, we must document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
Communication with Third Parties.
In the case a Data Breach concerns the Personal Data shared with us or processed by us on behalf of a Third Party, we must also notify the Third Party about it within 24 hours. If we process the Personal Data as a Data Processor, the notification of the Third Party does not exempt us from the duty to mitigate the Data Breach consequences, but we must not inform the Competent Supervisory Authority and Data Subjects.
In case of receiving the notification about the Data Breach from the Data Processor or other Third Parties that have access to the Personal Data, CEO of PlayForm shall, in accordance with this Section:
form the Response Team;
request the Third Party to send the information mentioned in Subsections 10.2-3 of this Policy;
where necessary, inform the Competent Supervisory Authority(-ies) and Data Subjects; and
perform other steps of the Data Breach response procedure.
List of Persons Briefed on Personal Data Protection Policy
Full Name | Status | Date |
| Nikola Hristov | Briefed | 05.25.2018 |
European National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Wien
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
E-mail: dsb@dsb.gv.at
WebSite: https://www.dsb.gv.at
Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische Datenschutzbehörde
Belgium
Commission de la protection de la vie privée
Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
E-mail: commission@privacycommission.be
WebSite: https://www.privacycommission.be
Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy commission
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
Tel. +359 2 915 3580
Fax +359 2 915 3525
E-mail: kzld@cpdp.bg
WebSite: https://www.cpdp.bg
Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for Personal Data Protection
Art 29 WP Alternate Member: Ms. Mariya MATEVA
Croatia
Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-mail: azop@azop.hr or info@azop.hr
WebSite: https://www.azop.hr
Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection Agency
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
WebSite: https://www.dataprotection.gov.cy
Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU
Art 29 WP Alternate Member: Mr. Constantinos GEORGIADES
Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail: posta@uoou.cz
WebSite: https://www.uoou.cz
Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data Protection
Art 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the Office
Denmark
Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-mail: dt@datatilsynet.dk
WebSite: https://www.datatilsynet.dk
Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection Agency (Datatilsynet)
Art 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International Division at the Danish Data Protection Agency (Datatilsynet)
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Väike-Ameerika 19
10129 Tallinn
Tel. +372 6274 135
Fax +372 6274 137
E-mail: info@aki.ee
WebSite: https://www.aki.ee/en
Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Maarja Kirss
Finland
Office of the Data Protection Ombudsman
P.O. Box 315
FIN-00181 Helsinki Tel. +358 10 3666 700
Fax +358 10 3666 735
E-mail: tietosuoja@om.fi
WebSite: https://www.tietosuoja.fi/en
Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection Authority
Art 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
France
Commission Nationale de l’Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
WebSite: https://www.cnil.fr
Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL
Art 29 WP Alternate Member: Ms. Florence RAYNAL
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail: poststelle@bfdi.bund.de
WebSite: https://www.bfdi.bund.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of Information
Art 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the federal states
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-mail: contact@dpa.gr
WebSite: https://www.dpa.gr
Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA
Art 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
Hungary
National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C H-1125 Budapest
Tel. +36 1 3911 400
E-mail: peterfalvi.attila@naih.hu
WebSite: https://www.naih.hu
Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for Data Protection and Freedom of Information
Art 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commissioner
Canal House Station Road Portarlington Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
E-mail: info@dataprotection.ie
WebSite: https://www.dataprotection.ie
Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner
Art 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale SUNDERLAND, Deputy Commissioner
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail: garante@garanteprivacy.it
WebSite: https://www.garanteprivacy.it
Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei dati personali
Art 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate Director: Ms. Daiga Avdejanova
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-mail: info@dvi.gov.lv
WebSite: https://www.dvi.gov.lv
Art 29 WP Alternate Member: Ms. Aiga BALODE
Lithuania
State Data Protection
Žygimantų str. 11-6a 011042 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-mail: ada@ada.lt
WebSite: https://www.ada.lt
Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of Complaints Investigation and International Cooperation Division
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
Fax +352 2610 60 29
E-mail: info@cnpd.lu
WebSite: https://www.cnpd.lu
Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour la Protection des Données
Art 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
Malta
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr. Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549 Tel. +356 2328 7100
Fax +356 2328 7198
E-mail: commissioner.dataprotection@gov.mt
WebSite: https://idpc.org.mt
Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection Commissioner
Art 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme Implementation
Netherlands
Autoriteit Persoonsgegevens
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
Fax +31 70 888 8501
E-mail: info@autoriteitpersoonsgegevens.nl
WebSite: https://autoriteitpersoonsgegevens.nl/nl
Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens
Poland
The Bureau of the Inspector General for the Protection of Personal Data – GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
WebSite: https://www.giodo.gov.pl
Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection of Personal Data
Portugal
Comissão Nacional de Protecção de Dados - CNPD
R. de São. Bento, 148-3° 1200-821 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-mail: geral@cnpd.pt
WebSite: https://www.cnpd.pt
Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção de Dados
Art 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
Romania
The National Supervisory Authority for Personal Data Processing President: Mrs. Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
E-mail: anspdcp@dataprotection.ro
WebSite: https://www.dataprotection.ro
Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory Authority for Personal Data Processing
Art 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and Communication Department
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-mail: statny.dozor@pdp.gov.sk
WebSite: https://dataprotection.gov.sk
Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data Protection of the Slovak Republic
Art 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
Slovenia
Information Commissioner
Ms. Mojca Prelesnik Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-mail: gp.ip@ip-rs.si
WebSite: https://www.ip-rs.si
Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic of Slovenia
Spain
Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail: internacional@agpd.es
WebSite: https://www.agpd.es
Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data Protection Agency
Art 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
Sweden
Datainspektionen
Drottninggatan 29 5th Floor
Box 8114
20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-mail: datainspektionen@datainspektionen.se
WebSite: https://www.datainspektionen.se
Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data Inspection Board
Art 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
E-mail: international.team@ico.org.uk
WebSite: https://ico.org.uk
Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner
Art 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
EUROPEAN FREE TRADE AREA (EFTA)
Iceland
Icelandic Data Protection Agency
Rauðarárstíg 10
Reykjavík
Tel. +354 510 9600; Fax +354 510 9606
E-mail: postur@personuvernd.is
WebSite: https://www.personuvernd.is
Liechtenstein
Data Protection Office
Kirchstrasse 8, P.O. Box 684
9490 Vaduz
Principality of Liechtenstein Tel. +423 236 6090
E-mail: info.dss@llv.li
WebSite: https://www.datenschutzstelle.li
Norway
Datatilsynet
Data Protection Authority: Mr. Bjørn Erik THORN
The Data Inspectorate
P.O. Box 8177 Dep 0034 Oslo
Tel. +47 22 39 69 00; Fax +47 22 42 23 50
E-mail: postkasse@datatilsynet.no
WebSite: https://www.datatilsynet.no
Switzerland
Data Protection and Information Commissioner of Switzerland
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian Lobsiger
Feldeggweg 1
3003 Bern
Tel. +41 58 462 43 95; Fax +41 58 462 99 96
E-mail: contact20@edoeb.admin.ch
WebSite: https://www.edoeb.admin.ch
Effective date: 05.25.2018 / May 25th 2018
Last updated: 02.11.2022 / February 11th 2022
We at PlayForm ltd. are committed to processing personal data securely and respecting privacy of the concerned individuals.
| Version No. and date of the last update: | v. 1.0. February 11th 2022 |
| This policy shall be reviewed annually or each time when the changes in our data processing occur. | |
Scope. This Personal Data Protection Policy (the “Policy”) describes PlayForm ltd. internal rules for personal data processing and protection. The Policy applies to PlayForm ltd., including PlayForm ltd. employees and contractors (“we”, “us”, “our”, “PlayForm”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
Privacy Manager. Privacy Manager is an employee of PlayForm responsible for personal data protection compliance within PlayForm (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at PlayForm ltd. is Nikola Hristov Nikola@PlayForm.Cloud.
Definitions.
| Competent Supervisory Authority | means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. |
| Data Breach | means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. |
| Data Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. |
| Data Processor | means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. |
| Data Protection Laws | mean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). |
| Data Subject Request (DSR) | means any request from the Data Subject and concerning their personal data and/or data subject rights. |
| Data Subject | means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. |
| Personal Data | means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. |
| Processing | means any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Standard Contractual Clauses | means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). |
| Third Party | means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. |
| User | means a Data Subject who uses our services provided on PlayForm website. |
PlayForm’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that PlayForm’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
We must process the Personal Data in accordance with the following principles:
Lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency). We shall always have a legal ground for the processing (described in Section 3 of this Policy), collect the amount of data adequate to the purpose and legal grounds, and we make sure the Data Subjects are aware of the processing;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation). We must not process the Personal Data for the purposes not specified in our compliance documentation without obtaining specific approval of the Privacy Manager;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization). We always make sure the data we collect is not excessive and limited by the strict necessity;
Accurate and, where necessary, kept up to date (accuracy). We endeavor to delete inaccurate or false data about Data Subjects and make sure we update the data. Data Subjects can ask us for a correction of the Personal Data;
Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (storage period limitation). The storage periods must be limited as prescribed by Data Protection Laws and this Policy; and
Process in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (confidentiality, integrity, and availability).
Accountability.
We shall be able to demonstrate our compliance with Data Protection Laws (accountability principle). In particular, we must ensure and document all relevant procedures, efforts, internal and external consultations on personal data protection including:
the fact of appointing a person responsible for PlayForm’s data protection compliance;
where necessary, a record of a Data Processing Impact Assessment;
developed and implemented notices, policies, and procedures, such as Privacy Notice, this policy or Data Breach response procedure;
the fact of staff training on compliance with Data Protection laws; and
assessment, implementation, and testing organizational and technical data protection measures.
The Privacy Manager must maintain PlayForm’s Records of processing activities, which is an accountability document that describes personal data processing activities of PlayForm, prepared in accordance with Art. 30 of the GDPR (the “Records of processing activities”). The Records of processing activities must maintain, at least, the following information about each processing activity:
contact details of PlayForm, the EU Representative, and, where applicable, of the Data Protection Officer;
name of the activity, its purposes and legal basis along with, where applicable, the legitimate interests of PlayForm;
data subjects and personal data categories concerned;
data retention periods;
general description of applicable security measures;
recipients, including joint controllers, processors, and contractors involved, as well as the fact of the international data transfer with the safeguards applied to the transfer;
where applicable, a reference to the Data Processing Impact Assessment;
where applicable, a reference to the record of the data breach occurred involving the personal data;
if PlayForm acts as a data processor, the information to be provided includes the names and contact details of controllers, name and contact details of controller’s representative (if applicable), categories of processing (activities), names of third countries or international organizations that personal data are transferred to (if applicable), safeguards for exceptional transfers of personal data to third countries or international organizations (if applicable), and general description of technical and organizational security measures.
Legal grounds.
Each processing activity must have one of the lawful grounds specified in this Section to process the Personal Data. If we do not have any of the described, we cannot collect or further process the Personal Data.
If PlayForm is intended to use personal data for other purposes than those specified in the Records of processing activities, the Privacy Manager must evaluate, determine, and, if necessary, collect/record the appropriate legal basis for it.
Performance of the contract. Where PlayForm has a contract with the Data Subject, e.g., website’s Terms of Use or the employment contract, and the contract requires the provision of personal data from the Data Subject, the applicable legal ground will be the performance of the contract.
Consent. To process the personal data based on the consent, we must obtain the consent before the Processing and keep the evidence of the consent with the records of Data Subject’s Personal Data. The Privacy Manager must make sure that the consent collected from Data Subjects meet the requirements of Data Protection Laws and this Policy. In particular, the Privacy Manager must make sure that:
the Data Subject must be free to give or refuse to give consent.
the consent is in the form of an active indication from the Data Subject, i.e., the consent checkbox must not be pre-ticked for the user.
the request for the consent clearly articulates the purposes of the processing, and other information specified in Subsection 6.2 is available to the Data Subject.
the Data Subject must be free to give one’s consent or to revoke it.
Legitimate interests. We have the right to use personal data in our ‘legitimate interests’. The interests can include the purposes that are justified by the nature of our business activities, such as the marketing analysis of personal data. For PlayForm to use legitimate interests as a legal ground for the processing, the Privacy Manager must make sure that:
the legitimate interest in the processing is clearly defined and recorded in the Records of processing activities;
any envisaged risks to Data Subject rights and interests are spotted. The examples of the risks can be found in Subsection 7.2.;
the Data Subjects have reasonable expectations about the processing, and additional protective measures to address the risks are taken;
subject to the conditions of Subsection 6.7 (Right to object against the processing), the Data Subject is provided with the opportunity to opt-out from the processing for the described legitimate interests.
If at least one of the above conditions is not met by PlayForm, the Privacy Manager must choose and propose a different legal ground for the processing, such as consent.
Legal Compliance and Public Interest. Besides the grounds specified afore, we might be requested by the laws of the European Union or laws of the EU Member State to process Personal Data of our Users. For example, we can be required to collect, analyze, and monitor the information of Users to comply with financial or labor laws.
Whenever we have such an obligation, we must make sure that:
we process personal data strictly in accordance with relevant legal requirements;
we do not use or store the collected Personal Data for other purposes than legal compliance; and
the Data Subjects are properly and timely informed about our obligations, scope, and conditions of personal data processing.
Important: Where PlayForm has the law requirements of another country to process personal data, the Privacy Manager must propose using another legal ground for the processing under Data Protection Laws, such as legitimate interests or consent.
Access to Personal Data.
The employees must have access to the personal data on a “need-to-know” basis. The data can be accessed only if it is strictly necessary to perform one of the activities specified in the Records of processing activities. The employees and contractors shall have access to the Personal Data only if they have the necessary credentials for it.
Heads of the departments within PlayForm are responsible for their employees’ access and processing of personal data. The heads must maintain the list of employees that are entitled to access and process personal data. The Privacy Manager shall have the right to review the list and, where necessary, request the amendments to meet the requirements of this Policy.
Heads of the departments within PlayForm must ensure that the employees under their supervision are aware of the Data Protection Laws and comply with the rules set in this Policy. To make sure our employees are able to comply with the data protection requirements, we must provide them with adequate data protection training.
All employees accessing personal data shall keep strict confidentiality regarding the data they access. The employees that access personal data must use only those means (software, premises, etc.) for the processing that were prescribed by PlayForm. The data must not be disclosed or otherwise made available out of the management instructions.
The employees within their competence must assist PlayForm’s representatives, including the Privacy Manager, in any efforts regarding compliance with Data Protection Laws and/or this Policy.
When an employee detects or believes there is suspicious activity, data breach, non-compliance with Data Protection Laws and/or this Policy, or a DSR was not routed to the competent department within PlayForm, the employee must report such activity to the Privacy Manager.
Employees that are unsure about whether they can legitimately process or disclose Personal Data must seek advice from the Privacy Manager before taking any action.
Any occasional access to personal data for activities not specified in the Records of processing activities is prohibited. If there is a strict necessity for immediate access, the Privacy Manager must approve the access first.
Before sharing personal data with any person outside of PlayForm, the Privacy Manager must ensure that this Third Party has an adequate data protection level and provide sufficient data protection guarantees in accordance with Data Protection Laws, including, but not limited to the processorship requirements (Art. 28 of the GDPR) and international transfers compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager must make sure that PlayForm enters into the appropriate data protection contract with the third party.
An employee can share personal data with third parties only if and to the extent that was directly prescribed by the manager and specified in the Records of processing activities.
If we are required to delete, change, or stop the processing of the Personal Data, we must ensure that the Third Parties, with whom we shared the Personal Data, will fulfill these obligations accordingly.
Whenever PlayForm is engaged as a data processor on behalf of another entity, the Privacy Manager must make sure PlayForm complies with the processorship obligation. In particular, the appropriate data processing agreement in accordance with the Data Protection Laws must be in place. The Privacy Manager must supervise the compliance with data processing instructions from the controller, including regarding the scope of processing activities, involvement of sub-processors, international transfers, storage, and further disposal of processed personal data. The personal data processed under the processor role must not be processed for any other purposes than specified in the relevant instructions, agreement or other legal act regulating the relationships with the controller.
If we have the employees, contractors, corporate affiliates, or Data Processors outside of the EEA, and we transfer Personal Data to them for the processing, the Privacy Manager must make sure PlayForm takes all necessary and appropriate safeguards in accordance with Data Protection Laws.
The Privacy Manager must assess the safeguards available and propose to the PlayForm’s management the appropriate safeguard for each international transfer. The following regimes apply to the transfers of Personal Data outside of the EU:
where the European Commission decides that the country has an adequate level of personal data protection, the transfer does not require taking additional safeguards. The full list of adequate jurisdictions can be found on the relevant page of the European Commission’s website1.
to transfer Personal Data to our contractors or partners (Data Processors or Controllers) in other third countries, we must conclude Standard Contractual Clauses with that party. The draft version along with the guidance can be found on the relevant page of the European Commission’s website2;
if we have a corporate affiliate or an entity in other countries, we may choose to adopt Binding Corporate Rules in accordance with Article 47 of the GDPR or an approved code of conduct pursuant to Article 40 of the GDPR;
we also can transfer Personal Data to entities that have an approved certification in accordance with Article 42 of the GDPR, which certifies an appropriate level of company’s data protection.
As a part of the information obligations, PlayForm must inform the Data Subjects that their Personal Data is being transferred to other countries, as well as provide them with the information about the safeguards used for the transfer. The information obligation is to be performed in accordance with Subsection 6.2.
In the exceptional cases (the “Derogation”), where we cannot apply the safeguards mentioned afore and we need to transfer Personal Data, we must take an explicit consent (active statement) from the Data Subject or it must be strictly necessary for the performance of the contract between us and the Data Subject, or other derogation conditions apply in accordance with the Data Protection Laws. The Privacy Manager must pre-approve any Derogation transfers and document the approved Derogations, as well as the rationale for them.
Our Responsibilities.
Privacy Manager is ultimately responsible for handing all DSR received by PlayForm. In the case of receiving any outstanding or unusual DSR, the employee must seek advice from the Privacy Manager before taking any action.
DSR Team within PlayForm is responsible for handling DSRs from PlayForm Users on a daily basis. The Human Resources department is responsible for handling the DSR from PlayForm employees.
All DSRs from the Users must be addressed at and answered from the following e-mail address: dsr@playform.cloud. DSR from the employees can be addressed directly to the HR manager or at dsr@playform.cloud.
The responsible employee must answer to the DSR within one (1) month from receiving the request. If complying with the DSR takes more than one month in time, the responsible employee must seek advice from the Privacy Manager and, where necessary, inform the Data Subject about the prolongation of the response term for up to two (2) additional months.
The responsible employee must analyze the received DSR for the following criteria:
Data Subject identification. Before considering the DSR content, the responsible employee must make sure the Data Subject is the same person he/she claims to be. For this purpose, the connection between the personal data records and the data subject must be established.
Personal data. The responsible employee must check whether PlayForm has access to the personal data requested. If PlayForm does not have the personal data under the control, the responsible employee must inform the Data Subject, and, if possible, instruct on the further steps on how to access the data in question;
Content of the request. Depending on the content of the DSR, the responsible employee must define the type of the request and check whether it meets the conditions prescribed by this Policy and Data Protection Laws. The types of requests and the respective conditions for each of them can be consulted in Subsections 6.3-6.9. If the request does not meet the described criteria, the responsible employee must refuse to comply with the DSR and inform the Data Subject about the reasons for refusing;
Free of charge. Generally, all requests of Data Subjects and exercises of their rights are free of charge. If the responsible employee finds that the Data Subject exercises the rights in an excessive or unfound way (e.g., intended to harm or interrupt PlayForm’s business activities), the employee must seek the advice from the Privacy Manager, and, upon receiving of the latter, may either charge the Data Subject a reasonable fee or refuse to comply with the request;
Documenting. Whenever PlayForm receives the DSR, the Privacy Manager must make sure that the data and time, Data Subject, type of the request and the decision made regarding it are well documented. In the case of refusing to comply with the request, the reasons for refusing must be documented as well;
Recipients. When addressing the DSR, the Privacy Manager must make sure that all concerned recipients were informed the necessary actions were taken.
The right to be informed.
PlayForm must notify each Data Subject about the collection and further processing of the Personal Data.
The information to be provided includes: the name and contact details of PlayForm; generic purposes of and the lawful basis for the data collection and further processing; categories of Personal Data collected; recipients/categories of recipients; retention periods; information about data subject rights, including the right to complain to the competent Supervisory Authority; the consequences of the cases where the data is necessary for the contract performance and the Data Subject does not provide the required data; details of the safeguards where personal data is transferred outside the EEA; and any third-party source of the personal data, without specification for the particular case (except if we receive the direct request from the Data Subject).
The Users must be informed by the Privacy Policy accessible at PlayForm’s website and provided during the user registration. The employees and contractors must be informed by a standalone employee privacy statement, which explains the details described in p. 6.2.2 in a case-based manner, describing the particular purposes and activities.
PlayForm must inform Data Subjects about data processing, including any new processing activity introduced at PlayForm within the following term:
if personal data is collected from the data subject directly, the data subject must be informed at the time we collect Personal Data from the Data Subjects by showing the Data Subject our privacy statement;
if the personal data is collected from other sources: (a) within one month from collecting it; (b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or (c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
upon the request of the Data Subject; and
within one (1) month after any change of our personal data practices, change of the controller of Personal Data or after significant changes in our privacy statements.
The right to access the information.
The Data Subject must be provided only with those personal data records specified in the request. If the Data Subject requests access to all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all personal data of the Data Subject is mapped and provided.
A Data Subject has the right to:
learn if we process the Data Subject’s Personal Data;
obtain disclosure regarding aspects of the processing, including detailed and case-specific information on purposes, categories of Personal Data, recipients/categories of recipients, retention periods, information about one’s rights, details of the relevant safeguards where personal data is transferred outside the EEA, and any third-party source of the personal data; and
obtain a copy of the Personal Data undergoing processing upon the request.
The right to verify the Data Subject’s information and seek its rectification. The information we collect can be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of birth, info on debts, economic activities). If we reveal that the Personal Data is inaccurate or the Data Subject requests us to do so, we must ensure that we correct all mistakes and update the relevant information.
The right to restrict processing.
The restriction of processing allows Data Subjects to temporarily stop the use of their information to prevent the possible harm caused by such use.
This right applies when the Data Subject:
contests the accuracy of the Personal Data;
believes that we process the Personal Data unlawfully; and
objects against the processing and wants us not to process Personal Data while we are considering the request.
In the case of receiving the restriction request, we must not process Personal Data in question for any other purpose than storing it or for legal compliance purposes until the circumstances of restriction cease to exist.
The right to withdraw the consent. For the activities that require consent, the Data Subject can revoke their consent at any time. If the Data Subject revokes the consent, we must record the changes and must not process the Personal Data for consent-based purposes. The withdrawal of consent does not affect the lawfulness of the processing done before the withdrawal.
The right to object against the processing.
If we process the information in our legitimate interests, e.g., for direct marketing emails or for our marketing research purposes, the Data Subject can object against the processing.
In the case of receiving the objection request case, we must consider Data Subject’s request and, where we do not have compelling interests, stop the processing for the specified purposes. If the personal data is still to be processed for other purposes, the Privacy Manager must make sure that the database has a record that the data cannot be further processed for the objected activities.
The objection request can be refused only if the personal data in question is used for scientific/historical research or statistical purposes and was appropriately protected, i.e., by anonymization or pseudonymization techniques.
Right to erasure/to be forgotten.
The Data Subjects have the right to request us to erase their Personal Data if one of the following conditions are met:
Personal Data is no longer necessary for the purposes of collection. For example, a user has provided personal data for a one-time activity, such as data validation or participation in a contest, and the purpose is already fulfilled;
the Data Subject revokes one’s consent or objects to the processing (where applicable) and there is no other legal ground for the processing; or
we process the Personal Data unlawfully or its erasure is required by the applicable legislation of the European Union or one of the Member countries of the European Union.
Conditions, under which we have the right to refuse the erasure:
Personal Data is processed for scientific/historical research or statistical purposes and is appropriately protected, i.e., pseudonymized or anonymized;
Personal Data is still necessary for legal compliance (e.g., financial or labor laws compliance).
Only those personal data records must be deleted that were specified in the request. If the Data Subject requests the deletion of all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all the data about the Data Subject is mapped and can be deleted.
If the User still has an account with us and requests the erasure of information necessary for maintaining the account, we must inform the User that the erasure will affect user experience or can lead to the closure of the account.
Data portability.
Data Subjects can ask us to transfer all the Personal Data and/or its part in a machine-readable format to a third party. This right applies in two cases:
personal data was collected for the purpose of provision of our services (performance of the contract); or
collected based on consent.
To determine whether one of the p.6.9.1 conditions are met, the employee must seek advice from the Privacy Manager and check the applicable legal basis in the Records of processing activities. If the answer is negative, the request can be refused by PlayForm, and the Privacy Manager must decide whether to comply with the request on a voluntary basis.
To comply with the request, the responsible employee must consolidate requested Personal Data and send the data in the format we are usually working with to the requested organization. The Data Subject must provide the necessary contact details of the organization.
Notification to Privacy Manager.
Before introducing any new activity that involves the processing of personal data, an employee responsible for its implementation must inform the Privacy Manager.
Upon receiving information about a new activity, Privacy Manager must:
determine whether the data processing impact assessment (DPIA) and/or the consultation with the Supervisory Authority is necessary. If the answer is positive, the Privacy Manager must make sure the DPIA is conducted and/or the Supervisory Authority is consulted in accordance with the requirements of this Section and Data Protection Laws;
determine the legal basis for the processing and, where necessary, take further action for its fixation;
make sure the processing activity is done in accordance with this Policy, other PlayForm’s policies, as well as the Data Protection Laws;
add the processing activity to the Records of processing activities;
amend the privacy information statements and, where necessary, inform the concerned Data Subject accordingly.
Data Processing Impact Assessment.
To make sure that our current or prospective processing activities do not/will not violate the Data Subjects’ rights, PlayForm must, where required by Data Protection Laws, conduct the Data Processing Impact Assessment (DPIA), a risk-based assessment of the processing and search for the measures to mitigate the risks. The Privacy Manager must make sure the DPIA is conducted in accordance with this Section.
The Privacy Manager, where necessary, involving the competent employees and/or external advisors, must conduct a DPIA if at least one of the following conditions are met:
the processing involves the use of new technologies, such as the Artificial Intelligence, use of connected and autonomous devices, etc. that creates certain legal, economic or similar effects to the Data Subject;
we systematically assess and evaluate personal aspects of the Data Subjects based on automated profiling, assigning the personal score/rate, and create legal or similar effects for the Data Subject by this activity;
we process on a large-scale sensitive data, which includes Personal Data relating to criminal convictions and offences, the data about vulnerable data subjects, the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
we collect or process Personal Data from a publicly accessible area or public sources on a large scale, or combine or match two different data sets; and
the Supervisory Authority in its public list requires conducting a DPIA for a certain type of activity we are involved in. The list of processing activities requiring conducting DPIA can be found on the website of each Supervisory Authority.
The assessment shall contain at least the following details:
a systematic description of the processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by us. The description must include the envisaged data categories and data subjects concerned, the scale of processing activities, such as its frequency, volume, envisaged number of records, etc.; recipients of the data, retention periods and, where applicable, international transfers;
an assessment of the necessity and proportionality of the processing operations in relation to the purposes. The DPIA must explain whether the activity is necessary for the purpose and whether the purpose can be achieved by less intrusive methods;
an assessment of the risks to the rights and freedoms of data subjects, including the rights of Data Subjects regarding their Personal Data.
The examples of risks are the processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects; and
the measures to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation.
Where the DPIA did not provide how to effectively address the risks, the Privacy Manager must initiate the consultation with the competent Supervisory Authority to receive help with searching for the solution. In this case, PlayForm must not conduct the activity before the Supervisory Authority approves the processing activity in question.
General Rule.
The Privacy Manager must make sure that PlayForm clearly defined the data storage periods and/or criteria for determining the storage periods for each processing activity it has. The periods for each processing activity must be specified in the Records of processing activities.
Each department within PlayForm must comply with the data storage periods in accordance with the retention schedule provided in Records of processing activities. The Privacy Manager must supervise each department and make sure they comply with this requirement.
After the storage period ends, the personal data must be removed from the disposal of the department responsible for the processing or, in cases where the data is not needed for any other purposes, destroyed completely, including from back-up copies and other media.
Whenever the storage period for a processing activity has ended, but the personal data processed is necessary for other processing purposes, the department manager must make sure that the personal data is not used for the ceased processing activity, and the responsible employees do not have the access to it unless required for any other activity.
Exemptions. The rules specified in Subsection 8.1 have the following exceptions:
Business needs. Data retention periods can be prolonged, but no longer than 60 days, in the case that the data deletion will interrupt or harm our ongoing business. The Privacy Manager must approve any unforeseen prolongation;
Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For example, deletion of the information may lead to breach of system integrity, or it is impossible to delete the information from the backup copies. In such a case, the information can be further stored, subject to the approval by the Privacy Manager and making respective amendments to the Records of processing activities; and
Anonymization. The Personal Data can be further processed for any purposes (e.g., marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data. To consider Personal Data anonymous, it must be impossible to reidentify the Data Subject from the data set.
Each department within PlayForm shall take all appropriate technical and organizational measures that protect against unauthorized, unlawful, and/or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of unauthorized persons regarding the personal data under their responsibility.
The employee responsible for the supervision after the security of personal data within PlayForm shall be DSR Officer. This person implements the guidelines and other specifications on data protection and information security in his area of responsibility. He/she advises PlayForm management on the planning and implementation of information security in PlayForm, and must be involved in all projects at an early stage in order to take security-related aspects into account as early as the planning phase.
Response Team.
In case of revealing the Data Breach, CEO of PlayForm shall urgently form the Data Breach Response Team (the “Response Team”), which will handle the Data Breach, notify the appropriate persons, and mitigate its risks.
The Response Team must be а multi-disciplinary group headed by CEO of PlayForm and comprised of the Privacy Manager, privacy laws specialist (whether internal or external), and knowledgeable and skilled information security specialists within PlayForm or outsourcing professionals, if necessary. The team must ensure that all employees and engaged contractors/processors adhere to this Policy and provide an immediate, effective, and skillful response to any suspected/alleged or actual Data Breach affecting PlayForm.
The potential members of the Response Team must be prepared to respond to а Data Breach. The Response Team shall perform all the responsibilities of PlayForm mentioned in this Policy. The duties of the Response Team are:
to communicate the Data Breach to the competent Supervisory Authority(-ies);
in case of high risk to the rights and freedoms of Data Subjects, to communicate the Data Breach to the Data Subject;
if PlayForm obtain data from any third party as a processor, and a Data Breach involves obtained data, to inform the third parties about the Data Breach;
to communicate PlayForm’s contractors or any other third parties that process the Personal Data involved in the Data Breach; and
to take all appropriate technical and organizational measures to cease the Data Breach and mitigate its consequences;
to record the fact of the Data Breach in the Records of processing activities and file an internal data breach report that describes the event.
The Response Team shall perform its duties until all the necessary measures required by this Policy are taken.
Notification to Supervisory Authority.
PlayForm shall inform the Competent Supervisory Authority about the Data Breach without undue delay and, where it is possible, not later than 72 hours after having become aware of the Data Breach.
The Competent Supervisory Authority shall be determined by the residence of the Data Subjects, whose information was involved in the Data Breach. If the Data Breach concerns the Personal Data of Data Subjects from more than one country, PlayForm shall inform all Competent Supervisory Authorities.
To address the notification to the authority, the Response Team should use Annex 1 to this Policy. Annex 1 contains all the necessary contact information of the EU supervisory authorities. If the Data Breach concerns Data Subjects from other than the EU countries, the Response Team shall ask a competent privacy specialist for advice.
The notification to the Competent Supervisory Authority shall contain, at least, following information:
the nature of the Data Breach including where possible, the categories and an approximate number of Data Subjects and Personal Data records concerned;
the name and contact details of the Response Team, Privacy Manager or, if not applicable, of the CEO;
the likely consequences of the Data Breach. Explain PlayForm’s point of view on the purposes and possible further risks of the Data Breach. E.g., the Personal Data may be stolen for the further sale, fraud activities or blackmailing the concerned Data Subjects; and
the measures taken or proposed to be taken by PlayForm to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
To file a notification, the Response Team should use PlayForm’s Data Breach Notification Form to the Supervisory Authority.
Notifications to Data Subjects.
When the Data Breach is likely to result in a high risk to the rights and freedoms of Data Subjects (e.g., stealing of funds, assets, proprietary information), we must also communicate the Data Breach to the concerned Data Subjects without undue delay. The Privacy Manager must determine if there is a high risk based on the risk factors specified in Subsection 7.2.3 of this Policy.
The notification shall contain the following information:
description of the Data Breach - what happened and what led to the Data Breach, such as a security breach, employee’s negligence, error in the system work. If the Response Team decided not to disclose the causes of the Data Breach, then this clause must not be mentioned;
the measures taken by PlayForm regarding the Data Breach, including security measures, internal investigations, and supervisory authority notice;
recommendations for the concerned Data Subjects how to mitigate risks and possible consequences, such as guidelines on how to restore access to an account, preventing measures (change of a password); and
the contact information of the Response Team or one of its members.
The notification to the Data Subjects should be carried out by the email letter or, where it is impossible to use the email, by other available means of communication.
Exemptions. We do not have to send the notification to the Data Subjects if any of the following conditions are met:
PlayForm has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, in particular, those that leave the Personal Data inaccessible to any person who is not authorized to access it, such as encryption;
PlayForm has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects referred to in this section is no longer likely to materialize; or
it would involve a disproportionate effort to communicate with every concerned Data Subject. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
In the case we apply one of the exemptions, we must document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
Communication with Third Parties.
In the case a Data Breach concerns the Personal Data shared with us or processed by us on behalf of a Third Party, we must also notify the Third Party about it within 24 hours. If we process the Personal Data as a Data Processor, the notification of the Third Party does not exempt us from the duty to mitigate the Data Breach consequences, but we must not inform the Competent Supervisory Authority and Data Subjects.
In case of receiving the notification about the Data Breach from the Data Processor or other Third Parties that have access to the Personal Data, CEO of PlayForm shall, in accordance with this Section:
form the Response Team;
request the Third Party to send the information mentioned in Subsections 10.2-3 of this Policy;
where necessary, inform the Competent Supervisory Authority(-ies) and Data Subjects; and
perform other steps of the Data Breach response procedure.
List of Persons Briefed on Personal Data Protection Policy
Full Name | Status | Date |
| Nikola Hristov | Briefed | 05.25.2018 |
European National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Wien
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
E-mail: dsb@dsb.gv.at
WebSite: https://www.dsb.gv.at
Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische Datenschutzbehörde
Belgium
Commission de la protection de la vie privée
Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
E-mail: commission@privacycommission.be
WebSite: https://www.privacycommission.be
Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy commission
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
Tel. +359 2 915 3580
Fax +359 2 915 3525
E-mail: kzld@cpdp.bg
WebSite: https://www.cpdp.bg
Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for Personal Data Protection
Art 29 WP Alternate Member: Ms. Mariya MATEVA
Croatia
Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-mail: azop@azop.hr or info@azop.hr
WebSite: https://www.azop.hr
Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection Agency
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
WebSite: https://www.dataprotection.gov.cy
Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU
Art 29 WP Alternate Member: Mr. Constantinos GEORGIADES
Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail: posta@uoou.cz
WebSite: https://www.uoou.cz
Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data Protection
Art 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the Office
Denmark
Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-mail: dt@datatilsynet.dk
WebSite: https://www.datatilsynet.dk
Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection Agency (Datatilsynet)
Art 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International Division at the Danish Data Protection Agency (Datatilsynet)
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Väike-Ameerika 19
10129 Tallinn
Tel. +372 6274 135
Fax +372 6274 137
E-mail: info@aki.ee
WebSite: https://www.aki.ee/en
Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Maarja Kirss
Finland
Office of the Data Protection Ombudsman
P.O. Box 315
FIN-00181 Helsinki Tel. +358 10 3666 700
Fax +358 10 3666 735
E-mail: tietosuoja@om.fi
WebSite: https://www.tietosuoja.fi/en
Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection Authority
Art 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
France
Commission Nationale de l’Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
WebSite: https://www.cnil.fr
Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL
Art 29 WP Alternate Member: Ms. Florence RAYNAL
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail: poststelle@bfdi.bund.de
WebSite: https://www.bfdi.bund.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of Information
Art 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the federal states
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-mail: contact@dpa.gr
WebSite: https://www.dpa.gr
Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA
Art 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
Hungary
National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C H-1125 Budapest
Tel. +36 1 3911 400
E-mail: peterfalvi.attila@naih.hu
WebSite: https://www.naih.hu
Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for Data Protection and Freedom of Information
Art 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commissioner
Canal House Station Road Portarlington Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
E-mail: info@dataprotection.ie
WebSite: https://www.dataprotection.ie
Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner
Art 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale SUNDERLAND, Deputy Commissioner
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail: garante@garanteprivacy.it
WebSite: https://www.garanteprivacy.it
Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei dati personali
Art 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate Director: Ms. Daiga Avdejanova
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-mail: info@dvi.gov.lv
WebSite: https://www.dvi.gov.lv
Art 29 WP Alternate Member: Ms. Aiga BALODE
Lithuania
State Data Protection
Žygimantų str. 11-6a 011042 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-mail: ada@ada.lt
WebSite: https://www.ada.lt
Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of Complaints Investigation and International Cooperation Division
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
Fax +352 2610 60 29
E-mail: info@cnpd.lu
WebSite: https://www.cnpd.lu
Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour la Protection des Données
Art 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
Malta
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr. Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549 Tel. +356 2328 7100
Fax +356 2328 7198
E-mail: commissioner.dataprotection@gov.mt
WebSite: https://idpc.org.mt
Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection Commissioner
Art 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme Implementation
Netherlands
Autoriteit Persoonsgegevens
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
Fax +31 70 888 8501
E-mail: info@autoriteitpersoonsgegevens.nl
WebSite: https://autoriteitpersoonsgegevens.nl/nl
Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens
Poland
The Bureau of the Inspector General for the Protection of Personal Data – GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
WebSite: https://www.giodo.gov.pl
Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection of Personal Data
Portugal
Comissão Nacional de Protecção de Dados - CNPD
R. de São. Bento, 148-3° 1200-821 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-mail: geral@cnpd.pt
WebSite: https://www.cnpd.pt
Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção de Dados
Art 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
Romania
The National Supervisory Authority for Personal Data Processing President: Mrs. Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
E-mail: anspdcp@dataprotection.ro
WebSite: https://www.dataprotection.ro
Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory Authority for Personal Data Processing
Art 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and Communication Department
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-mail: statny.dozor@pdp.gov.sk
WebSite: https://dataprotection.gov.sk
Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data Protection of the Slovak Republic
Art 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
Slovenia
Information Commissioner
Ms. Mojca Prelesnik Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-mail: gp.ip@ip-rs.si
WebSite: https://www.ip-rs.si
Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic of Slovenia
Spain
Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail: internacional@agpd.es
WebSite: https://www.agpd.es
Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data Protection Agency
Art 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
Sweden
Datainspektionen
Drottninggatan 29 5th Floor
Box 8114
20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-mail: datainspektionen@datainspektionen.se
WebSite: https://www.datainspektionen.se
Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data Inspection Board
Art 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
E-mail: international.team@ico.org.uk
WebSite: https://ico.org.uk
Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner
Art 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
EUROPEAN FREE TRADE AREA (EFTA)
Iceland
Icelandic Data Protection Agency
Rauðarárstíg 10
Reykjavík
Tel. +354 510 9600; Fax +354 510 9606
E-mail: postur@personuvernd.is
WebSite: https://www.personuvernd.is
Liechtenstein
Data Protection Office
Kirchstrasse 8, P.O. Box 684
9490 Vaduz
Principality of Liechtenstein Tel. +423 236 6090
E-mail: info.dss@llv.li
WebSite: https://www.datenschutzstelle.li
Norway
Datatilsynet
Data Protection Authority: Mr. Bjørn Erik THORN
The Data Inspectorate
P.O. Box 8177 Dep 0034 Oslo
Tel. +47 22 39 69 00; Fax +47 22 42 23 50
E-mail: postkasse@datatilsynet.no
WebSite: https://www.datatilsynet.no
Switzerland
Data Protection and Information Commissioner of Switzerland
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian Lobsiger
Feldeggweg 1
3003 Bern
Tel. +41 58 462 43 95; Fax +41 58 462 99 96
E-mail: contact20@edoeb.admin.ch
WebSite: https://www.edoeb.admin.ch
Effective date: 05.25.2018 / May 25th 2018
Last updated: 02.11.2022 / February 11th 2022
We at PlayForm ltd. are committed to processing personal data securely and respecting privacy of the concerned individuals.
| Version No. and date of the last update: | v. 1.0. February 11th 2022 |
| This policy shall be reviewed annually or each time when the changes in our data processing occur. | |
Scope. This Personal Data Protection Policy (the “Policy”) describes PlayForm ltd. internal rules for personal data processing and protection. The Policy applies to PlayForm ltd., including PlayForm ltd. employees and contractors (“we”, “us”, “our”, “PlayForm”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
Privacy Manager. Privacy Manager is an employee of PlayForm responsible for personal data protection compliance within PlayForm (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at PlayForm ltd. is Nikola Hristov Nikola@PlayForm.Cloud.
Definitions.
| Competent Supervisory Authority | means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. |
| Data Breach | means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. |
| Data Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. |
| Data Processor | means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. |
| Data Protection Laws | mean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). |
| Data Subject Request (DSR) | means any request from the Data Subject and concerning their personal data and/or data subject rights. |
| Data Subject | means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. |
| Personal Data | means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. |
| Processing | means any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Standard Contractual Clauses | means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). |
| Third Party | means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. |
| User | means a Data Subject who uses our services provided on PlayForm website. |
PlayForm’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that PlayForm’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
We must process the Personal Data in accordance with the following principles:
Lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency). We shall always have a legal ground for the processing (described in Section 3 of this Policy), collect the amount of data adequate to the purpose and legal grounds, and we make sure the Data Subjects are aware of the processing;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation). We must not process the Personal Data for the purposes not specified in our compliance documentation without obtaining specific approval of the Privacy Manager;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization). We always make sure the data we collect is not excessive and limited by the strict necessity;
Accurate and, where necessary, kept up to date (accuracy). We endeavor to delete inaccurate or false data about Data Subjects and make sure we update the data. Data Subjects can ask us for a correction of the Personal Data;
Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (storage period limitation). The storage periods must be limited as prescribed by Data Protection Laws and this Policy; and
Process in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (confidentiality, integrity, and availability).
Accountability.
We shall be able to demonstrate our compliance with Data Protection Laws (accountability principle). In particular, we must ensure and document all relevant procedures, efforts, internal and external consultations on personal data protection including:
the fact of appointing a person responsible for PlayForm’s data protection compliance;
where necessary, a record of a Data Processing Impact Assessment;
developed and implemented notices, policies, and procedures, such as Privacy Notice, this policy or Data Breach response procedure;
the fact of staff training on compliance with Data Protection laws; and
assessment, implementation, and testing organizational and technical data protection measures.
The Privacy Manager must maintain PlayForm’s Records of processing activities, which is an accountability document that describes personal data processing activities of PlayForm, prepared in accordance with Art. 30 of the GDPR (the “Records of processing activities”). The Records of processing activities must maintain, at least, the following information about each processing activity:
contact details of PlayForm, the EU Representative, and, where applicable, of the Data Protection Officer;
name of the activity, its purposes and legal basis along with, where applicable, the legitimate interests of PlayForm;
data subjects and personal data categories concerned;
data retention periods;
general description of applicable security measures;
recipients, including joint controllers, processors, and contractors involved, as well as the fact of the international data transfer with the safeguards applied to the transfer;
where applicable, a reference to the Data Processing Impact Assessment;
where applicable, a reference to the record of the data breach occurred involving the personal data;
if PlayForm acts as a data processor, the information to be provided includes the names and contact details of controllers, name and contact details of controller’s representative (if applicable), categories of processing (activities), names of third countries or international organizations that personal data are transferred to (if applicable), safeguards for exceptional transfers of personal data to third countries or international organizations (if applicable), and general description of technical and organizational security measures.
Legal grounds.
Each processing activity must have one of the lawful grounds specified in this Section to process the Personal Data. If we do not have any of the described, we cannot collect or further process the Personal Data.
If PlayForm is intended to use personal data for other purposes than those specified in the Records of processing activities, the Privacy Manager must evaluate, determine, and, if necessary, collect/record the appropriate legal basis for it.
Performance of the contract. Where PlayForm has a contract with the Data Subject, e.g., website’s Terms of Use or the employment contract, and the contract requires the provision of personal data from the Data Subject, the applicable legal ground will be the performance of the contract.
Consent. To process the personal data based on the consent, we must obtain the consent before the Processing and keep the evidence of the consent with the records of Data Subject’s Personal Data. The Privacy Manager must make sure that the consent collected from Data Subjects meet the requirements of Data Protection Laws and this Policy. In particular, the Privacy Manager must make sure that:
the Data Subject must be free to give or refuse to give consent.
the consent is in the form of an active indication from the Data Subject, i.e., the consent checkbox must not be pre-ticked for the user.
the request for the consent clearly articulates the purposes of the processing, and other information specified in Subsection 6.2 is available to the Data Subject.
the Data Subject must be free to give one’s consent or to revoke it.
Legitimate interests. We have the right to use personal data in our ‘legitimate interests’. The interests can include the purposes that are justified by the nature of our business activities, such as the marketing analysis of personal data. For PlayForm to use legitimate interests as a legal ground for the processing, the Privacy Manager must make sure that:
the legitimate interest in the processing is clearly defined and recorded in the Records of processing activities;
any envisaged risks to Data Subject rights and interests are spotted. The examples of the risks can be found in Subsection 7.2.;
the Data Subjects have reasonable expectations about the processing, and additional protective measures to address the risks are taken;
subject to the conditions of Subsection 6.7 (Right to object against the processing), the Data Subject is provided with the opportunity to opt-out from the processing for the described legitimate interests.
If at least one of the above conditions is not met by PlayForm, the Privacy Manager must choose and propose a different legal ground for the processing, such as consent.
Legal Compliance and Public Interest. Besides the grounds specified afore, we might be requested by the laws of the European Union or laws of the EU Member State to process Personal Data of our Users. For example, we can be required to collect, analyze, and monitor the information of Users to comply with financial or labor laws.
Whenever we have such an obligation, we must make sure that:
we process personal data strictly in accordance with relevant legal requirements;
we do not use or store the collected Personal Data for other purposes than legal compliance; and
the Data Subjects are properly and timely informed about our obligations, scope, and conditions of personal data processing.
Important: Where PlayForm has the law requirements of another country to process personal data, the Privacy Manager must propose using another legal ground for the processing under Data Protection Laws, such as legitimate interests or consent.
Access to Personal Data.
The employees must have access to the personal data on a “need-to-know” basis. The data can be accessed only if it is strictly necessary to perform one of the activities specified in the Records of processing activities. The employees and contractors shall have access to the Personal Data only if they have the necessary credentials for it.
Heads of the departments within PlayForm are responsible for their employees’ access and processing of personal data. The heads must maintain the list of employees that are entitled to access and process personal data. The Privacy Manager shall have the right to review the list and, where necessary, request the amendments to meet the requirements of this Policy.
Heads of the departments within PlayForm must ensure that the employees under their supervision are aware of the Data Protection Laws and comply with the rules set in this Policy. To make sure our employees are able to comply with the data protection requirements, we must provide them with adequate data protection training.
All employees accessing personal data shall keep strict confidentiality regarding the data they access. The employees that access personal data must use only those means (software, premises, etc.) for the processing that were prescribed by PlayForm. The data must not be disclosed or otherwise made available out of the management instructions.
The employees within their competence must assist PlayForm’s representatives, including the Privacy Manager, in any efforts regarding compliance with Data Protection Laws and/or this Policy.
When an employee detects or believes there is suspicious activity, data breach, non-compliance with Data Protection Laws and/or this Policy, or a DSR was not routed to the competent department within PlayForm, the employee must report such activity to the Privacy Manager.
Employees that are unsure about whether they can legitimately process or disclose Personal Data must seek advice from the Privacy Manager before taking any action.
Any occasional access to personal data for activities not specified in the Records of processing activities is prohibited. If there is a strict necessity for immediate access, the Privacy Manager must approve the access first.
Before sharing personal data with any person outside of PlayForm, the Privacy Manager must ensure that this Third Party has an adequate data protection level and provide sufficient data protection guarantees in accordance with Data Protection Laws, including, but not limited to the processorship requirements (Art. 28 of the GDPR) and international transfers compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager must make sure that PlayForm enters into the appropriate data protection contract with the third party.
An employee can share personal data with third parties only if and to the extent that was directly prescribed by the manager and specified in the Records of processing activities.
If we are required to delete, change, or stop the processing of the Personal Data, we must ensure that the Third Parties, with whom we shared the Personal Data, will fulfill these obligations accordingly.
Whenever PlayForm is engaged as a data processor on behalf of another entity, the Privacy Manager must make sure PlayForm complies with the processorship obligation. In particular, the appropriate data processing agreement in accordance with the Data Protection Laws must be in place. The Privacy Manager must supervise the compliance with data processing instructions from the controller, including regarding the scope of processing activities, involvement of sub-processors, international transfers, storage, and further disposal of processed personal data. The personal data processed under the processor role must not be processed for any other purposes than specified in the relevant instructions, agreement or other legal act regulating the relationships with the controller.
If we have the employees, contractors, corporate affiliates, or Data Processors outside of the EEA, and we transfer Personal Data to them for the processing, the Privacy Manager must make sure PlayForm takes all necessary and appropriate safeguards in accordance with Data Protection Laws.
The Privacy Manager must assess the safeguards available and propose to the PlayForm’s management the appropriate safeguard for each international transfer. The following regimes apply to the transfers of Personal Data outside of the EU:
where the European Commission decides that the country has an adequate level of personal data protection, the transfer does not require taking additional safeguards. The full list of adequate jurisdictions can be found on the relevant page of the European Commission’s website1.
to transfer Personal Data to our contractors or partners (Data Processors or Controllers) in other third countries, we must conclude Standard Contractual Clauses with that party. The draft version along with the guidance can be found on the relevant page of the European Commission’s website2;
if we have a corporate affiliate or an entity in other countries, we may choose to adopt Binding Corporate Rules in accordance with Article 47 of the GDPR or an approved code of conduct pursuant to Article 40 of the GDPR;
we also can transfer Personal Data to entities that have an approved certification in accordance with Article 42 of the GDPR, which certifies an appropriate level of company’s data protection.
As a part of the information obligations, PlayForm must inform the Data Subjects that their Personal Data is being transferred to other countries, as well as provide them with the information about the safeguards used for the transfer. The information obligation is to be performed in accordance with Subsection 6.2.
In the exceptional cases (the “Derogation”), where we cannot apply the safeguards mentioned afore and we need to transfer Personal Data, we must take an explicit consent (active statement) from the Data Subject or it must be strictly necessary for the performance of the contract between us and the Data Subject, or other derogation conditions apply in accordance with the Data Protection Laws. The Privacy Manager must pre-approve any Derogation transfers and document the approved Derogations, as well as the rationale for them.
Our Responsibilities.
Privacy Manager is ultimately responsible for handing all DSR received by PlayForm. In the case of receiving any outstanding or unusual DSR, the employee must seek advice from the Privacy Manager before taking any action.
DSR Team within PlayForm is responsible for handling DSRs from PlayForm Users on a daily basis. The Human Resources department is responsible for handling the DSR from PlayForm employees.
All DSRs from the Users must be addressed at and answered from the following e-mail address: dsr@playform.cloud. DSR from the employees can be addressed directly to the HR manager or at dsr@playform.cloud.
The responsible employee must answer to the DSR within one (1) month from receiving the request. If complying with the DSR takes more than one month in time, the responsible employee must seek advice from the Privacy Manager and, where necessary, inform the Data Subject about the prolongation of the response term for up to two (2) additional months.
The responsible employee must analyze the received DSR for the following criteria:
Data Subject identification. Before considering the DSR content, the responsible employee must make sure the Data Subject is the same person he/she claims to be. For this purpose, the connection between the personal data records and the data subject must be established.
Personal data. The responsible employee must check whether PlayForm has access to the personal data requested. If PlayForm does not have the personal data under the control, the responsible employee must inform the Data Subject, and, if possible, instruct on the further steps on how to access the data in question;
Content of the request. Depending on the content of the DSR, the responsible employee must define the type of the request and check whether it meets the conditions prescribed by this Policy and Data Protection Laws. The types of requests and the respective conditions for each of them can be consulted in Subsections 6.3-6.9. If the request does not meet the described criteria, the responsible employee must refuse to comply with the DSR and inform the Data Subject about the reasons for refusing;
Free of charge. Generally, all requests of Data Subjects and exercises of their rights are free of charge. If the responsible employee finds that the Data Subject exercises the rights in an excessive or unfound way (e.g., intended to harm or interrupt PlayForm’s business activities), the employee must seek the advice from the Privacy Manager, and, upon receiving of the latter, may either charge the Data Subject a reasonable fee or refuse to comply with the request;
Documenting. Whenever PlayForm receives the DSR, the Privacy Manager must make sure that the data and time, Data Subject, type of the request and the decision made regarding it are well documented. In the case of refusing to comply with the request, the reasons for refusing must be documented as well;
Recipients. When addressing the DSR, the Privacy Manager must make sure that all concerned recipients were informed the necessary actions were taken.
The right to be informed.
PlayForm must notify each Data Subject about the collection and further processing of the Personal Data.
The information to be provided includes: the name and contact details of PlayForm; generic purposes of and the lawful basis for the data collection and further processing; categories of Personal Data collected; recipients/categories of recipients; retention periods; information about data subject rights, including the right to complain to the competent Supervisory Authority; the consequences of the cases where the data is necessary for the contract performance and the Data Subject does not provide the required data; details of the safeguards where personal data is transferred outside the EEA; and any third-party source of the personal data, without specification for the particular case (except if we receive the direct request from the Data Subject).
The Users must be informed by the Privacy Policy accessible at PlayForm’s website and provided during the user registration. The employees and contractors must be informed by a standalone employee privacy statement, which explains the details described in p. 6.2.2 in a case-based manner, describing the particular purposes and activities.
PlayForm must inform Data Subjects about data processing, including any new processing activity introduced at PlayForm within the following term:
if personal data is collected from the data subject directly, the data subject must be informed at the time we collect Personal Data from the Data Subjects by showing the Data Subject our privacy statement;
if the personal data is collected from other sources: (a) within one month from collecting it; (b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or (c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
upon the request of the Data Subject; and
within one (1) month after any change of our personal data practices, change of the controller of Personal Data or after significant changes in our privacy statements.
The right to access the information.
The Data Subject must be provided only with those personal data records specified in the request. If the Data Subject requests access to all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all personal data of the Data Subject is mapped and provided.
A Data Subject has the right to:
learn if we process the Data Subject’s Personal Data;
obtain disclosure regarding aspects of the processing, including detailed and case-specific information on purposes, categories of Personal Data, recipients/categories of recipients, retention periods, information about one’s rights, details of the relevant safeguards where personal data is transferred outside the EEA, and any third-party source of the personal data; and
obtain a copy of the Personal Data undergoing processing upon the request.
The right to verify the Data Subject’s information and seek its rectification. The information we collect can be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of birth, info on debts, economic activities). If we reveal that the Personal Data is inaccurate or the Data Subject requests us to do so, we must ensure that we correct all mistakes and update the relevant information.
The right to restrict processing.
The restriction of processing allows Data Subjects to temporarily stop the use of their information to prevent the possible harm caused by such use.
This right applies when the Data Subject:
contests the accuracy of the Personal Data;
believes that we process the Personal Data unlawfully; and
objects against the processing and wants us not to process Personal Data while we are considering the request.
In the case of receiving the restriction request, we must not process Personal Data in question for any other purpose than storing it or for legal compliance purposes until the circumstances of restriction cease to exist.
The right to withdraw the consent. For the activities that require consent, the Data Subject can revoke their consent at any time. If the Data Subject revokes the consent, we must record the changes and must not process the Personal Data for consent-based purposes. The withdrawal of consent does not affect the lawfulness of the processing done before the withdrawal.
The right to object against the processing.
If we process the information in our legitimate interests, e.g., for direct marketing emails or for our marketing research purposes, the Data Subject can object against the processing.
In the case of receiving the objection request case, we must consider Data Subject’s request and, where we do not have compelling interests, stop the processing for the specified purposes. If the personal data is still to be processed for other purposes, the Privacy Manager must make sure that the database has a record that the data cannot be further processed for the objected activities.
The objection request can be refused only if the personal data in question is used for scientific/historical research or statistical purposes and was appropriately protected, i.e., by anonymization or pseudonymization techniques.
Right to erasure/to be forgotten.
The Data Subjects have the right to request us to erase their Personal Data if one of the following conditions are met:
Personal Data is no longer necessary for the purposes of collection. For example, a user has provided personal data for a one-time activity, such as data validation or participation in a contest, and the purpose is already fulfilled;
the Data Subject revokes one’s consent or objects to the processing (where applicable) and there is no other legal ground for the processing; or
we process the Personal Data unlawfully or its erasure is required by the applicable legislation of the European Union or one of the Member countries of the European Union.
Conditions, under which we have the right to refuse the erasure:
Personal Data is processed for scientific/historical research or statistical purposes and is appropriately protected, i.e., pseudonymized or anonymized;
Personal Data is still necessary for legal compliance (e.g., financial or labor laws compliance).
Only those personal data records must be deleted that were specified in the request. If the Data Subject requests the deletion of all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all the data about the Data Subject is mapped and can be deleted.
If the User still has an account with us and requests the erasure of information necessary for maintaining the account, we must inform the User that the erasure will affect user experience or can lead to the closure of the account.
Data portability.
Data Subjects can ask us to transfer all the Personal Data and/or its part in a machine-readable format to a third party. This right applies in two cases:
personal data was collected for the purpose of provision of our services (performance of the contract); or
collected based on consent.
To determine whether one of the p.6.9.1 conditions are met, the employee must seek advice from the Privacy Manager and check the applicable legal basis in the Records of processing activities. If the answer is negative, the request can be refused by PlayForm, and the Privacy Manager must decide whether to comply with the request on a voluntary basis.
To comply with the request, the responsible employee must consolidate requested Personal Data and send the data in the format we are usually working with to the requested organization. The Data Subject must provide the necessary contact details of the organization.
Notification to Privacy Manager.
Before introducing any new activity that involves the processing of personal data, an employee responsible for its implementation must inform the Privacy Manager.
Upon receiving information about a new activity, Privacy Manager must:
determine whether the data processing impact assessment (DPIA) and/or the consultation with the Supervisory Authority is necessary. If the answer is positive, the Privacy Manager must make sure the DPIA is conducted and/or the Supervisory Authority is consulted in accordance with the requirements of this Section and Data Protection Laws;
determine the legal basis for the processing and, where necessary, take further action for its fixation;
make sure the processing activity is done in accordance with this Policy, other PlayForm’s policies, as well as the Data Protection Laws;
add the processing activity to the Records of processing activities;
amend the privacy information statements and, where necessary, inform the concerned Data Subject accordingly.
Data Processing Impact Assessment.
To make sure that our current or prospective processing activities do not/will not violate the Data Subjects’ rights, PlayForm must, where required by Data Protection Laws, conduct the Data Processing Impact Assessment (DPIA), a risk-based assessment of the processing and search for the measures to mitigate the risks. The Privacy Manager must make sure the DPIA is conducted in accordance with this Section.
The Privacy Manager, where necessary, involving the competent employees and/or external advisors, must conduct a DPIA if at least one of the following conditions are met:
the processing involves the use of new technologies, such as the Artificial Intelligence, use of connected and autonomous devices, etc. that creates certain legal, economic or similar effects to the Data Subject;
we systematically assess and evaluate personal aspects of the Data Subjects based on automated profiling, assigning the personal score/rate, and create legal or similar effects for the Data Subject by this activity;
we process on a large-scale sensitive data, which includes Personal Data relating to criminal convictions and offences, the data about vulnerable data subjects, the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
we collect or process Personal Data from a publicly accessible area or public sources on a large scale, or combine or match two different data sets; and
the Supervisory Authority in its public list requires conducting a DPIA for a certain type of activity we are involved in. The list of processing activities requiring conducting DPIA can be found on the website of each Supervisory Authority.
The assessment shall contain at least the following details:
a systematic description of the processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by us. The description must include the envisaged data categories and data subjects concerned, the scale of processing activities, such as its frequency, volume, envisaged number of records, etc.; recipients of the data, retention periods and, where applicable, international transfers;
an assessment of the necessity and proportionality of the processing operations in relation to the purposes. The DPIA must explain whether the activity is necessary for the purpose and whether the purpose can be achieved by less intrusive methods;
an assessment of the risks to the rights and freedoms of data subjects, including the rights of Data Subjects regarding their Personal Data.
The examples of risks are the processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects; and
the measures to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation.
Where the DPIA did not provide how to effectively address the risks, the Privacy Manager must initiate the consultation with the competent Supervisory Authority to receive help with searching for the solution. In this case, PlayForm must not conduct the activity before the Supervisory Authority approves the processing activity in question.
General Rule.
The Privacy Manager must make sure that PlayForm clearly defined the data storage periods and/or criteria for determining the storage periods for each processing activity it has. The periods for each processing activity must be specified in the Records of processing activities.
Each department within PlayForm must comply with the data storage periods in accordance with the retention schedule provided in Records of processing activities. The Privacy Manager must supervise each department and make sure they comply with this requirement.
After the storage period ends, the personal data must be removed from the disposal of the department responsible for the processing or, in cases where the data is not needed for any other purposes, destroyed completely, including from back-up copies and other media.
Whenever the storage period for a processing activity has ended, but the personal data processed is necessary for other processing purposes, the department manager must make sure that the personal data is not used for the ceased processing activity, and the responsible employees do not have the access to it unless required for any other activity.
Exemptions. The rules specified in Subsection 8.1 have the following exceptions:
Business needs. Data retention periods can be prolonged, but no longer than 60 days, in the case that the data deletion will interrupt or harm our ongoing business. The Privacy Manager must approve any unforeseen prolongation;
Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For example, deletion of the information may lead to breach of system integrity, or it is impossible to delete the information from the backup copies. In such a case, the information can be further stored, subject to the approval by the Privacy Manager and making respective amendments to the Records of processing activities; and
Anonymization. The Personal Data can be further processed for any purposes (e.g., marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data. To consider Personal Data anonymous, it must be impossible to reidentify the Data Subject from the data set.
Each department within PlayForm shall take all appropriate technical and organizational measures that protect against unauthorized, unlawful, and/or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of unauthorized persons regarding the personal data under their responsibility.
The employee responsible for the supervision after the security of personal data within PlayForm shall be DSR Officer. This person implements the guidelines and other specifications on data protection and information security in his area of responsibility. He/she advises PlayForm management on the planning and implementation of information security in PlayForm, and must be involved in all projects at an early stage in order to take security-related aspects into account as early as the planning phase.
Response Team.
In case of revealing the Data Breach, CEO of PlayForm shall urgently form the Data Breach Response Team (the “Response Team”), which will handle the Data Breach, notify the appropriate persons, and mitigate its risks.
The Response Team must be а multi-disciplinary group headed by CEO of PlayForm and comprised of the Privacy Manager, privacy laws specialist (whether internal or external), and knowledgeable and skilled information security specialists within PlayForm or outsourcing professionals, if necessary. The team must ensure that all employees and engaged contractors/processors adhere to this Policy and provide an immediate, effective, and skillful response to any suspected/alleged or actual Data Breach affecting PlayForm.
The potential members of the Response Team must be prepared to respond to а Data Breach. The Response Team shall perform all the responsibilities of PlayForm mentioned in this Policy. The duties of the Response Team are:
to communicate the Data Breach to the competent Supervisory Authority(-ies);
in case of high risk to the rights and freedoms of Data Subjects, to communicate the Data Breach to the Data Subject;
if PlayForm obtain data from any third party as a processor, and a Data Breach involves obtained data, to inform the third parties about the Data Breach;
to communicate PlayForm’s contractors or any other third parties that process the Personal Data involved in the Data Breach; and
to take all appropriate technical and organizational measures to cease the Data Breach and mitigate its consequences;
to record the fact of the Data Breach in the Records of processing activities and file an internal data breach report that describes the event.
The Response Team shall perform its duties until all the necessary measures required by this Policy are taken.
Notification to Supervisory Authority.
PlayForm shall inform the Competent Supervisory Authority about the Data Breach without undue delay and, where it is possible, not later than 72 hours after having become aware of the Data Breach.
The Competent Supervisory Authority shall be determined by the residence of the Data Subjects, whose information was involved in the Data Breach. If the Data Breach concerns the Personal Data of Data Subjects from more than one country, PlayForm shall inform all Competent Supervisory Authorities.
To address the notification to the authority, the Response Team should use Annex 1 to this Policy. Annex 1 contains all the necessary contact information of the EU supervisory authorities. If the Data Breach concerns Data Subjects from other than the EU countries, the Response Team shall ask a competent privacy specialist for advice.
The notification to the Competent Supervisory Authority shall contain, at least, following information:
the nature of the Data Breach including where possible, the categories and an approximate number of Data Subjects and Personal Data records concerned;
the name and contact details of the Response Team, Privacy Manager or, if not applicable, of the CEO;
the likely consequences of the Data Breach. Explain PlayForm’s point of view on the purposes and possible further risks of the Data Breach. E.g., the Personal Data may be stolen for the further sale, fraud activities or blackmailing the concerned Data Subjects; and
the measures taken or proposed to be taken by PlayForm to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
To file a notification, the Response Team should use PlayForm’s Data Breach Notification Form to the Supervisory Authority.
Notifications to Data Subjects.
When the Data Breach is likely to result in a high risk to the rights and freedoms of Data Subjects (e.g., stealing of funds, assets, proprietary information), we must also communicate the Data Breach to the concerned Data Subjects without undue delay. The Privacy Manager must determine if there is a high risk based on the risk factors specified in Subsection 7.2.3 of this Policy.
The notification shall contain the following information:
description of the Data Breach - what happened and what led to the Data Breach, such as a security breach, employee’s negligence, error in the system work. If the Response Team decided not to disclose the causes of the Data Breach, then this clause must not be mentioned;
the measures taken by PlayForm regarding the Data Breach, including security measures, internal investigations, and supervisory authority notice;
recommendations for the concerned Data Subjects how to mitigate risks and possible consequences, such as guidelines on how to restore access to an account, preventing measures (change of a password); and
the contact information of the Response Team or one of its members.
The notification to the Data Subjects should be carried out by the email letter or, where it is impossible to use the email, by other available means of communication.
Exemptions. We do not have to send the notification to the Data Subjects if any of the following conditions are met:
PlayForm has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, in particular, those that leave the Personal Data inaccessible to any person who is not authorized to access it, such as encryption;
PlayForm has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects referred to in this section is no longer likely to materialize; or
it would involve a disproportionate effort to communicate with every concerned Data Subject. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
In the case we apply one of the exemptions, we must document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
Communication with Third Parties.
In the case a Data Breach concerns the Personal Data shared with us or processed by us on behalf of a Third Party, we must also notify the Third Party about it within 24 hours. If we process the Personal Data as a Data Processor, the notification of the Third Party does not exempt us from the duty to mitigate the Data Breach consequences, but we must not inform the Competent Supervisory Authority and Data Subjects.
In case of receiving the notification about the Data Breach from the Data Processor or other Third Parties that have access to the Personal Data, CEO of PlayForm shall, in accordance with this Section:
form the Response Team;
request the Third Party to send the information mentioned in Subsections 10.2-3 of this Policy;
where necessary, inform the Competent Supervisory Authority(-ies) and Data Subjects; and
perform other steps of the Data Breach response procedure.
List of Persons Briefed on Personal Data Protection Policy
Full Name | Status | Date |
| Nikola Hristov | Briefed | 05.25.2018 |
European National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Wien
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
E-mail: dsb@dsb.gv.at
WebSite: https://www.dsb.gv.at
Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische Datenschutzbehörde
Belgium
Commission de la protection de la vie privée
Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
E-mail: commission@privacycommission.be
WebSite: https://www.privacycommission.be
Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy commission
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
Tel. +359 2 915 3580
Fax +359 2 915 3525
E-mail: kzld@cpdp.bg
WebSite: https://www.cpdp.bg
Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for Personal Data Protection
Art 29 WP Alternate Member: Ms. Mariya MATEVA
Croatia
Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-mail: azop@azop.hr or info@azop.hr
WebSite: https://www.azop.hr
Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection Agency
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
WebSite: https://www.dataprotection.gov.cy
Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU
Art 29 WP Alternate Member: Mr. Constantinos GEORGIADES
Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail: posta@uoou.cz
WebSite: https://www.uoou.cz
Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data Protection
Art 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the Office
Denmark
Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-mail: dt@datatilsynet.dk
WebSite: https://www.datatilsynet.dk
Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection Agency (Datatilsynet)
Art 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International Division at the Danish Data Protection Agency (Datatilsynet)
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Väike-Ameerika 19
10129 Tallinn
Tel. +372 6274 135
Fax +372 6274 137
E-mail: info@aki.ee
WebSite: https://www.aki.ee/en
Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Maarja Kirss
Finland
Office of the Data Protection Ombudsman
P.O. Box 315
FIN-00181 Helsinki Tel. +358 10 3666 700
Fax +358 10 3666 735
E-mail: tietosuoja@om.fi
WebSite: https://www.tietosuoja.fi/en
Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection Authority
Art 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
France
Commission Nationale de l’Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
WebSite: https://www.cnil.fr
Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL
Art 29 WP Alternate Member: Ms. Florence RAYNAL
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail: poststelle@bfdi.bund.de
WebSite: https://www.bfdi.bund.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of Information
Art 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the federal states
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-mail: contact@dpa.gr
WebSite: https://www.dpa.gr
Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA
Art 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
Hungary
National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C H-1125 Budapest
Tel. +36 1 3911 400
E-mail: peterfalvi.attila@naih.hu
WebSite: https://www.naih.hu
Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for Data Protection and Freedom of Information
Art 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commissioner
Canal House Station Road Portarlington Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
E-mail: info@dataprotection.ie
WebSite: https://www.dataprotection.ie
Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner
Art 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale SUNDERLAND, Deputy Commissioner
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail: garante@garanteprivacy.it
WebSite: https://www.garanteprivacy.it
Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei dati personali
Art 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate Director: Ms. Daiga Avdejanova
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-mail: info@dvi.gov.lv
WebSite: https://www.dvi.gov.lv
Art 29 WP Alternate Member: Ms. Aiga BALODE
Lithuania
State Data Protection
Žygimantų str. 11-6a 011042 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-mail: ada@ada.lt
WebSite: https://www.ada.lt
Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of Complaints Investigation and International Cooperation Division
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
Fax +352 2610 60 29
E-mail: info@cnpd.lu
WebSite: https://www.cnpd.lu
Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour la Protection des Données
Art 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
Malta
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr. Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549 Tel. +356 2328 7100
Fax +356 2328 7198
E-mail: commissioner.dataprotection@gov.mt
WebSite: https://idpc.org.mt
Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection Commissioner
Art 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme Implementation
Netherlands
Autoriteit Persoonsgegevens
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
Fax +31 70 888 8501
E-mail: info@autoriteitpersoonsgegevens.nl
WebSite: https://autoriteitpersoonsgegevens.nl/nl
Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens
Poland
The Bureau of the Inspector General for the Protection of Personal Data – GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
WebSite: https://www.giodo.gov.pl
Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection of Personal Data
Portugal
Comissão Nacional de Protecção de Dados - CNPD
R. de São. Bento, 148-3° 1200-821 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-mail: geral@cnpd.pt
WebSite: https://www.cnpd.pt
Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção de Dados
Art 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
Romania
The National Supervisory Authority for Personal Data Processing President: Mrs. Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
E-mail: anspdcp@dataprotection.ro
WebSite: https://www.dataprotection.ro
Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory Authority for Personal Data Processing
Art 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and Communication Department
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-mail: statny.dozor@pdp.gov.sk
WebSite: https://dataprotection.gov.sk
Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data Protection of the Slovak Republic
Art 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
Slovenia
Information Commissioner
Ms. Mojca Prelesnik Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-mail: gp.ip@ip-rs.si
WebSite: https://www.ip-rs.si
Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic of Slovenia
Spain
Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail: internacional@agpd.es
WebSite: https://www.agpd.es
Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data Protection Agency
Art 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
Sweden
Datainspektionen
Drottninggatan 29 5th Floor
Box 8114
20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-mail: datainspektionen@datainspektionen.se
WebSite: https://www.datainspektionen.se
Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data Inspection Board
Art 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
E-mail: international.team@ico.org.uk
WebSite: https://ico.org.uk
Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner
Art 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
EUROPEAN FREE TRADE AREA (EFTA)
Iceland
Icelandic Data Protection Agency
Rauðarárstíg 10
Reykjavík
Tel. +354 510 9600; Fax +354 510 9606
E-mail: postur@personuvernd.is
WebSite: https://www.personuvernd.is
Liechtenstein
Data Protection Office
Kirchstrasse 8, P.O. Box 684
9490 Vaduz
Principality of Liechtenstein Tel. +423 236 6090
E-mail: info.dss@llv.li
WebSite: https://www.datenschutzstelle.li
Norway
Datatilsynet
Data Protection Authority: Mr. Bjørn Erik THORN
The Data Inspectorate
P.O. Box 8177 Dep 0034 Oslo
Tel. +47 22 39 69 00; Fax +47 22 42 23 50
E-mail: postkasse@datatilsynet.no
WebSite: https://www.datatilsynet.no
Switzerland
Data Protection and Information Commissioner of Switzerland
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian Lobsiger
Feldeggweg 1
3003 Bern
Tel. +41 58 462 43 95; Fax +41 58 462 99 96
E-mail: contact20@edoeb.admin.ch
WebSite: https://www.edoeb.admin.ch
Effective date: 05.25.2018 / May 25th 2018
Last updated: 02.11.2022 / February 11th 2022
We at PlayForm ltd. are committed to processing personal data securely and respecting privacy of the concerned individuals.
| Version No. and date of the last update: | v. 1.0. February 11th 2022 |
| This policy shall be reviewed annually or each time when the changes in our data processing occur. | |
Scope. This Personal Data Protection Policy (the “Policy”) describes PlayForm ltd. internal rules for personal data processing and protection. The Policy applies to PlayForm ltd., including PlayForm ltd. employees and contractors (“we”, “us”, “our”, “PlayForm”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
Privacy Manager. Privacy Manager is an employee of PlayForm responsible for personal data protection compliance within PlayForm (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at PlayForm ltd. is Nikola Hristov Nikola@PlayForm.Cloud.
Definitions.
| Competent Supervisory Authority | means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. |
| Data Breach | means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. |
| Data Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. |
| Data Processor | means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. |
| Data Protection Laws | mean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). |
| Data Subject Request (DSR) | means any request from the Data Subject and concerning their personal data and/or data subject rights. |
| Data Subject | means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. |
| Personal Data | means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. |
| Processing | means any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Standard Contractual Clauses | means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). |
| Third Party | means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. |
| User | means a Data Subject who uses our services provided on PlayForm website. |
PlayForm’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that PlayForm’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
We must process the Personal Data in accordance with the following principles:
Lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency). We shall always have a legal ground for the processing (described in Section 3 of this Policy), collect the amount of data adequate to the purpose and legal grounds, and we make sure the Data Subjects are aware of the processing;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation). We must not process the Personal Data for the purposes not specified in our compliance documentation without obtaining specific approval of the Privacy Manager;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization). We always make sure the data we collect is not excessive and limited by the strict necessity;
Accurate and, where necessary, kept up to date (accuracy). We endeavor to delete inaccurate or false data about Data Subjects and make sure we update the data. Data Subjects can ask us for a correction of the Personal Data;
Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (storage period limitation). The storage periods must be limited as prescribed by Data Protection Laws and this Policy; and
Process in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (confidentiality, integrity, and availability).
Accountability.
We shall be able to demonstrate our compliance with Data Protection Laws (accountability principle). In particular, we must ensure and document all relevant procedures, efforts, internal and external consultations on personal data protection including:
the fact of appointing a person responsible for PlayForm’s data protection compliance;
where necessary, a record of a Data Processing Impact Assessment;
developed and implemented notices, policies, and procedures, such as Privacy Notice, this policy or Data Breach response procedure;
the fact of staff training on compliance with Data Protection laws; and
assessment, implementation, and testing organizational and technical data protection measures.
The Privacy Manager must maintain PlayForm’s Records of processing activities, which is an accountability document that describes personal data processing activities of PlayForm, prepared in accordance with Art. 30 of the GDPR (the “Records of processing activities”). The Records of processing activities must maintain, at least, the following information about each processing activity:
contact details of PlayForm, the EU Representative, and, where applicable, of the Data Protection Officer;
name of the activity, its purposes and legal basis along with, where applicable, the legitimate interests of PlayForm;
data subjects and personal data categories concerned;
data retention periods;
general description of applicable security measures;
recipients, including joint controllers, processors, and contractors involved, as well as the fact of the international data transfer with the safeguards applied to the transfer;
where applicable, a reference to the Data Processing Impact Assessment;
where applicable, a reference to the record of the data breach occurred involving the personal data;
if PlayForm acts as a data processor, the information to be provided includes the names and contact details of controllers, name and contact details of controller’s representative (if applicable), categories of processing (activities), names of third countries or international organizations that personal data are transferred to (if applicable), safeguards for exceptional transfers of personal data to third countries or international organizations (if applicable), and general description of technical and organizational security measures.
Legal grounds.
Each processing activity must have one of the lawful grounds specified in this Section to process the Personal Data. If we do not have any of the described, we cannot collect or further process the Personal Data.
If PlayForm is intended to use personal data for other purposes than those specified in the Records of processing activities, the Privacy Manager must evaluate, determine, and, if necessary, collect/record the appropriate legal basis for it.
Performance of the contract. Where PlayForm has a contract with the Data Subject, e.g., website’s Terms of Use or the employment contract, and the contract requires the provision of personal data from the Data Subject, the applicable legal ground will be the performance of the contract.
Consent. To process the personal data based on the consent, we must obtain the consent before the Processing and keep the evidence of the consent with the records of Data Subject’s Personal Data. The Privacy Manager must make sure that the consent collected from Data Subjects meet the requirements of Data Protection Laws and this Policy. In particular, the Privacy Manager must make sure that:
the Data Subject must be free to give or refuse to give consent.
the consent is in the form of an active indication from the Data Subject, i.e., the consent checkbox must not be pre-ticked for the user.
the request for the consent clearly articulates the purposes of the processing, and other information specified in Subsection 6.2 is available to the Data Subject.
the Data Subject must be free to give one’s consent or to revoke it.
Legitimate interests. We have the right to use personal data in our ‘legitimate interests’. The interests can include the purposes that are justified by the nature of our business activities, such as the marketing analysis of personal data. For PlayForm to use legitimate interests as a legal ground for the processing, the Privacy Manager must make sure that:
the legitimate interest in the processing is clearly defined and recorded in the Records of processing activities;
any envisaged risks to Data Subject rights and interests are spotted. The examples of the risks can be found in Subsection 7.2.;
the Data Subjects have reasonable expectations about the processing, and additional protective measures to address the risks are taken;
subject to the conditions of Subsection 6.7 (Right to object against the processing), the Data Subject is provided with the opportunity to opt-out from the processing for the described legitimate interests.
If at least one of the above conditions is not met by PlayForm, the Privacy Manager must choose and propose a different legal ground for the processing, such as consent.
Legal Compliance and Public Interest. Besides the grounds specified afore, we might be requested by the laws of the European Union or laws of the EU Member State to process Personal Data of our Users. For example, we can be required to collect, analyze, and monitor the information of Users to comply with financial or labor laws.
Whenever we have such an obligation, we must make sure that:
we process personal data strictly in accordance with relevant legal requirements;
we do not use or store the collected Personal Data for other purposes than legal compliance; and
the Data Subjects are properly and timely informed about our obligations, scope, and conditions of personal data processing.
Important: Where PlayForm has the law requirements of another country to process personal data, the Privacy Manager must propose using another legal ground for the processing under Data Protection Laws, such as legitimate interests or consent.
Access to Personal Data.
The employees must have access to the personal data on a “need-to-know” basis. The data can be accessed only if it is strictly necessary to perform one of the activities specified in the Records of processing activities. The employees and contractors shall have access to the Personal Data only if they have the necessary credentials for it.
Heads of the departments within PlayForm are responsible for their employees’ access and processing of personal data. The heads must maintain the list of employees that are entitled to access and process personal data. The Privacy Manager shall have the right to review the list and, where necessary, request the amendments to meet the requirements of this Policy.
Heads of the departments within PlayForm must ensure that the employees under their supervision are aware of the Data Protection Laws and comply with the rules set in this Policy. To make sure our employees are able to comply with the data protection requirements, we must provide them with adequate data protection training.
All employees accessing personal data shall keep strict confidentiality regarding the data they access. The employees that access personal data must use only those means (software, premises, etc.) for the processing that were prescribed by PlayForm. The data must not be disclosed or otherwise made available out of the management instructions.
The employees within their competence must assist PlayForm’s representatives, including the Privacy Manager, in any efforts regarding compliance with Data Protection Laws and/or this Policy.
When an employee detects or believes there is suspicious activity, data breach, non-compliance with Data Protection Laws and/or this Policy, or a DSR was not routed to the competent department within PlayForm, the employee must report such activity to the Privacy Manager.
Employees that are unsure about whether they can legitimately process or disclose Personal Data must seek advice from the Privacy Manager before taking any action.
Any occasional access to personal data for activities not specified in the Records of processing activities is prohibited. If there is a strict necessity for immediate access, the Privacy Manager must approve the access first.
Before sharing personal data with any person outside of PlayForm, the Privacy Manager must ensure that this Third Party has an adequate data protection level and provide sufficient data protection guarantees in accordance with Data Protection Laws, including, but not limited to the processorship requirements (Art. 28 of the GDPR) and international transfers compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager must make sure that PlayForm enters into the appropriate data protection contract with the third party.
An employee can share personal data with third parties only if and to the extent that was directly prescribed by the manager and specified in the Records of processing activities.
If we are required to delete, change, or stop the processing of the Personal Data, we must ensure that the Third Parties, with whom we shared the Personal Data, will fulfill these obligations accordingly.
Whenever PlayForm is engaged as a data processor on behalf of another entity, the Privacy Manager must make sure PlayForm complies with the processorship obligation. In particular, the appropriate data processing agreement in accordance with the Data Protection Laws must be in place. The Privacy Manager must supervise the compliance with data processing instructions from the controller, including regarding the scope of processing activities, involvement of sub-processors, international transfers, storage, and further disposal of processed personal data. The personal data processed under the processor role must not be processed for any other purposes than specified in the relevant instructions, agreement or other legal act regulating the relationships with the controller.
If we have the employees, contractors, corporate affiliates, or Data Processors outside of the EEA, and we transfer Personal Data to them for the processing, the Privacy Manager must make sure PlayForm takes all necessary and appropriate safeguards in accordance with Data Protection Laws.
The Privacy Manager must assess the safeguards available and propose to the PlayForm’s management the appropriate safeguard for each international transfer. The following regimes apply to the transfers of Personal Data outside of the EU:
where the European Commission decides that the country has an adequate level of personal data protection, the transfer does not require taking additional safeguards. The full list of adequate jurisdictions can be found on the relevant page of the European Commission’s website1.
to transfer Personal Data to our contractors or partners (Data Processors or Controllers) in other third countries, we must conclude Standard Contractual Clauses with that party. The draft version along with the guidance can be found on the relevant page of the European Commission’s website2;
if we have a corporate affiliate or an entity in other countries, we may choose to adopt Binding Corporate Rules in accordance with Article 47 of the GDPR or an approved code of conduct pursuant to Article 40 of the GDPR;
we also can transfer Personal Data to entities that have an approved certification in accordance with Article 42 of the GDPR, which certifies an appropriate level of company’s data protection.
As a part of the information obligations, PlayForm must inform the Data Subjects that their Personal Data is being transferred to other countries, as well as provide them with the information about the safeguards used for the transfer. The information obligation is to be performed in accordance with Subsection 6.2.
In the exceptional cases (the “Derogation”), where we cannot apply the safeguards mentioned afore and we need to transfer Personal Data, we must take an explicit consent (active statement) from the Data Subject or it must be strictly necessary for the performance of the contract between us and the Data Subject, or other derogation conditions apply in accordance with the Data Protection Laws. The Privacy Manager must pre-approve any Derogation transfers and document the approved Derogations, as well as the rationale for them.
Our Responsibilities.
Privacy Manager is ultimately responsible for handing all DSR received by PlayForm. In the case of receiving any outstanding or unusual DSR, the employee must seek advice from the Privacy Manager before taking any action.
DSR Team within PlayForm is responsible for handling DSRs from PlayForm Users on a daily basis. The Human Resources department is responsible for handling the DSR from PlayForm employees.
All DSRs from the Users must be addressed at and answered from the following e-mail address: dsr@playform.cloud. DSR from the employees can be addressed directly to the HR manager or at dsr@playform.cloud.
The responsible employee must answer to the DSR within one (1) month from receiving the request. If complying with the DSR takes more than one month in time, the responsible employee must seek advice from the Privacy Manager and, where necessary, inform the Data Subject about the prolongation of the response term for up to two (2) additional months.
The responsible employee must analyze the received DSR for the following criteria:
Data Subject identification. Before considering the DSR content, the responsible employee must make sure the Data Subject is the same person he/she claims to be. For this purpose, the connection between the personal data records and the data subject must be established.
Personal data. The responsible employee must check whether PlayForm has access to the personal data requested. If PlayForm does not have the personal data under the control, the responsible employee must inform the Data Subject, and, if possible, instruct on the further steps on how to access the data in question;
Content of the request. Depending on the content of the DSR, the responsible employee must define the type of the request and check whether it meets the conditions prescribed by this Policy and Data Protection Laws. The types of requests and the respective conditions for each of them can be consulted in Subsections 6.3-6.9. If the request does not meet the described criteria, the responsible employee must refuse to comply with the DSR and inform the Data Subject about the reasons for refusing;
Free of charge. Generally, all requests of Data Subjects and exercises of their rights are free of charge. If the responsible employee finds that the Data Subject exercises the rights in an excessive or unfound way (e.g., intended to harm or interrupt PlayForm’s business activities), the employee must seek the advice from the Privacy Manager, and, upon receiving of the latter, may either charge the Data Subject a reasonable fee or refuse to comply with the request;
Documenting. Whenever PlayForm receives the DSR, the Privacy Manager must make sure that the data and time, Data Subject, type of the request and the decision made regarding it are well documented. In the case of refusing to comply with the request, the reasons for refusing must be documented as well;
Recipients. When addressing the DSR, the Privacy Manager must make sure that all concerned recipients were informed the necessary actions were taken.
The right to be informed.
PlayForm must notify each Data Subject about the collection and further processing of the Personal Data.
The information to be provided includes: the name and contact details of PlayForm; generic purposes of and the lawful basis for the data collection and further processing; categories of Personal Data collected; recipients/categories of recipients; retention periods; information about data subject rights, including the right to complain to the competent Supervisory Authority; the consequences of the cases where the data is necessary for the contract performance and the Data Subject does not provide the required data; details of the safeguards where personal data is transferred outside the EEA; and any third-party source of the personal data, without specification for the particular case (except if we receive the direct request from the Data Subject).
The Users must be informed by the Privacy Policy accessible at PlayForm’s website and provided during the user registration. The employees and contractors must be informed by a standalone employee privacy statement, which explains the details described in p. 6.2.2 in a case-based manner, describing the particular purposes and activities.
PlayForm must inform Data Subjects about data processing, including any new processing activity introduced at PlayForm within the following term:
if personal data is collected from the data subject directly, the data subject must be informed at the time we collect Personal Data from the Data Subjects by showing the Data Subject our privacy statement;
if the personal data is collected from other sources: (a) within one month from collecting it; (b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or (c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
upon the request of the Data Subject; and
within one (1) month after any change of our personal data practices, change of the controller of Personal Data or after significant changes in our privacy statements.
The right to access the information.
The Data Subject must be provided only with those personal data records specified in the request. If the Data Subject requests access to all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all personal data of the Data Subject is mapped and provided.
A Data Subject has the right to:
learn if we process the Data Subject’s Personal Data;
obtain disclosure regarding aspects of the processing, including detailed and case-specific information on purposes, categories of Personal Data, recipients/categories of recipients, retention periods, information about one’s rights, details of the relevant safeguards where personal data is transferred outside the EEA, and any third-party source of the personal data; and
obtain a copy of the Personal Data undergoing processing upon the request.
The right to verify the Data Subject’s information and seek its rectification. The information we collect can be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of birth, info on debts, economic activities). If we reveal that the Personal Data is inaccurate or the Data Subject requests us to do so, we must ensure that we correct all mistakes and update the relevant information.
The right to restrict processing.
The restriction of processing allows Data Subjects to temporarily stop the use of their information to prevent the possible harm caused by such use.
This right applies when the Data Subject:
contests the accuracy of the Personal Data;
believes that we process the Personal Data unlawfully; and
objects against the processing and wants us not to process Personal Data while we are considering the request.
In the case of receiving the restriction request, we must not process Personal Data in question for any other purpose than storing it or for legal compliance purposes until the circumstances of restriction cease to exist.
The right to withdraw the consent. For the activities that require consent, the Data Subject can revoke their consent at any time. If the Data Subject revokes the consent, we must record the changes and must not process the Personal Data for consent-based purposes. The withdrawal of consent does not affect the lawfulness of the processing done before the withdrawal.
The right to object against the processing.
If we process the information in our legitimate interests, e.g., for direct marketing emails or for our marketing research purposes, the Data Subject can object against the processing.
In the case of receiving the objection request case, we must consider Data Subject’s request and, where we do not have compelling interests, stop the processing for the specified purposes. If the personal data is still to be processed for other purposes, the Privacy Manager must make sure that the database has a record that the data cannot be further processed for the objected activities.
The objection request can be refused only if the personal data in question is used for scientific/historical research or statistical purposes and was appropriately protected, i.e., by anonymization or pseudonymization techniques.
Right to erasure/to be forgotten.
The Data Subjects have the right to request us to erase their Personal Data if one of the following conditions are met:
Personal Data is no longer necessary for the purposes of collection. For example, a user has provided personal data for a one-time activity, such as data validation or participation in a contest, and the purpose is already fulfilled;
the Data Subject revokes one’s consent or objects to the processing (where applicable) and there is no other legal ground for the processing; or
we process the Personal Data unlawfully or its erasure is required by the applicable legislation of the European Union or one of the Member countries of the European Union.
Conditions, under which we have the right to refuse the erasure:
Personal Data is processed for scientific/historical research or statistical purposes and is appropriately protected, i.e., pseudonymized or anonymized;
Personal Data is still necessary for legal compliance (e.g., financial or labor laws compliance).
Only those personal data records must be deleted that were specified in the request. If the Data Subject requests the deletion of all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all the data about the Data Subject is mapped and can be deleted.
If the User still has an account with us and requests the erasure of information necessary for maintaining the account, we must inform the User that the erasure will affect user experience or can lead to the closure of the account.
Data portability.
Data Subjects can ask us to transfer all the Personal Data and/or its part in a machine-readable format to a third party. This right applies in two cases:
personal data was collected for the purpose of provision of our services (performance of the contract); or
collected based on consent.
To determine whether one of the p.6.9.1 conditions are met, the employee must seek advice from the Privacy Manager and check the applicable legal basis in the Records of processing activities. If the answer is negative, the request can be refused by PlayForm, and the Privacy Manager must decide whether to comply with the request on a voluntary basis.
To comply with the request, the responsible employee must consolidate requested Personal Data and send the data in the format we are usually working with to the requested organization. The Data Subject must provide the necessary contact details of the organization.
Notification to Privacy Manager.
Before introducing any new activity that involves the processing of personal data, an employee responsible for its implementation must inform the Privacy Manager.
Upon receiving information about a new activity, Privacy Manager must:
determine whether the data processing impact assessment (DPIA) and/or the consultation with the Supervisory Authority is necessary. If the answer is positive, the Privacy Manager must make sure the DPIA is conducted and/or the Supervisory Authority is consulted in accordance with the requirements of this Section and Data Protection Laws;
determine the legal basis for the processing and, where necessary, take further action for its fixation;
make sure the processing activity is done in accordance with this Policy, other PlayForm’s policies, as well as the Data Protection Laws;
add the processing activity to the Records of processing activities;
amend the privacy information statements and, where necessary, inform the concerned Data Subject accordingly.
Data Processing Impact Assessment.
To make sure that our current or prospective processing activities do not/will not violate the Data Subjects’ rights, PlayForm must, where required by Data Protection Laws, conduct the Data Processing Impact Assessment (DPIA), a risk-based assessment of the processing and search for the measures to mitigate the risks. The Privacy Manager must make sure the DPIA is conducted in accordance with this Section.
The Privacy Manager, where necessary, involving the competent employees and/or external advisors, must conduct a DPIA if at least one of the following conditions are met:
the processing involves the use of new technologies, such as the Artificial Intelligence, use of connected and autonomous devices, etc. that creates certain legal, economic or similar effects to the Data Subject;
we systematically assess and evaluate personal aspects of the Data Subjects based on automated profiling, assigning the personal score/rate, and create legal or similar effects for the Data Subject by this activity;
we process on a large-scale sensitive data, which includes Personal Data relating to criminal convictions and offences, the data about vulnerable data subjects, the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
we collect or process Personal Data from a publicly accessible area or public sources on a large scale, or combine or match two different data sets; and
the Supervisory Authority in its public list requires conducting a DPIA for a certain type of activity we are involved in. The list of processing activities requiring conducting DPIA can be found on the website of each Supervisory Authority.
The assessment shall contain at least the following details:
a systematic description of the processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by us. The description must include the envisaged data categories and data subjects concerned, the scale of processing activities, such as its frequency, volume, envisaged number of records, etc.; recipients of the data, retention periods and, where applicable, international transfers;
an assessment of the necessity and proportionality of the processing operations in relation to the purposes. The DPIA must explain whether the activity is necessary for the purpose and whether the purpose can be achieved by less intrusive methods;
an assessment of the risks to the rights and freedoms of data subjects, including the rights of Data Subjects regarding their Personal Data.
The examples of risks are the processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects; and
the measures to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation.
Where the DPIA did not provide how to effectively address the risks, the Privacy Manager must initiate the consultation with the competent Supervisory Authority to receive help with searching for the solution. In this case, PlayForm must not conduct the activity before the Supervisory Authority approves the processing activity in question.
General Rule.
The Privacy Manager must make sure that PlayForm clearly defined the data storage periods and/or criteria for determining the storage periods for each processing activity it has. The periods for each processing activity must be specified in the Records of processing activities.
Each department within PlayForm must comply with the data storage periods in accordance with the retention schedule provided in Records of processing activities. The Privacy Manager must supervise each department and make sure they comply with this requirement.
After the storage period ends, the personal data must be removed from the disposal of the department responsible for the processing or, in cases where the data is not needed for any other purposes, destroyed completely, including from back-up copies and other media.
Whenever the storage period for a processing activity has ended, but the personal data processed is necessary for other processing purposes, the department manager must make sure that the personal data is not used for the ceased processing activity, and the responsible employees do not have the access to it unless required for any other activity.
Exemptions. The rules specified in Subsection 8.1 have the following exceptions:
Business needs. Data retention periods can be prolonged, but no longer than 60 days, in the case that the data deletion will interrupt or harm our ongoing business. The Privacy Manager must approve any unforeseen prolongation;
Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For example, deletion of the information may lead to breach of system integrity, or it is impossible to delete the information from the backup copies. In such a case, the information can be further stored, subject to the approval by the Privacy Manager and making respective amendments to the Records of processing activities; and
Anonymization. The Personal Data can be further processed for any purposes (e.g., marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data. To consider Personal Data anonymous, it must be impossible to reidentify the Data Subject from the data set.
Each department within PlayForm shall take all appropriate technical and organizational measures that protect against unauthorized, unlawful, and/or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of unauthorized persons regarding the personal data under their responsibility.
The employee responsible for the supervision after the security of personal data within PlayForm shall be DSR Officer. This person implements the guidelines and other specifications on data protection and information security in his area of responsibility. He/she advises PlayForm management on the planning and implementation of information security in PlayForm, and must be involved in all projects at an early stage in order to take security-related aspects into account as early as the planning phase.
Response Team.
In case of revealing the Data Breach, CEO of PlayForm shall urgently form the Data Breach Response Team (the “Response Team”), which will handle the Data Breach, notify the appropriate persons, and mitigate its risks.
The Response Team must be а multi-disciplinary group headed by CEO of PlayForm and comprised of the Privacy Manager, privacy laws specialist (whether internal or external), and knowledgeable and skilled information security specialists within PlayForm or outsourcing professionals, if necessary. The team must ensure that all employees and engaged contractors/processors adhere to this Policy and provide an immediate, effective, and skillful response to any suspected/alleged or actual Data Breach affecting PlayForm.
The potential members of the Response Team must be prepared to respond to а Data Breach. The Response Team shall perform all the responsibilities of PlayForm mentioned in this Policy. The duties of the Response Team are:
to communicate the Data Breach to the competent Supervisory Authority(-ies);
in case of high risk to the rights and freedoms of Data Subjects, to communicate the Data Breach to the Data Subject;
if PlayForm obtain data from any third party as a processor, and a Data Breach involves obtained data, to inform the third parties about the Data Breach;
to communicate PlayForm’s contractors or any other third parties that process the Personal Data involved in the Data Breach; and
to take all appropriate technical and organizational measures to cease the Data Breach and mitigate its consequences;
to record the fact of the Data Breach in the Records of processing activities and file an internal data breach report that describes the event.
The Response Team shall perform its duties until all the necessary measures required by this Policy are taken.
Notification to Supervisory Authority.
PlayForm shall inform the Competent Supervisory Authority about the Data Breach without undue delay and, where it is possible, not later than 72 hours after having become aware of the Data Breach.
The Competent Supervisory Authority shall be determined by the residence of the Data Subjects, whose information was involved in the Data Breach. If the Data Breach concerns the Personal Data of Data Subjects from more than one country, PlayForm shall inform all Competent Supervisory Authorities.
To address the notification to the authority, the Response Team should use Annex 1 to this Policy. Annex 1 contains all the necessary contact information of the EU supervisory authorities. If the Data Breach concerns Data Subjects from other than the EU countries, the Response Team shall ask a competent privacy specialist for advice.
The notification to the Competent Supervisory Authority shall contain, at least, following information:
the nature of the Data Breach including where possible, the categories and an approximate number of Data Subjects and Personal Data records concerned;
the name and contact details of the Response Team, Privacy Manager or, if not applicable, of the CEO;
the likely consequences of the Data Breach. Explain PlayForm’s point of view on the purposes and possible further risks of the Data Breach. E.g., the Personal Data may be stolen for the further sale, fraud activities or blackmailing the concerned Data Subjects; and
the measures taken or proposed to be taken by PlayForm to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
To file a notification, the Response Team should use PlayForm’s Data Breach Notification Form to the Supervisory Authority.
Notifications to Data Subjects.
When the Data Breach is likely to result in a high risk to the rights and freedoms of Data Subjects (e.g., stealing of funds, assets, proprietary information), we must also communicate the Data Breach to the concerned Data Subjects without undue delay. The Privacy Manager must determine if there is a high risk based on the risk factors specified in Subsection 7.2.3 of this Policy.
The notification shall contain the following information:
description of the Data Breach - what happened and what led to the Data Breach, such as a security breach, employee’s negligence, error in the system work. If the Response Team decided not to disclose the causes of the Data Breach, then this clause must not be mentioned;
the measures taken by PlayForm regarding the Data Breach, including security measures, internal investigations, and supervisory authority notice;
recommendations for the concerned Data Subjects how to mitigate risks and possible consequences, such as guidelines on how to restore access to an account, preventing measures (change of a password); and
the contact information of the Response Team or one of its members.
The notification to the Data Subjects should be carried out by the email letter or, where it is impossible to use the email, by other available means of communication.
Exemptions. We do not have to send the notification to the Data Subjects if any of the following conditions are met:
PlayForm has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, in particular, those that leave the Personal Data inaccessible to any person who is not authorized to access it, such as encryption;
PlayForm has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects referred to in this section is no longer likely to materialize; or
it would involve a disproportionate effort to communicate with every concerned Data Subject. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
In the case we apply one of the exemptions, we must document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
Communication with Third Parties.
In the case a Data Breach concerns the Personal Data shared with us or processed by us on behalf of a Third Party, we must also notify the Third Party about it within 24 hours. If we process the Personal Data as a Data Processor, the notification of the Third Party does not exempt us from the duty to mitigate the Data Breach consequences, but we must not inform the Competent Supervisory Authority and Data Subjects.
In case of receiving the notification about the Data Breach from the Data Processor or other Third Parties that have access to the Personal Data, CEO of PlayForm shall, in accordance with this Section:
form the Response Team;
request the Third Party to send the information mentioned in Subsections 10.2-3 of this Policy;
where necessary, inform the Competent Supervisory Authority(-ies) and Data Subjects; and
perform other steps of the Data Breach response procedure.
List of Persons Briefed on Personal Data Protection Policy
Full Name | Status | Date |
| Nikola Hristov | Briefed | 05.25.2018 |
European National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Wien
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
E-mail: dsb@dsb.gv.at
WebSite: https://www.dsb.gv.at
Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische Datenschutzbehörde
Belgium
Commission de la protection de la vie privée
Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
E-mail: commission@privacycommission.be
WebSite: https://www.privacycommission.be
Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy commission
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
Tel. +359 2 915 3580
Fax +359 2 915 3525
E-mail: kzld@cpdp.bg
WebSite: https://www.cpdp.bg
Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for Personal Data Protection
Art 29 WP Alternate Member: Ms. Mariya MATEVA
Croatia
Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-mail: azop@azop.hr or info@azop.hr
WebSite: https://www.azop.hr
Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection Agency
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
WebSite: https://www.dataprotection.gov.cy
Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU
Art 29 WP Alternate Member: Mr. Constantinos GEORGIADES
Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail: posta@uoou.cz
WebSite: https://www.uoou.cz
Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data Protection
Art 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the Office
Denmark
Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-mail: dt@datatilsynet.dk
WebSite: https://www.datatilsynet.dk
Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection Agency (Datatilsynet)
Art 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International Division at the Danish Data Protection Agency (Datatilsynet)
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Väike-Ameerika 19
10129 Tallinn
Tel. +372 6274 135
Fax +372 6274 137
E-mail: info@aki.ee
WebSite: https://www.aki.ee/en
Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Maarja Kirss
Finland
Office of the Data Protection Ombudsman
P.O. Box 315
FIN-00181 Helsinki Tel. +358 10 3666 700
Fax +358 10 3666 735
E-mail: tietosuoja@om.fi
WebSite: https://www.tietosuoja.fi/en
Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection Authority
Art 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
France
Commission Nationale de l’Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
WebSite: https://www.cnil.fr
Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL
Art 29 WP Alternate Member: Ms. Florence RAYNAL
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail: poststelle@bfdi.bund.de
WebSite: https://www.bfdi.bund.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of Information
Art 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the federal states
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-mail: contact@dpa.gr
WebSite: https://www.dpa.gr
Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA
Art 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
Hungary
National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C H-1125 Budapest
Tel. +36 1 3911 400
E-mail: peterfalvi.attila@naih.hu
WebSite: https://www.naih.hu
Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for Data Protection and Freedom of Information
Art 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commissioner
Canal House Station Road Portarlington Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
E-mail: info@dataprotection.ie
WebSite: https://www.dataprotection.ie
Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner
Art 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale SUNDERLAND, Deputy Commissioner
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail: garante@garanteprivacy.it
WebSite: https://www.garanteprivacy.it
Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei dati personali
Art 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate Director: Ms. Daiga Avdejanova
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-mail: info@dvi.gov.lv
WebSite: https://www.dvi.gov.lv
Art 29 WP Alternate Member: Ms. Aiga BALODE
Lithuania
State Data Protection
Žygimantų str. 11-6a 011042 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-mail: ada@ada.lt
WebSite: https://www.ada.lt
Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of Complaints Investigation and International Cooperation Division
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
Fax +352 2610 60 29
E-mail: info@cnpd.lu
WebSite: https://www.cnpd.lu
Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour la Protection des Données
Art 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
Malta
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr. Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549 Tel. +356 2328 7100
Fax +356 2328 7198
E-mail: commissioner.dataprotection@gov.mt
WebSite: https://idpc.org.mt
Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection Commissioner
Art 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme Implementation
Netherlands
Autoriteit Persoonsgegevens
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
Fax +31 70 888 8501
E-mail: info@autoriteitpersoonsgegevens.nl
WebSite: https://autoriteitpersoonsgegevens.nl/nl
Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens
Poland
The Bureau of the Inspector General for the Protection of Personal Data – GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
WebSite: https://www.giodo.gov.pl
Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection of Personal Data
Portugal
Comissão Nacional de Protecção de Dados - CNPD
R. de São. Bento, 148-3° 1200-821 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-mail: geral@cnpd.pt
WebSite: https://www.cnpd.pt
Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção de Dados
Art 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
Romania
The National Supervisory Authority for Personal Data Processing President: Mrs. Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
E-mail: anspdcp@dataprotection.ro
WebSite: https://www.dataprotection.ro
Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory Authority for Personal Data Processing
Art 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and Communication Department
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-mail: statny.dozor@pdp.gov.sk
WebSite: https://dataprotection.gov.sk
Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data Protection of the Slovak Republic
Art 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
Slovenia
Information Commissioner
Ms. Mojca Prelesnik Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-mail: gp.ip@ip-rs.si
WebSite: https://www.ip-rs.si
Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic of Slovenia
Spain
Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail: internacional@agpd.es
WebSite: https://www.agpd.es
Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data Protection Agency
Art 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
Sweden
Datainspektionen
Drottninggatan 29 5th Floor
Box 8114
20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-mail: datainspektionen@datainspektionen.se
WebSite: https://www.datainspektionen.se
Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data Inspection Board
Art 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
E-mail: international.team@ico.org.uk
WebSite: https://ico.org.uk
Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner
Art 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
EUROPEAN FREE TRADE AREA (EFTA)
Iceland
Icelandic Data Protection Agency
Rauðarárstíg 10
Reykjavík
Tel. +354 510 9600; Fax +354 510 9606
E-mail: postur@personuvernd.is
WebSite: https://www.personuvernd.is
Liechtenstein
Data Protection Office
Kirchstrasse 8, P.O. Box 684
9490 Vaduz
Principality of Liechtenstein Tel. +423 236 6090
E-mail: info.dss@llv.li
WebSite: https://www.datenschutzstelle.li
Norway
Datatilsynet
Data Protection Authority: Mr. Bjørn Erik THORN
The Data Inspectorate
P.O. Box 8177 Dep 0034 Oslo
Tel. +47 22 39 69 00; Fax +47 22 42 23 50
E-mail: postkasse@datatilsynet.no
WebSite: https://www.datatilsynet.no
Switzerland
Data Protection and Information Commissioner of Switzerland
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian Lobsiger
Feldeggweg 1
3003 Bern
Tel. +41 58 462 43 95; Fax +41 58 462 99 96
E-mail: contact20@edoeb.admin.ch
WebSite: https://www.edoeb.admin.ch
Effective date: 05.25.2018 / May 25th 2018
Last updated: 02.11.2022 / February 11th 2022
We at PlayForm ltd. are committed to processing personal data securely and respecting privacy of the concerned individuals.
| Version No. and date of the last update: | v. 1.0. February 11th 2022 |
| This policy shall be reviewed annually or each time when the changes in our data processing occur. | |
Scope. This Personal Data Protection Policy (the “Policy”) describes PlayForm ltd. internal rules for personal data processing and protection. The Policy applies to PlayForm ltd., including PlayForm ltd. employees and contractors (“we”, “us”, “our”, “PlayForm”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
Privacy Manager. Privacy Manager is an employee of PlayForm responsible for personal data protection compliance within PlayForm (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at PlayForm ltd. is Nikola Hristov Nikola@PlayForm.Cloud.
Definitions.
| Competent Supervisory Authority | means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. |
| Data Breach | means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. |
| Data Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. |
| Data Processor | means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. |
| Data Protection Laws | mean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). |
| Data Subject Request (DSR) | means any request from the Data Subject and concerning their personal data and/or data subject rights. |
| Data Subject | means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. |
| Personal Data | means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. |
| Processing | means any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Standard Contractual Clauses | means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). |
| Third Party | means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. |
| User | means a Data Subject who uses our services provided on PlayForm website. |
PlayForm’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that PlayForm’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
We must process the Personal Data in accordance with the following principles:
Lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency). We shall always have a legal ground for the processing (described in Section 3 of this Policy), collect the amount of data adequate to the purpose and legal grounds, and we make sure the Data Subjects are aware of the processing;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation). We must not process the Personal Data for the purposes not specified in our compliance documentation without obtaining specific approval of the Privacy Manager;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization). We always make sure the data we collect is not excessive and limited by the strict necessity;
Accurate and, where necessary, kept up to date (accuracy). We endeavor to delete inaccurate or false data about Data Subjects and make sure we update the data. Data Subjects can ask us for a correction of the Personal Data;
Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (storage period limitation). The storage periods must be limited as prescribed by Data Protection Laws and this Policy; and
Process in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (confidentiality, integrity, and availability).
Accountability.
We shall be able to demonstrate our compliance with Data Protection Laws (accountability principle). In particular, we must ensure and document all relevant procedures, efforts, internal and external consultations on personal data protection including:
the fact of appointing a person responsible for PlayForm’s data protection compliance;
where necessary, a record of a Data Processing Impact Assessment;
developed and implemented notices, policies, and procedures, such as Privacy Notice, this policy or Data Breach response procedure;
the fact of staff training on compliance with Data Protection laws; and
assessment, implementation, and testing organizational and technical data protection measures.
The Privacy Manager must maintain PlayForm’s Records of processing activities, which is an accountability document that describes personal data processing activities of PlayForm, prepared in accordance with Art. 30 of the GDPR (the “Records of processing activities”). The Records of processing activities must maintain, at least, the following information about each processing activity:
contact details of PlayForm, the EU Representative, and, where applicable, of the Data Protection Officer;
name of the activity, its purposes and legal basis along with, where applicable, the legitimate interests of PlayForm;
data subjects and personal data categories concerned;
data retention periods;
general description of applicable security measures;
recipients, including joint controllers, processors, and contractors involved, as well as the fact of the international data transfer with the safeguards applied to the transfer;
where applicable, a reference to the Data Processing Impact Assessment;
where applicable, a reference to the record of the data breach occurred involving the personal data;
if PlayForm acts as a data processor, the information to be provided includes the names and contact details of controllers, name and contact details of controller’s representative (if applicable), categories of processing (activities), names of third countries or international organizations that personal data are transferred to (if applicable), safeguards for exceptional transfers of personal data to third countries or international organizations (if applicable), and general description of technical and organizational security measures.
Legal grounds.
Each processing activity must have one of the lawful grounds specified in this Section to process the Personal Data. If we do not have any of the described, we cannot collect or further process the Personal Data.
If PlayForm is intended to use personal data for other purposes than those specified in the Records of processing activities, the Privacy Manager must evaluate, determine, and, if necessary, collect/record the appropriate legal basis for it.
Performance of the contract. Where PlayForm has a contract with the Data Subject, e.g., website’s Terms of Use or the employment contract, and the contract requires the provision of personal data from the Data Subject, the applicable legal ground will be the performance of the contract.
Consent. To process the personal data based on the consent, we must obtain the consent before the Processing and keep the evidence of the consent with the records of Data Subject’s Personal Data. The Privacy Manager must make sure that the consent collected from Data Subjects meet the requirements of Data Protection Laws and this Policy. In particular, the Privacy Manager must make sure that:
the Data Subject must be free to give or refuse to give consent.
the consent is in the form of an active indication from the Data Subject, i.e., the consent checkbox must not be pre-ticked for the user.
the request for the consent clearly articulates the purposes of the processing, and other information specified in Subsection 6.2 is available to the Data Subject.
the Data Subject must be free to give one’s consent or to revoke it.
Legitimate interests. We have the right to use personal data in our ‘legitimate interests’. The interests can include the purposes that are justified by the nature of our business activities, such as the marketing analysis of personal data. For PlayForm to use legitimate interests as a legal ground for the processing, the Privacy Manager must make sure that:
the legitimate interest in the processing is clearly defined and recorded in the Records of processing activities;
any envisaged risks to Data Subject rights and interests are spotted. The examples of the risks can be found in Subsection 7.2.;
the Data Subjects have reasonable expectations about the processing, and additional protective measures to address the risks are taken;
subject to the conditions of Subsection 6.7 (Right to object against the processing), the Data Subject is provided with the opportunity to opt-out from the processing for the described legitimate interests.
If at least one of the above conditions is not met by PlayForm, the Privacy Manager must choose and propose a different legal ground for the processing, such as consent.
Legal Compliance and Public Interest. Besides the grounds specified afore, we might be requested by the laws of the European Union or laws of the EU Member State to process Personal Data of our Users. For example, we can be required to collect, analyze, and monitor the information of Users to comply with financial or labor laws.
Whenever we have such an obligation, we must make sure that:
we process personal data strictly in accordance with relevant legal requirements;
we do not use or store the collected Personal Data for other purposes than legal compliance; and
the Data Subjects are properly and timely informed about our obligations, scope, and conditions of personal data processing.
Important: Where PlayForm has the law requirements of another country to process personal data, the Privacy Manager must propose using another legal ground for the processing under Data Protection Laws, such as legitimate interests or consent.
Access to Personal Data.
The employees must have access to the personal data on a “need-to-know” basis. The data can be accessed only if it is strictly necessary to perform one of the activities specified in the Records of processing activities. The employees and contractors shall have access to the Personal Data only if they have the necessary credentials for it.
Heads of the departments within PlayForm are responsible for their employees’ access and processing of personal data. The heads must maintain the list of employees that are entitled to access and process personal data. The Privacy Manager shall have the right to review the list and, where necessary, request the amendments to meet the requirements of this Policy.
Heads of the departments within PlayForm must ensure that the employees under their supervision are aware of the Data Protection Laws and comply with the rules set in this Policy. To make sure our employees are able to comply with the data protection requirements, we must provide them with adequate data protection training.
All employees accessing personal data shall keep strict confidentiality regarding the data they access. The employees that access personal data must use only those means (software, premises, etc.) for the processing that were prescribed by PlayForm. The data must not be disclosed or otherwise made available out of the management instructions.
The employees within their competence must assist PlayForm’s representatives, including the Privacy Manager, in any efforts regarding compliance with Data Protection Laws and/or this Policy.
When an employee detects or believes there is suspicious activity, data breach, non-compliance with Data Protection Laws and/or this Policy, or a DSR was not routed to the competent department within PlayForm, the employee must report such activity to the Privacy Manager.
Employees that are unsure about whether they can legitimately process or disclose Personal Data must seek advice from the Privacy Manager before taking any action.
Any occasional access to personal data for activities not specified in the Records of processing activities is prohibited. If there is a strict necessity for immediate access, the Privacy Manager must approve the access first.
Before sharing personal data with any person outside of PlayForm, the Privacy Manager must ensure that this Third Party has an adequate data protection level and provide sufficient data protection guarantees in accordance with Data Protection Laws, including, but not limited to the processorship requirements (Art. 28 of the GDPR) and international transfers compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager must make sure that PlayForm enters into the appropriate data protection contract with the third party.
An employee can share personal data with third parties only if and to the extent that was directly prescribed by the manager and specified in the Records of processing activities.
If we are required to delete, change, or stop the processing of the Personal Data, we must ensure that the Third Parties, with whom we shared the Personal Data, will fulfill these obligations accordingly.
Whenever PlayForm is engaged as a data processor on behalf of another entity, the Privacy Manager must make sure PlayForm complies with the processorship obligation. In particular, the appropriate data processing agreement in accordance with the Data Protection Laws must be in place. The Privacy Manager must supervise the compliance with data processing instructions from the controller, including regarding the scope of processing activities, involvement of sub-processors, international transfers, storage, and further disposal of processed personal data. The personal data processed under the processor role must not be processed for any other purposes than specified in the relevant instructions, agreement or other legal act regulating the relationships with the controller.
If we have the employees, contractors, corporate affiliates, or Data Processors outside of the EEA, and we transfer Personal Data to them for the processing, the Privacy Manager must make sure PlayForm takes all necessary and appropriate safeguards in accordance with Data Protection Laws.
The Privacy Manager must assess the safeguards available and propose to the PlayForm’s management the appropriate safeguard for each international transfer. The following regimes apply to the transfers of Personal Data outside of the EU:
where the European Commission decides that the country has an adequate level of personal data protection, the transfer does not require taking additional safeguards. The full list of adequate jurisdictions can be found on the relevant page of the European Commission’s website1.
to transfer Personal Data to our contractors or partners (Data Processors or Controllers) in other third countries, we must conclude Standard Contractual Clauses with that party. The draft version along with the guidance can be found on the relevant page of the European Commission’s website2;
if we have a corporate affiliate or an entity in other countries, we may choose to adopt Binding Corporate Rules in accordance with Article 47 of the GDPR or an approved code of conduct pursuant to Article 40 of the GDPR;
we also can transfer Personal Data to entities that have an approved certification in accordance with Article 42 of the GDPR, which certifies an appropriate level of company’s data protection.
As a part of the information obligations, PlayForm must inform the Data Subjects that their Personal Data is being transferred to other countries, as well as provide them with the information about the safeguards used for the transfer. The information obligation is to be performed in accordance with Subsection 6.2.
In the exceptional cases (the “Derogation”), where we cannot apply the safeguards mentioned afore and we need to transfer Personal Data, we must take an explicit consent (active statement) from the Data Subject or it must be strictly necessary for the performance of the contract between us and the Data Subject, or other derogation conditions apply in accordance with the Data Protection Laws. The Privacy Manager must pre-approve any Derogation transfers and document the approved Derogations, as well as the rationale for them.
Our Responsibilities.
Privacy Manager is ultimately responsible for handing all DSR received by PlayForm. In the case of receiving any outstanding or unusual DSR, the employee must seek advice from the Privacy Manager before taking any action.
DSR Team within PlayForm is responsible for handling DSRs from PlayForm Users on a daily basis. The Human Resources department is responsible for handling the DSR from PlayForm employees.
All DSRs from the Users must be addressed at and answered from the following e-mail address: dsr@playform.cloud. DSR from the employees can be addressed directly to the HR manager or at dsr@playform.cloud.
The responsible employee must answer to the DSR within one (1) month from receiving the request. If complying with the DSR takes more than one month in time, the responsible employee must seek advice from the Privacy Manager and, where necessary, inform the Data Subject about the prolongation of the response term for up to two (2) additional months.
The responsible employee must analyze the received DSR for the following criteria:
Data Subject identification. Before considering the DSR content, the responsible employee must make sure the Data Subject is the same person he/she claims to be. For this purpose, the connection between the personal data records and the data subject must be established.
Personal data. The responsible employee must check whether PlayForm has access to the personal data requested. If PlayForm does not have the personal data under the control, the responsible employee must inform the Data Subject, and, if possible, instruct on the further steps on how to access the data in question;
Content of the request. Depending on the content of the DSR, the responsible employee must define the type of the request and check whether it meets the conditions prescribed by this Policy and Data Protection Laws. The types of requests and the respective conditions for each of them can be consulted in Subsections 6.3-6.9. If the request does not meet the described criteria, the responsible employee must refuse to comply with the DSR and inform the Data Subject about the reasons for refusing;
Free of charge. Generally, all requests of Data Subjects and exercises of their rights are free of charge. If the responsible employee finds that the Data Subject exercises the rights in an excessive or unfound way (e.g., intended to harm or interrupt PlayForm’s business activities), the employee must seek the advice from the Privacy Manager, and, upon receiving of the latter, may either charge the Data Subject a reasonable fee or refuse to comply with the request;
Documenting. Whenever PlayForm receives the DSR, the Privacy Manager must make sure that the data and time, Data Subject, type of the request and the decision made regarding it are well documented. In the case of refusing to comply with the request, the reasons for refusing must be documented as well;
Recipients. When addressing the DSR, the Privacy Manager must make sure that all concerned recipients were informed the necessary actions were taken.
The right to be informed.
PlayForm must notify each Data Subject about the collection and further processing of the Personal Data.
The information to be provided includes: the name and contact details of PlayForm; generic purposes of and the lawful basis for the data collection and further processing; categories of Personal Data collected; recipients/categories of recipients; retention periods; information about data subject rights, including the right to complain to the competent Supervisory Authority; the consequences of the cases where the data is necessary for the contract performance and the Data Subject does not provide the required data; details of the safeguards where personal data is transferred outside the EEA; and any third-party source of the personal data, without specification for the particular case (except if we receive the direct request from the Data Subject).
The Users must be informed by the Privacy Policy accessible at PlayForm’s website and provided during the user registration. The employees and contractors must be informed by a standalone employee privacy statement, which explains the details described in p. 6.2.2 in a case-based manner, describing the particular purposes and activities.
PlayForm must inform Data Subjects about data processing, including any new processing activity introduced at PlayForm within the following term:
if personal data is collected from the data subject directly, the data subject must be informed at the time we collect Personal Data from the Data Subjects by showing the Data Subject our privacy statement;
if the personal data is collected from other sources: (a) within one month from collecting it; (b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or (c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
upon the request of the Data Subject; and
within one (1) month after any change of our personal data practices, change of the controller of Personal Data or after significant changes in our privacy statements.
The right to access the information.
The Data Subject must be provided only with those personal data records specified in the request. If the Data Subject requests access to all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all personal data of the Data Subject is mapped and provided.
A Data Subject has the right to:
learn if we process the Data Subject’s Personal Data;
obtain disclosure regarding aspects of the processing, including detailed and case-specific information on purposes, categories of Personal Data, recipients/categories of recipients, retention periods, information about one’s rights, details of the relevant safeguards where personal data is transferred outside the EEA, and any third-party source of the personal data; and
obtain a copy of the Personal Data undergoing processing upon the request.
The right to verify the Data Subject’s information and seek its rectification. The information we collect can be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of birth, info on debts, economic activities). If we reveal that the Personal Data is inaccurate or the Data Subject requests us to do so, we must ensure that we correct all mistakes and update the relevant information.
The right to restrict processing.
The restriction of processing allows Data Subjects to temporarily stop the use of their information to prevent the possible harm caused by such use.
This right applies when the Data Subject:
contests the accuracy of the Personal Data;
believes that we process the Personal Data unlawfully; and
objects against the processing and wants us not to process Personal Data while we are considering the request.
In the case of receiving the restriction request, we must not process Personal Data in question for any other purpose than storing it or for legal compliance purposes until the circumstances of restriction cease to exist.
The right to withdraw the consent. For the activities that require consent, the Data Subject can revoke their consent at any time. If the Data Subject revokes the consent, we must record the changes and must not process the Personal Data for consent-based purposes. The withdrawal of consent does not affect the lawfulness of the processing done before the withdrawal.
The right to object against the processing.
If we process the information in our legitimate interests, e.g., for direct marketing emails or for our marketing research purposes, the Data Subject can object against the processing.
In the case of receiving the objection request case, we must consider Data Subject’s request and, where we do not have compelling interests, stop the processing for the specified purposes. If the personal data is still to be processed for other purposes, the Privacy Manager must make sure that the database has a record that the data cannot be further processed for the objected activities.
The objection request can be refused only if the personal data in question is used for scientific/historical research or statistical purposes and was appropriately protected, i.e., by anonymization or pseudonymization techniques.
Right to erasure/to be forgotten.
The Data Subjects have the right to request us to erase their Personal Data if one of the following conditions are met:
Personal Data is no longer necessary for the purposes of collection. For example, a user has provided personal data for a one-time activity, such as data validation or participation in a contest, and the purpose is already fulfilled;
the Data Subject revokes one’s consent or objects to the processing (where applicable) and there is no other legal ground for the processing; or
we process the Personal Data unlawfully or its erasure is required by the applicable legislation of the European Union or one of the Member countries of the European Union.
Conditions, under which we have the right to refuse the erasure:
Personal Data is processed for scientific/historical research or statistical purposes and is appropriately protected, i.e., pseudonymized or anonymized;
Personal Data is still necessary for legal compliance (e.g., financial or labor laws compliance).
Only those personal data records must be deleted that were specified in the request. If the Data Subject requests the deletion of all personal data concerning her or him, the employee must seek advice from the Privacy Manager first, to make sure all the data about the Data Subject is mapped and can be deleted.
If the User still has an account with us and requests the erasure of information necessary for maintaining the account, we must inform the User that the erasure will affect user experience or can lead to the closure of the account.
Data portability.
Data Subjects can ask us to transfer all the Personal Data and/or its part in a machine-readable format to a third party. This right applies in two cases:
personal data was collected for the purpose of provision of our services (performance of the contract); or
collected based on consent.
To determine whether one of the p.6.9.1 conditions are met, the employee must seek advice from the Privacy Manager and check the applicable legal basis in the Records of processing activities. If the answer is negative, the request can be refused by PlayForm, and the Privacy Manager must decide whether to comply with the request on a voluntary basis.
To comply with the request, the responsible employee must consolidate requested Personal Data and send the data in the format we are usually working with to the requested organization. The Data Subject must provide the necessary contact details of the organization.
Notification to Privacy Manager.
Before introducing any new activity that involves the processing of personal data, an employee responsible for its implementation must inform the Privacy Manager.
Upon receiving information about a new activity, Privacy Manager must:
determine whether the data processing impact assessment (DPIA) and/or the consultation with the Supervisory Authority is necessary. If the answer is positive, the Privacy Manager must make sure the DPIA is conducted and/or the Supervisory Authority is consulted in accordance with the requirements of this Section and Data Protection Laws;
determine the legal basis for the processing and, where necessary, take further action for its fixation;
make sure the processing activity is done in accordance with this Policy, other PlayForm’s policies, as well as the Data Protection Laws;
add the processing activity to the Records of processing activities;
amend the privacy information statements and, where necessary, inform the concerned Data Subject accordingly.
Data Processing Impact Assessment.
To make sure that our current or prospective processing activities do not/will not violate the Data Subjects’ rights, PlayForm must, where required by Data Protection Laws, conduct the Data Processing Impact Assessment (DPIA), a risk-based assessment of the processing and search for the measures to mitigate the risks. The Privacy Manager must make sure the DPIA is conducted in accordance with this Section.
The Privacy Manager, where necessary, involving the competent employees and/or external advisors, must conduct a DPIA if at least one of the following conditions are met:
the processing involves the use of new technologies, such as the Artificial Intelligence, use of connected and autonomous devices, etc. that creates certain legal, economic or similar effects to the Data Subject;
we systematically assess and evaluate personal aspects of the Data Subjects based on automated profiling, assigning the personal score/rate, and create legal or similar effects for the Data Subject by this activity;
we process on a large-scale sensitive data, which includes Personal Data relating to criminal convictions and offences, the data about vulnerable data subjects, the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
we collect or process Personal Data from a publicly accessible area or public sources on a large scale, or combine or match two different data sets; and
the Supervisory Authority in its public list requires conducting a DPIA for a certain type of activity we are involved in. The list of processing activities requiring conducting DPIA can be found on the website of each Supervisory Authority.
The assessment shall contain at least the following details:
a systematic description of the processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by us. The description must include the envisaged data categories and data subjects concerned, the scale of processing activities, such as its frequency, volume, envisaged number of records, etc.; recipients of the data, retention periods and, where applicable, international transfers;
an assessment of the necessity and proportionality of the processing operations in relation to the purposes. The DPIA must explain whether the activity is necessary for the purpose and whether the purpose can be achieved by less intrusive methods;
an assessment of the risks to the rights and freedoms of data subjects, including the rights of Data Subjects regarding their Personal Data.
The examples of risks are the processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects; and
the measures to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation.
Where the DPIA did not provide how to effectively address the risks, the Privacy Manager must initiate the consultation with the competent Supervisory Authority to receive help with searching for the solution. In this case, PlayForm must not conduct the activity before the Supervisory Authority approves the processing activity in question.
General Rule.
The Privacy Manager must make sure that PlayForm clearly defined the data storage periods and/or criteria for determining the storage periods for each processing activity it has. The periods for each processing activity must be specified in the Records of processing activities.
Each department within PlayForm must comply with the data storage periods in accordance with the retention schedule provided in Records of processing activities. The Privacy Manager must supervise each department and make sure they comply with this requirement.
After the storage period ends, the personal data must be removed from the disposal of the department responsible for the processing or, in cases where the data is not needed for any other purposes, destroyed completely, including from back-up copies and other media.
Whenever the storage period for a processing activity has ended, but the personal data processed is necessary for other processing purposes, the department manager must make sure that the personal data is not used for the ceased processing activity, and the responsible employees do not have the access to it unless required for any other activity.
Exemptions. The rules specified in Subsection 8.1 have the following exceptions:
Business needs. Data retention periods can be prolonged, but no longer than 60 days, in the case that the data deletion will interrupt or harm our ongoing business. The Privacy Manager must approve any unforeseen prolongation;
Technical impossibility. Some information is technically impossible or disproportionally difficult to delete. For example, deletion of the information may lead to breach of system integrity, or it is impossible to delete the information from the backup copies. In such a case, the information can be further stored, subject to the approval by the Privacy Manager and making respective amendments to the Records of processing activities; and
Anonymization. The Personal Data can be further processed for any purposes (e.g., marketing) if we fully anonymize these data after the retention period is expired. This means that all personal identifiers and connections to them will be deleted from the data. To consider Personal Data anonymous, it must be impossible to reidentify the Data Subject from the data set.
Each department within PlayForm shall take all appropriate technical and organizational measures that protect against unauthorized, unlawful, and/or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of unauthorized persons regarding the personal data under their responsibility.
The employee responsible for the supervision after the security of personal data within PlayForm shall be DSR Officer. This person implements the guidelines and other specifications on data protection and information security in his area of responsibility. He/she advises PlayForm management on the planning and implementation of information security in PlayForm, and must be involved in all projects at an early stage in order to take security-related aspects into account as early as the planning phase.
Response Team.
In case of revealing the Data Breach, CEO of PlayForm shall urgently form the Data Breach Response Team (the “Response Team”), which will handle the Data Breach, notify the appropriate persons, and mitigate its risks.
The Response Team must be а multi-disciplinary group headed by CEO of PlayForm and comprised of the Privacy Manager, privacy laws specialist (whether internal or external), and knowledgeable and skilled information security specialists within PlayForm or outsourcing professionals, if necessary. The team must ensure that all employees and engaged contractors/processors adhere to this Policy and provide an immediate, effective, and skillful response to any suspected/alleged or actual Data Breach affecting PlayForm.
The potential members of the Response Team must be prepared to respond to а Data Breach. The Response Team shall perform all the responsibilities of PlayForm mentioned in this Policy. The duties of the Response Team are:
to communicate the Data Breach to the competent Supervisory Authority(-ies);
in case of high risk to the rights and freedoms of Data Subjects, to communicate the Data Breach to the Data Subject;
if PlayForm obtain data from any third party as a processor, and a Data Breach involves obtained data, to inform the third parties about the Data Breach;
to communicate PlayForm’s contractors or any other third parties that process the Personal Data involved in the Data Breach; and
to take all appropriate technical and organizational measures to cease the Data Breach and mitigate its consequences;
to record the fact of the Data Breach in the Records of processing activities and file an internal data breach report that describes the event.
The Response Team shall perform its duties until all the necessary measures required by this Policy are taken.
Notification to Supervisory Authority.
PlayForm shall inform the Competent Supervisory Authority about the Data Breach without undue delay and, where it is possible, not later than 72 hours after having become aware of the Data Breach.
The Competent Supervisory Authority shall be determined by the residence of the Data Subjects, whose information was involved in the Data Breach. If the Data Breach concerns the Personal Data of Data Subjects from more than one country, PlayForm shall inform all Competent Supervisory Authorities.
To address the notification to the authority, the Response Team should use Annex 1 to this Policy. Annex 1 contains all the necessary contact information of the EU supervisory authorities. If the Data Breach concerns Data Subjects from other than the EU countries, the Response Team shall ask a competent privacy specialist for advice.
The notification to the Competent Supervisory Authority shall contain, at least, following information:
the nature of the Data Breach including where possible, the categories and an approximate number of Data Subjects and Personal Data records concerned;
the name and contact details of the Response Team, Privacy Manager or, if not applicable, of the CEO;
the likely consequences of the Data Breach. Explain PlayForm’s point of view on the purposes and possible further risks of the Data Breach. E.g., the Personal Data may be stolen for the further sale, fraud activities or blackmailing the concerned Data Subjects; and
the measures taken or proposed to be taken by PlayForm to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
To file a notification, the Response Team should use PlayForm’s Data Breach Notification Form to the Supervisory Authority.
Notifications to Data Subjects.
When the Data Breach is likely to result in a high risk to the rights and freedoms of Data Subjects (e.g., stealing of funds, assets, proprietary information), we must also communicate the Data Breach to the concerned Data Subjects without undue delay. The Privacy Manager must determine if there is a high risk based on the risk factors specified in Subsection 7.2.3 of this Policy.
The notification shall contain the following information:
description of the Data Breach - what happened and what led to the Data Breach, such as a security breach, employee’s negligence, error in the system work. If the Response Team decided not to disclose the causes of the Data Breach, then this clause must not be mentioned;
the measures taken by PlayForm regarding the Data Breach, including security measures, internal investigations, and supervisory authority notice;
recommendations for the concerned Data Subjects how to mitigate risks and possible consequences, such as guidelines on how to restore access to an account, preventing measures (change of a password); and
the contact information of the Response Team or one of its members.
The notification to the Data Subjects should be carried out by the email letter or, where it is impossible to use the email, by other available means of communication.
Exemptions. We do not have to send the notification to the Data Subjects if any of the following conditions are met:
PlayForm has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, in particular, those that leave the Personal Data inaccessible to any person who is not authorized to access it, such as encryption;
PlayForm has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects referred to in this section is no longer likely to materialize; or
it would involve a disproportionate effort to communicate with every concerned Data Subject. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
In the case we apply one of the exemptions, we must document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
Communication with Third Parties.
In the case a Data Breach concerns the Personal Data shared with us or processed by us on behalf of a Third Party, we must also notify the Third Party about it within 24 hours. If we process the Personal Data as a Data Processor, the notification of the Third Party does not exempt us from the duty to mitigate the Data Breach consequences, but we must not inform the Competent Supervisory Authority and Data Subjects.
In case of receiving the notification about the Data Breach from the Data Processor or other Third Parties that have access to the Personal Data, CEO of PlayForm shall, in accordance with this Section:
form the Response Team;
request the Third Party to send the information mentioned in Subsections 10.2-3 of this Policy;
where necessary, inform the Competent Supervisory Authority(-ies) and Data Subjects; and
perform other steps of the Data Breach response procedure.
List of Persons Briefed on Personal Data Protection Policy
Full Name | Status | Date |
| Nikola Hristov | Briefed | 05.25.2018 |
European National Data Protection Authorities
Austria
Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Wien
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
E-mail: dsb@dsb.gv.at
WebSite: https://www.dsb.gv.at
Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische Datenschutzbehörde
Belgium
Commission de la protection de la vie privée
Commissie voor de bescherming van de persoonlijke levenssfeer
Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
E-mail: commission@privacycommission.be
WebSite: https://www.privacycommission.be
Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy commission
Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
Tel. +359 2 915 3580
Fax +359 2 915 3525
E-mail: kzld@cpdp.bg
WebSite: https://www.cpdp.bg
Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for Personal Data Protection
Art 29 WP Alternate Member: Ms. Mariya MATEVA
Croatia
Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-mail: azop@azop.hr or info@azop.hr
WebSite: https://www.azop.hr
Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection Agency
Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
WebSite: https://www.dataprotection.gov.cy
Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU
Art 29 WP Alternate Member: Mr. Constantinos GEORGIADES
Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail: posta@uoou.cz
WebSite: https://www.uoou.cz
Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data Protection
Art 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the Office
Denmark
Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-mail: dt@datatilsynet.dk
WebSite: https://www.datatilsynet.dk
Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection Agency (Datatilsynet)
Art 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International Division at the Danish Data Protection Agency (Datatilsynet)
Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Väike-Ameerika 19
10129 Tallinn
Tel. +372 6274 135
Fax +372 6274 137
E-mail: info@aki.ee
WebSite: https://www.aki.ee/en
Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Maarja Kirss
Finland
Office of the Data Protection Ombudsman
P.O. Box 315
FIN-00181 Helsinki Tel. +358 10 3666 700
Fax +358 10 3666 735
E-mail: tietosuoja@om.fi
WebSite: https://www.tietosuoja.fi/en
Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection Authority
Art 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
France
Commission Nationale de l’Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
WebSite: https://www.cnil.fr
Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL
Art 29 WP Alternate Member: Ms. Florence RAYNAL
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail: poststelle@bfdi.bund.de
WebSite: https://www.bfdi.bund.de
The competence for complaints is split among different data protection supervisory authorities in Germany.
Competent authorities can be identified according to the list provided under
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of Information
Art 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the federal states
Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523 Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-mail: contact@dpa.gr
WebSite: https://www.dpa.gr
Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA
Art 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
Hungary
National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C H-1125 Budapest
Tel. +36 1 3911 400
E-mail: peterfalvi.attila@naih.hu
WebSite: https://www.naih.hu
Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for Data Protection and Freedom of Information
Art 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National Authority for Data Protection and Freedom of Information
Ireland
Data Protection Commissioner
Canal House Station Road Portarlington Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
E-mail: info@dataprotection.ie
WebSite: https://www.dataprotection.ie
Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner
Art 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale SUNDERLAND, Deputy Commissioner
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail: garante@garanteprivacy.it
WebSite: https://www.garanteprivacy.it
Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei dati personali
Art 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per la protezione dei dati personali
Latvia
Data State Inspectorate Director: Ms. Daiga Avdejanova
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-mail: info@dvi.gov.lv
WebSite: https://www.dvi.gov.lv
Art 29 WP Alternate Member: Ms. Aiga BALODE
Lithuania
State Data Protection
Žygimantų str. 11-6a 011042 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-mail: ada@ada.lt
WebSite: https://www.ada.lt
Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data Protection Inspectorate
Art 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of Complaints Investigation and International Cooperation Division
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
Fax +352 2610 60 29
E-mail: info@cnpd.lu
WebSite: https://www.cnpd.lu
Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour la Protection des Données
Art 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
Malta
Office of the Data Protection Commissioner
Data Protection Commissioner: Mr. Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549 Tel. +356 2328 7100
Fax +356 2328 7198
E-mail: commissioner.dataprotection@gov.mt
WebSite: https://idpc.org.mt
Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection Commissioner
Art 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme Implementation
Netherlands
Autoriteit Persoonsgegevens
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
Fax +31 70 888 8501
E-mail: info@autoriteitpersoonsgegevens.nl
WebSite: https://autoriteitpersoonsgegevens.nl/nl
Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens
Poland
The Bureau of the Inspector General for the Protection of Personal Data – GIODO
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
WebSite: https://www.giodo.gov.pl
Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection of Personal Data
Portugal
Comissão Nacional de Protecção de Dados - CNPD
R. de São. Bento, 148-3° 1200-821 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-mail: geral@cnpd.pt
WebSite: https://www.cnpd.pt
Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção de Dados
Art 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
Romania
The National Supervisory Authority for Personal Data Processing President: Mrs. Ancuţa Gianina Opre
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 21 252 5599
Fax +40 21 252 5757
E-mail: anspdcp@dataprotection.ro
WebSite: https://www.dataprotection.ro
Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory Authority for Personal Data Processing
Art 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and Communication Department
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-mail: statny.dozor@pdp.gov.sk
WebSite: https://dataprotection.gov.sk
Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data Protection of the Slovak Republic
Art 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
Slovenia
Information Commissioner
Ms. Mojca Prelesnik Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-mail: gp.ip@ip-rs.si
WebSite: https://www.ip-rs.si
Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic of Slovenia
Spain
Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail: internacional@agpd.es
WebSite: https://www.agpd.es
Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data Protection Agency
Art 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
Sweden
Datainspektionen
Drottninggatan 29 5th Floor
Box 8114
20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-mail: datainspektionen@datainspektionen.se
WebSite: https://www.datainspektionen.se
Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data Inspection Board
Art 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
E-mail: international.team@ico.org.uk
WebSite: https://ico.org.uk
Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner
Art 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
EUROPEAN FREE TRADE AREA (EFTA)
Iceland
Icelandic Data Protection Agency
Rauðarárstíg 10
Reykjavík
Tel. +354 510 9600; Fax +354 510 9606
E-mail: postur@personuvernd.is
WebSite: https://www.personuvernd.is
Liechtenstein
Data Protection Office
Kirchstrasse 8, P.O. Box 684
9490 Vaduz
Principality of Liechtenstein Tel. +423 236 6090
E-mail: info.dss@llv.li
WebSite: https://www.datenschutzstelle.li
Norway
Datatilsynet
Data Protection Authority: Mr. Bjørn Erik THORN
The Data Inspectorate
P.O. Box 8177 Dep 0034 Oslo
Tel. +47 22 39 69 00; Fax +47 22 42 23 50
E-mail: postkasse@datatilsynet.no
WebSite: https://www.datatilsynet.no
Switzerland
Data Protection and Information Commissioner of Switzerland
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian Lobsiger
Feldeggweg 1
3003 Bern
Tel. +41 58 462 43 95; Fax +41 58 462 99 96
E-mail: contact20@edoeb.admin.ch
WebSite: https://www.edoeb.admin.ch
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd..
PlayForm ltd. (“us”, “we”, or “our”) operates https://playform.cloud and PlayForm mobile application (hereinafter referred to as “Service”).
Our Privacy Policy governs your visit to https://playform.cloud and PlayForm mobile application, and explains how we collect, safeguard and disclose information that results from your use of our Service.
We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).
SERVICE means the https://playform.cloud website and PlayForm mobile application operated by PlayForm ltd.
PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
We collect several different types of information for various purposes to provide and improve our Service to you.
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
a. Email address
b. First name and last name
c. Phone number
d. Address, State, Province, ZIP/Postal code, City
e. Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at support@playform.cloud.
Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Tracking Data
We use tracking technologies to track the activity on our Service and we hold certain information.
Tracking technologies are used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
PlayForm’s websites and online services may use “cookies.” Cookies enable you to use shopping carts and to personalize your experience on our sites, tell us which parts of our websites people have visited, help us measure the effectiveness of ads and web searches, and give us insights into user behavior so we can improve our communications and products.
PlayForm ltd. Uses the collected data for various purposes:
a. to provide and maintain our Service;
b. to notify you about changes to our Service;
c. to allow you to participate in interactive features of our Service when you choose to do so;
d. to provide customer support;
e. to gather analysis or valuable information so that we can improve our Service;
f. to monitor the usage of our Service;
g. to detect, prevent and address technical issues;
h. to fulfill any other purpose for which you provide it;
i. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
j. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
k. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
l. in any other way we may describe when you provide the information;
m. for any other purpose with your consent.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
PlayForm ltd. Will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
We may disclose personal information that we collect, or you provide:
a. Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
b. Business Transaction.
If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
c. Other cases. We may disclose your information also:
i. to our subsidiaries and affiliates;
ii. to fulfill the purpose for which you provide it;
iii. for the purpose of including your company’s logo on our website;
iv. for any other purpose disclosed by us when you provide the information;
v. with your consent in any other cases;
vi. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data, we hold about you and if you want it to be removed from our systems, please email us at support@playform.cloud.
In certain circumstances, you have the following data protection rights:
a. the right to access, update or to delete the information we have on you;
b. the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
c. the right to object. You have the right to object to our processing of your Personal Data;
d. the right of restriction. You have the right to request that we restrict the processing of your personal information;
e. the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
f. the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3
According to CalOPPA we agree to the following:
a. users can visit our site anonymously;
b. our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;
c. users will be notified of any privacy policy changes on our Privacy Policy Page;
d. users are able to change their personal information by emailing us at support@playform.cloud.
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
a. What personal information we have about you. If you make this request, we will return to you:
i. The categories of personal information we have collected about you.
ii. The categories of sources from which we collect your personal information.
iii. The business or commercial purpose for collecting or selling your personal information.
iv. The categories of third parties with whom we share personal information.
v. The specific pieces of personal information we have collected about you.
vi. A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
vii. A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
b. To delete your personal information. If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
c. To stop selling your personal information. If you submit a request to stop selling your personal information, we will stop selling it. If you are a California resident, to opt-out of the sale of your personal information, click “Do Not Sell My Personal Information” at the bottom of our home page to submit your request.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: support@playform.cloud
By phone number: +359876668093
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
PayPal or Braintree:
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Apple Store In-App Payments:
Their Privacy Policy can be viewed at: https://www.apple.com/legal/privacy/en-ww/ / https://support.apple.com/en-us/HT203027
Google Play In-App Payments:
Their Privacy Policy can be viewed at: https://policies.google.com/privacy?hl=en&gl=us / https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Stripe:
Their Privacy Policy can be viewed at: https://stripe.com/us/privacy
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).
We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, please contact us:
By email: support@playform.cloud.
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd..
PlayForm ltd. (“us”, “we”, or “our”) operates https://playform.cloud and PlayForm mobile application (hereinafter referred to as “Service”).
Our Privacy Policy governs your visit to https://playform.cloud and PlayForm mobile application, and explains how we collect, safeguard and disclose information that results from your use of our Service.
We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).
SERVICE means the https://playform.cloud website and PlayForm mobile application operated by PlayForm ltd.
PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
We collect several different types of information for various purposes to provide and improve our Service to you.
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
a. Email address
b. First name and last name
c. Phone number
d. Address, State, Province, ZIP/Postal code, City
e. Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at support@playform.cloud.
Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Tracking Data
We use tracking technologies to track the activity on our Service and we hold certain information.
Tracking technologies are used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
PlayForm’s websites and online services may use “cookies.” Cookies enable you to use shopping carts and to personalize your experience on our sites, tell us which parts of our websites people have visited, help us measure the effectiveness of ads and web searches, and give us insights into user behavior so we can improve our communications and products.
PlayForm ltd. Uses the collected data for various purposes:
a. to provide and maintain our Service;
b. to notify you about changes to our Service;
c. to allow you to participate in interactive features of our Service when you choose to do so;
d. to provide customer support;
e. to gather analysis or valuable information so that we can improve our Service;
f. to monitor the usage of our Service;
g. to detect, prevent and address technical issues;
h. to fulfill any other purpose for which you provide it;
i. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
j. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
k. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
l. in any other way we may describe when you provide the information;
m. for any other purpose with your consent.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
PlayForm ltd. Will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
We may disclose personal information that we collect, or you provide:
a. Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
b. Business Transaction.
If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
c. Other cases. We may disclose your information also:
i. to our subsidiaries and affiliates;
ii. to fulfill the purpose for which you provide it;
iii. for the purpose of including your company’s logo on our website;
iv. for any other purpose disclosed by us when you provide the information;
v. with your consent in any other cases;
vi. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data, we hold about you and if you want it to be removed from our systems, please email us at support@playform.cloud.
In certain circumstances, you have the following data protection rights:
a. the right to access, update or to delete the information we have on you;
b. the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
c. the right to object. You have the right to object to our processing of your Personal Data;
d. the right of restriction. You have the right to request that we restrict the processing of your personal information;
e. the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
f. the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3
According to CalOPPA we agree to the following:
a. users can visit our site anonymously;
b. our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;
c. users will be notified of any privacy policy changes on our Privacy Policy Page;
d. users are able to change their personal information by emailing us at support@playform.cloud.
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
a. What personal information we have about you. If you make this request, we will return to you:
i. The categories of personal information we have collected about you.
ii. The categories of sources from which we collect your personal information.
iii. The business or commercial purpose for collecting or selling your personal information.
iv. The categories of third parties with whom we share personal information.
v. The specific pieces of personal information we have collected about you.
vi. A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
vii. A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
b. To delete your personal information. If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
c. To stop selling your personal information. If you submit a request to stop selling your personal information, we will stop selling it. If you are a California resident, to opt-out of the sale of your personal information, click “Do Not Sell My Personal Information” at the bottom of our home page to submit your request.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: support@playform.cloud
By phone number: +359876668093
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
PayPal or Braintree:
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Apple Store In-App Payments:
Their Privacy Policy can be viewed at: https://www.apple.com/legal/privacy/en-ww/ / https://support.apple.com/en-us/HT203027
Google Play In-App Payments:
Their Privacy Policy can be viewed at: https://policies.google.com/privacy?hl=en&gl=us / https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Stripe:
Their Privacy Policy can be viewed at: https://stripe.com/us/privacy
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).
We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, please contact us:
By email: support@playform.cloud.
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd..
PlayForm ltd. (“us”, “we”, or “our”) operates https://playform.cloud and PlayForm mobile application (hereinafter referred to as “Service”).
Our Privacy Policy governs your visit to https://playform.cloud and PlayForm mobile application, and explains how we collect, safeguard and disclose information that results from your use of our Service.
We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).
SERVICE means the https://playform.cloud website and PlayForm mobile application operated by PlayForm ltd.
PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
We collect several different types of information for various purposes to provide and improve our Service to you.
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
a. Email address
b. First name and last name
c. Phone number
d. Address, State, Province, ZIP/Postal code, City
e. Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at support@playform.cloud.
Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Tracking Data
We use tracking technologies to track the activity on our Service and we hold certain information.
Tracking technologies are used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
PlayForm’s websites and online services may use “cookies.” Cookies enable you to use shopping carts and to personalize your experience on our sites, tell us which parts of our websites people have visited, help us measure the effectiveness of ads and web searches, and give us insights into user behavior so we can improve our communications and products.
PlayForm ltd. Uses the collected data for various purposes:
a. to provide and maintain our Service;
b. to notify you about changes to our Service;
c. to allow you to participate in interactive features of our Service when you choose to do so;
d. to provide customer support;
e. to gather analysis or valuable information so that we can improve our Service;
f. to monitor the usage of our Service;
g. to detect, prevent and address technical issues;
h. to fulfill any other purpose for which you provide it;
i. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
j. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
k. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
l. in any other way we may describe when you provide the information;
m. for any other purpose with your consent.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
PlayForm ltd. Will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
We may disclose personal information that we collect, or you provide:
a. Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
b. Business Transaction.
If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
c. Other cases. We may disclose your information also:
i. to our subsidiaries and affiliates;
ii. to fulfill the purpose for which you provide it;
iii. for the purpose of including your company’s logo on our website;
iv. for any other purpose disclosed by us when you provide the information;
v. with your consent in any other cases;
vi. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data, we hold about you and if you want it to be removed from our systems, please email us at support@playform.cloud.
In certain circumstances, you have the following data protection rights:
a. the right to access, update or to delete the information we have on you;
b. the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
c. the right to object. You have the right to object to our processing of your Personal Data;
d. the right of restriction. You have the right to request that we restrict the processing of your personal information;
e. the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
f. the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3
According to CalOPPA we agree to the following:
a. users can visit our site anonymously;
b. our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;
c. users will be notified of any privacy policy changes on our Privacy Policy Page;
d. users are able to change their personal information by emailing us at support@playform.cloud.
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
a. What personal information we have about you. If you make this request, we will return to you:
i. The categories of personal information we have collected about you.
ii. The categories of sources from which we collect your personal information.
iii. The business or commercial purpose for collecting or selling your personal information.
iv. The categories of third parties with whom we share personal information.
v. The specific pieces of personal information we have collected about you.
vi. A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
vii. A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
b. To delete your personal information. If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
c. To stop selling your personal information. If you submit a request to stop selling your personal information, we will stop selling it. If you are a California resident, to opt-out of the sale of your personal information, click “Do Not Sell My Personal Information” at the bottom of our home page to submit your request.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: support@playform.cloud
By phone number: +359876668093
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
PayPal or Braintree:
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Apple Store In-App Payments:
Their Privacy Policy can be viewed at: https://www.apple.com/legal/privacy/en-ww/ / https://support.apple.com/en-us/HT203027
Google Play In-App Payments:
Their Privacy Policy can be viewed at: https://policies.google.com/privacy?hl=en&gl=us / https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Stripe:
Their Privacy Policy can be viewed at: https://stripe.com/us/privacy
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).
We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, please contact us:
By email: support@playform.cloud.
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd..
PlayForm ltd. (“us”, “we”, or “our”) operates https://playform.cloud and PlayForm mobile application (hereinafter referred to as “Service”).
Our Privacy Policy governs your visit to https://playform.cloud and PlayForm mobile application, and explains how we collect, safeguard and disclose information that results from your use of our Service.
We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).
SERVICE means the https://playform.cloud website and PlayForm mobile application operated by PlayForm ltd.
PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
We collect several different types of information for various purposes to provide and improve our Service to you.
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
a. Email address
b. First name and last name
c. Phone number
d. Address, State, Province, ZIP/Postal code, City
e. Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at support@playform.cloud.
Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Tracking Data
We use tracking technologies to track the activity on our Service and we hold certain information.
Tracking technologies are used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
PlayForm’s websites and online services may use “cookies.” Cookies enable you to use shopping carts and to personalize your experience on our sites, tell us which parts of our websites people have visited, help us measure the effectiveness of ads and web searches, and give us insights into user behavior so we can improve our communications and products.
PlayForm ltd. Uses the collected data for various purposes:
a. to provide and maintain our Service;
b. to notify you about changes to our Service;
c. to allow you to participate in interactive features of our Service when you choose to do so;
d. to provide customer support;
e. to gather analysis or valuable information so that we can improve our Service;
f. to monitor the usage of our Service;
g. to detect, prevent and address technical issues;
h. to fulfill any other purpose for which you provide it;
i. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
j. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
k. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
l. in any other way we may describe when you provide the information;
m. for any other purpose with your consent.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
PlayForm ltd. Will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
We may disclose personal information that we collect, or you provide:
a. Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
b. Business Transaction.
If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
c. Other cases. We may disclose your information also:
i. to our subsidiaries and affiliates;
ii. to fulfill the purpose for which you provide it;
iii. for the purpose of including your company’s logo on our website;
iv. for any other purpose disclosed by us when you provide the information;
v. with your consent in any other cases;
vi. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data, we hold about you and if you want it to be removed from our systems, please email us at support@playform.cloud.
In certain circumstances, you have the following data protection rights:
a. the right to access, update or to delete the information we have on you;
b. the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
c. the right to object. You have the right to object to our processing of your Personal Data;
d. the right of restriction. You have the right to request that we restrict the processing of your personal information;
e. the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
f. the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3
According to CalOPPA we agree to the following:
a. users can visit our site anonymously;
b. our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;
c. users will be notified of any privacy policy changes on our Privacy Policy Page;
d. users are able to change their personal information by emailing us at support@playform.cloud.
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
a. What personal information we have about you. If you make this request, we will return to you:
i. The categories of personal information we have collected about you.
ii. The categories of sources from which we collect your personal information.
iii. The business or commercial purpose for collecting or selling your personal information.
iv. The categories of third parties with whom we share personal information.
v. The specific pieces of personal information we have collected about you.
vi. A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
vii. A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
b. To delete your personal information. If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
c. To stop selling your personal information. If you submit a request to stop selling your personal information, we will stop selling it. If you are a California resident, to opt-out of the sale of your personal information, click “Do Not Sell My Personal Information” at the bottom of our home page to submit your request.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: support@playform.cloud
By phone number: +359876668093
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
PayPal or Braintree:
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Apple Store In-App Payments:
Their Privacy Policy can be viewed at: https://www.apple.com/legal/privacy/en-ww/ / https://support.apple.com/en-us/HT203027
Google Play In-App Payments:
Their Privacy Policy can be viewed at: https://policies.google.com/privacy?hl=en&gl=us / https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Stripe:
Their Privacy Policy can be viewed at: https://stripe.com/us/privacy
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).
We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, please contact us:
By email: support@playform.cloud.
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd. (“Company”, “we”, “our”, “us”)! As you have just clicked our Terms of Service, please pause, grab a cup of coffee and carefully read the following pages. It will take you approximately 20 minutes.
These Terms of Service (“Terms”, “Terms of Service”) govern your use of our web pages located at https://playform.cloud and our mobile application PlayForm (together or individually “Service”) operated by PlayForm ltd.
Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages. Please read it here https://playform.cloud/Privacy-Policy.
Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements, and agree to be bound of them.
If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at support@playform.cloud so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service.
Thank you for being responsible.
By creating an Account on our Service, you agree to subscribe to newsletters, marketing or promotional materials and other information we may send. However, you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at.
If you wish to purchase any product or service made available through Service (“Purchase”), you may be asked to supply certain information relevant to your Purchase including, without limitation, your credit card number, the expiration date of your credit card, your billing address, and your shipping information.
You represent and warrant that:
a) you have the legal right to use any credit card(s) or other payment method(s) in connection with any Purchase; and that
b) the information you supply to us is true, correct and complete.
We may employ the use of third-party services for the purpose of facilitating payment and the completion of Purchases. By submitting your information, you grant us the right to provide the information to these third parties subject to our Privacy Policy.
We reserve the right to refuse or cancel your order at any time for reasons including but not limited to: product or service availability, errors in the description or price of the product or service, error in your order or other reasons.
We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected.
Any contests, sweepstakes or other promotions (collectively, “Promotions”) made available through Service may be governed by rules that are separate from these Terms of Service. If you participate in any Promotions, please review the applicable rules as well as our Privacy Policy. If the rules for a Promotion conflict with these Terms of Service, Promotion rules will apply.
Some parts of Service are billed on a subscription basis (“Subscription(s)”). You will be billed in advance on a recurring and periodic basis (“Billing Cycle”). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or PlayForm ltd. cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting PlayForm ltd. customer support team.
A valid payment method, including credit card or PayPal, is required to process the payment for your subscription. You shall provide PlayForm ltd. with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize PlayForm ltd. to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, PlayForm ltd. will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice.
PlayForm ltd. may, at its sole discretion, offer a Subscription with a free trial for a limited period of time (“Free Trial”).
You may be required to enter your billing information in order to sign up for Free Trial.
If you do enter your billing information when signing up for Free Trial, you will not be charged by PlayForm ltd. until Free Trial has expired. On the last day of Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, PlayForm ltd. reserves the right to
a) modify Terms of Service of Free Trial offer, or
b) cancel such Free Trial offer.
PlayForm ltd., in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
PlayForm ltd. will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective.
Your continued use of Service after Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
We issue refunds for Contracts within fourteen (14) days of the original purchase of the Contract.
Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material (“Content”). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness.
By posting Content on or through Service, You represent and warrant that:
a) Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and
b) that the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.
You retain any and all of your rights to any Content you submit, post or display on or through Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third-party posts on or through Service. However, by posting Content using Service you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right for us to make your Content available to other users of Service, who may also use your Content subject to these Terms.
PlayForm ltd. has the right but not the obligation to monitor and edit all Content provided by users.
In addition, Content found on or through this Service are the property of PlayForm ltd. or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service:
a. In any way that violates any applicable national or international law or regulation.
b. For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
c. To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail”, “chain letter,” “spam,” or any other similar solicitation.
d. To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
e. In any way that infringes upon the rights of others, or in any way is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
f. To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability.
Additionally, you agree not to:
a. Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party’s use of Service, including their ability to engage in real time activities through Service.
b. Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service.
c. Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent.
d. Use any device, software, or routine that interferes with the proper working of Service.
e. Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful.
f. Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service.
g. Attack Service via a denial-of-service attack or a distributed denial-of-service attack.
h. Take any action that may damage or falsify Company rating.
i. Otherwise attempt to interfere with the proper working of Service.
Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using any of Company, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not at least eighteen (18) years old, you are prohibited from both the access and usage of Service.
When you create an account with us, you guarantee that you are above the age of 18, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on Service.
You are responsible for maintaining the confidentiality of your account and password, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any name that is offensive, vulgar or obscene.
We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders in our sole discretion.
Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of PlayForm ltd. and its licensors. Service is protected by copyright, trademark, and other laws of the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of PlayForm ltd.
We respect the intellectual property rights of others. It is our policy to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.
If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to dmca@playform.cloud, with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims”
You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.
You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
a. an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest;
b. a description of the copyrighted work that you claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work;
c. identification of the URL or other specific location on Service where the material that you claim is infringing is located;
d. your address, telephone number, and email address;
e. a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
f. a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
You can contact our Copyright Agent via email at dmca@playform.cloud
You may provide us either directly at support@playform.cloud or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that:
a) you shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback;
b) Company may have development ideas similar to the Feedback;
c) Feedback does not contain confidential information or proprietary information from you or any third party; and
d) Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
Our Service may contain links to third party web sites or services that are not owned or controlled by PlayForm ltd.
PlayForm ltd. has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third-party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
YOU ACKNOWLEDGE AND AGREE THAT PlayForm ltd. SHALL NOT BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD-PARTY WEB SITES OR SERVICES.
WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY THIRD-PARTY WEB SITES OR SERVICES THAT YOU VISIT.
THESE SERVICES ARE PROVIDED BY COMPANY ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR CONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK.
NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING, NEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT THE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS HARMLESS FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES (INCLUDING ATTORNEYS’ FEES AND ALL RELATED COSTS AND EXPENSES OF LITIGATION AND ARBITRATION, OR AT TRIAL OR ON APPEAL, IF ANY, WHETHER OR NOT LITIGATION OR ARBITRATION IS INSTITUTED), WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY CLAIM FOR PERSONAL INJURY OR PROPERTY DAMAGE, ARISING FROM THIS AGREEMENT AND ANY VIOLATION BY YOU OF ANY FEDERAL, STATE, OR LOCAL LAWS, STATUTES, RULES, OR REGULATIONS, EVEN IF COMPANY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE PART OF COMPANY, IT WILL BE LIMITED TO THE AMOUNT PAID FOR THE PRODUCTS AND/OR SERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms.
If you wish to terminate your account, you may simply discontinue using Service.
All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
These Terms shall be governed and construed in accordance with the laws of Republic of Bulgaria without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service.
We reserve the right to withdraw or amend our Service, and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Service, or the entire Service, to users, including registered users.
We may amend Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically.
Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently so you are aware of any changes, as they are binding on you.
By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service.
No waiver by Company of any term or condition set forth in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision.
If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect.
BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM.
Please send your feedback, comments, requests for technical support:
By email: support@playform.cloud
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd. (“Company”, “we”, “our”, “us”)! As you have just clicked our Terms of Service, please pause, grab a cup of coffee and carefully read the following pages. It will take you approximately 20 minutes.
These Terms of Service (“Terms”, “Terms of Service”) govern your use of our web pages located at https://playform.cloud and our mobile application PlayForm (together or individually “Service”) operated by PlayForm ltd.
Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages. Please read it here https://playform.cloud/Privacy-Policy.
Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements, and agree to be bound of them.
If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at support@playform.cloud so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service.
Thank you for being responsible.
By creating an Account on our Service, you agree to subscribe to newsletters, marketing or promotional materials and other information we may send. However, you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at.
If you wish to purchase any product or service made available through Service (“Purchase”), you may be asked to supply certain information relevant to your Purchase including, without limitation, your credit card number, the expiration date of your credit card, your billing address, and your shipping information.
You represent and warrant that:
a) you have the legal right to use any credit card(s) or other payment method(s) in connection with any Purchase; and that
b) the information you supply to us is true, correct and complete.
We may employ the use of third-party services for the purpose of facilitating payment and the completion of Purchases. By submitting your information, you grant us the right to provide the information to these third parties subject to our Privacy Policy.
We reserve the right to refuse or cancel your order at any time for reasons including but not limited to: product or service availability, errors in the description or price of the product or service, error in your order or other reasons.
We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected.
Any contests, sweepstakes or other promotions (collectively, “Promotions”) made available through Service may be governed by rules that are separate from these Terms of Service. If you participate in any Promotions, please review the applicable rules as well as our Privacy Policy. If the rules for a Promotion conflict with these Terms of Service, Promotion rules will apply.
Some parts of Service are billed on a subscription basis (“Subscription(s)”). You will be billed in advance on a recurring and periodic basis (“Billing Cycle”). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or PlayForm ltd. cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting PlayForm ltd. customer support team.
A valid payment method, including credit card or PayPal, is required to process the payment for your subscription. You shall provide PlayForm ltd. with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize PlayForm ltd. to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, PlayForm ltd. will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice.
PlayForm ltd. may, at its sole discretion, offer a Subscription with a free trial for a limited period of time (“Free Trial”).
You may be required to enter your billing information in order to sign up for Free Trial.
If you do enter your billing information when signing up for Free Trial, you will not be charged by PlayForm ltd. until Free Trial has expired. On the last day of Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, PlayForm ltd. reserves the right to
a) modify Terms of Service of Free Trial offer, or
b) cancel such Free Trial offer.
PlayForm ltd., in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
PlayForm ltd. will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective.
Your continued use of Service after Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
We issue refunds for Contracts within fourteen (14) days of the original purchase of the Contract.
Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material (“Content”). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness.
By posting Content on or through Service, You represent and warrant that:
a) Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and
b) that the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.
You retain any and all of your rights to any Content you submit, post or display on or through Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third-party posts on or through Service. However, by posting Content using Service you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right for us to make your Content available to other users of Service, who may also use your Content subject to these Terms.
PlayForm ltd. has the right but not the obligation to monitor and edit all Content provided by users.
In addition, Content found on or through this Service are the property of PlayForm ltd. or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service:
a. In any way that violates any applicable national or international law or regulation.
b. For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
c. To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail”, “chain letter,” “spam,” or any other similar solicitation.
d. To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
e. In any way that infringes upon the rights of others, or in any way is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
f. To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability.
Additionally, you agree not to:
a. Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party’s use of Service, including their ability to engage in real time activities through Service.
b. Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service.
c. Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent.
d. Use any device, software, or routine that interferes with the proper working of Service.
e. Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful.
f. Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service.
g. Attack Service via a denial-of-service attack or a distributed denial-of-service attack.
h. Take any action that may damage or falsify Company rating.
i. Otherwise attempt to interfere with the proper working of Service.
Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using any of Company, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not at least eighteen (18) years old, you are prohibited from both the access and usage of Service.
When you create an account with us, you guarantee that you are above the age of 18, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on Service.
You are responsible for maintaining the confidentiality of your account and password, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any name that is offensive, vulgar or obscene.
We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders in our sole discretion.
Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of PlayForm ltd. and its licensors. Service is protected by copyright, trademark, and other laws of the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of PlayForm ltd.
We respect the intellectual property rights of others. It is our policy to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.
If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to dmca@playform.cloud, with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims”
You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.
You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
a. an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest;
b. a description of the copyrighted work that you claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work;
c. identification of the URL or other specific location on Service where the material that you claim is infringing is located;
d. your address, telephone number, and email address;
e. a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
f. a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
You can contact our Copyright Agent via email at dmca@playform.cloud
You may provide us either directly at support@playform.cloud or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that:
a) you shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback;
b) Company may have development ideas similar to the Feedback;
c) Feedback does not contain confidential information or proprietary information from you or any third party; and
d) Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
Our Service may contain links to third party web sites or services that are not owned or controlled by PlayForm ltd.
PlayForm ltd. has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third-party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
YOU ACKNOWLEDGE AND AGREE THAT PlayForm ltd. SHALL NOT BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD-PARTY WEB SITES OR SERVICES.
WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY THIRD-PARTY WEB SITES OR SERVICES THAT YOU VISIT.
THESE SERVICES ARE PROVIDED BY COMPANY ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR CONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK.
NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING, NEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT THE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS HARMLESS FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES (INCLUDING ATTORNEYS’ FEES AND ALL RELATED COSTS AND EXPENSES OF LITIGATION AND ARBITRATION, OR AT TRIAL OR ON APPEAL, IF ANY, WHETHER OR NOT LITIGATION OR ARBITRATION IS INSTITUTED), WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY CLAIM FOR PERSONAL INJURY OR PROPERTY DAMAGE, ARISING FROM THIS AGREEMENT AND ANY VIOLATION BY YOU OF ANY FEDERAL, STATE, OR LOCAL LAWS, STATUTES, RULES, OR REGULATIONS, EVEN IF COMPANY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE PART OF COMPANY, IT WILL BE LIMITED TO THE AMOUNT PAID FOR THE PRODUCTS AND/OR SERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms.
If you wish to terminate your account, you may simply discontinue using Service.
All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
These Terms shall be governed and construed in accordance with the laws of Republic of Bulgaria without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service.
We reserve the right to withdraw or amend our Service, and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Service, or the entire Service, to users, including registered users.
We may amend Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically.
Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently so you are aware of any changes, as they are binding on you.
By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service.
No waiver by Company of any term or condition set forth in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision.
If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect.
BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM.
Please send your feedback, comments, requests for technical support:
By email: support@playform.cloud
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd. (“Company”, “we”, “our”, “us”)! As you have just clicked our Terms of Service, please pause, grab a cup of coffee and carefully read the following pages. It will take you approximately 20 minutes.
These Terms of Service (“Terms”, “Terms of Service”) govern your use of our web pages located at https://playform.cloud and our mobile application PlayForm (together or individually “Service”) operated by PlayForm ltd.
Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages. Please read it here https://playform.cloud/Privacy-Policy.
Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements, and agree to be bound of them.
If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at support@playform.cloud so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service.
Thank you for being responsible.
By creating an Account on our Service, you agree to subscribe to newsletters, marketing or promotional materials and other information we may send. However, you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at.
If you wish to purchase any product or service made available through Service (“Purchase”), you may be asked to supply certain information relevant to your Purchase including, without limitation, your credit card number, the expiration date of your credit card, your billing address, and your shipping information.
You represent and warrant that:
a) you have the legal right to use any credit card(s) or other payment method(s) in connection with any Purchase; and that
b) the information you supply to us is true, correct and complete.
We may employ the use of third-party services for the purpose of facilitating payment and the completion of Purchases. By submitting your information, you grant us the right to provide the information to these third parties subject to our Privacy Policy.
We reserve the right to refuse or cancel your order at any time for reasons including but not limited to: product or service availability, errors in the description or price of the product or service, error in your order or other reasons.
We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected.
Any contests, sweepstakes or other promotions (collectively, “Promotions”) made available through Service may be governed by rules that are separate from these Terms of Service. If you participate in any Promotions, please review the applicable rules as well as our Privacy Policy. If the rules for a Promotion conflict with these Terms of Service, Promotion rules will apply.
Some parts of Service are billed on a subscription basis (“Subscription(s)”). You will be billed in advance on a recurring and periodic basis (“Billing Cycle”). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or PlayForm ltd. cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting PlayForm ltd. customer support team.
A valid payment method, including credit card or PayPal, is required to process the payment for your subscription. You shall provide PlayForm ltd. with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize PlayForm ltd. to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, PlayForm ltd. will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice.
PlayForm ltd. may, at its sole discretion, offer a Subscription with a free trial for a limited period of time (“Free Trial”).
You may be required to enter your billing information in order to sign up for Free Trial.
If you do enter your billing information when signing up for Free Trial, you will not be charged by PlayForm ltd. until Free Trial has expired. On the last day of Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, PlayForm ltd. reserves the right to
a) modify Terms of Service of Free Trial offer, or
b) cancel such Free Trial offer.
PlayForm ltd., in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
PlayForm ltd. will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective.
Your continued use of Service after Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
We issue refunds for Contracts within fourteen (14) days of the original purchase of the Contract.
Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material (“Content”). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness.
By posting Content on or through Service, You represent and warrant that:
a) Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and
b) that the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.
You retain any and all of your rights to any Content you submit, post or display on or through Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third-party posts on or through Service. However, by posting Content using Service you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right for us to make your Content available to other users of Service, who may also use your Content subject to these Terms.
PlayForm ltd. has the right but not the obligation to monitor and edit all Content provided by users.
In addition, Content found on or through this Service are the property of PlayForm ltd. or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service:
a. In any way that violates any applicable national or international law or regulation.
b. For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
c. To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail”, “chain letter,” “spam,” or any other similar solicitation.
d. To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
e. In any way that infringes upon the rights of others, or in any way is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
f. To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability.
Additionally, you agree not to:
a. Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party’s use of Service, including their ability to engage in real time activities through Service.
b. Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service.
c. Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent.
d. Use any device, software, or routine that interferes with the proper working of Service.
e. Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful.
f. Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service.
g. Attack Service via a denial-of-service attack or a distributed denial-of-service attack.
h. Take any action that may damage or falsify Company rating.
i. Otherwise attempt to interfere with the proper working of Service.
Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using any of Company, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not at least eighteen (18) years old, you are prohibited from both the access and usage of Service.
When you create an account with us, you guarantee that you are above the age of 18, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on Service.
You are responsible for maintaining the confidentiality of your account and password, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any name that is offensive, vulgar or obscene.
We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders in our sole discretion.
Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of PlayForm ltd. and its licensors. Service is protected by copyright, trademark, and other laws of the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of PlayForm ltd.
We respect the intellectual property rights of others. It is our policy to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.
If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to dmca@playform.cloud, with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims”
You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.
You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
a. an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest;
b. a description of the copyrighted work that you claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work;
c. identification of the URL or other specific location on Service where the material that you claim is infringing is located;
d. your address, telephone number, and email address;
e. a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
f. a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
You can contact our Copyright Agent via email at dmca@playform.cloud
You may provide us either directly at support@playform.cloud or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that:
a) you shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback;
b) Company may have development ideas similar to the Feedback;
c) Feedback does not contain confidential information or proprietary information from you or any third party; and
d) Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
Our Service may contain links to third party web sites or services that are not owned or controlled by PlayForm ltd.
PlayForm ltd. has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third-party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
YOU ACKNOWLEDGE AND AGREE THAT PlayForm ltd. SHALL NOT BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD-PARTY WEB SITES OR SERVICES.
WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY THIRD-PARTY WEB SITES OR SERVICES THAT YOU VISIT.
THESE SERVICES ARE PROVIDED BY COMPANY ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR CONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK.
NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING, NEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT THE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS HARMLESS FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES (INCLUDING ATTORNEYS’ FEES AND ALL RELATED COSTS AND EXPENSES OF LITIGATION AND ARBITRATION, OR AT TRIAL OR ON APPEAL, IF ANY, WHETHER OR NOT LITIGATION OR ARBITRATION IS INSTITUTED), WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY CLAIM FOR PERSONAL INJURY OR PROPERTY DAMAGE, ARISING FROM THIS AGREEMENT AND ANY VIOLATION BY YOU OF ANY FEDERAL, STATE, OR LOCAL LAWS, STATUTES, RULES, OR REGULATIONS, EVEN IF COMPANY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE PART OF COMPANY, IT WILL BE LIMITED TO THE AMOUNT PAID FOR THE PRODUCTS AND/OR SERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms.
If you wish to terminate your account, you may simply discontinue using Service.
All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
These Terms shall be governed and construed in accordance with the laws of Republic of Bulgaria without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service.
We reserve the right to withdraw or amend our Service, and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Service, or the entire Service, to users, including registered users.
We may amend Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically.
Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently so you are aware of any changes, as they are binding on you.
By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service.
No waiver by Company of any term or condition set forth in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision.
If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect.
BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM.
Please send your feedback, comments, requests for technical support:
By email: support@playform.cloud
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Effective date: 01.12.2016 / January 12th 2016
Last updated: 02.11.2022 / February 11th 2022
Welcome to PlayForm ltd. (“Company”, “we”, “our”, “us”)! As you have just clicked our Terms of Service, please pause, grab a cup of coffee and carefully read the following pages. It will take you approximately 20 minutes.
These Terms of Service (“Terms”, “Terms of Service”) govern your use of our web pages located at https://playform.cloud and our mobile application PlayForm (together or individually “Service”) operated by PlayForm ltd.
Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages. Please read it here https://playform.cloud/Privacy-Policy.
Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements, and agree to be bound of them.
If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at support@playform.cloud so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service.
Thank you for being responsible.
By creating an Account on our Service, you agree to subscribe to newsletters, marketing or promotional materials and other information we may send. However, you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at.
If you wish to purchase any product or service made available through Service (“Purchase”), you may be asked to supply certain information relevant to your Purchase including, without limitation, your credit card number, the expiration date of your credit card, your billing address, and your shipping information.
You represent and warrant that:
a) you have the legal right to use any credit card(s) or other payment method(s) in connection with any Purchase; and that
b) the information you supply to us is true, correct and complete.
We may employ the use of third-party services for the purpose of facilitating payment and the completion of Purchases. By submitting your information, you grant us the right to provide the information to these third parties subject to our Privacy Policy.
We reserve the right to refuse or cancel your order at any time for reasons including but not limited to: product or service availability, errors in the description or price of the product or service, error in your order or other reasons.
We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected.
Any contests, sweepstakes or other promotions (collectively, “Promotions”) made available through Service may be governed by rules that are separate from these Terms of Service. If you participate in any Promotions, please review the applicable rules as well as our Privacy Policy. If the rules for a Promotion conflict with these Terms of Service, Promotion rules will apply.
Some parts of Service are billed on a subscription basis (“Subscription(s)”). You will be billed in advance on a recurring and periodic basis (“Billing Cycle”). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or PlayForm ltd. cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting PlayForm ltd. customer support team.
A valid payment method, including credit card or PayPal, is required to process the payment for your subscription. You shall provide PlayForm ltd. with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize PlayForm ltd. to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, PlayForm ltd. will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice.
PlayForm ltd. may, at its sole discretion, offer a Subscription with a free trial for a limited period of time (“Free Trial”).
You may be required to enter your billing information in order to sign up for Free Trial.
If you do enter your billing information when signing up for Free Trial, you will not be charged by PlayForm ltd. until Free Trial has expired. On the last day of Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, PlayForm ltd. reserves the right to
a) modify Terms of Service of Free Trial offer, or
b) cancel such Free Trial offer.
PlayForm ltd., in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
PlayForm ltd. will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective.
Your continued use of Service after Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
We issue refunds for Contracts within fourteen (14) days of the original purchase of the Contract.
Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material (“Content”). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness.
By posting Content on or through Service, You represent and warrant that:
a) Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and
b) that the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.
You retain any and all of your rights to any Content you submit, post or display on or through Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third-party posts on or through Service. However, by posting Content using Service you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right for us to make your Content available to other users of Service, who may also use your Content subject to these Terms.
PlayForm ltd. has the right but not the obligation to monitor and edit all Content provided by users.
In addition, Content found on or through this Service are the property of PlayForm ltd. or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service:
a. In any way that violates any applicable national or international law or regulation.
b. For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
c. To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail”, “chain letter,” “spam,” or any other similar solicitation.
d. To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
e. In any way that infringes upon the rights of others, or in any way is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
f. To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability.
Additionally, you agree not to:
a. Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party’s use of Service, including their ability to engage in real time activities through Service.
b. Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service.
c. Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent.
d. Use any device, software, or routine that interferes with the proper working of Service.
e. Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful.
f. Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service.
g. Attack Service via a denial-of-service attack or a distributed denial-of-service attack.
h. Take any action that may damage or falsify Company rating.
i. Otherwise attempt to interfere with the proper working of Service.
Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using any of Company, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not at least eighteen (18) years old, you are prohibited from both the access and usage of Service.
When you create an account with us, you guarantee that you are above the age of 18, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on Service.
You are responsible for maintaining the confidentiality of your account and password, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any name that is offensive, vulgar or obscene.
We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders in our sole discretion.
Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of PlayForm ltd. and its licensors. Service is protected by copyright, trademark, and other laws of the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of PlayForm ltd.
We respect the intellectual property rights of others. It is our policy to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.
If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to dmca@playform.cloud, with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims”
You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.
You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
a. an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest;
b. a description of the copyrighted work that you claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work;
c. identification of the URL or other specific location on Service where the material that you claim is infringing is located;
d. your address, telephone number, and email address;
e. a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
f. a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
You can contact our Copyright Agent via email at dmca@playform.cloud
You may provide us either directly at support@playform.cloud or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that:
a) you shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback;
b) Company may have development ideas similar to the Feedback;
c) Feedback does not contain confidential information or proprietary information from you or any third party; and
d) Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
Our Service may contain links to third party web sites or services that are not owned or controlled by PlayForm ltd.
PlayForm ltd. has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third-party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
YOU ACKNOWLEDGE AND AGREE THAT PlayForm ltd. SHALL NOT BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD-PARTY WEB SITES OR SERVICES.
WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY THIRD-PARTY WEB SITES OR SERVICES THAT YOU VISIT.
THESE SERVICES ARE PROVIDED BY COMPANY ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR CONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK.
NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING, NEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT THE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS HARMLESS FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES (INCLUDING ATTORNEYS’ FEES AND ALL RELATED COSTS AND EXPENSES OF LITIGATION AND ARBITRATION, OR AT TRIAL OR ON APPEAL, IF ANY, WHETHER OR NOT LITIGATION OR ARBITRATION IS INSTITUTED), WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY CLAIM FOR PERSONAL INJURY OR PROPERTY DAMAGE, ARISING FROM THIS AGREEMENT AND ANY VIOLATION BY YOU OF ANY FEDERAL, STATE, OR LOCAL LAWS, STATUTES, RULES, OR REGULATIONS, EVEN IF COMPANY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE PART OF COMPANY, IT WILL BE LIMITED TO THE AMOUNT PAID FOR THE PRODUCTS AND/OR SERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms.
If you wish to terminate your account, you may simply discontinue using Service.
All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
These Terms shall be governed and construed in accordance with the laws of Republic of Bulgaria without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service.
We reserve the right to withdraw or amend our Service, and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Service, or the entire Service, to users, including registered users.
We may amend Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically.
Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently so you are aware of any changes, as they are binding on you.
By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service.
No waiver by Company of any term or condition set forth in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision.
If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect.
BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM.
Please send your feedback, comments, requests for technical support:
By email: support@playform.cloud
By phone number: +359876668093.
By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.
Visible for testing\r\n */\r\nconst MAX_VALUE_MILLIS = 4 * 60 * 60 * 1000; // Four hours, like iOS and Android.\r\n/**\r\n * The percentage of backoff time to randomize by.\r\n * See\r\n * http://go/safe-client-behavior#step-1-determine-the-appropriate-retry-interval-to-handle-spike-traffic\r\n * for context.\r\n *\r\n *
Visible for testing\r\n */\r\nconst RANDOM_FACTOR = 0.5;\r\n/**\r\n * Based on the backoff method from\r\n * https://github.com/google/closure-library/blob/master/closure/goog/math/exponentialbackoff.js.\r\n * Extracted here so we don't need to pass metadata and a stateful ExponentialBackoff object around.\r\n */\r\nfunction calculateBackoffMillis(backoffCount, intervalMillis = DEFAULT_INTERVAL_MILLIS, backoffFactor = DEFAULT_BACKOFF_FACTOR) {\r\n // Calculates an exponentially increasing value.\r\n // Deviation: calculates value from count and a constant interval, so we only need to save value\r\n // and count to restore state.\r\n const currBaseValue = intervalMillis * Math.pow(backoffFactor, backoffCount);\r\n // A random \"fuzz\" to avoid waves of retries.\r\n // Deviation: randomFactor is required.\r\n const randomWait = Math.round(\r\n // A fraction of the backoff value to add/subtract.\r\n // Deviation: changes multiplication order to improve readability.\r\n RANDOM_FACTOR *\r\n currBaseValue *\r\n // A random float (rounded to int by Math.round above) in the range [-1, 1]. Determines\r\n // if we add or subtract.\r\n (Math.random() - 0.5) *\r\n 2);\r\n // Limits backoff to max to avoid effectively permanent backoff.\r\n return Math.min(MAX_VALUE_MILLIS, currBaseValue + randomWait);\r\n}\n\n/**\r\n * @license\r\n * Copyright 2020 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Provide English ordinal letters after a number\r\n */\r\nfunction ordinal(i) {\r\n if (!Number.isFinite(i)) {\r\n return `${i}`;\r\n }\r\n return i + indicator(i);\r\n}\r\nfunction indicator(i) {\r\n i = Math.abs(i);\r\n const cent = i % 100;\r\n if (cent >= 10 && cent <= 20) {\r\n return 'th';\r\n }\r\n const dec = i % 10;\r\n if (dec === 1) {\r\n return 'st';\r\n }\r\n if (dec === 2) {\r\n return 'nd';\r\n }\r\n if (dec === 3) {\r\n return 'rd';\r\n }\r\n return 'th';\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nfunction getModularInstance(service) {\r\n if (service && service._delegate) {\r\n return service._delegate;\r\n }\r\n else {\r\n return service;\r\n }\r\n}\n\nexport { CONSTANTS, DecodeBase64StringError, Deferred, ErrorFactory, FirebaseError, MAX_VALUE_MILLIS, RANDOM_FACTOR, Sha1, areCookiesEnabled, assert, assertionError, async, base64, base64Decode, base64Encode, base64urlEncodeWithoutPadding, calculateBackoffMillis, contains, createMockUserToken, createSubscribe, decode, deepCopy, deepEqual, deepExtend, errorPrefix, extractQuerystring, getDefaultAppConfig, getDefaultEmulatorHost, getDefaultEmulatorHostnameAndPort, getDefaults, getExperimentalSetting, getGlobal, getModularInstance, getUA, isAdmin, isBrowser, isBrowserExtension, isCloudflareWorker, isElectron, isEmpty, isIE, isIndexedDBAvailable, isMobileCordova, isNode, isNodeSdk, isReactNative, isSafari, isUWP, isValidFormat, isValidTimestamp, isWebWorker, issuedAtTime, jsonEval, map, ordinal, promiseWithTimeout, querystring, querystringDecode, safeGet, stringLength, stringToByteArray, stringify, uuidv4, validateArgCount, validateCallback, validateContextObject, validateIndexedDBOpenable, validateNamespace };\n//# sourceMappingURL=index.esm2017.js.map\n","import { Deferred } from '@firebase/util';\n\n/**\r\n * Component for service name T, e.g. `auth`, `auth-internal`\r\n */\r\nclass Component {\r\n /**\r\n *\r\n * @param name The public service name, e.g. app, auth, firestore, database\r\n * @param instanceFactory Service factory responsible for creating the public interface\r\n * @param type whether the service provided by the component is public or private\r\n */\r\n constructor(name, instanceFactory, type) {\r\n this.name = name;\r\n this.instanceFactory = instanceFactory;\r\n this.type = type;\r\n this.multipleInstances = false;\r\n /**\r\n * Properties to be added to the service namespace\r\n */\r\n this.serviceProps = {};\r\n this.instantiationMode = \"LAZY\" /* InstantiationMode.LAZY */;\r\n this.onInstanceCreated = null;\r\n }\r\n setInstantiationMode(mode) {\r\n this.instantiationMode = mode;\r\n return this;\r\n }\r\n setMultipleInstances(multipleInstances) {\r\n this.multipleInstances = multipleInstances;\r\n return this;\r\n }\r\n setServiceProps(props) {\r\n this.serviceProps = props;\r\n return this;\r\n }\r\n setInstanceCreatedCallback(callback) {\r\n this.onInstanceCreated = callback;\r\n return this;\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst DEFAULT_ENTRY_NAME = '[DEFAULT]';\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Provider for instance for service name T, e.g. 'auth', 'auth-internal'\r\n * NameServiceMapping[T] is an alias for the type of the instance\r\n */\r\nclass Provider {\r\n constructor(name, container) {\r\n this.name = name;\r\n this.container = container;\r\n this.component = null;\r\n this.instances = new Map();\r\n this.instancesDeferred = new Map();\r\n this.instancesOptions = new Map();\r\n this.onInitCallbacks = new Map();\r\n }\r\n /**\r\n * @param identifier A provider can provide multiple instances of a service\r\n * if this.component.multipleInstances is true.\r\n */\r\n get(identifier) {\r\n // if multipleInstances is not supported, use the default name\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(identifier);\r\n if (!this.instancesDeferred.has(normalizedIdentifier)) {\r\n const deferred = new Deferred();\r\n this.instancesDeferred.set(normalizedIdentifier, deferred);\r\n if (this.isInitialized(normalizedIdentifier) ||\r\n this.shouldAutoInitialize()) {\r\n // initialize the service if it can be auto-initialized\r\n try {\r\n const instance = this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier\r\n });\r\n if (instance) {\r\n deferred.resolve(instance);\r\n }\r\n }\r\n catch (e) {\r\n // when the instance factory throws an exception during get(), it should not cause\r\n // a fatal error. We just return the unresolved promise in this case.\r\n }\r\n }\r\n }\r\n return this.instancesDeferred.get(normalizedIdentifier).promise;\r\n }\r\n getImmediate(options) {\r\n var _a;\r\n // if multipleInstances is not supported, use the default name\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(options === null || options === void 0 ? void 0 : options.identifier);\r\n const optional = (_a = options === null || options === void 0 ? void 0 : options.optional) !== null && _a !== void 0 ? _a : false;\r\n if (this.isInitialized(normalizedIdentifier) ||\r\n this.shouldAutoInitialize()) {\r\n try {\r\n return this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier\r\n });\r\n }\r\n catch (e) {\r\n if (optional) {\r\n return null;\r\n }\r\n else {\r\n throw e;\r\n }\r\n }\r\n }\r\n else {\r\n // In case a component is not initialized and should/cannot be auto-initialized at the moment, return null if the optional flag is set, or throw\r\n if (optional) {\r\n return null;\r\n }\r\n else {\r\n throw Error(`Service ${this.name} is not available`);\r\n }\r\n }\r\n }\r\n getComponent() {\r\n return this.component;\r\n }\r\n setComponent(component) {\r\n if (component.name !== this.name) {\r\n throw Error(`Mismatching Component ${component.name} for Provider ${this.name}.`);\r\n }\r\n if (this.component) {\r\n throw Error(`Component for ${this.name} has already been provided`);\r\n }\r\n this.component = component;\r\n // return early without attempting to initialize the component if the component requires explicit initialization (calling `Provider.initialize()`)\r\n if (!this.shouldAutoInitialize()) {\r\n return;\r\n }\r\n // if the service is eager, initialize the default instance\r\n if (isComponentEager(component)) {\r\n try {\r\n this.getOrInitializeService({ instanceIdentifier: DEFAULT_ENTRY_NAME });\r\n }\r\n catch (e) {\r\n // when the instance factory for an eager Component throws an exception during the eager\r\n // initialization, it should not cause a fatal error.\r\n // TODO: Investigate if we need to make it configurable, because some component may want to cause\r\n // a fatal error in this case?\r\n }\r\n }\r\n // Create service instances for the pending promises and resolve them\r\n // NOTE: if this.multipleInstances is false, only the default instance will be created\r\n // and all promises with resolve with it regardless of the identifier.\r\n for (const [instanceIdentifier, instanceDeferred] of this.instancesDeferred.entries()) {\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(instanceIdentifier);\r\n try {\r\n // `getOrInitializeService()` should always return a valid instance since a component is guaranteed. use ! to make typescript happy.\r\n const instance = this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier\r\n });\r\n instanceDeferred.resolve(instance);\r\n }\r\n catch (e) {\r\n // when the instance factory throws an exception, it should not cause\r\n // a fatal error. We just leave the promise unresolved.\r\n }\r\n }\r\n }\r\n clearInstance(identifier = DEFAULT_ENTRY_NAME) {\r\n this.instancesDeferred.delete(identifier);\r\n this.instancesOptions.delete(identifier);\r\n this.instances.delete(identifier);\r\n }\r\n // app.delete() will call this method on every provider to delete the services\r\n // TODO: should we mark the provider as deleted?\r\n async delete() {\r\n const services = Array.from(this.instances.values());\r\n await Promise.all([\r\n ...services\r\n .filter(service => 'INTERNAL' in service) // legacy services\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n .map(service => service.INTERNAL.delete()),\r\n ...services\r\n .filter(service => '_delete' in service) // modularized services\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n .map(service => service._delete())\r\n ]);\r\n }\r\n isComponentSet() {\r\n return this.component != null;\r\n }\r\n isInitialized(identifier = DEFAULT_ENTRY_NAME) {\r\n return this.instances.has(identifier);\r\n }\r\n getOptions(identifier = DEFAULT_ENTRY_NAME) {\r\n return this.instancesOptions.get(identifier) || {};\r\n }\r\n initialize(opts = {}) {\r\n const { options = {} } = opts;\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(opts.instanceIdentifier);\r\n if (this.isInitialized(normalizedIdentifier)) {\r\n throw Error(`${this.name}(${normalizedIdentifier}) has already been initialized`);\r\n }\r\n if (!this.isComponentSet()) {\r\n throw Error(`Component ${this.name} has not been registered yet`);\r\n }\r\n const instance = this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier,\r\n options\r\n });\r\n // resolve any pending promise waiting for the service instance\r\n for (const [instanceIdentifier, instanceDeferred] of this.instancesDeferred.entries()) {\r\n const normalizedDeferredIdentifier = this.normalizeInstanceIdentifier(instanceIdentifier);\r\n if (normalizedIdentifier === normalizedDeferredIdentifier) {\r\n instanceDeferred.resolve(instance);\r\n }\r\n }\r\n return instance;\r\n }\r\n /**\r\n *\r\n * @param callback - a function that will be invoked after the provider has been initialized by calling provider.initialize().\r\n * The function is invoked SYNCHRONOUSLY, so it should not execute any longrunning tasks in order to not block the program.\r\n *\r\n * @param identifier An optional instance identifier\r\n * @returns a function to unregister the callback\r\n */\r\n onInit(callback, identifier) {\r\n var _a;\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(identifier);\r\n const existingCallbacks = (_a = this.onInitCallbacks.get(normalizedIdentifier)) !== null && _a !== void 0 ? _a : new Set();\r\n existingCallbacks.add(callback);\r\n this.onInitCallbacks.set(normalizedIdentifier, existingCallbacks);\r\n const existingInstance = this.instances.get(normalizedIdentifier);\r\n if (existingInstance) {\r\n callback(existingInstance, normalizedIdentifier);\r\n }\r\n return () => {\r\n existingCallbacks.delete(callback);\r\n };\r\n }\r\n /**\r\n * Invoke onInit callbacks synchronously\r\n * @param instance the service instance`\r\n */\r\n invokeOnInitCallbacks(instance, identifier) {\r\n const callbacks = this.onInitCallbacks.get(identifier);\r\n if (!callbacks) {\r\n return;\r\n }\r\n for (const callback of callbacks) {\r\n try {\r\n callback(instance, identifier);\r\n }\r\n catch (_a) {\r\n // ignore errors in the onInit callback\r\n }\r\n }\r\n }\r\n getOrInitializeService({ instanceIdentifier, options = {} }) {\r\n let instance = this.instances.get(instanceIdentifier);\r\n if (!instance && this.component) {\r\n instance = this.component.instanceFactory(this.container, {\r\n instanceIdentifier: normalizeIdentifierForFactory(instanceIdentifier),\r\n options\r\n });\r\n this.instances.set(instanceIdentifier, instance);\r\n this.instancesOptions.set(instanceIdentifier, options);\r\n /**\r\n * Invoke onInit listeners.\r\n * Note this.component.onInstanceCreated is different, which is used by the component creator,\r\n * while onInit listeners are registered by consumers of the provider.\r\n */\r\n this.invokeOnInitCallbacks(instance, instanceIdentifier);\r\n /**\r\n * Order is important\r\n * onInstanceCreated() should be called after this.instances.set(instanceIdentifier, instance); which\r\n * makes `isInitialized()` return true.\r\n */\r\n if (this.component.onInstanceCreated) {\r\n try {\r\n this.component.onInstanceCreated(this.container, instanceIdentifier, instance);\r\n }\r\n catch (_a) {\r\n // ignore errors in the onInstanceCreatedCallback\r\n }\r\n }\r\n }\r\n return instance || null;\r\n }\r\n normalizeInstanceIdentifier(identifier = DEFAULT_ENTRY_NAME) {\r\n if (this.component) {\r\n return this.component.multipleInstances ? identifier : DEFAULT_ENTRY_NAME;\r\n }\r\n else {\r\n return identifier; // assume multiple instances are supported before the component is provided.\r\n }\r\n }\r\n shouldAutoInitialize() {\r\n return (!!this.component &&\r\n this.component.instantiationMode !== \"EXPLICIT\" /* InstantiationMode.EXPLICIT */);\r\n }\r\n}\r\n// undefined should be passed to the service factory for the default instance\r\nfunction normalizeIdentifierForFactory(identifier) {\r\n return identifier === DEFAULT_ENTRY_NAME ? undefined : identifier;\r\n}\r\nfunction isComponentEager(component) {\r\n return component.instantiationMode === \"EAGER\" /* InstantiationMode.EAGER */;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * ComponentContainer that provides Providers for service name T, e.g. `auth`, `auth-internal`\r\n */\r\nclass ComponentContainer {\r\n constructor(name) {\r\n this.name = name;\r\n this.providers = new Map();\r\n }\r\n /**\r\n *\r\n * @param component Component being added\r\n * @param overwrite When a component with the same name has already been registered,\r\n * if overwrite is true: overwrite the existing component with the new component and create a new\r\n * provider with the new component. It can be useful in tests where you want to use different mocks\r\n * for different tests.\r\n * if overwrite is false: throw an exception\r\n */\r\n addComponent(component) {\r\n const provider = this.getProvider(component.name);\r\n if (provider.isComponentSet()) {\r\n throw new Error(`Component ${component.name} has already been registered with ${this.name}`);\r\n }\r\n provider.setComponent(component);\r\n }\r\n addOrOverwriteComponent(component) {\r\n const provider = this.getProvider(component.name);\r\n if (provider.isComponentSet()) {\r\n // delete the existing provider from the container, so we can register the new component\r\n this.providers.delete(component.name);\r\n }\r\n this.addComponent(component);\r\n }\r\n /**\r\n * getProvider provides a type safe interface where it can only be called with a field name\r\n * present in NameServiceMapping interface.\r\n *\r\n * Firebase SDKs providing services should extend NameServiceMapping interface to register\r\n * themselves.\r\n */\r\n getProvider(name) {\r\n if (this.providers.has(name)) {\r\n return this.providers.get(name);\r\n }\r\n // create a Provider for a service that hasn't registered with Firebase\r\n const provider = new Provider(name, this);\r\n this.providers.set(name, provider);\r\n return provider;\r\n }\r\n getProviders() {\r\n return Array.from(this.providers.values());\r\n }\r\n}\n\nexport { Component, ComponentContainer, Provider };\n//# sourceMappingURL=index.esm2017.js.map\n","/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * A container for all of the Logger instances\r\n */\r\nconst instances = [];\r\n/**\r\n * The JS SDK supports 5 log levels and also allows a user the ability to\r\n * silence the logs altogether.\r\n *\r\n * The order is a follows:\r\n * DEBUG < VERBOSE < INFO < WARN < ERROR\r\n *\r\n * All of the log types above the current log level will be captured (i.e. if\r\n * you set the log level to `INFO`, errors will still be logged, but `DEBUG` and\r\n * `VERBOSE` logs will not)\r\n */\r\nvar LogLevel;\r\n(function (LogLevel) {\r\n LogLevel[LogLevel[\"DEBUG\"] = 0] = \"DEBUG\";\r\n LogLevel[LogLevel[\"VERBOSE\"] = 1] = \"VERBOSE\";\r\n LogLevel[LogLevel[\"INFO\"] = 2] = \"INFO\";\r\n LogLevel[LogLevel[\"WARN\"] = 3] = \"WARN\";\r\n LogLevel[LogLevel[\"ERROR\"] = 4] = \"ERROR\";\r\n LogLevel[LogLevel[\"SILENT\"] = 5] = \"SILENT\";\r\n})(LogLevel || (LogLevel = {}));\r\nconst levelStringToEnum = {\r\n 'debug': LogLevel.DEBUG,\r\n 'verbose': LogLevel.VERBOSE,\r\n 'info': LogLevel.INFO,\r\n 'warn': LogLevel.WARN,\r\n 'error': LogLevel.ERROR,\r\n 'silent': LogLevel.SILENT\r\n};\r\n/**\r\n * The default log level\r\n */\r\nconst defaultLogLevel = LogLevel.INFO;\r\n/**\r\n * By default, `console.debug` is not displayed in the developer console (in\r\n * chrome). To avoid forcing users to have to opt-in to these logs twice\r\n * (i.e. once for firebase, and once in the console), we are sending `DEBUG`\r\n * logs to the `console.log` function.\r\n */\r\nconst ConsoleMethod = {\r\n [LogLevel.DEBUG]: 'log',\r\n [LogLevel.VERBOSE]: 'log',\r\n [LogLevel.INFO]: 'info',\r\n [LogLevel.WARN]: 'warn',\r\n [LogLevel.ERROR]: 'error'\r\n};\r\n/**\r\n * The default log handler will forward DEBUG, VERBOSE, INFO, WARN, and ERROR\r\n * messages on to their corresponding console counterparts (if the log method\r\n * is supported by the current log level)\r\n */\r\nconst defaultLogHandler = (instance, logType, ...args) => {\r\n if (logType < instance.logLevel) {\r\n return;\r\n }\r\n const now = new Date().toISOString();\r\n const method = ConsoleMethod[logType];\r\n if (method) {\r\n console[method](`[${now}] ${instance.name}:`, ...args);\r\n }\r\n else {\r\n throw new Error(`Attempted to log a message with an invalid logType (value: ${logType})`);\r\n }\r\n};\r\nclass Logger {\r\n /**\r\n * Gives you an instance of a Logger to capture messages according to\r\n * Firebase's logging scheme.\r\n *\r\n * @param name The name that the logs will be associated with\r\n */\r\n constructor(name) {\r\n this.name = name;\r\n /**\r\n * The log level of the given Logger instance.\r\n */\r\n this._logLevel = defaultLogLevel;\r\n /**\r\n * The main (internal) log handler for the Logger instance.\r\n * Can be set to a new function in internal package code but not by user.\r\n */\r\n this._logHandler = defaultLogHandler;\r\n /**\r\n * The optional, additional, user-defined log handler for the Logger instance.\r\n */\r\n this._userLogHandler = null;\r\n /**\r\n * Capture the current instance for later use\r\n */\r\n instances.push(this);\r\n }\r\n get logLevel() {\r\n return this._logLevel;\r\n }\r\n set logLevel(val) {\r\n if (!(val in LogLevel)) {\r\n throw new TypeError(`Invalid value \"${val}\" assigned to \\`logLevel\\``);\r\n }\r\n this._logLevel = val;\r\n }\r\n // Workaround for setter/getter having to be the same type.\r\n setLogLevel(val) {\r\n this._logLevel = typeof val === 'string' ? levelStringToEnum[val] : val;\r\n }\r\n get logHandler() {\r\n return this._logHandler;\r\n }\r\n set logHandler(val) {\r\n if (typeof val !== 'function') {\r\n throw new TypeError('Value assigned to `logHandler` must be a function');\r\n }\r\n this._logHandler = val;\r\n }\r\n get userLogHandler() {\r\n return this._userLogHandler;\r\n }\r\n set userLogHandler(val) {\r\n this._userLogHandler = val;\r\n }\r\n /**\r\n * The functions below are all based on the `console` interface\r\n */\r\n debug(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.DEBUG, ...args);\r\n this._logHandler(this, LogLevel.DEBUG, ...args);\r\n }\r\n log(...args) {\r\n this._userLogHandler &&\r\n this._userLogHandler(this, LogLevel.VERBOSE, ...args);\r\n this._logHandler(this, LogLevel.VERBOSE, ...args);\r\n }\r\n info(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.INFO, ...args);\r\n this._logHandler(this, LogLevel.INFO, ...args);\r\n }\r\n warn(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.WARN, ...args);\r\n this._logHandler(this, LogLevel.WARN, ...args);\r\n }\r\n error(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.ERROR, ...args);\r\n this._logHandler(this, LogLevel.ERROR, ...args);\r\n }\r\n}\r\nfunction setLogLevel(level) {\r\n instances.forEach(inst => {\r\n inst.setLogLevel(level);\r\n });\r\n}\r\nfunction setUserLogHandler(logCallback, options) {\r\n for (const instance of instances) {\r\n let customLogLevel = null;\r\n if (options && options.level) {\r\n customLogLevel = levelStringToEnum[options.level];\r\n }\r\n if (logCallback === null) {\r\n instance.userLogHandler = null;\r\n }\r\n else {\r\n instance.userLogHandler = (instance, level, ...args) => {\r\n const message = args\r\n .map(arg => {\r\n if (arg == null) {\r\n return null;\r\n }\r\n else if (typeof arg === 'string') {\r\n return arg;\r\n }\r\n else if (typeof arg === 'number' || typeof arg === 'boolean') {\r\n return arg.toString();\r\n }\r\n else if (arg instanceof Error) {\r\n return arg.message;\r\n }\r\n else {\r\n try {\r\n return JSON.stringify(arg);\r\n }\r\n catch (ignored) {\r\n return null;\r\n }\r\n }\r\n })\r\n .filter(arg => arg)\r\n .join(' ');\r\n if (level >= (customLogLevel !== null && customLogLevel !== void 0 ? customLogLevel : instance.logLevel)) {\r\n logCallback({\r\n level: LogLevel[level].toLowerCase(),\r\n message,\r\n args,\r\n type: instance.name\r\n });\r\n }\r\n };\r\n }\r\n }\r\n}\n\nexport { LogLevel, Logger, setLogLevel, setUserLogHandler };\n//# sourceMappingURL=index.esm2017.js.map\n","const instanceOfAny = (object, constructors) => constructors.some((c) => object instanceof c);\n\nlet idbProxyableTypes;\nlet cursorAdvanceMethods;\n// This is a function to prevent it throwing up in node environments.\nfunction getIdbProxyableTypes() {\n return (idbProxyableTypes ||\n (idbProxyableTypes = [\n IDBDatabase,\n IDBObjectStore,\n IDBIndex,\n IDBCursor,\n IDBTransaction,\n ]));\n}\n// This is a function to prevent it throwing up in node environments.\nfunction getCursorAdvanceMethods() {\n return (cursorAdvanceMethods ||\n (cursorAdvanceMethods = [\n IDBCursor.prototype.advance,\n IDBCursor.prototype.continue,\n IDBCursor.prototype.continuePrimaryKey,\n ]));\n}\nconst cursorRequestMap = new WeakMap();\nconst transactionDoneMap = new WeakMap();\nconst transactionStoreNamesMap = new WeakMap();\nconst transformCache = new WeakMap();\nconst reverseTransformCache = new WeakMap();\nfunction promisifyRequest(request) {\n const promise = new Promise((resolve, reject) => {\n const unlisten = () => {\n request.removeEventListener('success', success);\n request.removeEventListener('error', error);\n };\n const success = () => {\n resolve(wrap(request.result));\n unlisten();\n };\n const error = () => {\n reject(request.error);\n unlisten();\n };\n request.addEventListener('success', success);\n request.addEventListener('error', error);\n });\n promise\n .then((value) => {\n // Since cursoring reuses the IDBRequest (*sigh*), we cache it for later retrieval\n // (see wrapFunction).\n if (value instanceof IDBCursor) {\n cursorRequestMap.set(value, request);\n }\n // Catching to avoid \"Uncaught Promise exceptions\"\n })\n .catch(() => { });\n // This mapping exists in reverseTransformCache but doesn't doesn't exist in transformCache. This\n // is because we create many promises from a single IDBRequest.\n reverseTransformCache.set(promise, request);\n return promise;\n}\nfunction cacheDonePromiseForTransaction(tx) {\n // Early bail if we've already created a done promise for this transaction.\n if (transactionDoneMap.has(tx))\n return;\n const done = new Promise((resolve, reject) => {\n const unlisten = () => {\n tx.removeEventListener('complete', complete);\n tx.removeEventListener('error', error);\n tx.removeEventListener('abort', error);\n };\n const complete = () => {\n resolve();\n unlisten();\n };\n const error = () => {\n reject(tx.error || new DOMException('AbortError', 'AbortError'));\n unlisten();\n };\n tx.addEventListener('complete', complete);\n tx.addEventListener('error', error);\n tx.addEventListener('abort', error);\n });\n // Cache it for later retrieval.\n transactionDoneMap.set(tx, done);\n}\nlet idbProxyTraps = {\n get(target, prop, receiver) {\n if (target instanceof IDBTransaction) {\n // Special handling for transaction.done.\n if (prop === 'done')\n return transactionDoneMap.get(target);\n // Polyfill for objectStoreNames because of Edge.\n if (prop === 'objectStoreNames') {\n return target.objectStoreNames || transactionStoreNamesMap.get(target);\n }\n // Make tx.store return the only store in the transaction, or undefined if there are many.\n if (prop === 'store') {\n return receiver.objectStoreNames[1]\n ? undefined\n : receiver.objectStore(receiver.objectStoreNames[0]);\n }\n }\n // Else transform whatever we get back.\n return wrap(target[prop]);\n },\n set(target, prop, value) {\n target[prop] = value;\n return true;\n },\n has(target, prop) {\n if (target instanceof IDBTransaction &&\n (prop === 'done' || prop === 'store')) {\n return true;\n }\n return prop in target;\n },\n};\nfunction replaceTraps(callback) {\n idbProxyTraps = callback(idbProxyTraps);\n}\nfunction wrapFunction(func) {\n // Due to expected object equality (which is enforced by the caching in `wrap`), we\n // only create one new func per func.\n // Edge doesn't support objectStoreNames (booo), so we polyfill it here.\n if (func === IDBDatabase.prototype.transaction &&\n !('objectStoreNames' in IDBTransaction.prototype)) {\n return function (storeNames, ...args) {\n const tx = func.call(unwrap(this), storeNames, ...args);\n transactionStoreNamesMap.set(tx, storeNames.sort ? storeNames.sort() : [storeNames]);\n return wrap(tx);\n };\n }\n // Cursor methods are special, as the behaviour is a little more different to standard IDB. In\n // IDB, you advance the cursor and wait for a new 'success' on the IDBRequest that gave you the\n // cursor. It's kinda like a promise that can resolve with many values. That doesn't make sense\n // with real promises, so each advance methods returns a new promise for the cursor object, or\n // undefined if the end of the cursor has been reached.\n if (getCursorAdvanceMethods().includes(func)) {\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n func.apply(unwrap(this), args);\n return wrap(cursorRequestMap.get(this));\n };\n }\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n return wrap(func.apply(unwrap(this), args));\n };\n}\nfunction transformCachableValue(value) {\n if (typeof value === 'function')\n return wrapFunction(value);\n // This doesn't return, it just creates a 'done' promise for the transaction,\n // which is later returned for transaction.done (see idbObjectHandler).\n if (value instanceof IDBTransaction)\n cacheDonePromiseForTransaction(value);\n if (instanceOfAny(value, getIdbProxyableTypes()))\n return new Proxy(value, idbProxyTraps);\n // Return the same value back if we're not going to transform it.\n return value;\n}\nfunction wrap(value) {\n // We sometimes generate multiple promises from a single IDBRequest (eg when cursoring), because\n // IDB is weird and a single IDBRequest can yield many responses, so these can't be cached.\n if (value instanceof IDBRequest)\n return promisifyRequest(value);\n // If we've already transformed this value before, reuse the transformed value.\n // This is faster, but it also provides object equality.\n if (transformCache.has(value))\n return transformCache.get(value);\n const newValue = transformCachableValue(value);\n // Not all types are transformed.\n // These may be primitive types, so they can't be WeakMap keys.\n if (newValue !== value) {\n transformCache.set(value, newValue);\n reverseTransformCache.set(newValue, value);\n }\n return newValue;\n}\nconst unwrap = (value) => reverseTransformCache.get(value);\n\nexport { reverseTransformCache as a, instanceOfAny as i, replaceTraps as r, unwrap as u, wrap as w };\n","import { w as wrap, r as replaceTraps } from './wrap-idb-value.js';\nexport { u as unwrap, w as wrap } from './wrap-idb-value.js';\n\n/**\n * Open a database.\n *\n * @param name Name of the database.\n * @param version Schema version.\n * @param callbacks Additional callbacks.\n */\nfunction openDB(name, version, { blocked, upgrade, blocking, terminated } = {}) {\n const request = indexedDB.open(name, version);\n const openPromise = wrap(request);\n if (upgrade) {\n request.addEventListener('upgradeneeded', (event) => {\n upgrade(wrap(request.result), event.oldVersion, event.newVersion, wrap(request.transaction), event);\n });\n }\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event.newVersion, event));\n }\n openPromise\n .then((db) => {\n if (terminated)\n db.addEventListener('close', () => terminated());\n if (blocking) {\n db.addEventListener('versionchange', (event) => blocking(event.oldVersion, event.newVersion, event));\n }\n })\n .catch(() => { });\n return openPromise;\n}\n/**\n * Delete a database.\n *\n * @param name Name of the database.\n */\nfunction deleteDB(name, { blocked } = {}) {\n const request = indexedDB.deleteDatabase(name);\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event));\n }\n return wrap(request).then(() => undefined);\n}\n\nconst readMethods = ['get', 'getKey', 'getAll', 'getAllKeys', 'count'];\nconst writeMethods = ['put', 'add', 'delete', 'clear'];\nconst cachedMethods = new Map();\nfunction getMethod(target, prop) {\n if (!(target instanceof IDBDatabase &&\n !(prop in target) &&\n typeof prop === 'string')) {\n return;\n }\n if (cachedMethods.get(prop))\n return cachedMethods.get(prop);\n const targetFuncName = prop.replace(/FromIndex$/, '');\n const useIndex = prop !== targetFuncName;\n const isWrite = writeMethods.includes(targetFuncName);\n if (\n // Bail if the target doesn't exist on the target. Eg, getAll isn't in Edge.\n !(targetFuncName in (useIndex ? IDBIndex : IDBObjectStore).prototype) ||\n !(isWrite || readMethods.includes(targetFuncName))) {\n return;\n }\n const method = async function (storeName, ...args) {\n // isWrite ? 'readwrite' : undefined gzipps better, but fails in Edge :(\n const tx = this.transaction(storeName, isWrite ? 'readwrite' : 'readonly');\n let target = tx.store;\n if (useIndex)\n target = target.index(args.shift());\n // Must reject if op rejects.\n // If it's a write operation, must reject if tx.done rejects.\n // Must reject with op rejection first.\n // Must resolve with op value.\n // Must handle both promises (no unhandled rejections)\n return (await Promise.all([\n target[targetFuncName](...args),\n isWrite && tx.done,\n ]))[0];\n };\n cachedMethods.set(prop, method);\n return method;\n}\nreplaceTraps((oldTraps) => ({\n ...oldTraps,\n get: (target, prop, receiver) => getMethod(target, prop) || oldTraps.get(target, prop, receiver),\n has: (target, prop) => !!getMethod(target, prop) || oldTraps.has(target, prop),\n}));\n\nexport { deleteDB, openDB };\n","import { Component, ComponentContainer } from '@firebase/component';\nimport { Logger, setUserLogHandler, setLogLevel as setLogLevel$1 } from '@firebase/logger';\nimport { ErrorFactory, getDefaultAppConfig, deepEqual, isBrowser, isWebWorker, FirebaseError, base64urlEncodeWithoutPadding, isIndexedDBAvailable, validateIndexedDBOpenable } from '@firebase/util';\nexport { FirebaseError } from '@firebase/util';\nimport { openDB } from 'idb';\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass PlatformLoggerServiceImpl {\r\n constructor(container) {\r\n this.container = container;\r\n }\r\n // In initial implementation, this will be called by installations on\r\n // auth token refresh, and installations will send this string.\r\n getPlatformInfoString() {\r\n const providers = this.container.getProviders();\r\n // Loop through providers and get library/version pairs from any that are\r\n // version components.\r\n return providers\r\n .map(provider => {\r\n if (isVersionServiceProvider(provider)) {\r\n const service = provider.getImmediate();\r\n return `${service.library}/${service.version}`;\r\n }\r\n else {\r\n return null;\r\n }\r\n })\r\n .filter(logString => logString)\r\n .join(' ');\r\n }\r\n}\r\n/**\r\n *\r\n * @param provider check if this provider provides a VersionService\r\n *\r\n * NOTE: Using Provider<'app-version'> is a hack to indicate that the provider\r\n * provides VersionService. The provider is not necessarily a 'app-version'\r\n * provider.\r\n */\r\nfunction isVersionServiceProvider(provider) {\r\n const component = provider.getComponent();\r\n return (component === null || component === void 0 ? void 0 : component.type) === \"VERSION\" /* ComponentType.VERSION */;\r\n}\n\nconst name$q = \"@firebase/app\";\nconst version$1 = \"0.10.12\";\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst logger = new Logger('@firebase/app');\n\nconst name$p = \"@firebase/app-compat\";\n\nconst name$o = \"@firebase/analytics-compat\";\n\nconst name$n = \"@firebase/analytics\";\n\nconst name$m = \"@firebase/app-check-compat\";\n\nconst name$l = \"@firebase/app-check\";\n\nconst name$k = \"@firebase/auth\";\n\nconst name$j = \"@firebase/auth-compat\";\n\nconst name$i = \"@firebase/database\";\n\nconst name$h = \"@firebase/data-connect\";\n\nconst name$g = \"@firebase/database-compat\";\n\nconst name$f = \"@firebase/functions\";\n\nconst name$e = \"@firebase/functions-compat\";\n\nconst name$d = \"@firebase/installations\";\n\nconst name$c = \"@firebase/installations-compat\";\n\nconst name$b = \"@firebase/messaging\";\n\nconst name$a = \"@firebase/messaging-compat\";\n\nconst name$9 = \"@firebase/performance\";\n\nconst name$8 = \"@firebase/performance-compat\";\n\nconst name$7 = \"@firebase/remote-config\";\n\nconst name$6 = \"@firebase/remote-config-compat\";\n\nconst name$5 = \"@firebase/storage\";\n\nconst name$4 = \"@firebase/storage-compat\";\n\nconst name$3 = \"@firebase/firestore\";\n\nconst name$2 = \"@firebase/vertexai-preview\";\n\nconst name$1 = \"@firebase/firestore-compat\";\n\nconst name = \"firebase\";\nconst version = \"10.14.0\";\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * The default app name\r\n *\r\n * @internal\r\n */\r\nconst DEFAULT_ENTRY_NAME = '[DEFAULT]';\r\nconst PLATFORM_LOG_STRING = {\r\n [name$q]: 'fire-core',\r\n [name$p]: 'fire-core-compat',\r\n [name$n]: 'fire-analytics',\r\n [name$o]: 'fire-analytics-compat',\r\n [name$l]: 'fire-app-check',\r\n [name$m]: 'fire-app-check-compat',\r\n [name$k]: 'fire-auth',\r\n [name$j]: 'fire-auth-compat',\r\n [name$i]: 'fire-rtdb',\r\n [name$h]: 'fire-data-connect',\r\n [name$g]: 'fire-rtdb-compat',\r\n [name$f]: 'fire-fn',\r\n [name$e]: 'fire-fn-compat',\r\n [name$d]: 'fire-iid',\r\n [name$c]: 'fire-iid-compat',\r\n [name$b]: 'fire-fcm',\r\n [name$a]: 'fire-fcm-compat',\r\n [name$9]: 'fire-perf',\r\n [name$8]: 'fire-perf-compat',\r\n [name$7]: 'fire-rc',\r\n [name$6]: 'fire-rc-compat',\r\n [name$5]: 'fire-gcs',\r\n [name$4]: 'fire-gcs-compat',\r\n [name$3]: 'fire-fst',\r\n [name$1]: 'fire-fst-compat',\r\n [name$2]: 'fire-vertex',\r\n 'fire-js': 'fire-js',\r\n [name]: 'fire-js-all'\r\n};\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * @internal\r\n */\r\nconst _apps = new Map();\r\n/**\r\n * @internal\r\n */\r\nconst _serverApps = new Map();\r\n/**\r\n * Registered components.\r\n *\r\n * @internal\r\n */\r\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\r\nconst _components = new Map();\r\n/**\r\n * @param component - the component being added to this app's container\r\n *\r\n * @internal\r\n */\r\nfunction _addComponent(app, component) {\r\n try {\r\n app.container.addComponent(component);\r\n }\r\n catch (e) {\r\n logger.debug(`Component ${component.name} failed to register with FirebaseApp ${app.name}`, e);\r\n }\r\n}\r\n/**\r\n *\r\n * @internal\r\n */\r\nfunction _addOrOverwriteComponent(app, component) {\r\n app.container.addOrOverwriteComponent(component);\r\n}\r\n/**\r\n *\r\n * @param component - the component to register\r\n * @returns whether or not the component is registered successfully\r\n *\r\n * @internal\r\n */\r\nfunction _registerComponent(component) {\r\n const componentName = component.name;\r\n if (_components.has(componentName)) {\r\n logger.debug(`There were multiple attempts to register component ${componentName}.`);\r\n return false;\r\n }\r\n _components.set(componentName, component);\r\n // add the component to existing app instances\r\n for (const app of _apps.values()) {\r\n _addComponent(app, component);\r\n }\r\n for (const serverApp of _serverApps.values()) {\r\n _addComponent(serverApp, component);\r\n }\r\n return true;\r\n}\r\n/**\r\n *\r\n * @param app - FirebaseApp instance\r\n * @param name - service name\r\n *\r\n * @returns the provider for the service with the matching name\r\n *\r\n * @internal\r\n */\r\nfunction _getProvider(app, name) {\r\n const heartbeatController = app.container\r\n .getProvider('heartbeat')\r\n .getImmediate({ optional: true });\r\n if (heartbeatController) {\r\n void heartbeatController.triggerHeartbeat();\r\n }\r\n return app.container.getProvider(name);\r\n}\r\n/**\r\n *\r\n * @param app - FirebaseApp instance\r\n * @param name - service name\r\n * @param instanceIdentifier - service instance identifier in case the service supports multiple instances\r\n *\r\n * @internal\r\n */\r\nfunction _removeServiceInstance(app, name, instanceIdentifier = DEFAULT_ENTRY_NAME) {\r\n _getProvider(app, name).clearInstance(instanceIdentifier);\r\n}\r\n/**\r\n *\r\n * @param obj - an object of type FirebaseApp or FirebaseOptions.\r\n *\r\n * @returns true if the provide object is of type FirebaseApp.\r\n *\r\n * @internal\r\n */\r\nfunction _isFirebaseApp(obj) {\r\n return obj.options !== undefined;\r\n}\r\n/**\r\n *\r\n * @param obj - an object of type FirebaseApp.\r\n *\r\n * @returns true if the provided object is of type FirebaseServerAppImpl.\r\n *\r\n * @internal\r\n */\r\nfunction _isFirebaseServerApp(obj) {\r\n return obj.settings !== undefined;\r\n}\r\n/**\r\n * Test only\r\n *\r\n * @internal\r\n */\r\nfunction _clearComponents() {\r\n _components.clear();\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst ERRORS = {\r\n [\"no-app\" /* AppError.NO_APP */]: \"No Firebase App '{$appName}' has been created - \" +\r\n 'call initializeApp() first',\r\n [\"bad-app-name\" /* AppError.BAD_APP_NAME */]: \"Illegal App name: '{$appName}'\",\r\n [\"duplicate-app\" /* AppError.DUPLICATE_APP */]: \"Firebase App named '{$appName}' already exists with different options or config\",\r\n [\"app-deleted\" /* AppError.APP_DELETED */]: \"Firebase App named '{$appName}' already deleted\",\r\n [\"server-app-deleted\" /* AppError.SERVER_APP_DELETED */]: 'Firebase Server App has been deleted',\r\n [\"no-options\" /* AppError.NO_OPTIONS */]: 'Need to provide options, when not being deployed to hosting via source.',\r\n [\"invalid-app-argument\" /* AppError.INVALID_APP_ARGUMENT */]: 'firebase.{$appName}() takes either no argument or a ' +\r\n 'Firebase App instance.',\r\n [\"invalid-log-argument\" /* AppError.INVALID_LOG_ARGUMENT */]: 'First argument to `onLog` must be null or a function.',\r\n [\"idb-open\" /* AppError.IDB_OPEN */]: 'Error thrown when opening IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"idb-get\" /* AppError.IDB_GET */]: 'Error thrown when reading from IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"idb-set\" /* AppError.IDB_WRITE */]: 'Error thrown when writing to IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"idb-delete\" /* AppError.IDB_DELETE */]: 'Error thrown when deleting from IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"finalization-registry-not-supported\" /* AppError.FINALIZATION_REGISTRY_NOT_SUPPORTED */]: 'FirebaseServerApp deleteOnDeref field defined but the JS runtime does not support FinalizationRegistry.',\r\n [\"invalid-server-app-environment\" /* AppError.INVALID_SERVER_APP_ENVIRONMENT */]: 'FirebaseServerApp is not for use in browser environments.'\r\n};\r\nconst ERROR_FACTORY = new ErrorFactory('app', 'Firebase', ERRORS);\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass FirebaseAppImpl {\r\n constructor(options, config, container) {\r\n this._isDeleted = false;\r\n this._options = Object.assign({}, options);\r\n this._config = Object.assign({}, config);\r\n this._name = config.name;\r\n this._automaticDataCollectionEnabled =\r\n config.automaticDataCollectionEnabled;\r\n this._container = container;\r\n this.container.addComponent(new Component('app', () => this, \"PUBLIC\" /* ComponentType.PUBLIC */));\r\n }\r\n get automaticDataCollectionEnabled() {\r\n this.checkDestroyed();\r\n return this._automaticDataCollectionEnabled;\r\n }\r\n set automaticDataCollectionEnabled(val) {\r\n this.checkDestroyed();\r\n this._automaticDataCollectionEnabled = val;\r\n }\r\n get name() {\r\n this.checkDestroyed();\r\n return this._name;\r\n }\r\n get options() {\r\n this.checkDestroyed();\r\n return this._options;\r\n }\r\n get config() {\r\n this.checkDestroyed();\r\n return this._config;\r\n }\r\n get container() {\r\n return this._container;\r\n }\r\n get isDeleted() {\r\n return this._isDeleted;\r\n }\r\n set isDeleted(val) {\r\n this._isDeleted = val;\r\n }\r\n /**\r\n * This function will throw an Error if the App has already been deleted -\r\n * use before performing API actions on the App.\r\n */\r\n checkDestroyed() {\r\n if (this.isDeleted) {\r\n throw ERROR_FACTORY.create(\"app-deleted\" /* AppError.APP_DELETED */, { appName: this._name });\r\n }\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2023 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass FirebaseServerAppImpl extends FirebaseAppImpl {\r\n constructor(options, serverConfig, name, container) {\r\n // Build configuration parameters for the FirebaseAppImpl base class.\r\n const automaticDataCollectionEnabled = serverConfig.automaticDataCollectionEnabled !== undefined\r\n ? serverConfig.automaticDataCollectionEnabled\r\n : false;\r\n // Create the FirebaseAppSettings object for the FirebaseAppImp constructor.\r\n const config = {\r\n name,\r\n automaticDataCollectionEnabled\r\n };\r\n if (options.apiKey !== undefined) {\r\n // Construct the parent FirebaseAppImp object.\r\n super(options, config, container);\r\n }\r\n else {\r\n const appImpl = options;\r\n super(appImpl.options, config, container);\r\n }\r\n // Now construct the data for the FirebaseServerAppImpl.\r\n this._serverConfig = Object.assign({ automaticDataCollectionEnabled }, serverConfig);\r\n this._finalizationRegistry = null;\r\n if (typeof FinalizationRegistry !== 'undefined') {\r\n this._finalizationRegistry = new FinalizationRegistry(() => {\r\n this.automaticCleanup();\r\n });\r\n }\r\n this._refCount = 0;\r\n this.incRefCount(this._serverConfig.releaseOnDeref);\r\n // Do not retain a hard reference to the dref object, otherwise the FinalizationRegistry\r\n // will never trigger.\r\n this._serverConfig.releaseOnDeref = undefined;\r\n serverConfig.releaseOnDeref = undefined;\r\n registerVersion(name$q, version$1, 'serverapp');\r\n }\r\n toJSON() {\r\n return undefined;\r\n }\r\n get refCount() {\r\n return this._refCount;\r\n }\r\n // Increment the reference count of this server app. If an object is provided, register it\r\n // with the finalization registry.\r\n incRefCount(obj) {\r\n if (this.isDeleted) {\r\n return;\r\n }\r\n this._refCount++;\r\n if (obj !== undefined && this._finalizationRegistry !== null) {\r\n this._finalizationRegistry.register(obj, this);\r\n }\r\n }\r\n // Decrement the reference count.\r\n decRefCount() {\r\n if (this.isDeleted) {\r\n return 0;\r\n }\r\n return --this._refCount;\r\n }\r\n // Invoked by the FinalizationRegistry callback to note that this app should go through its\r\n // reference counts and delete itself if no reference count remain. The coordinating logic that\r\n // handles this is in deleteApp(...).\r\n automaticCleanup() {\r\n void deleteApp(this);\r\n }\r\n get settings() {\r\n this.checkDestroyed();\r\n return this._serverConfig;\r\n }\r\n /**\r\n * This function will throw an Error if the App has already been deleted -\r\n * use before performing API actions on the App.\r\n */\r\n checkDestroyed() {\r\n if (this.isDeleted) {\r\n throw ERROR_FACTORY.create(\"server-app-deleted\" /* AppError.SERVER_APP_DELETED */);\r\n }\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * The current SDK version.\r\n *\r\n * @public\r\n */\r\nconst SDK_VERSION = version;\r\nfunction initializeApp(_options, rawConfig = {}) {\r\n let options = _options;\r\n if (typeof rawConfig !== 'object') {\r\n const name = rawConfig;\r\n rawConfig = { name };\r\n }\r\n const config = Object.assign({ name: DEFAULT_ENTRY_NAME, automaticDataCollectionEnabled: false }, rawConfig);\r\n const name = config.name;\r\n if (typeof name !== 'string' || !name) {\r\n throw ERROR_FACTORY.create(\"bad-app-name\" /* AppError.BAD_APP_NAME */, {\r\n appName: String(name)\r\n });\r\n }\r\n options || (options = getDefaultAppConfig());\r\n if (!options) {\r\n throw ERROR_FACTORY.create(\"no-options\" /* AppError.NO_OPTIONS */);\r\n }\r\n const existingApp = _apps.get(name);\r\n if (existingApp) {\r\n // return the existing app if options and config deep equal the ones in the existing app.\r\n if (deepEqual(options, existingApp.options) &&\r\n deepEqual(config, existingApp.config)) {\r\n return existingApp;\r\n }\r\n else {\r\n throw ERROR_FACTORY.create(\"duplicate-app\" /* AppError.DUPLICATE_APP */, { appName: name });\r\n }\r\n }\r\n const container = new ComponentContainer(name);\r\n for (const component of _components.values()) {\r\n container.addComponent(component);\r\n }\r\n const newApp = new FirebaseAppImpl(options, config, container);\r\n _apps.set(name, newApp);\r\n return newApp;\r\n}\r\nfunction initializeServerApp(_options, _serverAppConfig) {\r\n if (isBrowser() && !isWebWorker()) {\r\n // FirebaseServerApp isn't designed to be run in browsers.\r\n throw ERROR_FACTORY.create(\"invalid-server-app-environment\" /* AppError.INVALID_SERVER_APP_ENVIRONMENT */);\r\n }\r\n if (_serverAppConfig.automaticDataCollectionEnabled === undefined) {\r\n _serverAppConfig.automaticDataCollectionEnabled = false;\r\n }\r\n let appOptions;\r\n if (_isFirebaseApp(_options)) {\r\n appOptions = _options.options;\r\n }\r\n else {\r\n appOptions = _options;\r\n }\r\n // Build an app name based on a hash of the configuration options.\r\n const nameObj = Object.assign(Object.assign({}, _serverAppConfig), appOptions);\r\n // However, Do not mangle the name based on releaseOnDeref, since it will vary between the\r\n // construction of FirebaseServerApp instances. For example, if the object is the request headers.\r\n if (nameObj.releaseOnDeref !== undefined) {\r\n delete nameObj.releaseOnDeref;\r\n }\r\n const hashCode = (s) => {\r\n return [...s].reduce((hash, c) => (Math.imul(31, hash) + c.charCodeAt(0)) | 0, 0);\r\n };\r\n if (_serverAppConfig.releaseOnDeref !== undefined) {\r\n if (typeof FinalizationRegistry === 'undefined') {\r\n throw ERROR_FACTORY.create(\"finalization-registry-not-supported\" /* AppError.FINALIZATION_REGISTRY_NOT_SUPPORTED */, {});\r\n }\r\n }\r\n const nameString = '' + hashCode(JSON.stringify(nameObj));\r\n const existingApp = _serverApps.get(nameString);\r\n if (existingApp) {\r\n existingApp.incRefCount(_serverAppConfig.releaseOnDeref);\r\n return existingApp;\r\n }\r\n const container = new ComponentContainer(nameString);\r\n for (const component of _components.values()) {\r\n container.addComponent(component);\r\n }\r\n const newApp = new FirebaseServerAppImpl(appOptions, _serverAppConfig, nameString, container);\r\n _serverApps.set(nameString, newApp);\r\n return newApp;\r\n}\r\n/**\r\n * Retrieves a {@link @firebase/app#FirebaseApp} instance.\r\n *\r\n * When called with no arguments, the default app is returned. When an app name\r\n * is provided, the app corresponding to that name is returned.\r\n *\r\n * An exception is thrown if the app being retrieved has not yet been\r\n * initialized.\r\n *\r\n * @example\r\n * ```javascript\r\n * // Return the default app\r\n * const app = getApp();\r\n * ```\r\n *\r\n * @example\r\n * ```javascript\r\n * // Return a named app\r\n * const otherApp = getApp(\"otherApp\");\r\n * ```\r\n *\r\n * @param name - Optional name of the app to return. If no name is\r\n * provided, the default is `\"[DEFAULT]\"`.\r\n *\r\n * @returns The app corresponding to the provided app name.\r\n * If no app name is provided, the default app is returned.\r\n *\r\n * @public\r\n */\r\nfunction getApp(name = DEFAULT_ENTRY_NAME) {\r\n const app = _apps.get(name);\r\n if (!app && name === DEFAULT_ENTRY_NAME && getDefaultAppConfig()) {\r\n return initializeApp();\r\n }\r\n if (!app) {\r\n throw ERROR_FACTORY.create(\"no-app\" /* AppError.NO_APP */, { appName: name });\r\n }\r\n return app;\r\n}\r\n/**\r\n * A (read-only) array of all initialized apps.\r\n * @public\r\n */\r\nfunction getApps() {\r\n return Array.from(_apps.values());\r\n}\r\n/**\r\n * Renders this app unusable and frees the resources of all associated\r\n * services.\r\n *\r\n * @example\r\n * ```javascript\r\n * deleteApp(app)\r\n * .then(function() {\r\n * console.log(\"App deleted successfully\");\r\n * })\r\n * .catch(function(error) {\r\n * console.log(\"Error deleting app:\", error);\r\n * });\r\n * ```\r\n *\r\n * @public\r\n */\r\nasync function deleteApp(app) {\r\n let cleanupProviders = false;\r\n const name = app.name;\r\n if (_apps.has(name)) {\r\n cleanupProviders = true;\r\n _apps.delete(name);\r\n }\r\n else if (_serverApps.has(name)) {\r\n const firebaseServerApp = app;\r\n if (firebaseServerApp.decRefCount() <= 0) {\r\n _serverApps.delete(name);\r\n cleanupProviders = true;\r\n }\r\n }\r\n if (cleanupProviders) {\r\n await Promise.all(app.container\r\n .getProviders()\r\n .map(provider => provider.delete()));\r\n app.isDeleted = true;\r\n }\r\n}\r\n/**\r\n * Registers a library's name and version for platform logging purposes.\r\n * @param library - Name of 1p or 3p library (e.g. firestore, angularfire)\r\n * @param version - Current version of that library.\r\n * @param variant - Bundle variant, e.g., node, rn, etc.\r\n *\r\n * @public\r\n */\r\nfunction registerVersion(libraryKeyOrName, version, variant) {\r\n var _a;\r\n // TODO: We can use this check to whitelist strings when/if we set up\r\n // a good whitelist system.\r\n let library = (_a = PLATFORM_LOG_STRING[libraryKeyOrName]) !== null && _a !== void 0 ? _a : libraryKeyOrName;\r\n if (variant) {\r\n library += `-${variant}`;\r\n }\r\n const libraryMismatch = library.match(/\\s|\\//);\r\n const versionMismatch = version.match(/\\s|\\//);\r\n if (libraryMismatch || versionMismatch) {\r\n const warning = [\r\n `Unable to register library \"${library}\" with version \"${version}\":`\r\n ];\r\n if (libraryMismatch) {\r\n warning.push(`library name \"${library}\" contains illegal characters (whitespace or \"/\")`);\r\n }\r\n if (libraryMismatch && versionMismatch) {\r\n warning.push('and');\r\n }\r\n if (versionMismatch) {\r\n warning.push(`version name \"${version}\" contains illegal characters (whitespace or \"/\")`);\r\n }\r\n logger.warn(warning.join(' '));\r\n return;\r\n }\r\n _registerComponent(new Component(`${library}-version`, () => ({ library, version }), \"VERSION\" /* ComponentType.VERSION */));\r\n}\r\n/**\r\n * Sets log handler for all Firebase SDKs.\r\n * @param logCallback - An optional custom log handler that executes user code whenever\r\n * the Firebase SDK makes a logging call.\r\n *\r\n * @public\r\n */\r\nfunction onLog(logCallback, options) {\r\n if (logCallback !== null && typeof logCallback !== 'function') {\r\n throw ERROR_FACTORY.create(\"invalid-log-argument\" /* AppError.INVALID_LOG_ARGUMENT */);\r\n }\r\n setUserLogHandler(logCallback, options);\r\n}\r\n/**\r\n * Sets log level for all Firebase SDKs.\r\n *\r\n * All of the log types above the current log level are captured (i.e. if\r\n * you set the log level to `info`, errors are logged, but `debug` and\r\n * `verbose` logs are not).\r\n *\r\n * @public\r\n */\r\nfunction setLogLevel(logLevel) {\r\n setLogLevel$1(logLevel);\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst DB_NAME = 'firebase-heartbeat-database';\r\nconst DB_VERSION = 1;\r\nconst STORE_NAME = 'firebase-heartbeat-store';\r\nlet dbPromise = null;\r\nfunction getDbPromise() {\r\n if (!dbPromise) {\r\n dbPromise = openDB(DB_NAME, DB_VERSION, {\r\n upgrade: (db, oldVersion) => {\r\n // We don't use 'break' in this switch statement, the fall-through\r\n // behavior is what we want, because if there are multiple versions between\r\n // the old version and the current version, we want ALL the migrations\r\n // that correspond to those versions to run, not only the last one.\r\n // eslint-disable-next-line default-case\r\n switch (oldVersion) {\r\n case 0:\r\n try {\r\n db.createObjectStore(STORE_NAME);\r\n }\r\n catch (e) {\r\n // Safari/iOS browsers throw occasional exceptions on\r\n // db.createObjectStore() that may be a bug. Avoid blocking\r\n // the rest of the app functionality.\r\n console.warn(e);\r\n }\r\n }\r\n }\r\n }).catch(e => {\r\n throw ERROR_FACTORY.create(\"idb-open\" /* AppError.IDB_OPEN */, {\r\n originalErrorMessage: e.message\r\n });\r\n });\r\n }\r\n return dbPromise;\r\n}\r\nasync function readHeartbeatsFromIndexedDB(app) {\r\n try {\r\n const db = await getDbPromise();\r\n const tx = db.transaction(STORE_NAME);\r\n const result = await tx.objectStore(STORE_NAME).get(computeKey(app));\r\n // We already have the value but tx.done can throw,\r\n // so we need to await it here to catch errors\r\n await tx.done;\r\n return result;\r\n }\r\n catch (e) {\r\n if (e instanceof FirebaseError) {\r\n logger.warn(e.message);\r\n }\r\n else {\r\n const idbGetError = ERROR_FACTORY.create(\"idb-get\" /* AppError.IDB_GET */, {\r\n originalErrorMessage: e === null || e === void 0 ? void 0 : e.message\r\n });\r\n logger.warn(idbGetError.message);\r\n }\r\n }\r\n}\r\nasync function writeHeartbeatsToIndexedDB(app, heartbeatObject) {\r\n try {\r\n const db = await getDbPromise();\r\n const tx = db.transaction(STORE_NAME, 'readwrite');\r\n const objectStore = tx.objectStore(STORE_NAME);\r\n await objectStore.put(heartbeatObject, computeKey(app));\r\n await tx.done;\r\n }\r\n catch (e) {\r\n if (e instanceof FirebaseError) {\r\n logger.warn(e.message);\r\n }\r\n else {\r\n const idbGetError = ERROR_FACTORY.create(\"idb-set\" /* AppError.IDB_WRITE */, {\r\n originalErrorMessage: e === null || e === void 0 ? void 0 : e.message\r\n });\r\n logger.warn(idbGetError.message);\r\n }\r\n }\r\n}\r\nfunction computeKey(app) {\r\n return `${app.name}!${app.options.appId}`;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst MAX_HEADER_BYTES = 1024;\r\n// 30 days\r\nconst STORED_HEARTBEAT_RETENTION_MAX_MILLIS = 30 * 24 * 60 * 60 * 1000;\r\nclass HeartbeatServiceImpl {\r\n constructor(container) {\r\n this.container = container;\r\n /**\r\n * In-memory cache for heartbeats, used by getHeartbeatsHeader() to generate\r\n * the header string.\r\n * Stores one record per date. This will be consolidated into the standard\r\n * format of one record per user agent string before being sent as a header.\r\n * Populated from indexedDB when the controller is instantiated and should\r\n * be kept in sync with indexedDB.\r\n * Leave public for easier testing.\r\n */\r\n this._heartbeatsCache = null;\r\n const app = this.container.getProvider('app').getImmediate();\r\n this._storage = new HeartbeatStorageImpl(app);\r\n this._heartbeatsCachePromise = this._storage.read().then(result => {\r\n this._heartbeatsCache = result;\r\n return result;\r\n });\r\n }\r\n /**\r\n * Called to report a heartbeat. The function will generate\r\n * a HeartbeatsByUserAgent object, update heartbeatsCache, and persist it\r\n * to IndexedDB.\r\n * Note that we only store one heartbeat per day. So if a heartbeat for today is\r\n * already logged, subsequent calls to this function in the same day will be ignored.\r\n */\r\n async triggerHeartbeat() {\r\n var _a, _b;\r\n try {\r\n const platformLogger = this.container\r\n .getProvider('platform-logger')\r\n .getImmediate();\r\n // This is the \"Firebase user agent\" string from the platform logger\r\n // service, not the browser user agent.\r\n const agent = platformLogger.getPlatformInfoString();\r\n const date = getUTCDateString();\r\n if (((_a = this._heartbeatsCache) === null || _a === void 0 ? void 0 : _a.heartbeats) == null) {\r\n this._heartbeatsCache = await this._heartbeatsCachePromise;\r\n // If we failed to construct a heartbeats cache, then return immediately.\r\n if (((_b = this._heartbeatsCache) === null || _b === void 0 ? void 0 : _b.heartbeats) == null) {\r\n return;\r\n }\r\n }\r\n // Do not store a heartbeat if one is already stored for this day\r\n // or if a header has already been sent today.\r\n if (this._heartbeatsCache.lastSentHeartbeatDate === date ||\r\n this._heartbeatsCache.heartbeats.some(singleDateHeartbeat => singleDateHeartbeat.date === date)) {\r\n return;\r\n }\r\n else {\r\n // There is no entry for this date. Create one.\r\n this._heartbeatsCache.heartbeats.push({ date, agent });\r\n }\r\n // Remove entries older than 30 days.\r\n this._heartbeatsCache.heartbeats =\r\n this._heartbeatsCache.heartbeats.filter(singleDateHeartbeat => {\r\n const hbTimestamp = new Date(singleDateHeartbeat.date).valueOf();\r\n const now = Date.now();\r\n return now - hbTimestamp <= STORED_HEARTBEAT_RETENTION_MAX_MILLIS;\r\n });\r\n return this._storage.overwrite(this._heartbeatsCache);\r\n }\r\n catch (e) {\r\n logger.warn(e);\r\n }\r\n }\r\n /**\r\n * Returns a base64 encoded string which can be attached to the heartbeat-specific header directly.\r\n * It also clears all heartbeats from memory as well as in IndexedDB.\r\n *\r\n * NOTE: Consuming product SDKs should not send the header if this method\r\n * returns an empty string.\r\n */\r\n async getHeartbeatsHeader() {\r\n var _a;\r\n try {\r\n if (this._heartbeatsCache === null) {\r\n await this._heartbeatsCachePromise;\r\n }\r\n // If it's still null or the array is empty, there is no data to send.\r\n if (((_a = this._heartbeatsCache) === null || _a === void 0 ? void 0 : _a.heartbeats) == null ||\r\n this._heartbeatsCache.heartbeats.length === 0) {\r\n return '';\r\n }\r\n const date = getUTCDateString();\r\n // Extract as many heartbeats from the cache as will fit under the size limit.\r\n const { heartbeatsToSend, unsentEntries } = extractHeartbeatsForHeader(this._heartbeatsCache.heartbeats);\r\n const headerString = base64urlEncodeWithoutPadding(JSON.stringify({ version: 2, heartbeats: heartbeatsToSend }));\r\n // Store last sent date to prevent another being logged/sent for the same day.\r\n this._heartbeatsCache.lastSentHeartbeatDate = date;\r\n if (unsentEntries.length > 0) {\r\n // Store any unsent entries if they exist.\r\n this._heartbeatsCache.heartbeats = unsentEntries;\r\n // This seems more likely than emptying the array (below) to lead to some odd state\r\n // since the cache isn't empty and this will be called again on the next request,\r\n // and is probably safest if we await it.\r\n await this._storage.overwrite(this._heartbeatsCache);\r\n }\r\n else {\r\n this._heartbeatsCache.heartbeats = [];\r\n // Do not wait for this, to reduce latency.\r\n void this._storage.overwrite(this._heartbeatsCache);\r\n }\r\n return headerString;\r\n }\r\n catch (e) {\r\n logger.warn(e);\r\n return '';\r\n }\r\n }\r\n}\r\nfunction getUTCDateString() {\r\n const today = new Date();\r\n // Returns date format 'YYYY-MM-DD'\r\n return today.toISOString().substring(0, 10);\r\n}\r\nfunction extractHeartbeatsForHeader(heartbeatsCache, maxSize = MAX_HEADER_BYTES) {\r\n // Heartbeats grouped by user agent in the standard format to be sent in\r\n // the header.\r\n const heartbeatsToSend = [];\r\n // Single date format heartbeats that are not sent.\r\n let unsentEntries = heartbeatsCache.slice();\r\n for (const singleDateHeartbeat of heartbeatsCache) {\r\n // Look for an existing entry with the same user agent.\r\n const heartbeatEntry = heartbeatsToSend.find(hb => hb.agent === singleDateHeartbeat.agent);\r\n if (!heartbeatEntry) {\r\n // If no entry for this user agent exists, create one.\r\n heartbeatsToSend.push({\r\n agent: singleDateHeartbeat.agent,\r\n dates: [singleDateHeartbeat.date]\r\n });\r\n if (countBytes(heartbeatsToSend) > maxSize) {\r\n // If the header would exceed max size, remove the added heartbeat\r\n // entry and stop adding to the header.\r\n heartbeatsToSend.pop();\r\n break;\r\n }\r\n }\r\n else {\r\n heartbeatEntry.dates.push(singleDateHeartbeat.date);\r\n // If the header would exceed max size, remove the added date\r\n // and stop adding to the header.\r\n if (countBytes(heartbeatsToSend) > maxSize) {\r\n heartbeatEntry.dates.pop();\r\n break;\r\n }\r\n }\r\n // Pop unsent entry from queue. (Skipped if adding the entry exceeded\r\n // quota and the loop breaks early.)\r\n unsentEntries = unsentEntries.slice(1);\r\n }\r\n return {\r\n heartbeatsToSend,\r\n unsentEntries\r\n };\r\n}\r\nclass HeartbeatStorageImpl {\r\n constructor(app) {\r\n this.app = app;\r\n this._canUseIndexedDBPromise = this.runIndexedDBEnvironmentCheck();\r\n }\r\n async runIndexedDBEnvironmentCheck() {\r\n if (!isIndexedDBAvailable()) {\r\n return false;\r\n }\r\n else {\r\n return validateIndexedDBOpenable()\r\n .then(() => true)\r\n .catch(() => false);\r\n }\r\n }\r\n /**\r\n * Read all heartbeats.\r\n */\r\n async read() {\r\n const canUseIndexedDB = await this._canUseIndexedDBPromise;\r\n if (!canUseIndexedDB) {\r\n return { heartbeats: [] };\r\n }\r\n else {\r\n const idbHeartbeatObject = await readHeartbeatsFromIndexedDB(this.app);\r\n if (idbHeartbeatObject === null || idbHeartbeatObject === void 0 ? void 0 : idbHeartbeatObject.heartbeats) {\r\n return idbHeartbeatObject;\r\n }\r\n else {\r\n return { heartbeats: [] };\r\n }\r\n }\r\n }\r\n // overwrite the storage with the provided heartbeats\r\n async overwrite(heartbeatsObject) {\r\n var _a;\r\n const canUseIndexedDB = await this._canUseIndexedDBPromise;\r\n if (!canUseIndexedDB) {\r\n return;\r\n }\r\n else {\r\n const existingHeartbeatsObject = await this.read();\r\n return writeHeartbeatsToIndexedDB(this.app, {\r\n lastSentHeartbeatDate: (_a = heartbeatsObject.lastSentHeartbeatDate) !== null && _a !== void 0 ? _a : existingHeartbeatsObject.lastSentHeartbeatDate,\r\n heartbeats: heartbeatsObject.heartbeats\r\n });\r\n }\r\n }\r\n // add heartbeats\r\n async add(heartbeatsObject) {\r\n var _a;\r\n const canUseIndexedDB = await this._canUseIndexedDBPromise;\r\n if (!canUseIndexedDB) {\r\n return;\r\n }\r\n else {\r\n const existingHeartbeatsObject = await this.read();\r\n return writeHeartbeatsToIndexedDB(this.app, {\r\n lastSentHeartbeatDate: (_a = heartbeatsObject.lastSentHeartbeatDate) !== null && _a !== void 0 ? _a : existingHeartbeatsObject.lastSentHeartbeatDate,\r\n heartbeats: [\r\n ...existingHeartbeatsObject.heartbeats,\r\n ...heartbeatsObject.heartbeats\r\n ]\r\n });\r\n }\r\n }\r\n}\r\n/**\r\n * Calculate bytes of a HeartbeatsByUserAgent array after being wrapped\r\n * in a platform logging header JSON object, stringified, and converted\r\n * to base 64.\r\n */\r\nfunction countBytes(heartbeatsCache) {\r\n // base64 has a restricted set of characters, all of which should be 1 byte.\r\n return base64urlEncodeWithoutPadding(\r\n // heartbeatsCache wrapper properties\r\n JSON.stringify({ version: 2, heartbeats: heartbeatsCache })).length;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nfunction registerCoreComponents(variant) {\r\n _registerComponent(new Component('platform-logger', container => new PlatformLoggerServiceImpl(container), \"PRIVATE\" /* ComponentType.PRIVATE */));\r\n _registerComponent(new Component('heartbeat', container => new HeartbeatServiceImpl(container), \"PRIVATE\" /* ComponentType.PRIVATE */));\r\n // Register `app` package.\r\n registerVersion(name$q, version$1, variant);\r\n // BUILD_TARGET will be replaced by values like esm5, esm2017, cjs5, etc during the compilation\r\n registerVersion(name$q, version$1, 'esm2017');\r\n // Register platform SDK identifier (no version).\r\n registerVersion('fire-js', '');\r\n}\n\n/**\r\n * Firebase App\r\n *\r\n * @remarks This package coordinates the communication between the different Firebase components\r\n * @packageDocumentation\r\n */\r\nregisterCoreComponents('');\n\nexport { SDK_VERSION, DEFAULT_ENTRY_NAME as _DEFAULT_ENTRY_NAME, _addComponent, _addOrOverwriteComponent, _apps, _clearComponents, _components, _getProvider, _isFirebaseApp, _isFirebaseServerApp, _registerComponent, _removeServiceInstance, _serverApps, deleteApp, getApp, getApps, initializeApp, initializeServerApp, onLog, registerVersion, setLogLevel };\n//# sourceMappingURL=index.esm2017.js.map\n","import { registerVersion } from '@firebase/app';\nexport * from '@firebase/app';\n\nvar name = \"firebase\";\nvar version = \"10.14.0\";\n\n/**\r\n * @license\r\n * Copyright 2020 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nregisterVersion(name, version, 'app');\n//# sourceMappingURL=index.esm.js.map\n"],"names":["stringToByteArray$1","str","out","p","i","c","byteArrayToString","bytes","pos","c1","c2","c3","c4","u","base64","input","webSafe","byteToCharMap","output","byte1","haveByte2","byte2","haveByte3","byte3","outByte1","outByte2","outByte3","outByte4","charToByteMap","byte4","DecodeBase64StringError","base64Encode","utf8Bytes","base64urlEncodeWithoutPadding","base64Decode","getGlobal","getDefaultsFromGlobal","getDefaultsFromEnvVariable","define_process_env_default","defaultsJsonString","getDefaultsFromCookie","match","decoded","getDefaults","e","getDefaultAppConfig","_a","Deferred","resolve","reject","callback","error","value","isIndexedDBAvailable","validateIndexedDBOpenable","preExist","DB_CHECK_NAME","request","ERROR_NAME","FirebaseError","code","message","customData","ErrorFactory","service","serviceName","errors","data","fullCode","template","replaceTemplate","fullMessage","PATTERN","_","key","deepEqual","a","b","aKeys","bKeys","k","aProp","bProp","isObject","thing","Component","name","instanceFactory","type","mode","multipleInstances","props","DEFAULT_ENTRY_NAME","Provider","container","identifier","normalizedIdentifier","deferred","instance","options","optional","component","isComponentEager","instanceIdentifier","instanceDeferred","services","opts","normalizedDeferredIdentifier","existingCallbacks","existingInstance","callbacks","normalizeIdentifierForFactory","ComponentContainer","provider","LogLevel","levelStringToEnum","defaultLogLevel","ConsoleMethod","defaultLogHandler","logType","args","now","method","Logger","val","instanceOfAny","object","constructors","idbProxyableTypes","cursorAdvanceMethods","getIdbProxyableTypes","getCursorAdvanceMethods","cursorRequestMap","transactionDoneMap","transactionStoreNamesMap","transformCache","reverseTransformCache","promisifyRequest","promise","unlisten","success","wrap","cacheDonePromiseForTransaction","tx","done","complete","idbProxyTraps","target","prop","receiver","replaceTraps","wrapFunction","func","storeNames","unwrap","transformCachableValue","newValue","openDB","version","blocked","upgrade","blocking","terminated","openPromise","event","db","readMethods","writeMethods","cachedMethods","getMethod","targetFuncName","useIndex","isWrite","storeName","oldTraps","PlatformLoggerServiceImpl","isVersionServiceProvider","logString","name$q","version$1","logger","name$p","name$o","name$n","name$m","name$l","name$k","name$j","name$i","name$h","name$g","name$f","name$e","name$d","name$c","name$b","name$a","name$9","name$8","name$7","name$6","name$5","name$4","name$3","name$2","name$1","PLATFORM_LOG_STRING","_apps","_serverApps","_components","_addComponent","app","_registerComponent","componentName","serverApp","ERRORS","ERROR_FACTORY","FirebaseAppImpl","config","initializeApp","_options","rawConfig","existingApp","newApp","registerVersion","libraryKeyOrName","variant","library","libraryMismatch","versionMismatch","warning","DB_NAME","DB_VERSION","STORE_NAME","dbPromise","getDbPromise","oldVersion","readHeartbeatsFromIndexedDB","result","computeKey","idbGetError","writeHeartbeatsToIndexedDB","heartbeatObject","MAX_HEADER_BYTES","STORED_HEARTBEAT_RETENTION_MAX_MILLIS","HeartbeatServiceImpl","HeartbeatStorageImpl","_b","agent","date","getUTCDateString","singleDateHeartbeat","hbTimestamp","heartbeatsToSend","unsentEntries","extractHeartbeatsForHeader","headerString","heartbeatsCache","maxSize","heartbeatEntry","hb","countBytes","idbHeartbeatObject","heartbeatsObject","existingHeartbeatsObject","registerCoreComponents"],"mappings":"SAoEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMA,EAAsB,SAAUC,EAAK,CAEvC,MAAMC,EAAM,CAAA,EACZ,IAAIC,EAAI,EACR,QAASC,EAAI,EAAGA,EAAIH,EAAI,OAAQG,IAAK,CAC7B,IAAAC,EAAIJ,EAAI,WAAWG,CAAC,EACpBC,EAAI,IACJH,EAAIC,GAAG,EAAIE,EAENA,EAAI,MACLH,EAAAC,GAAG,EAAKE,GAAK,EAAK,IAClBH,EAAAC,GAAG,EAAKE,EAAI,GAAM,MAEhBA,EAAI,SAAY,OACtBD,EAAI,EAAIH,EAAI,SACXA,EAAI,WAAWG,EAAI,CAAC,EAAI,SAAY,OAEjCC,EAAA,QAAYA,EAAI,OAAW,KAAOJ,EAAI,WAAW,EAAEG,CAAC,EAAI,MACxDF,EAAAC,GAAG,EAAKE,GAAK,GAAM,IACvBH,EAAIC,GAAG,EAAME,GAAK,GAAM,GAAM,IAC9BH,EAAIC,GAAG,EAAME,GAAK,EAAK,GAAM,IACzBH,EAAAC,GAAG,EAAKE,EAAI,GAAM,MAGlBH,EAAAC,GAAG,EAAKE,GAAK,GAAM,IACvBH,EAAIC,GAAG,EAAME,GAAK,EAAK,GAAM,IACzBH,EAAAC,GAAG,EAAKE,EAAI,GAAM,IAE9B,CACO,OAAAH,CACX,EAOMI,GAAoB,SAAUC,EAAO,CAEvC,MAAML,EAAM,CAAA,EACR,IAAAM,EAAM,EAAGH,EAAI,EACV,KAAAG,EAAMD,EAAM,QAAQ,CACjB,MAAAE,EAAKF,EAAMC,GAAK,EACtB,GAAIC,EAAK,IACLP,EAAIG,GAAG,EAAI,OAAO,aAAaI,CAAE,UAE5BA,EAAK,KAAOA,EAAK,IAAK,CACrB,MAAAC,EAAKH,EAAMC,GAAK,EAClBN,EAAAG,GAAG,EAAI,OAAO,cAAeI,EAAK,KAAO,EAAMC,EAAK,EAAG,CAEtD,SAAAD,EAAK,KAAOA,EAAK,IAAK,CAErB,MAAAC,EAAKH,EAAMC,GAAK,EAChBG,EAAKJ,EAAMC,GAAK,EAChBI,EAAKL,EAAMC,GAAK,EAChBK,IAAOJ,EAAK,IAAM,IAAQC,EAAK,KAAO,IAAQC,EAAK,KAAO,EAAMC,EAAK,IACvE,MACJV,EAAIG,GAAG,EAAI,OAAO,aAAa,OAAUQ,GAAK,GAAG,EACjDX,EAAIG,GAAG,EAAI,OAAO,aAAa,OAAUQ,EAAI,KAAK,CAAA,KAEjD,CACK,MAAAH,EAAKH,EAAMC,GAAK,EAChBG,EAAKJ,EAAMC,GAAK,EAClBN,EAAAG,GAAG,EAAI,OAAO,cAAeI,EAAK,KAAO,IAAQC,EAAK,KAAO,EAAMC,EAAK,EAAG,CACnF,CACJ,CACO,OAAAT,EAAI,KAAK,EAAE,CACtB,EAIMY,EAAS,CAIX,eAAgB,KAIhB,eAAgB,KAKhB,sBAAuB,KAKvB,sBAAuB,KAKvB,kBAAmB,iEAInB,IAAI,cAAe,CACf,OAAO,KAAK,kBAAoB,KACpC,EAIA,IAAI,sBAAuB,CACvB,OAAO,KAAK,kBAAoB,KACpC,EAQA,mBAAoB,OAAO,MAAS,WAUpC,gBAAgBC,EAAOC,EAAS,CAC5B,GAAI,CAAC,MAAM,QAAQD,CAAK,EACpB,MAAM,MAAM,+CAA+C,EAE/D,KAAK,MAAM,EACX,MAAME,EAAgBD,EAChB,KAAK,sBACL,KAAK,eACLE,EAAS,CAAA,EACf,QAASd,EAAI,EAAGA,EAAIW,EAAM,OAAQX,GAAK,EAAG,CAChC,MAAAe,EAAQJ,EAAMX,CAAC,EACfgB,EAAYhB,EAAI,EAAIW,EAAM,OAC1BM,EAAQD,EAAYL,EAAMX,EAAI,CAAC,EAAI,EACnCkB,EAAYlB,EAAI,EAAIW,EAAM,OAC1BQ,EAAQD,EAAYP,EAAMX,EAAI,CAAC,EAAI,EACnCoB,EAAWL,GAAS,EACpBM,GAAaN,EAAQ,IAAS,EAAME,GAAS,EACnD,IAAIK,GAAaL,EAAQ,KAAS,EAAME,GAAS,EAC7CI,EAAWJ,EAAQ,GAClBD,IACUK,EAAA,GACNP,IACUM,EAAA,KAGnBR,EAAO,KAAKD,EAAcO,CAAQ,EAAGP,EAAcQ,CAAQ,EAAGR,EAAcS,CAAQ,EAAGT,EAAcU,CAAQ,CAAC,CAClH,CACO,OAAAT,EAAO,KAAK,EAAE,CACzB,EASA,aAAaH,EAAOC,EAAS,CAGrB,OAAA,KAAK,oBAAsB,CAACA,EACrB,KAAKD,CAAK,EAEd,KAAK,gBAAgBf,EAAoBe,CAAK,EAAGC,CAAO,CACnE,EASA,aAAaD,EAAOC,EAAS,CAGrB,OAAA,KAAK,oBAAsB,CAACA,EACrB,KAAKD,CAAK,EAEdT,GAAkB,KAAK,wBAAwBS,EAAOC,CAAO,CAAC,CACzE,EAgBA,wBAAwBD,EAAOC,EAAS,CACpC,KAAK,MAAM,EACX,MAAMY,EAAgBZ,EAChB,KAAK,sBACL,KAAK,eACLE,EAAS,CAAA,EACf,QAASd,EAAI,EAAGA,EAAIW,EAAM,QAAS,CAC/B,MAAMI,EAAQS,EAAcb,EAAM,OAAOX,GAAG,CAAC,EAEvCiB,EADYjB,EAAIW,EAAM,OACFa,EAAcb,EAAM,OAAOX,CAAC,CAAC,EAAI,EACzD,EAAAA,EAEF,MAAMmB,EADYnB,EAAIW,EAAM,OACFa,EAAcb,EAAM,OAAOX,CAAC,CAAC,EAAI,GACzD,EAAAA,EAEF,MAAMyB,EADYzB,EAAIW,EAAM,OACFa,EAAcb,EAAM,OAAOX,CAAC,CAAC,EAAI,GAE3D,GADE,EAAAA,EACEe,GAAS,MAAQE,GAAS,MAAQE,GAAS,MAAQM,GAAS,KAC5D,MAAM,IAAIC,GAER,MAAAN,EAAYL,GAAS,EAAME,GAAS,EAE1C,GADAH,EAAO,KAAKM,CAAQ,EAChBD,IAAU,GAAI,CACd,MAAME,EAAaJ,GAAS,EAAK,IAASE,GAAS,EAEnD,GADAL,EAAO,KAAKO,CAAQ,EAChBI,IAAU,GAAI,CACR,MAAAH,EAAaH,GAAS,EAAK,IAAQM,EACzCX,EAAO,KAAKQ,CAAQ,CACxB,CACJ,CACJ,CACO,OAAAR,CACX,EAMA,OAAQ,CACA,GAAA,CAAC,KAAK,eAAgB,CACtB,KAAK,eAAiB,GACtB,KAAK,eAAiB,GACtB,KAAK,sBAAwB,GAC7B,KAAK,sBAAwB,GAE7B,QAASd,EAAI,EAAGA,EAAI,KAAK,aAAa,OAAQA,IAC1C,KAAK,eAAeA,CAAC,EAAI,KAAK,aAAa,OAAOA,CAAC,EACnD,KAAK,eAAe,KAAK,eAAeA,CAAC,CAAC,EAAIA,EAC9C,KAAK,sBAAsBA,CAAC,EAAI,KAAK,qBAAqB,OAAOA,CAAC,EAClE,KAAK,sBAAsB,KAAK,sBAAsBA,CAAC,CAAC,EAAIA,EAExDA,GAAK,KAAK,kBAAkB,SAC5B,KAAK,eAAe,KAAK,qBAAqB,OAAOA,CAAC,CAAC,EAAIA,EAC3D,KAAK,sBAAsB,KAAK,aAAa,OAAOA,CAAC,CAAC,EAAIA,EAGtE,CACJ,CACJ,EAIA,MAAM0B,WAAgC,KAAM,CACxC,aAAc,CACV,MAAM,GAAG,SAAS,EAClB,KAAK,KAAO,yBAChB,CACJ,CAIA,MAAMC,GAAe,SAAU9B,EAAK,CAC1B,MAAA+B,EAAYhC,EAAoBC,CAAG,EAClC,OAAAa,EAAO,gBAAgBkB,EAAW,EAAI,CACjD,EAKMC,EAAgC,SAAUhC,EAAK,CAEjD,OAAO8B,GAAa9B,CAAG,EAAE,QAAQ,MAAO,EAAE,CAC9C,EAUMiC,GAAe,SAAUjC,EAAK,CAC5B,GAAA,CACO,OAAAa,EAAO,aAAab,EAAK,EAAI,QAEjC,EAAG,CACE,QAAA,MAAM,wBAAyB,CAAC,CAC5C,CACO,OAAA,IACX,EA0EA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAqBA,SAASkC,IAAY,CACb,GAAA,OAAO,KAAS,IACT,OAAA,KAEP,GAAA,OAAO,OAAW,IACX,OAAA,OAEP,GAAA,OAAO,OAAW,IACX,OAAA,OAEL,MAAA,IAAI,MAAM,iCAAiC,CACrD,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMC,GAAwB,IAAMD,GAAY,EAAA,sBAS1CE,GAA6B,IAAM,CACrC,GAAI,OAAO,QAAY,KAAe,OAAOC,EAAgB,IACzD,OAEJ,MAAMC,EAAqBD,EAAY,sBACvC,GAAIC,EACO,OAAA,KAAK,MAAMA,CAAkB,CAE5C,EACMC,GAAwB,IAAM,CAC5B,GAAA,OAAO,SAAa,IACpB,OAEA,IAAAC,EACA,GAAA,CACQA,EAAA,SAAS,OAAO,MAAM,+BAA+B,OAEvD,CAGN,MACJ,CACA,MAAMC,EAAUD,GAASP,GAAaO,EAAM,CAAC,CAAC,EACvC,OAAAC,GAAW,KAAK,MAAMA,CAAO,CACxC,EAQMC,GAAc,IAAM,CAClB,GAAA,CACA,OAAQP,GAAsB,GAC1BC,GAA2B,GAC3BG,GAAsB,QAEvBI,EAAG,CAOE,QAAA,KAAK,+CAA+CA,CAAC,EAAE,EAC/D,MACJ,CACJ,EAqCMC,GAAsB,IAAM,CAAM,IAAAC,EAAI,OAAQA,EAAKH,GAAY,KAAO,MAAQG,IAAO,OAAS,OAASA,EAAG,MAAQ,EAQxH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMC,EAAS,CACX,aAAc,CACV,KAAK,OAAS,IAAM,CAAA,EACpB,KAAK,QAAU,IAAM,CAAA,EACrB,KAAK,QAAU,IAAI,QAAQ,CAACC,EAASC,IAAW,CAC5C,KAAK,QAAUD,EACf,KAAK,OAASC,CAAA,CACjB,CACL,CAMA,aAAaC,EAAU,CACZ,MAAA,CAACC,EAAOC,IAAU,CACjBD,EACA,KAAK,OAAOA,CAAK,EAGjB,KAAK,QAAQC,CAAK,EAElB,OAAOF,GAAa,aAGf,KAAA,QAAQ,MAAM,IAAM,CAAA,CAAG,EAGxBA,EAAS,SAAW,EACpBA,EAASC,CAAK,EAGdD,EAASC,EAAOC,CAAK,EAE7B,CAER,CACJ,CAyLA,SAASC,IAAuB,CACxB,GAAA,CACA,OAAO,OAAO,WAAc,cAEtB,CACC,MAAA,EACX,CACJ,CAQA,SAASC,IAA4B,CACjC,OAAO,IAAI,QAAQ,CAACN,EAASC,IAAW,CAChC,GAAA,CACA,IAAIM,EAAW,GACf,MAAMC,EAAgB,0DAChBC,EAAU,KAAK,UAAU,KAAKD,CAAa,EACjDC,EAAQ,UAAY,IAAM,CACtBA,EAAQ,OAAO,QAEVF,GACI,KAAA,UAAU,eAAeC,CAAa,EAE/CR,EAAQ,EAAI,CAAA,EAEhBS,EAAQ,gBAAkB,IAAM,CACjBF,EAAA,EAAA,EAEfE,EAAQ,QAAU,IAAM,CAChB,IAAAX,EACKG,IAAAH,EAAKW,EAAQ,SAAW,MAAQX,IAAO,OAAS,OAASA,EAAG,UAAY,EAAE,CAAA,QAGpFK,EAAO,CACVF,EAAOE,CAAK,CAChB,CAAA,CACH,CACL,CAaA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAwDA,MAAMO,GAAa,gBAGnB,MAAMC,UAAsB,KAAM,CAC9B,YAEAC,EAAMC,EAENC,EAAY,CACR,MAAMD,CAAO,EACb,KAAK,KAAOD,EACZ,KAAK,WAAaE,EAElB,KAAK,KAAOJ,GAGL,OAAA,eAAe,KAAMC,EAAc,SAAS,EAG/C,MAAM,mBACN,MAAM,kBAAkB,KAAMI,EAAa,UAAU,MAAM,CAEnE,CACJ,CACA,MAAMA,CAAa,CACf,YAAYC,EAASC,EAAaC,EAAQ,CACtC,KAAK,QAAUF,EACf,KAAK,YAAcC,EACnB,KAAK,OAASC,CAClB,CACA,OAAON,KAASO,EAAM,CAClB,MAAML,EAAaK,EAAK,CAAC,GAAK,CAAA,EACxBC,EAAW,GAAG,KAAK,OAAO,IAAIR,CAAI,GAClCS,EAAW,KAAK,OAAOT,CAAI,EAC3BC,EAAUQ,EAAWC,GAAgBD,EAAUP,CAAU,EAAI,QAE7DS,EAAc,GAAG,KAAK,WAAW,KAAKV,CAAO,KAAKO,CAAQ,KAEzD,OADO,IAAIT,EAAcS,EAAUG,EAAaT,CAAU,CAErE,CACJ,CACA,SAASQ,GAAgBD,EAAUF,EAAM,CACrC,OAAOE,EAAS,QAAQG,GAAS,CAACC,EAAGC,IAAQ,CACnC,MAAAtB,EAAQe,EAAKO,CAAG,EACtB,OAAOtB,GAAS,KAAO,OAAOA,CAAK,EAAI,IAAIsB,CAAG,IAAA,CACjD,CACL,CACA,MAAMF,GAAU,gBAkMhB,SAASG,EAAUC,EAAGC,EAAG,CACrB,GAAID,IAAMC,EACC,MAAA,GAEL,MAAAC,EAAQ,OAAO,KAAKF,CAAC,EACrBG,EAAQ,OAAO,KAAKF,CAAC,EAC3B,UAAWG,KAAKF,EAAO,CACnB,GAAI,CAACC,EAAM,SAASC,CAAC,EACV,MAAA,GAEL,MAAAC,EAAQL,EAAEI,CAAC,EACXE,EAAQL,EAAEG,CAAC,EACjB,GAAIG,EAASF,CAAK,GAAKE,EAASD,CAAK,GACjC,GAAI,CAACP,EAAUM,EAAOC,CAAK,EAChB,MAAA,WAGND,IAAUC,EACR,MAAA,EAEf,CACA,UAAWF,KAAKD,EACZ,GAAI,CAACD,EAAM,SAASE,CAAC,EACV,MAAA,GAGR,MAAA,EACX,CACA,SAASG,EAASC,EAAO,CACd,OAAAA,IAAU,MAAQ,OAAOA,GAAU,QAC9C,CCxsCA,MAAMC,CAAU,CAOZ,YAAYC,EAAMC,EAAiBC,EAAM,CACrC,KAAK,KAAOF,EACZ,KAAK,gBAAkBC,EACvB,KAAK,KAAOC,EACZ,KAAK,kBAAoB,GAIzB,KAAK,aAAe,GACpB,KAAK,kBAAoB,OACzB,KAAK,kBAAoB,IAC5B,CACD,qBAAqBC,EAAM,CACvB,YAAK,kBAAoBA,EAClB,IACV,CACD,qBAAqBC,EAAmB,CACpC,YAAK,kBAAoBA,EAClB,IACV,CACD,gBAAgBC,EAAO,CACnB,YAAK,aAAeA,EACb,IACV,CACD,2BAA2BzC,EAAU,CACjC,YAAK,kBAAoBA,EAClB,IACV,CACL,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAM0C,EAAqB,YAE3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAoBA,MAAMC,EAAS,CACX,YAAYP,EAAMQ,EAAW,CACzB,KAAK,KAAOR,EACZ,KAAK,UAAYQ,EACjB,KAAK,UAAY,KACjB,KAAK,UAAY,IAAI,IACrB,KAAK,kBAAoB,IAAI,IAC7B,KAAK,iBAAmB,IAAI,IAC5B,KAAK,gBAAkB,IAAI,GAC9B,CAKD,IAAIC,EAAY,CAEZ,MAAMC,EAAuB,KAAK,4BAA4BD,CAAU,EACxE,GAAI,CAAC,KAAK,kBAAkB,IAAIC,CAAoB,EAAG,CACnD,MAAMC,EAAW,IAAIlD,GAErB,GADA,KAAK,kBAAkB,IAAIiD,EAAsBC,CAAQ,EACrD,KAAK,cAAcD,CAAoB,GACvC,KAAK,qBAAoB,EAEzB,GAAI,CACA,MAAME,EAAW,KAAK,uBAAuB,CACzC,mBAAoBF,CAC5C,CAAqB,EACGE,GACAD,EAAS,QAAQC,CAAQ,CAEhC,MACS,CAGT,CAER,CACD,OAAO,KAAK,kBAAkB,IAAIF,CAAoB,EAAE,OAC3D,CACD,aAAaG,EAAS,CAClB,IAAIrD,EAEJ,MAAMkD,EAAuB,KAAK,4BAA8EG,GAAQ,UAAU,EAC5HC,GAAYtD,EAAuDqD,GAAQ,YAAc,MAAQrD,IAAO,OAASA,EAAK,GAC5H,GAAI,KAAK,cAAckD,CAAoB,GACvC,KAAK,qBAAoB,EACzB,GAAI,CACA,OAAO,KAAK,uBAAuB,CAC/B,mBAAoBA,CACxC,CAAiB,CACJ,OACMpD,EAAG,CACN,GAAIwD,EACA,OAAO,KAGP,MAAMxD,CAEb,KAEA,CAED,GAAIwD,EACA,OAAO,KAGP,MAAM,MAAM,WAAW,KAAK,IAAI,mBAAmB,CAE1D,CACJ,CACD,cAAe,CACX,OAAO,KAAK,SACf,CACD,aAAaC,EAAW,CACpB,GAAIA,EAAU,OAAS,KAAK,KACxB,MAAM,MAAM,yBAAyBA,EAAU,IAAI,iBAAiB,KAAK,IAAI,GAAG,EAEpF,GAAI,KAAK,UACL,MAAM,MAAM,iBAAiB,KAAK,IAAI,4BAA4B,EAItE,GAFA,KAAK,UAAYA,EAEb,EAAC,KAAK,uBAIV,IAAIC,GAAiBD,CAAS,EAC1B,GAAI,CACA,KAAK,uBAAuB,CAAE,mBAAoBT,CAAoB,CAAA,CACzE,MACS,CAKT,CAKL,SAAW,CAACW,EAAoBC,CAAgB,IAAK,KAAK,kBAAkB,UAAW,CACnF,MAAMR,EAAuB,KAAK,4BAA4BO,CAAkB,EAChF,GAAI,CAEA,MAAML,EAAW,KAAK,uBAAuB,CACzC,mBAAoBF,CACxC,CAAiB,EACDQ,EAAiB,QAAQN,CAAQ,CACpC,MACS,CAGT,CACJ,EACJ,CACD,cAAcH,EAAaH,EAAoB,CAC3C,KAAK,kBAAkB,OAAOG,CAAU,EACxC,KAAK,iBAAiB,OAAOA,CAAU,EACvC,KAAK,UAAU,OAAOA,CAAU,CACnC,CAGD,MAAM,QAAS,CACX,MAAMU,EAAW,MAAM,KAAK,KAAK,UAAU,OAAM,CAAE,EACnD,MAAM,QAAQ,IAAI,CACd,GAAGA,EACE,OAAOzC,GAAW,aAAcA,CAAO,EAEvC,IAAIA,GAAWA,EAAQ,SAAS,OAAM,CAAE,EAC7C,GAAGyC,EACE,OAAOzC,GAAW,YAAaA,CAAO,EAEtC,IAAIA,GAAWA,EAAQ,SAAS,CACjD,CAAS,CACJ,CACD,gBAAiB,CACb,OAAO,KAAK,WAAa,IAC5B,CACD,cAAc+B,EAAaH,EAAoB,CAC3C,OAAO,KAAK,UAAU,IAAIG,CAAU,CACvC,CACD,WAAWA,EAAaH,EAAoB,CACxC,OAAO,KAAK,iBAAiB,IAAIG,CAAU,GAAK,CAAA,CACnD,CACD,WAAWW,EAAO,GAAI,CAClB,KAAM,CAAE,QAAAP,EAAU,EAAI,EAAGO,EACnBV,EAAuB,KAAK,4BAA4BU,EAAK,kBAAkB,EACrF,GAAI,KAAK,cAAcV,CAAoB,EACvC,MAAM,MAAM,GAAG,KAAK,IAAI,IAAIA,CAAoB,gCAAgC,EAEpF,GAAI,CAAC,KAAK,iBACN,MAAM,MAAM,aAAa,KAAK,IAAI,8BAA8B,EAEpE,MAAME,EAAW,KAAK,uBAAuB,CACzC,mBAAoBF,EACpB,QAAAG,CACZ,CAAS,EAED,SAAW,CAACI,EAAoBC,CAAgB,IAAK,KAAK,kBAAkB,UAAW,CACnF,MAAMG,EAA+B,KAAK,4BAA4BJ,CAAkB,EACpFP,IAAyBW,GACzBH,EAAiB,QAAQN,CAAQ,CAExC,CACD,OAAOA,CACV,CASD,OAAOhD,EAAU6C,EAAY,CACzB,IAAIjD,EACJ,MAAMkD,EAAuB,KAAK,4BAA4BD,CAAU,EAClEa,GAAqB9D,EAAK,KAAK,gBAAgB,IAAIkD,CAAoB,KAAO,MAAQlD,IAAO,OAASA,EAAK,IAAI,IACrH8D,EAAkB,IAAI1D,CAAQ,EAC9B,KAAK,gBAAgB,IAAI8C,EAAsBY,CAAiB,EAChE,MAAMC,EAAmB,KAAK,UAAU,IAAIb,CAAoB,EAChE,OAAIa,GACA3D,EAAS2D,EAAkBb,CAAoB,EAE5C,IAAM,CACTY,EAAkB,OAAO1D,CAAQ,CAC7C,CACK,CAKD,sBAAsBgD,EAAUH,EAAY,CACxC,MAAMe,EAAY,KAAK,gBAAgB,IAAIf,CAAU,EACrD,GAAKe,EAGL,UAAW5D,KAAY4D,EACnB,GAAI,CACA5D,EAASgD,EAAUH,CAAU,CAChC,MACU,CAEV,CAER,CACD,uBAAuB,CAAE,mBAAAQ,EAAoB,QAAAJ,EAAU,CAAE,CAAA,EAAI,CACzD,IAAID,EAAW,KAAK,UAAU,IAAIK,CAAkB,EACpD,GAAI,CAACL,GAAY,KAAK,YAClBA,EAAW,KAAK,UAAU,gBAAgB,KAAK,UAAW,CACtD,mBAAoBa,GAA8BR,CAAkB,EACpE,QAAAJ,CAChB,CAAa,EACD,KAAK,UAAU,IAAII,EAAoBL,CAAQ,EAC/C,KAAK,iBAAiB,IAAIK,EAAoBJ,CAAO,EAMrD,KAAK,sBAAsBD,EAAUK,CAAkB,EAMnD,KAAK,UAAU,mBACf,GAAI,CACA,KAAK,UAAU,kBAAkB,KAAK,UAAWA,EAAoBL,CAAQ,CAChF,MACU,CAEV,CAGT,OAAOA,GAAY,IACtB,CACD,4BAA4BH,EAAaH,EAAoB,CACzD,OAAI,KAAK,UACE,KAAK,UAAU,kBAAoBG,EAAaH,EAGhDG,CAEd,CACD,sBAAuB,CACnB,MAAQ,CAAC,CAAC,KAAK,WACX,KAAK,UAAU,oBAAsB,UAC5C,CACL,CAEA,SAASgB,GAA8BhB,EAAY,CAC/C,OAAOA,IAAeH,EAAqB,OAAYG,CAC3D,CACA,SAASO,GAAiBD,EAAW,CACjC,OAAOA,EAAU,oBAAsB,OAC3C,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAmBA,MAAMW,EAAmB,CACrB,YAAY1B,EAAM,CACd,KAAK,KAAOA,EACZ,KAAK,UAAY,IAAI,GACxB,CAUD,aAAae,EAAW,CACpB,MAAMY,EAAW,KAAK,YAAYZ,EAAU,IAAI,EAChD,GAAIY,EAAS,iBACT,MAAM,IAAI,MAAM,aAAaZ,EAAU,IAAI,qCAAqC,KAAK,IAAI,EAAE,EAE/FY,EAAS,aAAaZ,CAAS,CAClC,CACD,wBAAwBA,EAAW,CACd,KAAK,YAAYA,EAAU,IAAI,EACnC,kBAET,KAAK,UAAU,OAAOA,EAAU,IAAI,EAExC,KAAK,aAAaA,CAAS,CAC9B,CAQD,YAAYf,EAAM,CACd,GAAI,KAAK,UAAU,IAAIA,CAAI,EACvB,OAAO,KAAK,UAAU,IAAIA,CAAI,EAGlC,MAAM2B,EAAW,IAAIpB,GAASP,EAAM,IAAI,EACxC,YAAK,UAAU,IAAIA,EAAM2B,CAAQ,EAC1BA,CACV,CACD,cAAe,CACX,OAAO,MAAM,KAAK,KAAK,UAAU,OAAQ,CAAA,CAC5C,CACL,CCrZA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GA+BA,IAAIC,GACH,SAAUA,EAAU,CACjBA,EAASA,EAAS,MAAW,CAAC,EAAI,QAClCA,EAASA,EAAS,QAAa,CAAC,EAAI,UACpCA,EAASA,EAAS,KAAU,CAAC,EAAI,OACjCA,EAASA,EAAS,KAAU,CAAC,EAAI,OACjCA,EAASA,EAAS,MAAW,CAAC,EAAI,QAClCA,EAASA,EAAS,OAAY,CAAC,EAAI,QACvC,GAAGA,IAAaA,EAAW,CAAE,EAAC,EAC9B,MAAMC,GAAoB,CACtB,MAASD,EAAS,MAClB,QAAWA,EAAS,QACpB,KAAQA,EAAS,KACjB,KAAQA,EAAS,KACjB,MAASA,EAAS,MAClB,OAAUA,EAAS,MACvB,EAIME,GAAkBF,EAAS,KAO3BG,GAAgB,CAClB,CAACH,EAAS,KAAK,EAAG,MAClB,CAACA,EAAS,OAAO,EAAG,MACpB,CAACA,EAAS,IAAI,EAAG,OACjB,CAACA,EAAS,IAAI,EAAG,OACjB,CAACA,EAAS,KAAK,EAAG,OACtB,EAMMI,GAAoB,CAACpB,EAAUqB,KAAYC,IAAS,CACtD,GAAID,EAAUrB,EAAS,SACnB,OAEJ,MAAMuB,EAAM,IAAI,KAAM,EAAC,YAAW,EAC5BC,EAASL,GAAcE,CAAO,EACpC,GAAIG,EACA,QAAQA,CAAM,EAAE,IAAID,CAAG,MAAMvB,EAAS,IAAI,IAAK,GAAGsB,CAAI,MAGtD,OAAM,IAAI,MAAM,8DAA8DD,CAAO,GAAG,CAEhG,EACA,MAAMI,EAAO,CAOT,YAAYrC,EAAM,CACd,KAAK,KAAOA,EAIZ,KAAK,UAAY8B,GAKjB,KAAK,YAAcE,GAInB,KAAK,gBAAkB,IAK1B,CACD,IAAI,UAAW,CACX,OAAO,KAAK,SACf,CACD,IAAI,SAASM,EAAK,CACd,GAAI,EAAEA,KAAOV,GACT,MAAM,IAAI,UAAU,kBAAkBU,CAAG,4BAA4B,EAEzE,KAAK,UAAYA,CACpB,CAED,YAAYA,EAAK,CACb,KAAK,UAAY,OAAOA,GAAQ,SAAWT,GAAkBS,CAAG,EAAIA,CACvE,CACD,IAAI,YAAa,CACb,OAAO,KAAK,WACf,CACD,IAAI,WAAWA,EAAK,CAChB,GAAI,OAAOA,GAAQ,WACf,MAAM,IAAI,UAAU,mDAAmD,EAE3E,KAAK,YAAcA,CACtB,CACD,IAAI,gBAAiB,CACjB,OAAO,KAAK,eACf,CACD,IAAI,eAAeA,EAAK,CACpB,KAAK,gBAAkBA,CAC1B,CAID,SAASJ,EAAM,CACX,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,MAAO,GAAGM,CAAI,EAC1E,KAAK,YAAY,KAAMN,EAAS,MAAO,GAAGM,CAAI,CACjD,CACD,OAAOA,EAAM,CACT,KAAK,iBACD,KAAK,gBAAgB,KAAMN,EAAS,QAAS,GAAGM,CAAI,EACxD,KAAK,YAAY,KAAMN,EAAS,QAAS,GAAGM,CAAI,CACnD,CACD,QAAQA,EAAM,CACV,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,KAAM,GAAGM,CAAI,EACzE,KAAK,YAAY,KAAMN,EAAS,KAAM,GAAGM,CAAI,CAChD,CACD,QAAQA,EAAM,CACV,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,KAAM,GAAGM,CAAI,EACzE,KAAK,YAAY,KAAMN,EAAS,KAAM,GAAGM,CAAI,CAChD,CACD,SAASA,EAAM,CACX,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,MAAO,GAAGM,CAAI,EAC1E,KAAK,YAAY,KAAMN,EAAS,MAAO,GAAGM,CAAI,CACjD,CACL,CClKA,MAAMK,GAAgB,CAACC,EAAQC,IAAiBA,EAAa,KAAM1H,GAAMyH,aAAkBzH,CAAC,EAE5F,IAAI2H,EACAC,EAEJ,SAASC,IAAuB,CAC5B,OAAQF,IACHA,EAAoB,CACjB,YACA,eACA,SACA,UACA,cACZ,EACA,CAEA,SAASG,IAA0B,CAC/B,OAAQF,IACHA,EAAuB,CACpB,UAAU,UAAU,QACpB,UAAU,UAAU,SACpB,UAAU,UAAU,kBAChC,EACA,CACA,MAAMG,EAAmB,IAAI,QACvBC,EAAqB,IAAI,QACzBC,EAA2B,IAAI,QAC/BC,EAAiB,IAAI,QACrBC,EAAwB,IAAI,QAClC,SAASC,GAAiBhF,EAAS,CAC/B,MAAMiF,EAAU,IAAI,QAAQ,CAAC1F,EAASC,IAAW,CAC7C,MAAM0F,EAAW,IAAM,CACnBlF,EAAQ,oBAAoB,UAAWmF,CAAO,EAC9CnF,EAAQ,oBAAoB,QAASN,CAAK,CACtD,EACcyF,EAAU,IAAM,CAClB5F,EAAQ6F,EAAKpF,EAAQ,MAAM,CAAC,EAC5BkF,GACZ,EACcxF,EAAQ,IAAM,CAChBF,EAAOQ,EAAQ,KAAK,EACpBkF,GACZ,EACQlF,EAAQ,iBAAiB,UAAWmF,CAAO,EAC3CnF,EAAQ,iBAAiB,QAASN,CAAK,CAC/C,CAAK,EACD,OAAAuF,EACK,KAAMtF,GAAU,CAGbA,aAAiB,WACjBgF,EAAiB,IAAIhF,EAAOK,CAAO,CAG/C,CAAK,EACI,MAAM,IAAM,CAAA,CAAG,EAGpB+E,EAAsB,IAAIE,EAASjF,CAAO,EACnCiF,CACX,CACA,SAASI,GAA+BC,EAAI,CAExC,GAAIV,EAAmB,IAAIU,CAAE,EACzB,OACJ,MAAMC,EAAO,IAAI,QAAQ,CAAChG,EAASC,IAAW,CAC1C,MAAM0F,EAAW,IAAM,CACnBI,EAAG,oBAAoB,WAAYE,CAAQ,EAC3CF,EAAG,oBAAoB,QAAS5F,CAAK,EACrC4F,EAAG,oBAAoB,QAAS5F,CAAK,CACjD,EACc8F,EAAW,IAAM,CACnBjG,IACA2F,GACZ,EACcxF,EAAQ,IAAM,CAChBF,EAAO8F,EAAG,OAAS,IAAI,aAAa,aAAc,YAAY,CAAC,EAC/DJ,GACZ,EACQI,EAAG,iBAAiB,WAAYE,CAAQ,EACxCF,EAAG,iBAAiB,QAAS5F,CAAK,EAClC4F,EAAG,iBAAiB,QAAS5F,CAAK,CAC1C,CAAK,EAEDkF,EAAmB,IAAIU,EAAIC,CAAI,CACnC,CACA,IAAIE,EAAgB,CAChB,IAAIC,EAAQC,EAAMC,EAAU,CACxB,GAAIF,aAAkB,eAAgB,CAElC,GAAIC,IAAS,OACT,OAAOf,EAAmB,IAAIc,CAAM,EAExC,GAAIC,IAAS,mBACT,OAAOD,EAAO,kBAAoBb,EAAyB,IAAIa,CAAM,EAGzE,GAAIC,IAAS,QACT,OAAOC,EAAS,iBAAiB,CAAC,EAC5B,OACAA,EAAS,YAAYA,EAAS,iBAAiB,CAAC,CAAC,CAE9D,CAED,OAAOR,EAAKM,EAAOC,CAAI,CAAC,CAC3B,EACD,IAAID,EAAQC,EAAMhG,EAAO,CACrB,OAAA+F,EAAOC,CAAI,EAAIhG,EACR,EACV,EACD,IAAI+F,EAAQC,EAAM,CACd,OAAID,aAAkB,iBACjBC,IAAS,QAAUA,IAAS,SACtB,GAEJA,KAAQD,CAClB,CACL,EACA,SAASG,GAAapG,EAAU,CAC5BgG,EAAgBhG,EAASgG,CAAa,CAC1C,CACA,SAASK,GAAaC,EAAM,CAIxB,OAAIA,IAAS,YAAY,UAAU,aAC/B,EAAE,qBAAsB,eAAe,WAChC,SAAUC,KAAejC,EAAM,CAClC,MAAMuB,EAAKS,EAAK,KAAKE,EAAO,IAAI,EAAGD,EAAY,GAAGjC,CAAI,EACtD,OAAAc,EAAyB,IAAIS,EAAIU,EAAW,KAAOA,EAAW,KAAM,EAAG,CAACA,CAAU,CAAC,EAC5EZ,EAAKE,CAAE,CAC1B,EAOQZ,GAAyB,EAAC,SAASqB,CAAI,EAChC,YAAahC,EAAM,CAGtB,OAAAgC,EAAK,MAAME,EAAO,IAAI,EAAGlC,CAAI,EACtBqB,EAAKT,EAAiB,IAAI,IAAI,CAAC,CAClD,EAEW,YAAaZ,EAAM,CAGtB,OAAOqB,EAAKW,EAAK,MAAME,EAAO,IAAI,EAAGlC,CAAI,CAAC,CAClD,CACA,CACA,SAASmC,GAAuBvG,EAAO,CACnC,OAAI,OAAOA,GAAU,WACVmG,GAAanG,CAAK,GAGzBA,aAAiB,gBACjB0F,GAA+B1F,CAAK,EACpCyE,GAAczE,EAAO8E,IAAsB,EACpC,IAAI,MAAM9E,EAAO8F,CAAa,EAElC9F,EACX,CACA,SAASyF,EAAKzF,EAAO,CAGjB,GAAIA,aAAiB,WACjB,OAAOqF,GAAiBrF,CAAK,EAGjC,GAAImF,EAAe,IAAInF,CAAK,EACxB,OAAOmF,EAAe,IAAInF,CAAK,EACnC,MAAMwG,EAAWD,GAAuBvG,CAAK,EAG7C,OAAIwG,IAAaxG,IACbmF,EAAe,IAAInF,EAAOwG,CAAQ,EAClCpB,EAAsB,IAAIoB,EAAUxG,CAAK,GAEtCwG,CACX,CACA,MAAMF,EAAUtG,GAAUoF,EAAsB,IAAIpF,CAAK,EC5KzD,SAASyG,GAAOvE,EAAMwE,EAAS,CAAE,QAAAC,EAAS,QAAAC,EAAS,SAAAC,EAAU,WAAAC,CAAY,EAAG,GAAI,CAC5E,MAAMzG,EAAU,UAAU,KAAK6B,EAAMwE,CAAO,EACtCK,EAActB,EAAKpF,CAAO,EAChC,OAAIuG,GACAvG,EAAQ,iBAAiB,gBAAkB2G,GAAU,CACjDJ,EAAQnB,EAAKpF,EAAQ,MAAM,EAAG2G,EAAM,WAAYA,EAAM,WAAYvB,EAAKpF,EAAQ,WAAW,EAAG2G,CAAK,CAC9G,CAAS,EAEDL,GACAtG,EAAQ,iBAAiB,UAAY2G,GAAUL,EAE/CK,EAAM,WAAYA,EAAM,WAAYA,CAAK,CAAC,EAE9CD,EACK,KAAME,GAAO,CACVH,GACAG,EAAG,iBAAiB,QAAS,IAAMH,EAAY,CAAA,EAC/CD,GACAI,EAAG,iBAAiB,gBAAkBD,GAAUH,EAASG,EAAM,WAAYA,EAAM,WAAYA,CAAK,CAAC,CAE/G,CAAK,EACI,MAAM,IAAM,CAAA,CAAG,EACbD,CACX,CAgBA,MAAMG,GAAc,CAAC,MAAO,SAAU,SAAU,aAAc,OAAO,EAC/DC,GAAe,CAAC,MAAO,MAAO,SAAU,OAAO,EAC/CC,EAAgB,IAAI,IAC1B,SAASC,EAAUtB,EAAQC,EAAM,CAC7B,GAAI,EAAED,aAAkB,aACpB,EAAEC,KAAQD,IACV,OAAOC,GAAS,UAChB,OAEJ,GAAIoB,EAAc,IAAIpB,CAAI,EACtB,OAAOoB,EAAc,IAAIpB,CAAI,EACjC,MAAMsB,EAAiBtB,EAAK,QAAQ,aAAc,EAAE,EAC9CuB,EAAWvB,IAASsB,EACpBE,EAAUL,GAAa,SAASG,CAAc,EACpD,GAEA,EAAEA,KAAmBC,EAAW,SAAW,gBAAgB,YACvD,EAAEC,GAAWN,GAAY,SAASI,CAAc,GAChD,OAEJ,MAAMhD,EAAS,eAAgBmD,KAAcrD,EAAM,CAE/C,MAAMuB,EAAK,KAAK,YAAY8B,EAAWD,EAAU,YAAc,UAAU,EACzE,IAAIzB,EAASJ,EAAG,MAChB,OAAI4B,IACAxB,EAASA,EAAO,MAAM3B,EAAK,MAAO,CAAA,IAM9B,MAAM,QAAQ,IAAI,CACtB2B,EAAOuB,CAAc,EAAE,GAAGlD,CAAI,EAC9BoD,GAAW7B,EAAG,IAC1B,CAAS,GAAG,CAAC,CACb,EACI,OAAAyB,EAAc,IAAIpB,EAAM1B,CAAM,EACvBA,CACX,CACA4B,GAAcwB,IAAc,CACxB,GAAGA,EACH,IAAK,CAAC3B,EAAQC,EAAMC,IAAaoB,EAAUtB,EAAQC,CAAI,GAAK0B,EAAS,IAAI3B,EAAQC,EAAMC,CAAQ,EAC/F,IAAK,CAACF,EAAQC,IAAS,CAAC,CAACqB,EAAUtB,EAAQC,CAAI,GAAK0B,EAAS,IAAI3B,EAAQC,CAAI,CACjF,EAAE,ECtFF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAM2B,EAA0B,CAC5B,YAAYjF,EAAW,CACnB,KAAK,UAAYA,CACpB,CAGD,uBAAwB,CAIpB,OAHkB,KAAK,UAAU,aAAY,EAIxC,IAAImB,GAAY,CACjB,GAAI+D,GAAyB/D,CAAQ,EAAG,CACpC,MAAMjD,EAAUiD,EAAS,eACzB,MAAO,GAAGjD,EAAQ,OAAO,IAAIA,EAAQ,OAAO,EAC/C,KAEG,QAAO,IAEvB,CAAS,EACI,OAAOiH,GAAaA,CAAS,EAC7B,KAAK,GAAG,CAChB,CACL,CASA,SAASD,GAAyB/D,EAAU,CACxC,MAAMZ,EAAYY,EAAS,eAC3B,OAA8DZ,GAAU,OAAU,SACtF,CAEA,MAAM6E,EAAS,gBACTC,EAAY,UAElB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMC,EAAS,IAAIzD,GAAO,eAAe,EAEnC0D,GAAS,uBAETC,GAAS,6BAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,sBAETC,GAAS,iBAETC,GAAS,wBAETC,GAAS,qBAETC,GAAS,yBAETC,GAAS,4BAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,0BAETC,GAAS,iCAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,wBAETC,GAAS,+BAETC,GAAS,0BAETC,GAAS,iCAETC,GAAS,oBAETC,GAAS,2BAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,6BAETvH,GAAO,WAGb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAqBK,MAACM,GAAqB,YACrBkH,GAAsB,CACxB,CAAC5B,CAAM,EAAG,YACV,CAACG,EAAM,EAAG,mBACV,CAACE,EAAM,EAAG,iBACV,CAACD,EAAM,EAAG,wBACV,CAACG,EAAM,EAAG,iBACV,CAACD,EAAM,EAAG,wBACV,CAACE,EAAM,EAAG,YACV,CAACC,EAAM,EAAG,mBACV,CAACC,EAAM,EAAG,YACV,CAACC,EAAM,EAAG,oBACV,CAACC,EAAM,EAAG,mBACV,CAACC,EAAM,EAAG,UACV,CAACC,EAAM,EAAG,iBACV,CAACC,EAAM,EAAG,WACV,CAACC,EAAM,EAAG,kBACV,CAACC,EAAM,EAAG,WACV,CAACC,EAAM,EAAG,kBACV,CAACC,EAAM,EAAG,YACV,CAACC,EAAM,EAAG,mBACV,CAACC,EAAM,EAAG,UACV,CAACC,EAAM,EAAG,iBACV,CAACC,EAAM,EAAG,WACV,CAACC,EAAM,EAAG,kBACV,CAACC,EAAM,EAAG,WACV,CAACE,EAAM,EAAG,kBACV,CAACD,EAAM,EAAG,cACV,UAAW,UACX,CAACtH,EAAI,EAAG,aACZ,EAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAmBK,MAACyH,EAAQ,IAAI,IAIZC,GAAc,IAAI,IAOlBC,EAAc,IAAI,IAMxB,SAASC,EAAcC,EAAK9G,EAAW,CACnC,GAAI,CACA8G,EAAI,UAAU,aAAa9G,CAAS,CACvC,OACMzD,EAAG,CACNwI,EAAO,MAAM,aAAa/E,EAAU,IAAI,wCAAwC8G,EAAI,IAAI,GAAIvK,CAAC,CAChG,CACL,CAeA,SAASwK,EAAmB/G,EAAW,CACnC,MAAMgH,EAAgBhH,EAAU,KAChC,GAAI4G,EAAY,IAAII,CAAa,EAC7B,OAAAjC,EAAO,MAAM,sDAAsDiC,CAAa,GAAG,EAC5E,GAEXJ,EAAY,IAAII,EAAehH,CAAS,EAExC,UAAW8G,KAAOJ,EAAM,SACpBG,EAAcC,EAAK9G,CAAS,EAEhC,UAAWiH,KAAaN,GAAY,SAChCE,EAAcI,EAAWjH,CAAS,EAEtC,MAAO,EACX,CA6DA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMkH,GAAS,CACV,SAAiC,6EAEjC,eAA6C,iCAC7C,gBAA+C,kFAC/C,cAA2C,kDAC3C,qBAAyD,uCACzD,aAAyC,0EACzC,uBAA6D,6EAE7D,uBAA6D,wDAC7D,WAAqC,gFACrC,UAAmC,qFACnC,UAAqC,mFACrC,aAAyC,sFACzC,sCAA2F,0GAC3F,iCAAiF,2DACtF,EACMC,EAAgB,IAAIzJ,EAAa,MAAO,WAAYwJ,EAAM,EAEhE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAME,EAAgB,CAClB,YAAYtH,EAASuH,EAAQ5H,EAAW,CACpC,KAAK,WAAa,GAClB,KAAK,SAAW,OAAO,OAAO,CAAE,EAAEK,CAAO,EACzC,KAAK,QAAU,OAAO,OAAO,CAAE,EAAEuH,CAAM,EACvC,KAAK,MAAQA,EAAO,KACpB,KAAK,gCACDA,EAAO,+BACX,KAAK,WAAa5H,EAClB,KAAK,UAAU,aAAa,IAAIT,EAAU,MAAO,IAAM,KAAM,QAAQ,CAA4B,CACpG,CACD,IAAI,gCAAiC,CACjC,YAAK,eAAc,EACZ,KAAK,+BACf,CACD,IAAI,+BAA+BuC,EAAK,CACpC,KAAK,eAAc,EACnB,KAAK,gCAAkCA,CAC1C,CACD,IAAI,MAAO,CACP,YAAK,eAAc,EACZ,KAAK,KACf,CACD,IAAI,SAAU,CACV,YAAK,eAAc,EACZ,KAAK,QACf,CACD,IAAI,QAAS,CACT,YAAK,eAAc,EACZ,KAAK,OACf,CACD,IAAI,WAAY,CACZ,OAAO,KAAK,UACf,CACD,IAAI,WAAY,CACZ,OAAO,KAAK,UACf,CACD,IAAI,UAAUA,EAAK,CACf,KAAK,WAAaA,CACrB,CAKD,gBAAiB,CACb,GAAI,KAAK,UACL,MAAM4F,EAAc,OAAO,cAA0C,CAAE,QAAS,KAAK,KAAK,CAAE,CAEnG,CACL,CAwHA,SAASG,GAAcC,EAAUC,EAAY,GAAI,CAC7C,IAAI1H,EAAUyH,EACV,OAAOC,GAAc,WAErBA,EAAY,CAAE,KADDA,IAGjB,MAAMH,EAAS,OAAO,OAAO,CAAE,KAAM9H,GAAoB,+BAAgC,IAASiI,CAAS,EACrGvI,EAAOoI,EAAO,KACpB,GAAI,OAAOpI,GAAS,UAAY,CAACA,EAC7B,MAAMkI,EAAc,OAAO,eAA4C,CACnE,QAAS,OAAOlI,CAAI,CAChC,CAAS,EAGL,GADAa,IAAYA,EAAUtD,GAAmB,GACrC,CAACsD,EACD,MAAMqH,EAAc,OAAO,cAE/B,MAAMM,EAAcf,EAAM,IAAIzH,CAAI,EAClC,GAAIwI,EAAa,CAEb,GAAInJ,EAAUwB,EAAS2H,EAAY,OAAO,GACtCnJ,EAAU+I,EAAQI,EAAY,MAAM,EACpC,OAAOA,EAGP,MAAMN,EAAc,OAAO,gBAA8C,CAAE,QAASlI,CAAI,CAAE,CAEjG,CACD,MAAMQ,EAAY,IAAIkB,GAAmB1B,CAAI,EAC7C,UAAWe,KAAa4G,EAAY,SAChCnH,EAAU,aAAaO,CAAS,EAEpC,MAAM0H,EAAS,IAAIN,GAAgBtH,EAASuH,EAAQ5H,CAAS,EAC7D,OAAAiH,EAAM,IAAIzH,EAAMyI,CAAM,EACfA,CACX,CAyIA,SAASC,EAAgBC,EAAkBnE,EAASoE,EAAS,CACzD,IAAIpL,EAGJ,IAAIqL,GAAWrL,EAAKgK,GAAoBmB,CAAgB,KAAO,MAAQnL,IAAO,OAASA,EAAKmL,EACxFC,IACAC,GAAW,IAAID,CAAO,IAE1B,MAAME,EAAkBD,EAAQ,MAAM,OAAO,EACvCE,EAAkBvE,EAAQ,MAAM,OAAO,EAC7C,GAAIsE,GAAmBC,EAAiB,CACpC,MAAMC,EAAU,CACZ,+BAA+BH,CAAO,mBAAmBrE,CAAO,IAC5E,EACYsE,GACAE,EAAQ,KAAK,iBAAiBH,CAAO,mDAAmD,EAExFC,GAAmBC,GACnBC,EAAQ,KAAK,KAAK,EAElBD,GACAC,EAAQ,KAAK,iBAAiBxE,CAAO,mDAAmD,EAE5FsB,EAAO,KAAKkD,EAAQ,KAAK,GAAG,CAAC,EAC7B,MACH,CACDlB,EAAmB,IAAI/H,EAAU,GAAG8I,CAAO,WAAY,KAAO,CAAE,QAAAA,EAAS,QAAArE,CAAO,GAAK,SAAsC,CAAA,CAC/H,CA2BA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMyE,GAAU,8BACVC,GAAa,EACbC,EAAa,2BACnB,IAAIC,EAAY,KAChB,SAASC,GAAe,CACpB,OAAKD,IACDA,EAAY7E,GAAO0E,GAASC,GAAY,CACpC,QAAS,CAACnE,EAAIuE,IAAe,CAMzB,OAAQA,EAAU,CACd,IAAK,GACD,GAAI,CACAvE,EAAG,kBAAkBoE,CAAU,CAClC,OACM7L,EAAG,CAIN,QAAQ,KAAKA,CAAC,CACjB,CACR,CACJ,CACb,CAAS,EAAE,MAAMA,GAAK,CACV,MAAM4K,EAAc,OAAO,WAAoC,CAC3D,qBAAsB5K,EAAE,OACxC,CAAa,CACb,CAAS,GAEE8L,CACX,CACA,eAAeG,GAA4B1B,EAAK,CAC5C,GAAI,CAEA,MAAMpE,GADK,MAAM4F,KACH,YAAYF,CAAU,EAC9BK,EAAS,MAAM/F,EAAG,YAAY0F,CAAU,EAAE,IAAIM,EAAW5B,CAAG,CAAC,EAGnE,aAAMpE,EAAG,KACF+F,CACV,OACM,EAAG,CACN,GAAI,aAAanL,EACbyH,EAAO,KAAK,EAAE,OAAO,MAEpB,CACD,MAAM4D,EAAcxB,EAAc,OAAO,UAAkC,CACvE,qBAA4D,GAAE,OAC9E,CAAa,EACDpC,EAAO,KAAK4D,EAAY,OAAO,CAClC,CACJ,CACL,CACA,eAAeC,EAA2B9B,EAAK+B,EAAiB,CAC5D,GAAI,CAEA,MAAMnG,GADK,MAAM4F,KACH,YAAYF,EAAY,WAAW,EAEjD,MADoB1F,EAAG,YAAY0F,CAAU,EAC3B,IAAIS,EAAiBH,EAAW5B,CAAG,CAAC,EACtD,MAAMpE,EAAG,IACZ,OACMnG,EAAG,CACN,GAAIA,aAAae,EACbyH,EAAO,KAAKxI,EAAE,OAAO,MAEpB,CACD,MAAMoM,EAAcxB,EAAc,OAAO,UAAoC,CACzE,qBAA4D5K,GAAE,OAC9E,CAAa,EACDwI,EAAO,KAAK4D,EAAY,OAAO,CAClC,CACJ,CACL,CACA,SAASD,EAAW5B,EAAK,CACrB,MAAO,GAAGA,EAAI,IAAI,IAAIA,EAAI,QAAQ,KAAK,EAC3C,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMgC,GAAmB,KAEnBC,GAAwC,GAAK,GAAK,GAAK,GAAK,IAClE,MAAMC,EAAqB,CACvB,YAAYvJ,EAAW,CACnB,KAAK,UAAYA,EAUjB,KAAK,iBAAmB,KACxB,MAAMqH,EAAM,KAAK,UAAU,YAAY,KAAK,EAAE,eAC9C,KAAK,SAAW,IAAImC,GAAqBnC,CAAG,EAC5C,KAAK,wBAA0B,KAAK,SAAS,KAAM,EAAC,KAAK2B,IACrD,KAAK,iBAAmBA,EACjBA,EACV,CACJ,CAQD,MAAM,kBAAmB,CACrB,IAAIhM,EAAIyM,EACR,GAAI,CAMA,MAAMC,EALiB,KAAK,UACvB,YAAY,iBAAiB,EAC7B,eAGwB,wBACvBC,EAAOC,IAUb,QATM5M,EAAK,KAAK,oBAAsB,MAAQA,IAAO,OAAS,OAASA,EAAG,aAAe,OACrF,KAAK,iBAAmB,MAAM,KAAK,0BAE7ByM,EAAK,KAAK,oBAAsB,MAAQA,IAAO,OAAS,OAASA,EAAG,aAAe,OAMzF,KAAK,iBAAiB,wBAA0BE,GAChD,KAAK,iBAAiB,WAAW,KAAKE,GAAuBA,EAAoB,OAASF,CAAI,EAC9F,QAIA,KAAK,iBAAiB,WAAW,KAAK,CAAE,KAAAA,EAAM,MAAAD,CAAK,CAAE,EAGzD,KAAK,iBAAiB,WAClB,KAAK,iBAAiB,WAAW,OAAOG,GAAuB,CAC3D,MAAMC,EAAc,IAAI,KAAKD,EAAoB,IAAI,EAAE,UAEvD,OADY,KAAK,MACJC,GAAeR,EAChD,CAAiB,EACE,KAAK,SAAS,UAAU,KAAK,gBAAgB,EACvD,OACMxM,EAAG,CACNwI,EAAO,KAAKxI,CAAC,CAChB,CACJ,CAQD,MAAM,qBAAsB,CACxB,IAAIE,EACJ,GAAI,CAKA,GAJI,KAAK,mBAAqB,MAC1B,MAAM,KAAK,0BAGTA,EAAK,KAAK,oBAAsB,MAAQA,IAAO,OAAS,OAASA,EAAG,aAAe,MACrF,KAAK,iBAAiB,WAAW,SAAW,EAC5C,MAAO,GAEX,MAAM2M,EAAOC,IAEP,CAAE,iBAAAG,EAAkB,cAAAC,CAAe,EAAGC,GAA2B,KAAK,iBAAiB,UAAU,EACjGC,EAAe/N,EAA8B,KAAK,UAAU,CAAE,QAAS,EAAG,WAAY4N,CAAkB,CAAA,CAAC,EAE/G,YAAK,iBAAiB,sBAAwBJ,EAC1CK,EAAc,OAAS,GAEvB,KAAK,iBAAiB,WAAaA,EAInC,MAAM,KAAK,SAAS,UAAU,KAAK,gBAAgB,IAGnD,KAAK,iBAAiB,WAAa,GAE9B,KAAK,SAAS,UAAU,KAAK,gBAAgB,GAE/CE,CACV,OACMpN,EAAG,CACN,OAAAwI,EAAO,KAAKxI,CAAC,EACN,EACV,CACJ,CACL,CACA,SAAS8M,GAAmB,CAGxB,OAFc,IAAI,OAEL,YAAa,EAAC,UAAU,EAAG,EAAE,CAC9C,CACA,SAASK,GAA2BE,EAAiBC,EAAUf,GAAkB,CAG7E,MAAMU,EAAmB,CAAA,EAEzB,IAAIC,EAAgBG,EAAgB,QACpC,UAAWN,KAAuBM,EAAiB,CAE/C,MAAME,EAAiBN,EAAiB,KAAKO,GAAMA,EAAG,QAAUT,EAAoB,KAAK,EACzF,GAAKQ,GAiBD,GAHAA,EAAe,MAAM,KAAKR,EAAoB,IAAI,EAG9CU,EAAWR,CAAgB,EAAIK,EAAS,CACxCC,EAAe,MAAM,MACrB,KACH,UAlBDN,EAAiB,KAAK,CAClB,MAAOF,EAAoB,MAC3B,MAAO,CAACA,EAAoB,IAAI,CAChD,CAAa,EACGU,EAAWR,CAAgB,EAAIK,EAAS,CAGxCL,EAAiB,IAAG,EACpB,KACH,CAaLC,EAAgBA,EAAc,MAAM,CAAC,CACxC,CACD,MAAO,CACH,iBAAAD,EACA,cAAAC,CACR,CACA,CACA,MAAMR,EAAqB,CACvB,YAAYnC,EAAK,CACb,KAAK,IAAMA,EACX,KAAK,wBAA0B,KAAK,8BACvC,CACD,MAAM,8BAA+B,CACjC,OAAK9J,GAAoB,EAIdC,GAA2B,EAC7B,KAAK,IAAM,EAAI,EACf,MAAM,IAAM,EAAK,EALf,EAOd,CAID,MAAM,MAAO,CAET,GADwB,MAAM,KAAK,wBAI9B,CACD,MAAMgN,EAAqB,MAAMzB,GAA4B,KAAK,GAAG,EACrE,OAA4EyB,GAAmB,WACpFA,EAGA,CAAE,WAAY,CAAA,EAE5B,KAVG,OAAO,CAAE,WAAY,CAAA,EAW5B,CAED,MAAM,UAAUC,EAAkB,CAC9B,IAAIzN,EAEJ,GADwB,MAAM,KAAK,wBAI9B,CACD,MAAM0N,EAA2B,MAAM,KAAK,OAC5C,OAAOvB,EAA2B,KAAK,IAAK,CACxC,uBAAwBnM,EAAKyN,EAAiB,yBAA2B,MAAQzN,IAAO,OAASA,EAAK0N,EAAyB,sBAC/H,WAAYD,EAAiB,UAC7C,CAAa,CACJ,KARG,OASP,CAED,MAAM,IAAIA,EAAkB,CACxB,IAAIzN,EAEJ,GADwB,MAAM,KAAK,wBAI9B,CACD,MAAM0N,EAA2B,MAAM,KAAK,OAC5C,OAAOvB,EAA2B,KAAK,IAAK,CACxC,uBAAwBnM,EAAKyN,EAAiB,yBAA2B,MAAQzN,IAAO,OAASA,EAAK0N,EAAyB,sBAC/H,WAAY,CACR,GAAGA,EAAyB,WAC5B,GAAGD,EAAiB,UACvB,CACjB,CAAa,CACJ,KAXG,OAYP,CACL,CAMA,SAASF,EAAWJ,EAAiB,CAEjC,OAAOhO,EAEP,KAAK,UAAU,CAAE,QAAS,EAAG,WAAYgO,CAAe,CAAE,CAAC,EAAE,MACjE,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,SAASQ,GAAuBvC,EAAS,CACrCd,EAAmB,IAAI/H,EAAU,kBAAmBS,GAAa,IAAIiF,GAA0BjF,CAAS,EAAG,SAAS,CAA6B,EACjJsH,EAAmB,IAAI/H,EAAU,YAAaS,GAAa,IAAIuJ,GAAqBvJ,CAAS,EAAG,SAAS,CAA6B,EAEtIkI,EAAgB9C,EAAQC,EAAW+C,CAAO,EAE1CF,EAAgB9C,EAAQC,EAAW,SAAS,EAE5C6C,EAAgB,UAAW,EAAE,CACjC,CAQAyC,GAAuB,EAAE,EC5nCzB,IAAInL,GAAO,WACPwE,GAAU,UAEd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBAkE,EAAgB1I,GAAMwE,GAAS,KAAK","x_google_ignoreList":[0,1,2,3,4,5,6]}
\ No newline at end of file
+{"version":3,"file":"index.esm.BL_MJ2fY.js","sources":["../../../../../node_modules/@firebase/util/dist/index.esm2017.js","../../../../../node_modules/@firebase/component/dist/esm/index.esm2017.js","../../../../../node_modules/@firebase/logger/dist/esm/index.esm2017.js","../../../../../node_modules/idb/build/wrap-idb-value.js","../../../../../node_modules/idb/build/index.js","../../../../../node_modules/@firebase/app/dist/esm/index.esm2017.js","../../../../../node_modules/firebase/app/dist/esm/index.esm.js"],"sourcesContent":["/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * @fileoverview Firebase constants. Some of these (@defines) can be overridden at compile-time.\r\n */\r\nconst CONSTANTS = {\r\n /**\r\n * @define {boolean} Whether this is the client Node.js SDK.\r\n */\r\n NODE_CLIENT: false,\r\n /**\r\n * @define {boolean} Whether this is the Admin Node.js SDK.\r\n */\r\n NODE_ADMIN: false,\r\n /**\r\n * Firebase SDK Version\r\n */\r\n SDK_VERSION: '${JSCORE_VERSION}'\r\n};\n\n/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Throws an error if the provided assertion is falsy\r\n */\r\nconst assert = function (assertion, message) {\r\n if (!assertion) {\r\n throw assertionError(message);\r\n }\r\n};\r\n/**\r\n * Returns an Error object suitable for throwing.\r\n */\r\nconst assertionError = function (message) {\r\n return new Error('Firebase Database (' +\r\n CONSTANTS.SDK_VERSION +\r\n ') INTERNAL ASSERT FAILED: ' +\r\n message);\r\n};\n\n/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst stringToByteArray$1 = function (str) {\r\n // TODO(user): Use native implementations if/when available\r\n const out = [];\r\n let p = 0;\r\n for (let i = 0; i < str.length; i++) {\r\n let c = str.charCodeAt(i);\r\n if (c < 128) {\r\n out[p++] = c;\r\n }\r\n else if (c < 2048) {\r\n out[p++] = (c >> 6) | 192;\r\n out[p++] = (c & 63) | 128;\r\n }\r\n else if ((c & 0xfc00) === 0xd800 &&\r\n i + 1 < str.length &&\r\n (str.charCodeAt(i + 1) & 0xfc00) === 0xdc00) {\r\n // Surrogate Pair\r\n c = 0x10000 + ((c & 0x03ff) << 10) + (str.charCodeAt(++i) & 0x03ff);\r\n out[p++] = (c >> 18) | 240;\r\n out[p++] = ((c >> 12) & 63) | 128;\r\n out[p++] = ((c >> 6) & 63) | 128;\r\n out[p++] = (c & 63) | 128;\r\n }\r\n else {\r\n out[p++] = (c >> 12) | 224;\r\n out[p++] = ((c >> 6) & 63) | 128;\r\n out[p++] = (c & 63) | 128;\r\n }\r\n }\r\n return out;\r\n};\r\n/**\r\n * Turns an array of numbers into the string given by the concatenation of the\r\n * characters to which the numbers correspond.\r\n * @param bytes Array of numbers representing characters.\r\n * @return Stringification of the array.\r\n */\r\nconst byteArrayToString = function (bytes) {\r\n // TODO(user): Use native implementations if/when available\r\n const out = [];\r\n let pos = 0, c = 0;\r\n while (pos < bytes.length) {\r\n const c1 = bytes[pos++];\r\n if (c1 < 128) {\r\n out[c++] = String.fromCharCode(c1);\r\n }\r\n else if (c1 > 191 && c1 < 224) {\r\n const c2 = bytes[pos++];\r\n out[c++] = String.fromCharCode(((c1 & 31) << 6) | (c2 & 63));\r\n }\r\n else if (c1 > 239 && c1 < 365) {\r\n // Surrogate Pair\r\n const c2 = bytes[pos++];\r\n const c3 = bytes[pos++];\r\n const c4 = bytes[pos++];\r\n const u = (((c1 & 7) << 18) | ((c2 & 63) << 12) | ((c3 & 63) << 6) | (c4 & 63)) -\r\n 0x10000;\r\n out[c++] = String.fromCharCode(0xd800 + (u >> 10));\r\n out[c++] = String.fromCharCode(0xdc00 + (u & 1023));\r\n }\r\n else {\r\n const c2 = bytes[pos++];\r\n const c3 = bytes[pos++];\r\n out[c++] = String.fromCharCode(((c1 & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));\r\n }\r\n }\r\n return out.join('');\r\n};\r\n// We define it as an object literal instead of a class because a class compiled down to es5 can't\r\n// be treeshaked. https://github.com/rollup/rollup/issues/1691\r\n// Static lookup maps, lazily populated by init_()\r\nconst base64 = {\r\n /**\r\n * Maps bytes to characters.\r\n */\r\n byteToCharMap_: null,\r\n /**\r\n * Maps characters to bytes.\r\n */\r\n charToByteMap_: null,\r\n /**\r\n * Maps bytes to websafe characters.\r\n * @private\r\n */\r\n byteToCharMapWebSafe_: null,\r\n /**\r\n * Maps websafe characters to bytes.\r\n * @private\r\n */\r\n charToByteMapWebSafe_: null,\r\n /**\r\n * Our default alphabet, shared between\r\n * ENCODED_VALS and ENCODED_VALS_WEBSAFE\r\n */\r\n ENCODED_VALS_BASE: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + '0123456789',\r\n /**\r\n * Our default alphabet. Value 64 (=) is special; it means \"nothing.\"\r\n */\r\n get ENCODED_VALS() {\r\n return this.ENCODED_VALS_BASE + '+/=';\r\n },\r\n /**\r\n * Our websafe alphabet.\r\n */\r\n get ENCODED_VALS_WEBSAFE() {\r\n return this.ENCODED_VALS_BASE + '-_.';\r\n },\r\n /**\r\n * Whether this browser supports the atob and btoa functions. This extension\r\n * started at Mozilla but is now implemented by many browsers. We use the\r\n * ASSUME_* variables to avoid pulling in the full useragent detection library\r\n * but still allowing the standard per-browser compilations.\r\n *\r\n */\r\n HAS_NATIVE_SUPPORT: typeof atob === 'function',\r\n /**\r\n * Base64-encode an array of bytes.\r\n *\r\n * @param input An array of bytes (numbers with\r\n * value in [0, 255]) to encode.\r\n * @param webSafe Boolean indicating we should use the\r\n * alternative alphabet.\r\n * @return The base64 encoded string.\r\n */\r\n encodeByteArray(input, webSafe) {\r\n if (!Array.isArray(input)) {\r\n throw Error('encodeByteArray takes an array as a parameter');\r\n }\r\n this.init_();\r\n const byteToCharMap = webSafe\r\n ? this.byteToCharMapWebSafe_\r\n : this.byteToCharMap_;\r\n const output = [];\r\n for (let i = 0; i < input.length; i += 3) {\r\n const byte1 = input[i];\r\n const haveByte2 = i + 1 < input.length;\r\n const byte2 = haveByte2 ? input[i + 1] : 0;\r\n const haveByte3 = i + 2 < input.length;\r\n const byte3 = haveByte3 ? input[i + 2] : 0;\r\n const outByte1 = byte1 >> 2;\r\n const outByte2 = ((byte1 & 0x03) << 4) | (byte2 >> 4);\r\n let outByte3 = ((byte2 & 0x0f) << 2) | (byte3 >> 6);\r\n let outByte4 = byte3 & 0x3f;\r\n if (!haveByte3) {\r\n outByte4 = 64;\r\n if (!haveByte2) {\r\n outByte3 = 64;\r\n }\r\n }\r\n output.push(byteToCharMap[outByte1], byteToCharMap[outByte2], byteToCharMap[outByte3], byteToCharMap[outByte4]);\r\n }\r\n return output.join('');\r\n },\r\n /**\r\n * Base64-encode a string.\r\n *\r\n * @param input A string to encode.\r\n * @param webSafe If true, we should use the\r\n * alternative alphabet.\r\n * @return The base64 encoded string.\r\n */\r\n encodeString(input, webSafe) {\r\n // Shortcut for Mozilla browsers that implement\r\n // a native base64 encoder in the form of \"btoa/atob\"\r\n if (this.HAS_NATIVE_SUPPORT && !webSafe) {\r\n return btoa(input);\r\n }\r\n return this.encodeByteArray(stringToByteArray$1(input), webSafe);\r\n },\r\n /**\r\n * Base64-decode a string.\r\n *\r\n * @param input to decode.\r\n * @param webSafe True if we should use the\r\n * alternative alphabet.\r\n * @return string representing the decoded value.\r\n */\r\n decodeString(input, webSafe) {\r\n // Shortcut for Mozilla browsers that implement\r\n // a native base64 encoder in the form of \"btoa/atob\"\r\n if (this.HAS_NATIVE_SUPPORT && !webSafe) {\r\n return atob(input);\r\n }\r\n return byteArrayToString(this.decodeStringToByteArray(input, webSafe));\r\n },\r\n /**\r\n * Base64-decode a string.\r\n *\r\n * In base-64 decoding, groups of four characters are converted into three\r\n * bytes. If the encoder did not apply padding, the input length may not\r\n * be a multiple of 4.\r\n *\r\n * In this case, the last group will have fewer than 4 characters, and\r\n * padding will be inferred. If the group has one or two characters, it decodes\r\n * to one byte. If the group has three characters, it decodes to two bytes.\r\n *\r\n * @param input Input to decode.\r\n * @param webSafe True if we should use the web-safe alphabet.\r\n * @return bytes representing the decoded value.\r\n */\r\n decodeStringToByteArray(input, webSafe) {\r\n this.init_();\r\n const charToByteMap = webSafe\r\n ? this.charToByteMapWebSafe_\r\n : this.charToByteMap_;\r\n const output = [];\r\n for (let i = 0; i < input.length;) {\r\n const byte1 = charToByteMap[input.charAt(i++)];\r\n const haveByte2 = i < input.length;\r\n const byte2 = haveByte2 ? charToByteMap[input.charAt(i)] : 0;\r\n ++i;\r\n const haveByte3 = i < input.length;\r\n const byte3 = haveByte3 ? charToByteMap[input.charAt(i)] : 64;\r\n ++i;\r\n const haveByte4 = i < input.length;\r\n const byte4 = haveByte4 ? charToByteMap[input.charAt(i)] : 64;\r\n ++i;\r\n if (byte1 == null || byte2 == null || byte3 == null || byte4 == null) {\r\n throw new DecodeBase64StringError();\r\n }\r\n const outByte1 = (byte1 << 2) | (byte2 >> 4);\r\n output.push(outByte1);\r\n if (byte3 !== 64) {\r\n const outByte2 = ((byte2 << 4) & 0xf0) | (byte3 >> 2);\r\n output.push(outByte2);\r\n if (byte4 !== 64) {\r\n const outByte3 = ((byte3 << 6) & 0xc0) | byte4;\r\n output.push(outByte3);\r\n }\r\n }\r\n }\r\n return output;\r\n },\r\n /**\r\n * Lazy static initialization function. Called before\r\n * accessing any of the static map variables.\r\n * @private\r\n */\r\n init_() {\r\n if (!this.byteToCharMap_) {\r\n this.byteToCharMap_ = {};\r\n this.charToByteMap_ = {};\r\n this.byteToCharMapWebSafe_ = {};\r\n this.charToByteMapWebSafe_ = {};\r\n // We want quick mappings back and forth, so we precompute two maps.\r\n for (let i = 0; i < this.ENCODED_VALS.length; i++) {\r\n this.byteToCharMap_[i] = this.ENCODED_VALS.charAt(i);\r\n this.charToByteMap_[this.byteToCharMap_[i]] = i;\r\n this.byteToCharMapWebSafe_[i] = this.ENCODED_VALS_WEBSAFE.charAt(i);\r\n this.charToByteMapWebSafe_[this.byteToCharMapWebSafe_[i]] = i;\r\n // Be forgiving when decoding and correctly decode both encodings.\r\n if (i >= this.ENCODED_VALS_BASE.length) {\r\n this.charToByteMap_[this.ENCODED_VALS_WEBSAFE.charAt(i)] = i;\r\n this.charToByteMapWebSafe_[this.ENCODED_VALS.charAt(i)] = i;\r\n }\r\n }\r\n }\r\n }\r\n};\r\n/**\r\n * An error encountered while decoding base64 string.\r\n */\r\nclass DecodeBase64StringError extends Error {\r\n constructor() {\r\n super(...arguments);\r\n this.name = 'DecodeBase64StringError';\r\n }\r\n}\r\n/**\r\n * URL-safe base64 encoding\r\n */\r\nconst base64Encode = function (str) {\r\n const utf8Bytes = stringToByteArray$1(str);\r\n return base64.encodeByteArray(utf8Bytes, true);\r\n};\r\n/**\r\n * URL-safe base64 encoding (without \".\" padding in the end).\r\n * e.g. Used in JSON Web Token (JWT) parts.\r\n */\r\nconst base64urlEncodeWithoutPadding = function (str) {\r\n // Use base64url encoding and remove padding in the end (dot characters).\r\n return base64Encode(str).replace(/\\./g, '');\r\n};\r\n/**\r\n * URL-safe base64 decoding\r\n *\r\n * NOTE: DO NOT use the global atob() function - it does NOT support the\r\n * base64Url variant encoding.\r\n *\r\n * @param str To be decoded\r\n * @return Decoded result, if possible\r\n */\r\nconst base64Decode = function (str) {\r\n try {\r\n return base64.decodeString(str, true);\r\n }\r\n catch (e) {\r\n console.error('base64Decode failed: ', e);\r\n }\r\n return null;\r\n};\n\n/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Do a deep-copy of basic JavaScript Objects or Arrays.\r\n */\r\nfunction deepCopy(value) {\r\n return deepExtend(undefined, value);\r\n}\r\n/**\r\n * Copy properties from source to target (recursively allows extension\r\n * of Objects and Arrays). Scalar values in the target are over-written.\r\n * If target is undefined, an object of the appropriate type will be created\r\n * (and returned).\r\n *\r\n * We recursively copy all child properties of plain Objects in the source- so\r\n * that namespace- like dictionaries are merged.\r\n *\r\n * Note that the target can be a function, in which case the properties in\r\n * the source Object are copied onto it as static properties of the Function.\r\n *\r\n * Note: we don't merge __proto__ to prevent prototype pollution\r\n */\r\nfunction deepExtend(target, source) {\r\n if (!(source instanceof Object)) {\r\n return source;\r\n }\r\n switch (source.constructor) {\r\n case Date:\r\n // Treat Dates like scalars; if the target date object had any child\r\n // properties - they will be lost!\r\n const dateValue = source;\r\n return new Date(dateValue.getTime());\r\n case Object:\r\n if (target === undefined) {\r\n target = {};\r\n }\r\n break;\r\n case Array:\r\n // Always copy the array source and overwrite the target.\r\n target = [];\r\n break;\r\n default:\r\n // Not a plain Object - treat it as a scalar.\r\n return source;\r\n }\r\n for (const prop in source) {\r\n // use isValidKey to guard against prototype pollution. See https://snyk.io/vuln/SNYK-JS-LODASH-450202\r\n if (!source.hasOwnProperty(prop) || !isValidKey(prop)) {\r\n continue;\r\n }\r\n target[prop] = deepExtend(target[prop], source[prop]);\r\n }\r\n return target;\r\n}\r\nfunction isValidKey(key) {\r\n return key !== '__proto__';\r\n}\n\n/**\r\n * @license\r\n * Copyright 2022 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Polyfill for `globalThis` object.\r\n * @returns the `globalThis` object for the given environment.\r\n * @public\r\n */\r\nfunction getGlobal() {\r\n if (typeof self !== 'undefined') {\r\n return self;\r\n }\r\n if (typeof window !== 'undefined') {\r\n return window;\r\n }\r\n if (typeof global !== 'undefined') {\r\n return global;\r\n }\r\n throw new Error('Unable to locate global object.');\r\n}\n\n/**\r\n * @license\r\n * Copyright 2022 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst getDefaultsFromGlobal = () => getGlobal().__FIREBASE_DEFAULTS__;\r\n/**\r\n * Attempt to read defaults from a JSON string provided to\r\n * process(.)env(.)__FIREBASE_DEFAULTS__ or a JSON file whose path is in\r\n * process(.)env(.)__FIREBASE_DEFAULTS_PATH__\r\n * The dots are in parens because certain compilers (Vite?) cannot\r\n * handle seeing that variable in comments.\r\n * See https://github.com/firebase/firebase-js-sdk/issues/6838\r\n */\r\nconst getDefaultsFromEnvVariable = () => {\r\n if (typeof process === 'undefined' || typeof process.env === 'undefined') {\r\n return;\r\n }\r\n const defaultsJsonString = process.env.__FIREBASE_DEFAULTS__;\r\n if (defaultsJsonString) {\r\n return JSON.parse(defaultsJsonString);\r\n }\r\n};\r\nconst getDefaultsFromCookie = () => {\r\n if (typeof document === 'undefined') {\r\n return;\r\n }\r\n let match;\r\n try {\r\n match = document.cookie.match(/__FIREBASE_DEFAULTS__=([^;]+)/);\r\n }\r\n catch (e) {\r\n // Some environments such as Angular Universal SSR have a\r\n // `document` object but error on accessing `document.cookie`.\r\n return;\r\n }\r\n const decoded = match && base64Decode(match[1]);\r\n return decoded && JSON.parse(decoded);\r\n};\r\n/**\r\n * Get the __FIREBASE_DEFAULTS__ object. It checks in order:\r\n * (1) if such an object exists as a property of `globalThis`\r\n * (2) if such an object was provided on a shell environment variable\r\n * (3) if such an object exists in a cookie\r\n * @public\r\n */\r\nconst getDefaults = () => {\r\n try {\r\n return (getDefaultsFromGlobal() ||\r\n getDefaultsFromEnvVariable() ||\r\n getDefaultsFromCookie());\r\n }\r\n catch (e) {\r\n /**\r\n * Catch-all for being unable to get __FIREBASE_DEFAULTS__ due\r\n * to any environment case we have not accounted for. Log to\r\n * info instead of swallowing so we can find these unknown cases\r\n * and add paths for them if needed.\r\n */\r\n console.info(`Unable to get __FIREBASE_DEFAULTS__ due to: ${e}`);\r\n return;\r\n }\r\n};\r\n/**\r\n * Returns emulator host stored in the __FIREBASE_DEFAULTS__ object\r\n * for the given product.\r\n * @returns a URL host formatted like `127.0.0.1:9999` or `[::1]:4000` if available\r\n * @public\r\n */\r\nconst getDefaultEmulatorHost = (productName) => { var _a, _b; return (_b = (_a = getDefaults()) === null || _a === void 0 ? void 0 : _a.emulatorHosts) === null || _b === void 0 ? void 0 : _b[productName]; };\r\n/**\r\n * Returns emulator hostname and port stored in the __FIREBASE_DEFAULTS__ object\r\n * for the given product.\r\n * @returns a pair of hostname and port like `[\"::1\", 4000]` if available\r\n * @public\r\n */\r\nconst getDefaultEmulatorHostnameAndPort = (productName) => {\r\n const host = getDefaultEmulatorHost(productName);\r\n if (!host) {\r\n return undefined;\r\n }\r\n const separatorIndex = host.lastIndexOf(':'); // Finding the last since IPv6 addr also has colons.\r\n if (separatorIndex <= 0 || separatorIndex + 1 === host.length) {\r\n throw new Error(`Invalid host ${host} with no separate hostname and port!`);\r\n }\r\n // eslint-disable-next-line no-restricted-globals\r\n const port = parseInt(host.substring(separatorIndex + 1), 10);\r\n if (host[0] === '[') {\r\n // Bracket-quoted `[ipv6addr]:port` => return \"ipv6addr\" (without brackets).\r\n return [host.substring(1, separatorIndex - 1), port];\r\n }\r\n else {\r\n return [host.substring(0, separatorIndex), port];\r\n }\r\n};\r\n/**\r\n * Returns Firebase app config stored in the __FIREBASE_DEFAULTS__ object.\r\n * @public\r\n */\r\nconst getDefaultAppConfig = () => { var _a; return (_a = getDefaults()) === null || _a === void 0 ? void 0 : _a.config; };\r\n/**\r\n * Returns an experimental setting on the __FIREBASE_DEFAULTS__ object (properties\r\n * prefixed by \"_\")\r\n * @public\r\n */\r\nconst getExperimentalSetting = (name) => { var _a; return (_a = getDefaults()) === null || _a === void 0 ? void 0 : _a[`_${name}`]; };\n\n/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass Deferred {\r\n constructor() {\r\n this.reject = () => { };\r\n this.resolve = () => { };\r\n this.promise = new Promise((resolve, reject) => {\r\n this.resolve = resolve;\r\n this.reject = reject;\r\n });\r\n }\r\n /**\r\n * Our API internals are not promisified and cannot because our callback APIs have subtle expectations around\r\n * invoking promises inline, which Promises are forbidden to do. This method accepts an optional node-style callback\r\n * and returns a node-style callback which will resolve or reject the Deferred's promise.\r\n */\r\n wrapCallback(callback) {\r\n return (error, value) => {\r\n if (error) {\r\n this.reject(error);\r\n }\r\n else {\r\n this.resolve(value);\r\n }\r\n if (typeof callback === 'function') {\r\n // Attaching noop handler just in case developer wasn't expecting\r\n // promises\r\n this.promise.catch(() => { });\r\n // Some of our callbacks don't expect a value and our own tests\r\n // assert that the parameter length is 1\r\n if (callback.length === 1) {\r\n callback(error);\r\n }\r\n else {\r\n callback(error, value);\r\n }\r\n }\r\n };\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nfunction createMockUserToken(token, projectId) {\r\n if (token.uid) {\r\n throw new Error('The \"uid\" field is no longer supported by mockUserToken. Please use \"sub\" instead for Firebase Auth User ID.');\r\n }\r\n // Unsecured JWTs use \"none\" as the algorithm.\r\n const header = {\r\n alg: 'none',\r\n type: 'JWT'\r\n };\r\n const project = projectId || 'demo-project';\r\n const iat = token.iat || 0;\r\n const sub = token.sub || token.user_id;\r\n if (!sub) {\r\n throw new Error(\"mockUserToken must contain 'sub' or 'user_id' field!\");\r\n }\r\n const payload = Object.assign({ \r\n // Set all required fields to decent defaults\r\n iss: `https://securetoken.google.com/${project}`, aud: project, iat, exp: iat + 3600, auth_time: iat, sub, user_id: sub, firebase: {\r\n sign_in_provider: 'custom',\r\n identities: {}\r\n } }, token);\r\n // Unsecured JWTs use the empty string as a signature.\r\n const signature = '';\r\n return [\r\n base64urlEncodeWithoutPadding(JSON.stringify(header)),\r\n base64urlEncodeWithoutPadding(JSON.stringify(payload)),\r\n signature\r\n ].join('.');\r\n}\n\n/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Returns navigator.userAgent string or '' if it's not defined.\r\n * @return user agent string\r\n */\r\nfunction getUA() {\r\n if (typeof navigator !== 'undefined' &&\r\n typeof navigator['userAgent'] === 'string') {\r\n return navigator['userAgent'];\r\n }\r\n else {\r\n return '';\r\n }\r\n}\r\n/**\r\n * Detect Cordova / PhoneGap / Ionic frameworks on a mobile device.\r\n *\r\n * Deliberately does not rely on checking `file://` URLs (as this fails PhoneGap\r\n * in the Ripple emulator) nor Cordova `onDeviceReady`, which would normally\r\n * wait for a callback.\r\n */\r\nfunction isMobileCordova() {\r\n return (typeof window !== 'undefined' &&\r\n // @ts-ignore Setting up an broadly applicable index signature for Window\r\n // just to deal with this case would probably be a bad idea.\r\n !!(window['cordova'] || window['phonegap'] || window['PhoneGap']) &&\r\n /ios|iphone|ipod|ipad|android|blackberry|iemobile/i.test(getUA()));\r\n}\r\n/**\r\n * Detect Node.js.\r\n *\r\n * @return true if Node.js environment is detected or specified.\r\n */\r\n// Node detection logic from: https://github.com/iliakan/detect-node/\r\nfunction isNode() {\r\n var _a;\r\n const forceEnvironment = (_a = getDefaults()) === null || _a === void 0 ? void 0 : _a.forceEnvironment;\r\n if (forceEnvironment === 'node') {\r\n return true;\r\n }\r\n else if (forceEnvironment === 'browser') {\r\n return false;\r\n }\r\n try {\r\n return (Object.prototype.toString.call(global.process) === '[object process]');\r\n }\r\n catch (e) {\r\n return false;\r\n }\r\n}\r\n/**\r\n * Detect Browser Environment.\r\n * Note: This will return true for certain test frameworks that are incompletely\r\n * mimicking a browser, and should not lead to assuming all browser APIs are\r\n * available.\r\n */\r\nfunction isBrowser() {\r\n return typeof window !== 'undefined' || isWebWorker();\r\n}\r\n/**\r\n * Detect Web Worker context.\r\n */\r\nfunction isWebWorker() {\r\n return (typeof WorkerGlobalScope !== 'undefined' &&\r\n typeof self !== 'undefined' &&\r\n self instanceof WorkerGlobalScope);\r\n}\r\n/**\r\n * Detect Cloudflare Worker context.\r\n */\r\nfunction isCloudflareWorker() {\r\n return (typeof navigator !== 'undefined' &&\r\n navigator.userAgent === 'Cloudflare-Workers');\r\n}\r\nfunction isBrowserExtension() {\r\n const runtime = typeof chrome === 'object'\r\n ? chrome.runtime\r\n : typeof browser === 'object'\r\n ? browser.runtime\r\n : undefined;\r\n return typeof runtime === 'object' && runtime.id !== undefined;\r\n}\r\n/**\r\n * Detect React Native.\r\n *\r\n * @return true if ReactNative environment is detected.\r\n */\r\nfunction isReactNative() {\r\n return (typeof navigator === 'object' && navigator['product'] === 'ReactNative');\r\n}\r\n/** Detects Electron apps. */\r\nfunction isElectron() {\r\n return getUA().indexOf('Electron/') >= 0;\r\n}\r\n/** Detects Internet Explorer. */\r\nfunction isIE() {\r\n const ua = getUA();\r\n return ua.indexOf('MSIE ') >= 0 || ua.indexOf('Trident/') >= 0;\r\n}\r\n/** Detects Universal Windows Platform apps. */\r\nfunction isUWP() {\r\n return getUA().indexOf('MSAppHost/') >= 0;\r\n}\r\n/**\r\n * Detect whether the current SDK build is the Node version.\r\n *\r\n * @return true if it's the Node SDK build.\r\n */\r\nfunction isNodeSdk() {\r\n return CONSTANTS.NODE_CLIENT === true || CONSTANTS.NODE_ADMIN === true;\r\n}\r\n/** Returns true if we are running in Safari. */\r\nfunction isSafari() {\r\n return (!isNode() &&\r\n !!navigator.userAgent &&\r\n navigator.userAgent.includes('Safari') &&\r\n !navigator.userAgent.includes('Chrome'));\r\n}\r\n/**\r\n * This method checks if indexedDB is supported by current browser/service worker context\r\n * @return true if indexedDB is supported by current browser/service worker context\r\n */\r\nfunction isIndexedDBAvailable() {\r\n try {\r\n return typeof indexedDB === 'object';\r\n }\r\n catch (e) {\r\n return false;\r\n }\r\n}\r\n/**\r\n * This method validates browser/sw context for indexedDB by opening a dummy indexedDB database and reject\r\n * if errors occur during the database open operation.\r\n *\r\n * @throws exception if current browser/sw context can't run idb.open (ex: Safari iframe, Firefox\r\n * private browsing)\r\n */\r\nfunction validateIndexedDBOpenable() {\r\n return new Promise((resolve, reject) => {\r\n try {\r\n let preExist = true;\r\n const DB_CHECK_NAME = 'validate-browser-context-for-indexeddb-analytics-module';\r\n const request = self.indexedDB.open(DB_CHECK_NAME);\r\n request.onsuccess = () => {\r\n request.result.close();\r\n // delete database only when it doesn't pre-exist\r\n if (!preExist) {\r\n self.indexedDB.deleteDatabase(DB_CHECK_NAME);\r\n }\r\n resolve(true);\r\n };\r\n request.onupgradeneeded = () => {\r\n preExist = false;\r\n };\r\n request.onerror = () => {\r\n var _a;\r\n reject(((_a = request.error) === null || _a === void 0 ? void 0 : _a.message) || '');\r\n };\r\n }\r\n catch (error) {\r\n reject(error);\r\n }\r\n });\r\n}\r\n/**\r\n *\r\n * This method checks whether cookie is enabled within current browser\r\n * @return true if cookie is enabled within current browser\r\n */\r\nfunction areCookiesEnabled() {\r\n if (typeof navigator === 'undefined' || !navigator.cookieEnabled) {\r\n return false;\r\n }\r\n return true;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * @fileoverview Standardized Firebase Error.\r\n *\r\n * Usage:\r\n *\r\n * // TypeScript string literals for type-safe codes\r\n * type Err =\r\n * 'unknown' |\r\n * 'object-not-found'\r\n * ;\r\n *\r\n * // Closure enum for type-safe error codes\r\n * // at-enum {string}\r\n * var Err = {\r\n * UNKNOWN: 'unknown',\r\n * OBJECT_NOT_FOUND: 'object-not-found',\r\n * }\r\n *\r\n * let errors: Map Visible for testing\r\n */\r\nconst MAX_VALUE_MILLIS = 4 * 60 * 60 * 1000; // Four hours, like iOS and Android.\r\n/**\r\n * The percentage of backoff time to randomize by.\r\n * See\r\n * http://go/safe-client-behavior#step-1-determine-the-appropriate-retry-interval-to-handle-spike-traffic\r\n * for context.\r\n *\r\n * Visible for testing\r\n */\r\nconst RANDOM_FACTOR = 0.5;\r\n/**\r\n * Based on the backoff method from\r\n * https://github.com/google/closure-library/blob/master/closure/goog/math/exponentialbackoff.js.\r\n * Extracted here so we don't need to pass metadata and a stateful ExponentialBackoff object around.\r\n */\r\nfunction calculateBackoffMillis(backoffCount, intervalMillis = DEFAULT_INTERVAL_MILLIS, backoffFactor = DEFAULT_BACKOFF_FACTOR) {\r\n // Calculates an exponentially increasing value.\r\n // Deviation: calculates value from count and a constant interval, so we only need to save value\r\n // and count to restore state.\r\n const currBaseValue = intervalMillis * Math.pow(backoffFactor, backoffCount);\r\n // A random \"fuzz\" to avoid waves of retries.\r\n // Deviation: randomFactor is required.\r\n const randomWait = Math.round(\r\n // A fraction of the backoff value to add/subtract.\r\n // Deviation: changes multiplication order to improve readability.\r\n RANDOM_FACTOR *\r\n currBaseValue *\r\n // A random float (rounded to int by Math.round above) in the range [-1, 1]. Determines\r\n // if we add or subtract.\r\n (Math.random() - 0.5) *\r\n 2);\r\n // Limits backoff to max to avoid effectively permanent backoff.\r\n return Math.min(MAX_VALUE_MILLIS, currBaseValue + randomWait);\r\n}\n\n/**\r\n * @license\r\n * Copyright 2020 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Provide English ordinal letters after a number\r\n */\r\nfunction ordinal(i) {\r\n if (!Number.isFinite(i)) {\r\n return `${i}`;\r\n }\r\n return i + indicator(i);\r\n}\r\nfunction indicator(i) {\r\n i = Math.abs(i);\r\n const cent = i % 100;\r\n if (cent >= 10 && cent <= 20) {\r\n return 'th';\r\n }\r\n const dec = i % 10;\r\n if (dec === 1) {\r\n return 'st';\r\n }\r\n if (dec === 2) {\r\n return 'nd';\r\n }\r\n if (dec === 3) {\r\n return 'rd';\r\n }\r\n return 'th';\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nfunction getModularInstance(service) {\r\n if (service && service._delegate) {\r\n return service._delegate;\r\n }\r\n else {\r\n return service;\r\n }\r\n}\n\nexport { CONSTANTS, DecodeBase64StringError, Deferred, ErrorFactory, FirebaseError, MAX_VALUE_MILLIS, RANDOM_FACTOR, Sha1, areCookiesEnabled, assert, assertionError, async, base64, base64Decode, base64Encode, base64urlEncodeWithoutPadding, calculateBackoffMillis, contains, createMockUserToken, createSubscribe, decode, deepCopy, deepEqual, deepExtend, errorPrefix, extractQuerystring, getDefaultAppConfig, getDefaultEmulatorHost, getDefaultEmulatorHostnameAndPort, getDefaults, getExperimentalSetting, getGlobal, getModularInstance, getUA, isAdmin, isBrowser, isBrowserExtension, isCloudflareWorker, isElectron, isEmpty, isIE, isIndexedDBAvailable, isMobileCordova, isNode, isNodeSdk, isReactNative, isSafari, isUWP, isValidFormat, isValidTimestamp, isWebWorker, issuedAtTime, jsonEval, map, ordinal, promiseWithTimeout, querystring, querystringDecode, safeGet, stringLength, stringToByteArray, stringify, uuidv4, validateArgCount, validateCallback, validateContextObject, validateIndexedDBOpenable, validateNamespace };\n//# sourceMappingURL=index.esm2017.js.map\n","import { Deferred } from '@firebase/util';\n\n/**\r\n * Component for service name T, e.g. `auth`, `auth-internal`\r\n */\r\nclass Component {\r\n /**\r\n *\r\n * @param name The public service name, e.g. app, auth, firestore, database\r\n * @param instanceFactory Service factory responsible for creating the public interface\r\n * @param type whether the service provided by the component is public or private\r\n */\r\n constructor(name, instanceFactory, type) {\r\n this.name = name;\r\n this.instanceFactory = instanceFactory;\r\n this.type = type;\r\n this.multipleInstances = false;\r\n /**\r\n * Properties to be added to the service namespace\r\n */\r\n this.serviceProps = {};\r\n this.instantiationMode = \"LAZY\" /* InstantiationMode.LAZY */;\r\n this.onInstanceCreated = null;\r\n }\r\n setInstantiationMode(mode) {\r\n this.instantiationMode = mode;\r\n return this;\r\n }\r\n setMultipleInstances(multipleInstances) {\r\n this.multipleInstances = multipleInstances;\r\n return this;\r\n }\r\n setServiceProps(props) {\r\n this.serviceProps = props;\r\n return this;\r\n }\r\n setInstanceCreatedCallback(callback) {\r\n this.onInstanceCreated = callback;\r\n return this;\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst DEFAULT_ENTRY_NAME = '[DEFAULT]';\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * Provider for instance for service name T, e.g. 'auth', 'auth-internal'\r\n * NameServiceMapping[T] is an alias for the type of the instance\r\n */\r\nclass Provider {\r\n constructor(name, container) {\r\n this.name = name;\r\n this.container = container;\r\n this.component = null;\r\n this.instances = new Map();\r\n this.instancesDeferred = new Map();\r\n this.instancesOptions = new Map();\r\n this.onInitCallbacks = new Map();\r\n }\r\n /**\r\n * @param identifier A provider can provide multiple instances of a service\r\n * if this.component.multipleInstances is true.\r\n */\r\n get(identifier) {\r\n // if multipleInstances is not supported, use the default name\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(identifier);\r\n if (!this.instancesDeferred.has(normalizedIdentifier)) {\r\n const deferred = new Deferred();\r\n this.instancesDeferred.set(normalizedIdentifier, deferred);\r\n if (this.isInitialized(normalizedIdentifier) ||\r\n this.shouldAutoInitialize()) {\r\n // initialize the service if it can be auto-initialized\r\n try {\r\n const instance = this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier\r\n });\r\n if (instance) {\r\n deferred.resolve(instance);\r\n }\r\n }\r\n catch (e) {\r\n // when the instance factory throws an exception during get(), it should not cause\r\n // a fatal error. We just return the unresolved promise in this case.\r\n }\r\n }\r\n }\r\n return this.instancesDeferred.get(normalizedIdentifier).promise;\r\n }\r\n getImmediate(options) {\r\n var _a;\r\n // if multipleInstances is not supported, use the default name\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(options === null || options === void 0 ? void 0 : options.identifier);\r\n const optional = (_a = options === null || options === void 0 ? void 0 : options.optional) !== null && _a !== void 0 ? _a : false;\r\n if (this.isInitialized(normalizedIdentifier) ||\r\n this.shouldAutoInitialize()) {\r\n try {\r\n return this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier\r\n });\r\n }\r\n catch (e) {\r\n if (optional) {\r\n return null;\r\n }\r\n else {\r\n throw e;\r\n }\r\n }\r\n }\r\n else {\r\n // In case a component is not initialized and should/cannot be auto-initialized at the moment, return null if the optional flag is set, or throw\r\n if (optional) {\r\n return null;\r\n }\r\n else {\r\n throw Error(`Service ${this.name} is not available`);\r\n }\r\n }\r\n }\r\n getComponent() {\r\n return this.component;\r\n }\r\n setComponent(component) {\r\n if (component.name !== this.name) {\r\n throw Error(`Mismatching Component ${component.name} for Provider ${this.name}.`);\r\n }\r\n if (this.component) {\r\n throw Error(`Component for ${this.name} has already been provided`);\r\n }\r\n this.component = component;\r\n // return early without attempting to initialize the component if the component requires explicit initialization (calling `Provider.initialize()`)\r\n if (!this.shouldAutoInitialize()) {\r\n return;\r\n }\r\n // if the service is eager, initialize the default instance\r\n if (isComponentEager(component)) {\r\n try {\r\n this.getOrInitializeService({ instanceIdentifier: DEFAULT_ENTRY_NAME });\r\n }\r\n catch (e) {\r\n // when the instance factory for an eager Component throws an exception during the eager\r\n // initialization, it should not cause a fatal error.\r\n // TODO: Investigate if we need to make it configurable, because some component may want to cause\r\n // a fatal error in this case?\r\n }\r\n }\r\n // Create service instances for the pending promises and resolve them\r\n // NOTE: if this.multipleInstances is false, only the default instance will be created\r\n // and all promises with resolve with it regardless of the identifier.\r\n for (const [instanceIdentifier, instanceDeferred] of this.instancesDeferred.entries()) {\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(instanceIdentifier);\r\n try {\r\n // `getOrInitializeService()` should always return a valid instance since a component is guaranteed. use ! to make typescript happy.\r\n const instance = this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier\r\n });\r\n instanceDeferred.resolve(instance);\r\n }\r\n catch (e) {\r\n // when the instance factory throws an exception, it should not cause\r\n // a fatal error. We just leave the promise unresolved.\r\n }\r\n }\r\n }\r\n clearInstance(identifier = DEFAULT_ENTRY_NAME) {\r\n this.instancesDeferred.delete(identifier);\r\n this.instancesOptions.delete(identifier);\r\n this.instances.delete(identifier);\r\n }\r\n // app.delete() will call this method on every provider to delete the services\r\n // TODO: should we mark the provider as deleted?\r\n async delete() {\r\n const services = Array.from(this.instances.values());\r\n await Promise.all([\r\n ...services\r\n .filter(service => 'INTERNAL' in service) // legacy services\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n .map(service => service.INTERNAL.delete()),\r\n ...services\r\n .filter(service => '_delete' in service) // modularized services\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n .map(service => service._delete())\r\n ]);\r\n }\r\n isComponentSet() {\r\n return this.component != null;\r\n }\r\n isInitialized(identifier = DEFAULT_ENTRY_NAME) {\r\n return this.instances.has(identifier);\r\n }\r\n getOptions(identifier = DEFAULT_ENTRY_NAME) {\r\n return this.instancesOptions.get(identifier) || {};\r\n }\r\n initialize(opts = {}) {\r\n const { options = {} } = opts;\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(opts.instanceIdentifier);\r\n if (this.isInitialized(normalizedIdentifier)) {\r\n throw Error(`${this.name}(${normalizedIdentifier}) has already been initialized`);\r\n }\r\n if (!this.isComponentSet()) {\r\n throw Error(`Component ${this.name} has not been registered yet`);\r\n }\r\n const instance = this.getOrInitializeService({\r\n instanceIdentifier: normalizedIdentifier,\r\n options\r\n });\r\n // resolve any pending promise waiting for the service instance\r\n for (const [instanceIdentifier, instanceDeferred] of this.instancesDeferred.entries()) {\r\n const normalizedDeferredIdentifier = this.normalizeInstanceIdentifier(instanceIdentifier);\r\n if (normalizedIdentifier === normalizedDeferredIdentifier) {\r\n instanceDeferred.resolve(instance);\r\n }\r\n }\r\n return instance;\r\n }\r\n /**\r\n *\r\n * @param callback - a function that will be invoked after the provider has been initialized by calling provider.initialize().\r\n * The function is invoked SYNCHRONOUSLY, so it should not execute any longrunning tasks in order to not block the program.\r\n *\r\n * @param identifier An optional instance identifier\r\n * @returns a function to unregister the callback\r\n */\r\n onInit(callback, identifier) {\r\n var _a;\r\n const normalizedIdentifier = this.normalizeInstanceIdentifier(identifier);\r\n const existingCallbacks = (_a = this.onInitCallbacks.get(normalizedIdentifier)) !== null && _a !== void 0 ? _a : new Set();\r\n existingCallbacks.add(callback);\r\n this.onInitCallbacks.set(normalizedIdentifier, existingCallbacks);\r\n const existingInstance = this.instances.get(normalizedIdentifier);\r\n if (existingInstance) {\r\n callback(existingInstance, normalizedIdentifier);\r\n }\r\n return () => {\r\n existingCallbacks.delete(callback);\r\n };\r\n }\r\n /**\r\n * Invoke onInit callbacks synchronously\r\n * @param instance the service instance`\r\n */\r\n invokeOnInitCallbacks(instance, identifier) {\r\n const callbacks = this.onInitCallbacks.get(identifier);\r\n if (!callbacks) {\r\n return;\r\n }\r\n for (const callback of callbacks) {\r\n try {\r\n callback(instance, identifier);\r\n }\r\n catch (_a) {\r\n // ignore errors in the onInit callback\r\n }\r\n }\r\n }\r\n getOrInitializeService({ instanceIdentifier, options = {} }) {\r\n let instance = this.instances.get(instanceIdentifier);\r\n if (!instance && this.component) {\r\n instance = this.component.instanceFactory(this.container, {\r\n instanceIdentifier: normalizeIdentifierForFactory(instanceIdentifier),\r\n options\r\n });\r\n this.instances.set(instanceIdentifier, instance);\r\n this.instancesOptions.set(instanceIdentifier, options);\r\n /**\r\n * Invoke onInit listeners.\r\n * Note this.component.onInstanceCreated is different, which is used by the component creator,\r\n * while onInit listeners are registered by consumers of the provider.\r\n */\r\n this.invokeOnInitCallbacks(instance, instanceIdentifier);\r\n /**\r\n * Order is important\r\n * onInstanceCreated() should be called after this.instances.set(instanceIdentifier, instance); which\r\n * makes `isInitialized()` return true.\r\n */\r\n if (this.component.onInstanceCreated) {\r\n try {\r\n this.component.onInstanceCreated(this.container, instanceIdentifier, instance);\r\n }\r\n catch (_a) {\r\n // ignore errors in the onInstanceCreatedCallback\r\n }\r\n }\r\n }\r\n return instance || null;\r\n }\r\n normalizeInstanceIdentifier(identifier = DEFAULT_ENTRY_NAME) {\r\n if (this.component) {\r\n return this.component.multipleInstances ? identifier : DEFAULT_ENTRY_NAME;\r\n }\r\n else {\r\n return identifier; // assume multiple instances are supported before the component is provided.\r\n }\r\n }\r\n shouldAutoInitialize() {\r\n return (!!this.component &&\r\n this.component.instantiationMode !== \"EXPLICIT\" /* InstantiationMode.EXPLICIT */);\r\n }\r\n}\r\n// undefined should be passed to the service factory for the default instance\r\nfunction normalizeIdentifierForFactory(identifier) {\r\n return identifier === DEFAULT_ENTRY_NAME ? undefined : identifier;\r\n}\r\nfunction isComponentEager(component) {\r\n return component.instantiationMode === \"EAGER\" /* InstantiationMode.EAGER */;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * ComponentContainer that provides Providers for service name T, e.g. `auth`, `auth-internal`\r\n */\r\nclass ComponentContainer {\r\n constructor(name) {\r\n this.name = name;\r\n this.providers = new Map();\r\n }\r\n /**\r\n *\r\n * @param component Component being added\r\n * @param overwrite When a component with the same name has already been registered,\r\n * if overwrite is true: overwrite the existing component with the new component and create a new\r\n * provider with the new component. It can be useful in tests where you want to use different mocks\r\n * for different tests.\r\n * if overwrite is false: throw an exception\r\n */\r\n addComponent(component) {\r\n const provider = this.getProvider(component.name);\r\n if (provider.isComponentSet()) {\r\n throw new Error(`Component ${component.name} has already been registered with ${this.name}`);\r\n }\r\n provider.setComponent(component);\r\n }\r\n addOrOverwriteComponent(component) {\r\n const provider = this.getProvider(component.name);\r\n if (provider.isComponentSet()) {\r\n // delete the existing provider from the container, so we can register the new component\r\n this.providers.delete(component.name);\r\n }\r\n this.addComponent(component);\r\n }\r\n /**\r\n * getProvider provides a type safe interface where it can only be called with a field name\r\n * present in NameServiceMapping interface.\r\n *\r\n * Firebase SDKs providing services should extend NameServiceMapping interface to register\r\n * themselves.\r\n */\r\n getProvider(name) {\r\n if (this.providers.has(name)) {\r\n return this.providers.get(name);\r\n }\r\n // create a Provider for a service that hasn't registered with Firebase\r\n const provider = new Provider(name, this);\r\n this.providers.set(name, provider);\r\n return provider;\r\n }\r\n getProviders() {\r\n return Array.from(this.providers.values());\r\n }\r\n}\n\nexport { Component, ComponentContainer, Provider };\n//# sourceMappingURL=index.esm2017.js.map\n","/**\r\n * @license\r\n * Copyright 2017 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * A container for all of the Logger instances\r\n */\r\nconst instances = [];\r\n/**\r\n * The JS SDK supports 5 log levels and also allows a user the ability to\r\n * silence the logs altogether.\r\n *\r\n * The order is a follows:\r\n * DEBUG < VERBOSE < INFO < WARN < ERROR\r\n *\r\n * All of the log types above the current log level will be captured (i.e. if\r\n * you set the log level to `INFO`, errors will still be logged, but `DEBUG` and\r\n * `VERBOSE` logs will not)\r\n */\r\nvar LogLevel;\r\n(function (LogLevel) {\r\n LogLevel[LogLevel[\"DEBUG\"] = 0] = \"DEBUG\";\r\n LogLevel[LogLevel[\"VERBOSE\"] = 1] = \"VERBOSE\";\r\n LogLevel[LogLevel[\"INFO\"] = 2] = \"INFO\";\r\n LogLevel[LogLevel[\"WARN\"] = 3] = \"WARN\";\r\n LogLevel[LogLevel[\"ERROR\"] = 4] = \"ERROR\";\r\n LogLevel[LogLevel[\"SILENT\"] = 5] = \"SILENT\";\r\n})(LogLevel || (LogLevel = {}));\r\nconst levelStringToEnum = {\r\n 'debug': LogLevel.DEBUG,\r\n 'verbose': LogLevel.VERBOSE,\r\n 'info': LogLevel.INFO,\r\n 'warn': LogLevel.WARN,\r\n 'error': LogLevel.ERROR,\r\n 'silent': LogLevel.SILENT\r\n};\r\n/**\r\n * The default log level\r\n */\r\nconst defaultLogLevel = LogLevel.INFO;\r\n/**\r\n * By default, `console.debug` is not displayed in the developer console (in\r\n * chrome). To avoid forcing users to have to opt-in to these logs twice\r\n * (i.e. once for firebase, and once in the console), we are sending `DEBUG`\r\n * logs to the `console.log` function.\r\n */\r\nconst ConsoleMethod = {\r\n [LogLevel.DEBUG]: 'log',\r\n [LogLevel.VERBOSE]: 'log',\r\n [LogLevel.INFO]: 'info',\r\n [LogLevel.WARN]: 'warn',\r\n [LogLevel.ERROR]: 'error'\r\n};\r\n/**\r\n * The default log handler will forward DEBUG, VERBOSE, INFO, WARN, and ERROR\r\n * messages on to their corresponding console counterparts (if the log method\r\n * is supported by the current log level)\r\n */\r\nconst defaultLogHandler = (instance, logType, ...args) => {\r\n if (logType < instance.logLevel) {\r\n return;\r\n }\r\n const now = new Date().toISOString();\r\n const method = ConsoleMethod[logType];\r\n if (method) {\r\n console[method](`[${now}] ${instance.name}:`, ...args);\r\n }\r\n else {\r\n throw new Error(`Attempted to log a message with an invalid logType (value: ${logType})`);\r\n }\r\n};\r\nclass Logger {\r\n /**\r\n * Gives you an instance of a Logger to capture messages according to\r\n * Firebase's logging scheme.\r\n *\r\n * @param name The name that the logs will be associated with\r\n */\r\n constructor(name) {\r\n this.name = name;\r\n /**\r\n * The log level of the given Logger instance.\r\n */\r\n this._logLevel = defaultLogLevel;\r\n /**\r\n * The main (internal) log handler for the Logger instance.\r\n * Can be set to a new function in internal package code but not by user.\r\n */\r\n this._logHandler = defaultLogHandler;\r\n /**\r\n * The optional, additional, user-defined log handler for the Logger instance.\r\n */\r\n this._userLogHandler = null;\r\n /**\r\n * Capture the current instance for later use\r\n */\r\n instances.push(this);\r\n }\r\n get logLevel() {\r\n return this._logLevel;\r\n }\r\n set logLevel(val) {\r\n if (!(val in LogLevel)) {\r\n throw new TypeError(`Invalid value \"${val}\" assigned to \\`logLevel\\``);\r\n }\r\n this._logLevel = val;\r\n }\r\n // Workaround for setter/getter having to be the same type.\r\n setLogLevel(val) {\r\n this._logLevel = typeof val === 'string' ? levelStringToEnum[val] : val;\r\n }\r\n get logHandler() {\r\n return this._logHandler;\r\n }\r\n set logHandler(val) {\r\n if (typeof val !== 'function') {\r\n throw new TypeError('Value assigned to `logHandler` must be a function');\r\n }\r\n this._logHandler = val;\r\n }\r\n get userLogHandler() {\r\n return this._userLogHandler;\r\n }\r\n set userLogHandler(val) {\r\n this._userLogHandler = val;\r\n }\r\n /**\r\n * The functions below are all based on the `console` interface\r\n */\r\n debug(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.DEBUG, ...args);\r\n this._logHandler(this, LogLevel.DEBUG, ...args);\r\n }\r\n log(...args) {\r\n this._userLogHandler &&\r\n this._userLogHandler(this, LogLevel.VERBOSE, ...args);\r\n this._logHandler(this, LogLevel.VERBOSE, ...args);\r\n }\r\n info(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.INFO, ...args);\r\n this._logHandler(this, LogLevel.INFO, ...args);\r\n }\r\n warn(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.WARN, ...args);\r\n this._logHandler(this, LogLevel.WARN, ...args);\r\n }\r\n error(...args) {\r\n this._userLogHandler && this._userLogHandler(this, LogLevel.ERROR, ...args);\r\n this._logHandler(this, LogLevel.ERROR, ...args);\r\n }\r\n}\r\nfunction setLogLevel(level) {\r\n instances.forEach(inst => {\r\n inst.setLogLevel(level);\r\n });\r\n}\r\nfunction setUserLogHandler(logCallback, options) {\r\n for (const instance of instances) {\r\n let customLogLevel = null;\r\n if (options && options.level) {\r\n customLogLevel = levelStringToEnum[options.level];\r\n }\r\n if (logCallback === null) {\r\n instance.userLogHandler = null;\r\n }\r\n else {\r\n instance.userLogHandler = (instance, level, ...args) => {\r\n const message = args\r\n .map(arg => {\r\n if (arg == null) {\r\n return null;\r\n }\r\n else if (typeof arg === 'string') {\r\n return arg;\r\n }\r\n else if (typeof arg === 'number' || typeof arg === 'boolean') {\r\n return arg.toString();\r\n }\r\n else if (arg instanceof Error) {\r\n return arg.message;\r\n }\r\n else {\r\n try {\r\n return JSON.stringify(arg);\r\n }\r\n catch (ignored) {\r\n return null;\r\n }\r\n }\r\n })\r\n .filter(arg => arg)\r\n .join(' ');\r\n if (level >= (customLogLevel !== null && customLogLevel !== void 0 ? customLogLevel : instance.logLevel)) {\r\n logCallback({\r\n level: LogLevel[level].toLowerCase(),\r\n message,\r\n args,\r\n type: instance.name\r\n });\r\n }\r\n };\r\n }\r\n }\r\n}\n\nexport { LogLevel, Logger, setLogLevel, setUserLogHandler };\n//# sourceMappingURL=index.esm2017.js.map\n","const instanceOfAny = (object, constructors) => constructors.some((c) => object instanceof c);\n\nlet idbProxyableTypes;\nlet cursorAdvanceMethods;\n// This is a function to prevent it throwing up in node environments.\nfunction getIdbProxyableTypes() {\n return (idbProxyableTypes ||\n (idbProxyableTypes = [\n IDBDatabase,\n IDBObjectStore,\n IDBIndex,\n IDBCursor,\n IDBTransaction,\n ]));\n}\n// This is a function to prevent it throwing up in node environments.\nfunction getCursorAdvanceMethods() {\n return (cursorAdvanceMethods ||\n (cursorAdvanceMethods = [\n IDBCursor.prototype.advance,\n IDBCursor.prototype.continue,\n IDBCursor.prototype.continuePrimaryKey,\n ]));\n}\nconst cursorRequestMap = new WeakMap();\nconst transactionDoneMap = new WeakMap();\nconst transactionStoreNamesMap = new WeakMap();\nconst transformCache = new WeakMap();\nconst reverseTransformCache = new WeakMap();\nfunction promisifyRequest(request) {\n const promise = new Promise((resolve, reject) => {\n const unlisten = () => {\n request.removeEventListener('success', success);\n request.removeEventListener('error', error);\n };\n const success = () => {\n resolve(wrap(request.result));\n unlisten();\n };\n const error = () => {\n reject(request.error);\n unlisten();\n };\n request.addEventListener('success', success);\n request.addEventListener('error', error);\n });\n promise\n .then((value) => {\n // Since cursoring reuses the IDBRequest (*sigh*), we cache it for later retrieval\n // (see wrapFunction).\n if (value instanceof IDBCursor) {\n cursorRequestMap.set(value, request);\n }\n // Catching to avoid \"Uncaught Promise exceptions\"\n })\n .catch(() => { });\n // This mapping exists in reverseTransformCache but doesn't doesn't exist in transformCache. This\n // is because we create many promises from a single IDBRequest.\n reverseTransformCache.set(promise, request);\n return promise;\n}\nfunction cacheDonePromiseForTransaction(tx) {\n // Early bail if we've already created a done promise for this transaction.\n if (transactionDoneMap.has(tx))\n return;\n const done = new Promise((resolve, reject) => {\n const unlisten = () => {\n tx.removeEventListener('complete', complete);\n tx.removeEventListener('error', error);\n tx.removeEventListener('abort', error);\n };\n const complete = () => {\n resolve();\n unlisten();\n };\n const error = () => {\n reject(tx.error || new DOMException('AbortError', 'AbortError'));\n unlisten();\n };\n tx.addEventListener('complete', complete);\n tx.addEventListener('error', error);\n tx.addEventListener('abort', error);\n });\n // Cache it for later retrieval.\n transactionDoneMap.set(tx, done);\n}\nlet idbProxyTraps = {\n get(target, prop, receiver) {\n if (target instanceof IDBTransaction) {\n // Special handling for transaction.done.\n if (prop === 'done')\n return transactionDoneMap.get(target);\n // Polyfill for objectStoreNames because of Edge.\n if (prop === 'objectStoreNames') {\n return target.objectStoreNames || transactionStoreNamesMap.get(target);\n }\n // Make tx.store return the only store in the transaction, or undefined if there are many.\n if (prop === 'store') {\n return receiver.objectStoreNames[1]\n ? undefined\n : receiver.objectStore(receiver.objectStoreNames[0]);\n }\n }\n // Else transform whatever we get back.\n return wrap(target[prop]);\n },\n set(target, prop, value) {\n target[prop] = value;\n return true;\n },\n has(target, prop) {\n if (target instanceof IDBTransaction &&\n (prop === 'done' || prop === 'store')) {\n return true;\n }\n return prop in target;\n },\n};\nfunction replaceTraps(callback) {\n idbProxyTraps = callback(idbProxyTraps);\n}\nfunction wrapFunction(func) {\n // Due to expected object equality (which is enforced by the caching in `wrap`), we\n // only create one new func per func.\n // Edge doesn't support objectStoreNames (booo), so we polyfill it here.\n if (func === IDBDatabase.prototype.transaction &&\n !('objectStoreNames' in IDBTransaction.prototype)) {\n return function (storeNames, ...args) {\n const tx = func.call(unwrap(this), storeNames, ...args);\n transactionStoreNamesMap.set(tx, storeNames.sort ? storeNames.sort() : [storeNames]);\n return wrap(tx);\n };\n }\n // Cursor methods are special, as the behaviour is a little more different to standard IDB. In\n // IDB, you advance the cursor and wait for a new 'success' on the IDBRequest that gave you the\n // cursor. It's kinda like a promise that can resolve with many values. That doesn't make sense\n // with real promises, so each advance methods returns a new promise for the cursor object, or\n // undefined if the end of the cursor has been reached.\n if (getCursorAdvanceMethods().includes(func)) {\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n func.apply(unwrap(this), args);\n return wrap(cursorRequestMap.get(this));\n };\n }\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n return wrap(func.apply(unwrap(this), args));\n };\n}\nfunction transformCachableValue(value) {\n if (typeof value === 'function')\n return wrapFunction(value);\n // This doesn't return, it just creates a 'done' promise for the transaction,\n // which is later returned for transaction.done (see idbObjectHandler).\n if (value instanceof IDBTransaction)\n cacheDonePromiseForTransaction(value);\n if (instanceOfAny(value, getIdbProxyableTypes()))\n return new Proxy(value, idbProxyTraps);\n // Return the same value back if we're not going to transform it.\n return value;\n}\nfunction wrap(value) {\n // We sometimes generate multiple promises from a single IDBRequest (eg when cursoring), because\n // IDB is weird and a single IDBRequest can yield many responses, so these can't be cached.\n if (value instanceof IDBRequest)\n return promisifyRequest(value);\n // If we've already transformed this value before, reuse the transformed value.\n // This is faster, but it also provides object equality.\n if (transformCache.has(value))\n return transformCache.get(value);\n const newValue = transformCachableValue(value);\n // Not all types are transformed.\n // These may be primitive types, so they can't be WeakMap keys.\n if (newValue !== value) {\n transformCache.set(value, newValue);\n reverseTransformCache.set(newValue, value);\n }\n return newValue;\n}\nconst unwrap = (value) => reverseTransformCache.get(value);\n\nexport { reverseTransformCache as a, instanceOfAny as i, replaceTraps as r, unwrap as u, wrap as w };\n","import { w as wrap, r as replaceTraps } from './wrap-idb-value.js';\nexport { u as unwrap, w as wrap } from './wrap-idb-value.js';\n\n/**\n * Open a database.\n *\n * @param name Name of the database.\n * @param version Schema version.\n * @param callbacks Additional callbacks.\n */\nfunction openDB(name, version, { blocked, upgrade, blocking, terminated } = {}) {\n const request = indexedDB.open(name, version);\n const openPromise = wrap(request);\n if (upgrade) {\n request.addEventListener('upgradeneeded', (event) => {\n upgrade(wrap(request.result), event.oldVersion, event.newVersion, wrap(request.transaction), event);\n });\n }\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event.newVersion, event));\n }\n openPromise\n .then((db) => {\n if (terminated)\n db.addEventListener('close', () => terminated());\n if (blocking) {\n db.addEventListener('versionchange', (event) => blocking(event.oldVersion, event.newVersion, event));\n }\n })\n .catch(() => { });\n return openPromise;\n}\n/**\n * Delete a database.\n *\n * @param name Name of the database.\n */\nfunction deleteDB(name, { blocked } = {}) {\n const request = indexedDB.deleteDatabase(name);\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event));\n }\n return wrap(request).then(() => undefined);\n}\n\nconst readMethods = ['get', 'getKey', 'getAll', 'getAllKeys', 'count'];\nconst writeMethods = ['put', 'add', 'delete', 'clear'];\nconst cachedMethods = new Map();\nfunction getMethod(target, prop) {\n if (!(target instanceof IDBDatabase &&\n !(prop in target) &&\n typeof prop === 'string')) {\n return;\n }\n if (cachedMethods.get(prop))\n return cachedMethods.get(prop);\n const targetFuncName = prop.replace(/FromIndex$/, '');\n const useIndex = prop !== targetFuncName;\n const isWrite = writeMethods.includes(targetFuncName);\n if (\n // Bail if the target doesn't exist on the target. Eg, getAll isn't in Edge.\n !(targetFuncName in (useIndex ? IDBIndex : IDBObjectStore).prototype) ||\n !(isWrite || readMethods.includes(targetFuncName))) {\n return;\n }\n const method = async function (storeName, ...args) {\n // isWrite ? 'readwrite' : undefined gzipps better, but fails in Edge :(\n const tx = this.transaction(storeName, isWrite ? 'readwrite' : 'readonly');\n let target = tx.store;\n if (useIndex)\n target = target.index(args.shift());\n // Must reject if op rejects.\n // If it's a write operation, must reject if tx.done rejects.\n // Must reject with op rejection first.\n // Must resolve with op value.\n // Must handle both promises (no unhandled rejections)\n return (await Promise.all([\n target[targetFuncName](...args),\n isWrite && tx.done,\n ]))[0];\n };\n cachedMethods.set(prop, method);\n return method;\n}\nreplaceTraps((oldTraps) => ({\n ...oldTraps,\n get: (target, prop, receiver) => getMethod(target, prop) || oldTraps.get(target, prop, receiver),\n has: (target, prop) => !!getMethod(target, prop) || oldTraps.has(target, prop),\n}));\n\nexport { deleteDB, openDB };\n","import { Component, ComponentContainer } from '@firebase/component';\nimport { Logger, setUserLogHandler, setLogLevel as setLogLevel$1 } from '@firebase/logger';\nimport { ErrorFactory, getDefaultAppConfig, deepEqual, isBrowser, isWebWorker, FirebaseError, base64urlEncodeWithoutPadding, isIndexedDBAvailable, validateIndexedDBOpenable } from '@firebase/util';\nexport { FirebaseError } from '@firebase/util';\nimport { openDB } from 'idb';\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass PlatformLoggerServiceImpl {\r\n constructor(container) {\r\n this.container = container;\r\n }\r\n // In initial implementation, this will be called by installations on\r\n // auth token refresh, and installations will send this string.\r\n getPlatformInfoString() {\r\n const providers = this.container.getProviders();\r\n // Loop through providers and get library/version pairs from any that are\r\n // version components.\r\n return providers\r\n .map(provider => {\r\n if (isVersionServiceProvider(provider)) {\r\n const service = provider.getImmediate();\r\n return `${service.library}/${service.version}`;\r\n }\r\n else {\r\n return null;\r\n }\r\n })\r\n .filter(logString => logString)\r\n .join(' ');\r\n }\r\n}\r\n/**\r\n *\r\n * @param provider check if this provider provides a VersionService\r\n *\r\n * NOTE: Using Provider<'app-version'> is a hack to indicate that the provider\r\n * provides VersionService. The provider is not necessarily a 'app-version'\r\n * provider.\r\n */\r\nfunction isVersionServiceProvider(provider) {\r\n const component = provider.getComponent();\r\n return (component === null || component === void 0 ? void 0 : component.type) === \"VERSION\" /* ComponentType.VERSION */;\r\n}\n\nconst name$q = \"@firebase/app\";\nconst version$1 = \"0.10.13\";\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst logger = new Logger('@firebase/app');\n\nconst name$p = \"@firebase/app-compat\";\n\nconst name$o = \"@firebase/analytics-compat\";\n\nconst name$n = \"@firebase/analytics\";\n\nconst name$m = \"@firebase/app-check-compat\";\n\nconst name$l = \"@firebase/app-check\";\n\nconst name$k = \"@firebase/auth\";\n\nconst name$j = \"@firebase/auth-compat\";\n\nconst name$i = \"@firebase/database\";\n\nconst name$h = \"@firebase/data-connect\";\n\nconst name$g = \"@firebase/database-compat\";\n\nconst name$f = \"@firebase/functions\";\n\nconst name$e = \"@firebase/functions-compat\";\n\nconst name$d = \"@firebase/installations\";\n\nconst name$c = \"@firebase/installations-compat\";\n\nconst name$b = \"@firebase/messaging\";\n\nconst name$a = \"@firebase/messaging-compat\";\n\nconst name$9 = \"@firebase/performance\";\n\nconst name$8 = \"@firebase/performance-compat\";\n\nconst name$7 = \"@firebase/remote-config\";\n\nconst name$6 = \"@firebase/remote-config-compat\";\n\nconst name$5 = \"@firebase/storage\";\n\nconst name$4 = \"@firebase/storage-compat\";\n\nconst name$3 = \"@firebase/firestore\";\n\nconst name$2 = \"@firebase/vertexai-preview\";\n\nconst name$1 = \"@firebase/firestore-compat\";\n\nconst name = \"firebase\";\nconst version = \"10.14.1\";\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * The default app name\r\n *\r\n * @internal\r\n */\r\nconst DEFAULT_ENTRY_NAME = '[DEFAULT]';\r\nconst PLATFORM_LOG_STRING = {\r\n [name$q]: 'fire-core',\r\n [name$p]: 'fire-core-compat',\r\n [name$n]: 'fire-analytics',\r\n [name$o]: 'fire-analytics-compat',\r\n [name$l]: 'fire-app-check',\r\n [name$m]: 'fire-app-check-compat',\r\n [name$k]: 'fire-auth',\r\n [name$j]: 'fire-auth-compat',\r\n [name$i]: 'fire-rtdb',\r\n [name$h]: 'fire-data-connect',\r\n [name$g]: 'fire-rtdb-compat',\r\n [name$f]: 'fire-fn',\r\n [name$e]: 'fire-fn-compat',\r\n [name$d]: 'fire-iid',\r\n [name$c]: 'fire-iid-compat',\r\n [name$b]: 'fire-fcm',\r\n [name$a]: 'fire-fcm-compat',\r\n [name$9]: 'fire-perf',\r\n [name$8]: 'fire-perf-compat',\r\n [name$7]: 'fire-rc',\r\n [name$6]: 'fire-rc-compat',\r\n [name$5]: 'fire-gcs',\r\n [name$4]: 'fire-gcs-compat',\r\n [name$3]: 'fire-fst',\r\n [name$1]: 'fire-fst-compat',\r\n [name$2]: 'fire-vertex',\r\n 'fire-js': 'fire-js',\r\n [name]: 'fire-js-all'\r\n};\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * @internal\r\n */\r\nconst _apps = new Map();\r\n/**\r\n * @internal\r\n */\r\nconst _serverApps = new Map();\r\n/**\r\n * Registered components.\r\n *\r\n * @internal\r\n */\r\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\r\nconst _components = new Map();\r\n/**\r\n * @param component - the component being added to this app's container\r\n *\r\n * @internal\r\n */\r\nfunction _addComponent(app, component) {\r\n try {\r\n app.container.addComponent(component);\r\n }\r\n catch (e) {\r\n logger.debug(`Component ${component.name} failed to register with FirebaseApp ${app.name}`, e);\r\n }\r\n}\r\n/**\r\n *\r\n * @internal\r\n */\r\nfunction _addOrOverwriteComponent(app, component) {\r\n app.container.addOrOverwriteComponent(component);\r\n}\r\n/**\r\n *\r\n * @param component - the component to register\r\n * @returns whether or not the component is registered successfully\r\n *\r\n * @internal\r\n */\r\nfunction _registerComponent(component) {\r\n const componentName = component.name;\r\n if (_components.has(componentName)) {\r\n logger.debug(`There were multiple attempts to register component ${componentName}.`);\r\n return false;\r\n }\r\n _components.set(componentName, component);\r\n // add the component to existing app instances\r\n for (const app of _apps.values()) {\r\n _addComponent(app, component);\r\n }\r\n for (const serverApp of _serverApps.values()) {\r\n _addComponent(serverApp, component);\r\n }\r\n return true;\r\n}\r\n/**\r\n *\r\n * @param app - FirebaseApp instance\r\n * @param name - service name\r\n *\r\n * @returns the provider for the service with the matching name\r\n *\r\n * @internal\r\n */\r\nfunction _getProvider(app, name) {\r\n const heartbeatController = app.container\r\n .getProvider('heartbeat')\r\n .getImmediate({ optional: true });\r\n if (heartbeatController) {\r\n void heartbeatController.triggerHeartbeat();\r\n }\r\n return app.container.getProvider(name);\r\n}\r\n/**\r\n *\r\n * @param app - FirebaseApp instance\r\n * @param name - service name\r\n * @param instanceIdentifier - service instance identifier in case the service supports multiple instances\r\n *\r\n * @internal\r\n */\r\nfunction _removeServiceInstance(app, name, instanceIdentifier = DEFAULT_ENTRY_NAME) {\r\n _getProvider(app, name).clearInstance(instanceIdentifier);\r\n}\r\n/**\r\n *\r\n * @param obj - an object of type FirebaseApp or FirebaseOptions.\r\n *\r\n * @returns true if the provide object is of type FirebaseApp.\r\n *\r\n * @internal\r\n */\r\nfunction _isFirebaseApp(obj) {\r\n return obj.options !== undefined;\r\n}\r\n/**\r\n *\r\n * @param obj - an object of type FirebaseApp.\r\n *\r\n * @returns true if the provided object is of type FirebaseServerAppImpl.\r\n *\r\n * @internal\r\n */\r\nfunction _isFirebaseServerApp(obj) {\r\n return obj.settings !== undefined;\r\n}\r\n/**\r\n * Test only\r\n *\r\n * @internal\r\n */\r\nfunction _clearComponents() {\r\n _components.clear();\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst ERRORS = {\r\n [\"no-app\" /* AppError.NO_APP */]: \"No Firebase App '{$appName}' has been created - \" +\r\n 'call initializeApp() first',\r\n [\"bad-app-name\" /* AppError.BAD_APP_NAME */]: \"Illegal App name: '{$appName}'\",\r\n [\"duplicate-app\" /* AppError.DUPLICATE_APP */]: \"Firebase App named '{$appName}' already exists with different options or config\",\r\n [\"app-deleted\" /* AppError.APP_DELETED */]: \"Firebase App named '{$appName}' already deleted\",\r\n [\"server-app-deleted\" /* AppError.SERVER_APP_DELETED */]: 'Firebase Server App has been deleted',\r\n [\"no-options\" /* AppError.NO_OPTIONS */]: 'Need to provide options, when not being deployed to hosting via source.',\r\n [\"invalid-app-argument\" /* AppError.INVALID_APP_ARGUMENT */]: 'firebase.{$appName}() takes either no argument or a ' +\r\n 'Firebase App instance.',\r\n [\"invalid-log-argument\" /* AppError.INVALID_LOG_ARGUMENT */]: 'First argument to `onLog` must be null or a function.',\r\n [\"idb-open\" /* AppError.IDB_OPEN */]: 'Error thrown when opening IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"idb-get\" /* AppError.IDB_GET */]: 'Error thrown when reading from IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"idb-set\" /* AppError.IDB_WRITE */]: 'Error thrown when writing to IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"idb-delete\" /* AppError.IDB_DELETE */]: 'Error thrown when deleting from IndexedDB. Original error: {$originalErrorMessage}.',\r\n [\"finalization-registry-not-supported\" /* AppError.FINALIZATION_REGISTRY_NOT_SUPPORTED */]: 'FirebaseServerApp deleteOnDeref field defined but the JS runtime does not support FinalizationRegistry.',\r\n [\"invalid-server-app-environment\" /* AppError.INVALID_SERVER_APP_ENVIRONMENT */]: 'FirebaseServerApp is not for use in browser environments.'\r\n};\r\nconst ERROR_FACTORY = new ErrorFactory('app', 'Firebase', ERRORS);\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass FirebaseAppImpl {\r\n constructor(options, config, container) {\r\n this._isDeleted = false;\r\n this._options = Object.assign({}, options);\r\n this._config = Object.assign({}, config);\r\n this._name = config.name;\r\n this._automaticDataCollectionEnabled =\r\n config.automaticDataCollectionEnabled;\r\n this._container = container;\r\n this.container.addComponent(new Component('app', () => this, \"PUBLIC\" /* ComponentType.PUBLIC */));\r\n }\r\n get automaticDataCollectionEnabled() {\r\n this.checkDestroyed();\r\n return this._automaticDataCollectionEnabled;\r\n }\r\n set automaticDataCollectionEnabled(val) {\r\n this.checkDestroyed();\r\n this._automaticDataCollectionEnabled = val;\r\n }\r\n get name() {\r\n this.checkDestroyed();\r\n return this._name;\r\n }\r\n get options() {\r\n this.checkDestroyed();\r\n return this._options;\r\n }\r\n get config() {\r\n this.checkDestroyed();\r\n return this._config;\r\n }\r\n get container() {\r\n return this._container;\r\n }\r\n get isDeleted() {\r\n return this._isDeleted;\r\n }\r\n set isDeleted(val) {\r\n this._isDeleted = val;\r\n }\r\n /**\r\n * This function will throw an Error if the App has already been deleted -\r\n * use before performing API actions on the App.\r\n */\r\n checkDestroyed() {\r\n if (this.isDeleted) {\r\n throw ERROR_FACTORY.create(\"app-deleted\" /* AppError.APP_DELETED */, { appName: this._name });\r\n }\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2023 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nclass FirebaseServerAppImpl extends FirebaseAppImpl {\r\n constructor(options, serverConfig, name, container) {\r\n // Build configuration parameters for the FirebaseAppImpl base class.\r\n const automaticDataCollectionEnabled = serverConfig.automaticDataCollectionEnabled !== undefined\r\n ? serverConfig.automaticDataCollectionEnabled\r\n : false;\r\n // Create the FirebaseAppSettings object for the FirebaseAppImp constructor.\r\n const config = {\r\n name,\r\n automaticDataCollectionEnabled\r\n };\r\n if (options.apiKey !== undefined) {\r\n // Construct the parent FirebaseAppImp object.\r\n super(options, config, container);\r\n }\r\n else {\r\n const appImpl = options;\r\n super(appImpl.options, config, container);\r\n }\r\n // Now construct the data for the FirebaseServerAppImpl.\r\n this._serverConfig = Object.assign({ automaticDataCollectionEnabled }, serverConfig);\r\n this._finalizationRegistry = null;\r\n if (typeof FinalizationRegistry !== 'undefined') {\r\n this._finalizationRegistry = new FinalizationRegistry(() => {\r\n this.automaticCleanup();\r\n });\r\n }\r\n this._refCount = 0;\r\n this.incRefCount(this._serverConfig.releaseOnDeref);\r\n // Do not retain a hard reference to the dref object, otherwise the FinalizationRegistry\r\n // will never trigger.\r\n this._serverConfig.releaseOnDeref = undefined;\r\n serverConfig.releaseOnDeref = undefined;\r\n registerVersion(name$q, version$1, 'serverapp');\r\n }\r\n toJSON() {\r\n return undefined;\r\n }\r\n get refCount() {\r\n return this._refCount;\r\n }\r\n // Increment the reference count of this server app. If an object is provided, register it\r\n // with the finalization registry.\r\n incRefCount(obj) {\r\n if (this.isDeleted) {\r\n return;\r\n }\r\n this._refCount++;\r\n if (obj !== undefined && this._finalizationRegistry !== null) {\r\n this._finalizationRegistry.register(obj, this);\r\n }\r\n }\r\n // Decrement the reference count.\r\n decRefCount() {\r\n if (this.isDeleted) {\r\n return 0;\r\n }\r\n return --this._refCount;\r\n }\r\n // Invoked by the FinalizationRegistry callback to note that this app should go through its\r\n // reference counts and delete itself if no reference count remain. The coordinating logic that\r\n // handles this is in deleteApp(...).\r\n automaticCleanup() {\r\n void deleteApp(this);\r\n }\r\n get settings() {\r\n this.checkDestroyed();\r\n return this._serverConfig;\r\n }\r\n /**\r\n * This function will throw an Error if the App has already been deleted -\r\n * use before performing API actions on the App.\r\n */\r\n checkDestroyed() {\r\n if (this.isDeleted) {\r\n throw ERROR_FACTORY.create(\"server-app-deleted\" /* AppError.SERVER_APP_DELETED */);\r\n }\r\n }\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\n/**\r\n * The current SDK version.\r\n *\r\n * @public\r\n */\r\nconst SDK_VERSION = version;\r\nfunction initializeApp(_options, rawConfig = {}) {\r\n let options = _options;\r\n if (typeof rawConfig !== 'object') {\r\n const name = rawConfig;\r\n rawConfig = { name };\r\n }\r\n const config = Object.assign({ name: DEFAULT_ENTRY_NAME, automaticDataCollectionEnabled: false }, rawConfig);\r\n const name = config.name;\r\n if (typeof name !== 'string' || !name) {\r\n throw ERROR_FACTORY.create(\"bad-app-name\" /* AppError.BAD_APP_NAME */, {\r\n appName: String(name)\r\n });\r\n }\r\n options || (options = getDefaultAppConfig());\r\n if (!options) {\r\n throw ERROR_FACTORY.create(\"no-options\" /* AppError.NO_OPTIONS */);\r\n }\r\n const existingApp = _apps.get(name);\r\n if (existingApp) {\r\n // return the existing app if options and config deep equal the ones in the existing app.\r\n if (deepEqual(options, existingApp.options) &&\r\n deepEqual(config, existingApp.config)) {\r\n return existingApp;\r\n }\r\n else {\r\n throw ERROR_FACTORY.create(\"duplicate-app\" /* AppError.DUPLICATE_APP */, { appName: name });\r\n }\r\n }\r\n const container = new ComponentContainer(name);\r\n for (const component of _components.values()) {\r\n container.addComponent(component);\r\n }\r\n const newApp = new FirebaseAppImpl(options, config, container);\r\n _apps.set(name, newApp);\r\n return newApp;\r\n}\r\nfunction initializeServerApp(_options, _serverAppConfig) {\r\n if (isBrowser() && !isWebWorker()) {\r\n // FirebaseServerApp isn't designed to be run in browsers.\r\n throw ERROR_FACTORY.create(\"invalid-server-app-environment\" /* AppError.INVALID_SERVER_APP_ENVIRONMENT */);\r\n }\r\n if (_serverAppConfig.automaticDataCollectionEnabled === undefined) {\r\n _serverAppConfig.automaticDataCollectionEnabled = false;\r\n }\r\n let appOptions;\r\n if (_isFirebaseApp(_options)) {\r\n appOptions = _options.options;\r\n }\r\n else {\r\n appOptions = _options;\r\n }\r\n // Build an app name based on a hash of the configuration options.\r\n const nameObj = Object.assign(Object.assign({}, _serverAppConfig), appOptions);\r\n // However, Do not mangle the name based on releaseOnDeref, since it will vary between the\r\n // construction of FirebaseServerApp instances. For example, if the object is the request headers.\r\n if (nameObj.releaseOnDeref !== undefined) {\r\n delete nameObj.releaseOnDeref;\r\n }\r\n const hashCode = (s) => {\r\n return [...s].reduce((hash, c) => (Math.imul(31, hash) + c.charCodeAt(0)) | 0, 0);\r\n };\r\n if (_serverAppConfig.releaseOnDeref !== undefined) {\r\n if (typeof FinalizationRegistry === 'undefined') {\r\n throw ERROR_FACTORY.create(\"finalization-registry-not-supported\" /* AppError.FINALIZATION_REGISTRY_NOT_SUPPORTED */, {});\r\n }\r\n }\r\n const nameString = '' + hashCode(JSON.stringify(nameObj));\r\n const existingApp = _serverApps.get(nameString);\r\n if (existingApp) {\r\n existingApp.incRefCount(_serverAppConfig.releaseOnDeref);\r\n return existingApp;\r\n }\r\n const container = new ComponentContainer(nameString);\r\n for (const component of _components.values()) {\r\n container.addComponent(component);\r\n }\r\n const newApp = new FirebaseServerAppImpl(appOptions, _serverAppConfig, nameString, container);\r\n _serverApps.set(nameString, newApp);\r\n return newApp;\r\n}\r\n/**\r\n * Retrieves a {@link @firebase/app#FirebaseApp} instance.\r\n *\r\n * When called with no arguments, the default app is returned. When an app name\r\n * is provided, the app corresponding to that name is returned.\r\n *\r\n * An exception is thrown if the app being retrieved has not yet been\r\n * initialized.\r\n *\r\n * @example\r\n * ```javascript\r\n * // Return the default app\r\n * const app = getApp();\r\n * ```\r\n *\r\n * @example\r\n * ```javascript\r\n * // Return a named app\r\n * const otherApp = getApp(\"otherApp\");\r\n * ```\r\n *\r\n * @param name - Optional name of the app to return. If no name is\r\n * provided, the default is `\"[DEFAULT]\"`.\r\n *\r\n * @returns The app corresponding to the provided app name.\r\n * If no app name is provided, the default app is returned.\r\n *\r\n * @public\r\n */\r\nfunction getApp(name = DEFAULT_ENTRY_NAME) {\r\n const app = _apps.get(name);\r\n if (!app && name === DEFAULT_ENTRY_NAME && getDefaultAppConfig()) {\r\n return initializeApp();\r\n }\r\n if (!app) {\r\n throw ERROR_FACTORY.create(\"no-app\" /* AppError.NO_APP */, { appName: name });\r\n }\r\n return app;\r\n}\r\n/**\r\n * A (read-only) array of all initialized apps.\r\n * @public\r\n */\r\nfunction getApps() {\r\n return Array.from(_apps.values());\r\n}\r\n/**\r\n * Renders this app unusable and frees the resources of all associated\r\n * services.\r\n *\r\n * @example\r\n * ```javascript\r\n * deleteApp(app)\r\n * .then(function() {\r\n * console.log(\"App deleted successfully\");\r\n * })\r\n * .catch(function(error) {\r\n * console.log(\"Error deleting app:\", error);\r\n * });\r\n * ```\r\n *\r\n * @public\r\n */\r\nasync function deleteApp(app) {\r\n let cleanupProviders = false;\r\n const name = app.name;\r\n if (_apps.has(name)) {\r\n cleanupProviders = true;\r\n _apps.delete(name);\r\n }\r\n else if (_serverApps.has(name)) {\r\n const firebaseServerApp = app;\r\n if (firebaseServerApp.decRefCount() <= 0) {\r\n _serverApps.delete(name);\r\n cleanupProviders = true;\r\n }\r\n }\r\n if (cleanupProviders) {\r\n await Promise.all(app.container\r\n .getProviders()\r\n .map(provider => provider.delete()));\r\n app.isDeleted = true;\r\n }\r\n}\r\n/**\r\n * Registers a library's name and version for platform logging purposes.\r\n * @param library - Name of 1p or 3p library (e.g. firestore, angularfire)\r\n * @param version - Current version of that library.\r\n * @param variant - Bundle variant, e.g., node, rn, etc.\r\n *\r\n * @public\r\n */\r\nfunction registerVersion(libraryKeyOrName, version, variant) {\r\n var _a;\r\n // TODO: We can use this check to whitelist strings when/if we set up\r\n // a good whitelist system.\r\n let library = (_a = PLATFORM_LOG_STRING[libraryKeyOrName]) !== null && _a !== void 0 ? _a : libraryKeyOrName;\r\n if (variant) {\r\n library += `-${variant}`;\r\n }\r\n const libraryMismatch = library.match(/\\s|\\//);\r\n const versionMismatch = version.match(/\\s|\\//);\r\n if (libraryMismatch || versionMismatch) {\r\n const warning = [\r\n `Unable to register library \"${library}\" with version \"${version}\":`\r\n ];\r\n if (libraryMismatch) {\r\n warning.push(`library name \"${library}\" contains illegal characters (whitespace or \"/\")`);\r\n }\r\n if (libraryMismatch && versionMismatch) {\r\n warning.push('and');\r\n }\r\n if (versionMismatch) {\r\n warning.push(`version name \"${version}\" contains illegal characters (whitespace or \"/\")`);\r\n }\r\n logger.warn(warning.join(' '));\r\n return;\r\n }\r\n _registerComponent(new Component(`${library}-version`, () => ({ library, version }), \"VERSION\" /* ComponentType.VERSION */));\r\n}\r\n/**\r\n * Sets log handler for all Firebase SDKs.\r\n * @param logCallback - An optional custom log handler that executes user code whenever\r\n * the Firebase SDK makes a logging call.\r\n *\r\n * @public\r\n */\r\nfunction onLog(logCallback, options) {\r\n if (logCallback !== null && typeof logCallback !== 'function') {\r\n throw ERROR_FACTORY.create(\"invalid-log-argument\" /* AppError.INVALID_LOG_ARGUMENT */);\r\n }\r\n setUserLogHandler(logCallback, options);\r\n}\r\n/**\r\n * Sets log level for all Firebase SDKs.\r\n *\r\n * All of the log types above the current log level are captured (i.e. if\r\n * you set the log level to `info`, errors are logged, but `debug` and\r\n * `verbose` logs are not).\r\n *\r\n * @public\r\n */\r\nfunction setLogLevel(logLevel) {\r\n setLogLevel$1(logLevel);\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst DB_NAME = 'firebase-heartbeat-database';\r\nconst DB_VERSION = 1;\r\nconst STORE_NAME = 'firebase-heartbeat-store';\r\nlet dbPromise = null;\r\nfunction getDbPromise() {\r\n if (!dbPromise) {\r\n dbPromise = openDB(DB_NAME, DB_VERSION, {\r\n upgrade: (db, oldVersion) => {\r\n // We don't use 'break' in this switch statement, the fall-through\r\n // behavior is what we want, because if there are multiple versions between\r\n // the old version and the current version, we want ALL the migrations\r\n // that correspond to those versions to run, not only the last one.\r\n // eslint-disable-next-line default-case\r\n switch (oldVersion) {\r\n case 0:\r\n try {\r\n db.createObjectStore(STORE_NAME);\r\n }\r\n catch (e) {\r\n // Safari/iOS browsers throw occasional exceptions on\r\n // db.createObjectStore() that may be a bug. Avoid blocking\r\n // the rest of the app functionality.\r\n console.warn(e);\r\n }\r\n }\r\n }\r\n }).catch(e => {\r\n throw ERROR_FACTORY.create(\"idb-open\" /* AppError.IDB_OPEN */, {\r\n originalErrorMessage: e.message\r\n });\r\n });\r\n }\r\n return dbPromise;\r\n}\r\nasync function readHeartbeatsFromIndexedDB(app) {\r\n try {\r\n const db = await getDbPromise();\r\n const tx = db.transaction(STORE_NAME);\r\n const result = await tx.objectStore(STORE_NAME).get(computeKey(app));\r\n // We already have the value but tx.done can throw,\r\n // so we need to await it here to catch errors\r\n await tx.done;\r\n return result;\r\n }\r\n catch (e) {\r\n if (e instanceof FirebaseError) {\r\n logger.warn(e.message);\r\n }\r\n else {\r\n const idbGetError = ERROR_FACTORY.create(\"idb-get\" /* AppError.IDB_GET */, {\r\n originalErrorMessage: e === null || e === void 0 ? void 0 : e.message\r\n });\r\n logger.warn(idbGetError.message);\r\n }\r\n }\r\n}\r\nasync function writeHeartbeatsToIndexedDB(app, heartbeatObject) {\r\n try {\r\n const db = await getDbPromise();\r\n const tx = db.transaction(STORE_NAME, 'readwrite');\r\n const objectStore = tx.objectStore(STORE_NAME);\r\n await objectStore.put(heartbeatObject, computeKey(app));\r\n await tx.done;\r\n }\r\n catch (e) {\r\n if (e instanceof FirebaseError) {\r\n logger.warn(e.message);\r\n }\r\n else {\r\n const idbGetError = ERROR_FACTORY.create(\"idb-set\" /* AppError.IDB_WRITE */, {\r\n originalErrorMessage: e === null || e === void 0 ? void 0 : e.message\r\n });\r\n logger.warn(idbGetError.message);\r\n }\r\n }\r\n}\r\nfunction computeKey(app) {\r\n return `${app.name}!${app.options.appId}`;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2021 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nconst MAX_HEADER_BYTES = 1024;\r\n// 30 days\r\nconst STORED_HEARTBEAT_RETENTION_MAX_MILLIS = 30 * 24 * 60 * 60 * 1000;\r\nclass HeartbeatServiceImpl {\r\n constructor(container) {\r\n this.container = container;\r\n /**\r\n * In-memory cache for heartbeats, used by getHeartbeatsHeader() to generate\r\n * the header string.\r\n * Stores one record per date. This will be consolidated into the standard\r\n * format of one record per user agent string before being sent as a header.\r\n * Populated from indexedDB when the controller is instantiated and should\r\n * be kept in sync with indexedDB.\r\n * Leave public for easier testing.\r\n */\r\n this._heartbeatsCache = null;\r\n const app = this.container.getProvider('app').getImmediate();\r\n this._storage = new HeartbeatStorageImpl(app);\r\n this._heartbeatsCachePromise = this._storage.read().then(result => {\r\n this._heartbeatsCache = result;\r\n return result;\r\n });\r\n }\r\n /**\r\n * Called to report a heartbeat. The function will generate\r\n * a HeartbeatsByUserAgent object, update heartbeatsCache, and persist it\r\n * to IndexedDB.\r\n * Note that we only store one heartbeat per day. So if a heartbeat for today is\r\n * already logged, subsequent calls to this function in the same day will be ignored.\r\n */\r\n async triggerHeartbeat() {\r\n var _a, _b;\r\n try {\r\n const platformLogger = this.container\r\n .getProvider('platform-logger')\r\n .getImmediate();\r\n // This is the \"Firebase user agent\" string from the platform logger\r\n // service, not the browser user agent.\r\n const agent = platformLogger.getPlatformInfoString();\r\n const date = getUTCDateString();\r\n if (((_a = this._heartbeatsCache) === null || _a === void 0 ? void 0 : _a.heartbeats) == null) {\r\n this._heartbeatsCache = await this._heartbeatsCachePromise;\r\n // If we failed to construct a heartbeats cache, then return immediately.\r\n if (((_b = this._heartbeatsCache) === null || _b === void 0 ? void 0 : _b.heartbeats) == null) {\r\n return;\r\n }\r\n }\r\n // Do not store a heartbeat if one is already stored for this day\r\n // or if a header has already been sent today.\r\n if (this._heartbeatsCache.lastSentHeartbeatDate === date ||\r\n this._heartbeatsCache.heartbeats.some(singleDateHeartbeat => singleDateHeartbeat.date === date)) {\r\n return;\r\n }\r\n else {\r\n // There is no entry for this date. Create one.\r\n this._heartbeatsCache.heartbeats.push({ date, agent });\r\n }\r\n // Remove entries older than 30 days.\r\n this._heartbeatsCache.heartbeats =\r\n this._heartbeatsCache.heartbeats.filter(singleDateHeartbeat => {\r\n const hbTimestamp = new Date(singleDateHeartbeat.date).valueOf();\r\n const now = Date.now();\r\n return now - hbTimestamp <= STORED_HEARTBEAT_RETENTION_MAX_MILLIS;\r\n });\r\n return this._storage.overwrite(this._heartbeatsCache);\r\n }\r\n catch (e) {\r\n logger.warn(e);\r\n }\r\n }\r\n /**\r\n * Returns a base64 encoded string which can be attached to the heartbeat-specific header directly.\r\n * It also clears all heartbeats from memory as well as in IndexedDB.\r\n *\r\n * NOTE: Consuming product SDKs should not send the header if this method\r\n * returns an empty string.\r\n */\r\n async getHeartbeatsHeader() {\r\n var _a;\r\n try {\r\n if (this._heartbeatsCache === null) {\r\n await this._heartbeatsCachePromise;\r\n }\r\n // If it's still null or the array is empty, there is no data to send.\r\n if (((_a = this._heartbeatsCache) === null || _a === void 0 ? void 0 : _a.heartbeats) == null ||\r\n this._heartbeatsCache.heartbeats.length === 0) {\r\n return '';\r\n }\r\n const date = getUTCDateString();\r\n // Extract as many heartbeats from the cache as will fit under the size limit.\r\n const { heartbeatsToSend, unsentEntries } = extractHeartbeatsForHeader(this._heartbeatsCache.heartbeats);\r\n const headerString = base64urlEncodeWithoutPadding(JSON.stringify({ version: 2, heartbeats: heartbeatsToSend }));\r\n // Store last sent date to prevent another being logged/sent for the same day.\r\n this._heartbeatsCache.lastSentHeartbeatDate = date;\r\n if (unsentEntries.length > 0) {\r\n // Store any unsent entries if they exist.\r\n this._heartbeatsCache.heartbeats = unsentEntries;\r\n // This seems more likely than emptying the array (below) to lead to some odd state\r\n // since the cache isn't empty and this will be called again on the next request,\r\n // and is probably safest if we await it.\r\n await this._storage.overwrite(this._heartbeatsCache);\r\n }\r\n else {\r\n this._heartbeatsCache.heartbeats = [];\r\n // Do not wait for this, to reduce latency.\r\n void this._storage.overwrite(this._heartbeatsCache);\r\n }\r\n return headerString;\r\n }\r\n catch (e) {\r\n logger.warn(e);\r\n return '';\r\n }\r\n }\r\n}\r\nfunction getUTCDateString() {\r\n const today = new Date();\r\n // Returns date format 'YYYY-MM-DD'\r\n return today.toISOString().substring(0, 10);\r\n}\r\nfunction extractHeartbeatsForHeader(heartbeatsCache, maxSize = MAX_HEADER_BYTES) {\r\n // Heartbeats grouped by user agent in the standard format to be sent in\r\n // the header.\r\n const heartbeatsToSend = [];\r\n // Single date format heartbeats that are not sent.\r\n let unsentEntries = heartbeatsCache.slice();\r\n for (const singleDateHeartbeat of heartbeatsCache) {\r\n // Look for an existing entry with the same user agent.\r\n const heartbeatEntry = heartbeatsToSend.find(hb => hb.agent === singleDateHeartbeat.agent);\r\n if (!heartbeatEntry) {\r\n // If no entry for this user agent exists, create one.\r\n heartbeatsToSend.push({\r\n agent: singleDateHeartbeat.agent,\r\n dates: [singleDateHeartbeat.date]\r\n });\r\n if (countBytes(heartbeatsToSend) > maxSize) {\r\n // If the header would exceed max size, remove the added heartbeat\r\n // entry and stop adding to the header.\r\n heartbeatsToSend.pop();\r\n break;\r\n }\r\n }\r\n else {\r\n heartbeatEntry.dates.push(singleDateHeartbeat.date);\r\n // If the header would exceed max size, remove the added date\r\n // and stop adding to the header.\r\n if (countBytes(heartbeatsToSend) > maxSize) {\r\n heartbeatEntry.dates.pop();\r\n break;\r\n }\r\n }\r\n // Pop unsent entry from queue. (Skipped if adding the entry exceeded\r\n // quota and the loop breaks early.)\r\n unsentEntries = unsentEntries.slice(1);\r\n }\r\n return {\r\n heartbeatsToSend,\r\n unsentEntries\r\n };\r\n}\r\nclass HeartbeatStorageImpl {\r\n constructor(app) {\r\n this.app = app;\r\n this._canUseIndexedDBPromise = this.runIndexedDBEnvironmentCheck();\r\n }\r\n async runIndexedDBEnvironmentCheck() {\r\n if (!isIndexedDBAvailable()) {\r\n return false;\r\n }\r\n else {\r\n return validateIndexedDBOpenable()\r\n .then(() => true)\r\n .catch(() => false);\r\n }\r\n }\r\n /**\r\n * Read all heartbeats.\r\n */\r\n async read() {\r\n const canUseIndexedDB = await this._canUseIndexedDBPromise;\r\n if (!canUseIndexedDB) {\r\n return { heartbeats: [] };\r\n }\r\n else {\r\n const idbHeartbeatObject = await readHeartbeatsFromIndexedDB(this.app);\r\n if (idbHeartbeatObject === null || idbHeartbeatObject === void 0 ? void 0 : idbHeartbeatObject.heartbeats) {\r\n return idbHeartbeatObject;\r\n }\r\n else {\r\n return { heartbeats: [] };\r\n }\r\n }\r\n }\r\n // overwrite the storage with the provided heartbeats\r\n async overwrite(heartbeatsObject) {\r\n var _a;\r\n const canUseIndexedDB = await this._canUseIndexedDBPromise;\r\n if (!canUseIndexedDB) {\r\n return;\r\n }\r\n else {\r\n const existingHeartbeatsObject = await this.read();\r\n return writeHeartbeatsToIndexedDB(this.app, {\r\n lastSentHeartbeatDate: (_a = heartbeatsObject.lastSentHeartbeatDate) !== null && _a !== void 0 ? _a : existingHeartbeatsObject.lastSentHeartbeatDate,\r\n heartbeats: heartbeatsObject.heartbeats\r\n });\r\n }\r\n }\r\n // add heartbeats\r\n async add(heartbeatsObject) {\r\n var _a;\r\n const canUseIndexedDB = await this._canUseIndexedDBPromise;\r\n if (!canUseIndexedDB) {\r\n return;\r\n }\r\n else {\r\n const existingHeartbeatsObject = await this.read();\r\n return writeHeartbeatsToIndexedDB(this.app, {\r\n lastSentHeartbeatDate: (_a = heartbeatsObject.lastSentHeartbeatDate) !== null && _a !== void 0 ? _a : existingHeartbeatsObject.lastSentHeartbeatDate,\r\n heartbeats: [\r\n ...existingHeartbeatsObject.heartbeats,\r\n ...heartbeatsObject.heartbeats\r\n ]\r\n });\r\n }\r\n }\r\n}\r\n/**\r\n * Calculate bytes of a HeartbeatsByUserAgent array after being wrapped\r\n * in a platform logging header JSON object, stringified, and converted\r\n * to base 64.\r\n */\r\nfunction countBytes(heartbeatsCache) {\r\n // base64 has a restricted set of characters, all of which should be 1 byte.\r\n return base64urlEncodeWithoutPadding(\r\n // heartbeatsCache wrapper properties\r\n JSON.stringify({ version: 2, heartbeats: heartbeatsCache })).length;\r\n}\n\n/**\r\n * @license\r\n * Copyright 2019 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nfunction registerCoreComponents(variant) {\r\n _registerComponent(new Component('platform-logger', container => new PlatformLoggerServiceImpl(container), \"PRIVATE\" /* ComponentType.PRIVATE */));\r\n _registerComponent(new Component('heartbeat', container => new HeartbeatServiceImpl(container), \"PRIVATE\" /* ComponentType.PRIVATE */));\r\n // Register `app` package.\r\n registerVersion(name$q, version$1, variant);\r\n // BUILD_TARGET will be replaced by values like esm5, esm2017, cjs5, etc during the compilation\r\n registerVersion(name$q, version$1, 'esm2017');\r\n // Register platform SDK identifier (no version).\r\n registerVersion('fire-js', '');\r\n}\n\n/**\r\n * Firebase App\r\n *\r\n * @remarks This package coordinates the communication between the different Firebase components\r\n * @packageDocumentation\r\n */\r\nregisterCoreComponents('');\n\nexport { SDK_VERSION, DEFAULT_ENTRY_NAME as _DEFAULT_ENTRY_NAME, _addComponent, _addOrOverwriteComponent, _apps, _clearComponents, _components, _getProvider, _isFirebaseApp, _isFirebaseServerApp, _registerComponent, _removeServiceInstance, _serverApps, deleteApp, getApp, getApps, initializeApp, initializeServerApp, onLog, registerVersion, setLogLevel };\n//# sourceMappingURL=index.esm2017.js.map\n","import { registerVersion } from '@firebase/app';\nexport * from '@firebase/app';\n\nvar name = \"firebase\";\nvar version = \"10.14.1\";\n\n/**\r\n * @license\r\n * Copyright 2020 Google LLC\r\n *\r\n * Licensed under the Apache License, Version 2.0 (the \"License\");\r\n * you may not use this file except in compliance with the License.\r\n * You may obtain a copy of the License at\r\n *\r\n * http://www.apache.org/licenses/LICENSE-2.0\r\n *\r\n * Unless required by applicable law or agreed to in writing, software\r\n * distributed under the License is distributed on an \"AS IS\" BASIS,\r\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n * See the License for the specific language governing permissions and\r\n * limitations under the License.\r\n */\r\nregisterVersion(name, version, 'app');\n//# sourceMappingURL=index.esm.js.map\n"],"names":["stringToByteArray$1","str","out","p","i","c","byteArrayToString","bytes","pos","c1","c2","c3","c4","u","base64","input","webSafe","byteToCharMap","output","byte1","haveByte2","byte2","haveByte3","byte3","outByte1","outByte2","outByte3","outByte4","charToByteMap","byte4","DecodeBase64StringError","base64Encode","utf8Bytes","base64urlEncodeWithoutPadding","base64Decode","getGlobal","getDefaultsFromGlobal","getDefaultsFromEnvVariable","define_process_env_default","defaultsJsonString","getDefaultsFromCookie","match","decoded","getDefaults","e","getDefaultAppConfig","_a","Deferred","resolve","reject","callback","error","value","isIndexedDBAvailable","validateIndexedDBOpenable","preExist","DB_CHECK_NAME","request","ERROR_NAME","FirebaseError","code","message","customData","ErrorFactory","service","serviceName","errors","data","fullCode","template","replaceTemplate","fullMessage","PATTERN","_","key","deepEqual","a","b","aKeys","bKeys","k","aProp","bProp","isObject","thing","Component","name","instanceFactory","type","mode","multipleInstances","props","DEFAULT_ENTRY_NAME","Provider","container","identifier","normalizedIdentifier","deferred","instance","options","optional","component","isComponentEager","instanceIdentifier","instanceDeferred","services","opts","normalizedDeferredIdentifier","existingCallbacks","existingInstance","callbacks","normalizeIdentifierForFactory","ComponentContainer","provider","LogLevel","levelStringToEnum","defaultLogLevel","ConsoleMethod","defaultLogHandler","logType","args","now","method","Logger","val","instanceOfAny","object","constructors","idbProxyableTypes","cursorAdvanceMethods","getIdbProxyableTypes","getCursorAdvanceMethods","cursorRequestMap","transactionDoneMap","transactionStoreNamesMap","transformCache","reverseTransformCache","promisifyRequest","promise","unlisten","success","wrap","cacheDonePromiseForTransaction","tx","done","complete","idbProxyTraps","target","prop","receiver","replaceTraps","wrapFunction","func","storeNames","unwrap","transformCachableValue","newValue","openDB","version","blocked","upgrade","blocking","terminated","openPromise","event","db","readMethods","writeMethods","cachedMethods","getMethod","targetFuncName","useIndex","isWrite","storeName","oldTraps","PlatformLoggerServiceImpl","isVersionServiceProvider","logString","name$q","version$1","logger","name$p","name$o","name$n","name$m","name$l","name$k","name$j","name$i","name$h","name$g","name$f","name$e","name$d","name$c","name$b","name$a","name$9","name$8","name$7","name$6","name$5","name$4","name$3","name$2","name$1","PLATFORM_LOG_STRING","_apps","_serverApps","_components","_addComponent","app","_registerComponent","componentName","serverApp","ERRORS","ERROR_FACTORY","FirebaseAppImpl","config","initializeApp","_options","rawConfig","existingApp","newApp","registerVersion","libraryKeyOrName","variant","library","libraryMismatch","versionMismatch","warning","DB_NAME","DB_VERSION","STORE_NAME","dbPromise","getDbPromise","oldVersion","readHeartbeatsFromIndexedDB","result","computeKey","idbGetError","writeHeartbeatsToIndexedDB","heartbeatObject","MAX_HEADER_BYTES","STORED_HEARTBEAT_RETENTION_MAX_MILLIS","HeartbeatServiceImpl","HeartbeatStorageImpl","_b","agent","date","getUTCDateString","singleDateHeartbeat","hbTimestamp","heartbeatsToSend","unsentEntries","extractHeartbeatsForHeader","headerString","heartbeatsCache","maxSize","heartbeatEntry","hb","countBytes","idbHeartbeatObject","heartbeatsObject","existingHeartbeatsObject","registerCoreComponents"],"mappings":"SAoEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMA,EAAsB,SAAUC,EAAK,CAEvC,MAAMC,EAAM,CAAA,EACZ,IAAIC,EAAI,EACR,QAASC,EAAI,EAAGA,EAAIH,EAAI,OAAQG,IAAK,CAC7B,IAAAC,EAAIJ,EAAI,WAAWG,CAAC,EACpBC,EAAI,IACJH,EAAIC,GAAG,EAAIE,EAENA,EAAI,MACLH,EAAAC,GAAG,EAAKE,GAAK,EAAK,IAClBH,EAAAC,GAAG,EAAKE,EAAI,GAAM,MAEhBA,EAAI,SAAY,OACtBD,EAAI,EAAIH,EAAI,SACXA,EAAI,WAAWG,EAAI,CAAC,EAAI,SAAY,OAEjCC,EAAA,QAAYA,EAAI,OAAW,KAAOJ,EAAI,WAAW,EAAEG,CAAC,EAAI,MACxDF,EAAAC,GAAG,EAAKE,GAAK,GAAM,IACvBH,EAAIC,GAAG,EAAME,GAAK,GAAM,GAAM,IAC9BH,EAAIC,GAAG,EAAME,GAAK,EAAK,GAAM,IACzBH,EAAAC,GAAG,EAAKE,EAAI,GAAM,MAGlBH,EAAAC,GAAG,EAAKE,GAAK,GAAM,IACvBH,EAAIC,GAAG,EAAME,GAAK,EAAK,GAAM,IACzBH,EAAAC,GAAG,EAAKE,EAAI,GAAM,IAE9B,CACO,OAAAH,CACX,EAOMI,GAAoB,SAAUC,EAAO,CAEvC,MAAML,EAAM,CAAA,EACR,IAAAM,EAAM,EAAGH,EAAI,EACV,KAAAG,EAAMD,EAAM,QAAQ,CACjB,MAAAE,EAAKF,EAAMC,GAAK,EACtB,GAAIC,EAAK,IACLP,EAAIG,GAAG,EAAI,OAAO,aAAaI,CAAE,UAE5BA,EAAK,KAAOA,EAAK,IAAK,CACrB,MAAAC,EAAKH,EAAMC,GAAK,EAClBN,EAAAG,GAAG,EAAI,OAAO,cAAeI,EAAK,KAAO,EAAMC,EAAK,EAAG,CAEtD,SAAAD,EAAK,KAAOA,EAAK,IAAK,CAErB,MAAAC,EAAKH,EAAMC,GAAK,EAChBG,EAAKJ,EAAMC,GAAK,EAChBI,EAAKL,EAAMC,GAAK,EAChBK,IAAOJ,EAAK,IAAM,IAAQC,EAAK,KAAO,IAAQC,EAAK,KAAO,EAAMC,EAAK,IACvE,MACJV,EAAIG,GAAG,EAAI,OAAO,aAAa,OAAUQ,GAAK,GAAG,EACjDX,EAAIG,GAAG,EAAI,OAAO,aAAa,OAAUQ,EAAI,KAAK,CAAA,KAEjD,CACK,MAAAH,EAAKH,EAAMC,GAAK,EAChBG,EAAKJ,EAAMC,GAAK,EAClBN,EAAAG,GAAG,EAAI,OAAO,cAAeI,EAAK,KAAO,IAAQC,EAAK,KAAO,EAAMC,EAAK,EAAG,CACnF,CACJ,CACO,OAAAT,EAAI,KAAK,EAAE,CACtB,EAIMY,EAAS,CAIX,eAAgB,KAIhB,eAAgB,KAKhB,sBAAuB,KAKvB,sBAAuB,KAKvB,kBAAmB,iEAInB,IAAI,cAAe,CACf,OAAO,KAAK,kBAAoB,KACpC,EAIA,IAAI,sBAAuB,CACvB,OAAO,KAAK,kBAAoB,KACpC,EAQA,mBAAoB,OAAO,MAAS,WAUpC,gBAAgBC,EAAOC,EAAS,CAC5B,GAAI,CAAC,MAAM,QAAQD,CAAK,EACpB,MAAM,MAAM,+CAA+C,EAE/D,KAAK,MAAM,EACX,MAAME,EAAgBD,EAChB,KAAK,sBACL,KAAK,eACLE,EAAS,CAAA,EACf,QAASd,EAAI,EAAGA,EAAIW,EAAM,OAAQX,GAAK,EAAG,CAChC,MAAAe,EAAQJ,EAAMX,CAAC,EACfgB,EAAYhB,EAAI,EAAIW,EAAM,OAC1BM,EAAQD,EAAYL,EAAMX,EAAI,CAAC,EAAI,EACnCkB,EAAYlB,EAAI,EAAIW,EAAM,OAC1BQ,EAAQD,EAAYP,EAAMX,EAAI,CAAC,EAAI,EACnCoB,EAAWL,GAAS,EACpBM,GAAaN,EAAQ,IAAS,EAAME,GAAS,EACnD,IAAIK,GAAaL,EAAQ,KAAS,EAAME,GAAS,EAC7CI,EAAWJ,EAAQ,GAClBD,IACUK,EAAA,GACNP,IACUM,EAAA,KAGnBR,EAAO,KAAKD,EAAcO,CAAQ,EAAGP,EAAcQ,CAAQ,EAAGR,EAAcS,CAAQ,EAAGT,EAAcU,CAAQ,CAAC,CAClH,CACO,OAAAT,EAAO,KAAK,EAAE,CACzB,EASA,aAAaH,EAAOC,EAAS,CAGrB,OAAA,KAAK,oBAAsB,CAACA,EACrB,KAAKD,CAAK,EAEd,KAAK,gBAAgBf,EAAoBe,CAAK,EAAGC,CAAO,CACnE,EASA,aAAaD,EAAOC,EAAS,CAGrB,OAAA,KAAK,oBAAsB,CAACA,EACrB,KAAKD,CAAK,EAEdT,GAAkB,KAAK,wBAAwBS,EAAOC,CAAO,CAAC,CACzE,EAgBA,wBAAwBD,EAAOC,EAAS,CACpC,KAAK,MAAM,EACX,MAAMY,EAAgBZ,EAChB,KAAK,sBACL,KAAK,eACLE,EAAS,CAAA,EACf,QAASd,EAAI,EAAGA,EAAIW,EAAM,QAAS,CAC/B,MAAMI,EAAQS,EAAcb,EAAM,OAAOX,GAAG,CAAC,EAEvCiB,EADYjB,EAAIW,EAAM,OACFa,EAAcb,EAAM,OAAOX,CAAC,CAAC,EAAI,EACzD,EAAAA,EAEF,MAAMmB,EADYnB,EAAIW,EAAM,OACFa,EAAcb,EAAM,OAAOX,CAAC,CAAC,EAAI,GACzD,EAAAA,EAEF,MAAMyB,EADYzB,EAAIW,EAAM,OACFa,EAAcb,EAAM,OAAOX,CAAC,CAAC,EAAI,GAE3D,GADE,EAAAA,EACEe,GAAS,MAAQE,GAAS,MAAQE,GAAS,MAAQM,GAAS,KAC5D,MAAM,IAAIC,GAER,MAAAN,EAAYL,GAAS,EAAME,GAAS,EAE1C,GADAH,EAAO,KAAKM,CAAQ,EAChBD,IAAU,GAAI,CACd,MAAME,EAAaJ,GAAS,EAAK,IAASE,GAAS,EAEnD,GADAL,EAAO,KAAKO,CAAQ,EAChBI,IAAU,GAAI,CACR,MAAAH,EAAaH,GAAS,EAAK,IAAQM,EACzCX,EAAO,KAAKQ,CAAQ,CACxB,CACJ,CACJ,CACO,OAAAR,CACX,EAMA,OAAQ,CACA,GAAA,CAAC,KAAK,eAAgB,CACtB,KAAK,eAAiB,GACtB,KAAK,eAAiB,GACtB,KAAK,sBAAwB,GAC7B,KAAK,sBAAwB,GAE7B,QAASd,EAAI,EAAGA,EAAI,KAAK,aAAa,OAAQA,IAC1C,KAAK,eAAeA,CAAC,EAAI,KAAK,aAAa,OAAOA,CAAC,EACnD,KAAK,eAAe,KAAK,eAAeA,CAAC,CAAC,EAAIA,EAC9C,KAAK,sBAAsBA,CAAC,EAAI,KAAK,qBAAqB,OAAOA,CAAC,EAClE,KAAK,sBAAsB,KAAK,sBAAsBA,CAAC,CAAC,EAAIA,EAExDA,GAAK,KAAK,kBAAkB,SAC5B,KAAK,eAAe,KAAK,qBAAqB,OAAOA,CAAC,CAAC,EAAIA,EAC3D,KAAK,sBAAsB,KAAK,aAAa,OAAOA,CAAC,CAAC,EAAIA,EAGtE,CACJ,CACJ,EAIA,MAAM0B,WAAgC,KAAM,CACxC,aAAc,CACV,MAAM,GAAG,SAAS,EAClB,KAAK,KAAO,yBAChB,CACJ,CAIA,MAAMC,GAAe,SAAU9B,EAAK,CAC1B,MAAA+B,EAAYhC,EAAoBC,CAAG,EAClC,OAAAa,EAAO,gBAAgBkB,EAAW,EAAI,CACjD,EAKMC,EAAgC,SAAUhC,EAAK,CAEjD,OAAO8B,GAAa9B,CAAG,EAAE,QAAQ,MAAO,EAAE,CAC9C,EAUMiC,GAAe,SAAUjC,EAAK,CAC5B,GAAA,CACO,OAAAa,EAAO,aAAab,EAAK,EAAI,QAEjC,EAAG,CACE,QAAA,MAAM,wBAAyB,CAAC,CAC5C,CACO,OAAA,IACX,EA0EA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAqBA,SAASkC,IAAY,CACb,GAAA,OAAO,KAAS,IACT,OAAA,KAEP,GAAA,OAAO,OAAW,IACX,OAAA,OAEP,GAAA,OAAO,OAAW,IACX,OAAA,OAEL,MAAA,IAAI,MAAM,iCAAiC,CACrD,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMC,GAAwB,IAAMD,GAAY,EAAA,sBAS1CE,GAA6B,IAAM,CACrC,GAAI,OAAO,QAAY,KAAe,OAAOC,EAAgB,IACzD,OAEJ,MAAMC,EAAqBD,EAAY,sBACvC,GAAIC,EACO,OAAA,KAAK,MAAMA,CAAkB,CAE5C,EACMC,GAAwB,IAAM,CAC5B,GAAA,OAAO,SAAa,IACpB,OAEA,IAAAC,EACA,GAAA,CACQA,EAAA,SAAS,OAAO,MAAM,+BAA+B,OAEvD,CAGN,MACJ,CACA,MAAMC,EAAUD,GAASP,GAAaO,EAAM,CAAC,CAAC,EACvC,OAAAC,GAAW,KAAK,MAAMA,CAAO,CACxC,EAQMC,GAAc,IAAM,CAClB,GAAA,CACA,OAAQP,GAAsB,GAC1BC,GAA2B,GAC3BG,GAAsB,QAEvBI,EAAG,CAOE,QAAA,KAAK,+CAA+CA,CAAC,EAAE,EAC/D,MACJ,CACJ,EAqCMC,GAAsB,IAAM,CAAM,IAAAC,EAAI,OAAQA,EAAKH,GAAY,KAAO,MAAQG,IAAO,OAAS,OAASA,EAAG,MAAQ,EAQxH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMC,EAAS,CACX,aAAc,CACV,KAAK,OAAS,IAAM,CAAA,EACpB,KAAK,QAAU,IAAM,CAAA,EACrB,KAAK,QAAU,IAAI,QAAQ,CAACC,EAASC,IAAW,CAC5C,KAAK,QAAUD,EACf,KAAK,OAASC,CAAA,CACjB,CACL,CAMA,aAAaC,EAAU,CACZ,MAAA,CAACC,EAAOC,IAAU,CACjBD,EACA,KAAK,OAAOA,CAAK,EAGjB,KAAK,QAAQC,CAAK,EAElB,OAAOF,GAAa,aAGf,KAAA,QAAQ,MAAM,IAAM,CAAA,CAAG,EAGxBA,EAAS,SAAW,EACpBA,EAASC,CAAK,EAGdD,EAASC,EAAOC,CAAK,EAE7B,CAER,CACJ,CAyLA,SAASC,IAAuB,CACxB,GAAA,CACA,OAAO,OAAO,WAAc,cAEtB,CACC,MAAA,EACX,CACJ,CAQA,SAASC,IAA4B,CACjC,OAAO,IAAI,QAAQ,CAACN,EAASC,IAAW,CAChC,GAAA,CACA,IAAIM,EAAW,GACf,MAAMC,EAAgB,0DAChBC,EAAU,KAAK,UAAU,KAAKD,CAAa,EACjDC,EAAQ,UAAY,IAAM,CACtBA,EAAQ,OAAO,QAEVF,GACI,KAAA,UAAU,eAAeC,CAAa,EAE/CR,EAAQ,EAAI,CAAA,EAEhBS,EAAQ,gBAAkB,IAAM,CACjBF,EAAA,EAAA,EAEfE,EAAQ,QAAU,IAAM,CAChB,IAAAX,EACKG,IAAAH,EAAKW,EAAQ,SAAW,MAAQX,IAAO,OAAS,OAASA,EAAG,UAAY,EAAE,CAAA,QAGpFK,EAAO,CACVF,EAAOE,CAAK,CAChB,CAAA,CACH,CACL,CAaA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAwDA,MAAMO,GAAa,gBAGnB,MAAMC,UAAsB,KAAM,CAC9B,YAEAC,EAAMC,EAENC,EAAY,CACR,MAAMD,CAAO,EACb,KAAK,KAAOD,EACZ,KAAK,WAAaE,EAElB,KAAK,KAAOJ,GAGL,OAAA,eAAe,KAAMC,EAAc,SAAS,EAG/C,MAAM,mBACN,MAAM,kBAAkB,KAAMI,EAAa,UAAU,MAAM,CAEnE,CACJ,CACA,MAAMA,CAAa,CACf,YAAYC,EAASC,EAAaC,EAAQ,CACtC,KAAK,QAAUF,EACf,KAAK,YAAcC,EACnB,KAAK,OAASC,CAClB,CACA,OAAON,KAASO,EAAM,CAClB,MAAML,EAAaK,EAAK,CAAC,GAAK,CAAA,EACxBC,EAAW,GAAG,KAAK,OAAO,IAAIR,CAAI,GAClCS,EAAW,KAAK,OAAOT,CAAI,EAC3BC,EAAUQ,EAAWC,GAAgBD,EAAUP,CAAU,EAAI,QAE7DS,EAAc,GAAG,KAAK,WAAW,KAAKV,CAAO,KAAKO,CAAQ,KAEzD,OADO,IAAIT,EAAcS,EAAUG,EAAaT,CAAU,CAErE,CACJ,CACA,SAASQ,GAAgBD,EAAUF,EAAM,CACrC,OAAOE,EAAS,QAAQG,GAAS,CAACC,EAAGC,IAAQ,CACnC,MAAAtB,EAAQe,EAAKO,CAAG,EACtB,OAAOtB,GAAS,KAAO,OAAOA,CAAK,EAAI,IAAIsB,CAAG,IAAA,CACjD,CACL,CACA,MAAMF,GAAU,gBAkMhB,SAASG,EAAUC,EAAGC,EAAG,CACrB,GAAID,IAAMC,EACC,MAAA,GAEL,MAAAC,EAAQ,OAAO,KAAKF,CAAC,EACrBG,EAAQ,OAAO,KAAKF,CAAC,EAC3B,UAAWG,KAAKF,EAAO,CACnB,GAAI,CAACC,EAAM,SAASC,CAAC,EACV,MAAA,GAEL,MAAAC,EAAQL,EAAEI,CAAC,EACXE,EAAQL,EAAEG,CAAC,EACjB,GAAIG,EAASF,CAAK,GAAKE,EAASD,CAAK,GACjC,GAAI,CAACP,EAAUM,EAAOC,CAAK,EAChB,MAAA,WAGND,IAAUC,EACR,MAAA,EAEf,CACA,UAAWF,KAAKD,EACZ,GAAI,CAACD,EAAM,SAASE,CAAC,EACV,MAAA,GAGR,MAAA,EACX,CACA,SAASG,EAASC,EAAO,CACd,OAAAA,IAAU,MAAQ,OAAOA,GAAU,QAC9C,CCxsCA,MAAMC,CAAU,CAOZ,YAAYC,EAAMC,EAAiBC,EAAM,CACrC,KAAK,KAAOF,EACZ,KAAK,gBAAkBC,EACvB,KAAK,KAAOC,EACZ,KAAK,kBAAoB,GAIzB,KAAK,aAAe,GACpB,KAAK,kBAAoB,OACzB,KAAK,kBAAoB,IAC5B,CACD,qBAAqBC,EAAM,CACvB,YAAK,kBAAoBA,EAClB,IACV,CACD,qBAAqBC,EAAmB,CACpC,YAAK,kBAAoBA,EAClB,IACV,CACD,gBAAgBC,EAAO,CACnB,YAAK,aAAeA,EACb,IACV,CACD,2BAA2BzC,EAAU,CACjC,YAAK,kBAAoBA,EAClB,IACV,CACL,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAM0C,EAAqB,YAE3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAoBA,MAAMC,EAAS,CACX,YAAYP,EAAMQ,EAAW,CACzB,KAAK,KAAOR,EACZ,KAAK,UAAYQ,EACjB,KAAK,UAAY,KACjB,KAAK,UAAY,IAAI,IACrB,KAAK,kBAAoB,IAAI,IAC7B,KAAK,iBAAmB,IAAI,IAC5B,KAAK,gBAAkB,IAAI,GAC9B,CAKD,IAAIC,EAAY,CAEZ,MAAMC,EAAuB,KAAK,4BAA4BD,CAAU,EACxE,GAAI,CAAC,KAAK,kBAAkB,IAAIC,CAAoB,EAAG,CACnD,MAAMC,EAAW,IAAIlD,GAErB,GADA,KAAK,kBAAkB,IAAIiD,EAAsBC,CAAQ,EACrD,KAAK,cAAcD,CAAoB,GACvC,KAAK,qBAAoB,EAEzB,GAAI,CACA,MAAME,EAAW,KAAK,uBAAuB,CACzC,mBAAoBF,CAC5C,CAAqB,EACGE,GACAD,EAAS,QAAQC,CAAQ,CAEhC,MACS,CAGT,CAER,CACD,OAAO,KAAK,kBAAkB,IAAIF,CAAoB,EAAE,OAC3D,CACD,aAAaG,EAAS,CAClB,IAAIrD,EAEJ,MAAMkD,EAAuB,KAAK,4BAA8EG,GAAQ,UAAU,EAC5HC,GAAYtD,EAAuDqD,GAAQ,YAAc,MAAQrD,IAAO,OAASA,EAAK,GAC5H,GAAI,KAAK,cAAckD,CAAoB,GACvC,KAAK,qBAAoB,EACzB,GAAI,CACA,OAAO,KAAK,uBAAuB,CAC/B,mBAAoBA,CACxC,CAAiB,CACJ,OACMpD,EAAG,CACN,GAAIwD,EACA,OAAO,KAGP,MAAMxD,CAEb,KAEA,CAED,GAAIwD,EACA,OAAO,KAGP,MAAM,MAAM,WAAW,KAAK,IAAI,mBAAmB,CAE1D,CACJ,CACD,cAAe,CACX,OAAO,KAAK,SACf,CACD,aAAaC,EAAW,CACpB,GAAIA,EAAU,OAAS,KAAK,KACxB,MAAM,MAAM,yBAAyBA,EAAU,IAAI,iBAAiB,KAAK,IAAI,GAAG,EAEpF,GAAI,KAAK,UACL,MAAM,MAAM,iBAAiB,KAAK,IAAI,4BAA4B,EAItE,GAFA,KAAK,UAAYA,EAEb,EAAC,KAAK,uBAIV,IAAIC,GAAiBD,CAAS,EAC1B,GAAI,CACA,KAAK,uBAAuB,CAAE,mBAAoBT,CAAoB,CAAA,CACzE,MACS,CAKT,CAKL,SAAW,CAACW,EAAoBC,CAAgB,IAAK,KAAK,kBAAkB,UAAW,CACnF,MAAMR,EAAuB,KAAK,4BAA4BO,CAAkB,EAChF,GAAI,CAEA,MAAML,EAAW,KAAK,uBAAuB,CACzC,mBAAoBF,CACxC,CAAiB,EACDQ,EAAiB,QAAQN,CAAQ,CACpC,MACS,CAGT,CACJ,EACJ,CACD,cAAcH,EAAaH,EAAoB,CAC3C,KAAK,kBAAkB,OAAOG,CAAU,EACxC,KAAK,iBAAiB,OAAOA,CAAU,EACvC,KAAK,UAAU,OAAOA,CAAU,CACnC,CAGD,MAAM,QAAS,CACX,MAAMU,EAAW,MAAM,KAAK,KAAK,UAAU,OAAM,CAAE,EACnD,MAAM,QAAQ,IAAI,CACd,GAAGA,EACE,OAAOzC,GAAW,aAAcA,CAAO,EAEvC,IAAIA,GAAWA,EAAQ,SAAS,OAAM,CAAE,EAC7C,GAAGyC,EACE,OAAOzC,GAAW,YAAaA,CAAO,EAEtC,IAAIA,GAAWA,EAAQ,SAAS,CACjD,CAAS,CACJ,CACD,gBAAiB,CACb,OAAO,KAAK,WAAa,IAC5B,CACD,cAAc+B,EAAaH,EAAoB,CAC3C,OAAO,KAAK,UAAU,IAAIG,CAAU,CACvC,CACD,WAAWA,EAAaH,EAAoB,CACxC,OAAO,KAAK,iBAAiB,IAAIG,CAAU,GAAK,CAAA,CACnD,CACD,WAAWW,EAAO,GAAI,CAClB,KAAM,CAAE,QAAAP,EAAU,EAAI,EAAGO,EACnBV,EAAuB,KAAK,4BAA4BU,EAAK,kBAAkB,EACrF,GAAI,KAAK,cAAcV,CAAoB,EACvC,MAAM,MAAM,GAAG,KAAK,IAAI,IAAIA,CAAoB,gCAAgC,EAEpF,GAAI,CAAC,KAAK,iBACN,MAAM,MAAM,aAAa,KAAK,IAAI,8BAA8B,EAEpE,MAAME,EAAW,KAAK,uBAAuB,CACzC,mBAAoBF,EACpB,QAAAG,CACZ,CAAS,EAED,SAAW,CAACI,EAAoBC,CAAgB,IAAK,KAAK,kBAAkB,UAAW,CACnF,MAAMG,EAA+B,KAAK,4BAA4BJ,CAAkB,EACpFP,IAAyBW,GACzBH,EAAiB,QAAQN,CAAQ,CAExC,CACD,OAAOA,CACV,CASD,OAAOhD,EAAU6C,EAAY,CACzB,IAAIjD,EACJ,MAAMkD,EAAuB,KAAK,4BAA4BD,CAAU,EAClEa,GAAqB9D,EAAK,KAAK,gBAAgB,IAAIkD,CAAoB,KAAO,MAAQlD,IAAO,OAASA,EAAK,IAAI,IACrH8D,EAAkB,IAAI1D,CAAQ,EAC9B,KAAK,gBAAgB,IAAI8C,EAAsBY,CAAiB,EAChE,MAAMC,EAAmB,KAAK,UAAU,IAAIb,CAAoB,EAChE,OAAIa,GACA3D,EAAS2D,EAAkBb,CAAoB,EAE5C,IAAM,CACTY,EAAkB,OAAO1D,CAAQ,CAC7C,CACK,CAKD,sBAAsBgD,EAAUH,EAAY,CACxC,MAAMe,EAAY,KAAK,gBAAgB,IAAIf,CAAU,EACrD,GAAKe,EAGL,UAAW5D,KAAY4D,EACnB,GAAI,CACA5D,EAASgD,EAAUH,CAAU,CAChC,MACU,CAEV,CAER,CACD,uBAAuB,CAAE,mBAAAQ,EAAoB,QAAAJ,EAAU,CAAE,CAAA,EAAI,CACzD,IAAID,EAAW,KAAK,UAAU,IAAIK,CAAkB,EACpD,GAAI,CAACL,GAAY,KAAK,YAClBA,EAAW,KAAK,UAAU,gBAAgB,KAAK,UAAW,CACtD,mBAAoBa,GAA8BR,CAAkB,EACpE,QAAAJ,CAChB,CAAa,EACD,KAAK,UAAU,IAAII,EAAoBL,CAAQ,EAC/C,KAAK,iBAAiB,IAAIK,EAAoBJ,CAAO,EAMrD,KAAK,sBAAsBD,EAAUK,CAAkB,EAMnD,KAAK,UAAU,mBACf,GAAI,CACA,KAAK,UAAU,kBAAkB,KAAK,UAAWA,EAAoBL,CAAQ,CAChF,MACU,CAEV,CAGT,OAAOA,GAAY,IACtB,CACD,4BAA4BH,EAAaH,EAAoB,CACzD,OAAI,KAAK,UACE,KAAK,UAAU,kBAAoBG,EAAaH,EAGhDG,CAEd,CACD,sBAAuB,CACnB,MAAQ,CAAC,CAAC,KAAK,WACX,KAAK,UAAU,oBAAsB,UAC5C,CACL,CAEA,SAASgB,GAA8BhB,EAAY,CAC/C,OAAOA,IAAeH,EAAqB,OAAYG,CAC3D,CACA,SAASO,GAAiBD,EAAW,CACjC,OAAOA,EAAU,oBAAsB,OAC3C,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAmBA,MAAMW,EAAmB,CACrB,YAAY1B,EAAM,CACd,KAAK,KAAOA,EACZ,KAAK,UAAY,IAAI,GACxB,CAUD,aAAae,EAAW,CACpB,MAAMY,EAAW,KAAK,YAAYZ,EAAU,IAAI,EAChD,GAAIY,EAAS,iBACT,MAAM,IAAI,MAAM,aAAaZ,EAAU,IAAI,qCAAqC,KAAK,IAAI,EAAE,EAE/FY,EAAS,aAAaZ,CAAS,CAClC,CACD,wBAAwBA,EAAW,CACd,KAAK,YAAYA,EAAU,IAAI,EACnC,kBAET,KAAK,UAAU,OAAOA,EAAU,IAAI,EAExC,KAAK,aAAaA,CAAS,CAC9B,CAQD,YAAYf,EAAM,CACd,GAAI,KAAK,UAAU,IAAIA,CAAI,EACvB,OAAO,KAAK,UAAU,IAAIA,CAAI,EAGlC,MAAM2B,EAAW,IAAIpB,GAASP,EAAM,IAAI,EACxC,YAAK,UAAU,IAAIA,EAAM2B,CAAQ,EAC1BA,CACV,CACD,cAAe,CACX,OAAO,MAAM,KAAK,KAAK,UAAU,OAAQ,CAAA,CAC5C,CACL,CCrZA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GA+BA,IAAIC,GACH,SAAUA,EAAU,CACjBA,EAASA,EAAS,MAAW,CAAC,EAAI,QAClCA,EAASA,EAAS,QAAa,CAAC,EAAI,UACpCA,EAASA,EAAS,KAAU,CAAC,EAAI,OACjCA,EAASA,EAAS,KAAU,CAAC,EAAI,OACjCA,EAASA,EAAS,MAAW,CAAC,EAAI,QAClCA,EAASA,EAAS,OAAY,CAAC,EAAI,QACvC,GAAGA,IAAaA,EAAW,CAAE,EAAC,EAC9B,MAAMC,GAAoB,CACtB,MAASD,EAAS,MAClB,QAAWA,EAAS,QACpB,KAAQA,EAAS,KACjB,KAAQA,EAAS,KACjB,MAASA,EAAS,MAClB,OAAUA,EAAS,MACvB,EAIME,GAAkBF,EAAS,KAO3BG,GAAgB,CAClB,CAACH,EAAS,KAAK,EAAG,MAClB,CAACA,EAAS,OAAO,EAAG,MACpB,CAACA,EAAS,IAAI,EAAG,OACjB,CAACA,EAAS,IAAI,EAAG,OACjB,CAACA,EAAS,KAAK,EAAG,OACtB,EAMMI,GAAoB,CAACpB,EAAUqB,KAAYC,IAAS,CACtD,GAAID,EAAUrB,EAAS,SACnB,OAEJ,MAAMuB,EAAM,IAAI,KAAM,EAAC,YAAW,EAC5BC,EAASL,GAAcE,CAAO,EACpC,GAAIG,EACA,QAAQA,CAAM,EAAE,IAAID,CAAG,MAAMvB,EAAS,IAAI,IAAK,GAAGsB,CAAI,MAGtD,OAAM,IAAI,MAAM,8DAA8DD,CAAO,GAAG,CAEhG,EACA,MAAMI,EAAO,CAOT,YAAYrC,EAAM,CACd,KAAK,KAAOA,EAIZ,KAAK,UAAY8B,GAKjB,KAAK,YAAcE,GAInB,KAAK,gBAAkB,IAK1B,CACD,IAAI,UAAW,CACX,OAAO,KAAK,SACf,CACD,IAAI,SAASM,EAAK,CACd,GAAI,EAAEA,KAAOV,GACT,MAAM,IAAI,UAAU,kBAAkBU,CAAG,4BAA4B,EAEzE,KAAK,UAAYA,CACpB,CAED,YAAYA,EAAK,CACb,KAAK,UAAY,OAAOA,GAAQ,SAAWT,GAAkBS,CAAG,EAAIA,CACvE,CACD,IAAI,YAAa,CACb,OAAO,KAAK,WACf,CACD,IAAI,WAAWA,EAAK,CAChB,GAAI,OAAOA,GAAQ,WACf,MAAM,IAAI,UAAU,mDAAmD,EAE3E,KAAK,YAAcA,CACtB,CACD,IAAI,gBAAiB,CACjB,OAAO,KAAK,eACf,CACD,IAAI,eAAeA,EAAK,CACpB,KAAK,gBAAkBA,CAC1B,CAID,SAASJ,EAAM,CACX,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,MAAO,GAAGM,CAAI,EAC1E,KAAK,YAAY,KAAMN,EAAS,MAAO,GAAGM,CAAI,CACjD,CACD,OAAOA,EAAM,CACT,KAAK,iBACD,KAAK,gBAAgB,KAAMN,EAAS,QAAS,GAAGM,CAAI,EACxD,KAAK,YAAY,KAAMN,EAAS,QAAS,GAAGM,CAAI,CACnD,CACD,QAAQA,EAAM,CACV,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,KAAM,GAAGM,CAAI,EACzE,KAAK,YAAY,KAAMN,EAAS,KAAM,GAAGM,CAAI,CAChD,CACD,QAAQA,EAAM,CACV,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,KAAM,GAAGM,CAAI,EACzE,KAAK,YAAY,KAAMN,EAAS,KAAM,GAAGM,CAAI,CAChD,CACD,SAASA,EAAM,CACX,KAAK,iBAAmB,KAAK,gBAAgB,KAAMN,EAAS,MAAO,GAAGM,CAAI,EAC1E,KAAK,YAAY,KAAMN,EAAS,MAAO,GAAGM,CAAI,CACjD,CACL,CClKA,MAAMK,GAAgB,CAACC,EAAQC,IAAiBA,EAAa,KAAM1H,GAAMyH,aAAkBzH,CAAC,EAE5F,IAAI2H,EACAC,EAEJ,SAASC,IAAuB,CAC5B,OAAQF,IACHA,EAAoB,CACjB,YACA,eACA,SACA,UACA,cACZ,EACA,CAEA,SAASG,IAA0B,CAC/B,OAAQF,IACHA,EAAuB,CACpB,UAAU,UAAU,QACpB,UAAU,UAAU,SACpB,UAAU,UAAU,kBAChC,EACA,CACA,MAAMG,EAAmB,IAAI,QACvBC,EAAqB,IAAI,QACzBC,EAA2B,IAAI,QAC/BC,EAAiB,IAAI,QACrBC,EAAwB,IAAI,QAClC,SAASC,GAAiBhF,EAAS,CAC/B,MAAMiF,EAAU,IAAI,QAAQ,CAAC1F,EAASC,IAAW,CAC7C,MAAM0F,EAAW,IAAM,CACnBlF,EAAQ,oBAAoB,UAAWmF,CAAO,EAC9CnF,EAAQ,oBAAoB,QAASN,CAAK,CACtD,EACcyF,EAAU,IAAM,CAClB5F,EAAQ6F,EAAKpF,EAAQ,MAAM,CAAC,EAC5BkF,GACZ,EACcxF,EAAQ,IAAM,CAChBF,EAAOQ,EAAQ,KAAK,EACpBkF,GACZ,EACQlF,EAAQ,iBAAiB,UAAWmF,CAAO,EAC3CnF,EAAQ,iBAAiB,QAASN,CAAK,CAC/C,CAAK,EACD,OAAAuF,EACK,KAAMtF,GAAU,CAGbA,aAAiB,WACjBgF,EAAiB,IAAIhF,EAAOK,CAAO,CAG/C,CAAK,EACI,MAAM,IAAM,CAAA,CAAG,EAGpB+E,EAAsB,IAAIE,EAASjF,CAAO,EACnCiF,CACX,CACA,SAASI,GAA+BC,EAAI,CAExC,GAAIV,EAAmB,IAAIU,CAAE,EACzB,OACJ,MAAMC,EAAO,IAAI,QAAQ,CAAChG,EAASC,IAAW,CAC1C,MAAM0F,EAAW,IAAM,CACnBI,EAAG,oBAAoB,WAAYE,CAAQ,EAC3CF,EAAG,oBAAoB,QAAS5F,CAAK,EACrC4F,EAAG,oBAAoB,QAAS5F,CAAK,CACjD,EACc8F,EAAW,IAAM,CACnBjG,IACA2F,GACZ,EACcxF,EAAQ,IAAM,CAChBF,EAAO8F,EAAG,OAAS,IAAI,aAAa,aAAc,YAAY,CAAC,EAC/DJ,GACZ,EACQI,EAAG,iBAAiB,WAAYE,CAAQ,EACxCF,EAAG,iBAAiB,QAAS5F,CAAK,EAClC4F,EAAG,iBAAiB,QAAS5F,CAAK,CAC1C,CAAK,EAEDkF,EAAmB,IAAIU,EAAIC,CAAI,CACnC,CACA,IAAIE,EAAgB,CAChB,IAAIC,EAAQC,EAAMC,EAAU,CACxB,GAAIF,aAAkB,eAAgB,CAElC,GAAIC,IAAS,OACT,OAAOf,EAAmB,IAAIc,CAAM,EAExC,GAAIC,IAAS,mBACT,OAAOD,EAAO,kBAAoBb,EAAyB,IAAIa,CAAM,EAGzE,GAAIC,IAAS,QACT,OAAOC,EAAS,iBAAiB,CAAC,EAC5B,OACAA,EAAS,YAAYA,EAAS,iBAAiB,CAAC,CAAC,CAE9D,CAED,OAAOR,EAAKM,EAAOC,CAAI,CAAC,CAC3B,EACD,IAAID,EAAQC,EAAMhG,EAAO,CACrB,OAAA+F,EAAOC,CAAI,EAAIhG,EACR,EACV,EACD,IAAI+F,EAAQC,EAAM,CACd,OAAID,aAAkB,iBACjBC,IAAS,QAAUA,IAAS,SACtB,GAEJA,KAAQD,CAClB,CACL,EACA,SAASG,GAAapG,EAAU,CAC5BgG,EAAgBhG,EAASgG,CAAa,CAC1C,CACA,SAASK,GAAaC,EAAM,CAIxB,OAAIA,IAAS,YAAY,UAAU,aAC/B,EAAE,qBAAsB,eAAe,WAChC,SAAUC,KAAejC,EAAM,CAClC,MAAMuB,EAAKS,EAAK,KAAKE,EAAO,IAAI,EAAGD,EAAY,GAAGjC,CAAI,EACtD,OAAAc,EAAyB,IAAIS,EAAIU,EAAW,KAAOA,EAAW,KAAM,EAAG,CAACA,CAAU,CAAC,EAC5EZ,EAAKE,CAAE,CAC1B,EAOQZ,GAAyB,EAAC,SAASqB,CAAI,EAChC,YAAahC,EAAM,CAGtB,OAAAgC,EAAK,MAAME,EAAO,IAAI,EAAGlC,CAAI,EACtBqB,EAAKT,EAAiB,IAAI,IAAI,CAAC,CAClD,EAEW,YAAaZ,EAAM,CAGtB,OAAOqB,EAAKW,EAAK,MAAME,EAAO,IAAI,EAAGlC,CAAI,CAAC,CAClD,CACA,CACA,SAASmC,GAAuBvG,EAAO,CACnC,OAAI,OAAOA,GAAU,WACVmG,GAAanG,CAAK,GAGzBA,aAAiB,gBACjB0F,GAA+B1F,CAAK,EACpCyE,GAAczE,EAAO8E,IAAsB,EACpC,IAAI,MAAM9E,EAAO8F,CAAa,EAElC9F,EACX,CACA,SAASyF,EAAKzF,EAAO,CAGjB,GAAIA,aAAiB,WACjB,OAAOqF,GAAiBrF,CAAK,EAGjC,GAAImF,EAAe,IAAInF,CAAK,EACxB,OAAOmF,EAAe,IAAInF,CAAK,EACnC,MAAMwG,EAAWD,GAAuBvG,CAAK,EAG7C,OAAIwG,IAAaxG,IACbmF,EAAe,IAAInF,EAAOwG,CAAQ,EAClCpB,EAAsB,IAAIoB,EAAUxG,CAAK,GAEtCwG,CACX,CACA,MAAMF,EAAUtG,GAAUoF,EAAsB,IAAIpF,CAAK,EC5KzD,SAASyG,GAAOvE,EAAMwE,EAAS,CAAE,QAAAC,EAAS,QAAAC,EAAS,SAAAC,EAAU,WAAAC,CAAY,EAAG,GAAI,CAC5E,MAAMzG,EAAU,UAAU,KAAK6B,EAAMwE,CAAO,EACtCK,EAActB,EAAKpF,CAAO,EAChC,OAAIuG,GACAvG,EAAQ,iBAAiB,gBAAkB2G,GAAU,CACjDJ,EAAQnB,EAAKpF,EAAQ,MAAM,EAAG2G,EAAM,WAAYA,EAAM,WAAYvB,EAAKpF,EAAQ,WAAW,EAAG2G,CAAK,CAC9G,CAAS,EAEDL,GACAtG,EAAQ,iBAAiB,UAAY2G,GAAUL,EAE/CK,EAAM,WAAYA,EAAM,WAAYA,CAAK,CAAC,EAE9CD,EACK,KAAME,GAAO,CACVH,GACAG,EAAG,iBAAiB,QAAS,IAAMH,EAAY,CAAA,EAC/CD,GACAI,EAAG,iBAAiB,gBAAkBD,GAAUH,EAASG,EAAM,WAAYA,EAAM,WAAYA,CAAK,CAAC,CAE/G,CAAK,EACI,MAAM,IAAM,CAAA,CAAG,EACbD,CACX,CAgBA,MAAMG,GAAc,CAAC,MAAO,SAAU,SAAU,aAAc,OAAO,EAC/DC,GAAe,CAAC,MAAO,MAAO,SAAU,OAAO,EAC/CC,EAAgB,IAAI,IAC1B,SAASC,EAAUtB,EAAQC,EAAM,CAC7B,GAAI,EAAED,aAAkB,aACpB,EAAEC,KAAQD,IACV,OAAOC,GAAS,UAChB,OAEJ,GAAIoB,EAAc,IAAIpB,CAAI,EACtB,OAAOoB,EAAc,IAAIpB,CAAI,EACjC,MAAMsB,EAAiBtB,EAAK,QAAQ,aAAc,EAAE,EAC9CuB,EAAWvB,IAASsB,EACpBE,EAAUL,GAAa,SAASG,CAAc,EACpD,GAEA,EAAEA,KAAmBC,EAAW,SAAW,gBAAgB,YACvD,EAAEC,GAAWN,GAAY,SAASI,CAAc,GAChD,OAEJ,MAAMhD,EAAS,eAAgBmD,KAAcrD,EAAM,CAE/C,MAAMuB,EAAK,KAAK,YAAY8B,EAAWD,EAAU,YAAc,UAAU,EACzE,IAAIzB,EAASJ,EAAG,MAChB,OAAI4B,IACAxB,EAASA,EAAO,MAAM3B,EAAK,MAAO,CAAA,IAM9B,MAAM,QAAQ,IAAI,CACtB2B,EAAOuB,CAAc,EAAE,GAAGlD,CAAI,EAC9BoD,GAAW7B,EAAG,IAC1B,CAAS,GAAG,CAAC,CACb,EACI,OAAAyB,EAAc,IAAIpB,EAAM1B,CAAM,EACvBA,CACX,CACA4B,GAAcwB,IAAc,CACxB,GAAGA,EACH,IAAK,CAAC3B,EAAQC,EAAMC,IAAaoB,EAAUtB,EAAQC,CAAI,GAAK0B,EAAS,IAAI3B,EAAQC,EAAMC,CAAQ,EAC/F,IAAK,CAACF,EAAQC,IAAS,CAAC,CAACqB,EAAUtB,EAAQC,CAAI,GAAK0B,EAAS,IAAI3B,EAAQC,CAAI,CACjF,EAAE,ECtFF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAM2B,EAA0B,CAC5B,YAAYjF,EAAW,CACnB,KAAK,UAAYA,CACpB,CAGD,uBAAwB,CAIpB,OAHkB,KAAK,UAAU,aAAY,EAIxC,IAAImB,GAAY,CACjB,GAAI+D,GAAyB/D,CAAQ,EAAG,CACpC,MAAMjD,EAAUiD,EAAS,eACzB,MAAO,GAAGjD,EAAQ,OAAO,IAAIA,EAAQ,OAAO,EAC/C,KAEG,QAAO,IAEvB,CAAS,EACI,OAAOiH,GAAaA,CAAS,EAC7B,KAAK,GAAG,CAChB,CACL,CASA,SAASD,GAAyB/D,EAAU,CACxC,MAAMZ,EAAYY,EAAS,eAC3B,OAA8DZ,GAAU,OAAU,SACtF,CAEA,MAAM6E,EAAS,gBACTC,EAAY,UAElB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMC,EAAS,IAAIzD,GAAO,eAAe,EAEnC0D,GAAS,uBAETC,GAAS,6BAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,sBAETC,GAAS,iBAETC,GAAS,wBAETC,GAAS,qBAETC,GAAS,yBAETC,GAAS,4BAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,0BAETC,GAAS,iCAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,wBAETC,GAAS,+BAETC,GAAS,0BAETC,GAAS,iCAETC,GAAS,oBAETC,GAAS,2BAETC,GAAS,sBAETC,GAAS,6BAETC,GAAS,6BAETvH,GAAO,WAGb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAqBK,MAACM,GAAqB,YACrBkH,GAAsB,CACxB,CAAC5B,CAAM,EAAG,YACV,CAACG,EAAM,EAAG,mBACV,CAACE,EAAM,EAAG,iBACV,CAACD,EAAM,EAAG,wBACV,CAACG,EAAM,EAAG,iBACV,CAACD,EAAM,EAAG,wBACV,CAACE,EAAM,EAAG,YACV,CAACC,EAAM,EAAG,mBACV,CAACC,EAAM,EAAG,YACV,CAACC,EAAM,EAAG,oBACV,CAACC,EAAM,EAAG,mBACV,CAACC,EAAM,EAAG,UACV,CAACC,EAAM,EAAG,iBACV,CAACC,EAAM,EAAG,WACV,CAACC,EAAM,EAAG,kBACV,CAACC,EAAM,EAAG,WACV,CAACC,EAAM,EAAG,kBACV,CAACC,EAAM,EAAG,YACV,CAACC,EAAM,EAAG,mBACV,CAACC,EAAM,EAAG,UACV,CAACC,EAAM,EAAG,iBACV,CAACC,EAAM,EAAG,WACV,CAACC,EAAM,EAAG,kBACV,CAACC,EAAM,EAAG,WACV,CAACE,EAAM,EAAG,kBACV,CAACD,EAAM,EAAG,cACV,UAAW,UACX,CAACtH,EAAI,EAAG,aACZ,EAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAmBK,MAACyH,EAAQ,IAAI,IAIZC,GAAc,IAAI,IAOlBC,EAAc,IAAI,IAMxB,SAASC,EAAcC,EAAK9G,EAAW,CACnC,GAAI,CACA8G,EAAI,UAAU,aAAa9G,CAAS,CACvC,OACMzD,EAAG,CACNwI,EAAO,MAAM,aAAa/E,EAAU,IAAI,wCAAwC8G,EAAI,IAAI,GAAIvK,CAAC,CAChG,CACL,CAeA,SAASwK,EAAmB/G,EAAW,CACnC,MAAMgH,EAAgBhH,EAAU,KAChC,GAAI4G,EAAY,IAAII,CAAa,EAC7B,OAAAjC,EAAO,MAAM,sDAAsDiC,CAAa,GAAG,EAC5E,GAEXJ,EAAY,IAAII,EAAehH,CAAS,EAExC,UAAW8G,KAAOJ,EAAM,SACpBG,EAAcC,EAAK9G,CAAS,EAEhC,UAAWiH,KAAaN,GAAY,SAChCE,EAAcI,EAAWjH,CAAS,EAEtC,MAAO,EACX,CA6DA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMkH,GAAS,CACV,SAAiC,6EAEjC,eAA6C,iCAC7C,gBAA+C,kFAC/C,cAA2C,kDAC3C,qBAAyD,uCACzD,aAAyC,0EACzC,uBAA6D,6EAE7D,uBAA6D,wDAC7D,WAAqC,gFACrC,UAAmC,qFACnC,UAAqC,mFACrC,aAAyC,sFACzC,sCAA2F,0GAC3F,iCAAiF,2DACtF,EACMC,EAAgB,IAAIzJ,EAAa,MAAO,WAAYwJ,EAAM,EAEhE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAME,EAAgB,CAClB,YAAYtH,EAASuH,EAAQ5H,EAAW,CACpC,KAAK,WAAa,GAClB,KAAK,SAAW,OAAO,OAAO,CAAE,EAAEK,CAAO,EACzC,KAAK,QAAU,OAAO,OAAO,CAAE,EAAEuH,CAAM,EACvC,KAAK,MAAQA,EAAO,KACpB,KAAK,gCACDA,EAAO,+BACX,KAAK,WAAa5H,EAClB,KAAK,UAAU,aAAa,IAAIT,EAAU,MAAO,IAAM,KAAM,QAAQ,CAA4B,CACpG,CACD,IAAI,gCAAiC,CACjC,YAAK,eAAc,EACZ,KAAK,+BACf,CACD,IAAI,+BAA+BuC,EAAK,CACpC,KAAK,eAAc,EACnB,KAAK,gCAAkCA,CAC1C,CACD,IAAI,MAAO,CACP,YAAK,eAAc,EACZ,KAAK,KACf,CACD,IAAI,SAAU,CACV,YAAK,eAAc,EACZ,KAAK,QACf,CACD,IAAI,QAAS,CACT,YAAK,eAAc,EACZ,KAAK,OACf,CACD,IAAI,WAAY,CACZ,OAAO,KAAK,UACf,CACD,IAAI,WAAY,CACZ,OAAO,KAAK,UACf,CACD,IAAI,UAAUA,EAAK,CACf,KAAK,WAAaA,CACrB,CAKD,gBAAiB,CACb,GAAI,KAAK,UACL,MAAM4F,EAAc,OAAO,cAA0C,CAAE,QAAS,KAAK,KAAK,CAAE,CAEnG,CACL,CAwHA,SAASG,GAAcC,EAAUC,EAAY,GAAI,CAC7C,IAAI1H,EAAUyH,EACV,OAAOC,GAAc,WAErBA,EAAY,CAAE,KADDA,IAGjB,MAAMH,EAAS,OAAO,OAAO,CAAE,KAAM9H,GAAoB,+BAAgC,IAASiI,CAAS,EACrGvI,EAAOoI,EAAO,KACpB,GAAI,OAAOpI,GAAS,UAAY,CAACA,EAC7B,MAAMkI,EAAc,OAAO,eAA4C,CACnE,QAAS,OAAOlI,CAAI,CAChC,CAAS,EAGL,GADAa,IAAYA,EAAUtD,GAAmB,GACrC,CAACsD,EACD,MAAMqH,EAAc,OAAO,cAE/B,MAAMM,EAAcf,EAAM,IAAIzH,CAAI,EAClC,GAAIwI,EAAa,CAEb,GAAInJ,EAAUwB,EAAS2H,EAAY,OAAO,GACtCnJ,EAAU+I,EAAQI,EAAY,MAAM,EACpC,OAAOA,EAGP,MAAMN,EAAc,OAAO,gBAA8C,CAAE,QAASlI,CAAI,CAAE,CAEjG,CACD,MAAMQ,EAAY,IAAIkB,GAAmB1B,CAAI,EAC7C,UAAWe,KAAa4G,EAAY,SAChCnH,EAAU,aAAaO,CAAS,EAEpC,MAAM0H,EAAS,IAAIN,GAAgBtH,EAASuH,EAAQ5H,CAAS,EAC7D,OAAAiH,EAAM,IAAIzH,EAAMyI,CAAM,EACfA,CACX,CAyIA,SAASC,EAAgBC,EAAkBnE,EAASoE,EAAS,CACzD,IAAIpL,EAGJ,IAAIqL,GAAWrL,EAAKgK,GAAoBmB,CAAgB,KAAO,MAAQnL,IAAO,OAASA,EAAKmL,EACxFC,IACAC,GAAW,IAAID,CAAO,IAE1B,MAAME,EAAkBD,EAAQ,MAAM,OAAO,EACvCE,EAAkBvE,EAAQ,MAAM,OAAO,EAC7C,GAAIsE,GAAmBC,EAAiB,CACpC,MAAMC,EAAU,CACZ,+BAA+BH,CAAO,mBAAmBrE,CAAO,IAC5E,EACYsE,GACAE,EAAQ,KAAK,iBAAiBH,CAAO,mDAAmD,EAExFC,GAAmBC,GACnBC,EAAQ,KAAK,KAAK,EAElBD,GACAC,EAAQ,KAAK,iBAAiBxE,CAAO,mDAAmD,EAE5FsB,EAAO,KAAKkD,EAAQ,KAAK,GAAG,CAAC,EAC7B,MACH,CACDlB,EAAmB,IAAI/H,EAAU,GAAG8I,CAAO,WAAY,KAAO,CAAE,QAAAA,EAAS,QAAArE,CAAO,GAAK,SAAsC,CAAA,CAC/H,CA2BA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMyE,GAAU,8BACVC,GAAa,EACbC,EAAa,2BACnB,IAAIC,EAAY,KAChB,SAASC,GAAe,CACpB,OAAKD,IACDA,EAAY7E,GAAO0E,GAASC,GAAY,CACpC,QAAS,CAACnE,EAAIuE,IAAe,CAMzB,OAAQA,EAAU,CACd,IAAK,GACD,GAAI,CACAvE,EAAG,kBAAkBoE,CAAU,CAClC,OACM7L,EAAG,CAIN,QAAQ,KAAKA,CAAC,CACjB,CACR,CACJ,CACb,CAAS,EAAE,MAAMA,GAAK,CACV,MAAM4K,EAAc,OAAO,WAAoC,CAC3D,qBAAsB5K,EAAE,OACxC,CAAa,CACb,CAAS,GAEE8L,CACX,CACA,eAAeG,GAA4B1B,EAAK,CAC5C,GAAI,CAEA,MAAMpE,GADK,MAAM4F,KACH,YAAYF,CAAU,EAC9BK,EAAS,MAAM/F,EAAG,YAAY0F,CAAU,EAAE,IAAIM,EAAW5B,CAAG,CAAC,EAGnE,aAAMpE,EAAG,KACF+F,CACV,OACM,EAAG,CACN,GAAI,aAAanL,EACbyH,EAAO,KAAK,EAAE,OAAO,MAEpB,CACD,MAAM4D,EAAcxB,EAAc,OAAO,UAAkC,CACvE,qBAA4D,GAAE,OAC9E,CAAa,EACDpC,EAAO,KAAK4D,EAAY,OAAO,CAClC,CACJ,CACL,CACA,eAAeC,EAA2B9B,EAAK+B,EAAiB,CAC5D,GAAI,CAEA,MAAMnG,GADK,MAAM4F,KACH,YAAYF,EAAY,WAAW,EAEjD,MADoB1F,EAAG,YAAY0F,CAAU,EAC3B,IAAIS,EAAiBH,EAAW5B,CAAG,CAAC,EACtD,MAAMpE,EAAG,IACZ,OACMnG,EAAG,CACN,GAAIA,aAAae,EACbyH,EAAO,KAAKxI,EAAE,OAAO,MAEpB,CACD,MAAMoM,EAAcxB,EAAc,OAAO,UAAoC,CACzE,qBAA4D5K,GAAE,OAC9E,CAAa,EACDwI,EAAO,KAAK4D,EAAY,OAAO,CAClC,CACJ,CACL,CACA,SAASD,EAAW5B,EAAK,CACrB,MAAO,GAAGA,EAAI,IAAI,IAAIA,EAAI,QAAQ,KAAK,EAC3C,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,MAAMgC,GAAmB,KAEnBC,GAAwC,GAAK,GAAK,GAAK,GAAK,IAClE,MAAMC,EAAqB,CACvB,YAAYvJ,EAAW,CACnB,KAAK,UAAYA,EAUjB,KAAK,iBAAmB,KACxB,MAAMqH,EAAM,KAAK,UAAU,YAAY,KAAK,EAAE,eAC9C,KAAK,SAAW,IAAImC,GAAqBnC,CAAG,EAC5C,KAAK,wBAA0B,KAAK,SAAS,KAAM,EAAC,KAAK2B,IACrD,KAAK,iBAAmBA,EACjBA,EACV,CACJ,CAQD,MAAM,kBAAmB,CACrB,IAAIhM,EAAIyM,EACR,GAAI,CAMA,MAAMC,EALiB,KAAK,UACvB,YAAY,iBAAiB,EAC7B,eAGwB,wBACvBC,EAAOC,IAUb,QATM5M,EAAK,KAAK,oBAAsB,MAAQA,IAAO,OAAS,OAASA,EAAG,aAAe,OACrF,KAAK,iBAAmB,MAAM,KAAK,0BAE7ByM,EAAK,KAAK,oBAAsB,MAAQA,IAAO,OAAS,OAASA,EAAG,aAAe,OAMzF,KAAK,iBAAiB,wBAA0BE,GAChD,KAAK,iBAAiB,WAAW,KAAKE,GAAuBA,EAAoB,OAASF,CAAI,EAC9F,QAIA,KAAK,iBAAiB,WAAW,KAAK,CAAE,KAAAA,EAAM,MAAAD,CAAK,CAAE,EAGzD,KAAK,iBAAiB,WAClB,KAAK,iBAAiB,WAAW,OAAOG,GAAuB,CAC3D,MAAMC,EAAc,IAAI,KAAKD,EAAoB,IAAI,EAAE,UAEvD,OADY,KAAK,MACJC,GAAeR,EAChD,CAAiB,EACE,KAAK,SAAS,UAAU,KAAK,gBAAgB,EACvD,OACMxM,EAAG,CACNwI,EAAO,KAAKxI,CAAC,CAChB,CACJ,CAQD,MAAM,qBAAsB,CACxB,IAAIE,EACJ,GAAI,CAKA,GAJI,KAAK,mBAAqB,MAC1B,MAAM,KAAK,0BAGTA,EAAK,KAAK,oBAAsB,MAAQA,IAAO,OAAS,OAASA,EAAG,aAAe,MACrF,KAAK,iBAAiB,WAAW,SAAW,EAC5C,MAAO,GAEX,MAAM2M,EAAOC,IAEP,CAAE,iBAAAG,EAAkB,cAAAC,CAAe,EAAGC,GAA2B,KAAK,iBAAiB,UAAU,EACjGC,EAAe/N,EAA8B,KAAK,UAAU,CAAE,QAAS,EAAG,WAAY4N,CAAkB,CAAA,CAAC,EAE/G,YAAK,iBAAiB,sBAAwBJ,EAC1CK,EAAc,OAAS,GAEvB,KAAK,iBAAiB,WAAaA,EAInC,MAAM,KAAK,SAAS,UAAU,KAAK,gBAAgB,IAGnD,KAAK,iBAAiB,WAAa,GAE9B,KAAK,SAAS,UAAU,KAAK,gBAAgB,GAE/CE,CACV,OACMpN,EAAG,CACN,OAAAwI,EAAO,KAAKxI,CAAC,EACN,EACV,CACJ,CACL,CACA,SAAS8M,GAAmB,CAGxB,OAFc,IAAI,OAEL,YAAa,EAAC,UAAU,EAAG,EAAE,CAC9C,CACA,SAASK,GAA2BE,EAAiBC,EAAUf,GAAkB,CAG7E,MAAMU,EAAmB,CAAA,EAEzB,IAAIC,EAAgBG,EAAgB,QACpC,UAAWN,KAAuBM,EAAiB,CAE/C,MAAME,EAAiBN,EAAiB,KAAKO,GAAMA,EAAG,QAAUT,EAAoB,KAAK,EACzF,GAAKQ,GAiBD,GAHAA,EAAe,MAAM,KAAKR,EAAoB,IAAI,EAG9CU,EAAWR,CAAgB,EAAIK,EAAS,CACxCC,EAAe,MAAM,MACrB,KACH,UAlBDN,EAAiB,KAAK,CAClB,MAAOF,EAAoB,MAC3B,MAAO,CAACA,EAAoB,IAAI,CAChD,CAAa,EACGU,EAAWR,CAAgB,EAAIK,EAAS,CAGxCL,EAAiB,IAAG,EACpB,KACH,CAaLC,EAAgBA,EAAc,MAAM,CAAC,CACxC,CACD,MAAO,CACH,iBAAAD,EACA,cAAAC,CACR,CACA,CACA,MAAMR,EAAqB,CACvB,YAAYnC,EAAK,CACb,KAAK,IAAMA,EACX,KAAK,wBAA0B,KAAK,8BACvC,CACD,MAAM,8BAA+B,CACjC,OAAK9J,GAAoB,EAIdC,GAA2B,EAC7B,KAAK,IAAM,EAAI,EACf,MAAM,IAAM,EAAK,EALf,EAOd,CAID,MAAM,MAAO,CAET,GADwB,MAAM,KAAK,wBAI9B,CACD,MAAMgN,EAAqB,MAAMzB,GAA4B,KAAK,GAAG,EACrE,OAA4EyB,GAAmB,WACpFA,EAGA,CAAE,WAAY,CAAA,EAE5B,KAVG,OAAO,CAAE,WAAY,CAAA,EAW5B,CAED,MAAM,UAAUC,EAAkB,CAC9B,IAAIzN,EAEJ,GADwB,MAAM,KAAK,wBAI9B,CACD,MAAM0N,EAA2B,MAAM,KAAK,OAC5C,OAAOvB,EAA2B,KAAK,IAAK,CACxC,uBAAwBnM,EAAKyN,EAAiB,yBAA2B,MAAQzN,IAAO,OAASA,EAAK0N,EAAyB,sBAC/H,WAAYD,EAAiB,UAC7C,CAAa,CACJ,KARG,OASP,CAED,MAAM,IAAIA,EAAkB,CACxB,IAAIzN,EAEJ,GADwB,MAAM,KAAK,wBAI9B,CACD,MAAM0N,EAA2B,MAAM,KAAK,OAC5C,OAAOvB,EAA2B,KAAK,IAAK,CACxC,uBAAwBnM,EAAKyN,EAAiB,yBAA2B,MAAQzN,IAAO,OAASA,EAAK0N,EAAyB,sBAC/H,WAAY,CACR,GAAGA,EAAyB,WAC5B,GAAGD,EAAiB,UACvB,CACjB,CAAa,CACJ,KAXG,OAYP,CACL,CAMA,SAASF,EAAWJ,EAAiB,CAEjC,OAAOhO,EAEP,KAAK,UAAU,CAAE,QAAS,EAAG,WAAYgO,CAAe,CAAE,CAAC,EAAE,MACjE,CAEA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBA,SAASQ,GAAuBvC,EAAS,CACrCd,EAAmB,IAAI/H,EAAU,kBAAmBS,GAAa,IAAIiF,GAA0BjF,CAAS,EAAG,SAAS,CAA6B,EACjJsH,EAAmB,IAAI/H,EAAU,YAAaS,GAAa,IAAIuJ,GAAqBvJ,CAAS,EAAG,SAAS,CAA6B,EAEtIkI,EAAgB9C,EAAQC,EAAW+C,CAAO,EAE1CF,EAAgB9C,EAAQC,EAAW,SAAS,EAE5C6C,EAAgB,UAAW,EAAE,CACjC,CAQAyC,GAAuB,EAAE,EC5nCzB,IAAInL,GAAO,WACPwE,GAAU,UAEd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBAkE,EAAgB1I,GAAMwE,GAAS,KAAK","x_google_ignoreList":[0,1,2,3,4,5,6]}
\ No newline at end of file
diff --git a/Target/chunks/Base_CNq6ciJ_.mjs.map b/Target/chunks/Base_Db9ZJRWd.mjs.map
similarity index 99%
rename from Target/chunks/Base_CNq6ciJ_.mjs.map
rename to Target/chunks/Base_Db9ZJRWd.mjs.map
index aba1141d..c0942018 100644
--- a/Target/chunks/Base_CNq6ciJ_.mjs.map
+++ b/Target/chunks/Base_Db9ZJRWd.mjs.map
@@ -1 +1 @@
-{"version":3,"file":"Base_CNq6ciJ_.mjs","sources":["../../Source/Component/Footer.astro","../../Source/Asset/PlayForm.svg?raw","../../Source/Component/Header.astro","../../../../../node_modules/astro-capo/src/capo/rules.ts","../../../../../node_modules/astro-capo/src/capo/index.ts","../../../../../node_modules/astro-capo/src/Head.ts","../../../../../node_modules/astro/components/ViewTransitions.astro","../../Source/Layout/Base.astro"],"sourcesContent":["\n\n\n","export default \"\\n\"","---\nimport DarkPlayForm from \"@Asset/Dark/PlayForm.svg?raw\";\nimport PlayForm from \"@Asset/PlayForm.svg?raw\";\n\nconst Index = Astro.url.pathname === \"/\" ? \"-1\" : \"\";\n---\n\n Effective date: 05.25.2018 / May 25th 2018 We at PlayForm ltd. are committed to processing personal data securely and\\nrespecting privacy of the concerned individuals. v. 1.0. February 11th 2022 Scope. This Personal Data Protection\\nPolicy (the “Policy”) describes PlayForm ltd. internal rules for\\npersonal data processing and protection. The Policy applies to PlayForm\\nltd., including PlayForm ltd. employees and contractors (“we”, “us”,\\n“our”, “PlayForm”). The management of each entity is ultimately\\nresponsible for the implementation of this policy, as well as to ensure, at\\nentity level, there are adequate and effective procedures in place for its\\nimplementation and ongoing monitoring of its adherence. For the purposes of\\nthis Policy, employees and contractors are jointly referred to as the\\n“employees”. Privacy Manager. Privacy Manager is an\\nemployee of PlayForm responsible for personal data protection compliance\\nwithin PlayForm (the “Privacy Manager”). The Privacy Manager is in\\ncharge of performing the obligations imposed by this Policy and supervising\\nother employees, who subject to this Policy, regarding their adherence to\\nthis Policy. The Privacy Manager must be involved in all projects at an\\nearly stage in order to take personal data protection aspects into account\\nas early as the planning phase. Definitions. means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. PlayForm’s processing activities must be in line with the principles\\nspecified in this Section. The Privacy Manager must make sure that\\nPlayForm’s compliance documentation, as well as data processing activities,\\nare compliant with the data protection principles. We must process the Personal Data in accordance with the following\\nprinciples: Lawfully, fairly and in a transparent manner (lawfulness, fairness and\\ntransparency). We shall always have a legal ground for the processing\\n(described in Section 3 of this Policy), collect the amount of data\\nadequate to the purpose and legal grounds, and we make sure the Data\\nSubjects are aware of the processing; Collected for specified, explicit and legitimate purposes and not\\nfurther processed in a manner that is incompatible with those purposes\\n(purpose limitation). We must not process the Personal Data for the\\npurposes not specified in our compliance documentation without obtaining\\nspecific approval of the Privacy Manager; Adequate, relevant and limited to what is necessary for the purposes for\\nwhich they are processed (data minimization). We always make sure\\nthe data we collect is not excessive and limited by the strict\\nnecessity; Accurate and, where necessary, kept up to date (accuracy). We\\nendeavor to delete inaccurate or false data about Data Subjects and make\\nsure we update the data. Data Subjects can ask us for a correction of\\nthe Personal Data; Kept in a form which permits identification of Data Subjects for no\\nlonger than is necessary for the purposes for which the Personal Data\\nare processed (storage period limitation). The storage periods must\\nbe limited as prescribed by Data Protection Laws and this Policy; and Process in a manner that ensures appropriate security of the Personal\\nData, including protection against unauthorized or unlawful processing\\nand accidental loss, destruction or damage, using appropriate technical\\nor organizational measures (confidentiality, integrity, and\\navailability). Accountability. We shall be able to demonstrate our compliance with Data Protection Laws\\n(accountability principle). In particular, we must ensure and\\ndocument all relevant procedures, efforts, internal and external\\nconsultations on personal data protection including: the fact of appointing a person responsible for PlayForm’s data\\nprotection compliance; where necessary, a record of a Data Processing Impact Assessment; developed and implemented notices, policies, and procedures, such as\\nPrivacy Notice, this policy or Data Breach response procedure; the fact of staff training on compliance with Data Protection laws;\\nand assessment, implementation, and testing organizational and technical\\ndata protection measures. The Privacy Manager must maintain PlayForm’s Records of processing\\nactivities, which is an accountability document that describes personal\\ndata processing activities of PlayForm, prepared in accordance with Art.\\n30 of the GDPR (the “Records of processing activities”). The Records\\nof processing activities must maintain, at least, the following\\ninformation about each processing activity: contact details of PlayForm, the EU Representative, and, where\\napplicable, of the Data Protection Officer; name of the activity, its purposes and legal basis along with, where\\napplicable, the legitimate interests of PlayForm; data subjects and personal data categories concerned; data retention periods; general description of applicable security measures; recipients, including joint controllers, processors, and contractors\\ninvolved, as well as the fact of the international data transfer\\nwith the safeguards applied to the transfer; where applicable, a reference to the Data Processing Impact\\nAssessment; where applicable, a reference to the record of the data breach\\noccurred involving the personal data; if PlayForm acts as a data processor, the information to be provided\\nincludes the names and contact details of controllers, name and\\ncontact details of controller’s representative (if applicable),\\ncategories of processing (activities), names of third countries or\\ninternational organizations that personal data are transferred to\\n(if applicable), safeguards for exceptional transfers of personal\\ndata to third countries or international organizations (if\\napplicable), and general description of technical and organizational\\nsecurity measures. Legal grounds. Each processing activity must have one of the lawful grounds specified\\nin this Section to process the Personal Data. If we do not have any of\\nthe described, we cannot collect or further process the Personal Data. If PlayForm is intended to use personal data for other purposes than\\nthose specified in the Records of processing activities, the Privacy\\nManager must evaluate, determine, and, if necessary, collect/record the\\nappropriate legal basis for it. Performance of the contract. Where PlayForm has a contract with the\\nData Subject, e.g., website’s Terms of Use or the employment contract,\\nand the contract requires the provision of personal data from the Data\\nSubject, the applicable legal ground will be the performance of the\\ncontract. Consent. To process the personal data based on the consent, we must\\nobtain the consent before the Processing and keep the evidence of the\\nconsent with the records of Data Subject’s Personal Data. The Privacy\\nManager must make sure that the consent collected from Data Subjects\\nmeet the requirements of Data Protection Laws and this Policy. In\\nparticular, the Privacy Manager must make sure that: the Data Subject must be free to give or refuse to give consent. the consent is in the form of an active indication from the Data\\nSubject, i.e., the consent checkbox must not be pre-ticked for the\\nuser. the request for the consent clearly articulates the purposes of the\\nprocessing, and other information specified in Subsection 6.2 is\\navailable to the Data Subject. the Data Subject must be free to give one’s consent or to revoke it. Legitimate interests. We have the right to use personal data in our\\n‘legitimate interests’. The interests can include the purposes that are\\njustified by the nature of our business activities, such as the\\nmarketing analysis of personal data. For PlayForm to use legitimate\\ninterests as a legal ground for the processing, the Privacy Manager must\\nmake sure that: the legitimate interest in the processing is clearly defined and\\nrecorded in the Records of processing activities; any envisaged risks to Data Subject rights and interests are\\nspotted. The examples of the risks can be found in Subsection 7.2.; the Data Subjects have reasonable expectations about the processing,\\nand additional protective measures to address the risks are taken; subject to the conditions of Subsection 6.7 (Right to object against\\nthe processing), the Data Subject is provided with the opportunity\\nto opt-out from the processing for the described legitimate\\ninterests. Legal Compliance and Public Interest. Besides the grounds specified\\nafore, we might be requested by the laws of the European Union or laws\\nof the EU Member State to process Personal Data of our Users. For\\nexample, we can be required to collect, analyze, and monitor the\\ninformation of Users to comply with financial or labor laws. we process personal data strictly in accordance with relevant legal\\nrequirements; we do not use or store the collected Personal Data for other\\npurposes than legal compliance; and the Data Subjects are properly and timely informed about our\\nobligations, scope, and conditions of personal data processing. Important: Where PlayForm has the law requirements of another country to process\\npersonal data, the Privacy Manager must propose using another legal ground for\\nthe processing under Data Protection Laws, such as legitimate interests or\\nconsent. Access to Personal Data. The employees must have access to the personal data on a “need-to-know”\\nbasis. The data can be accessed only if it is strictly necessary to\\nperform one of the activities specified in the Records of processing\\nactivities. The employees and contractors shall have access to the\\nPersonal Data only if they have the necessary credentials for it. Heads of the departments within PlayForm are responsible for their\\nemployees’ access and processing of personal data. The heads must\\nmaintain the list of employees that are entitled to access and process\\npersonal data. The Privacy Manager shall have the right to review the\\nlist and, where necessary, request the amendments to meet the\\nrequirements of this Policy. Heads of the departments within PlayForm must ensure that the employees\\nunder their supervision are aware of the Data Protection Laws and comply\\nwith the rules set in this Policy. To make sure our employees are able\\nto comply with the data protection requirements, we must provide them\\nwith adequate data protection training. All employees accessing personal data shall keep strict confidentiality\\nregarding the data they access. The employees that access personal data\\nmust use only those means (software, premises, etc.) for the processing\\nthat were prescribed by PlayForm. The data must not be disclosed or\\notherwise made available out of the management instructions. The employees within their competence must assist PlayForm’s\\nrepresentatives, including the Privacy Manager, in any efforts regarding\\ncompliance with Data Protection Laws and/or this Policy. When an employee detects or believes there is suspicious activity, data\\nbreach, non-compliance with Data Protection Laws and/or this Policy, or\\na DSR was not routed to the competent department within PlayForm, the\\nemployee must report such activity to the Privacy Manager. Employees that are unsure about whether they can legitimately process or\\ndisclose Personal Data must seek advice from the Privacy Manager before\\ntaking any action. Any occasional access to personal data for activities not specified in\\nthe Records of processing activities is prohibited. If there is a strict\\nnecessity for immediate access, the Privacy Manager must approve the\\naccess first. Before sharing personal data with any person outside of PlayForm, the\\nPrivacy Manager must ensure that this Third Party has an adequate data\\nprotection level and provide sufficient data protection guarantees in\\naccordance with Data Protection Laws, including, but not limited to the\\nprocessorship requirements (Art. 28 of the GDPR) and international transfers\\ncompliance (Section 5 of the GDPR). Where necessary, the Privacy Manager\\nmust make sure that PlayForm enters into the appropriate data protection\\ncontract with the third party. An employee can share personal data with third parties only if and to the\\nextent that was directly prescribed by the manager and specified in the\\nRecords of processing activities. If we are required to delete, change, or stop the processing of the Personal\\nData, we must ensure that the Third Parties, with whom we shared the\\nPersonal Data, will fulfill these obligations accordingly. Whenever PlayForm is engaged as a data processor on behalf of another\\nentity, the Privacy Manager must make sure PlayForm complies with the\\nprocessorship obligation. In particular, the appropriate data processing\\nagreement in accordance with the Data Protection Laws must be in place. The\\nPrivacy Manager must supervise the compliance with data processing\\ninstructions from the controller, including regarding the scope of\\nprocessing activities, involvement of sub-processors, international\\ntransfers, storage, and further disposal of processed personal data. The\\npersonal data processed under the processor role must not be processed for\\nany other purposes than specified in the relevant instructions, agreement or\\nother legal act regulating the relationships with the controller. If we have the employees, contractors, corporate affiliates, or Data\\nProcessors outside of the EEA, and we transfer Personal Data to them for the\\nprocessing, the Privacy Manager must make sure PlayForm takes all necessary\\nand appropriate safeguards in accordance with Data Protection Laws. The Privacy Manager must assess the safeguards available and propose to the\\nPlayForm’s management the appropriate safeguard for each international\\ntransfer. The following regimes apply to the transfers of Personal Data\\noutside of the EU: where the European Commission decides that the country has an adequate\\nlevel of personal data protection, the transfer does not require taking\\nadditional safeguards. The full list of adequate jurisdictions can be\\nfound on the relevant page of the European Commission’s website1. to transfer Personal Data to our contractors or partners (Data\\nProcessors or Controllers) in other third countries, we must conclude\\nStandard Contractual Clauses with that party. The draft version along\\nwith the guidance can be found on the relevant page of the European\\nCommission’s website2; if we have a corporate affiliate or an entity in other countries, we may\\nchoose to adopt Binding Corporate Rules in accordance with Article 47 of\\nthe GDPR or an approved code of conduct pursuant to Article 40 of the\\nGDPR; we also can transfer Personal Data to entities that have an approved\\ncertification in accordance with Article 42 of the GDPR, which certifies\\nan appropriate level of company’s data protection. As a part of the information obligations, PlayForm must inform the Data\\nSubjects that their Personal Data is being transferred to other countries,\\nas well as provide them with the information about the safeguards used for\\nthe transfer. The information obligation is to be performed in accordance\\nwith Subsection 6.2. In the exceptional cases (the “Derogation”), where we cannot apply the\\nsafeguards mentioned afore and we need to transfer Personal Data, we must\\ntake an explicit consent (active statement) from the Data Subject or it must\\nbe strictly necessary for the performance of the contract between us and the\\nData Subject, or other derogation conditions apply in accordance with the\\nData Protection Laws. The Privacy Manager must pre-approve any Derogation\\ntransfers and document the approved Derogations, as well as the rationale\\nfor them. Our Responsibilities. Privacy Manager is ultimately responsible for handing all DSR received\\nby PlayForm. In the case of receiving any outstanding or unusual DSR,\\nthe employee must seek advice from the Privacy Manager before taking any\\naction. DSR Team within PlayForm is responsible for handling DSRs from PlayForm\\nUsers on a daily basis. The Human Resources department is responsible\\nfor handling the DSR from PlayForm employees. All DSRs from the Users must be addressed at and answered from the\\nfollowing e-mail address: dsr@playform.cloud. DSR from the employees can\\nbe addressed directly to the HR manager or at dsr@playform.cloud. The responsible employee must answer to the DSR within one (1) month\\nfrom receiving the request. If complying with the DSR takes more than\\none month in time, the responsible employee must seek advice from the\\nPrivacy Manager and, where necessary, inform the Data Subject about the\\nprolongation of the response term for up to two (2) additional months. The responsible employee must analyze the received DSR for the following\\ncriteria: Data Subject identification. Before considering the DSR content,\\nthe responsible employee must make sure the Data Subject is the same\\nperson he/she claims to be. For this purpose, the connection between\\nthe personal data records and the data subject must be established. Personal data. The responsible employee must check whether\\nPlayForm has access to the personal data requested. If PlayForm does\\nnot have the personal data under the control, the responsible\\nemployee must inform the Data Subject, and, if possible, instruct on\\nthe further steps on how to access the data in question; Content of the request. Depending on the content of the DSR, the\\nresponsible employee must define the type of the request and check\\nwhether it meets the conditions prescribed by this Policy and Data\\nProtection Laws. The types of requests and the respective conditions\\nfor each of them can be consulted in Subsections 6.3-6.9. If the\\nrequest does not meet the described criteria, the responsible\\nemployee must refuse to comply with the DSR and inform the Data\\nSubject about the reasons for refusing; Free of charge. Generally, all requests of Data Subjects and\\nexercises of their rights are free of charge. If the responsible\\nemployee finds that the Data Subject exercises the rights in an\\nexcessive or unfound way (e.g., intended to harm or interrupt\\nPlayForm’s business activities), the employee must seek the advice\\nfrom the Privacy Manager, and, upon receiving of the latter, may\\neither charge the Data Subject a reasonable fee or refuse to comply\\nwith the request; Documenting. Whenever PlayForm receives the DSR, the Privacy\\nManager must make sure that the data and time, Data Subject, type of\\nthe request and the decision made regarding it are well documented.\\nIn the case of refusing to comply with the request, the reasons for\\nrefusing must be documented as well; Recipients. When addressing the DSR, the Privacy Manager must\\nmake sure that all concerned recipients were informed the necessary\\nactions were taken. The right to be informed. PlayForm must notify each Data Subject about the collection and further\\nprocessing of the Personal Data. The information to be provided includes: the name and contact details of\\nPlayForm; generic purposes of and the lawful basis for the data\\ncollection and further processing; categories of Personal Data\\ncollected; recipients/categories of recipients; retention periods;\\ninformation about data subject rights, including the right to complain\\nto the competent Supervisory Authority; the consequences of the cases\\nwhere the data is necessary for the contract performance and the Data\\nSubject does not provide the required data; details of the safeguards\\nwhere personal data is transferred outside the EEA; and any third-party\\nsource of the personal data, without specification for the particular\\ncase (except if we receive the direct request from the Data Subject). The Users must be informed by the Privacy Policy accessible at\\nPlayForm’s website and provided during the user registration. The\\nemployees and contractors must be informed by a standalone employee\\nprivacy statement, which explains the details described in p. 6.2.2 in a\\ncase-based manner, describing the particular purposes and activities. PlayForm must inform Data Subjects about data processing, including any\\nnew processing activity introduced at PlayForm within the following\\nterm: if personal data is collected from the data subject directly, the\\ndata subject must be informed at the time we collect Personal Data\\nfrom the Data Subjects by showing the Data Subject our privacy\\nstatement; if the personal data is collected from other sources: (a) within one\\nmonth from collecting it; (b) if the personal data are to be used\\nfor communication with the data subject, at the latest at the time\\nof the first communication to that data subject; or (c) if a\\ndisclosure to another recipient is envisaged, at the latest when the\\npersonal data are first disclosed. upon the request of the Data Subject; and within one (1) month after any change of our personal data\\npractices, change of the controller of Personal Data or after\\nsignificant changes in our privacy statements. The right to access the information. The Data Subject must be provided only with those personal data records\\nspecified in the request. If the Data Subject requests access to all\\npersonal data concerning her or him, the employee must seek advice from\\nthe Privacy Manager first, to make sure all personal data of the Data\\nSubject is mapped and provided. A Data Subject has the right to: learn if we process the Data Subject’s Personal Data; obtain disclosure regarding aspects of the processing, including\\ndetailed and case-specific information on purposes, categories of\\nPersonal Data, recipients/categories of recipients, retention\\nperiods, information about one’s rights, details of the relevant\\nsafeguards where personal data is transferred outside the EEA, and\\nany third-party source of the personal data; and obtain a copy of the Personal Data undergoing processing upon the\\nrequest. The right to verify the Data Subject’s information\\nand seek its rectification. The information we collect can\\nbe/become inaccurate or out-of-date (e.g., mistakes in nationality, date of\\nbirth, info on debts, economic activities). If we reveal that the Personal\\nData is inaccurate or the Data Subject requests us to do so, we must ensure\\nthat we correct all mistakes and update the relevant information. The right to restrict processing. The restriction of processing allows Data Subjects to temporarily stop\\nthe use of their information to prevent the possible harm caused by such\\nuse. This right applies when the Data Subject: contests the accuracy of the Personal Data; believes that we process the Personal Data unlawfully; and objects against the processing and wants us not to process Personal\\nData while we are considering the request. In the case of receiving the restriction request, we must not process\\nPersonal Data in question for any other purpose than storing it or for\\nlegal compliance purposes until the circumstances of restriction cease\\nto exist. The right to withdraw the consent. For\\nthe activities that require consent, the Data Subject can revoke their\\nconsent at any time. If the Data Subject revokes the consent, we must record\\nthe changes and must not process the Personal Data for consent-based\\npurposes. The withdrawal of consent does not affect the lawfulness of the\\nprocessing done before the withdrawal. The right to object against the\\nprocessing. If we process the information in our legitimate interests, e.g., for\\ndirect marketing emails or for our marketing research purposes, the Data\\nSubject can object against the processing. In the case of receiving the objection request case, we must consider\\nData Subject’s request and, where we do not have compelling interests,\\nstop the processing for the specified purposes. If the personal data is\\nstill to be processed for other purposes, the Privacy Manager must make\\nsure that the database has a record that the data cannot be further\\nprocessed for the objected activities. The objection request can be refused only if the personal data in\\nquestion is used for scientific/historical research or statistical\\npurposes and was appropriately protected, i.e., by anonymization or\\npseudonymization techniques. Right to erasure/to be forgotten. The Data Subjects have the right to request us to erase their Personal\\nData if one of the following conditions are met: Personal Data is no longer necessary for the purposes of collection.\\nFor example, a user has provided personal data for a one-time\\nactivity, such as data validation or participation in a contest, and\\nthe purpose is already fulfilled; the Data Subject revokes one’s consent or objects to the processing\\n(where applicable) and there is no other legal ground for the\\nprocessing; or we process the Personal Data unlawfully or its erasure is required\\nby the applicable legislation of the European Union or one of the\\nMember countries of the European Union. Conditions, under which we have the right to refuse the erasure: Personal Data is processed for scientific/historical research or\\nstatistical purposes and is appropriately protected, i.e.,\\npseudonymized or anonymized; Personal Data is still necessary for legal compliance (e.g.,\\nfinancial or labor laws compliance). Only those personal data records must be deleted that were specified in\\nthe request. If the Data Subject requests the deletion of all personal\\ndata concerning her or him, the employee must seek advice from the\\nPrivacy Manager first, to make sure all the data about the Data Subject\\nis mapped and can be deleted. If the User still has an account with us and requests the erasure of\\ninformation necessary for maintaining the account, we must inform the\\nUser that the erasure will affect user experience or can lead to the\\nclosure of the account. Data portability. Data Subjects can ask us to transfer all the Personal Data and/or its\\npart in a machine-readable format to a third party. This right applies\\nin two cases: personal data was collected for the purpose of provision of our\\nservices (performance of the contract); or collected based on consent. To determine whether one of the p.6.9.1 conditions are met, the employee\\nmust seek advice from the Privacy Manager and check the applicable legal\\nbasis in the Records of processing activities. If the answer is\\nnegative, the request can be refused by PlayForm, and the Privacy\\nManager must decide whether to comply with the request on a voluntary\\nbasis. To comply with the request, the responsible employee must consolidate\\nrequested Personal Data and send the data in the format we are usually\\nworking with to the requested organization. The Data Subject must\\nprovide the necessary contact details of the organization. Notification to Privacy Manager. Before introducing any new activity that involves the processing of\\npersonal data, an employee responsible for its implementation must\\ninform the Privacy Manager. Upon receiving information about a new activity, Privacy Manager must: determine whether the data processing impact assessment (DPIA)\\nand/or the consultation with the Supervisory Authority is necessary.\\nIf the answer is positive, the Privacy Manager must make sure the\\nDPIA is conducted and/or the Supervisory Authority is consulted in\\naccordance with the requirements of this Section and Data Protection\\nLaws; determine the legal basis for the processing and, where necessary,\\ntake further action for its fixation; make sure the processing activity is done in accordance with this\\nPolicy, other PlayForm’s policies, as well as the Data Protection\\nLaws; add the processing activity to the Records of processing activities; amend the privacy information statements and, where necessary,\\ninform the concerned Data Subject accordingly. Data Processing Impact Assessment. To make sure that our current or prospective processing activities do\\nnot/will not violate the Data Subjects’ rights, PlayForm must, where\\nrequired by Data Protection Laws, conduct the Data Processing Impact\\nAssessment (DPIA), a risk-based assessment of the processing and search\\nfor the measures to mitigate the risks. The Privacy Manager must make\\nsure the DPIA is conducted in accordance with this Section. The Privacy Manager, where necessary, involving the competent employees\\nand/or external advisors, must conduct a DPIA if at least one of the\\nfollowing conditions are met: the processing involves the use of new technologies, such as the\\nArtificial Intelligence, use of connected and autonomous devices,\\netc. that creates certain legal, economic or similar effects to the\\nData Subject; we systematically assess and evaluate personal aspects of the Data\\nSubjects based on automated profiling, assigning the personal\\nscore/rate, and create legal or similar effects for the Data Subject\\nby this activity; we process on a large-scale sensitive data, which includes Personal\\nData relating to criminal convictions and offences, the data about\\nvulnerable data subjects, the personal data revealing racial or\\nethnic origin, political opinions, religious or philosophical\\nbeliefs, or trade union membership, and the processing of genetic\\ndata, biometric data for the purpose of uniquely identifying a\\nnatural person, data concerning health or data concerning a natural\\nperson’s sex life or sexual orientation; we collect or process Personal Data from a publicly accessible area\\nor public sources on a large scale, or combine or match two\\ndifferent data sets; and the Supervisory Authority in its public list requires conducting a\\nDPIA for a certain type of activity we are involved in. The list of\\nprocessing activities requiring conducting DPIA can be found on the\\nwebsite of each Supervisory Authority. The assessment shall contain at least the following details: a systematic description of the processing operations and the\\npurposes of the processing, including, where applicable, the\\nlegitimate interest pursued by us. The description must include the\\nenvisaged data categories and data subjects concerned, the scale of\\nprocessing activities, such as its frequency, volume, envisaged\\nnumber of records, etc.; recipients of the data, retention periods\\nand, where applicable, international transfers; an assessment of the necessity and proportionality of the processing\\noperations in relation to the purposes. The DPIA must explain\\nwhether the activity is necessary for the purpose and whether the\\npurpose can be achieved by less intrusive methods; an assessment of the risks to the rights and freedoms of data\\nsubjects, including the rights of Data Subjects regarding their\\nPersonal Data. The examples of risks are the processing which could lead to\\nphysical, material or non-material damage, in particular: where the\\nprocessing may give rise to discrimination, identity theft or fraud,\\nfinancial loss, damage to the reputation, loss of confidentiality of\\npersonal data protected by professional secrecy, unauthorized\\nreversal of pseudonymization, or any other significant economic or\\nsocial disadvantage; where data subjects might be deprived of their\\nrights and freedoms or prevented from exercising control over their\\npersonal data; where personal data are processed which reveal racial\\nor ethnic origin, political opinions, religion or philosophical\\nbeliefs, trade union membership, and the processing of genetic data,\\ndata concerning health or data concerning sex life or criminal\\nconvictions and offences or related security measures; where\\npersonal aspects are evaluated, in particular analyzing or\\npredicting aspects concerning performance at work, economic\\nsituation, health, personal preferences or interests, reliability or\\nbehavior, location or movements, in order to create or use personal\\nprofiles; where personal data of vulnerable natural persons, in\\nparticular of children, are processed; or where processing involves\\na large amount of personal data and affects a large number of data\\nsubjects; and the measures to address the risks, including safeguards, security\\nmeasures, and mechanisms to ensure the protection of personal data\\nand to demonstrate compliance with this Regulation. Where the DPIA did not provide how to effectively address the risks, the\\nPrivacy Manager must initiate the consultation with the competent\\nSupervisory Authority to receive help with searching for the solution.\\nIn this case, PlayForm must not conduct the activity before the\\nSupervisory Authority approves the processing activity in question. General Rule. The Privacy Manager must make sure that PlayForm clearly defined the\\ndata storage periods and/or criteria for determining the storage periods\\nfor each processing activity it has. The periods for each processing\\nactivity must be specified in the Records of processing activities. Each department within PlayForm must comply with the data storage\\nperiods in accordance with the retention schedule provided in Records of\\nprocessing activities. The Privacy Manager must supervise each\\ndepartment and make sure they comply with this requirement. After the storage period ends, the personal data must be removed from\\nthe disposal of the department responsible for the processing or, in\\ncases where the data is not needed for any other purposes, destroyed\\ncompletely, including from back-up copies and other media. Whenever the storage period for a processing activity has ended, but the\\npersonal data processed is necessary for other processing purposes, the\\ndepartment manager must make sure that the personal data is not used for\\nthe ceased processing activity, and the responsible employees do not\\nhave the access to it unless required for any other activity. Exemptions. The rules specified in\\nSubsection 8.1 have the following exceptions: Business needs. Data retention periods can be prolonged, but no\\nlonger than 60 days, in the case that the data deletion will interrupt\\nor harm our ongoing business. The Privacy Manager must approve any\\nunforeseen prolongation; Technical impossibility. Some information is technically impossible\\nor disproportionally difficult to delete. For example, deletion of the\\ninformation may lead to breach of system integrity, or it is impossible\\nto delete the information from the backup copies. In such a case, the\\ninformation can be further stored, subject to the approval by the\\nPrivacy Manager and making respective amendments to the Records of\\nprocessing activities; and Anonymization. The Personal Data can be further processed for any\\npurposes (e.g., marketing) if we fully anonymize these data after the\\nretention period is expired. This means that all personal identifiers\\nand connections to them will be deleted from the data. To consider\\nPersonal Data anonymous, it must be impossible to reidentify the Data\\nSubject from the data set. Each department within PlayForm shall take all appropriate technical and\\norganizational measures that protect against unauthorized, unlawful, and/or\\naccidental access, destruction, modification, blocking, copying,\\ndistribution, as well as from other illegal actions of unauthorized persons\\nregarding the personal data under their responsibility. The employee responsible for the supervision after the security of personal\\ndata within PlayForm shall be DSR Officer. This person implements the\\nguidelines and other specifications on data protection and information\\nsecurity in his area of responsibility. He/she advises PlayForm management\\non the planning and implementation of information security in PlayForm, and\\nmust be involved in all projects at an early stage in order to take\\nsecurity-related aspects into account as early as the planning phase. Response Team. In case of revealing the Data Breach, CEO of PlayForm shall urgently\\nform the Data Breach Response Team (the “Response Team”), which will\\nhandle the Data Breach, notify the appropriate persons, and mitigate its\\nrisks. The Response Team must be а multi-disciplinary group headed by CEO of\\nPlayForm and comprised of the Privacy Manager, privacy laws specialist\\n(whether internal or external), and knowledgeable and skilled\\ninformation security specialists within PlayForm or outsourcing\\nprofessionals, if necessary. The team must ensure that all employees and\\nengaged contractors/processors adhere to this Policy and provide an\\nimmediate, effective, and skillful response to any suspected/alleged or\\nactual Data Breach affecting PlayForm. The potential members of the Response Team must be prepared to respond\\nto а Data Breach. The Response Team shall perform all the\\nresponsibilities of PlayForm mentioned in this Policy. The duties of the\\nResponse Team are: to communicate the Data Breach to the competent Supervisory\\nAuthority(-ies); in case of high risk to the rights and freedoms of Data Subjects, to\\ncommunicate the Data Breach to the Data Subject; if PlayForm obtain data from any third party as a processor, and a\\nData Breach involves obtained data, to inform the third parties\\nabout the Data Breach; to communicate PlayForm’s contractors or any other third parties\\nthat process the Personal Data involved in the Data Breach; and to take all appropriate technical and organizational measures to\\ncease the Data Breach and mitigate its consequences; to record the fact of the Data Breach in the Records of processing\\nactivities and file an internal data breach report that describes\\nthe event. The Response Team shall perform its duties until all the necessary\\nmeasures required by this Policy are taken. Notification to Supervisory Authority. PlayForm shall inform the Competent Supervisory Authority about the Data\\nBreach without undue delay and, where it is possible, not later than 72\\nhours after having become aware of the Data Breach. The Competent Supervisory Authority shall be determined by the residence\\nof the Data Subjects, whose information was involved in the Data Breach.\\nIf the Data Breach concerns the Personal Data of Data Subjects from more\\nthan one country, PlayForm shall inform all Competent Supervisory\\nAuthorities. To address the notification to the authority, the Response Team should\\nuse Annex 1 to this Policy. Annex 1 contains all the necessary contact\\ninformation of the EU supervisory authorities. If the Data Breach\\nconcerns Data Subjects from other than the EU countries, the Response\\nTeam shall ask a competent privacy specialist for advice. The notification to the Competent Supervisory Authority shall contain,\\nat least, following information: the nature of the Data Breach including where possible, the\\ncategories and an approximate number of Data Subjects and Personal\\nData records concerned; the name and contact details of the Response Team, Privacy Manager\\nor, if not applicable, of the CEO; the likely consequences of the Data Breach. Explain PlayForm’s point\\nof view on the purposes and possible further risks of the Data\\nBreach. E.g., the Personal Data may be stolen for the further\\nsale, fraud activities or blackmailing the concerned Data\\nSubjects; and the measures taken or proposed to be taken by PlayForm to\\naddress the Data Breach, including, where appropriate, measures to\\nmitigate its possible adverse effects. To file a notification, the Response Team should use PlayForm’s Data\\nBreach Notification Form to the Supervisory Authority. Notifications to Data Subjects. When the Data Breach is likely to result in a high risk to the rights\\nand freedoms of Data Subjects (e.g., stealing of funds, assets,\\nproprietary information), we must also communicate the Data Breach to\\nthe concerned Data Subjects without undue delay. The Privacy Manager\\nmust determine if there is a high risk based on the risk factors\\nspecified in Subsection 7.2.3 of this Policy. The notification shall contain the following information: description of the Data Breach - what happened and what led to the\\nData Breach, such as a security breach, employee’s negligence,\\nerror in the system work. If the Response Team decided not to\\ndisclose the causes of the Data Breach, then this clause must not be\\nmentioned; the measures taken by PlayForm regarding the Data Breach, including\\nsecurity measures, internal investigations, and supervisory\\nauthority notice; recommendations for the concerned Data Subjects how to mitigate\\nrisks and possible consequences, such as guidelines on how to\\nrestore access to an account, preventing measures (change of a\\npassword); and the contact information of the Response Team or one of its members. The notification to the Data Subjects should be carried out by the\\nemail letter or, where it is impossible to use the email, by other\\navailable means of communication. Exemptions. We do not have to send the notification to the Data\\nSubjects if any of the following conditions are met: PlayForm has implemented appropriate technical and organizational\\nprotection measures, and those measures were applied to the Personal\\nData affected by the Data Breach, in particular, those that leave\\nthe Personal Data inaccessible to any person who is not authorized\\nto access it, such as encryption; PlayForm has taken subsequent measures which ensure that the high\\nrisk to the rights and freedoms of Data Subjects referred to in this\\nsection is no longer likely to materialize; or it would involve a disproportionate effort to communicate with every\\nconcerned Data Subject. In such a case, there shall instead be a\\npublic communication or similar measure whereby the Data Subjects\\nare informed in an equally effective manner. In the case we apply one of the exemptions, we must document the\\ncircumstances, reason for not informing, and actions taken to meet one of the\\nexemptions. Communication with Third Parties. In the case a Data Breach concerns the Personal Data shared with us or\\nprocessed by us on behalf of a Third Party, we must also notify the\\nThird Party about it within 24 hours. If we process the Personal Data as\\na Data Processor, the notification of the Third Party does not exempt us\\nfrom the duty to mitigate the Data Breach consequences, but we must not\\ninform the Competent Supervisory Authority and Data Subjects. In case of receiving the notification about the Data Breach from the\\nData Processor or other Third Parties that have access to the Personal\\nData, CEO of PlayForm shall, in accordance with this Section: form the Response Team; request the Third Party to send the information mentioned in\\nSubsections 10.2-3 of this Policy; where necessary, inform the Competent Supervisory Authority(-ies)\\nand Data Subjects; and perform other steps of the Data Breach response procedure. List of Persons Briefed on Personal Data Protection Policy Full Name Status Date European National Data Protection Authorities Austria Österreichische Datenschutzbehörde Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische\\nDatenschutzbehörde Belgium Commission de la protection de la vie privée Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy\\ncommission Bulgaria Commission for Personal Data Protection Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for\\nPersonal Data Protection Croatia Croatian Personal Data Protection Agency Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection\\nAgency Cyprus Commissioner for Personal Data Protection Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU Czech Republic The Office for Personal Data Protection Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data\\nProtection Denmark Datatilsynet Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection\\nAgency (Datatilsynet) Estonia Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection\\nInspectorate Finland Office of the Data Protection Ombudsman Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection\\nAuthority France Commission Nationale de l’Informatique et des Libertés - CNIL Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL Germany Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit The competence for complaints is split among different data protection\\nsupervisory authorities in Germany. Competent authorities can be identified according to the list provided under https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of\\nInformation Greece Hellenic Data Protection Authority Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA Hungary National Authority for Data Protection and Freedom of Information Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for\\nData Protection and Freedom of Information Ireland Data Protection Commissioner Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner Italy Garante per la protezione dei dati personali Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei\\ndati personali Latvia Data State Inspectorate Director: Ms. Daiga Avdejanova Art 29 WP Alternate Member: Ms. Aiga BALODE Lithuania State Data Protection Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data\\nProtection Inspectorate Luxembourg Commission Nationale pour la Protection des Données Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour\\nla Protection des Données Malta Office of the Data Protection Commissioner Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection\\nCommissioner Netherlands Autoriteit Persoonsgegevens Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens Poland The Bureau of the Inspector General for the Protection of Personal Data – GIODO Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection\\nof Personal Data Portugal Comissão Nacional de Protecção de Dados - CNPD Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção\\nde Dados Romania The National Supervisory Authority for Personal Data Processing President: Mrs.\\nAncuţa Gianina Opre Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory\\nAuthority for Personal Data Processing Slovakia Office for Personal Data Protection of the Slovak Republic Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data\\nProtection of the Slovak Republic Slovenia Information Commissioner Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic\\nof Slovenia Spain Agencia de Protección de Datos Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data\\nProtection Agency Sweden Datainspektionen Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data\\nInspection Board United Kingdom The Information Commissioner’s Office Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner EUROPEAN FREE TRADE AREA (EFTA) Iceland Icelandic Data Protection Agency Liechtenstein Data Protection Office Norway Datatilsynet Switzerland Data Protection and Information Commissioner of Switzerland v. 1.0. February 11th 2022 means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. Full Name Status Date Effective date: 05.25.2018 / May 25th 2018 We at PlayForm ltd. are committed to processing personal data securely and\\nrespecting privacy of the concerned individuals. v. 1.0. February 11th 2022 Scope. This Personal Data Protection\\nPolicy (the “Policy”) describes PlayForm ltd. internal rules for\\npersonal data processing and protection. The Policy applies to PlayForm\\nltd., including PlayForm ltd. employees and contractors (“we”, “us”,\\n“our”, “PlayForm”). The management of each entity is ultimately\\nresponsible for the implementation of this policy, as well as to ensure, at\\nentity level, there are adequate and effective procedures in place for its\\nimplementation and ongoing monitoring of its adherence. For the purposes of\\nthis Policy, employees and contractors are jointly referred to as the\\n“employees”. Privacy Manager. Privacy Manager is an\\nemployee of PlayForm responsible for personal data protection compliance\\nwithin PlayForm (the “Privacy Manager”). The Privacy Manager is in\\ncharge of performing the obligations imposed by this Policy and supervising\\nother employees, who subject to this Policy, regarding their adherence to\\nthis Policy. The Privacy Manager must be involved in all projects at an\\nearly stage in order to take personal data protection aspects into account\\nas early as the planning phase. Definitions. means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. PlayForm’s processing activities must be in line with the principles\\nspecified in this Section. The Privacy Manager must make sure that\\nPlayForm’s compliance documentation, as well as data processing activities,\\nare compliant with the data protection principles. We must process the Personal Data in accordance with the following\\nprinciples: Lawfully, fairly and in a transparent manner (lawfulness, fairness and\\ntransparency). We shall always have a legal ground for the processing\\n(described in Section 3 of this Policy), collect the amount of data\\nadequate to the purpose and legal grounds, and we make sure the Data\\nSubjects are aware of the processing; Collected for specified, explicit and legitimate purposes and not\\nfurther processed in a manner that is incompatible with those purposes\\n(purpose limitation). We must not process the Personal Data for the\\npurposes not specified in our compliance documentation without obtaining\\nspecific approval of the Privacy Manager; Adequate, relevant and limited to what is necessary for the purposes for\\nwhich they are processed (data minimization). We always make sure\\nthe data we collect is not excessive and limited by the strict\\nnecessity; Accurate and, where necessary, kept up to date (accuracy). We\\nendeavor to delete inaccurate or false data about Data Subjects and make\\nsure we update the data. Data Subjects can ask us for a correction of\\nthe Personal Data; Kept in a form which permits identification of Data Subjects for no\\nlonger than is necessary for the purposes for which the Personal Data\\nare processed (storage period limitation). The storage periods must\\nbe limited as prescribed by Data Protection Laws and this Policy; and Process in a manner that ensures appropriate security of the Personal\\nData, including protection against unauthorized or unlawful processing\\nand accidental loss, destruction or damage, using appropriate technical\\nor organizational measures (confidentiality, integrity, and\\navailability). Accountability. We shall be able to demonstrate our compliance with Data Protection Laws\\n(accountability principle). In particular, we must ensure and\\ndocument all relevant procedures, efforts, internal and external\\nconsultations on personal data protection including: the fact of appointing a person responsible for PlayForm’s data\\nprotection compliance; where necessary, a record of a Data Processing Impact Assessment; developed and implemented notices, policies, and procedures, such as\\nPrivacy Notice, this policy or Data Breach response procedure; the fact of staff training on compliance with Data Protection laws;\\nand assessment, implementation, and testing organizational and technical\\ndata protection measures. The Privacy Manager must maintain PlayForm’s Records of processing\\nactivities, which is an accountability document that describes personal\\ndata processing activities of PlayForm, prepared in accordance with Art.\\n30 of the GDPR (the “Records of processing activities”). The Records\\nof processing activities must maintain, at least, the following\\ninformation about each processing activity: contact details of PlayForm, the EU Representative, and, where\\napplicable, of the Data Protection Officer; name of the activity, its purposes and legal basis along with, where\\napplicable, the legitimate interests of PlayForm; data subjects and personal data categories concerned; data retention periods; general description of applicable security measures; recipients, including joint controllers, processors, and contractors\\ninvolved, as well as the fact of the international data transfer\\nwith the safeguards applied to the transfer; where applicable, a reference to the Data Processing Impact\\nAssessment; where applicable, a reference to the record of the data breach\\noccurred involving the personal data; if PlayForm acts as a data processor, the information to be provided\\nincludes the names and contact details of controllers, name and\\ncontact details of controller’s representative (if applicable),\\ncategories of processing (activities), names of third countries or\\ninternational organizations that personal data are transferred to\\n(if applicable), safeguards for exceptional transfers of personal\\ndata to third countries or international organizations (if\\napplicable), and general description of technical and organizational\\nsecurity measures. Legal grounds. Each processing activity must have one of the lawful grounds specified\\nin this Section to process the Personal Data. If we do not have any of\\nthe described, we cannot collect or further process the Personal Data. If PlayForm is intended to use personal data for other purposes than\\nthose specified in the Records of processing activities, the Privacy\\nManager must evaluate, determine, and, if necessary, collect/record the\\nappropriate legal basis for it. Performance of the contract. Where PlayForm has a contract with the\\nData Subject, e.g., website’s Terms of Use or the employment contract,\\nand the contract requires the provision of personal data from the Data\\nSubject, the applicable legal ground will be the performance of the\\ncontract. Consent. To process the personal data based on the consent, we must\\nobtain the consent before the Processing and keep the evidence of the\\nconsent with the records of Data Subject’s Personal Data. The Privacy\\nManager must make sure that the consent collected from Data Subjects\\nmeet the requirements of Data Protection Laws and this Policy. In\\nparticular, the Privacy Manager must make sure that: the Data Subject must be free to give or refuse to give consent. the consent is in the form of an active indication from the Data\\nSubject, i.e., the consent checkbox must not be pre-ticked for the\\nuser. the request for the consent clearly articulates the purposes of the\\nprocessing, and other information specified in Subsection 6.2 is\\navailable to the Data Subject. the Data Subject must be free to give one’s consent or to revoke it. Legitimate interests. We have the right to use personal data in our\\n‘legitimate interests’. The interests can include the purposes that are\\njustified by the nature of our business activities, such as the\\nmarketing analysis of personal data. For PlayForm to use legitimate\\ninterests as a legal ground for the processing, the Privacy Manager must\\nmake sure that: the legitimate interest in the processing is clearly defined and\\nrecorded in the Records of processing activities; any envisaged risks to Data Subject rights and interests are\\nspotted. The examples of the risks can be found in Subsection 7.2.; the Data Subjects have reasonable expectations about the processing,\\nand additional protective measures to address the risks are taken; subject to the conditions of Subsection 6.7 (Right to object against\\nthe processing), the Data Subject is provided with the opportunity\\nto opt-out from the processing for the described legitimate\\ninterests. Legal Compliance and Public Interest. Besides the grounds specified\\nafore, we might be requested by the laws of the European Union or laws\\nof the EU Member State to process Personal Data of our Users. For\\nexample, we can be required to collect, analyze, and monitor the\\ninformation of Users to comply with financial or labor laws. we process personal data strictly in accordance with relevant legal\\nrequirements; we do not use or store the collected Personal Data for other\\npurposes than legal compliance; and the Data Subjects are properly and timely informed about our\\nobligations, scope, and conditions of personal data processing. Important: Where PlayForm has the law requirements of another country to process\\npersonal data, the Privacy Manager must propose using another legal ground for\\nthe processing under Data Protection Laws, such as legitimate interests or\\nconsent. Access to Personal Data. The employees must have access to the personal data on a “need-to-know”\\nbasis. The data can be accessed only if it is strictly necessary to\\nperform one of the activities specified in the Records of processing\\nactivities. The employees and contractors shall have access to the\\nPersonal Data only if they have the necessary credentials for it. Heads of the departments within PlayForm are responsible for their\\nemployees’ access and processing of personal data. The heads must\\nmaintain the list of employees that are entitled to access and process\\npersonal data. The Privacy Manager shall have the right to review the\\nlist and, where necessary, request the amendments to meet the\\nrequirements of this Policy. Heads of the departments within PlayForm must ensure that the employees\\nunder their supervision are aware of the Data Protection Laws and comply\\nwith the rules set in this Policy. To make sure our employees are able\\nto comply with the data protection requirements, we must provide them\\nwith adequate data protection training. All employees accessing personal data shall keep strict confidentiality\\nregarding the data they access. The employees that access personal data\\nmust use only those means (software, premises, etc.) for the processing\\nthat were prescribed by PlayForm. The data must not be disclosed or\\notherwise made available out of the management instructions. The employees within their competence must assist PlayForm’s\\nrepresentatives, including the Privacy Manager, in any efforts regarding\\ncompliance with Data Protection Laws and/or this Policy. When an employee detects or believes there is suspicious activity, data\\nbreach, non-compliance with Data Protection Laws and/or this Policy, or\\na DSR was not routed to the competent department within PlayForm, the\\nemployee must report such activity to the Privacy Manager. Employees that are unsure about whether they can legitimately process or\\ndisclose Personal Data must seek advice from the Privacy Manager before\\ntaking any action. Any occasional access to personal data for activities not specified in\\nthe Records of processing activities is prohibited. If there is a strict\\nnecessity for immediate access, the Privacy Manager must approve the\\naccess first. Before sharing personal data with any person outside of PlayForm, the\\nPrivacy Manager must ensure that this Third Party has an adequate data\\nprotection level and provide sufficient data protection guarantees in\\naccordance with Data Protection Laws, including, but not limited to the\\nprocessorship requirements (Art. 28 of the GDPR) and international transfers\\ncompliance (Section 5 of the GDPR). Where necessary, the Privacy Manager\\nmust make sure that PlayForm enters into the appropriate data protection\\ncontract with the third party. An employee can share personal data with third parties only if and to the\\nextent that was directly prescribed by the manager and specified in the\\nRecords of processing activities. If we are required to delete, change, or stop the processing of the Personal\\nData, we must ensure that the Third Parties, with whom we shared the\\nPersonal Data, will fulfill these obligations accordingly. Whenever PlayForm is engaged as a data processor on behalf of another\\nentity, the Privacy Manager must make sure PlayForm complies with the\\nprocessorship obligation. In particular, the appropriate data processing\\nagreement in accordance with the Data Protection Laws must be in place. The\\nPrivacy Manager must supervise the compliance with data processing\\ninstructions from the controller, including regarding the scope of\\nprocessing activities, involvement of sub-processors, international\\ntransfers, storage, and further disposal of processed personal data. The\\npersonal data processed under the processor role must not be processed for\\nany other purposes than specified in the relevant instructions, agreement or\\nother legal act regulating the relationships with the controller. If we have the employees, contractors, corporate affiliates, or Data\\nProcessors outside of the EEA, and we transfer Personal Data to them for the\\nprocessing, the Privacy Manager must make sure PlayForm takes all necessary\\nand appropriate safeguards in accordance with Data Protection Laws. The Privacy Manager must assess the safeguards available and propose to the\\nPlayForm’s management the appropriate safeguard for each international\\ntransfer. The following regimes apply to the transfers of Personal Data\\noutside of the EU: where the European Commission decides that the country has an adequate\\nlevel of personal data protection, the transfer does not require taking\\nadditional safeguards. The full list of adequate jurisdictions can be\\nfound on the relevant page of the European Commission’s website1. to transfer Personal Data to our contractors or partners (Data\\nProcessors or Controllers) in other third countries, we must conclude\\nStandard Contractual Clauses with that party. The draft version along\\nwith the guidance can be found on the relevant page of the European\\nCommission’s website2; if we have a corporate affiliate or an entity in other countries, we may\\nchoose to adopt Binding Corporate Rules in accordance with Article 47 of\\nthe GDPR or an approved code of conduct pursuant to Article 40 of the\\nGDPR; we also can transfer Personal Data to entities that have an approved\\ncertification in accordance with Article 42 of the GDPR, which certifies\\nan appropriate level of company’s data protection. As a part of the information obligations, PlayForm must inform the Data\\nSubjects that their Personal Data is being transferred to other countries,\\nas well as provide them with the information about the safeguards used for\\nthe transfer. The information obligation is to be performed in accordance\\nwith Subsection 6.2. In the exceptional cases (the “Derogation”), where we cannot apply the\\nsafeguards mentioned afore and we need to transfer Personal Data, we must\\ntake an explicit consent (active statement) from the Data Subject or it must\\nbe strictly necessary for the performance of the contract between us and the\\nData Subject, or other derogation conditions apply in accordance with the\\nData Protection Laws. The Privacy Manager must pre-approve any Derogation\\ntransfers and document the approved Derogations, as well as the rationale\\nfor them. Our Responsibilities. Privacy Manager is ultimately responsible for handing all DSR received\\nby PlayForm. In the case of receiving any outstanding or unusual DSR,\\nthe employee must seek advice from the Privacy Manager before taking any\\naction. DSR Team within PlayForm is responsible for handling DSRs from PlayForm\\nUsers on a daily basis. The Human Resources department is responsible\\nfor handling the DSR from PlayForm employees. All DSRs from the Users must be addressed at and answered from the\\nfollowing e-mail address: dsr@playform.cloud. DSR from the employees can\\nbe addressed directly to the HR manager or at dsr@playform.cloud. The responsible employee must answer to the DSR within one (1) month\\nfrom receiving the request. If complying with the DSR takes more than\\none month in time, the responsible employee must seek advice from the\\nPrivacy Manager and, where necessary, inform the Data Subject about the\\nprolongation of the response term for up to two (2) additional months. The responsible employee must analyze the received DSR for the following\\ncriteria: Data Subject identification. Before considering the DSR content,\\nthe responsible employee must make sure the Data Subject is the same\\nperson he/she claims to be. For this purpose, the connection between\\nthe personal data records and the data subject must be established. Personal data. The responsible employee must check whether\\nPlayForm has access to the personal data requested. If PlayForm does\\nnot have the personal data under the control, the responsible\\nemployee must inform the Data Subject, and, if possible, instruct on\\nthe further steps on how to access the data in question; Content of the request. Depending on the content of the DSR, the\\nresponsible employee must define the type of the request and check\\nwhether it meets the conditions prescribed by this Policy and Data\\nProtection Laws. The types of requests and the respective conditions\\nfor each of them can be consulted in Subsections 6.3-6.9. If the\\nrequest does not meet the described criteria, the responsible\\nemployee must refuse to comply with the DSR and inform the Data\\nSubject about the reasons for refusing; Free of charge. Generally, all requests of Data Subjects and\\nexercises of their rights are free of charge. If the responsible\\nemployee finds that the Data Subject exercises the rights in an\\nexcessive or unfound way (e.g., intended to harm or interrupt\\nPlayForm’s business activities), the employee must seek the advice\\nfrom the Privacy Manager, and, upon receiving of the latter, may\\neither charge the Data Subject a reasonable fee or refuse to comply\\nwith the request; Documenting. Whenever PlayForm receives the DSR, the Privacy\\nManager must make sure that the data and time, Data Subject, type of\\nthe request and the decision made regarding it are well documented.\\nIn the case of refusing to comply with the request, the reasons for\\nrefusing must be documented as well; Recipients. When addressing the DSR, the Privacy Manager must\\nmake sure that all concerned recipients were informed the necessary\\nactions were taken. The right to be informed. PlayForm must notify each Data Subject about the collection and further\\nprocessing of the Personal Data. The information to be provided includes: the name and contact details of\\nPlayForm; generic purposes of and the lawful basis for the data\\ncollection and further processing; categories of Personal Data\\ncollected; recipients/categories of recipients; retention periods;\\ninformation about data subject rights, including the right to complain\\nto the competent Supervisory Authority; the consequences of the cases\\nwhere the data is necessary for the contract performance and the Data\\nSubject does not provide the required data; details of the safeguards\\nwhere personal data is transferred outside the EEA; and any third-party\\nsource of the personal data, without specification for the particular\\ncase (except if we receive the direct request from the Data Subject). The Users must be informed by the Privacy Policy accessible at\\nPlayForm’s website and provided during the user registration. The\\nemployees and contractors must be informed by a standalone employee\\nprivacy statement, which explains the details described in p. 6.2.2 in a\\ncase-based manner, describing the particular purposes and activities. PlayForm must inform Data Subjects about data processing, including any\\nnew processing activity introduced at PlayForm within the following\\nterm: if personal data is collected from the data subject directly, the\\ndata subject must be informed at the time we collect Personal Data\\nfrom the Data Subjects by showing the Data Subject our privacy\\nstatement; if the personal data is collected from other sources: (a) within one\\nmonth from collecting it; (b) if the personal data are to be used\\nfor communication with the data subject, at the latest at the time\\nof the first communication to that data subject; or (c) if a\\ndisclosure to another recipient is envisaged, at the latest when the\\npersonal data are first disclosed. upon the request of the Data Subject; and within one (1) month after any change of our personal data\\npractices, change of the controller of Personal Data or after\\nsignificant changes in our privacy statements. The right to access the information. The Data Subject must be provided only with those personal data records\\nspecified in the request. If the Data Subject requests access to all\\npersonal data concerning her or him, the employee must seek advice from\\nthe Privacy Manager first, to make sure all personal data of the Data\\nSubject is mapped and provided. A Data Subject has the right to: learn if we process the Data Subject’s Personal Data; obtain disclosure regarding aspects of the processing, including\\ndetailed and case-specific information on purposes, categories of\\nPersonal Data, recipients/categories of recipients, retention\\nperiods, information about one’s rights, details of the relevant\\nsafeguards where personal data is transferred outside the EEA, and\\nany third-party source of the personal data; and obtain a copy of the Personal Data undergoing processing upon the\\nrequest. The right to verify the Data Subject’s information\\nand seek its rectification. The information we collect can\\nbe/become inaccurate or out-of-date (e.g., mistakes in nationality, date of\\nbirth, info on debts, economic activities). If we reveal that the Personal\\nData is inaccurate or the Data Subject requests us to do so, we must ensure\\nthat we correct all mistakes and update the relevant information. The right to restrict processing. The restriction of processing allows Data Subjects to temporarily stop\\nthe use of their information to prevent the possible harm caused by such\\nuse. This right applies when the Data Subject: contests the accuracy of the Personal Data; believes that we process the Personal Data unlawfully; and objects against the processing and wants us not to process Personal\\nData while we are considering the request. In the case of receiving the restriction request, we must not process\\nPersonal Data in question for any other purpose than storing it or for\\nlegal compliance purposes until the circumstances of restriction cease\\nto exist. The right to withdraw the consent. For\\nthe activities that require consent, the Data Subject can revoke their\\nconsent at any time. If the Data Subject revokes the consent, we must record\\nthe changes and must not process the Personal Data for consent-based\\npurposes. The withdrawal of consent does not affect the lawfulness of the\\nprocessing done before the withdrawal. The right to object against the\\nprocessing. If we process the information in our legitimate interests, e.g., for\\ndirect marketing emails or for our marketing research purposes, the Data\\nSubject can object against the processing. In the case of receiving the objection request case, we must consider\\nData Subject’s request and, where we do not have compelling interests,\\nstop the processing for the specified purposes. If the personal data is\\nstill to be processed for other purposes, the Privacy Manager must make\\nsure that the database has a record that the data cannot be further\\nprocessed for the objected activities. The objection request can be refused only if the personal data in\\nquestion is used for scientific/historical research or statistical\\npurposes and was appropriately protected, i.e., by anonymization or\\npseudonymization techniques. Right to erasure/to be forgotten. The Data Subjects have the right to request us to erase their Personal\\nData if one of the following conditions are met: Personal Data is no longer necessary for the purposes of collection.\\nFor example, a user has provided personal data for a one-time\\nactivity, such as data validation or participation in a contest, and\\nthe purpose is already fulfilled; the Data Subject revokes one’s consent or objects to the processing\\n(where applicable) and there is no other legal ground for the\\nprocessing; or we process the Personal Data unlawfully or its erasure is required\\nby the applicable legislation of the European Union or one of the\\nMember countries of the European Union. Conditions, under which we have the right to refuse the erasure: Personal Data is processed for scientific/historical research or\\nstatistical purposes and is appropriately protected, i.e.,\\npseudonymized or anonymized; Personal Data is still necessary for legal compliance (e.g.,\\nfinancial or labor laws compliance). Only those personal data records must be deleted that were specified in\\nthe request. If the Data Subject requests the deletion of all personal\\ndata concerning her or him, the employee must seek advice from the\\nPrivacy Manager first, to make sure all the data about the Data Subject\\nis mapped and can be deleted. If the User still has an account with us and requests the erasure of\\ninformation necessary for maintaining the account, we must inform the\\nUser that the erasure will affect user experience or can lead to the\\nclosure of the account. Data portability. Data Subjects can ask us to transfer all the Personal Data and/or its\\npart in a machine-readable format to a third party. This right applies\\nin two cases: personal data was collected for the purpose of provision of our\\nservices (performance of the contract); or collected based on consent. To determine whether one of the p.6.9.1 conditions are met, the employee\\nmust seek advice from the Privacy Manager and check the applicable legal\\nbasis in the Records of processing activities. If the answer is\\nnegative, the request can be refused by PlayForm, and the Privacy\\nManager must decide whether to comply with the request on a voluntary\\nbasis. To comply with the request, the responsible employee must consolidate\\nrequested Personal Data and send the data in the format we are usually\\nworking with to the requested organization. The Data Subject must\\nprovide the necessary contact details of the organization. Notification to Privacy Manager. Before introducing any new activity that involves the processing of\\npersonal data, an employee responsible for its implementation must\\ninform the Privacy Manager. Upon receiving information about a new activity, Privacy Manager must: determine whether the data processing impact assessment (DPIA)\\nand/or the consultation with the Supervisory Authority is necessary.\\nIf the answer is positive, the Privacy Manager must make sure the\\nDPIA is conducted and/or the Supervisory Authority is consulted in\\naccordance with the requirements of this Section and Data Protection\\nLaws; determine the legal basis for the processing and, where necessary,\\ntake further action for its fixation; make sure the processing activity is done in accordance with this\\nPolicy, other PlayForm’s policies, as well as the Data Protection\\nLaws; add the processing activity to the Records of processing activities; amend the privacy information statements and, where necessary,\\ninform the concerned Data Subject accordingly. Data Processing Impact Assessment. To make sure that our current or prospective processing activities do\\nnot/will not violate the Data Subjects’ rights, PlayForm must, where\\nrequired by Data Protection Laws, conduct the Data Processing Impact\\nAssessment (DPIA), a risk-based assessment of the processing and search\\nfor the measures to mitigate the risks. The Privacy Manager must make\\nsure the DPIA is conducted in accordance with this Section. The Privacy Manager, where necessary, involving the competent employees\\nand/or external advisors, must conduct a DPIA if at least one of the\\nfollowing conditions are met: the processing involves the use of new technologies, such as the\\nArtificial Intelligence, use of connected and autonomous devices,\\netc. that creates certain legal, economic or similar effects to the\\nData Subject; we systematically assess and evaluate personal aspects of the Data\\nSubjects based on automated profiling, assigning the personal\\nscore/rate, and create legal or similar effects for the Data Subject\\nby this activity; we process on a large-scale sensitive data, which includes Personal\\nData relating to criminal convictions and offences, the data about\\nvulnerable data subjects, the personal data revealing racial or\\nethnic origin, political opinions, religious or philosophical\\nbeliefs, or trade union membership, and the processing of genetic\\ndata, biometric data for the purpose of uniquely identifying a\\nnatural person, data concerning health or data concerning a natural\\nperson’s sex life or sexual orientation; we collect or process Personal Data from a publicly accessible area\\nor public sources on a large scale, or combine or match two\\ndifferent data sets; and the Supervisory Authority in its public list requires conducting a\\nDPIA for a certain type of activity we are involved in. The list of\\nprocessing activities requiring conducting DPIA can be found on the\\nwebsite of each Supervisory Authority. The assessment shall contain at least the following details: a systematic description of the processing operations and the\\npurposes of the processing, including, where applicable, the\\nlegitimate interest pursued by us. The description must include the\\nenvisaged data categories and data subjects concerned, the scale of\\nprocessing activities, such as its frequency, volume, envisaged\\nnumber of records, etc.; recipients of the data, retention periods\\nand, where applicable, international transfers; an assessment of the necessity and proportionality of the processing\\noperations in relation to the purposes. The DPIA must explain\\nwhether the activity is necessary for the purpose and whether the\\npurpose can be achieved by less intrusive methods; an assessment of the risks to the rights and freedoms of data\\nsubjects, including the rights of Data Subjects regarding their\\nPersonal Data. The examples of risks are the processing which could lead to\\nphysical, material or non-material damage, in particular: where the\\nprocessing may give rise to discrimination, identity theft or fraud,\\nfinancial loss, damage to the reputation, loss of confidentiality of\\npersonal data protected by professional secrecy, unauthorized\\nreversal of pseudonymization, or any other significant economic or\\nsocial disadvantage; where data subjects might be deprived of their\\nrights and freedoms or prevented from exercising control over their\\npersonal data; where personal data are processed which reveal racial\\nor ethnic origin, political opinions, religion or philosophical\\nbeliefs, trade union membership, and the processing of genetic data,\\ndata concerning health or data concerning sex life or criminal\\nconvictions and offences or related security measures; where\\npersonal aspects are evaluated, in particular analyzing or\\npredicting aspects concerning performance at work, economic\\nsituation, health, personal preferences or interests, reliability or\\nbehavior, location or movements, in order to create or use personal\\nprofiles; where personal data of vulnerable natural persons, in\\nparticular of children, are processed; or where processing involves\\na large amount of personal data and affects a large number of data\\nsubjects; and the measures to address the risks, including safeguards, security\\nmeasures, and mechanisms to ensure the protection of personal data\\nand to demonstrate compliance with this Regulation. Where the DPIA did not provide how to effectively address the risks, the\\nPrivacy Manager must initiate the consultation with the competent\\nSupervisory Authority to receive help with searching for the solution.\\nIn this case, PlayForm must not conduct the activity before the\\nSupervisory Authority approves the processing activity in question. General Rule. The Privacy Manager must make sure that PlayForm clearly defined the\\ndata storage periods and/or criteria for determining the storage periods\\nfor each processing activity it has. The periods for each processing\\nactivity must be specified in the Records of processing activities. Each department within PlayForm must comply with the data storage\\nperiods in accordance with the retention schedule provided in Records of\\nprocessing activities. The Privacy Manager must supervise each\\ndepartment and make sure they comply with this requirement. After the storage period ends, the personal data must be removed from\\nthe disposal of the department responsible for the processing or, in\\ncases where the data is not needed for any other purposes, destroyed\\ncompletely, including from back-up copies and other media. Whenever the storage period for a processing activity has ended, but the\\npersonal data processed is necessary for other processing purposes, the\\ndepartment manager must make sure that the personal data is not used for\\nthe ceased processing activity, and the responsible employees do not\\nhave the access to it unless required for any other activity. Exemptions. The rules specified in\\nSubsection 8.1 have the following exceptions: Business needs. Data retention periods can be prolonged, but no\\nlonger than 60 days, in the case that the data deletion will interrupt\\nor harm our ongoing business. The Privacy Manager must approve any\\nunforeseen prolongation; Technical impossibility. Some information is technically impossible\\nor disproportionally difficult to delete. For example, deletion of the\\ninformation may lead to breach of system integrity, or it is impossible\\nto delete the information from the backup copies. In such a case, the\\ninformation can be further stored, subject to the approval by the\\nPrivacy Manager and making respective amendments to the Records of\\nprocessing activities; and Anonymization. The Personal Data can be further processed for any\\npurposes (e.g., marketing) if we fully anonymize these data after the\\nretention period is expired. This means that all personal identifiers\\nand connections to them will be deleted from the data. To consider\\nPersonal Data anonymous, it must be impossible to reidentify the Data\\nSubject from the data set. Each department within PlayForm shall take all appropriate technical and\\norganizational measures that protect against unauthorized, unlawful, and/or\\naccidental access, destruction, modification, blocking, copying,\\ndistribution, as well as from other illegal actions of unauthorized persons\\nregarding the personal data under their responsibility. The employee responsible for the supervision after the security of personal\\ndata within PlayForm shall be DSR Officer. This person implements the\\nguidelines and other specifications on data protection and information\\nsecurity in his area of responsibility. He/she advises PlayForm management\\non the planning and implementation of information security in PlayForm, and\\nmust be involved in all projects at an early stage in order to take\\nsecurity-related aspects into account as early as the planning phase. Response Team. In case of revealing the Data Breach, CEO of PlayForm shall urgently\\nform the Data Breach Response Team (the “Response Team”), which will\\nhandle the Data Breach, notify the appropriate persons, and mitigate its\\nrisks. The Response Team must be а multi-disciplinary group headed by CEO of\\nPlayForm and comprised of the Privacy Manager, privacy laws specialist\\n(whether internal or external), and knowledgeable and skilled\\ninformation security specialists within PlayForm or outsourcing\\nprofessionals, if necessary. The team must ensure that all employees and\\nengaged contractors/processors adhere to this Policy and provide an\\nimmediate, effective, and skillful response to any suspected/alleged or\\nactual Data Breach affecting PlayForm. The potential members of the Response Team must be prepared to respond\\nto а Data Breach. The Response Team shall perform all the\\nresponsibilities of PlayForm mentioned in this Policy. The duties of the\\nResponse Team are: to communicate the Data Breach to the competent Supervisory\\nAuthority(-ies); in case of high risk to the rights and freedoms of Data Subjects, to\\ncommunicate the Data Breach to the Data Subject; if PlayForm obtain data from any third party as a processor, and a\\nData Breach involves obtained data, to inform the third parties\\nabout the Data Breach; to communicate PlayForm’s contractors or any other third parties\\nthat process the Personal Data involved in the Data Breach; and to take all appropriate technical and organizational measures to\\ncease the Data Breach and mitigate its consequences; to record the fact of the Data Breach in the Records of processing\\nactivities and file an internal data breach report that describes\\nthe event. The Response Team shall perform its duties until all the necessary\\nmeasures required by this Policy are taken. Notification to Supervisory Authority. PlayForm shall inform the Competent Supervisory Authority about the Data\\nBreach without undue delay and, where it is possible, not later than 72\\nhours after having become aware of the Data Breach. The Competent Supervisory Authority shall be determined by the residence\\nof the Data Subjects, whose information was involved in the Data Breach.\\nIf the Data Breach concerns the Personal Data of Data Subjects from more\\nthan one country, PlayForm shall inform all Competent Supervisory\\nAuthorities. To address the notification to the authority, the Response Team should\\nuse Annex 1 to this Policy. Annex 1 contains all the necessary contact\\ninformation of the EU supervisory authorities. If the Data Breach\\nconcerns Data Subjects from other than the EU countries, the Response\\nTeam shall ask a competent privacy specialist for advice. The notification to the Competent Supervisory Authority shall contain,\\nat least, following information: the nature of the Data Breach including where possible, the\\ncategories and an approximate number of Data Subjects and Personal\\nData records concerned; the name and contact details of the Response Team, Privacy Manager\\nor, if not applicable, of the CEO; the likely consequences of the Data Breach. Explain PlayForm’s point\\nof view on the purposes and possible further risks of the Data\\nBreach. E.g., the Personal Data may be stolen for the further\\nsale, fraud activities or blackmailing the concerned Data\\nSubjects; and the measures taken or proposed to be taken by PlayForm to\\naddress the Data Breach, including, where appropriate, measures to\\nmitigate its possible adverse effects. To file a notification, the Response Team should use PlayForm’s Data\\nBreach Notification Form to the Supervisory Authority. Notifications to Data Subjects. When the Data Breach is likely to result in a high risk to the rights\\nand freedoms of Data Subjects (e.g., stealing of funds, assets,\\nproprietary information), we must also communicate the Data Breach to\\nthe concerned Data Subjects without undue delay. The Privacy Manager\\nmust determine if there is a high risk based on the risk factors\\nspecified in Subsection 7.2.3 of this Policy. The notification shall contain the following information: description of the Data Breach - what happened and what led to the\\nData Breach, such as a security breach, employee’s negligence,\\nerror in the system work. If the Response Team decided not to\\ndisclose the causes of the Data Breach, then this clause must not be\\nmentioned; the measures taken by PlayForm regarding the Data Breach, including\\nsecurity measures, internal investigations, and supervisory\\nauthority notice; recommendations for the concerned Data Subjects how to mitigate\\nrisks and possible consequences, such as guidelines on how to\\nrestore access to an account, preventing measures (change of a\\npassword); and the contact information of the Response Team or one of its members. The notification to the Data Subjects should be carried out by the\\nemail letter or, where it is impossible to use the email, by other\\navailable means of communication. Exemptions. We do not have to send the notification to the Data\\nSubjects if any of the following conditions are met: PlayForm has implemented appropriate technical and organizational\\nprotection measures, and those measures were applied to the Personal\\nData affected by the Data Breach, in particular, those that leave\\nthe Personal Data inaccessible to any person who is not authorized\\nto access it, such as encryption; PlayForm has taken subsequent measures which ensure that the high\\nrisk to the rights and freedoms of Data Subjects referred to in this\\nsection is no longer likely to materialize; or it would involve a disproportionate effort to communicate with every\\nconcerned Data Subject. In such a case, there shall instead be a\\npublic communication or similar measure whereby the Data Subjects\\nare informed in an equally effective manner. In the case we apply one of the exemptions, we must document the\\ncircumstances, reason for not informing, and actions taken to meet one of the\\nexemptions. Communication with Third Parties. In the case a Data Breach concerns the Personal Data shared with us or\\nprocessed by us on behalf of a Third Party, we must also notify the\\nThird Party about it within 24 hours. If we process the Personal Data as\\na Data Processor, the notification of the Third Party does not exempt us\\nfrom the duty to mitigate the Data Breach consequences, but we must not\\ninform the Competent Supervisory Authority and Data Subjects. In case of receiving the notification about the Data Breach from the\\nData Processor or other Third Parties that have access to the Personal\\nData, CEO of PlayForm shall, in accordance with this Section: form the Response Team; request the Third Party to send the information mentioned in\\nSubsections 10.2-3 of this Policy; where necessary, inform the Competent Supervisory Authority(-ies)\\nand Data Subjects; and perform other steps of the Data Breach response procedure. List of Persons Briefed on Personal Data Protection Policy Full Name Status Date European National Data Protection Authorities Austria Österreichische Datenschutzbehörde Art 29 WP Member: Dr Andrea JELINEK, Director, Österreichische\\nDatenschutzbehörde Belgium Commission de la protection de la vie privée Art 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy\\ncommission Bulgaria Commission for Personal Data Protection Art 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for\\nPersonal Data Protection Croatia Croatian Personal Data Protection Agency Art 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection\\nAgency Cyprus Commissioner for Personal Data Protection Art 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU Czech Republic The Office for Personal Data Protection Art 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data\\nProtection Denmark Datatilsynet Art 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection\\nAgency (Datatilsynet) Estonia Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) Art 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection\\nInspectorate Finland Office of the Data Protection Ombudsman Art 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection\\nAuthority France Commission Nationale de l’Informatique et des Libertés - CNIL Art 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL Germany Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit The competence for complaints is split among different data protection\\nsupervisory authorities in Germany. Competent authorities can be identified according to the list provided under https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html Art 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of\\nInformation Greece Hellenic Data Protection Authority Art 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA Hungary National Authority for Data Protection and Freedom of Information Art 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for\\nData Protection and Freedom of Information Ireland Data Protection Commissioner Art 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner Italy Garante per la protezione dei dati personali Art 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei\\ndati personali Latvia Data State Inspectorate Director: Ms. Daiga Avdejanova Art 29 WP Alternate Member: Ms. Aiga BALODE Lithuania State Data Protection Art 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data\\nProtection Inspectorate Luxembourg Commission Nationale pour la Protection des Données Art 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour\\nla Protection des Données Malta Office of the Data Protection Commissioner Art 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection\\nCommissioner Netherlands Autoriteit Persoonsgegevens Art 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens Poland The Bureau of the Inspector General for the Protection of Personal Data – GIODO Art 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection\\nof Personal Data Portugal Comissão Nacional de Protecção de Dados - CNPD Art 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção\\nde Dados Romania The National Supervisory Authority for Personal Data Processing President: Mrs.\\nAncuţa Gianina Opre Art 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory\\nAuthority for Personal Data Processing Slovakia Office for Personal Data Protection of the Slovak Republic Art 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data\\nProtection of the Slovak Republic Slovenia Information Commissioner Art 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic\\nof Slovenia Spain Agencia de Protección de Datos Art 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data\\nProtection Agency Sweden Datainspektionen Art 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data\\nInspection Board United Kingdom The Information Commissioner’s Office Art 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner EUROPEAN FREE TRADE AREA (EFTA) Iceland Icelandic Data Protection Agency Liechtenstein Data Protection Office Norway Datatilsynet Switzerland Data Protection and Information Commissioner of Switzerland v. 1.0. February 11th 2022 means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information. Full Name Status Date Effective date: 01.12.2016 / January 12th 2016 Welcome to PlayForm ltd.. PlayForm ltd. (“us”, “we”, or “our”) operates\\nhttps://playform.cloud and PlayForm mobile application (hereinafter referred to\\nas “Service”). Our Privacy Policy governs your visit to https://playform.cloud and PlayForm\\nmobile application, and explains how we collect, safeguard and disclose\\ninformation that results from your use of our Service. We use your data to provide and improve Service. By using Service, you agree to\\nthe collection and use of information in accordance with this policy. Unless\\notherwise defined in this Privacy Policy, the terms used in this Privacy Policy\\nhave the same meanings as in our Terms and Conditions. Our Terms and Conditions (“Terms”) govern all use of our Service and\\ntogether with the Privacy Policy constitutes your agreement with us\\n(“agreement”). SERVICE means the https://playform.cloud website and PlayForm mobile\\napplication operated by PlayForm ltd. PERSONAL DATA means data about a living individual who can be identified\\nfrom those data (or from those and other information either in our possession or\\nlikely to come into our possession). USAGE DATA is data collected automatically either generated by the use of\\nService or from Service infrastructure itself (for example, the duration of a\\npage visit). DATA CONTROLLER means a natural or legal person who (either alone or jointly\\nor in common with other persons) determines the purposes for which and the\\nmanner in which any personal data are, or are to be, processed. For the purpose\\nof this Privacy Policy, we are a Data Controller of your data. DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who\\nprocesses the data on behalf of the Data Controller. We may use the services of\\nvarious Service Providers in order to process your data more effectively. DATA SUBJECT is any living individual who is the subject of Personal Data. THE USER is the individual using our Service. The User corresponds to the\\nData Subject, who is the subject of Personal Data. We collect several different types of information for various purposes to\\nprovide and improve our Service to you. Personal Data While using our Service, we may ask you to provide us with certain personally\\nidentifiable information that can be used to contact or identify you\\n(“Personal Data”). Personally identifiable information may include, but is\\nnot limited to: a. Email address b. First name and last name c. Phone number d. Address, State, Province, ZIP/Postal code, City e. Usage Data We may use your Personal Data to contact you with newsletters, marketing or\\npromotional materials and other information that may be of interest to you. You\\nmay opt out of receiving any, or all, of these communications from us by\\nfollowing the unsubscribe link or by emailing at support@playform.cloud. Usage Data We may also collect information that your browser sends whenever you visit our\\nService or when you access Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet\\nProtocol address (e.g., IP address), browser type, browser version, the pages of\\nour Service that you visit, the time and date of your visit, the time spent on\\nthose pages, unique device identifiers and other diagnostic data. When you access Service with a mobile device, this Usage Data may include\\ninformation such as the type of mobile device you use, your mobile device unique\\nID, the IP address of your mobile device, your mobile operating system, the type\\nof mobile Internet browser you use, unique device identifiers and other\\ndiagnostic data. Tracking Data We use tracking technologies to track the activity on our Service and we hold\\ncertain information. Tracking technologies are used such as beacons, tags and scripts to collect and\\ntrack information and to improve and analyze our Service. PlayForm’s websites and online services may use “cookies.” Cookies enable you to\\nuse shopping carts and to personalize your experience on our sites, tell us\\nwhich parts of our websites people have visited, help us measure the\\neffectiveness of ads and web searches, and give us insights into user behavior\\nso we can improve our communications and products. PlayForm ltd. Uses the collected data for various purposes: a. to provide and maintain our Service; b. to notify you about changes to our Service; c. to allow you to participate in interactive features of our Service when you\\nchoose to do so; d. to provide customer support; e. to gather analysis or valuable information so that we can improve our\\nService; f. to monitor the usage of our Service; g. to detect, prevent and address technical issues; h. to fulfill any other purpose for which you provide it; i. to carry out our obligations and enforce our rights arising from any\\ncontracts entered into between you and us, including for billing and collection; j. to provide you with notices about your account and/or subscription, including\\nexpiration and renewal notices, email-instructions, etc.; k. to provide you with news, special offers and general information about other\\ngoods, services and events which we offer that are similar to those that you\\nhave already purchased or enquired about unless you have opted not to receive\\nsuch information; l. in any other way we may describe when you provide the information; m. for any other purpose with your consent. We will retain your Personal Data only for as long as is necessary for the\\npurposes set out in this Privacy Policy. We will retain and use your Personal\\nData to the extent necessary to comply with our legal obligations (for example,\\nif we are required to retain your data to comply with applicable laws), resolve\\ndisputes, and enforce our legal agreements and policies. We will also retain Usage Data for internal analysis purposes. Usage Data is\\ngenerally retained for a shorter period, except when this data is used to\\nstrengthen the security or to improve the functionality of our Service, or we\\nare legally obligated to retain this data for longer time periods. Your information, including Personal Data, may be transferred to – and\\nmaintained on – computers located outside of your state, province, country or\\nother governmental jurisdiction where the data protection laws may differ from\\nthose of your jurisdiction. If you are located outside United States and choose to provide information to\\nus, please note that we transfer the data, including Personal Data, to United\\nStates and process it there. Your consent to this Privacy Policy followed by your submission of such\\ninformation represents your agreement to that transfer. PlayForm ltd. Will take all the steps reasonably necessary to ensure that\\nyour data is treated securely and in accordance with this Privacy Policy and no\\ntransfer of your Personal Data will take place to an organization or a country\\nunless there are adequate controls in place including the security of your data\\nand other personal information. We may disclose personal information that we collect, or you provide: a. Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data\\nif required to do so by law or in response to valid requests by public\\nauthorities. b. Business Transaction. If we or our subsidiaries are involved in a merger, acquisition or asset sale,\\nyour Personal Data may be transferred. c. Other cases. We may disclose your information also: i. to our subsidiaries and affiliates; ii. to fulfill the purpose for which you provide it; iii. for the purpose of including your company’s logo on our website; iv. for any other purpose disclosed by us when you provide the information; v. with your consent in any other cases; vi. if we believe disclosure is necessary or appropriate to protect the rights,\\nproperty, or safety of the Company, our customers, or others. The security of your data is important to us but remember that no method of\\ntransmission over the Internet or method of electronic storage is 100% secure.\\nWhile we strive to use commercially acceptable means to protect your Personal\\nData, we cannot guarantee its absolute security. If you are a resident of the European Union (EU) and European Economic Area\\n(EEA), you have certain data protection rights, covered by GDPR. – See more at\\nhttps://eur-lex.europa.eu/eli/reg/2016/679/oj We aim to take reasonable steps to allow you to correct, amend, delete, or limit\\nthe use of your Personal Data. If you wish to be informed what Personal Data, we hold about you and if you want\\nit to be removed from our systems, please email us at support@playform.cloud. In certain circumstances, you have the following data protection rights: a. the right to access, update or to delete the information we have on you; b. the right of rectification. You have the right to have your information\\nrectified if that information is inaccurate or incomplete; c. the right to object. You have the right to object to our processing of your\\nPersonal Data; d. the right of restriction. You have the right to request that we restrict the\\nprocessing of your personal information; e. the right to data portability. You have the right to be provided with a copy\\nof your Personal Data in a structured, machine-readable and commonly used\\nformat; f. the right to withdraw consent. You also have the right to withdraw your\\nconsent at any time where we rely on your consent to process your personal\\ninformation; Please note that we may ask you to verify your identity before responding to\\nsuch requests. Please note, we may not able to provide Service without some\\nnecessary data. You have the right to complain to a Data Protection Authority about our\\ncollection and use of your Personal Data. For more information, please contact\\nyour local data protection authority in the European Economic Area (EEA). CalOPPA is the first state law in the nation to require commercial websites and\\nonline services to post a privacy policy. The law’s reach stretches well beyond\\nCalifornia to require a person or company in the United States (and conceivable\\nthe world) that operates websites collecting personally identifiable information\\nfrom California consumers to post a conspicuous privacy policy on its website\\nstating exactly the information being collected and those individuals with whom\\nit is being shared, and to comply with this policy. – See more at:\\nhttps://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3 According to CalOPPA we agree to the following: a. users can visit our site anonymously; b. our Privacy Policy link includes the word “Privacy”, and can easily be found\\non the page specified above on the home page of our website; c. users will be notified of any privacy policy changes on our Privacy Policy\\nPage; d. users are able to change their personal information by emailing us at\\nsupport@playform.cloud. Our Policy on “Do Not Track” Signals: We honor Do Not Track signals and do not track, or use advertising when a Do Not\\nTrack browser mechanism is in place. Do Not Track is a preference you can set in\\nyour web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings\\npage of your web browser. If you are a California resident, you are entitled to learn what data we collect\\nabout you, ask to delete your data and not to sell (share) it. To exercise your\\ndata protection rights, you can make certain requests and ask us: a. What personal information we have about you. If you make this request, we\\nwill return to you: i. The categories of personal information we have collected about you. ii. The categories of sources from which we collect your personal information. iii. The business or commercial purpose for collecting or selling your personal\\ninformation. iv. The categories of third parties with whom we share personal information. v. The specific pieces of personal information we have collected about you. vi. A list of categories of personal information that we have sold, along with\\nthe category of any other company we sold it to. If we have not sold your\\npersonal information, we will inform you of that fact. vii. A list of categories of personal information that we have disclosed for a\\nbusiness purpose, along with the category of any other company we shared it\\nwith. Please note, you are entitled to ask us to provide you with this information up\\nto two times in a rolling twelve-month period. When you make this request, the\\ninformation provided may be limited to the personal information we collected\\nabout you in the previous 12 months. b. To delete your personal information. If you make this request, we will\\ndelete the personal information we hold about you as of the date of your request\\nfrom our records and direct any service providers to do the same. In some cases,\\ndeletion may be accomplished through de-identification of the information. If\\nyou choose to delete your personal information, you may not be able to use\\ncertain functions that require your personal information to operate. c. To stop selling your personal information. If you submit a request to\\nstop selling your personal information, we will stop selling it. If you are a\\nCalifornia resident, to opt-out of the sale of your personal information, click\\n“Do Not Sell My Personal Information” at the bottom of our home page to submit\\nyour request. Please note, if you ask us to delete or stop selling your data, it may impact\\nyour experience with us, and you may not be able to participate in certain\\nprograms or membership services which require the usage of your personal\\ninformation to function. But in no circumstances, we will discriminate against\\nyou for exercising your rights. To exercise your California data protection rights described above, please send\\nyour request(s) by one of the following means: By email: support@playform.cloud By phone number: +359876668093 By mail: Delta Business Center, Ring Road N 251, Business Park Sofia Your data protection rights, described above, are covered by the CCPA, short for\\nthe California Consumer Privacy Act. To find out more, visit the official\\nCalifornia Legislative Information website. The CCPA took effect on 01/01/2020. We may employ third party companies and individuals to facilitate our Service\\n(“Service Providers”), provide Service on our behalf, perform\\nService-related services or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these\\ntasks on our behalf and are obligated not to disclose or use it for any other\\npurpose. We may provide paid products and/or services within Service. In that case, we\\nuse third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. That information is\\nprovided directly to our third-party payment processors whose use of your\\npersonal information is governed by their Privacy Policy. These payment\\nprocessors adhere to the standards set by PCI-DSS as managed by the PCI Security\\nStandards Council, which is a joint effort of brands like Visa, Mastercard,\\nAmerican Express and Discover. PCI-DSS requirements help ensure the secure\\nhandling of payment information. The payment processors we work with are: PayPal or Braintree: Their Privacy Policy can be viewed at\\nhttps://www.paypal.com/webapps/mpp/ua/privacy-full Apple Store In-App Payments: Their Privacy Policy can be viewed at:\\nhttps://www.apple.com/legal/privacy/en-ww/ /\\nhttps://support.apple.com/en-us/HT203027 Google Play In-App Payments: Their Privacy Policy can be viewed at:\\nhttps://policies.google.com/privacy?hl=en&gl=us /\\nhttps://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en Stripe: Their Privacy Policy can be viewed at: https://stripe.com/us/privacy Our Service may contain links to other sites that are not operated by us. If you\\nclick a third-party link, you will be directed to that third party’s site. We\\nstrongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy\\npolicies or practices of any third-party sites or services. Our Services are not intended for use by children under the age of 18\\n(“Child” or “Children”). We do not knowingly collect personally identifiable information from Children\\nunder 18. If you become aware that a Child has provided us with Personal Data,\\nplease contact us. If we become aware that we have collected Personal Data from\\nChildren without verification of parental consent, we take steps to remove that\\ninformation from our servers. We may update our Privacy Policy from time to time. We will notify you of any\\nchanges by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior\\nto the change becoming effective and update “effective date” at the top of this\\nPrivacy Policy. You are advised to review this Privacy Policy periodically for any changes.\\nChanges to this Privacy Policy are effective when they are posted on this page. If you have any questions about this Privacy Policy, please contact us: By email: support@playform.cloud. By phone number: +359876668093. By mail: Delta Business Center, Ring Road N 251, Business Park Sofia. Effective date: 01.12.2016 / January 12th 2016 Welcome to PlayForm ltd.. PlayForm ltd. (“us”, “we”, or “our”) operates\\nhttps://playform.cloud and PlayForm mobile application (hereinafter referred to\\nas “Service”). Our Privacy Policy governs your visit to https://playform.cloud and PlayForm\\nmobile application, and explains how we collect, safeguard and disclose\\ninformation that results from your use of our Service. We use your data to provide and improve Service. By using Service, you agree to\\nthe collection and use of information in accordance with this policy. Unless\\notherwise defined in this Privacy Policy, the terms used in this Privacy Policy\\nhave the same meanings as in our Terms and Conditions. Our Terms and Conditions (“Terms”) govern all use of our Service and\\ntogether with the Privacy Policy constitutes your agreement with us\\n(“agreement”). SERVICE means the https://playform.cloud website and PlayForm mobile\\napplication operated by PlayForm ltd. PERSONAL DATA means data about a living individual who can be identified\\nfrom those data (or from those and other information either in our possession or\\nlikely to come into our possession). USAGE DATA is data collected automatically either generated by the use of\\nService or from Service infrastructure itself (for example, the duration of a\\npage visit). DATA CONTROLLER means a natural or legal person who (either alone or jointly\\nor in common with other persons) determines the purposes for which and the\\nmanner in which any personal data are, or are to be, processed. For the purpose\\nof this Privacy Policy, we are a Data Controller of your data. DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who\\nprocesses the data on behalf of the Data Controller. We may use the services of\\nvarious Service Providers in order to process your data more effectively. DATA SUBJECT is any living individual who is the subject of Personal Data. THE USER is the individual using our Service. The User corresponds to the\\nData Subject, who is the subject of Personal Data. We collect several different types of information for various purposes to\\nprovide and improve our Service to you. Personal Data While using our Service, we may ask you to provide us with certain personally\\nidentifiable information that can be used to contact or identify you\\n(“Personal Data”). Personally identifiable information may include, but is\\nnot limited to: a. Email address b. First name and last name c. Phone number d. Address, State, Province, ZIP/Postal code, City e. Usage Data We may use your Personal Data to contact you with newsletters, marketing or\\npromotional materials and other information that may be of interest to you. You\\nmay opt out of receiving any, or all, of these communications from us by\\nfollowing the unsubscribe link or by emailing at support@playform.cloud. Usage Data We may also collect information that your browser sends whenever you visit our\\nService or when you access Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet\\nProtocol address (e.g., IP address), browser type, browser version, the pages of\\nour Service that you visit, the time and date of your visit, the time spent on\\nthose pages, unique device identifiers and other diagnostic data. When you access Service with a mobile device, this Usage Data may include\\ninformation such as the type of mobile device you use, your mobile device unique\\nID, the IP address of your mobile device, your mobile operating system, the type\\nof mobile Internet browser you use, unique device identifiers and other\\ndiagnostic data. Tracking Data We use tracking technologies to track the activity on our Service and we hold\\ncertain information. Tracking technologies are used such as beacons, tags and scripts to collect and\\ntrack information and to improve and analyze our Service. PlayForm’s websites and online services may use “cookies.” Cookies enable you to\\nuse shopping carts and to personalize your experience on our sites, tell us\\nwhich parts of our websites people have visited, help us measure the\\neffectiveness of ads and web searches, and give us insights into user behavior\\nso we can improve our communications and products. PlayForm ltd. Uses the collected data for various purposes: a. to provide and maintain our Service; b. to notify you about changes to our Service; c. to allow you to participate in interactive features of our Service when you\\nchoose to do so; d. to provide customer support; e. to gather analysis or valuable information so that we can improve our\\nService; f. to monitor the usage of our Service; g. to detect, prevent and address technical issues; h. to fulfill any other purpose for which you provide it; i. to carry out our obligations and enforce our rights arising from any\\ncontracts entered into between you and us, including for billing and collection; j. to provide you with notices about your account and/or subscription, including\\nexpiration and renewal notices, email-instructions, etc.; k. to provide you with news, special offers and general information about other\\ngoods, services and events which we offer that are similar to those that you\\nhave already purchased or enquired about unless you have opted not to receive\\nsuch information; l. in any other way we may describe when you provide the information; m. for any other purpose with your consent. We will retain your Personal Data only for as long as is necessary for the\\npurposes set out in this Privacy Policy. We will retain and use your Personal\\nData to the extent necessary to comply with our legal obligations (for example,\\nif we are required to retain your data to comply with applicable laws), resolve\\ndisputes, and enforce our legal agreements and policies. We will also retain Usage Data for internal analysis purposes. Usage Data is\\ngenerally retained for a shorter period, except when this data is used to\\nstrengthen the security or to improve the functionality of our Service, or we\\nare legally obligated to retain this data for longer time periods. Your information, including Personal Data, may be transferred to – and\\nmaintained on – computers located outside of your state, province, country or\\nother governmental jurisdiction where the data protection laws may differ from\\nthose of your jurisdiction. If you are located outside United States and choose to provide information to\\nus, please note that we transfer the data, including Personal Data, to United\\nStates and process it there. Your consent to this Privacy Policy followed by your submission of such\\ninformation represents your agreement to that transfer. PlayForm ltd. Will take all the steps reasonably necessary to ensure that\\nyour data is treated securely and in accordance with this Privacy Policy and no\\ntransfer of your Personal Data will take place to an organization or a country\\nunless there are adequate controls in place including the security of your data\\nand other personal information. We may disclose personal information that we collect, or you provide: a. Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data\\nif required to do so by law or in response to valid requests by public\\nauthorities. b. Business Transaction. If we or our subsidiaries are involved in a merger, acquisition or asset sale,\\nyour Personal Data may be transferred. c. Other cases. We may disclose your information also: i. to our subsidiaries and affiliates; ii. to fulfill the purpose for which you provide it; iii. for the purpose of including your company’s logo on our website; iv. for any other purpose disclosed by us when you provide the information; v. with your consent in any other cases; vi. if we believe disclosure is necessary or appropriate to protect the rights,\\nproperty, or safety of the Company, our customers, or others. The security of your data is important to us but remember that no method of\\ntransmission over the Internet or method of electronic storage is 100% secure.\\nWhile we strive to use commercially acceptable means to protect your Personal\\nData, we cannot guarantee its absolute security. If you are a resident of the European Union (EU) and European Economic Area\\n(EEA), you have certain data protection rights, covered by GDPR. – See more at\\nhttps://eur-lex.europa.eu/eli/reg/2016/679/oj We aim to take reasonable steps to allow you to correct, amend, delete, or limit\\nthe use of your Personal Data. If you wish to be informed what Personal Data, we hold about you and if you want\\nit to be removed from our systems, please email us at support@playform.cloud. In certain circumstances, you have the following data protection rights: a. the right to access, update or to delete the information we have on you; b. the right of rectification. You have the right to have your information\\nrectified if that information is inaccurate or incomplete; c. the right to object. You have the right to object to our processing of your\\nPersonal Data; d. the right of restriction. You have the right to request that we restrict the\\nprocessing of your personal information; e. the right to data portability. You have the right to be provided with a copy\\nof your Personal Data in a structured, machine-readable and commonly used\\nformat; f. the right to withdraw consent. You also have the right to withdraw your\\nconsent at any time where we rely on your consent to process your personal\\ninformation; Please note that we may ask you to verify your identity before responding to\\nsuch requests. Please note, we may not able to provide Service without some\\nnecessary data. You have the right to complain to a Data Protection Authority about our\\ncollection and use of your Personal Data. For more information, please contact\\nyour local data protection authority in the European Economic Area (EEA). CalOPPA is the first state law in the nation to require commercial websites and\\nonline services to post a privacy policy. The law’s reach stretches well beyond\\nCalifornia to require a person or company in the United States (and conceivable\\nthe world) that operates websites collecting personally identifiable information\\nfrom California consumers to post a conspicuous privacy policy on its website\\nstating exactly the information being collected and those individuals with whom\\nit is being shared, and to comply with this policy. – See more at:\\nhttps://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3 According to CalOPPA we agree to the following: a. users can visit our site anonymously; b. our Privacy Policy link includes the word “Privacy”, and can easily be found\\non the page specified above on the home page of our website; c. users will be notified of any privacy policy changes on our Privacy Policy\\nPage; d. users are able to change their personal information by emailing us at\\nsupport@playform.cloud. Our Policy on “Do Not Track” Signals: We honor Do Not Track signals and do not track, or use advertising when a Do Not\\nTrack browser mechanism is in place. Do Not Track is a preference you can set in\\nyour web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings\\npage of your web browser. If you are a California resident, you are entitled to learn what data we collect\\nabout you, ask to delete your data and not to sell (share) it. To exercise your\\ndata protection rights, you can make certain requests and ask us: a. What personal information we have about you. If you make this request, we\\nwill return to you: i. The categories of personal information we have collected about you. ii. The categories of sources from which we collect your personal information. iii. The business or commercial purpose for collecting or selling your personal\\ninformation. iv. The categories of third parties with whom we share personal information. v. The specific pieces of personal information we have collected about you. vi. A list of categories of personal information that we have sold, along with\\nthe category of any other company we sold it to. If we have not sold your\\npersonal information, we will inform you of that fact. vii. A list of categories of personal information that we have disclosed for a\\nbusiness purpose, along with the category of any other company we shared it\\nwith. Please note, you are entitled to ask us to provide you with this information up\\nto two times in a rolling twelve-month period. When you make this request, the\\ninformation provided may be limited to the personal information we collected\\nabout you in the previous 12 months. b. To delete your personal information. If you make this request, we will\\ndelete the personal information we hold about you as of the date of your request\\nfrom our records and direct any service providers to do the same. In some cases,\\ndeletion may be accomplished through de-identification of the information. If\\nyou choose to delete your personal information, you may not be able to use\\ncertain functions that require your personal information to operate. c. To stop selling your personal information. If you submit a request to\\nstop selling your personal information, we will stop selling it. If you are a\\nCalifornia resident, to opt-out of the sale of your personal information, click\\n“Do Not Sell My Personal Information” at the bottom of our home page to submit\\nyour request. Please note, if you ask us to delete or stop selling your data, it may impact\\nyour experience with us, and you may not be able to participate in certain\\nprograms or membership services which require the usage of your personal\\ninformation to function. But in no circumstances, we will discriminate against\\nyou for exercising your rights. To exercise your California data protection rights described above, please send\\nyour request(s) by one of the following means: By email: support@playform.cloud By phone number: +359876668093 By mail: Delta Business Center, Ring Road N 251, Business Park Sofia Your data protection rights, described above, are covered by the CCPA, short for\\nthe California Consumer Privacy Act. To find out more, visit the official\\nCalifornia Legislative Information website. The CCPA took effect on 01/01/2020. We may employ third party companies and individuals to facilitate our Service\\n(“Service Providers”), provide Service on our behalf, perform\\nService-related services or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these\\ntasks on our behalf and are obligated not to disclose or use it for any other\\npurpose. We may provide paid products and/or services within Service. In that case, we\\nuse third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. That information is\\nprovided directly to our third-party payment processors whose use of your\\npersonal information is governed by their Privacy Policy. These payment\\nprocessors adhere to the standards set by PCI-DSS as managed by the PCI Security\\nStandards Council, which is a joint effort of brands like Visa, Mastercard,\\nAmerican Express and Discover. PCI-DSS requirements help ensure the secure\\nhandling of payment information. The payment processors we work with are: PayPal or Braintree: Their Privacy Policy can be viewed at\\nhttps://www.paypal.com/webapps/mpp/ua/privacy-full Apple Store In-App Payments: Their Privacy Policy can be viewed at:\\nhttps://www.apple.com/legal/privacy/en-ww/ /\\nhttps://support.apple.com/en-us/HT203027 Google Play In-App Payments: Their Privacy Policy can be viewed at:\\nhttps://policies.google.com/privacy?hl=en&gl=us /\\nhttps://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en Stripe: Their Privacy Policy can be viewed at: https://stripe.com/us/privacy Our Service may contain links to other sites that are not operated by us. If you\\nclick a third-party link, you will be directed to that third party’s site. We\\nstrongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy\\npolicies or practices of any third-party sites or services. Our Services are not intended for use by children under the age of 18\\n(“Child” or “Children”). We do not knowingly collect personally identifiable information from Children\\nunder 18. If you become aware that a Child has provided us with Personal Data,\\nplease contact us. If we become aware that we have collected Personal Data from\\nChildren without verification of parental consent, we take steps to remove that\\ninformation from our servers. We may update our Privacy Policy from time to time. We will notify you of any\\nchanges by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior\\nto the change becoming effective and update “effective date” at the top of this\\nPrivacy Policy. You are advised to review this Privacy Policy periodically for any changes.\\nChanges to this Privacy Policy are effective when they are posted on this page. If you have any questions about this Privacy Policy, please contact us: By email: support@playform.cloud. By phone number: +359876668093. By mail: Delta Business Center, Ring Road N 251, Business Park Sofia. Effective date: 01.12.2016 / January 12th 2016 Welcome to PlayForm ltd. (“Company”, “we”, “our”, “us”)! As you\\nhave just clicked our Terms of Service, please pause, grab a cup of coffee and\\ncarefully read the following pages. It will take you approximately 20 minutes. These Terms of Service (“Terms”, “Terms of Service”) govern your use of\\nour web pages located at https://playform.cloud and our mobile application\\nPlayForm (together or individually “Service”) operated by PlayForm ltd. Our Privacy Policy also governs your use of our Service and explains how we\\ncollect, safeguard and disclose information that results from your use of our\\nweb pages. Please read it here https://playform.cloud/Privacy-Policy. Your agreement with us includes these Terms and our Privacy Policy\\n(“Agreements”). You acknowledge that you have read and understood\\nAgreements, and agree to be bound of them. If you do not agree with (or cannot comply with) Agreements, then you may not\\nuse the Service, but please let us know by emailing at support@playform.cloud so\\nwe can try to find a solution. These Terms apply to all visitors, users and\\nothers who wish to access or use Service. Thank you for being responsible. By creating an Account on our Service, you agree to subscribe to newsletters,\\nmarketing or promotional materials and other information we may send. However,\\nyou may opt out of receiving any, or all, of these communications from us by\\nfollowing the unsubscribe link or by emailing at. If you wish to purchase any product or service made available through Service\\n(“Purchase”), you may be asked to supply certain information relevant to\\nyour Purchase including, without limitation, your credit card number, the\\nexpiration date of your credit card, your billing address, and your shipping\\ninformation. You represent and warrant that: a) you have the legal right to use any credit card(s) or other payment method(s)\\nin connection with any Purchase; and that b) the information you supply to us is true, correct and complete. We may employ the use of third-party services for the purpose of facilitating\\npayment and the completion of Purchases. By submitting your information, you\\ngrant us the right to provide the information to these third parties subject to\\nour Privacy Policy. We reserve the right to refuse or cancel your order at any time for reasons\\nincluding but not limited to: product or service availability, errors in the\\ndescription or price of the product or service, error in your order or other\\nreasons. We reserve the right to refuse or cancel your order if fraud or an unauthorized\\nor illegal transaction is suspected. Any contests, sweepstakes or other promotions (collectively, “Promotions”)\\nmade available through Service may be governed by rules that are separate from\\nthese Terms of Service. If you participate in any Promotions, please review the\\napplicable rules as well as our Privacy Policy. If the rules for a Promotion\\nconflict with these Terms of Service, Promotion rules will apply. Some parts of Service are billed on a subscription basis\\n(“Subscription(s)”). You will be billed in advance on a recurring and\\nperiodic basis (“Billing Cycle”). Billing cycles are set either on a monthly\\nor annual basis, depending on the type of subscription plan you select when\\npurchasing a Subscription. At the end of each Billing Cycle, your Subscription will automatically renew\\nunder the exact same conditions unless you cancel it or PlayForm ltd. cancels\\nit. You may cancel your Subscription renewal either through your online account\\nmanagement page or by contacting PlayForm ltd. customer support team. A valid payment method, including credit card or PayPal, is required to process\\nthe payment for your subscription. You shall provide PlayForm ltd. with accurate\\nand complete billing information including full name, address, state, zip code,\\ntelephone number, and a valid payment method information. By submitting such\\npayment information, you automatically authorize PlayForm ltd. to charge all\\nSubscription fees incurred through your account to any such payment instruments. Should automatic billing fail to occur for any reason, PlayForm ltd. will issue\\nan electronic invoice indicating that you must proceed manually, within a\\ncertain deadline date, with the full payment corresponding to the billing period\\nas indicated on the invoice. PlayForm ltd. may, at its sole discretion, offer a Subscription with a free\\ntrial for a limited period of time (“Free Trial”). You may be required to enter your billing information in order to sign up for\\nFree Trial. If you do enter your billing information when signing up for Free Trial, you\\nwill not be charged by PlayForm ltd. until Free Trial has expired. On the last\\nday of Free Trial period, unless you cancelled your Subscription, you will be\\nautomatically charged the applicable Subscription fees for the type of\\nSubscription you have selected. At any time and without notice, PlayForm ltd. reserves the right to a) modify Terms of Service of Free Trial offer, or b) cancel such Free Trial offer. PlayForm ltd., in its sole discretion and at any time, may modify Subscription\\nfees for the Subscriptions. Any Subscription fee change will become effective at\\nthe end of the then-current Billing Cycle. PlayForm ltd. will provide you with a reasonable prior notice of any change in\\nSubscription fees to give you an opportunity to terminate your Subscription\\nbefore such change becomes effective. Your continued use of Service after Subscription fee change comes into effect\\nconstitutes your agreement to pay the modified Subscription fee amount. We issue refunds for Contracts within fourteen (14) days of the original\\npurchase of the Contract. Our Service allows you to post, link, store, share and otherwise make available\\ncertain information, text, graphics, videos, or other material (“Content”).\\nYou are responsible for Content that you post on or through Service, including\\nits legality, reliability, and appropriateness. By posting Content on or through Service, You represent and warrant that: a) Content is yours (you own it) and/or you have the right to use it and the\\nright to grant us the rights and license as provided in these Terms, and b) that the posting of your Content on or through Service does not violate the\\nprivacy rights, publicity rights, copyrights, contract rights or any other\\nrights of any person or entity. We reserve the right to terminate the account of\\nanyone found to be infringing on a copyright. You retain any and all of your rights to any Content you submit, post or display\\non or through Service and you are responsible for protecting those rights. We\\ntake no responsibility and assume no liability for Content you or any\\nthird-party posts on or through Service. However, by posting Content using\\nService you grant us the right and license to use, modify, publicly perform,\\npublicly display, reproduce, and distribute such Content on and through Service.\\nYou agree that this license includes the right for us to make your Content\\navailable to other users of Service, who may also use your Content subject to\\nthese Terms. PlayForm ltd. has the right but not the obligation to monitor and edit all\\nContent provided by users. In addition, Content found on or through this Service are the property of\\nPlayForm ltd. or used with permission. You may not distribute, modify, transmit,\\nreuse, download, repost, copy, or use said Content, whether in whole or in part,\\nfor commercial purposes or for personal gain, without express advance written\\npermission from us. You may use Service only for lawful purposes and in accordance with Terms. You\\nagree not to use Service: a. In any way that violates any applicable national or international law or\\nregulation. b. For the purpose of exploiting, harming, or attempting to exploit or harm\\nminors in any way by exposing them to inappropriate content or otherwise. c. To transmit, or procure the sending of, any advertising or promotional\\nmaterial, including any “junk mail”, “chain letter,” “spam,” or any other\\nsimilar solicitation. d. To impersonate or attempt to impersonate Company, a Company employee, another\\nuser, or any other person or entity. e. In any way that infringes upon the rights of others, or in any way is\\nillegal, threatening, fraudulent, or harmful, or in connection with any\\nunlawful, illegal, fraudulent, or harmful purpose or activity. f. To engage in any other conduct that restricts or inhibits anyone’s use or\\nenjoyment of Service, or which, as determined by us, may harm or offend Company\\nor users of Service or expose them to liability. Additionally, you agree not to: a. Use Service in any manner that could disable, overburden, damage, or impair\\nService or interfere with any other party’s use of Service, including their\\nability to engage in real time activities through Service. b. Use any robot, spider, or other automatic device, process, or means to access\\nService for any purpose, including monitoring or copying any of the material on\\nService. c. Use any manual process to monitor or copy any of the material on Service or\\nfor any other unauthorized purpose without our prior written consent. d. Use any device, software, or routine that interferes with the proper working\\nof Service. e. Introduce any viruses, trojan horses, worms, logic bombs, or other material\\nwhich is malicious or technologically harmful. f. Attempt to gain unauthorized access to, interfere with, damage, or disrupt\\nany parts of Service, the server on which Service is stored, or any server,\\ncomputer, or database connected to Service. g. Attack Service via a denial-of-service attack or a distributed\\ndenial-of-service attack. h. Take any action that may damage or falsify Company rating. i. Otherwise attempt to interfere with the proper working of Service. Service is intended only for access and use by individuals at least eighteen\\n(18) years old. By accessing or using any of Company, you warrant and represent\\nthat you are at least eighteen (18) years of age and with the full authority,\\nright, and capacity to enter into this agreement and abide by all of the terms\\nand conditions of Terms. If you are not at least eighteen (18) years old, you\\nare prohibited from both the access and usage of Service. When you create an account with us, you guarantee that you are above the age of\\n18, and that the information you provide us is accurate, complete, and current\\nat all times. Inaccurate, incomplete, or obsolete information may result in the\\nimmediate termination of your account on Service. You are responsible for maintaining the confidentiality of your account and\\npassword, including but not limited to the restriction of access to your\\ncomputer and/or account. You agree to accept responsibility for any and all\\nactivities or actions that occur under your account and/or password, whether\\nyour password is with our Service or a third-party service. You must notify us\\nimmediately upon becoming aware of any breach of security or unauthorized use of\\nyour account. You may not use as a username the name of another person or entity or that is\\nnot lawfully available for use, a name or trademark that is subject to any\\nrights of another person or entity other than you, without appropriate\\nauthorization. You may not use as a username any name that is offensive, vulgar\\nor obscene. We reserve the right to refuse service, terminate accounts, remove or edit\\ncontent, or cancel orders in our sole discretion. Service and its original content (excluding Content provided by users), features\\nand functionality are and will remain the exclusive property of PlayForm ltd.\\nand its licensors. Service is protected by copyright, trademark, and other laws\\nof the United States and foreign countries. Our trademarks and trade dress may\\nnot be used in connection with any product or service without the prior written\\nconsent of PlayForm ltd. We respect the intellectual property rights of others. It is our policy to\\nrespond to any claim that Content posted on Service infringes on the copyright\\nor other intellectual property rights (“Infringement”) of any person or\\nentity. If you are a copyright owner, or authorized on behalf of one, and you believe\\nthat the copyrighted work has been copied in a way that constitutes copyright\\ninfringement, please submit your claim via email to dmca@playform.cloud, with\\nthe subject line: “Copyright Infringement” and include in your claim a\\ndetailed description of the alleged Infringement as detailed below, under “DMCA\\nNotice and Procedure for Copyright Infringement Claims” You may be held accountable for damages (including costs and attorneys’ fees)\\nfor misrepresentation or bad-faith claims on the infringement of any Content\\nfound on and/or through Service on your copyright. You may submit a notification pursuant to the Digital Millennium Copyright Act\\n(DMCA) by providing our Copyright Agent with the following information in\\nwriting (see 17 U.S.C 512(c)(3) for further detail): a. an electronic or physical signature of the person authorized to act on behalf\\nof the owner of the copyright’s interest; b. a description of the copyrighted work that you claim has been infringed,\\nincluding the URL (i.e., web page address) of the location where the copyrighted\\nwork exists or a copy of the copyrighted work; c. identification of the URL or other specific location on Service where the\\nmaterial that you claim is infringing is located; d. your address, telephone number, and email address; e. a statement by you that you have a good faith belief that the disputed use is\\nnot authorized by the copyright owner, its agent, or the law; f. a statement by you, made under penalty of perjury, that the above information\\nin your notice is accurate and that you are the copyright owner or authorized to\\nact on the copyright owner’s behalf. You can contact our Copyright Agent via email at dmca@playform.cloud You may provide us either directly at support@playform.cloud or via third party\\nsites and tools with information and feedback concerning errors, suggestions for\\nimprovements, ideas, problems, complaints, and other matters related to our\\nService (“Feedback”). You acknowledge and agree that: a) you shall not retain, acquire or assert any intellectual property right or\\nother right, title or interest in or to the Feedback; b) Company may have development ideas similar to the Feedback; c) Feedback does not contain confidential information or proprietary information\\nfrom you or any third party; and d) Company is not under any obligation of confidentiality with respect to the\\nFeedback. In the event the transfer of the ownership to the Feedback is not\\npossible due to applicable mandatory laws, you grant Company and its affiliates\\nan exclusive, transferable, irrevocable, free-of-charge, sub-licensable,\\nunlimited and perpetual right to use (including copy, modify, create derivative\\nworks, publish, distribute and commercialize) Feedback in any manner and for any\\npurpose. Our Service may contain links to third party web sites or services that are not\\nowned or controlled by PlayForm ltd. PlayForm ltd. has no control over, and assumes no responsibility for the\\ncontent, privacy policies, or practices of any third-party web sites or\\nservices. We do not warrant the offerings of any of these entities/individuals\\nor their websites. YOU ACKNOWLEDGE AND AGREE THAT PlayForm ltd. SHALL NOT BE RESPONSIBLE OR LIABLE,\\nDIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY\\nOR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES\\nAVAILABLE ON OR THROUGH ANY SUCH THIRD-PARTY WEB SITES OR SERVICES. WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY\\nTHIRD-PARTY WEB SITES OR SERVICES THAT YOU VISIT. THESE SERVICES ARE PROVIDED BY COMPANY ON AN “AS IS” AND “AS AVAILABLE” BASIS.\\nCOMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,\\nAS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS\\nINCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR\\nCONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK. NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR\\nREPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY,\\nACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING,\\nNEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT\\nTHE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE\\nSERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS\\nWILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE\\nFREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES\\nOR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR\\nEXPECTATIONS. COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED,\\nSTATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF\\nMERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE. THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED\\nUNDER APPLICABLE LAW. EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS,\\nEMPLOYEES, AND AGENTS HARMLESS FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL,\\nOR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES (INCLUDING ATTORNEYS’ FEES AND ALL\\nRELATED COSTS AND EXPENSES OF LITIGATION AND ARBITRATION, OR AT TRIAL OR ON\\nAPPEAL, IF ANY, WHETHER OR NOT LITIGATION OR ARBITRATION IS INSTITUTED), WHETHER\\nIN AN ACTION OF CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, OR ARISING OUT\\nOF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY CLAIM\\nFOR PERSONAL INJURY OR PROPERTY DAMAGE, ARISING FROM THIS AGREEMENT AND ANY\\nVIOLATION BY YOU OF ANY FEDERAL, STATE, OR LOCAL LAWS, STATUTES, RULES, OR\\nREGULATIONS, EVEN IF COMPANY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF\\nSUCH DAMAGE. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE\\nPART OF COMPANY, IT WILL BE LIMITED TO THE AMOUNT PAID FOR THE PRODUCTS AND/OR\\nSERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE\\nDAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE,\\nINCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY\\nNOT APPLY TO YOU. We may terminate or suspend your account and bar access to Service immediately,\\nwithout prior notice or liability, under our sole discretion, for any reason\\nwhatsoever and without limitation, including but not limited to a breach of\\nTerms. If you wish to terminate your account, you may simply discontinue using Service. All provisions of Terms which by their nature should survive termination shall\\nsurvive termination, including, without limitation, ownership provisions,\\nwarranty disclaimers, indemnity and limitations of liability. These Terms shall be governed and construed in accordance with the laws of\\nRepublic of Bulgaria without regard to its conflict of law provisions. Our failure to enforce any right or provision of these Terms will not be\\nconsidered a waiver of those rights. If any provision of these Terms is held to\\nbe invalid or unenforceable by a court, the remaining provisions of these Terms\\nwill remain in effect. These Terms constitute the entire agreement between us\\nregarding our Service and supersede and replace any prior agreements we might\\nhave had between us regarding Service. We reserve the right to withdraw or amend our Service, and any service or\\nmaterial we provide via Service, in our sole discretion without notice. We will\\nnot be liable if for any reason all or any part of Service is unavailable at any\\ntime or for any period. From time to time, we may restrict access to some parts\\nof Service, or the entire Service, to users, including registered users. We may amend Terms at any time by posting the amended terms on this site. It is\\nyour responsibility to review these Terms periodically. Your continued use of the Platform following the posting of revised Terms means\\nthat you accept and agree to the changes. You are expected to check this page\\nfrequently so you are aware of any changes, as they are binding on you. By continuing to access or use our Service after any revisions become effective,\\nyou agree to be bound by the revised terms. If you do not agree to the new\\nterms, you are no longer authorized to use Service. No waiver by Company of any term or condition set forth in Terms shall be deemed\\na further or continuing waiver of such term or condition or a waiver of any\\nother term or condition, and any failure of Company to assert a right or\\nprovision under Terms shall not constitute a waiver of such right or provision. If any provision of Terms is held by a court or other tribunal of competent\\njurisdiction to be invalid, illegal or unenforceable for any reason, such\\nprovision shall be eliminated or limited to the minimum extent such that the\\nremaining provisions of Terms will continue in full force and effect. BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE\\nREAD THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM. Please send your feedback, comments, requests for technical support: By email: support@playform.cloud By phone number: +359876668093. By mail: Delta Business Center, Ring Road N 251, Business Park Sofia. Effective date: 01.12.2016 / January 12th 2016 Welcome to PlayForm ltd. (“Company”, “we”, “our”, “us”)! As you\\nhave just clicked our Terms of Service, please pause, grab a cup of coffee and\\ncarefully read the following pages. It will take you approximately 20 minutes. These Terms of Service (“Terms”, “Terms of Service”) govern your use of\\nour web pages located at https://playform.cloud and our mobile application\\nPlayForm (together or individually “Service”) operated by PlayForm ltd. Our Privacy Policy also governs your use of our Service and explains how we\\ncollect, safeguard and disclose information that results from your use of our\\nweb pages. Please read it here https://playform.cloud/Privacy-Policy. Your agreement with us includes these Terms and our Privacy Policy\\n(“Agreements”). You acknowledge that you have read and understood\\nAgreements, and agree to be bound of them. If you do not agree with (or cannot comply with) Agreements, then you may not\\nuse the Service, but please let us know by emailing at support@playform.cloud so\\nwe can try to find a solution. These Terms apply to all visitors, users and\\nothers who wish to access or use Service. Thank you for being responsible. By creating an Account on our Service, you agree to subscribe to newsletters,\\nmarketing or promotional materials and other information we may send. However,\\nyou may opt out of receiving any, or all, of these communications from us by\\nfollowing the unsubscribe link or by emailing at. If you wish to purchase any product or service made available through Service\\n(“Purchase”), you may be asked to supply certain information relevant to\\nyour Purchase including, without limitation, your credit card number, the\\nexpiration date of your credit card, your billing address, and your shipping\\ninformation. You represent and warrant that: a) you have the legal right to use any credit card(s) or other payment method(s)\\nin connection with any Purchase; and that b) the information you supply to us is true, correct and complete. We may employ the use of third-party services for the purpose of facilitating\\npayment and the completion of Purchases. By submitting your information, you\\ngrant us the right to provide the information to these third parties subject to\\nour Privacy Policy. We reserve the right to refuse or cancel your order at any time for reasons\\nincluding but not limited to: product or service availability, errors in the\\ndescription or price of the product or service, error in your order or other\\nreasons. We reserve the right to refuse or cancel your order if fraud or an unauthorized\\nor illegal transaction is suspected. Any contests, sweepstakes or other promotions (collectively, “Promotions”)\\nmade available through Service may be governed by rules that are separate from\\nthese Terms of Service. If you participate in any Promotions, please review the\\napplicable rules as well as our Privacy Policy. If the rules for a Promotion\\nconflict with these Terms of Service, Promotion rules will apply. Some parts of Service are billed on a subscription basis\\n(“Subscription(s)”). You will be billed in advance on a recurring and\\nperiodic basis (“Billing Cycle”). Billing cycles are set either on a monthly\\nor annual basis, depending on the type of subscription plan you select when\\npurchasing a Subscription. At the end of each Billing Cycle, your Subscription will automatically renew\\nunder the exact same conditions unless you cancel it or PlayForm ltd. cancels\\nit. You may cancel your Subscription renewal either through your online account\\nmanagement page or by contacting PlayForm ltd. customer support team. A valid payment method, including credit card or PayPal, is required to process\\nthe payment for your subscription. You shall provide PlayForm ltd. with accurate\\nand complete billing information including full name, address, state, zip code,\\ntelephone number, and a valid payment method information. By submitting such\\npayment information, you automatically authorize PlayForm ltd. to charge all\\nSubscription fees incurred through your account to any such payment instruments. Should automatic billing fail to occur for any reason, PlayForm ltd. will issue\\nan electronic invoice indicating that you must proceed manually, within a\\ncertain deadline date, with the full payment corresponding to the billing period\\nas indicated on the invoice. PlayForm ltd. may, at its sole discretion, offer a Subscription with a free\\ntrial for a limited period of time (“Free Trial”). You may be required to enter your billing information in order to sign up for\\nFree Trial. If you do enter your billing information when signing up for Free Trial, you\\nwill not be charged by PlayForm ltd. until Free Trial has expired. On the last\\nday of Free Trial period, unless you cancelled your Subscription, you will be\\nautomatically charged the applicable Subscription fees for the type of\\nSubscription you have selected. At any time and without notice, PlayForm ltd. reserves the right to a) modify Terms of Service of Free Trial offer, or b) cancel such Free Trial offer. PlayForm ltd., in its sole discretion and at any time, may modify Subscription\\nfees for the Subscriptions. Any Subscription fee change will become effective at\\nthe end of the then-current Billing Cycle. PlayForm ltd. will provide you with a reasonable prior notice of any change in\\nSubscription fees to give you an opportunity to terminate your Subscription\\nbefore such change becomes effective. Your continued use of Service after Subscription fee change comes into effect\\nconstitutes your agreement to pay the modified Subscription fee amount. We issue refunds for Contracts within fourteen (14) days of the original\\npurchase of the Contract. Our Service allows you to post, link, store, share and otherwise make available\\ncertain information, text, graphics, videos, or other material (“Content”).\\nYou are responsible for Content that you post on or through Service, including\\nits legality, reliability, and appropriateness. By posting Content on or through Service, You represent and warrant that: a) Content is yours (you own it) and/or you have the right to use it and the\\nright to grant us the rights and license as provided in these Terms, and b) that the posting of your Content on or through Service does not violate the\\nprivacy rights, publicity rights, copyrights, contract rights or any other\\nrights of any person or entity. We reserve the right to terminate the account of\\nanyone found to be infringing on a copyright. You retain any and all of your rights to any Content you submit, post or display\\non or through Service and you are responsible for protecting those rights. We\\ntake no responsibility and assume no liability for Content you or any\\nthird-party posts on or through Service. However, by posting Content using\\nService you grant us the right and license to use, modify, publicly perform,\\npublicly display, reproduce, and distribute such Content on and through Service.\\nYou agree that this license includes the right for us to make your Content\\navailable to other users of Service, who may also use your Content subject to\\nthese Terms. PlayForm ltd. has the right but not the obligation to monitor and edit all\\nContent provided by users. In addition, Content found on or through this Service are the property of\\nPlayForm ltd. or used with permission. You may not distribute, modify, transmit,\\nreuse, download, repost, copy, or use said Content, whether in whole or in part,\\nfor commercial purposes or for personal gain, without express advance written\\npermission from us. You may use Service only for lawful purposes and in accordance with Terms. You\\nagree not to use Service: a. In any way that violates any applicable national or international law or\\nregulation. b. For the purpose of exploiting, harming, or attempting to exploit or harm\\nminors in any way by exposing them to inappropriate content or otherwise. c. To transmit, or procure the sending of, any advertising or promotional\\nmaterial, including any “junk mail”, “chain letter,” “spam,” or any other\\nsimilar solicitation. d. To impersonate or attempt to impersonate Company, a Company employee, another\\nuser, or any other person or entity. e. In any way that infringes upon the rights of others, or in any way is\\nillegal, threatening, fraudulent, or harmful, or in connection with any\\nunlawful, illegal, fraudulent, or harmful purpose or activity. f. To engage in any other conduct that restricts or inhibits anyone’s use or\\nenjoyment of Service, or which, as determined by us, may harm or offend Company\\nor users of Service or expose them to liability. Additionally, you agree not to: a. Use Service in any manner that could disable, overburden, damage, or impair\\nService or interfere with any other party’s use of Service, including their\\nability to engage in real time activities through Service. b. Use any robot, spider, or other automatic device, process, or means to access\\nService for any purpose, including monitoring or copying any of the material on\\nService. c. Use any manual process to monitor or copy any of the material on Service or\\nfor any other unauthorized purpose without our prior written consent. d. Use any device, software, or routine that interferes with the proper working\\nof Service. e. Introduce any viruses, trojan horses, worms, logic bombs, or other material\\nwhich is malicious or technologically harmful. f. Attempt to gain unauthorized access to, interfere with, damage, or disrupt\\nany parts of Service, the server on which Service is stored, or any server,\\ncomputer, or database connected to Service. g. Attack Service via a denial-of-service attack or a distributed\\ndenial-of-service attack. h. Take any action that may damage or falsify Company rating. i. Otherwise attempt to interfere with the proper working of Service. Service is intended only for access and use by individuals at least eighteen\\n(18) years old. By accessing or using any of Company, you warrant and represent\\nthat you are at least eighteen (18) years of age and with the full authority,\\nright, and capacity to enter into this agreement and abide by all of the terms\\nand conditions of Terms. If you are not at least eighteen (18) years old, you\\nare prohibited from both the access and usage of Service. When you create an account with us, you guarantee that you are above the age of\\n18, and that the information you provide us is accurate, complete, and current\\nat all times. Inaccurate, incomplete, or obsolete information may result in the\\nimmediate termination of your account on Service. You are responsible for maintaining the confidentiality of your account and\\npassword, including but not limited to the restriction of access to your\\ncomputer and/or account. You agree to accept responsibility for any and all\\nactivities or actions that occur under your account and/or password, whether\\nyour password is with our Service or a third-party service. You must notify us\\nimmediately upon becoming aware of any breach of security or unauthorized use of\\nyour account. You may not use as a username the name of another person or entity or that is\\nnot lawfully available for use, a name or trademark that is subject to any\\nrights of another person or entity other than you, without appropriate\\nauthorization. You may not use as a username any name that is offensive, vulgar\\nor obscene. We reserve the right to refuse service, terminate accounts, remove or edit\\ncontent, or cancel orders in our sole discretion. Service and its original content (excluding Content provided by users), features\\nand functionality are and will remain the exclusive property of PlayForm ltd.\\nand its licensors. Service is protected by copyright, trademark, and other laws\\nof the United States and foreign countries. Our trademarks and trade dress may\\nnot be used in connection with any product or service without the prior written\\nconsent of PlayForm ltd. We respect the intellectual property rights of others. It is our policy to\\nrespond to any claim that Content posted on Service infringes on the copyright\\nor other intellectual property rights (“Infringement”) of any person or\\nentity. If you are a copyright owner, or authorized on behalf of one, and you believe\\nthat the copyrighted work has been copied in a way that constitutes copyright\\ninfringement, please submit your claim via email to dmca@playform.cloud, with\\nthe subject line: “Copyright Infringement” and include in your claim a\\ndetailed description of the alleged Infringement as detailed below, under “DMCA\\nNotice and Procedure for Copyright Infringement Claims” You may be held accountable for damages (including costs and attorneys’ fees)\\nfor misrepresentation or bad-faith claims on the infringement of any Content\\nfound on and/or through Service on your copyright. You may submit a notification pursuant to the Digital Millennium Copyright Act\\n(DMCA) by providing our Copyright Agent with the following information in\\nwriting (see 17 U.S.C 512(c)(3) for further detail): a. an electronic or physical signature of the person authorized to act on behalf\\nof the owner of the copyright’s interest; b. a description of the copyrighted work that you claim has been infringed,\\nincluding the URL (i.e., web page address) of the location where the copyrighted\\nwork exists or a copy of the copyrighted work; c. identification of the URL or other specific location on Service where the\\nmaterial that you claim is infringing is located; d. your address, telephone number, and email address; e. a statement by you that you have a good faith belief that the disputed use is\\nnot authorized by the copyright owner, its agent, or the law; f. a statement by you, made under penalty of perjury, that the above information\\nin your notice is accurate and that you are the copyright owner or authorized to\\nact on the copyright owner’s behalf. You can contact our Copyright Agent via email at dmca@playform.cloud You may provide us either directly at support@playform.cloud or via third party\\nsites and tools with information and feedback concerning errors, suggestions for\\nimprovements, ideas, problems, complaints, and other matters related to our\\nService (“Feedback”). You acknowledge and agree that: a) you shall not retain, acquire or assert any intellectual property right or\\nother right, title or interest in or to the Feedback; b) Company may have development ideas similar to the Feedback; c) Feedback does not contain confidential information or proprietary information\\nfrom you or any third party; and d) Company is not under any obligation of confidentiality with respect to the\\nFeedback. In the event the transfer of the ownership to the Feedback is not\\npossible due to applicable mandatory laws, you grant Company and its affiliates\\nan exclusive, transferable, irrevocable, free-of-charge, sub-licensable,\\nunlimited and perpetual right to use (including copy, modify, create derivative\\nworks, publish, distribute and commercialize) Feedback in any manner and for any\\npurpose. Our Service may contain links to third party web sites or services that are not\\nowned or controlled by PlayForm ltd. PlayForm ltd. has no control over, and assumes no responsibility for the\\ncontent, privacy policies, or practices of any third-party web sites or\\nservices. We do not warrant the offerings of any of these entities/individuals\\nor their websites. YOU ACKNOWLEDGE AND AGREE THAT PlayForm ltd. SHALL NOT BE RESPONSIBLE OR LIABLE,\\nDIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY\\nOR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES\\nAVAILABLE ON OR THROUGH ANY SUCH THIRD-PARTY WEB SITES OR SERVICES. WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY\\nTHIRD-PARTY WEB SITES OR SERVICES THAT YOU VISIT. THESE SERVICES ARE PROVIDED BY COMPANY ON AN “AS IS” AND “AS AVAILABLE” BASIS.\\nCOMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,\\nAS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS\\nINCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR\\nCONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK. NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR\\nREPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY,\\nACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING,\\nNEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT\\nTHE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE\\nSERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS\\nWILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE\\nFREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES\\nOR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR\\nEXPECTATIONS. COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED,\\nSTATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF\\nMERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE. THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED\\nUNDER APPLICABLE LAW. EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS,\\nEMPLOYEES, AND AGENTS HARMLESS FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL,\\nOR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES (INCLUDING ATTORNEYS’ FEES AND ALL\\nRELATED COSTS AND EXPENSES OF LITIGATION AND ARBITRATION, OR AT TRIAL OR ON\\nAPPEAL, IF ANY, WHETHER OR NOT LITIGATION OR ARBITRATION IS INSTITUTED), WHETHER\\nIN AN ACTION OF CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, OR ARISING OUT\\nOF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ANY CLAIM\\nFOR PERSONAL INJURY OR PROPERTY DAMAGE, ARISING FROM THIS AGREEMENT AND ANY\\nVIOLATION BY YOU OF ANY FEDERAL, STATE, OR LOCAL LAWS, STATUTES, RULES, OR\\nREGULATIONS, EVEN IF COMPANY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF\\nSUCH DAMAGE. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE\\nPART OF COMPANY, IT WILL BE LIMITED TO THE AMOUNT PAID FOR THE PRODUCTS AND/OR\\nSERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE\\nDAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE,\\nINCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY\\nNOT APPLY TO YOU. We may terminate or suspend your account and bar access to Service immediately,\\nwithout prior notice or liability, under our sole discretion, for any reason\\nwhatsoever and without limitation, including but not limited to a breach of\\nTerms. If you wish to terminate your account, you may simply discontinue using Service. All provisions of Terms which by their nature should survive termination shall\\nsurvive termination, including, without limitation, ownership provisions,\\nwarranty disclaimers, indemnity and limitations of liability. These Terms shall be governed and construed in accordance with the laws of\\nRepublic of Bulgaria without regard to its conflict of law provisions. Our failure to enforce any right or provision of these Terms will not be\\nconsidered a waiver of those rights. If any provision of these Terms is held to\\nbe invalid or unenforceable by a court, the remaining provisions of these Terms\\nwill remain in effect. These Terms constitute the entire agreement between us\\nregarding our Service and supersede and replace any prior agreements we might\\nhave had between us regarding Service. We reserve the right to withdraw or amend our Service, and any service or\\nmaterial we provide via Service, in our sole discretion without notice. We will\\nnot be liable if for any reason all or any part of Service is unavailable at any\\ntime or for any period. From time to time, we may restrict access to some parts\\nof Service, or the entire Service, to users, including registered users. We may amend Terms at any time by posting the amended terms on this site. It is\\nyour responsibility to review these Terms periodically. Your continued use of the Platform following the posting of revised Terms means\\nthat you accept and agree to the changes. You are expected to check this page\\nfrequently so you are aware of any changes, as they are binding on you. By continuing to access or use our Service after any revisions become effective,\\nyou agree to be bound by the revised terms. If you do not agree to the new\\nterms, you are no longer authorized to use Service. No waiver by Company of any term or condition set forth in Terms shall be deemed\\na further or continuing waiver of such term or condition or a waiver of any\\nother term or condition, and any failure of Company to assert a right or\\nprovision under Terms shall not constitute a waiver of such right or provision. If any provision of Terms is held by a court or other tribunal of competent\\njurisdiction to be invalid, illegal or unenforceable for any reason, such\\nprovision shall be eliminated or limited to the minimum extent such that the\\nremaining provisions of Terms will continue in full force and effect. BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE\\nREAD THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM. Please send your feedback, comments, requests for technical support: By email: support@playform.cloud By phone number: +359876668093. By mail: Delta Business Center, Ring Road N 251, Business Park Sofia.\n\t\t\n\n\t\t\t\t\n\t\t\n\t\n\t\t\t\n\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\n\t\t\t\t\n\t\t\n\t\n\t\t\t\n\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\\n
\\n\\n
\\nPERSONAL DATA PROTECTION POLICY
\\n
\\nLast updated: 02.11.2022 / February 11th 2022\\n
\\n\\n \\nVersion No. and date of the last update: \\n\\n \\n\\nThis policy shall be reviewed annually or each time when the changes in our data processing occur. \\nScope and Definitions
\\n\\n
\\n
\\nThe designated Privacy Manager at PlayForm ltd. is Nikola Hristov\\nNikola@PlayForm.Cloud.\\n
\\n\\n \\nCompetent Supervisory Authority \\nmeans a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. \\n\\n \\nData Breach \\n\\n \\nData Controller \\nmeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. \\n\\n \\nData Processor \\nmeans a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. \\n\\n \\nData Protection Laws \\nmean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). \\n\\n \\nData Subject Request (DSR) \\nmeans any request from the Data Subject and concerning their personal data and/or data subject rights. \\n\\n \\nData Subject \\nmeans a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. \\n\\n \\nPersonal Data \\nmeans any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. \\n\\n \\nProcessing \\nmeans any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. \\n\\n \\nStandard Contractual Clauses \\nmeans the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). \\n\\n \\nThird Party \\nmeans a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. \\n\\n \\n\\nUser \\nmeans a Data Subject who uses our services provided on PlayForm website. \\nData Processing Principles
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\nLegal Grounds and Purposes
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n
\\nIf at least one of the above conditions is not met by PlayForm, the\\nPrivacy Manager must choose and propose a different legal ground for\\nthe processing, such as consent.
\\nWhenever we have such an obligation, we must make sure that:\\n
\\nAccess to Personal Data
\\n\\n
\\n\\n
\\nThird Parties
\\n\\n
\\nInternational Transfers
\\n\\n
\\n\\n
\\n\\n
\\nRights of Data Subjects
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\nNew Data Processing Activities
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\nData Retention
\\n\\n
\\n\\n
\\n\\n
\\nSecurity
\\n\\n
\\nData Breach Response Procedure
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n \\n\\n \\n\\nNikola Hristov \\nBriefed \\n05.25.2018 \\nANNEX 1 TO THE PERSONAL DATA PROTECTION POLICY
\\n
\\nHohenstaufengasse 3
\\n1010 Wien
\\nTel. +43 1 531 15 202525
\\nFax +43 1 531 15 202690
\\nE-mail: dsb@dsb.gv.at
\\nWebSite: https://www.dsb.gv.at
\\nCommissie voor de bescherming van de persoonlijke levenssfeer
\\nRue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
\\nTel. +32 2 274 48 00
\\nFax +32 2 274 48 35
\\nE-mail: commission@privacycommission.be
\\nWebSite: https://www.privacycommission.be
\\n2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
\\nTel. +359 2 915 3580
\\nFax +359 2 915 3525
\\nE-mail: kzld@cpdp.bg
\\nWebSite: https://www.cpdp.bg
\\nArt 29 WP Alternate Member: Ms. Mariya MATEVA
\\nMartićeva 14
\\n10000 Zagreb
\\nTel. +385 1 4609 000
\\nFax +385 1 4609 099
\\nE-mail: azop@azop.hr or info@azop.hr
\\nWebSite: https://www.azop.hr
\\n1 Iasonos Street,
\\n1082 Nicosia
\\nP.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
\\nFax +357 22 304 565
\\nE-mail: commissioner@dataprotection.gov.cy
\\nWebSite: https://www.dataprotection.gov.cy
\\nArt 29 WP Alternate Member: Mr. Constantinos GEORGIADES
\\nUrad pro ochranu osobnich udaju Pplk. Sochora 27
\\n170 00 Prague 7
\\nTel. +420 234 665 111
\\nFax +420 234 665 444
\\nE-mail: posta@uoou.cz
\\nWebSite: https://www.uoou.cz
\\nArt 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the\\nOffice
\\nBorgergade 28, 5
\\n1300 Copenhagen K
\\nTel. +45 33 1932 00
\\nFax +45 33 19 32 18
\\nE-mail: dt@datatilsynet.dk
\\nWebSite: https://www.datatilsynet.dk
\\nArt 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International\\nDivision at the Danish Data Protection Agency (Datatilsynet)
\\nVäike-Ameerika 19
\\n10129 Tallinn
\\nTel. +372 6274 135
\\nFax +372 6274 137
\\nE-mail: info@aki.ee
\\nWebSite: https://www.aki.ee/en
\\nArt 29 WP Alternate Member: Ms. Maarja Kirss
\\nP.O. Box 315
\\nFIN-00181 Helsinki Tel. +358 10 3666 700
\\nFax +358 10 3666 735
\\nE-mail: tietosuoja@om.fi
\\nWebSite: https://www.tietosuoja.fi/en
\\nArt 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
\\n8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
\\nTel. +33 1 53 73 22 22
\\nFax +33 1 53 73 22 00
\\nWebSite: https://www.cnil.fr
\\nArt 29 WP Alternate Member: Ms. Florence RAYNAL
\\nHusarenstraße 30
\\n53117 Bonn
\\nTel. +49 228 997799 0; +49 228 81995 0
\\nFax +49 228 997799 550; +49 228 81995 550
\\nE-mail: poststelle@bfdi.bund.de
\\nWebSite: https://www.bfdi.bund.de
\\nArt 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the\\nfederal states
\\nKifisias Av. 1-3, PC 11523 Ampelokipi Athens
\\nTel. +30 210 6475 600
\\nFax +30 210 6475 628
\\nE-mail: contact@dpa.gr
\\nWebSite: https://www.dpa.gr
\\nArt 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
\\nSzilágyi Erzsébet fasor 22/C H-1125 Budapest
\\nTel. +36 1 3911 400
\\nE-mail: peterfalvi.attila@naih.hu
\\nWebSite: https://www.naih.hu
\\nArt 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National\\nAuthority for Data Protection and Freedom of Information
\\nCanal House Station Road Portarlington Co. Laois
\\nLo-Call: 1890 25 22 31
\\nTel. +353 57 868 4800
\\nFax +353 57 868 4757
\\nE-mail: info@dataprotection.ie
\\nWebSite: https://www.dataprotection.ie
\\nArt 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale\\nSUNDERLAND, Deputy Commissioner
\\nPiazza di Monte Citorio, 121 00186 Roma
\\nTel. +39 06 69677 1
\\nFax +39 06 69677 785
\\nE-mail: garante@garanteprivacy.it
\\nWebSite: https://www.garanteprivacy.it
\\nArt 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per\\nla protezione dei dati personali
\\nBlaumana str. 11/13-15
\\n1011 Riga
\\nTel. +371 6722 3131
\\nFax +371 6722 3556
\\nE-mail: info@dvi.gov.lv
\\nWebSite: https://www.dvi.gov.lv
\\nŽygimantų str. 11-6a 011042 Vilnius
\\nTel. + 370 5 279 14 45
\\nFax +370 5 261 94 94
\\nE-mail: ada@ada.lt
\\nWebSite: https://www.ada.lt
\\nArt 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of\\nComplaints Investigation and International Cooperation Division
\\n1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
\\nFax +352 2610 60 29
\\nE-mail: info@cnpd.lu
\\nWebSite: https://www.cnpd.lu
\\nArt 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
\\nData Protection Commissioner: Mr. Joseph Ebejer
\\n2, Airways House
\\nHigh Street, Sliema SLM 1549 Tel. +356 2328 7100
\\nFax +356 2328 7198
\\nE-mail: commissioner.dataprotection@gov.mt
\\nWebSite: https://idpc.org.mt
\\nArt 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme\\nImplementation
\\nPrins Clauslaan 60
\\nP.O. Box 93374
\\n2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
\\nFax +31 70 888 8501
\\nE-mail: info@autoriteitpersoonsgegevens.nl
\\nWebSite: https://autoriteitpersoonsgegevens.nl/nl
\\nul. Stawki 2
\\n00-193 Warsaw
\\nTel. +48 22 53 10 440
\\nFax +48 22 53 10 441
\\nE-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
\\nWebSite: https://www.giodo.gov.pl
\\nR. de São. Bento, 148-3° 1200-821 Lisboa
\\nTel. +351 21 392 84 00
\\nFax +351 21 397 68 32
\\nE-mail: geral@cnpd.pt
\\nWebSite: https://www.cnpd.pt
\\nArt 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
\\nB-dul Magheru 28-30
\\nSector 1, BUCUREŞTI
\\nTel. +40 21 252 5599
\\nFax +40 21 252 5757
\\nE-mail: anspdcp@dataprotection.ro
\\nWebSite: https://www.dataprotection.ro
\\nArt 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and\\nCommunication Department
\\nHraničná 12
\\n820 07 Bratislava 27
\\nTel.: + 421 2 32 31 32 14
\\nFax: + 421 2 32 31 32 34
\\nE-mail: statny.dozor@pdp.gov.sk
\\nWebSite: https://dataprotection.gov.sk
\\nArt 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
\\nMs. Mojca Prelesnik Zaloška 59
\\n1000 Ljubljana
\\nTel. +386 1 230 9730
\\nFax +386 1 230 9778
\\nE-mail: gp.ip@ip-rs.si
\\nWebSite: https://www.ip-rs.si
\\nC/Jorge Juan, 6
\\n28001 Madrid
\\nTel. +34 91399 6200
\\nFax +34 91455 5699
\\nE-mail: internacional@agpd.es
\\nWebSite: https://www.agpd.es
\\nArt 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
\\nDrottninggatan 29 5th Floor
\\nBox 8114
\\n20 Stockholm
\\nTel. +46 8 657 6100
\\nFax +46 8 652 8652
\\nE-mail: datainspektionen@datainspektionen.se
\\nWebSite: https://www.datainspektionen.se
\\nArt 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
\\nWater Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
\\nE-mail: international.team@ico.org.uk
\\nWebSite: https://ico.org.uk
\\nArt 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
\\nRauðarárstíg 10
\\nReykjavík
\\nTel. +354 510 9600; Fax +354 510 9606
\\nE-mail: postur@personuvernd.is
\\nWebSite: https://www.personuvernd.is
\\nKirchstrasse 8, P.O. Box 684
\\n9490 Vaduz
\\nPrincipality of Liechtenstein Tel. +423 236 6090
\\nE-mail: info.dss@llv.li
\\nWebSite: https://www.datenschutzstelle.li
\\nData Protection Authority: Mr. Bjørn Erik THORN
\\nThe Data Inspectorate
\\nP.O. Box 8177 Dep 0034 Oslo
\\nTel. +47 22 39 69 00; Fax +47 22 42 23 50
\\nE-mail: postkasse@datatilsynet.no
\\nWebSite: https://www.datatilsynet.no
\\nEidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian\\nLobsiger
\\nFeldeggweg 1
\\n3003 Bern
\\nTel. +41 58 462 43 95; Fax +41 58 462 99 96
\\nE-mail: contact20@edoeb.admin.ch
\\nWebSite: https://www.edoeb.admin.chFootnotes
\\n\\n\\n
\\n\\n## Scope and Definitions\\n\\n1. **Scope.** This Personal Data Protection\\n Policy (the “**Policy**”) describes PlayForm ltd. internal rules for\\n personal data processing and protection. The Policy applies to PlayForm\\n ltd., including PlayForm ltd. employees and contractors (“**we**”, “**us**”,\\n “**our**”, “**PlayForm**”). The management of each entity is ultimately\\n responsible for the implementation of this policy, as well as to ensure, at\\n entity level, there are adequate and effective procedures in place for its\\n implementation and ongoing monitoring of its adherence. For the purposes of\\n this Policy, employees and contractors are jointly referred to as the\\n “**employees**”.\\n\\n2. **Privacy Manager.** Privacy Manager is an\\n employee of PlayForm responsible for personal data protection compliance\\n within PlayForm (the “**Privacy Manager**”). The Privacy Manager is in\\n charge of performing the obligations imposed by this Policy and supervising\\n other employees, who subject to this Policy, regarding their adherence to\\n this Policy. The Privacy Manager must be involved in all projects at an\\n early stage in order to take personal data protection aspects into account\\n as early as the planning phase.\\\\\\n The designated Privacy Manager at PlayForm ltd. is Nikola Hristov\\n \\n \\nVersion No. and date of the last update: \\n\\n \\n\\nThis policy shall be reviewed annually or each time when the changes in our data processing occur. \\n\\n
\\n\\n## Data Processing Principles\\n\\n1. PlayForm’s processing activities must be in line with the principles\\n specified in this Section. The Privacy Manager must make sure that\\n PlayForm’s compliance documentation, as well as data processing activities,\\n are compliant with the data protection principles.\\n\\n2. We must process the Personal Data in accordance with the following\\n principles:\\n\\n 1. Lawfully, fairly and in a transparent manner (**lawfulness, fairness and\\n transparency**). We shall always have a legal ground for the processing\\n (described in Section 3 of this Policy), collect the amount of data\\n adequate to the purpose and legal grounds, and we make sure the Data\\n Subjects are aware of the processing;\\n\\n 2. Collected for specified, explicit and legitimate purposes and not\\n further processed in a manner that is incompatible with those purposes\\n (**purpose limitation**). We must not process the Personal Data for the\\n purposes not specified in our compliance documentation without obtaining\\n specific approval of the Privacy Manager;\\n\\n 3. Adequate, relevant and limited to what is necessary for the purposes for\\n which they are processed (**data minimization**). We always make sure\\n the data we collect is not excessive and limited by the strict\\n necessity;\\n\\n 4. Accurate and, where necessary, kept up to date (**accuracy**). We\\n endeavor to delete inaccurate or false data about Data Subjects and make\\n sure we update the data. Data Subjects can ask us for a correction of\\n the Personal Data;\\n\\n 5. Kept in a form which permits identification of Data Subjects for no\\n longer than is necessary for the purposes for which the Personal Data\\n are processed (**storage period limitation**). The storage periods must\\n be limited as prescribed by Data Protection Laws and this Policy; and\\n\\n 6. Process in a manner that ensures appropriate security of the Personal\\n Data, including protection against unauthorized or unlawful processing\\n and accidental loss, destruction or damage, using appropriate technical\\n or organizational measures (**confidentiality, integrity, and\\n availability**).\\n\\n3. **Accountability.**\\n\\n 1. We shall be able to demonstrate our compliance with Data Protection Laws\\n (**accountability principle**). In particular, we must ensure and\\n document all relevant procedures, efforts, internal and external\\n consultations on personal data protection including:\\n\\n - the fact of appointing a person responsible for PlayForm’s data\\n protection compliance;\\n\\n - where necessary, a record of a Data Processing Impact Assessment;\\n\\n - developed and implemented notices, policies, and procedures, such as\\n Privacy Notice, this policy or Data Breach response procedure;\\n\\n - the fact of staff training on compliance with Data Protection laws;\\n and\\n\\n - assessment, implementation, and testing organizational and technical\\n data protection measures.\\n\\n 2. The Privacy Manager must maintain PlayForm’s Records of processing\\n activities, which is an accountability document that describes personal\\n data processing activities of PlayForm, prepared in accordance with Art.\\n 30 of the GDPR (the “**Records of processing activities**”). The Records\\n of processing activities must maintain, at least, the following\\n information about each processing activity:\\n\\n - contact details of PlayForm, the EU Representative, and, where\\n applicable, of the Data Protection Officer;\\n\\n - name of the activity, its purposes and legal basis along with, where\\n applicable, the legitimate interests of PlayForm;\\n\\n - data subjects and personal data categories concerned;\\n\\n - data retention periods;\\n\\n - general description of applicable security measures;\\n\\n - recipients, including joint controllers, processors, and contractors\\n involved, as well as the fact of the international data transfer\\n with the safeguards applied to the transfer;\\n\\n - where applicable, a reference to the Data Processing Impact\\n Assessment;\\n\\n - where applicable, a reference to the record of the data breach\\n occurred involving the personal data;\\n\\n - if PlayForm acts as a data processor, the information to be provided\\n includes the names and contact details of controllers, name and\\n contact details of controller's representative (if applicable),\\n categories of processing (activities), names of third countries or\\n international organizations that personal data are transferred to\\n (if applicable), safeguards for exceptional transfers of personal\\n data to third countries or international organizations (if\\n applicable), and general description of technical and organizational\\n security measures.\\n\\n## Legal Grounds and Purposes\\n\\n1. **Legal grounds.**\\n\\n 1. Each processing activity must have one of the lawful grounds specified\\n in this Section to process the Personal Data. If we do not have any of\\n the described, we cannot collect or further process the Personal Data.\\n\\n 2. If PlayForm is intended to use personal data for other purposes than\\n those specified in the Records of processing activities, the Privacy\\n Manager must evaluate, determine, and, if necessary, collect/record the\\n appropriate legal basis for it.\\n\\n 3. **Performance of the contract**. Where PlayForm has a contract with the\\n Data Subject, e.g., website’s Terms of Use or the employment contract,\\n and the contract requires the provision of personal data from the Data\\n Subject, the applicable legal ground will be the performance of the\\n contract.\\n\\n 4. **Consent**. To process the personal data based on the consent, we must\\n obtain the consent before the Processing and keep the evidence of the\\n consent with the records of Data Subject’s Personal Data. The Privacy\\n Manager must make sure that the consent collected from Data Subjects\\n meet the requirements of Data Protection Laws and this Policy. In\\n particular, the Privacy Manager must make sure that:\\n\\n - the Data Subject must be free to give or refuse to give consent.\\n\\n - the consent is in the form of an active indication from the Data\\n Subject, i.e., the consent checkbox must not be pre-ticked for the\\n user.\\n\\n - the request for the consent clearly articulates the purposes of the\\n processing, and other information specified in Subsection 6.2 is\\n available to the Data Subject.\\n\\n - the Data Subject must be free to give one’s consent or to revoke it.\\n\\n 5. **Legitimate interests**. We have the right to use personal data in our\\n ‘legitimate interests’. The interests can include the purposes that are\\n justified by the nature of our business activities, such as the\\n marketing analysis of personal data. For PlayForm to use legitimate\\n interests as a legal ground for the processing, the Privacy Manager must\\n make sure that:\\n\\n - the legitimate interest in the processing is clearly defined and\\n recorded in the Records of processing activities;\\n\\n - any envisaged risks to Data Subject rights and interests are\\n spotted. The examples of the risks can be found in Subsection 7.2.;\\n\\n - the Data Subjects have reasonable expectations about the processing,\\n and additional protective measures to address the risks are taken;\\n\\n - subject to the conditions of Subsection 6.7 (Right to object against\\n the processing), the Data Subject is provided with the opportunity\\n to opt-out from the processing for the described legitimate\\n interests.\\\\\\n If at least one of the above conditions is not met by PlayForm, the\\n Privacy Manager must choose and propose a different legal ground for\\n the processing, such as consent.\\n\\n 6. **Legal Compliance and Public Interest**. Besides the grounds specified\\n afore, we might be requested by the laws of the European Union or laws\\n of the EU Member State to process Personal Data of our Users. For\\n example, we can be required to collect, analyze, and monitor the\\n information of Users to comply with financial or labor laws.\\\\\\n Whenever we have such an obligation, we must make sure that:\\n\\n - we process personal data strictly in accordance with relevant legal\\n requirements;\\n\\n - we do not use or store the collected Personal Data for other\\n purposes than legal compliance; and\\n\\n - the Data Subjects are properly and timely informed about our\\n obligations, scope, and conditions of personal data processing.\\n\\nImportant: Where PlayForm has the law requirements of another country to process\\npersonal data, the Privacy Manager must propose using another legal ground for\\nthe processing under Data Protection Laws, such as legitimate interests or\\nconsent.\\n\\n## Access to Personal Data\\n\\n1. **Access to Personal Data.**\\n\\n 1. The employees must have access to the personal data on a “need-to-know”\\n basis. The data can be accessed only if it is strictly necessary to\\n perform one of the activities specified in the Records of processing\\n activities. The employees and contractors shall have access to the\\n Personal Data only if they have the necessary credentials for it.\\n\\n 2. Heads of the departments within PlayForm are responsible for their\\n employees’ access and processing of personal data. The heads must\\n maintain the list of employees that are entitled to access and process\\n personal data. The Privacy Manager shall have the right to review the\\n list and, where necessary, request the amendments to meet the\\n requirements of this Policy.\\n\\n 3. Heads of the departments within PlayForm must ensure that the employees\\n under their supervision are aware of the Data Protection Laws and comply\\n with the rules set in this Policy. To make sure our employees are able\\n to comply with the data protection requirements, we must provide them\\n with adequate data protection training.\\n\\n 4. All employees accessing personal data shall keep strict confidentiality\\n regarding the data they access. The employees that access personal data\\n must use only those means (software, premises, etc.) for the processing\\n that were prescribed by PlayForm. The data must not be disclosed or\\n otherwise made available out of the management instructions.\\n\\n 5. The employees within their competence must assist PlayForm’s\\n representatives, including the Privacy Manager, in any efforts regarding\\n compliance with Data Protection Laws and/or this Policy.\\n\\n 6. When an employee detects or believes there is suspicious activity, data\\n breach, non-compliance with Data Protection Laws and/or this Policy, or\\n a DSR was not routed to the competent department within PlayForm, the\\n employee must report such activity to the Privacy Manager.\\n\\n 7. Employees that are unsure about whether they can legitimately process or\\n disclose Personal Data must seek advice from the Privacy Manager before\\n taking any action.\\n\\n 8. Any occasional access to personal data for activities not specified in\\n the Records of processing activities is prohibited. If there is a strict\\n necessity for immediate access, the Privacy Manager must approve the\\n access first.\\n\\n## Third Parties\\n\\n1. Before sharing personal data with any person outside of PlayForm, the\\n Privacy Manager must ensure that this Third Party has an adequate data\\n protection level and provide sufficient data protection guarantees in\\n accordance with Data Protection Laws, including, but not limited to the\\n processorship requirements (Art. 28 of the GDPR) and international transfers\\n compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager\\n must make sure that PlayForm enters into the appropriate data protection\\n contract with the third party.\\n\\n2. An employee can share personal data with third parties only if and to the\\n extent that was directly prescribed by the manager and specified in the\\n Records of processing activities.\\n\\n3. If we are required to delete, change, or stop the processing of the Personal\\n Data, we must ensure that the Third Parties, with whom we shared the\\n Personal Data, will fulfill these obligations accordingly.\\n\\n4. Whenever PlayForm is engaged as a data processor on behalf of another\\n entity, the Privacy Manager must make sure PlayForm complies with the\\n processorship obligation. In particular, the appropriate data processing\\n agreement in accordance with the Data Protection Laws must be in place. The\\n Privacy Manager must supervise the compliance with data processing\\n instructions from the controller, including regarding the scope of\\n processing activities, involvement of sub-processors, international\\n transfers, storage, and further disposal of processed personal data. The\\n personal data processed under the processor role must not be processed for\\n any other purposes than specified in the relevant instructions, agreement or\\n other legal act regulating the relationships with the controller.\\n\\n## International Transfers\\n\\n1. If we have the employees, contractors, corporate affiliates, or Data\\n Processors outside of the EEA, and we transfer Personal Data to them for the\\n processing, the Privacy Manager must make sure PlayForm takes all necessary\\n and appropriate safeguards in accordance with Data Protection Laws.\\n\\n2. The Privacy Manager must assess the safeguards available and propose to the\\n PlayForm’s management the appropriate safeguard for each international\\n transfer. The following regimes apply to the transfers of Personal Data\\n outside of the EU:\\n\\n - where the European Commission decides that the country has an adequate\\n level of personal data protection, the transfer does not require taking\\n additional safeguards. The full list of adequate jurisdictions can be\\n found on the relevant page of the European Commission’s website[^1].\\n\\n - to transfer Personal Data to our contractors or partners (Data\\n Processors or Controllers) in other third countries, we must conclude\\n Standard Contractual Clauses with that party. The draft version along\\n with the guidance can be found on the relevant page of the European\\n Commission’s website[^2];\\n\\n - if we have a corporate affiliate or an entity in other countries, we may\\n choose to adopt Binding Corporate Rules in accordance with Article 47 of\\n the GDPR or an approved code of conduct pursuant to Article 40 of the\\n GDPR;\\n\\n - we also can transfer Personal Data to entities that have an approved\\n certification in accordance with Article 42 of the GDPR, which certifies\\n an appropriate level of company’s data protection.\\n\\n[^1]:\\n https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en;\\n\\n[^2]:\\n https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en;\\n\\n3. As a part of the information obligations, PlayForm must inform the Data\\n Subjects that their Personal Data is being transferred to other countries,\\n as well as provide them with the information about the safeguards used for\\n the transfer. The information obligation is to be performed in accordance\\n with Subsection 6.2.\\n\\n4. In the exceptional cases (the “**Derogation**”), where we cannot apply the\\n safeguards mentioned afore and we need to transfer Personal Data, we must\\n take an explicit consent (active statement) from the Data Subject or it must\\n be strictly necessary for the performance of the contract between us and the\\n Data Subject, or other derogation conditions apply in accordance with the\\n Data Protection Laws. The Privacy Manager must pre-approve any Derogation\\n transfers and document the approved Derogations, as well as the rationale\\n for them.\\n\\n## Rights of Data Subjects\\n\\n1. **Our Responsibilities.**\\n\\n 1. Privacy Manager is ultimately responsible for handing all DSR received\\n by PlayForm. In the case of receiving any outstanding or unusual DSR,\\n the employee must seek advice from the Privacy Manager before taking any\\n action.\\n\\n 2. DSR Team within PlayForm is responsible for handling DSRs from PlayForm\\n Users on a daily basis. The Human Resources department is responsible\\n for handling the DSR from PlayForm employees.\\n\\n 3. All DSRs from the Users must be addressed at and answered from the\\n following e-mail address: dsr@playform.cloud. DSR from the employees can\\n be addressed directly to the HR manager or at dsr@playform.cloud.\\n\\n 4. The responsible employee must answer to the DSR within one (1) month\\n from receiving the request. If complying with the DSR takes more than\\n one month in time, the responsible employee must seek advice from the\\n Privacy Manager and, where necessary, inform the Data Subject about the\\n prolongation of the response term for up to two (2) additional months.\\n\\n 5. The responsible employee must analyze the received DSR for the following\\n criteria:\\n\\n - **Data Subject identification**. Before considering the DSR content,\\n the responsible employee must make sure the Data Subject is the same\\n person he/she claims to be. For this purpose, the connection between\\n the personal data records and the data subject must be established.\\n\\n - **Personal data**. The responsible employee must check whether\\n PlayForm has access to the personal data requested. If PlayForm does\\n not have the personal data under the control, the responsible\\n employee must inform the Data Subject, and, if possible, instruct on\\n the further steps on how to access the data in question;\\n\\n - **Content of the request**. Depending on the content of the DSR, the\\n responsible employee must define the type of the request and check\\n whether it meets the conditions prescribed by this Policy and Data\\n Protection Laws. The types of requests and the respective conditions\\n for each of them can be consulted in Subsections 6.3-6.9. If the\\n request does not meet the described criteria, the responsible\\n employee must refuse to comply with the DSR and inform the Data\\n Subject about the reasons for refusing;\\n\\n - **Free of charge**. Generally, all requests of Data Subjects and\\n exercises of their rights are free of charge. If the responsible\\n employee finds that the Data Subject exercises the rights in an\\n excessive or unfound way (e.g., intended to harm or interrupt\\n PlayForm’s business activities), the employee must seek the advice\\n from the Privacy Manager, and, upon receiving of the latter, may\\n either charge the Data Subject a reasonable fee or refuse to comply\\n with the request;\\n\\n - **Documenting**. Whenever PlayForm receives the DSR, the Privacy\\n Manager must make sure that the data and time, Data Subject, type of\\n the request and the decision made regarding it are well documented.\\n In the case of refusing to comply with the request, the reasons for\\n refusing must be documented as well;\\n\\n - **Recipients**. When addressing the DSR, the Privacy Manager must\\n make sure that all concerned recipients were informed the necessary\\n actions were taken.\\n\\n2. **The right to be informed.**\\n\\n 1. PlayForm must notify each Data Subject about the collection and further\\n processing of the Personal Data.\\n\\n 2. The information to be provided includes: the name and contact details of\\n PlayForm; generic purposes of and the lawful basis for the data\\n collection and further processing; categories of Personal Data\\n collected; recipients/categories of recipients; retention periods;\\n information about data subject rights, including the right to complain\\n to the competent Supervisory Authority; the consequences of the cases\\n where the data is necessary for the contract performance and the Data\\n Subject does not provide the required data; details of the safeguards\\n where personal data is transferred outside the EEA; and any third-party\\n source of the personal data, without specification for the particular\\n case (except if we receive the direct request from the Data Subject).\\n\\n 3. The Users must be informed by the Privacy Policy accessible at\\n PlayForm’s website and provided during the user registration. The\\n employees and contractors must be informed by a standalone employee\\n privacy statement, which explains the details described in p. 6.2.2 in a\\n case-based manner, describing the particular purposes and activities.\\n\\n 4. PlayForm must inform Data Subjects about data processing, including any\\n new processing activity introduced at PlayForm within the following\\n term:\\n\\n - if personal data is collected from the data subject directly, the\\n data subject must be informed at the time we collect Personal Data\\n from the Data Subjects by showing the Data Subject our privacy\\n statement;\\n\\n - if the personal data is collected from other sources: (a) within one\\n month from collecting it; (b) if the personal data are to be used\\n for communication with the data subject, at the latest at the time\\n of the first communication to that data subject; or (c) if a\\n disclosure to another recipient is envisaged, at the latest when the\\n personal data are first disclosed.\\n\\n - upon the request of the Data Subject; and\\n\\n - within one (1) month after any change of our personal data\\n practices, change of the controller of Personal Data or after\\n significant changes in our privacy statements.\\n\\n3. **The right to access the information.**\\n\\n 1. The Data Subject must be provided only with those personal data records\\n specified in the request. If the Data Subject requests access to all\\n personal data concerning her or him, the employee must seek advice from\\n the Privacy Manager first, to make sure all personal data of the Data\\n Subject is mapped and provided.\\n\\n 2. A Data Subject has the right to:\\n\\n - learn if we process the Data Subject’s Personal Data;\\n\\n - obtain disclosure regarding aspects of the processing, including\\n detailed and case-specific information on purposes, categories of\\n Personal Data, recipients/categories of recipients, retention\\n periods, information about one’s rights, details of the relevant\\n safeguards where personal data is transferred outside the EEA, and\\n any third-party source of the personal data; and\\n\\n - obtain a copy of the Personal Data undergoing processing upon the\\n request.\\n\\n4. **The right to verify the Data Subject’s information\\n and seek its rectification.** The information we collect can\\n be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of\\n birth, info on debts, economic activities). If we reveal that the Personal\\n Data is inaccurate or the Data Subject requests us to do so, we must ensure\\n that we correct all mistakes and update the relevant information.\\n\\n5. **The right to restrict processing.**\\n\\n 1. The restriction of processing allows Data Subjects to temporarily stop\\n the use of their information to prevent the possible harm caused by such\\n use.\\n\\n 2. This right applies when the Data Subject:\\n\\n - contests the accuracy of the Personal Data;\\n\\n - believes that we process the Personal Data unlawfully; and\\n\\n - objects against the processing and wants us not to process Personal\\n Data while we are considering the request.\\n\\n 3. In the case of receiving the restriction request, we must not process\\n Personal Data in question for any other purpose than storing it or for\\n legal compliance purposes until the circumstances of restriction cease\\n to exist.\\n\\n6. **The right to withdraw the consent.** For\\n the activities that require consent, the Data Subject can revoke their\\n consent at any time. If the Data Subject revokes the consent, we must record\\n the changes and must not process the Personal Data for consent-based\\n purposes. The withdrawal of consent does not affect the lawfulness of the\\n processing done before the withdrawal.\\n\\n7. **The right to object against the\\n processing.**\\n\\n 1. If we process the information in our legitimate interests, e.g., for\\n direct marketing emails or for our marketing research purposes, the Data\\n Subject can object against the processing.\\n\\n 2. In the case of receiving the objection request case, we must consider\\n Data Subject’s request and, where we do not have compelling interests,\\n stop the processing for the specified purposes. If the personal data is\\n still to be processed for other purposes, the Privacy Manager must make\\n sure that the database has a record that the data cannot be further\\n processed for the objected activities.\\n\\n 3. The objection request can be refused only if the personal data in\\n question is used for scientific/historical research or statistical\\n purposes and was appropriately protected, i.e., by anonymization or\\n pseudonymization techniques.\\n\\n8. **Right to erasure/to be forgotten.**\\n\\n 1. The Data Subjects have the right to request us to erase their Personal\\n Data if one of the following conditions are met:\\n\\n - Personal Data is no longer necessary for the purposes of collection.\\n For example, a user has provided personal data for a one-time\\n activity, such as data validation or participation in a contest, and\\n the purpose is already fulfilled;\\n\\n - the Data Subject revokes one’s consent or objects to the processing\\n (where applicable) and there is no other legal ground for the\\n processing; or\\n\\n - we process the Personal Data unlawfully or its erasure is required\\n by the applicable legislation of the European Union or one of the\\n Member countries of the European Union.\\n\\n 2. Conditions, under which we have the right to refuse the erasure:\\n\\n - Personal Data is processed for scientific/historical research or\\n statistical purposes and is appropriately protected, i.e.,\\n pseudonymized or anonymized;\\n\\n - Personal Data is still necessary for legal compliance (e.g.,\\n financial or labor laws compliance).\\n\\n 3. Only those personal data records must be deleted that were specified in\\n the request. If the Data Subject requests the deletion of all personal\\n data concerning her or him, the employee must seek advice from the\\n Privacy Manager first, to make sure all the data about the Data Subject\\n is mapped and can be deleted.\\n\\n 4. If the User still has an account with us and requests the erasure of\\n information necessary for maintaining the account, we must inform the\\n User that the erasure will affect user experience or can lead to the\\n closure of the account.\\n\\n9. **Data portability.**\\n\\n 1. Data Subjects can ask us to transfer all the Personal Data and/or its\\n part in a machine-readable format to a third party. This right applies\\n in two cases:\\n\\n - personal data was collected for the purpose of provision of our\\n services (performance of the contract); or\\n\\n - collected based on consent.\\n\\n 2. To determine whether one of the p.6.9.1 conditions are met, the employee\\n must seek advice from the Privacy Manager and check the applicable legal\\n basis in the Records of processing activities. If the answer is\\n negative, the request can be refused by PlayForm, and the Privacy\\n Manager must decide whether to comply with the request on a voluntary\\n basis.\\n\\n 3. To comply with the request, the responsible employee must consolidate\\n requested Personal Data and send the data in the format we are usually\\n working with to the requested organization. The Data Subject must\\n provide the necessary contact details of the organization.\\n\\n## New Data Processing Activities\\n\\n1. **Notification to Privacy Manager.**\\n\\n 1. Before introducing any new activity that involves the processing of\\n personal data, an employee responsible for its implementation must\\n inform the Privacy Manager.\\n\\n 2. Upon receiving information about a new activity, Privacy Manager must:\\n\\n - determine whether the data processing impact assessment (DPIA)\\n and/or the consultation with the Supervisory Authority is necessary.\\n If the answer is positive, the Privacy Manager must make sure the\\n DPIA is conducted and/or the Supervisory Authority is consulted in\\n accordance with the requirements of this Section and Data Protection\\n Laws;\\n\\n - determine the legal basis for the processing and, where necessary,\\n take further action for its fixation;\\n\\n - make sure the processing activity is done in accordance with this\\n Policy, other PlayForm’s policies, as well as the Data Protection\\n Laws;\\n\\n - add the processing activity to the Records of processing activities;\\n\\n - amend the privacy information statements and, where necessary,\\n inform the concerned Data Subject accordingly.\\n\\n2. **Data Processing Impact Assessment.**\\n\\n 1. To make sure that our current or prospective processing activities do\\n not/will not violate the Data Subjects’ rights, PlayForm must, where\\n required by Data Protection Laws, conduct the Data Processing Impact\\n Assessment (DPIA), a risk-based assessment of the processing and search\\n for the measures to mitigate the risks. The Privacy Manager must make\\n sure the DPIA is conducted in accordance with this Section.\\n\\n 2. The Privacy Manager, where necessary, involving the competent employees\\n and/or external advisors, must conduct a DPIA if at least one of the\\n following conditions are met:\\n\\n - the processing involves the use of new technologies, such as the\\n Artificial Intelligence, use of connected and autonomous devices,\\n etc. that creates certain legal, economic or similar effects to the\\n Data Subject;\\n\\n - we systematically assess and evaluate personal aspects of the Data\\n Subjects based on automated profiling, assigning the personal\\n score/rate, and create legal or similar effects for the Data Subject\\n by this activity;\\n\\n - we process on a large-scale sensitive data, which includes Personal\\n Data relating to criminal convictions and offences, the data about\\n vulnerable data subjects, the personal data revealing racial or\\n ethnic origin, political opinions, religious or philosophical\\n beliefs, or trade union membership, and the processing of genetic\\n data, biometric data for the purpose of uniquely identifying a\\n natural person, data concerning health or data concerning a natural\\n person’s sex life or sexual orientation;\\n\\n - we collect or process Personal Data from a publicly accessible area\\n or public sources on a large scale, or combine or match two\\n different data sets; and\\n\\n - the Supervisory Authority in its public list requires conducting a\\n DPIA for a certain type of activity we are involved in. The list of\\n processing activities requiring conducting DPIA can be found on the\\n website of each Supervisory Authority.\\n\\n 3. The assessment shall contain at least the following details:\\n\\n - a systematic description of the processing operations and the\\n purposes of the processing, including, where applicable, the\\n legitimate interest pursued by us. The description must include the\\n envisaged data categories and data subjects concerned, the scale of\\n processing activities, such as its frequency, volume, envisaged\\n number of records, etc.; recipients of the data, retention periods\\n and, where applicable, international transfers;\\n\\n - an assessment of the necessity and proportionality of the processing\\n operations in relation to the purposes. The DPIA must explain\\n whether the activity is necessary for the purpose and whether the\\n purpose can be achieved by less intrusive methods;\\n\\n - an assessment of the risks to the rights and freedoms of data\\n subjects, including the rights of Data Subjects regarding their\\n Personal Data.\\n\\n - The examples of risks are the processing which could lead to\\n physical, material or non-material damage, in particular: where the\\n processing may give rise to discrimination, identity theft or fraud,\\n financial loss, damage to the reputation, loss of confidentiality of\\n personal data protected by professional secrecy, unauthorized\\n reversal of pseudonymization, or any other significant economic or\\n social disadvantage; where data subjects might be deprived of their\\n rights and freedoms or prevented from exercising control over their\\n personal data; where personal data are processed which reveal racial\\n or ethnic origin, political opinions, religion or philosophical\\n beliefs, trade union membership, and the processing of genetic data,\\n data concerning health or data concerning sex life or criminal\\n convictions and offences or related security measures; where\\n personal aspects are evaluated, in particular analyzing or\\n predicting aspects concerning performance at work, economic\\n situation, health, personal preferences or interests, reliability or\\n behavior, location or movements, in order to create or use personal\\n profiles; where personal data of vulnerable natural persons, in\\n particular of children, are processed; or where processing involves\\n a large amount of personal data and affects a large number of data\\n subjects; and\\n\\n - the measures to address the risks, including safeguards, security\\n measures, and mechanisms to ensure the protection of personal data\\n and to demonstrate compliance with this Regulation.\\n\\n 4. Where the DPIA did not provide how to effectively address the risks, the\\n Privacy Manager must initiate the consultation with the competent\\n Supervisory Authority to receive help with searching for the solution.\\n In this case, PlayForm must not conduct the activity before the\\n Supervisory Authority approves the processing activity in question.\\n\\n## Data Retention\\n\\n1. **General Rule.**\\n\\n 1. The Privacy Manager must make sure that PlayForm clearly defined the\\n data storage periods and/or criteria for determining the storage periods\\n for each processing activity it has. The periods for each processing\\n activity must be specified in the Records of processing activities.\\n\\n 2. Each department within PlayForm must comply with the data storage\\n periods in accordance with the retention schedule provided in Records of\\n processing activities. The Privacy Manager must supervise each\\n department and make sure they comply with this requirement.\\n\\n 3. After the storage period ends, the personal data must be removed from\\n the disposal of the department responsible for the processing or, in\\n cases where the data is not needed for any other purposes, destroyed\\n completely, including from back-up copies and other media.\\n\\n 4. Whenever the storage period for a processing activity has ended, but the\\n personal data processed is necessary for other processing purposes, the\\n department manager must make sure that the personal data is not used for\\n the ceased processing activity, and the responsible employees do not\\n have the access to it unless required for any other activity.\\n\\n2. **Exemptions.** The rules specified in\\n Subsection 8.1 have the following exceptions:\\n\\n 1. **Business needs**. Data retention periods can be prolonged, but no\\n longer than 60 days, in the case that the data deletion will interrupt\\n or harm our ongoing business. The Privacy Manager must approve any\\n unforeseen prolongation;\\n\\n 2. **Technical impossibility**. Some information is technically impossible\\n or disproportionally difficult to delete. For example, deletion of the\\n information may lead to breach of system integrity, or it is impossible\\n to delete the information from the backup copies. In such a case, the\\n information can be further stored, subject to the approval by the\\n Privacy Manager and making respective amendments to the Records of\\n processing activities; and\\n\\n 3. **Anonymization**. The Personal Data can be further processed for any\\n purposes (e.g., marketing) if we fully anonymize these data after the\\n retention period is expired. This means that all personal identifiers\\n and connections to them will be deleted from the data. To consider\\n Personal Data anonymous, it must be impossible to reidentify the Data\\n Subject from the data set.\\n\\n## Security\\n\\n1. Each department within PlayForm shall take all appropriate technical and\\n organizational measures that protect against unauthorized, unlawful, and/or\\n accidental access, destruction, modification, blocking, copying,\\n distribution, as well as from other illegal actions of unauthorized persons\\n regarding the personal data under their responsibility.\\n\\n2. The employee responsible for the supervision after the security of personal\\n data within PlayForm shall be DSR Officer. This person implements the\\n guidelines and other specifications on data protection and information\\n security in his area of responsibility. He/she advises PlayForm management\\n on the planning and implementation of information security in PlayForm, and\\n must be involved in all projects at an early stage in order to take\\n security-related aspects into account as early as the planning phase.\\n\\n## Data Breach Response Procedure\\n\\n1. **Response Team.**\\n\\n 1. In case of revealing the Data Breach, CEO of PlayForm shall urgently\\n form the Data Breach Response Team (the “**Response Team**”), which will\\n handle the Data Breach, notify the appropriate persons, and mitigate its\\n risks.\\n\\n 2. The Response Team must be а multi-disciplinary group headed by CEO of\\n PlayForm and comprised of the Privacy Manager, privacy laws specialist\\n (whether internal or external), and knowledgeable and skilled\\n information security specialists within PlayForm or outsourcing\\n professionals, if necessary. The team must ensure that all employees and\\n engaged contractors/processors adhere to this Policy and provide an\\n immediate, effective, and skillful response to any suspected/alleged or\\n actual Data Breach affecting PlayForm.\\n\\n 3. The potential members of the Response Team must be prepared to respond\\n to а Data Breach. The Response Team shall perform all the\\n responsibilities of PlayForm mentioned in this Policy. The duties of the\\n Response Team are:\\n\\n - to communicate the Data Breach to the competent Supervisory\\n Authority(-ies);\\n\\n - in case of high risk to the rights and freedoms of Data Subjects, to\\n communicate the Data Breach to the Data Subject;\\n\\n - if PlayForm obtain data from any third party as a processor, and a\\n Data Breach involves obtained data, to inform the third parties\\n about the Data Breach;\\n\\n - to communicate PlayForm’s contractors or any other third parties\\n that process the Personal Data involved in the Data Breach; and\\n\\n - to take all appropriate technical and organizational measures to\\n cease the Data Breach and mitigate its consequences;\\n\\n - to record the fact of the Data Breach in the Records of processing\\n activities and file an internal data breach report that describes\\n the event.\\n\\n 4. The Response Team shall perform its duties until all the necessary\\n measures required by this Policy are taken.\\n\\n2. **Notification to Supervisory Authority.**\\n\\n 1. PlayForm shall inform the Competent Supervisory Authority about the Data\\n Breach without undue delay and, where it is possible, not later than 72\\n hours after having become aware of the Data Breach.\\n\\n 2. The Competent Supervisory Authority shall be determined by the residence\\n of the Data Subjects, whose information was involved in the Data Breach.\\n If the Data Breach concerns the Personal Data of Data Subjects from more\\n than one country, PlayForm shall inform all Competent Supervisory\\n Authorities.\\n\\n 3. To address the notification to the authority, the Response Team should\\n use Annex 1 to this Policy. Annex 1 contains all the necessary contact\\n information of the EU supervisory authorities. If the Data Breach\\n concerns Data Subjects from other than the EU countries, the Response\\n Team shall ask a competent privacy specialist for advice.\\n\\n 4. The notification to the Competent Supervisory Authority shall contain,\\n at least, following information:\\n\\n - **the nature of the Data Breach** including where possible, the\\n categories and an approximate number of Data Subjects and Personal\\n Data records concerned;\\n\\n - the name and contact details of the **Response Team, Privacy Manager\\n or, if not applicable, of the CEO**;\\n\\n - the likely consequences of the Data Breach. Explain PlayForm’s point\\n of view on the purposes and possible further risks of the Data\\n Breach. E.g., the Personal Data may be stolen for the further\\n **sale, fraud activities or blackmailing the concerned Data\\n Subjects**; and\\n\\n - **the measures taken or proposed** to be taken by PlayForm to\\n address the Data Breach, including, where appropriate, measures to\\n mitigate its possible adverse effects.\\n\\n 5. To file a notification, the Response Team should use PlayForm’s Data\\n Breach Notification Form to the Supervisory Authority.\\n\\n3. **Notifications to Data Subjects.**\\n\\n 1. When the Data Breach is likely to result in a high risk to the rights\\n and freedoms of Data Subjects (e.g., stealing of funds, assets,\\n proprietary information), we must also communicate the Data Breach to\\n the concerned Data Subjects without undue delay. The Privacy Manager\\n must determine if there is a high risk based on the risk factors\\n specified in Subsection 7.2.3 of this Policy.\\n\\n 2. The notification shall contain the following information:\\n\\n - description of the Data Breach - what happened and what led to the\\n Data Breach, such as **a security breach, employee’s negligence,\\n error in the system work**. If the Response Team decided not to\\n disclose the causes of the Data Breach, then this clause must not be\\n mentioned;\\n\\n - the measures taken by PlayForm regarding the Data Breach, including\\n **security measures, internal investigations, and supervisory\\n authority notice**;\\n\\n - recommendations for the concerned Data Subjects how to mitigate\\n risks and possible consequences, such as **guidelines on how to\\n restore access to an account, preventing measures (change of a\\n password)**; and\\n\\n - the contact information of the Response Team or one of its members.\\n\\n 3. The notification to the Data Subjects should be carried out by the\\n **email letter** or, where it is impossible to use the email, by other\\n available means of communication.\\n\\n 4. **Exemptions**. We do not have to send the notification to the Data\\n Subjects if any of the following conditions are met:\\n\\n - PlayForm has implemented appropriate technical and organizational\\n protection measures, and those measures were applied to the Personal\\n Data affected by the Data Breach, in particular, those that leave\\n the Personal Data inaccessible to any person who is not authorized\\n to access it, such as encryption;\\n\\n - PlayForm has taken subsequent measures which ensure that the high\\n risk to the rights and freedoms of Data Subjects referred to in this\\n section is no longer likely to materialize; or\\n\\n - it would involve a disproportionate effort to communicate with every\\n concerned Data Subject. In such a case, there shall instead be a\\n public communication or similar measure whereby the Data Subjects\\n are informed in an equally effective manner.\\n\\nIn the case we apply one of the exemptions, we **must document** the\\ncircumstances, reason for not informing, and actions taken to meet one of the\\nexemptions.\\n\\n4. **Communication with Third Parties.**\\n\\n 1. In the case a Data Breach concerns the Personal Data shared with us or\\n processed by us on behalf of a Third Party, we must also notify the\\n Third Party about it within 24 hours. If we process the Personal Data as\\n a Data Processor, the notification of the Third Party does not exempt us\\n from the duty to mitigate the Data Breach consequences, but we must not\\n inform the Competent Supervisory Authority and Data Subjects.\\n\\n 2. In case of receiving the notification about the Data Breach from the\\n Data Processor or other Third Parties that have access to the Personal\\n Data, CEO of PlayForm shall, in accordance with this Section:\\n\\n - form the Response Team;\\n\\n - request the Third Party to send the information mentioned in\\n Subsections 10.2-3 of this Policy;\\n\\n - where necessary, inform the Competent Supervisory Authority(-ies)\\n and Data Subjects; and\\n\\n - perform other steps of the Data Breach response procedure.\\n\\n**List of Persons Briefed on Personal Data Protection Policy**\\n\\n\\n \\nCompetent Supervisory Authority \\nmeans a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. \\n\\n \\nData Breach \\n\\n \\nData Controller \\nmeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. \\n\\n \\nData Processor \\nmeans a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. \\n\\n \\nData Protection Laws \\nmean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). \\n\\n \\nData Subject Request (DSR) \\nmeans any request from the Data Subject and concerning their personal data and/or data subject rights. \\n\\n \\nData Subject \\nmeans a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. \\n\\n \\nPersonal Data \\nmeans any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. \\n\\n \\nProcessing \\nmeans any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. \\n\\n \\nStandard Contractual Clauses \\nmeans the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). \\n\\n \\nThird Party \\nmeans a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. \\n\\n \\n\\nUser \\nmeans a Data Subject who uses our services provided on PlayForm website. \\n\\n
\\n\\n## ANNEX 1 TO THE PERSONAL DATA PROTECTION POLICY\\n\\n**European National Data Protection Authorities**\\n\\n**Austria**\\n\\nÖsterreichische Datenschutzbehörde\\\\\\nHohenstaufengasse 3\\\\\\n1010 Wien\\\\\\nTel. +43 1 531 15 202525\\\\\\nFax +43 1 531 15 202690\\\\\\nE-mail: dsb@dsb.gv.at\\\\\\nWebSite: https://www.dsb.gv.at\\n\\nArt 29 WP Member: Dr Andrea JELINEK, Director, Österreichische\\nDatenschutzbehörde\\n\\n**Belgium**\\n\\nCommission de la protection de la vie privée\\\\\\nCommissie voor de bescherming van de persoonlijke levenssfeer\\\\\\nRue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel\\\\\\nTel. +32 2 274 48 00\\\\\\nFax +32 2 274 48 35\\\\\\nE-mail: commission@privacycommission.be\\\\\\nWebSite: https://www.privacycommission.be\\n\\nArt 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy\\ncommission\\n\\n**Bulgaria**\\n\\nCommission for Personal Data Protection\\\\\\n2, Prof. Tsvetan Lazarov Blvd. Sofia 1592\\\\\\nTel. +359 2 915 3580\\\\\\nFax +359 2 915 3525\\\\\\nE-mail: kzld@cpdp.bg\\\\\\nWebSite: https://www.cpdp.bg\\n\\nArt 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for\\nPersonal Data Protection\\\\\\nArt 29 WP Alternate Member: Ms. Mariya MATEVA\\n\\n**Croatia**\\n\\nCroatian Personal Data Protection Agency\\\\\\nMartićeva 14\\\\\\n10000 Zagreb\\\\\\nTel. +385 1 4609 000\\\\\\nFax +385 1 4609 099\\\\\\nE-mail: azop@azop.hr or info@azop.hr\\\\\\nWebSite: https://www.azop.hr\\n\\nArt 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection\\nAgency\\n\\n**Cyprus**\\n\\nCommissioner for Personal Data Protection\\\\\\n1 Iasonos Street,\\\\\\n1082 Nicosia\\\\\\nP.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456\\\\\\nFax +357 22 304 565\\\\\\nE-mail: commissioner@dataprotection.gov.cy\\\\\\nWebSite: https://www.dataprotection.gov.cy\\n\\nArt 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU\\\\\\nArt 29 WP Alternate Member: Mr. Constantinos GEORGIADES\\n\\n**Czech Republic**\\n\\nThe Office for Personal Data Protection\\\\\\nUrad pro ochranu osobnich udaju Pplk. Sochora 27\\\\\\n170 00 Prague 7\\\\\\nTel. +420 234 665 111\\\\\\nFax +420 234 665 444\\\\\\nE-mail: posta@uoou.cz\\\\\\nWebSite: https://www.uoou.cz\\n\\nArt 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data\\nProtection\\\\\\nArt 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the\\nOffice\\n\\n**Denmark**\\n\\nDatatilsynet\\\\\\nBorgergade 28, 5\\\\\\n1300 Copenhagen K\\\\\\nTel. +45 33 1932 00\\\\\\nFax +45 33 19 32 18\\\\\\nE-mail: dt@datatilsynet.dk\\\\\\nWebSite: https://www.datatilsynet.dk\\n\\nArt 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection\\nAgency (Datatilsynet)\\\\\\nArt 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International\\nDivision at the Danish Data Protection Agency (Datatilsynet)\\n\\n**Estonia**\\n\\nEstonian Data Protection Inspectorate (Andmekaitse Inspektsioon)\\\\\\nVäike-Ameerika 19\\\\\\n10129 Tallinn\\\\\\nTel. +372 6274 135\\\\\\nFax +372 6274 137\\\\\\nE-mail: info@aki.ee\\\\\\nWebSite: https://www.aki.ee/en\\n\\nArt 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection\\nInspectorate\\\\\\nArt 29 WP Alternate Member: Ms. Maarja Kirss\\n\\n**Finland**\\n\\nOffice of the Data Protection Ombudsman\\\\\\nP.O. Box 315\\\\\\nFIN-00181 Helsinki Tel. +358 10 3666 700\\\\\\nFax +358 10 3666 735\\\\\\nE-mail: tietosuoja@om.fi\\\\\\nWebSite: https://www.tietosuoja.fi/en\\n\\nArt 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection\\nAuthority\\\\\\nArt 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department\\n\\n**France**\\n\\nCommission Nationale de l'Informatique et des Libertés - CNIL\\\\\\n8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02\\\\\\nTel. +33 1 53 73 22 22\\\\\\nFax +33 1 53 73 22 00\\\\\\nWebSite: https://www.cnil.fr\\n\\nArt 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL\\\\\\nArt 29 WP Alternate Member: Ms. Florence RAYNAL\\n\\n**Germany**\\n\\nDie Bundesbeauftragte für den Datenschutz und die Informationsfreiheit\\\\\\nHusarenstraße 30\\\\\\n53117 Bonn\\\\\\nTel. +49 228 997799 0; +49 228 81995 0\\\\\\nFax +49 228 997799 550; +49 228 81995 550\\\\\\nE-mail: poststelle@bfdi.bund.de\\\\\\nWebSite: https://www.bfdi.bund.de\\n\\nThe competence for complaints is split among different data protection\\nsupervisory authorities in Germany.\\n\\nCompetent authorities can be identified according to the list provided under\\n\\nhttps://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html\\n\\nArt 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of\\nInformation\\\\\\nArt 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the\\nfederal states\\n\\n**Greece**\\n\\nHellenic Data Protection Authority\\\\\\nKifisias Av. 1-3, PC 11523 Ampelokipi Athens\\\\\\nTel. +30 210 6475 600\\\\\\nFax +30 210 6475 628\\\\\\nE-mail: contact@dpa.gr\\\\\\nWebSite: https://www.dpa.gr\\n\\nArt 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA\\\\\\nArt 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director\\n\\n**Hungary**\\n\\nNational Authority for Data Protection and Freedom of Information\\\\\\nSzilágyi Erzsébet fasor 22/C H-1125 Budapest\\\\\\nTel. +36 1 3911 400\\\\\\nE-mail: peterfalvi.attila@naih.hu\\\\\\nWebSite: https://www.naih.hu\\n\\nArt 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for\\nData Protection and Freedom of Information\\\\\\nArt 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National\\nAuthority for Data Protection and Freedom of Information\\n\\n**Ireland**\\n\\nData Protection Commissioner\\\\\\nCanal House Station Road Portarlington Co. Laois\\\\\\nLo-Call: 1890 25 22 31\\\\\\nTel. +353 57 868 4800\\\\\\nFax +353 57 868 4757\\\\\\nE-mail: info@dataprotection.ie\\\\\\nWebSite: https://www.dataprotection.ie\\n\\nArt 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner\\\\\\nArt 29 WP Alternate Members: Mr. John O'DWYER, Deputy Commissioner; Mr. Dale\\nSUNDERLAND, Deputy Commissioner\\n\\n**Italy**\\n\\nGarante per la protezione dei dati personali\\\\\\nPiazza di Monte Citorio, 121 00186 Roma\\\\\\nTel. +39 06 69677 1\\\\\\nFax +39 06 69677 785\\\\\\nE-mail: garante@garanteprivacy.it\\\\\\nWebSite: https://www.garanteprivacy.it\\n\\nArt 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei\\ndati personali\\\\\\nArt 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per\\nla protezione dei dati personali\\n\\n**Latvia**\\n\\nData State Inspectorate Director: Ms. Daiga Avdejanova\\\\\\nBlaumana str. 11/13-15\\\\\\n1011 Riga\\\\\\nTel. +371 6722 3131\\\\\\nFax +371 6722 3556\\\\\\nE-mail: info@dvi.gov.lv\\\\\\nWebSite: https://www.dvi.gov.lv\\n\\nArt 29 WP Alternate Member: Ms. Aiga BALODE\\n\\n**Lithuania**\\n\\nState Data Protection\\\\\\nŽygimantų str. 11-6a 011042 Vilnius\\\\\\nTel. + 370 5 279 14 45\\\\\\nFax +370 5 261 94 94\\\\\\nE-mail: ada@ada.lt\\\\\\nWebSite: https://www.ada.lt\\n\\nArt 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data\\nProtection Inspectorate\\\\\\nArt 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of\\nComplaints Investigation and International Cooperation Division\\n\\n**Luxembourg**\\n\\nCommission Nationale pour la Protection des Données\\\\\\n1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1\\\\\\nFax +352 2610 60 29\\\\\\nE-mail: info@cnpd.lu\\\\\\nWebSite: https://www.cnpd.lu\\n\\nArt 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour\\nla Protection des Données\\\\\\nArt 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner\\n\\n**Malta**\\n\\nOffice of the Data Protection Commissioner\\\\\\nData Protection Commissioner: Mr. Joseph Ebejer\\\\\\n2, Airways House\\\\\\nHigh Street, Sliema SLM 1549 Tel. +356 2328 7100\\\\\\nFax +356 2328 7198\\\\\\nE-mail: commissioner.dataprotection@gov.mt\\\\\\nWebSite: https://idpc.org.mt\\n\\nArt 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection\\nCommissioner\\\\\\nArt 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme\\nImplementation\\n\\n**Netherlands**\\n\\nAutoriteit Persoonsgegevens\\\\\\nPrins Clauslaan 60\\\\\\nP.O. Box 93374\\\\\\n2509 AJ Den Haag/The Hague Tel. +31 70 888 8500\\\\\\nFax +31 70 888 8501\\\\\\nE-mail: info@autoriteitpersoonsgegevens.nl\\\\\\nWebSite: https://autoriteitpersoonsgegevens.nl/nl\\n\\nArt 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens\\n\\n**Poland**\\n\\nThe Bureau of the Inspector General for the Protection of Personal Data – GIODO\\\\\\nul. Stawki 2\\\\\\n00-193 Warsaw\\\\\\nTel. +48 22 53 10 440\\\\\\nFax +48 22 53 10 441\\\\\\nE-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl\\\\\\nWebSite: https://www.giodo.gov.pl\\n\\nArt 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection\\nof Personal Data\\n\\n**Portugal**\\n\\nComissão Nacional de Protecção de Dados - CNPD\\\\\\nR. de São. Bento, 148-3° 1200-821 Lisboa\\\\\\nTel. +351 21 392 84 00\\\\\\nFax +351 21 397 68 32\\\\\\nE-mail: geral@cnpd.pt\\\\\\nWebSite: https://www.cnpd.pt\\n\\nArt 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção\\nde Dados\\\\\\nArt 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA\\n\\n**Romania**\\n\\nThe National Supervisory Authority for Personal Data Processing President: Mrs.\\nAncuţa Gianina Opre\\\\\\nB-dul Magheru 28-30\\\\\\nSector 1, BUCUREŞTI\\\\\\nTel. +40 21 252 5599\\\\\\nFax +40 21 252 5757\\\\\\nE-mail: anspdcp@dataprotection.ro\\\\\\nWebSite: https://www.dataprotection.ro\\n\\nArt 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory\\nAuthority for Personal Data Processing\\\\\\nArt 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and\\nCommunication Department\\n\\n**Slovakia**\\n\\nOffice for Personal Data Protection of the Slovak Republic\\\\\\nHraničná 12\\\\\\n820 07 Bratislava 27\\\\\\nTel.: + 421 2 32 31 32 14\\\\\\nFax: + 421 2 32 31 32 34\\\\\\nE-mail: statny.dozor@pdp.gov.sk\\\\\\nWebSite: https://dataprotection.gov.sk\\n\\nArt 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data\\nProtection of the Slovak Republic\\\\\\nArt 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President\\n\\n**Slovenia**\\n\\nInformation Commissioner\\\\\\nMs. Mojca Prelesnik Zaloška 59\\\\\\n1000 Ljubljana\\\\\\nTel. +386 1 230 9730\\\\\\nFax +386 1 230 9778\\\\\\nE-mail: gp.ip@ip-rs.si\\\\\\nWebSite: https://www.ip-rs.si\\n\\nArt 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic\\nof Slovenia\\n\\n**Spain**\\n\\nAgencia de Protección de Datos\\\\\\nC/Jorge Juan, 6\\\\\\n28001 Madrid\\\\\\nTel. +34 91399 6200\\\\\\nFax +34 91455 5699\\\\\\nE-mail: internacional@agpd.es\\\\\\nWebSite: https://www.agpd.es\\n\\nArt 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data\\nProtection Agency\\\\\\nArt 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO\\n\\n**Sweden**\\n\\nDatainspektionen\\\\\\nDrottninggatan 29 5th Floor\\\\\\nBox 8114\\\\\\n20 Stockholm\\\\\\nTel. +46 8 657 6100\\\\\\nFax +46 8 652 8652\\\\\\nE-mail: datainspektionen@datainspektionen.se\\\\\\nWebSite: https://www.datainspektionen.se\\n\\nArt 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data\\nInspection Board\\\\\\nArt 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser\\n\\n**United Kingdom**\\n\\nThe Information Commissioner’s Office\\\\\\nWater Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745\\\\\\nE-mail: international.team@ico.org.uk\\\\\\nWebSite: https://ico.org.uk\\n\\nArt 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner\\\\\\nArt 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner\\n\\n**EUROPEAN FREE TRADE AREA (EFTA)**\\n\\n**Iceland**\\n\\nIcelandic Data Protection Agency\\\\\\nRauðarárstíg 10\\\\\\nReykjavík\\\\\\nTel. +354 510 9600; Fax +354 510 9606\\\\\\nE-mail: postur@personuvernd.is\\\\\\nWebSite: https://www.personuvernd.is\\n\\n**Liechtenstein**\\n\\nData Protection Office\\\\\\nKirchstrasse 8, P.O. Box 684\\\\\\n9490 Vaduz\\\\\\nPrincipality of Liechtenstein Tel. +423 236 6090\\\\\\nE-mail: info.dss@llv.li\\\\\\nWebSite: https://www.datenschutzstelle.li\\n\\n**Norway**\\n\\nDatatilsynet\\\\\\nData Protection Authority: Mr. Bjørn Erik THORN\\\\\\nThe Data Inspectorate\\\\\\nP.O. Box 8177 Dep 0034 Oslo\\\\\\nTel. +47 22 39 69 00; Fax +47 22 42 23 50\\\\\\nE-mail: postkasse@datatilsynet.no\\\\\\nWebSite: https://www.datatilsynet.no\\n\\n**Switzerland**\\n\\nData Protection and Information Commissioner of Switzerland\\\\\\nEidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian\\nLobsiger\\\\\\nFeldeggweg 1\\\\\\n3003 Bern\\\\\\nTel. +41 58 462 43 95; Fax +41 58 462 99 96\\\\\\nE-mail: contact20@edoeb.admin.ch\\\\\\nWebSite: https://www.edoeb.admin.ch\\n\";\n\t\t\t\t}\n\t\t\t\texport function compiledContent() {\n\t\t\t\t\treturn html;\n\t\t\t\t}\n\t\t\t\texport function getHeadings() {\n\t\t\t\t\treturn [{\"depth\":1,\"slug\":\"personal-data-protection-policy\",\"text\":\"PERSONAL DATA PROTECTION POLICY\"},{\"depth\":2,\"slug\":\"scope-and-definitions\",\"text\":\"Scope and Definitions\"},{\"depth\":2,\"slug\":\"data-processing-principles\",\"text\":\"Data Processing Principles\"},{\"depth\":2,\"slug\":\"legal-grounds-and-purposes\",\"text\":\"Legal Grounds and Purposes\"},{\"depth\":2,\"slug\":\"access-to-personal-data\",\"text\":\"Access to Personal Data\"},{\"depth\":2,\"slug\":\"third-parties\",\"text\":\"Third Parties\"},{\"depth\":2,\"slug\":\"international-transfers\",\"text\":\"International Transfers\"},{\"depth\":2,\"slug\":\"rights-of-data-subjects\",\"text\":\"Rights of Data Subjects\"},{\"depth\":2,\"slug\":\"new-data-processing-activities\",\"text\":\"New Data Processing Activities\"},{\"depth\":2,\"slug\":\"data-retention\",\"text\":\"Data Retention\"},{\"depth\":2,\"slug\":\"security\",\"text\":\"Security\"},{\"depth\":2,\"slug\":\"data-breach-response-procedure\",\"text\":\"Data Breach Response Procedure\"},{\"depth\":2,\"slug\":\"annex-1-to-the-personal-data-protection-policy\",\"text\":\"ANNEX 1 TO THE PERSONAL DATA PROTECTION POLICY\"},{\"depth\":2,\"slug\":\"footnote-label\",\"text\":\"Footnotes\"}];\n\t\t\t\t}\n\n\t\t\t\texport const Content = createComponent((result, _props, slots) => {\n\t\t\t\t\tconst { layout, ...content } = frontmatter;\n\t\t\t\t\tcontent.file = file;\n\t\t\t\t\tcontent.url = url;\n\n\t\t\t\t\treturn render`${maybeRenderHead(result)}${unescapeHTML(html)}`;\n\t\t\t\t});\n\t\t\t\texport default Content;\n\t\t\t\t"],"names":["render"],"mappings":";;;;AAKI,MAAM,IAAI,GAAG,6lxEAA6lxE,CAAC;AAC/mxE;AACA,IAAgB,MAAC,WAAW,GAAG,CAAC,OAAO,CAAC,iCAAiC,EAAE;AAC3E,IAAgB,MAAC,IAAI,GAAG,iGAAiG;AACzH,IAAgB,MAAC,GAAG,GAAG,UAAU;AACjC,IAAW,SAAS,UAAU,GAAG;AACjC,KAAK,OAAO,0qoEAA0qoE,CAAC;AACvroE,KAAK;AACL,IAAW,SAAS,eAAe,GAAG;AACtC,KAAK,OAAO,IAAI,CAAC;AACjB,KAAK;AACL,IAAW,SAAS,WAAW,GAAG;AAClC,KAAK,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,iCAAiC,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gCAAgC,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gCAAgC,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gDAAgD,CAAC,MAAM,CAAC,gDAAgD,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;AACzlC,KAAK;AACL;AACA,IAAgB,MAAC,OAAO,GAAG,eAAe,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,KAAK;AACtE,KAAK,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,GAAG,WAAW,CAAC;AAChD,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;AACzB,KAAK,OAAO,CAAC,GAAG,GAAG,GAAG,CAAC;AACvB;AACA,KAAK,OAAOA,cAAM,CAAC,EAAE,eAAe,CAAO,CAAC,CAAC,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpE,KAAK;;;;"}
\ No newline at end of file
+{"version":3,"file":"personal-data-protection-policy_DsgyCblg.mjs","sources":["../../Source/Content/en/personal-data-protection-policy.md"],"sourcesContent":["\n\t\t\t\timport { unescapeHTML, spreadAttributes, createComponent, render, renderComponent, maybeRenderHead } from \"D:/Developer/node_modules/astro/dist/runtime/server/index.js\";\n\t\t\t\timport { AstroError, AstroErrorData } from \"D:/Developer/node_modules/astro/dist/core/errors/index.js\";\n\t\t\t\t\n\n\t\t\t\tconst html = \"\\n \\n\\n \\n\\nNikola Hristov \\nBriefed \\n05.25.2018 \\n\\n
\\n\\n
\\nPERSONAL DATA PROTECTION POLICY
\\n
\\nLast updated: 02.11.2022 / February 11th 2022\\n
\\n\\n \\nVersion No. and date of the last update: \\n\\n \\n\\nThis policy shall be reviewed annually or each time when the changes in our data processing occur. \\nScope and Definitions
\\n\\n
\\n
\\nThe designated Privacy Manager at PlayForm ltd. is Nikola Hristov\\nNikola@PlayForm.Cloud.\\n
\\n\\n \\nCompetent Supervisory Authority \\nmeans a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. \\n\\n \\nData Breach \\n\\n \\nData Controller \\nmeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. \\n\\n \\nData Processor \\nmeans a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. \\n\\n \\nData Protection Laws \\nmean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). \\n\\n \\nData Subject Request (DSR) \\nmeans any request from the Data Subject and concerning their personal data and/or data subject rights. \\n\\n \\nData Subject \\nmeans a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. \\n\\n \\nPersonal Data \\nmeans any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. \\n\\n \\nProcessing \\nmeans any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. \\n\\n \\nStandard Contractual Clauses \\nmeans the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). \\n\\n \\nThird Party \\nmeans a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. \\n\\n \\n\\nUser \\nmeans a Data Subject who uses our services provided on PlayForm website. \\nData Processing Principles
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\nLegal Grounds and Purposes
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n
\\nIf at least one of the above conditions is not met by PlayForm, the\\nPrivacy Manager must choose and propose a different legal ground for\\nthe processing, such as consent.
\\nWhenever we have such an obligation, we must make sure that:\\n
\\nAccess to Personal Data
\\n\\n
\\n\\n
\\nThird Parties
\\n\\n
\\nInternational Transfers
\\n\\n
\\n\\n
\\n\\n
\\nRights of Data Subjects
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\nNew Data Processing Activities
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\nData Retention
\\n\\n
\\n\\n
\\n\\n
\\nSecurity
\\n\\n
\\nData Breach Response Procedure
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n
\\n\\n \\n\\n \\n\\nNikola Hristov \\nBriefed \\n05.25.2018 \\nANNEX 1 TO THE PERSONAL DATA PROTECTION POLICY
\\n
\\nHohenstaufengasse 3
\\n1010 Wien
\\nTel. +43 1 531 15 202525
\\nFax +43 1 531 15 202690
\\nE-mail: dsb@dsb.gv.at
\\nWebSite: https://www.dsb.gv.at
\\nCommissie voor de bescherming van de persoonlijke levenssfeer
\\nRue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel
\\nTel. +32 2 274 48 00
\\nFax +32 2 274 48 35
\\nE-mail: commission@privacycommission.be
\\nWebSite: https://www.privacycommission.be
\\n2, Prof. Tsvetan Lazarov Blvd. Sofia 1592
\\nTel. +359 2 915 3580
\\nFax +359 2 915 3525
\\nE-mail: kzld@cpdp.bg
\\nWebSite: https://www.cpdp.bg
\\nArt 29 WP Alternate Member: Ms. Mariya MATEVA
\\nMartićeva 14
\\n10000 Zagreb
\\nTel. +385 1 4609 000
\\nFax +385 1 4609 099
\\nE-mail: azop@azop.hr or info@azop.hr
\\nWebSite: https://www.azop.hr
\\n1 Iasonos Street,
\\n1082 Nicosia
\\nP.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456
\\nFax +357 22 304 565
\\nE-mail: commissioner@dataprotection.gov.cy
\\nWebSite: https://www.dataprotection.gov.cy
\\nArt 29 WP Alternate Member: Mr. Constantinos GEORGIADES
\\nUrad pro ochranu osobnich udaju Pplk. Sochora 27
\\n170 00 Prague 7
\\nTel. +420 234 665 111
\\nFax +420 234 665 444
\\nE-mail: posta@uoou.cz
\\nWebSite: https://www.uoou.cz
\\nArt 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the\\nOffice
\\nBorgergade 28, 5
\\n1300 Copenhagen K
\\nTel. +45 33 1932 00
\\nFax +45 33 19 32 18
\\nE-mail: dt@datatilsynet.dk
\\nWebSite: https://www.datatilsynet.dk
\\nArt 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International\\nDivision at the Danish Data Protection Agency (Datatilsynet)
\\nVäike-Ameerika 19
\\n10129 Tallinn
\\nTel. +372 6274 135
\\nFax +372 6274 137
\\nE-mail: info@aki.ee
\\nWebSite: https://www.aki.ee/en
\\nArt 29 WP Alternate Member: Ms. Maarja Kirss
\\nP.O. Box 315
\\nFIN-00181 Helsinki Tel. +358 10 3666 700
\\nFax +358 10 3666 735
\\nE-mail: tietosuoja@om.fi
\\nWebSite: https://www.tietosuoja.fi/en
\\nArt 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department
\\n8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
\\nTel. +33 1 53 73 22 22
\\nFax +33 1 53 73 22 00
\\nWebSite: https://www.cnil.fr
\\nArt 29 WP Alternate Member: Ms. Florence RAYNAL
\\nHusarenstraße 30
\\n53117 Bonn
\\nTel. +49 228 997799 0; +49 228 81995 0
\\nFax +49 228 997799 550; +49 228 81995 550
\\nE-mail: poststelle@bfdi.bund.de
\\nWebSite: https://www.bfdi.bund.de
\\nArt 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the\\nfederal states
\\nKifisias Av. 1-3, PC 11523 Ampelokipi Athens
\\nTel. +30 210 6475 600
\\nFax +30 210 6475 628
\\nE-mail: contact@dpa.gr
\\nWebSite: https://www.dpa.gr
\\nArt 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director
\\nSzilágyi Erzsébet fasor 22/C H-1125 Budapest
\\nTel. +36 1 3911 400
\\nE-mail: peterfalvi.attila@naih.hu
\\nWebSite: https://www.naih.hu
\\nArt 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National\\nAuthority for Data Protection and Freedom of Information
\\nCanal House Station Road Portarlington Co. Laois
\\nLo-Call: 1890 25 22 31
\\nTel. +353 57 868 4800
\\nFax +353 57 868 4757
\\nE-mail: info@dataprotection.ie
\\nWebSite: https://www.dataprotection.ie
\\nArt 29 WP Alternate Members: Mr. John O’DWYER, Deputy Commissioner; Mr. Dale\\nSUNDERLAND, Deputy Commissioner
\\nPiazza di Monte Citorio, 121 00186 Roma
\\nTel. +39 06 69677 1
\\nFax +39 06 69677 785
\\nE-mail: garante@garanteprivacy.it
\\nWebSite: https://www.garanteprivacy.it
\\nArt 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per\\nla protezione dei dati personali
\\nBlaumana str. 11/13-15
\\n1011 Riga
\\nTel. +371 6722 3131
\\nFax +371 6722 3556
\\nE-mail: info@dvi.gov.lv
\\nWebSite: https://www.dvi.gov.lv
\\nŽygimantų str. 11-6a 011042 Vilnius
\\nTel. + 370 5 279 14 45
\\nFax +370 5 261 94 94
\\nE-mail: ada@ada.lt
\\nWebSite: https://www.ada.lt
\\nArt 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of\\nComplaints Investigation and International Cooperation Division
\\n1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1
\\nFax +352 2610 60 29
\\nE-mail: info@cnpd.lu
\\nWebSite: https://www.cnpd.lu
\\nArt 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner
\\nData Protection Commissioner: Mr. Joseph Ebejer
\\n2, Airways House
\\nHigh Street, Sliema SLM 1549 Tel. +356 2328 7100
\\nFax +356 2328 7198
\\nE-mail: commissioner.dataprotection@gov.mt
\\nWebSite: https://idpc.org.mt
\\nArt 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme\\nImplementation
\\nPrins Clauslaan 60
\\nP.O. Box 93374
\\n2509 AJ Den Haag/The Hague Tel. +31 70 888 8500
\\nFax +31 70 888 8501
\\nE-mail: info@autoriteitpersoonsgegevens.nl
\\nWebSite: https://autoriteitpersoonsgegevens.nl/nl
\\nul. Stawki 2
\\n00-193 Warsaw
\\nTel. +48 22 53 10 440
\\nFax +48 22 53 10 441
\\nE-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl
\\nWebSite: https://www.giodo.gov.pl
\\nR. de São. Bento, 148-3° 1200-821 Lisboa
\\nTel. +351 21 392 84 00
\\nFax +351 21 397 68 32
\\nE-mail: geral@cnpd.pt
\\nWebSite: https://www.cnpd.pt
\\nArt 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA
\\nB-dul Magheru 28-30
\\nSector 1, BUCUREŞTI
\\nTel. +40 21 252 5599
\\nFax +40 21 252 5757
\\nE-mail: anspdcp@dataprotection.ro
\\nWebSite: https://www.dataprotection.ro
\\nArt 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and\\nCommunication Department
\\nHraničná 12
\\n820 07 Bratislava 27
\\nTel.: + 421 2 32 31 32 14
\\nFax: + 421 2 32 31 32 34
\\nE-mail: statny.dozor@pdp.gov.sk
\\nWebSite: https://dataprotection.gov.sk
\\nArt 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President
\\nMs. Mojca Prelesnik Zaloška 59
\\n1000 Ljubljana
\\nTel. +386 1 230 9730
\\nFax +386 1 230 9778
\\nE-mail: gp.ip@ip-rs.si
\\nWebSite: https://www.ip-rs.si
\\nC/Jorge Juan, 6
\\n28001 Madrid
\\nTel. +34 91399 6200
\\nFax +34 91455 5699
\\nE-mail: internacional@agpd.es
\\nWebSite: https://www.agpd.es
\\nArt 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO
\\nDrottninggatan 29 5th Floor
\\nBox 8114
\\n20 Stockholm
\\nTel. +46 8 657 6100
\\nFax +46 8 652 8652
\\nE-mail: datainspektionen@datainspektionen.se
\\nWebSite: https://www.datainspektionen.se
\\nArt 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser
\\nWater Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745
\\nE-mail: international.team@ico.org.uk
\\nWebSite: https://ico.org.uk
\\nArt 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner
\\nRauðarárstíg 10
\\nReykjavík
\\nTel. +354 510 9600; Fax +354 510 9606
\\nE-mail: postur@personuvernd.is
\\nWebSite: https://www.personuvernd.is
\\nKirchstrasse 8, P.O. Box 684
\\n9490 Vaduz
\\nPrincipality of Liechtenstein Tel. +423 236 6090
\\nE-mail: info.dss@llv.li
\\nWebSite: https://www.datenschutzstelle.li
\\nData Protection Authority: Mr. Bjørn Erik THORN
\\nThe Data Inspectorate
\\nP.O. Box 8177 Dep 0034 Oslo
\\nTel. +47 22 39 69 00; Fax +47 22 42 23 50
\\nE-mail: postkasse@datatilsynet.no
\\nWebSite: https://www.datatilsynet.no
\\nEidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian\\nLobsiger
\\nFeldeggweg 1
\\n3003 Bern
\\nTel. +41 58 462 43 95; Fax +41 58 462 99 96
\\nE-mail: contact20@edoeb.admin.ch
\\nWebSite: https://www.edoeb.admin.chFootnotes
\\n\\n\\n
\\n\\n## Scope and Definitions\\n\\n1. **Scope.** This Personal Data Protection\\n Policy (the “**Policy**”) describes PlayForm ltd. internal rules for\\n personal data processing and protection. The Policy applies to PlayForm\\n ltd., including PlayForm ltd. employees and contractors (“**we**”, “**us**”,\\n “**our**”, “**PlayForm**”). The management of each entity is ultimately\\n responsible for the implementation of this policy, as well as to ensure, at\\n entity level, there are adequate and effective procedures in place for its\\n implementation and ongoing monitoring of its adherence. For the purposes of\\n this Policy, employees and contractors are jointly referred to as the\\n “**employees**”.\\n\\n2. **Privacy Manager.** Privacy Manager is an\\n employee of PlayForm responsible for personal data protection compliance\\n within PlayForm (the “**Privacy Manager**”). The Privacy Manager is in\\n charge of performing the obligations imposed by this Policy and supervising\\n other employees, who subject to this Policy, regarding their adherence to\\n this Policy. The Privacy Manager must be involved in all projects at an\\n early stage in order to take personal data protection aspects into account\\n as early as the planning phase.\\\\\\n The designated Privacy Manager at PlayForm ltd. is Nikola Hristov\\n \\n \\nVersion No. and date of the last update: \\n\\n \\n\\nThis policy shall be reviewed annually or each time when the changes in our data processing occur. \\n\\n
\\n\\n## Data Processing Principles\\n\\n1. PlayForm’s processing activities must be in line with the principles\\n specified in this Section. The Privacy Manager must make sure that\\n PlayForm’s compliance documentation, as well as data processing activities,\\n are compliant with the data protection principles.\\n\\n2. We must process the Personal Data in accordance with the following\\n principles:\\n\\n 1. Lawfully, fairly and in a transparent manner (**lawfulness, fairness and\\n transparency**). We shall always have a legal ground for the processing\\n (described in Section 3 of this Policy), collect the amount of data\\n adequate to the purpose and legal grounds, and we make sure the Data\\n Subjects are aware of the processing;\\n\\n 2. Collected for specified, explicit and legitimate purposes and not\\n further processed in a manner that is incompatible with those purposes\\n (**purpose limitation**). We must not process the Personal Data for the\\n purposes not specified in our compliance documentation without obtaining\\n specific approval of the Privacy Manager;\\n\\n 3. Adequate, relevant and limited to what is necessary for the purposes for\\n which they are processed (**data minimization**). We always make sure\\n the data we collect is not excessive and limited by the strict\\n necessity;\\n\\n 4. Accurate and, where necessary, kept up to date (**accuracy**). We\\n endeavor to delete inaccurate or false data about Data Subjects and make\\n sure we update the data. Data Subjects can ask us for a correction of\\n the Personal Data;\\n\\n 5. Kept in a form which permits identification of Data Subjects for no\\n longer than is necessary for the purposes for which the Personal Data\\n are processed (**storage period limitation**). The storage periods must\\n be limited as prescribed by Data Protection Laws and this Policy; and\\n\\n 6. Process in a manner that ensures appropriate security of the Personal\\n Data, including protection against unauthorized or unlawful processing\\n and accidental loss, destruction or damage, using appropriate technical\\n or organizational measures (**confidentiality, integrity, and\\n availability**).\\n\\n3. **Accountability.**\\n\\n 1. We shall be able to demonstrate our compliance with Data Protection Laws\\n (**accountability principle**). In particular, we must ensure and\\n document all relevant procedures, efforts, internal and external\\n consultations on personal data protection including:\\n\\n - the fact of appointing a person responsible for PlayForm’s data\\n protection compliance;\\n\\n - where necessary, a record of a Data Processing Impact Assessment;\\n\\n - developed and implemented notices, policies, and procedures, such as\\n Privacy Notice, this policy or Data Breach response procedure;\\n\\n - the fact of staff training on compliance with Data Protection laws;\\n and\\n\\n - assessment, implementation, and testing organizational and technical\\n data protection measures.\\n\\n 2. The Privacy Manager must maintain PlayForm’s Records of processing\\n activities, which is an accountability document that describes personal\\n data processing activities of PlayForm, prepared in accordance with Art.\\n 30 of the GDPR (the “**Records of processing activities**”). The Records\\n of processing activities must maintain, at least, the following\\n information about each processing activity:\\n\\n - contact details of PlayForm, the EU Representative, and, where\\n applicable, of the Data Protection Officer;\\n\\n - name of the activity, its purposes and legal basis along with, where\\n applicable, the legitimate interests of PlayForm;\\n\\n - data subjects and personal data categories concerned;\\n\\n - data retention periods;\\n\\n - general description of applicable security measures;\\n\\n - recipients, including joint controllers, processors, and contractors\\n involved, as well as the fact of the international data transfer\\n with the safeguards applied to the transfer;\\n\\n - where applicable, a reference to the Data Processing Impact\\n Assessment;\\n\\n - where applicable, a reference to the record of the data breach\\n occurred involving the personal data;\\n\\n - if PlayForm acts as a data processor, the information to be provided\\n includes the names and contact details of controllers, name and\\n contact details of controller's representative (if applicable),\\n categories of processing (activities), names of third countries or\\n international organizations that personal data are transferred to\\n (if applicable), safeguards for exceptional transfers of personal\\n data to third countries or international organizations (if\\n applicable), and general description of technical and organizational\\n security measures.\\n\\n## Legal Grounds and Purposes\\n\\n1. **Legal grounds.**\\n\\n 1. Each processing activity must have one of the lawful grounds specified\\n in this Section to process the Personal Data. If we do not have any of\\n the described, we cannot collect or further process the Personal Data.\\n\\n 2. If PlayForm is intended to use personal data for other purposes than\\n those specified in the Records of processing activities, the Privacy\\n Manager must evaluate, determine, and, if necessary, collect/record the\\n appropriate legal basis for it.\\n\\n 3. **Performance of the contract**. Where PlayForm has a contract with the\\n Data Subject, e.g., website’s Terms of Use or the employment contract,\\n and the contract requires the provision of personal data from the Data\\n Subject, the applicable legal ground will be the performance of the\\n contract.\\n\\n 4. **Consent**. To process the personal data based on the consent, we must\\n obtain the consent before the Processing and keep the evidence of the\\n consent with the records of Data Subject’s Personal Data. The Privacy\\n Manager must make sure that the consent collected from Data Subjects\\n meet the requirements of Data Protection Laws and this Policy. In\\n particular, the Privacy Manager must make sure that:\\n\\n - the Data Subject must be free to give or refuse to give consent.\\n\\n - the consent is in the form of an active indication from the Data\\n Subject, i.e., the consent checkbox must not be pre-ticked for the\\n user.\\n\\n - the request for the consent clearly articulates the purposes of the\\n processing, and other information specified in Subsection 6.2 is\\n available to the Data Subject.\\n\\n - the Data Subject must be free to give one’s consent or to revoke it.\\n\\n 5. **Legitimate interests**. We have the right to use personal data in our\\n ‘legitimate interests’. The interests can include the purposes that are\\n justified by the nature of our business activities, such as the\\n marketing analysis of personal data. For PlayForm to use legitimate\\n interests as a legal ground for the processing, the Privacy Manager must\\n make sure that:\\n\\n - the legitimate interest in the processing is clearly defined and\\n recorded in the Records of processing activities;\\n\\n - any envisaged risks to Data Subject rights and interests are\\n spotted. The examples of the risks can be found in Subsection 7.2.;\\n\\n - the Data Subjects have reasonable expectations about the processing,\\n and additional protective measures to address the risks are taken;\\n\\n - subject to the conditions of Subsection 6.7 (Right to object against\\n the processing), the Data Subject is provided with the opportunity\\n to opt-out from the processing for the described legitimate\\n interests.\\\\\\n If at least one of the above conditions is not met by PlayForm, the\\n Privacy Manager must choose and propose a different legal ground for\\n the processing, such as consent.\\n\\n 6. **Legal Compliance and Public Interest**. Besides the grounds specified\\n afore, we might be requested by the laws of the European Union or laws\\n of the EU Member State to process Personal Data of our Users. For\\n example, we can be required to collect, analyze, and monitor the\\n information of Users to comply with financial or labor laws.\\\\\\n Whenever we have such an obligation, we must make sure that:\\n\\n - we process personal data strictly in accordance with relevant legal\\n requirements;\\n\\n - we do not use or store the collected Personal Data for other\\n purposes than legal compliance; and\\n\\n - the Data Subjects are properly and timely informed about our\\n obligations, scope, and conditions of personal data processing.\\n\\nImportant: Where PlayForm has the law requirements of another country to process\\npersonal data, the Privacy Manager must propose using another legal ground for\\nthe processing under Data Protection Laws, such as legitimate interests or\\nconsent.\\n\\n## Access to Personal Data\\n\\n1. **Access to Personal Data.**\\n\\n 1. The employees must have access to the personal data on a “need-to-know”\\n basis. The data can be accessed only if it is strictly necessary to\\n perform one of the activities specified in the Records of processing\\n activities. The employees and contractors shall have access to the\\n Personal Data only if they have the necessary credentials for it.\\n\\n 2. Heads of the departments within PlayForm are responsible for their\\n employees’ access and processing of personal data. The heads must\\n maintain the list of employees that are entitled to access and process\\n personal data. The Privacy Manager shall have the right to review the\\n list and, where necessary, request the amendments to meet the\\n requirements of this Policy.\\n\\n 3. Heads of the departments within PlayForm must ensure that the employees\\n under their supervision are aware of the Data Protection Laws and comply\\n with the rules set in this Policy. To make sure our employees are able\\n to comply with the data protection requirements, we must provide them\\n with adequate data protection training.\\n\\n 4. All employees accessing personal data shall keep strict confidentiality\\n regarding the data they access. The employees that access personal data\\n must use only those means (software, premises, etc.) for the processing\\n that were prescribed by PlayForm. The data must not be disclosed or\\n otherwise made available out of the management instructions.\\n\\n 5. The employees within their competence must assist PlayForm’s\\n representatives, including the Privacy Manager, in any efforts regarding\\n compliance with Data Protection Laws and/or this Policy.\\n\\n 6. When an employee detects or believes there is suspicious activity, data\\n breach, non-compliance with Data Protection Laws and/or this Policy, or\\n a DSR was not routed to the competent department within PlayForm, the\\n employee must report such activity to the Privacy Manager.\\n\\n 7. Employees that are unsure about whether they can legitimately process or\\n disclose Personal Data must seek advice from the Privacy Manager before\\n taking any action.\\n\\n 8. Any occasional access to personal data for activities not specified in\\n the Records of processing activities is prohibited. If there is a strict\\n necessity for immediate access, the Privacy Manager must approve the\\n access first.\\n\\n## Third Parties\\n\\n1. Before sharing personal data with any person outside of PlayForm, the\\n Privacy Manager must ensure that this Third Party has an adequate data\\n protection level and provide sufficient data protection guarantees in\\n accordance with Data Protection Laws, including, but not limited to the\\n processorship requirements (Art. 28 of the GDPR) and international transfers\\n compliance (Section 5 of the GDPR). Where necessary, the Privacy Manager\\n must make sure that PlayForm enters into the appropriate data protection\\n contract with the third party.\\n\\n2. An employee can share personal data with third parties only if and to the\\n extent that was directly prescribed by the manager and specified in the\\n Records of processing activities.\\n\\n3. If we are required to delete, change, or stop the processing of the Personal\\n Data, we must ensure that the Third Parties, with whom we shared the\\n Personal Data, will fulfill these obligations accordingly.\\n\\n4. Whenever PlayForm is engaged as a data processor on behalf of another\\n entity, the Privacy Manager must make sure PlayForm complies with the\\n processorship obligation. In particular, the appropriate data processing\\n agreement in accordance with the Data Protection Laws must be in place. The\\n Privacy Manager must supervise the compliance with data processing\\n instructions from the controller, including regarding the scope of\\n processing activities, involvement of sub-processors, international\\n transfers, storage, and further disposal of processed personal data. The\\n personal data processed under the processor role must not be processed for\\n any other purposes than specified in the relevant instructions, agreement or\\n other legal act regulating the relationships with the controller.\\n\\n## International Transfers\\n\\n1. If we have the employees, contractors, corporate affiliates, or Data\\n Processors outside of the EEA, and we transfer Personal Data to them for the\\n processing, the Privacy Manager must make sure PlayForm takes all necessary\\n and appropriate safeguards in accordance with Data Protection Laws.\\n\\n2. The Privacy Manager must assess the safeguards available and propose to the\\n PlayForm’s management the appropriate safeguard for each international\\n transfer. The following regimes apply to the transfers of Personal Data\\n outside of the EU:\\n\\n - where the European Commission decides that the country has an adequate\\n level of personal data protection, the transfer does not require taking\\n additional safeguards. The full list of adequate jurisdictions can be\\n found on the relevant page of the European Commission’s website[^1].\\n\\n - to transfer Personal Data to our contractors or partners (Data\\n Processors or Controllers) in other third countries, we must conclude\\n Standard Contractual Clauses with that party. The draft version along\\n with the guidance can be found on the relevant page of the European\\n Commission’s website[^2];\\n\\n - if we have a corporate affiliate or an entity in other countries, we may\\n choose to adopt Binding Corporate Rules in accordance with Article 47 of\\n the GDPR or an approved code of conduct pursuant to Article 40 of the\\n GDPR;\\n\\n - we also can transfer Personal Data to entities that have an approved\\n certification in accordance with Article 42 of the GDPR, which certifies\\n an appropriate level of company’s data protection.\\n\\n[^1]:\\n https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en;\\n\\n[^2]:\\n https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en;\\n\\n3. As a part of the information obligations, PlayForm must inform the Data\\n Subjects that their Personal Data is being transferred to other countries,\\n as well as provide them with the information about the safeguards used for\\n the transfer. The information obligation is to be performed in accordance\\n with Subsection 6.2.\\n\\n4. In the exceptional cases (the “**Derogation**”), where we cannot apply the\\n safeguards mentioned afore and we need to transfer Personal Data, we must\\n take an explicit consent (active statement) from the Data Subject or it must\\n be strictly necessary for the performance of the contract between us and the\\n Data Subject, or other derogation conditions apply in accordance with the\\n Data Protection Laws. The Privacy Manager must pre-approve any Derogation\\n transfers and document the approved Derogations, as well as the rationale\\n for them.\\n\\n## Rights of Data Subjects\\n\\n1. **Our Responsibilities.**\\n\\n 1. Privacy Manager is ultimately responsible for handing all DSR received\\n by PlayForm. In the case of receiving any outstanding or unusual DSR,\\n the employee must seek advice from the Privacy Manager before taking any\\n action.\\n\\n 2. DSR Team within PlayForm is responsible for handling DSRs from PlayForm\\n Users on a daily basis. The Human Resources department is responsible\\n for handling the DSR from PlayForm employees.\\n\\n 3. All DSRs from the Users must be addressed at and answered from the\\n following e-mail address: dsr@playform.cloud. DSR from the employees can\\n be addressed directly to the HR manager or at dsr@playform.cloud.\\n\\n 4. The responsible employee must answer to the DSR within one (1) month\\n from receiving the request. If complying with the DSR takes more than\\n one month in time, the responsible employee must seek advice from the\\n Privacy Manager and, where necessary, inform the Data Subject about the\\n prolongation of the response term for up to two (2) additional months.\\n\\n 5. The responsible employee must analyze the received DSR for the following\\n criteria:\\n\\n - **Data Subject identification**. Before considering the DSR content,\\n the responsible employee must make sure the Data Subject is the same\\n person he/she claims to be. For this purpose, the connection between\\n the personal data records and the data subject must be established.\\n\\n - **Personal data**. The responsible employee must check whether\\n PlayForm has access to the personal data requested. If PlayForm does\\n not have the personal data under the control, the responsible\\n employee must inform the Data Subject, and, if possible, instruct on\\n the further steps on how to access the data in question;\\n\\n - **Content of the request**. Depending on the content of the DSR, the\\n responsible employee must define the type of the request and check\\n whether it meets the conditions prescribed by this Policy and Data\\n Protection Laws. The types of requests and the respective conditions\\n for each of them can be consulted in Subsections 6.3-6.9. If the\\n request does not meet the described criteria, the responsible\\n employee must refuse to comply with the DSR and inform the Data\\n Subject about the reasons for refusing;\\n\\n - **Free of charge**. Generally, all requests of Data Subjects and\\n exercises of their rights are free of charge. If the responsible\\n employee finds that the Data Subject exercises the rights in an\\n excessive or unfound way (e.g., intended to harm or interrupt\\n PlayForm’s business activities), the employee must seek the advice\\n from the Privacy Manager, and, upon receiving of the latter, may\\n either charge the Data Subject a reasonable fee or refuse to comply\\n with the request;\\n\\n - **Documenting**. Whenever PlayForm receives the DSR, the Privacy\\n Manager must make sure that the data and time, Data Subject, type of\\n the request and the decision made regarding it are well documented.\\n In the case of refusing to comply with the request, the reasons for\\n refusing must be documented as well;\\n\\n - **Recipients**. When addressing the DSR, the Privacy Manager must\\n make sure that all concerned recipients were informed the necessary\\n actions were taken.\\n\\n2. **The right to be informed.**\\n\\n 1. PlayForm must notify each Data Subject about the collection and further\\n processing of the Personal Data.\\n\\n 2. The information to be provided includes: the name and contact details of\\n PlayForm; generic purposes of and the lawful basis for the data\\n collection and further processing; categories of Personal Data\\n collected; recipients/categories of recipients; retention periods;\\n information about data subject rights, including the right to complain\\n to the competent Supervisory Authority; the consequences of the cases\\n where the data is necessary for the contract performance and the Data\\n Subject does not provide the required data; details of the safeguards\\n where personal data is transferred outside the EEA; and any third-party\\n source of the personal data, without specification for the particular\\n case (except if we receive the direct request from the Data Subject).\\n\\n 3. The Users must be informed by the Privacy Policy accessible at\\n PlayForm’s website and provided during the user registration. The\\n employees and contractors must be informed by a standalone employee\\n privacy statement, which explains the details described in p. 6.2.2 in a\\n case-based manner, describing the particular purposes and activities.\\n\\n 4. PlayForm must inform Data Subjects about data processing, including any\\n new processing activity introduced at PlayForm within the following\\n term:\\n\\n - if personal data is collected from the data subject directly, the\\n data subject must be informed at the time we collect Personal Data\\n from the Data Subjects by showing the Data Subject our privacy\\n statement;\\n\\n - if the personal data is collected from other sources: (a) within one\\n month from collecting it; (b) if the personal data are to be used\\n for communication with the data subject, at the latest at the time\\n of the first communication to that data subject; or (c) if a\\n disclosure to another recipient is envisaged, at the latest when the\\n personal data are first disclosed.\\n\\n - upon the request of the Data Subject; and\\n\\n - within one (1) month after any change of our personal data\\n practices, change of the controller of Personal Data or after\\n significant changes in our privacy statements.\\n\\n3. **The right to access the information.**\\n\\n 1. The Data Subject must be provided only with those personal data records\\n specified in the request. If the Data Subject requests access to all\\n personal data concerning her or him, the employee must seek advice from\\n the Privacy Manager first, to make sure all personal data of the Data\\n Subject is mapped and provided.\\n\\n 2. A Data Subject has the right to:\\n\\n - learn if we process the Data Subject’s Personal Data;\\n\\n - obtain disclosure regarding aspects of the processing, including\\n detailed and case-specific information on purposes, categories of\\n Personal Data, recipients/categories of recipients, retention\\n periods, information about one’s rights, details of the relevant\\n safeguards where personal data is transferred outside the EEA, and\\n any third-party source of the personal data; and\\n\\n - obtain a copy of the Personal Data undergoing processing upon the\\n request.\\n\\n4. **The right to verify the Data Subject’s information\\n and seek its rectification.** The information we collect can\\n be/become inaccurate or out-of-date (e.g., mistakes in nationality, date of\\n birth, info on debts, economic activities). If we reveal that the Personal\\n Data is inaccurate or the Data Subject requests us to do so, we must ensure\\n that we correct all mistakes and update the relevant information.\\n\\n5. **The right to restrict processing.**\\n\\n 1. The restriction of processing allows Data Subjects to temporarily stop\\n the use of their information to prevent the possible harm caused by such\\n use.\\n\\n 2. This right applies when the Data Subject:\\n\\n - contests the accuracy of the Personal Data;\\n\\n - believes that we process the Personal Data unlawfully; and\\n\\n - objects against the processing and wants us not to process Personal\\n Data while we are considering the request.\\n\\n 3. In the case of receiving the restriction request, we must not process\\n Personal Data in question for any other purpose than storing it or for\\n legal compliance purposes until the circumstances of restriction cease\\n to exist.\\n\\n6. **The right to withdraw the consent.** For\\n the activities that require consent, the Data Subject can revoke their\\n consent at any time. If the Data Subject revokes the consent, we must record\\n the changes and must not process the Personal Data for consent-based\\n purposes. The withdrawal of consent does not affect the lawfulness of the\\n processing done before the withdrawal.\\n\\n7. **The right to object against the\\n processing.**\\n\\n 1. If we process the information in our legitimate interests, e.g., for\\n direct marketing emails or for our marketing research purposes, the Data\\n Subject can object against the processing.\\n\\n 2. In the case of receiving the objection request case, we must consider\\n Data Subject’s request and, where we do not have compelling interests,\\n stop the processing for the specified purposes. If the personal data is\\n still to be processed for other purposes, the Privacy Manager must make\\n sure that the database has a record that the data cannot be further\\n processed for the objected activities.\\n\\n 3. The objection request can be refused only if the personal data in\\n question is used for scientific/historical research or statistical\\n purposes and was appropriately protected, i.e., by anonymization or\\n pseudonymization techniques.\\n\\n8. **Right to erasure/to be forgotten.**\\n\\n 1. The Data Subjects have the right to request us to erase their Personal\\n Data if one of the following conditions are met:\\n\\n - Personal Data is no longer necessary for the purposes of collection.\\n For example, a user has provided personal data for a one-time\\n activity, such as data validation or participation in a contest, and\\n the purpose is already fulfilled;\\n\\n - the Data Subject revokes one’s consent or objects to the processing\\n (where applicable) and there is no other legal ground for the\\n processing; or\\n\\n - we process the Personal Data unlawfully or its erasure is required\\n by the applicable legislation of the European Union or one of the\\n Member countries of the European Union.\\n\\n 2. Conditions, under which we have the right to refuse the erasure:\\n\\n - Personal Data is processed for scientific/historical research or\\n statistical purposes and is appropriately protected, i.e.,\\n pseudonymized or anonymized;\\n\\n - Personal Data is still necessary for legal compliance (e.g.,\\n financial or labor laws compliance).\\n\\n 3. Only those personal data records must be deleted that were specified in\\n the request. If the Data Subject requests the deletion of all personal\\n data concerning her or him, the employee must seek advice from the\\n Privacy Manager first, to make sure all the data about the Data Subject\\n is mapped and can be deleted.\\n\\n 4. If the User still has an account with us and requests the erasure of\\n information necessary for maintaining the account, we must inform the\\n User that the erasure will affect user experience or can lead to the\\n closure of the account.\\n\\n9. **Data portability.**\\n\\n 1. Data Subjects can ask us to transfer all the Personal Data and/or its\\n part in a machine-readable format to a third party. This right applies\\n in two cases:\\n\\n - personal data was collected for the purpose of provision of our\\n services (performance of the contract); or\\n\\n - collected based on consent.\\n\\n 2. To determine whether one of the p.6.9.1 conditions are met, the employee\\n must seek advice from the Privacy Manager and check the applicable legal\\n basis in the Records of processing activities. If the answer is\\n negative, the request can be refused by PlayForm, and the Privacy\\n Manager must decide whether to comply with the request on a voluntary\\n basis.\\n\\n 3. To comply with the request, the responsible employee must consolidate\\n requested Personal Data and send the data in the format we are usually\\n working with to the requested organization. The Data Subject must\\n provide the necessary contact details of the organization.\\n\\n## New Data Processing Activities\\n\\n1. **Notification to Privacy Manager.**\\n\\n 1. Before introducing any new activity that involves the processing of\\n personal data, an employee responsible for its implementation must\\n inform the Privacy Manager.\\n\\n 2. Upon receiving information about a new activity, Privacy Manager must:\\n\\n - determine whether the data processing impact assessment (DPIA)\\n and/or the consultation with the Supervisory Authority is necessary.\\n If the answer is positive, the Privacy Manager must make sure the\\n DPIA is conducted and/or the Supervisory Authority is consulted in\\n accordance with the requirements of this Section and Data Protection\\n Laws;\\n\\n - determine the legal basis for the processing and, where necessary,\\n take further action for its fixation;\\n\\n - make sure the processing activity is done in accordance with this\\n Policy, other PlayForm’s policies, as well as the Data Protection\\n Laws;\\n\\n - add the processing activity to the Records of processing activities;\\n\\n - amend the privacy information statements and, where necessary,\\n inform the concerned Data Subject accordingly.\\n\\n2. **Data Processing Impact Assessment.**\\n\\n 1. To make sure that our current or prospective processing activities do\\n not/will not violate the Data Subjects’ rights, PlayForm must, where\\n required by Data Protection Laws, conduct the Data Processing Impact\\n Assessment (DPIA), a risk-based assessment of the processing and search\\n for the measures to mitigate the risks. The Privacy Manager must make\\n sure the DPIA is conducted in accordance with this Section.\\n\\n 2. The Privacy Manager, where necessary, involving the competent employees\\n and/or external advisors, must conduct a DPIA if at least one of the\\n following conditions are met:\\n\\n - the processing involves the use of new technologies, such as the\\n Artificial Intelligence, use of connected and autonomous devices,\\n etc. that creates certain legal, economic or similar effects to the\\n Data Subject;\\n\\n - we systematically assess and evaluate personal aspects of the Data\\n Subjects based on automated profiling, assigning the personal\\n score/rate, and create legal or similar effects for the Data Subject\\n by this activity;\\n\\n - we process on a large-scale sensitive data, which includes Personal\\n Data relating to criminal convictions and offences, the data about\\n vulnerable data subjects, the personal data revealing racial or\\n ethnic origin, political opinions, religious or philosophical\\n beliefs, or trade union membership, and the processing of genetic\\n data, biometric data for the purpose of uniquely identifying a\\n natural person, data concerning health or data concerning a natural\\n person’s sex life or sexual orientation;\\n\\n - we collect or process Personal Data from a publicly accessible area\\n or public sources on a large scale, or combine or match two\\n different data sets; and\\n\\n - the Supervisory Authority in its public list requires conducting a\\n DPIA for a certain type of activity we are involved in. The list of\\n processing activities requiring conducting DPIA can be found on the\\n website of each Supervisory Authority.\\n\\n 3. The assessment shall contain at least the following details:\\n\\n - a systematic description of the processing operations and the\\n purposes of the processing, including, where applicable, the\\n legitimate interest pursued by us. The description must include the\\n envisaged data categories and data subjects concerned, the scale of\\n processing activities, such as its frequency, volume, envisaged\\n number of records, etc.; recipients of the data, retention periods\\n and, where applicable, international transfers;\\n\\n - an assessment of the necessity and proportionality of the processing\\n operations in relation to the purposes. The DPIA must explain\\n whether the activity is necessary for the purpose and whether the\\n purpose can be achieved by less intrusive methods;\\n\\n - an assessment of the risks to the rights and freedoms of data\\n subjects, including the rights of Data Subjects regarding their\\n Personal Data.\\n\\n - The examples of risks are the processing which could lead to\\n physical, material or non-material damage, in particular: where the\\n processing may give rise to discrimination, identity theft or fraud,\\n financial loss, damage to the reputation, loss of confidentiality of\\n personal data protected by professional secrecy, unauthorized\\n reversal of pseudonymization, or any other significant economic or\\n social disadvantage; where data subjects might be deprived of their\\n rights and freedoms or prevented from exercising control over their\\n personal data; where personal data are processed which reveal racial\\n or ethnic origin, political opinions, religion or philosophical\\n beliefs, trade union membership, and the processing of genetic data,\\n data concerning health or data concerning sex life or criminal\\n convictions and offences or related security measures; where\\n personal aspects are evaluated, in particular analyzing or\\n predicting aspects concerning performance at work, economic\\n situation, health, personal preferences or interests, reliability or\\n behavior, location or movements, in order to create or use personal\\n profiles; where personal data of vulnerable natural persons, in\\n particular of children, are processed; or where processing involves\\n a large amount of personal data and affects a large number of data\\n subjects; and\\n\\n - the measures to address the risks, including safeguards, security\\n measures, and mechanisms to ensure the protection of personal data\\n and to demonstrate compliance with this Regulation.\\n\\n 4. Where the DPIA did not provide how to effectively address the risks, the\\n Privacy Manager must initiate the consultation with the competent\\n Supervisory Authority to receive help with searching for the solution.\\n In this case, PlayForm must not conduct the activity before the\\n Supervisory Authority approves the processing activity in question.\\n\\n## Data Retention\\n\\n1. **General Rule.**\\n\\n 1. The Privacy Manager must make sure that PlayForm clearly defined the\\n data storage periods and/or criteria for determining the storage periods\\n for each processing activity it has. The periods for each processing\\n activity must be specified in the Records of processing activities.\\n\\n 2. Each department within PlayForm must comply with the data storage\\n periods in accordance with the retention schedule provided in Records of\\n processing activities. The Privacy Manager must supervise each\\n department and make sure they comply with this requirement.\\n\\n 3. After the storage period ends, the personal data must be removed from\\n the disposal of the department responsible for the processing or, in\\n cases where the data is not needed for any other purposes, destroyed\\n completely, including from back-up copies and other media.\\n\\n 4. Whenever the storage period for a processing activity has ended, but the\\n personal data processed is necessary for other processing purposes, the\\n department manager must make sure that the personal data is not used for\\n the ceased processing activity, and the responsible employees do not\\n have the access to it unless required for any other activity.\\n\\n2. **Exemptions.** The rules specified in\\n Subsection 8.1 have the following exceptions:\\n\\n 1. **Business needs**. Data retention periods can be prolonged, but no\\n longer than 60 days, in the case that the data deletion will interrupt\\n or harm our ongoing business. The Privacy Manager must approve any\\n unforeseen prolongation;\\n\\n 2. **Technical impossibility**. Some information is technically impossible\\n or disproportionally difficult to delete. For example, deletion of the\\n information may lead to breach of system integrity, or it is impossible\\n to delete the information from the backup copies. In such a case, the\\n information can be further stored, subject to the approval by the\\n Privacy Manager and making respective amendments to the Records of\\n processing activities; and\\n\\n 3. **Anonymization**. The Personal Data can be further processed for any\\n purposes (e.g., marketing) if we fully anonymize these data after the\\n retention period is expired. This means that all personal identifiers\\n and connections to them will be deleted from the data. To consider\\n Personal Data anonymous, it must be impossible to reidentify the Data\\n Subject from the data set.\\n\\n## Security\\n\\n1. Each department within PlayForm shall take all appropriate technical and\\n organizational measures that protect against unauthorized, unlawful, and/or\\n accidental access, destruction, modification, blocking, copying,\\n distribution, as well as from other illegal actions of unauthorized persons\\n regarding the personal data under their responsibility.\\n\\n2. The employee responsible for the supervision after the security of personal\\n data within PlayForm shall be DSR Officer. This person implements the\\n guidelines and other specifications on data protection and information\\n security in his area of responsibility. He/she advises PlayForm management\\n on the planning and implementation of information security in PlayForm, and\\n must be involved in all projects at an early stage in order to take\\n security-related aspects into account as early as the planning phase.\\n\\n## Data Breach Response Procedure\\n\\n1. **Response Team.**\\n\\n 1. In case of revealing the Data Breach, CEO of PlayForm shall urgently\\n form the Data Breach Response Team (the “**Response Team**”), which will\\n handle the Data Breach, notify the appropriate persons, and mitigate its\\n risks.\\n\\n 2. The Response Team must be а multi-disciplinary group headed by CEO of\\n PlayForm and comprised of the Privacy Manager, privacy laws specialist\\n (whether internal or external), and knowledgeable and skilled\\n information security specialists within PlayForm or outsourcing\\n professionals, if necessary. The team must ensure that all employees and\\n engaged contractors/processors adhere to this Policy and provide an\\n immediate, effective, and skillful response to any suspected/alleged or\\n actual Data Breach affecting PlayForm.\\n\\n 3. The potential members of the Response Team must be prepared to respond\\n to а Data Breach. The Response Team shall perform all the\\n responsibilities of PlayForm mentioned in this Policy. The duties of the\\n Response Team are:\\n\\n - to communicate the Data Breach to the competent Supervisory\\n Authority(-ies);\\n\\n - in case of high risk to the rights and freedoms of Data Subjects, to\\n communicate the Data Breach to the Data Subject;\\n\\n - if PlayForm obtain data from any third party as a processor, and a\\n Data Breach involves obtained data, to inform the third parties\\n about the Data Breach;\\n\\n - to communicate PlayForm’s contractors or any other third parties\\n that process the Personal Data involved in the Data Breach; and\\n\\n - to take all appropriate technical and organizational measures to\\n cease the Data Breach and mitigate its consequences;\\n\\n - to record the fact of the Data Breach in the Records of processing\\n activities and file an internal data breach report that describes\\n the event.\\n\\n 4. The Response Team shall perform its duties until all the necessary\\n measures required by this Policy are taken.\\n\\n2. **Notification to Supervisory Authority.**\\n\\n 1. PlayForm shall inform the Competent Supervisory Authority about the Data\\n Breach without undue delay and, where it is possible, not later than 72\\n hours after having become aware of the Data Breach.\\n\\n 2. The Competent Supervisory Authority shall be determined by the residence\\n of the Data Subjects, whose information was involved in the Data Breach.\\n If the Data Breach concerns the Personal Data of Data Subjects from more\\n than one country, PlayForm shall inform all Competent Supervisory\\n Authorities.\\n\\n 3. To address the notification to the authority, the Response Team should\\n use Annex 1 to this Policy. Annex 1 contains all the necessary contact\\n information of the EU supervisory authorities. If the Data Breach\\n concerns Data Subjects from other than the EU countries, the Response\\n Team shall ask a competent privacy specialist for advice.\\n\\n 4. The notification to the Competent Supervisory Authority shall contain,\\n at least, following information:\\n\\n - **the nature of the Data Breach** including where possible, the\\n categories and an approximate number of Data Subjects and Personal\\n Data records concerned;\\n\\n - the name and contact details of the **Response Team, Privacy Manager\\n or, if not applicable, of the CEO**;\\n\\n - the likely consequences of the Data Breach. Explain PlayForm’s point\\n of view on the purposes and possible further risks of the Data\\n Breach. E.g., the Personal Data may be stolen for the further\\n **sale, fraud activities or blackmailing the concerned Data\\n Subjects**; and\\n\\n - **the measures taken or proposed** to be taken by PlayForm to\\n address the Data Breach, including, where appropriate, measures to\\n mitigate its possible adverse effects.\\n\\n 5. To file a notification, the Response Team should use PlayForm’s Data\\n Breach Notification Form to the Supervisory Authority.\\n\\n3. **Notifications to Data Subjects.**\\n\\n 1. When the Data Breach is likely to result in a high risk to the rights\\n and freedoms of Data Subjects (e.g., stealing of funds, assets,\\n proprietary information), we must also communicate the Data Breach to\\n the concerned Data Subjects without undue delay. The Privacy Manager\\n must determine if there is a high risk based on the risk factors\\n specified in Subsection 7.2.3 of this Policy.\\n\\n 2. The notification shall contain the following information:\\n\\n - description of the Data Breach - what happened and what led to the\\n Data Breach, such as **a security breach, employee’s negligence,\\n error in the system work**. If the Response Team decided not to\\n disclose the causes of the Data Breach, then this clause must not be\\n mentioned;\\n\\n - the measures taken by PlayForm regarding the Data Breach, including\\n **security measures, internal investigations, and supervisory\\n authority notice**;\\n\\n - recommendations for the concerned Data Subjects how to mitigate\\n risks and possible consequences, such as **guidelines on how to\\n restore access to an account, preventing measures (change of a\\n password)**; and\\n\\n - the contact information of the Response Team or one of its members.\\n\\n 3. The notification to the Data Subjects should be carried out by the\\n **email letter** or, where it is impossible to use the email, by other\\n available means of communication.\\n\\n 4. **Exemptions**. We do not have to send the notification to the Data\\n Subjects if any of the following conditions are met:\\n\\n - PlayForm has implemented appropriate technical and organizational\\n protection measures, and those measures were applied to the Personal\\n Data affected by the Data Breach, in particular, those that leave\\n the Personal Data inaccessible to any person who is not authorized\\n to access it, such as encryption;\\n\\n - PlayForm has taken subsequent measures which ensure that the high\\n risk to the rights and freedoms of Data Subjects referred to in this\\n section is no longer likely to materialize; or\\n\\n - it would involve a disproportionate effort to communicate with every\\n concerned Data Subject. In such a case, there shall instead be a\\n public communication or similar measure whereby the Data Subjects\\n are informed in an equally effective manner.\\n\\nIn the case we apply one of the exemptions, we **must document** the\\ncircumstances, reason for not informing, and actions taken to meet one of the\\nexemptions.\\n\\n4. **Communication with Third Parties.**\\n\\n 1. In the case a Data Breach concerns the Personal Data shared with us or\\n processed by us on behalf of a Third Party, we must also notify the\\n Third Party about it within 24 hours. If we process the Personal Data as\\n a Data Processor, the notification of the Third Party does not exempt us\\n from the duty to mitigate the Data Breach consequences, but we must not\\n inform the Competent Supervisory Authority and Data Subjects.\\n\\n 2. In case of receiving the notification about the Data Breach from the\\n Data Processor or other Third Parties that have access to the Personal\\n Data, CEO of PlayForm shall, in accordance with this Section:\\n\\n - form the Response Team;\\n\\n - request the Third Party to send the information mentioned in\\n Subsections 10.2-3 of this Policy;\\n\\n - where necessary, inform the Competent Supervisory Authority(-ies)\\n and Data Subjects; and\\n\\n - perform other steps of the Data Breach response procedure.\\n\\n**List of Persons Briefed on Personal Data Protection Policy**\\n\\n\\n \\nCompetent Supervisory Authority \\nmeans a public authority that is responsible for regulating and supervising personal data protection with regards to activities of PlayForm. \\n\\n \\nData Breach \\n\\n \\nData Controller \\nmeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data. \\n\\n \\nData Processor \\nmeans a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller. \\n\\n \\nData Protection Laws \\nmean any laws and legal rules on personal data use and protection applicable to the activities of PlayForm, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). \\n\\n \\nData Subject Request (DSR) \\nmeans any request from the Data Subject and concerning their personal data and/or data subject rights. \\n\\n \\nData Subject \\nmeans a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of PlayForm. \\n\\n \\nPersonal Data \\nmeans any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. \\n\\n \\nProcessing \\nmeans any operation or set of operations which is performed by PlayForm on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. \\n\\n \\nStandard Contractual Clauses \\nmeans the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU). \\n\\n \\nThird Party \\nmeans a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of PlayForm. This definition does not apply to natural persons, who provide services to PlayForm as contractors on a regular basis. \\n\\n \\n\\nUser \\nmeans a Data Subject who uses our services provided on PlayForm website. \\n\\n
\\n\\n## ANNEX 1 TO THE PERSONAL DATA PROTECTION POLICY\\n\\n**European National Data Protection Authorities**\\n\\n**Austria**\\n\\nÖsterreichische Datenschutzbehörde\\\\\\nHohenstaufengasse 3\\\\\\n1010 Wien\\\\\\nTel. +43 1 531 15 202525\\\\\\nFax +43 1 531 15 202690\\\\\\nE-mail: dsb@dsb.gv.at\\\\\\nWebSite: https://www.dsb.gv.at\\n\\nArt 29 WP Member: Dr Andrea JELINEK, Director, Österreichische\\nDatenschutzbehörde\\n\\n**Belgium**\\n\\nCommission de la protection de la vie privée\\\\\\nCommissie voor de bescherming van de persoonlijke levenssfeer\\\\\\nRue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel\\\\\\nTel. +32 2 274 48 00\\\\\\nFax +32 2 274 48 35\\\\\\nE-mail: commission@privacycommission.be\\\\\\nWebSite: https://www.privacycommission.be\\n\\nArt 29 WP Vice-President: Willem DEBEUCKELAERE, President of the Belgian Privacy\\ncommission\\n\\n**Bulgaria**\\n\\nCommission for Personal Data Protection\\\\\\n2, Prof. Tsvetan Lazarov Blvd. Sofia 1592\\\\\\nTel. +359 2 915 3580\\\\\\nFax +359 2 915 3525\\\\\\nE-mail: kzld@cpdp.bg\\\\\\nWebSite: https://www.cpdp.bg\\n\\nArt 29 WP Member: Mr. Ventsislav KARADJOV, Chairman of the Commission for\\nPersonal Data Protection\\\\\\nArt 29 WP Alternate Member: Ms. Mariya MATEVA\\n\\n**Croatia**\\n\\nCroatian Personal Data Protection Agency\\\\\\nMartićeva 14\\\\\\n10000 Zagreb\\\\\\nTel. +385 1 4609 000\\\\\\nFax +385 1 4609 099\\\\\\nE-mail: azop@azop.hr or info@azop.hr\\\\\\nWebSite: https://www.azop.hr\\n\\nArt 29 WP Member: Mr. Anto RAJKOVAČA, Director of the Croatian Data Protection\\nAgency\\n\\n**Cyprus**\\n\\nCommissioner for Personal Data Protection\\\\\\n1 Iasonos Street,\\\\\\n1082 Nicosia\\\\\\nP.O. Box 23378, CY-1682 Nicosia Tel. +357 22 818 456\\\\\\nFax +357 22 304 565\\\\\\nE-mail: commissioner@dataprotection.gov.cy\\\\\\nWebSite: https://www.dataprotection.gov.cy\\n\\nArt 29 WP Member: Ms. Irene LOIZIDOU NIKOLAIDOU\\\\\\nArt 29 WP Alternate Member: Mr. Constantinos GEORGIADES\\n\\n**Czech Republic**\\n\\nThe Office for Personal Data Protection\\\\\\nUrad pro ochranu osobnich udaju Pplk. Sochora 27\\\\\\n170 00 Prague 7\\\\\\nTel. +420 234 665 111\\\\\\nFax +420 234 665 444\\\\\\nE-mail: posta@uoou.cz\\\\\\nWebSite: https://www.uoou.cz\\n\\nArt 29 WP Member: Ms. Ivana JANŮ, President of the Office for Personal Data\\nProtection\\\\\\nArt 29 WP Alternate Member: Mr. Ivan PROCHÁZKA, Adviser to the President of the\\nOffice\\n\\n**Denmark**\\n\\nDatatilsynet\\\\\\nBorgergade 28, 5\\\\\\n1300 Copenhagen K\\\\\\nTel. +45 33 1932 00\\\\\\nFax +45 33 19 32 18\\\\\\nE-mail: dt@datatilsynet.dk\\\\\\nWebSite: https://www.datatilsynet.dk\\n\\nArt 29 WP Member: Ms. Cristina Angela GULISANO, Director, Danish Data Protection\\nAgency (Datatilsynet)\\\\\\nArt 29 WP Alternate Member: Mr. Peter FOGH KNUDSEN, Head of International\\nDivision at the Danish Data Protection Agency (Datatilsynet)\\n\\n**Estonia**\\n\\nEstonian Data Protection Inspectorate (Andmekaitse Inspektsioon)\\\\\\nVäike-Ameerika 19\\\\\\n10129 Tallinn\\\\\\nTel. +372 6274 135\\\\\\nFax +372 6274 137\\\\\\nE-mail: info@aki.ee\\\\\\nWebSite: https://www.aki.ee/en\\n\\nArt 29 WP Member: Mr. Viljar PEEP, Director General, Estonian Data Protection\\nInspectorate\\\\\\nArt 29 WP Alternate Member: Ms. Maarja Kirss\\n\\n**Finland**\\n\\nOffice of the Data Protection Ombudsman\\\\\\nP.O. Box 315\\\\\\nFIN-00181 Helsinki Tel. +358 10 3666 700\\\\\\nFax +358 10 3666 735\\\\\\nE-mail: tietosuoja@om.fi\\\\\\nWebSite: https://www.tietosuoja.fi/en\\n\\nArt 29 WP Member: Mr. Reijo AARNIO, Ombudsman of the Finnish Data Protection\\nAuthority\\\\\\nArt 29 WP Alternate Member: Ms. Elisa KUMPULA, Head of Department\\n\\n**France**\\n\\nCommission Nationale de l'Informatique et des Libertés - CNIL\\\\\\n8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02\\\\\\nTel. +33 1 53 73 22 22\\\\\\nFax +33 1 53 73 22 00\\\\\\nWebSite: https://www.cnil.fr\\n\\nArt 29 WP Member: Ms. Isabelle FALQUE-PIERROTIN, President of CNIL\\\\\\nArt 29 WP Alternate Member: Ms. Florence RAYNAL\\n\\n**Germany**\\n\\nDie Bundesbeauftragte für den Datenschutz und die Informationsfreiheit\\\\\\nHusarenstraße 30\\\\\\n53117 Bonn\\\\\\nTel. +49 228 997799 0; +49 228 81995 0\\\\\\nFax +49 228 997799 550; +49 228 81995 550\\\\\\nE-mail: poststelle@bfdi.bund.de\\\\\\nWebSite: https://www.bfdi.bund.de\\n\\nThe competence for complaints is split among different data protection\\nsupervisory authorities in Germany.\\n\\nCompetent authorities can be identified according to the list provided under\\n\\nhttps://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html\\n\\nArt 29 WP Member: Ms. Andrea VOSSHOFF, Federal Commissioner for Freedom of\\nInformation\\\\\\nArt 29 WP Alternate Member: Prof. Dr. Johannes CASPAR, representative of the\\nfederal states\\n\\n**Greece**\\n\\nHellenic Data Protection Authority\\\\\\nKifisias Av. 1-3, PC 11523 Ampelokipi Athens\\\\\\nTel. +30 210 6475 600\\\\\\nFax +30 210 6475 628\\\\\\nE-mail: contact@dpa.gr\\\\\\nWebSite: https://www.dpa.gr\\n\\nArt 29 WP Member: Mr. Konstantinos Menoudakos, President of the Hellenic DPA\\\\\\nArt 29 WP Alternate Member: Dr. Vasilios ZORKADIS, Director\\n\\n**Hungary**\\n\\nNational Authority for Data Protection and Freedom of Information\\\\\\nSzilágyi Erzsébet fasor 22/C H-1125 Budapest\\\\\\nTel. +36 1 3911 400\\\\\\nE-mail: peterfalvi.attila@naih.hu\\\\\\nWebSite: https://www.naih.hu\\n\\nArt 29 WP Member: Dr Attila PÉTERFALVI, President of the National Authority for\\nData Protection and Freedom of Information\\\\\\nArt 29 WP Alternate Member: Mr. Endre Győző SZABÓ Vice-president of the National\\nAuthority for Data Protection and Freedom of Information\\n\\n**Ireland**\\n\\nData Protection Commissioner\\\\\\nCanal House Station Road Portarlington Co. Laois\\\\\\nLo-Call: 1890 25 22 31\\\\\\nTel. +353 57 868 4800\\\\\\nFax +353 57 868 4757\\\\\\nE-mail: info@dataprotection.ie\\\\\\nWebSite: https://www.dataprotection.ie\\n\\nArt 29 WP Member: Ms. Helen DIXON, Data Protection Commissioner\\\\\\nArt 29 WP Alternate Members: Mr. John O'DWYER, Deputy Commissioner; Mr. Dale\\nSUNDERLAND, Deputy Commissioner\\n\\n**Italy**\\n\\nGarante per la protezione dei dati personali\\\\\\nPiazza di Monte Citorio, 121 00186 Roma\\\\\\nTel. +39 06 69677 1\\\\\\nFax +39 06 69677 785\\\\\\nE-mail: garante@garanteprivacy.it\\\\\\nWebSite: https://www.garanteprivacy.it\\n\\nArt 29 WP Member: Mr. Antonello SORO, President of Garante per la protezione dei\\ndati personali\\\\\\nArt 29 WP Alternate Member: Ms. Giuseppe BUSIA, Secretary General of Garante per\\nla protezione dei dati personali\\n\\n**Latvia**\\n\\nData State Inspectorate Director: Ms. Daiga Avdejanova\\\\\\nBlaumana str. 11/13-15\\\\\\n1011 Riga\\\\\\nTel. +371 6722 3131\\\\\\nFax +371 6722 3556\\\\\\nE-mail: info@dvi.gov.lv\\\\\\nWebSite: https://www.dvi.gov.lv\\n\\nArt 29 WP Alternate Member: Ms. Aiga BALODE\\n\\n**Lithuania**\\n\\nState Data Protection\\\\\\nŽygimantų str. 11-6a 011042 Vilnius\\\\\\nTel. + 370 5 279 14 45\\\\\\nFax +370 5 261 94 94\\\\\\nE-mail: ada@ada.lt\\\\\\nWebSite: https://www.ada.lt\\n\\nArt 29 WP Member: Mr. Raimondas Andrijauskas, Director of the State Data\\nProtection Inspectorate\\\\\\nArt 29 WP Alternate Member: Ms. Neringa KAKTAVIČIŪTĖ-MICKIENĖ, Head of\\nComplaints Investigation and International Cooperation Division\\n\\n**Luxembourg**\\n\\nCommission Nationale pour la Protection des Données\\\\\\n1, avenue du Rock’n’roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1\\\\\\nFax +352 2610 60 29\\\\\\nE-mail: info@cnpd.lu\\\\\\nWebSite: https://www.cnpd.lu\\n\\nArt 29 WP Member: Ms. Tine A. LARSEN, President of the Commission Nationale pour\\nla Protection des Données\\\\\\nArt 29 WP Alternate Member: Mr. Thierry LALLEMANG, Commissioner\\n\\n**Malta**\\n\\nOffice of the Data Protection Commissioner\\\\\\nData Protection Commissioner: Mr. Joseph Ebejer\\\\\\n2, Airways House\\\\\\nHigh Street, Sliema SLM 1549 Tel. +356 2328 7100\\\\\\nFax +356 2328 7198\\\\\\nE-mail: commissioner.dataprotection@gov.mt\\\\\\nWebSite: https://idpc.org.mt\\n\\nArt 29 WP Member: Mr. Saviour CACHIA, Information and Data Protection\\nCommissioner\\\\\\nArt 29 WP Alternate Member: Mr. Ian DEGUARA, Director - Operations and Programme\\nImplementation\\n\\n**Netherlands**\\n\\nAutoriteit Persoonsgegevens\\\\\\nPrins Clauslaan 60\\\\\\nP.O. Box 93374\\\\\\n2509 AJ Den Haag/The Hague Tel. +31 70 888 8500\\\\\\nFax +31 70 888 8501\\\\\\nE-mail: info@autoriteitpersoonsgegevens.nl\\\\\\nWebSite: https://autoriteitpersoonsgegevens.nl/nl\\n\\nArt 29 WP Member: Mr. Aleid WOLFSEN, Chairman of Autoriteit Persoonsgegevens\\n\\n**Poland**\\n\\nThe Bureau of the Inspector General for the Protection of Personal Data – GIODO\\\\\\nul. Stawki 2\\\\\\n00-193 Warsaw\\\\\\nTel. +48 22 53 10 440\\\\\\nFax +48 22 53 10 441\\\\\\nE-mail: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl\\\\\\nWebSite: https://www.giodo.gov.pl\\n\\nArt 29 WP Member: Ms. Edyta BIELAK-JOMAA, Inspector General for the Protection\\nof Personal Data\\n\\n**Portugal**\\n\\nComissão Nacional de Protecção de Dados - CNPD\\\\\\nR. de São. Bento, 148-3° 1200-821 Lisboa\\\\\\nTel. +351 21 392 84 00\\\\\\nFax +351 21 397 68 32\\\\\\nE-mail: geral@cnpd.pt\\\\\\nWebSite: https://www.cnpd.pt\\n\\nArt 29 WP Member: Ms. Filipa CALVÃO, President, Comissão Nacional de Protecção\\nde Dados\\\\\\nArt 29 WP Alternate Member: Isabel CRUZ, Secretary-General of the DPA\\n\\n**Romania**\\n\\nThe National Supervisory Authority for Personal Data Processing President: Mrs.\\nAncuţa Gianina Opre\\\\\\nB-dul Magheru 28-30\\\\\\nSector 1, BUCUREŞTI\\\\\\nTel. +40 21 252 5599\\\\\\nFax +40 21 252 5757\\\\\\nE-mail: anspdcp@dataprotection.ro\\\\\\nWebSite: https://www.dataprotection.ro\\n\\nArt 29 WP Member: Ms. Ancuţa Gianina OPRE, President of the National Supervisory\\nAuthority for Personal Data Processing\\\\\\nArt 29 WP Alternate Member: Ms. Alina SAVOIU, Head of the Legal and\\nCommunication Department\\n\\n**Slovakia**\\n\\nOffice for Personal Data Protection of the Slovak Republic\\\\\\nHraničná 12\\\\\\n820 07 Bratislava 27\\\\\\nTel.: + 421 2 32 31 32 14\\\\\\nFax: + 421 2 32 31 32 34\\\\\\nE-mail: statny.dozor@pdp.gov.sk\\\\\\nWebSite: https://dataprotection.gov.sk\\n\\nArt 29 WP Member: Ms. Soňa PŐTHEOVÁ, President of the Office for Personal Data\\nProtection of the Slovak Republic\\\\\\nArt 29 WP Alternate Member: Mr. Anna VITTEKOVA, Vice President\\n\\n**Slovenia**\\n\\nInformation Commissioner\\\\\\nMs. Mojca Prelesnik Zaloška 59\\\\\\n1000 Ljubljana\\\\\\nTel. +386 1 230 9730\\\\\\nFax +386 1 230 9778\\\\\\nE-mail: gp.ip@ip-rs.si\\\\\\nWebSite: https://www.ip-rs.si\\n\\nArt 29 WP Member: Ms. Mojca PRELESNIK, Information Commissioner of the Republic\\nof Slovenia\\n\\n**Spain**\\n\\nAgencia de Protección de Datos\\\\\\nC/Jorge Juan, 6\\\\\\n28001 Madrid\\\\\\nTel. +34 91399 6200\\\\\\nFax +34 91455 5699\\\\\\nE-mail: internacional@agpd.es\\\\\\nWebSite: https://www.agpd.es\\n\\nArt 29 WP Member: Ms. María del Mar España Martí, Director of the Spanish Data\\nProtection Agency\\\\\\nArt 29 WP Alternate Member: Mr. Rafael GARCIA GOZALO\\n\\n**Sweden**\\n\\nDatainspektionen\\\\\\nDrottninggatan 29 5th Floor\\\\\\nBox 8114\\\\\\n20 Stockholm\\\\\\nTel. +46 8 657 6100\\\\\\nFax +46 8 652 8652\\\\\\nE-mail: datainspektionen@datainspektionen.se\\\\\\nWebSite: https://www.datainspektionen.se\\n\\nArt 29 WP Member: Ms. Kristina SVAHN STARRSJÖ, Director General of the Data\\nInspection Board\\\\\\nArt 29 WP Alternate Member: Mr. Hans-Olof LINDBLOM, Chief Legal Adviser\\n\\n**United Kingdom**\\n\\nThe Information Commissioner’s Office\\\\\\nWater Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745\\\\\\nE-mail: international.team@ico.org.uk\\\\\\nWebSite: https://ico.org.uk\\n\\nArt 29 WP Member: Ms. Elizabeth DENHAM, Information Commissioner\\\\\\nArt 29 WP Alternate Member: Mr. Steve WOOD, Deputy Commissioner\\n\\n**EUROPEAN FREE TRADE AREA (EFTA)**\\n\\n**Iceland**\\n\\nIcelandic Data Protection Agency\\\\\\nRauðarárstíg 10\\\\\\nReykjavík\\\\\\nTel. +354 510 9600; Fax +354 510 9606\\\\\\nE-mail: postur@personuvernd.is\\\\\\nWebSite: https://www.personuvernd.is\\n\\n**Liechtenstein**\\n\\nData Protection Office\\\\\\nKirchstrasse 8, P.O. Box 684\\\\\\n9490 Vaduz\\\\\\nPrincipality of Liechtenstein Tel. +423 236 6090\\\\\\nE-mail: info.dss@llv.li\\\\\\nWebSite: https://www.datenschutzstelle.li\\n\\n**Norway**\\n\\nDatatilsynet\\\\\\nData Protection Authority: Mr. Bjørn Erik THORN\\\\\\nThe Data Inspectorate\\\\\\nP.O. Box 8177 Dep 0034 Oslo\\\\\\nTel. +47 22 39 69 00; Fax +47 22 42 23 50\\\\\\nE-mail: postkasse@datatilsynet.no\\\\\\nWebSite: https://www.datatilsynet.no\\n\\n**Switzerland**\\n\\nData Protection and Information Commissioner of Switzerland\\\\\\nEidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Mr. Adrian\\nLobsiger\\\\\\nFeldeggweg 1\\\\\\n3003 Bern\\\\\\nTel. +41 58 462 43 95; Fax +41 58 462 99 96\\\\\\nE-mail: contact20@edoeb.admin.ch\\\\\\nWebSite: https://www.edoeb.admin.ch\\n\";\n\t\t\t\t}\n\t\t\t\texport function compiledContent() {\n\t\t\t\t\treturn html;\n\t\t\t\t}\n\t\t\t\texport function getHeadings() {\n\t\t\t\t\treturn [{\"depth\":1,\"slug\":\"personal-data-protection-policy\",\"text\":\"PERSONAL DATA PROTECTION POLICY\"},{\"depth\":2,\"slug\":\"scope-and-definitions\",\"text\":\"Scope and Definitions\"},{\"depth\":2,\"slug\":\"data-processing-principles\",\"text\":\"Data Processing Principles\"},{\"depth\":2,\"slug\":\"legal-grounds-and-purposes\",\"text\":\"Legal Grounds and Purposes\"},{\"depth\":2,\"slug\":\"access-to-personal-data\",\"text\":\"Access to Personal Data\"},{\"depth\":2,\"slug\":\"third-parties\",\"text\":\"Third Parties\"},{\"depth\":2,\"slug\":\"international-transfers\",\"text\":\"International Transfers\"},{\"depth\":2,\"slug\":\"rights-of-data-subjects\",\"text\":\"Rights of Data Subjects\"},{\"depth\":2,\"slug\":\"new-data-processing-activities\",\"text\":\"New Data Processing Activities\"},{\"depth\":2,\"slug\":\"data-retention\",\"text\":\"Data Retention\"},{\"depth\":2,\"slug\":\"security\",\"text\":\"Security\"},{\"depth\":2,\"slug\":\"data-breach-response-procedure\",\"text\":\"Data Breach Response Procedure\"},{\"depth\":2,\"slug\":\"annex-1-to-the-personal-data-protection-policy\",\"text\":\"ANNEX 1 TO THE PERSONAL DATA PROTECTION POLICY\"},{\"depth\":2,\"slug\":\"footnote-label\",\"text\":\"Footnotes\"}];\n\t\t\t\t}\n\n\t\t\t\texport const Content = createComponent((result, _props, slots) => {\n\t\t\t\t\tconst { layout, ...content } = frontmatter;\n\t\t\t\t\tcontent.file = file;\n\t\t\t\t\tcontent.url = url;\n\n\t\t\t\t\treturn render`${maybeRenderHead(result)}${unescapeHTML(html)}`;\n\t\t\t\t});\n\t\t\t\texport default Content;\n\t\t\t\t"],"names":["render"],"mappings":";;;;AAKI,MAAM,IAAI,GAAG,6lxEAA6lxE,CAAC;AAC/mxE;AACA,IAAgB,MAAC,WAAW,GAAG,CAAC,OAAO,CAAC,iCAAiC,EAAE;AAC3E,IAAgB,MAAC,IAAI,GAAG,iGAAiG;AACzH,IAAgB,MAAC,GAAG,GAAG,UAAU;AACjC,IAAW,SAAS,UAAU,GAAG;AACjC,KAAK,OAAO,0qoEAA0qoE,CAAC;AACvroE,KAAK;AACL,IAAW,SAAS,eAAe,GAAG;AACtC,KAAK,OAAO,IAAI,CAAC;AACjB,KAAK;AACL,IAAW,SAAS,WAAW,GAAG;AAClC,KAAK,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,iCAAiC,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gCAAgC,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gCAAgC,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gDAAgD,CAAC,MAAM,CAAC,gDAAgD,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;AACzlC,KAAK;AACL;AACA,IAAgB,MAAC,OAAO,GAAG,eAAe,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,KAAK;AACtE,KAAK,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,GAAG,WAAW,CAAC;AAChD,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;AACzB,KAAK,OAAO,CAAC,GAAG,GAAG,GAAG,CAAC;AACvB;AACA,KAAK,OAAOA,cAAM,CAAC,EAAE,eAAe,CAAO,CAAC,CAAC,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpE,KAAK;;;;"}
\ No newline at end of file
diff --git a/Target/chunks/privacy-policy_B7pwOLEf.mjs.map b/Target/chunks/privacy-policy_LwSTRs9A.mjs.map
similarity index 99%
rename from Target/chunks/privacy-policy_B7pwOLEf.mjs.map
rename to Target/chunks/privacy-policy_LwSTRs9A.mjs.map
index 74a0e36d..e0d496f4 100644
--- a/Target/chunks/privacy-policy_B7pwOLEf.mjs.map
+++ b/Target/chunks/privacy-policy_LwSTRs9A.mjs.map
@@ -1 +1 @@
-{"version":3,"file":"privacy-policy_B7pwOLEf.mjs","sources":["../../Source/Content/en/privacy-policy.md"],"sourcesContent":["\n\t\t\t\timport { unescapeHTML, spreadAttributes, createComponent, render, renderComponent, maybeRenderHead } from \"D:/Developer/node_modules/astro/dist/runtime/server/index.js\";\n\t\t\t\timport { AstroError, AstroErrorData } from \"D:/Developer/node_modules/astro/dist/core/errors/index.js\";\n\t\t\t\t\n\n\t\t\t\tconst html = \"\\n \\n\\n \\n\\nNikola Hristov \\nBriefed \\n05.25.2018 \\n\\n
\\n\\n
\\nPRIVACY POLICY
\\n
\\nLast updated: 02.11.2022 / February 11th 2022Introduction
\\nDefinitions
\\nInformation Collection and Use
\\nTypes of Data Collected
\\nUse of Data
\\nRetention of Data
\\nTransfer of Data
\\nDisclosure of Data
\\nSecurity of Data
\\nYour Data Protection Rights Under General Data Protection Regulation (GDPR)
\\nYour Data Protection Rights under the California Privacy Protection Act (CalOPPA)
\\nYour Data Protection Rights under the California Consumer Privacy Act (CCPA)
\\nService Providers
\\nPayments
\\nLinks to Other Sites
\\nChildren’s Privacy
\\nChanges to This Privacy Policy
\\nContact Us
\\n\\n
\\n\\n
\\nPRIVACY POLICY
\\n
\\nLast updated: 02.11.2022 / February 11th 2022Introduction
\\nDefinitions
\\nInformation Collection and Use
\\nTypes of Data Collected
\\nUse of Data
\\nRetention of Data
\\nTransfer of Data
\\nDisclosure of Data
\\nSecurity of Data
\\nYour Data Protection Rights Under General Data Protection Regulation (GDPR)
\\nYour Data Protection Rights under the California Privacy Protection Act (CalOPPA)
\\nYour Data Protection Rights under the California Consumer Privacy Act (CCPA)
\\nService Providers
\\nPayments
\\nLinks to Other Sites
\\nChildren’s Privacy
\\nChanges to This Privacy Policy
\\nContact Us
\\n\\n
\\n\\n
\\nTERMS OF SERVICE
\\n
\\nLast updated: 02.11.2022 / February 11th 2022Introduction
\\nCommunications
\\nPurchases
\\nContests, Sweepstakes and Promotions
\\nSubscriptions
\\nFree Trial
\\nFee Changes
\\nRefunds
\\nContent
\\nProhibited Uses
\\nNo Use by Minors
\\nAccounts
\\nIntellectual Property
\\nCopyright Policy
\\nDMCA Notice and Procedure for Copyright Infringement Claims
\\nError Reporting and Feedback
\\nLinks To Other Web Sites
\\nDisclaimer Of Warranty
\\nLimitation Of Liability
\\nTermination
\\nGoverning Law
\\nChanges To Service
\\nAmendments To Terms
\\nWaiver And Severability
\\nAcknowledgement
\\nContact Us
\\n\\n
\\n\\n
\\nTERMS OF SERVICE
\\n
\\nLast updated: 02.11.2022 / February 11th 2022Introduction
\\nCommunications
\\nPurchases
\\nContests, Sweepstakes and Promotions
\\nSubscriptions
\\nFree Trial
\\nFee Changes
\\nRefunds
\\nContent
\\nProhibited Uses
\\nNo Use by Minors
\\nAccounts
\\nIntellectual Property
\\nCopyright Policy
\\nDMCA Notice and Procedure for Copyright Infringement Claims
\\nError Reporting and Feedback
\\nLinks To Other Web Sites
\\nDisclaimer Of Warranty
\\nLimitation Of Liability
\\nTermination
\\nGoverning Law
\\nChanges To Service
\\nAmendments To Terms
\\nWaiver And Severability
\\nAcknowledgement
\\nContact Us
\\n
\ No newline at end of file
+☁️ Cloud —
\ No newline at end of file
diff --git a/Target/manifest_e8jatbOF.mjs.map b/Target/manifest_CppTCdw4.mjs.map
similarity index 99%
rename from Target/manifest_e8jatbOF.mjs.map
rename to Target/manifest_CppTCdw4.mjs.map
index 61f9394e..f111a38e 100644
--- a/Target/manifest_e8jatbOF.mjs.map
+++ b/Target/manifest_CppTCdw4.mjs.map
@@ -1 +1 @@
-{"version":3,"file":"manifest_e8jatbOF.mjs","sources":["../../../../node_modules/astro/dist/core/middleware/noop-middleware.js","../../../../node_modules/astro/dist/actions/runtime/virtual/shared.js","../../../../node_modules/astro/dist/core/routing/manifest/generator.js","../../../../node_modules/astro/dist/core/routing/manifest/serialization.js","../../../../node_modules/astro/dist/core/app/common.js"],"sourcesContent":["const NOOP_MIDDLEWARE_FN = (_, next) => next();\nexport {\n NOOP_MIDDLEWARE_FN\n};\n","import { parse as devalueParse, stringify as devalueStringify } from \"devalue\";\nimport { REDIRECT_STATUS_CODES } from \"../../../core/constants.js\";\nimport { ActionsReturnedInvalidDataError } from \"../../../core/errors/errors-data.js\";\nimport { AstroError } from \"../../../core/errors/errors.js\";\nimport { ACTION_QUERY_PARAMS as _ACTION_QUERY_PARAMS } from \"../../consts.js\";\nconst ACTION_QUERY_PARAMS = _ACTION_QUERY_PARAMS;\nconst ACTION_ERROR_CODES = [\n \"BAD_REQUEST\",\n \"UNAUTHORIZED\",\n \"FORBIDDEN\",\n \"NOT_FOUND\",\n \"TIMEOUT\",\n \"CONFLICT\",\n \"PRECONDITION_FAILED\",\n \"PAYLOAD_TOO_LARGE\",\n \"UNSUPPORTED_MEDIA_TYPE\",\n \"UNPROCESSABLE_CONTENT\",\n \"TOO_MANY_REQUESTS\",\n \"CLIENT_CLOSED_REQUEST\",\n \"INTERNAL_SERVER_ERROR\"\n];\nconst codeToStatusMap = {\n // Implemented from tRPC error code table\n // https://trpc.io/docs/server/error-handling#error-codes\n BAD_REQUEST: 400,\n UNAUTHORIZED: 401,\n FORBIDDEN: 403,\n NOT_FOUND: 404,\n TIMEOUT: 405,\n CONFLICT: 409,\n PRECONDITION_FAILED: 412,\n PAYLOAD_TOO_LARGE: 413,\n UNSUPPORTED_MEDIA_TYPE: 415,\n UNPROCESSABLE_CONTENT: 422,\n TOO_MANY_REQUESTS: 429,\n CLIENT_CLOSED_REQUEST: 499,\n INTERNAL_SERVER_ERROR: 500\n};\nconst statusToCodeMap = Object.entries(codeToStatusMap).reduce(\n // reverse the key-value pairs\n (acc, [key, value]) => ({ ...acc, [value]: key }),\n {}\n);\nclass ActionError extends Error {\n type = \"AstroActionError\";\n code = \"INTERNAL_SERVER_ERROR\";\n status = 500;\n constructor(params) {\n super(params.message);\n this.code = params.code;\n this.status = ActionError.codeToStatus(params.code);\n if (params.stack) {\n this.stack = params.stack;\n }\n }\n static codeToStatus(code) {\n return codeToStatusMap[code];\n }\n static statusToCode(status) {\n return statusToCodeMap[status] ?? \"INTERNAL_SERVER_ERROR\";\n }\n static fromJson(body) {\n if (isInputError(body)) {\n return new ActionInputError(body.issues);\n }\n if (isActionError(body)) {\n return new ActionError(body);\n }\n return new ActionError({\n code: \"INTERNAL_SERVER_ERROR\"\n });\n }\n}\nfunction isActionError(error) {\n return typeof error === \"object\" && error != null && \"type\" in error && error.type === \"AstroActionError\";\n}\nfunction isInputError(error) {\n return typeof error === \"object\" && error != null && \"type\" in error && error.type === \"AstroActionInputError\" && \"issues\" in error && Array.isArray(error.issues);\n}\nclass ActionInputError extends ActionError {\n type = \"AstroActionInputError\";\n // We don't expose all ZodError properties.\n // Not all properties will serialize from server to client,\n // and we don't want to import the full ZodError object into the client.\n issues;\n fields;\n constructor(issues) {\n super({\n message: `Failed to validate: ${JSON.stringify(issues, null, 2)}`,\n code: \"BAD_REQUEST\"\n });\n this.issues = issues;\n this.fields = {};\n for (const issue of issues) {\n if (issue.path.length > 0) {\n const key = issue.path[0].toString();\n this.fields[key] ??= [];\n this.fields[key]?.push(issue.message);\n }\n }\n }\n}\nasync function callSafely(handler) {\n try {\n const data = await handler();\n return { data, error: void 0 };\n } catch (e) {\n if (e instanceof ActionError) {\n return { data: void 0, error: e };\n }\n return {\n data: void 0,\n error: new ActionError({\n message: e instanceof Error ? e.message : \"Unknown error\",\n code: \"INTERNAL_SERVER_ERROR\"\n })\n };\n }\n}\nfunction getActionQueryString(name) {\n const searchParams = new URLSearchParams({ [_ACTION_QUERY_PARAMS.actionName]: name });\n return `?${searchParams.toString()}`;\n}\nfunction serializeActionResult(res) {\n if (res.error) {\n if (import.meta.env?.DEV) {\n actionResultErrorStack.set(res.error.stack);\n }\n return {\n type: \"error\",\n status: res.error.status,\n contentType: \"application/json\",\n body: JSON.stringify({\n ...res.error,\n message: res.error.message\n })\n };\n }\n if (res.data === void 0) {\n return {\n type: \"empty\",\n status: 204\n };\n }\n let body;\n try {\n body = devalueStringify(res.data, {\n // Add support for URL objects\n URL: (value) => value instanceof URL && value.href\n });\n } catch (e) {\n let hint = ActionsReturnedInvalidDataError.hint;\n if (res.data instanceof Response) {\n hint = REDIRECT_STATUS_CODES.includes(res.data.status) ? \"If you need to redirect when the action succeeds, trigger a redirect where the action is called. See the Actions guide for server and client redirect examples: https://docs.astro.build/en/guides/actions.\" : \"If you need to return a Response object, try using a server endpoint instead. See https://docs.astro.build/en/guides/endpoints/#server-endpoints-api-routes\";\n }\n throw new AstroError({\n ...ActionsReturnedInvalidDataError,\n message: ActionsReturnedInvalidDataError.message(String(e)),\n hint\n });\n }\n return {\n type: \"data\",\n status: 200,\n contentType: \"application/json+devalue\",\n body\n };\n}\nfunction deserializeActionResult(res) {\n if (res.type === \"error\") {\n let json;\n try {\n json = JSON.parse(res.body);\n } catch {\n return {\n data: void 0,\n error: new ActionError({\n message: res.body,\n code: \"INTERNAL_SERVER_ERROR\"\n })\n };\n }\n if (import.meta.env?.PROD) {\n return { error: ActionError.fromJson(json), data: void 0 };\n } else {\n const error = ActionError.fromJson(json);\n error.stack = actionResultErrorStack.get();\n return {\n error,\n data: void 0\n };\n }\n }\n if (res.type === \"empty\") {\n return { data: void 0, error: void 0 };\n }\n return {\n data: devalueParse(res.body, {\n URL: (href) => new URL(href)\n }),\n error: void 0\n };\n}\nconst actionResultErrorStack = /* @__PURE__ */ function actionResultErrorStackFn() {\n let errorStack;\n return {\n set(stack) {\n errorStack = stack;\n },\n get() {\n return errorStack;\n }\n };\n}();\nexport {\n ACTION_ERROR_CODES,\n ACTION_QUERY_PARAMS,\n ActionError,\n ActionInputError,\n callSafely,\n deserializeActionResult,\n getActionQueryString,\n isActionError,\n isInputError,\n serializeActionResult\n};\n","function sanitizeParams(params) {\n return Object.fromEntries(\n Object.entries(params).map(([key, value]) => {\n if (typeof value === \"string\") {\n return [key, value.normalize().replace(/#/g, \"%23\").replace(/\\?/g, \"%3F\")];\n }\n return [key, value];\n })\n );\n}\nfunction getParameter(part, params) {\n if (part.spread) {\n return params[part.content.slice(3)] || \"\";\n }\n if (part.dynamic) {\n if (!params[part.content]) {\n throw new TypeError(`Missing parameter: ${part.content}`);\n }\n return params[part.content];\n }\n return part.content.normalize().replace(/\\?/g, \"%3F\").replace(/#/g, \"%23\").replace(/%5B/g, \"[\").replace(/%5D/g, \"]\");\n}\nfunction getSegment(segment, params) {\n const segmentPath = segment.map((part) => getParameter(part, params)).join(\"\");\n return segmentPath ? \"/\" + segmentPath : \"\";\n}\nfunction getRouteGenerator(segments, addTrailingSlash) {\n return (params) => {\n const sanitizedParams = sanitizeParams(params);\n let trailing = \"\";\n if (addTrailingSlash === \"always\" && segments.length) {\n trailing = \"/\";\n }\n const path = segments.map((segment) => getSegment(segment, sanitizedParams)).join(\"\") + trailing;\n return path || \"/\";\n };\n}\nexport {\n getRouteGenerator\n};\n","import { getRouteGenerator } from \"./generator.js\";\nfunction serializeRouteData(routeData, trailingSlash) {\n return {\n ...routeData,\n generate: void 0,\n pattern: routeData.pattern.source,\n redirectRoute: routeData.redirectRoute ? serializeRouteData(routeData.redirectRoute, trailingSlash) : void 0,\n fallbackRoutes: routeData.fallbackRoutes.map((fallbackRoute) => {\n return serializeRouteData(fallbackRoute, trailingSlash);\n }),\n _meta: { trailingSlash }\n };\n}\nfunction deserializeRouteData(rawRouteData) {\n return {\n route: rawRouteData.route,\n type: rawRouteData.type,\n pattern: new RegExp(rawRouteData.pattern),\n params: rawRouteData.params,\n component: rawRouteData.component,\n generate: getRouteGenerator(rawRouteData.segments, rawRouteData._meta.trailingSlash),\n pathname: rawRouteData.pathname || void 0,\n segments: rawRouteData.segments,\n prerender: rawRouteData.prerender,\n redirect: rawRouteData.redirect,\n redirectRoute: rawRouteData.redirectRoute ? deserializeRouteData(rawRouteData.redirectRoute) : void 0,\n fallbackRoutes: rawRouteData.fallbackRoutes.map((fallback) => {\n return deserializeRouteData(fallback);\n }),\n isIndex: rawRouteData.isIndex\n };\n}\nexport {\n deserializeRouteData,\n serializeRouteData\n};\n","import { decodeKey } from \"../encryption.js\";\nimport { NOOP_MIDDLEWARE_FN } from \"../middleware/noop-middleware.js\";\nimport { deserializeRouteData } from \"../routing/manifest/serialization.js\";\nfunction deserializeManifest(serializedManifest) {\n const routes = [];\n for (const serializedRoute of serializedManifest.routes) {\n routes.push({\n ...serializedRoute,\n routeData: deserializeRouteData(serializedRoute.routeData)\n });\n const route = serializedRoute;\n route.routeData = deserializeRouteData(serializedRoute.routeData);\n }\n const assets = new Set(serializedManifest.assets);\n const componentMetadata = new Map(serializedManifest.componentMetadata);\n const inlinedScripts = new Map(serializedManifest.inlinedScripts);\n const clientDirectives = new Map(serializedManifest.clientDirectives);\n const serverIslandNameMap = new Map(serializedManifest.serverIslandNameMap);\n const key = decodeKey(serializedManifest.key);\n return {\n // in case user middleware exists, this no-op middleware will be reassigned (see plugin-ssr.ts)\n middleware() {\n return { onRequest: NOOP_MIDDLEWARE_FN };\n },\n ...serializedManifest,\n assets,\n componentMetadata,\n inlinedScripts,\n clientDirectives,\n routes,\n serverIslandNameMap,\n key\n };\n}\nexport {\n deserializeManifest\n};\n"],"names":[],"mappings":";;;;;;;;AAAA,MAAM,kBAAkB,GAAG,CAAC,CAAC,EAAE,IAAI,KAAK,IAAI,EAAE;;ACqB9C,MAAM,eAAkB,GAAA;AAAA;AAAA;AAAA,EAGtB,WAAa,EAAA,GAAA;AAAA,EACb,YAAc,EAAA,GAAA;AAAA,EACd,SAAW,EAAA,GAAA;AAAA,EACX,SAAW,EAAA,GAAA;AAAA,EACX,OAAS,EAAA,GAAA;AAAA,EACT,QAAU,EAAA,GAAA;AAAA,EACV,mBAAqB,EAAA,GAAA;AAAA,EACrB,iBAAmB,EAAA,GAAA;AAAA,EACnB,sBAAwB,EAAA,GAAA;AAAA,EACxB,qBAAuB,EAAA,GAAA;AAAA,EACvB,iBAAmB,EAAA,GAAA;AAAA,EACnB,qBAAuB,EAAA,GAAA;AAAA,EACvB,qBAAuB,EAAA,GAAA;AACzB,CAAA,CAAA;AACwB,MAAA,CAAO,OAAQ,CAAA,eAAe,CAAE,CAAA,MAAA;AAAA;AAAA,EAEtD,CAAC,GAAA,EAAK,CAAC,GAAA,EAAK,KAAK,CAAA,MAAO,EAAE,GAAG,GAAK,EAAA,CAAC,KAAK,GAAG,GAAI,EAAA,CAAA;AAAA,EAC/C,EAAC;AACH;;AC1CA,SAAS,cAAc,CAAC,MAAM,EAAE;AAChC,EAAE,OAAO,MAAM,CAAC,WAAW;AAC3B,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK;AACjD,MAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AACrC,QAAQ,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AACnF,OAAO;AACP,MAAM,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC1B,KAAK,CAAC;AACN,GAAG,CAAC;AACJ,CAAC;AACD,SAAS,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE;AACpC,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE;AACnB,IAAI,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC/C,GAAG;AACH,EAAE,IAAI,IAAI,CAAC,OAAO,EAAE;AACpB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;AAC/B,MAAM,MAAM,IAAI,SAAS,CAAC,CAAC,mBAAmB,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAChE,KAAK;AACL,IAAI,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAChC,GAAG;AACH,EAAE,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AACvH,CAAC;AACD,SAAS,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE;AACrC,EAAE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACjF,EAAE,OAAO,WAAW,GAAG,GAAG,GAAG,WAAW,GAAG,EAAE,CAAC;AAC9C,CAAC;AACD,SAAS,iBAAiB,CAAC,QAAQ,EAAE,gBAAgB,EAAE;AACvD,EAAE,OAAO,CAAC,MAAM,KAAK;AACrB,IAAI,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACnD,IAAI,IAAI,QAAQ,GAAG,EAAE,CAAC;AACtB,IAAI,IAAI,gBAAgB,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,EAAE;AAC1D,MAAM,QAAQ,GAAG,GAAG,CAAC;AACrB,KAAK;AACL,IAAI,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC;AACrG,IAAI,OAAO,IAAI,IAAI,GAAG,CAAC;AACvB,GAAG,CAAC;AACJ;;ACvBA,SAAS,oBAAoB,CAAC,YAAY,EAAE;AAC5C,EAAE,OAAO;AACT,IAAI,KAAK,EAAE,YAAY,CAAC,KAAK;AAC7B,IAAI,IAAI,EAAE,YAAY,CAAC,IAAI;AAC3B,IAAI,OAAO,EAAE,IAAI,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC;AAC7C,IAAI,MAAM,EAAE,YAAY,CAAC,MAAM;AAC/B,IAAI,SAAS,EAAE,YAAY,CAAC,SAAS;AACrC,IAAI,QAAQ,EAAE,iBAAiB,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC;AACxF,IAAI,QAAQ,EAAE,YAAY,CAAC,QAAQ,IAAI,KAAK,CAAC;AAC7C,IAAI,QAAQ,EAAE,YAAY,CAAC,QAAQ;AACnC,IAAI,SAAS,EAAE,YAAY,CAAC,SAAS;AACrC,IAAI,QAAQ,EAAE,YAAY,CAAC,QAAQ;AACnC,IAAI,aAAa,EAAE,YAAY,CAAC,aAAa,GAAG,oBAAoB,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;AACzG,IAAI,cAAc,EAAE,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK;AAClE,MAAM,OAAO,oBAAoB,CAAC,QAAQ,CAAC,CAAC;AAC5C,KAAK,CAAC;AACN,IAAI,OAAO,EAAE,YAAY,CAAC,OAAO;AACjC,GAAG,CAAC;AACJ;;AC5BA,SAAS,mBAAmB,CAAC,kBAAkB,EAAE;AACjD,EAAE,MAAM,MAAM,GAAG,EAAE,CAAC;AACpB,EAAE,KAAK,MAAM,eAAe,IAAI,kBAAkB,CAAC,MAAM,EAAE;AAC3D,IAAI,MAAM,CAAC,IAAI,CAAC;AAChB,MAAM,GAAG,eAAe;AACxB,MAAM,SAAS,EAAE,oBAAoB,CAAC,eAAe,CAAC,SAAS,CAAC;AAChE,KAAK,CAAC,CAAC;AACP,IAAI,MAAM,KAAK,GAAG,eAAe,CAAC;AAClC,IAAI,KAAK,CAAC,SAAS,GAAG,oBAAoB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;AACtE,GAAG;AACH,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACpD,EAAE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;AAC1E,EAAE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC;AACpE,EAAE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;AACxE,EAAE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;AAC9E,EAAE,MAAM,GAAG,GAAG,SAAS,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;AAChD,EAAE,OAAO;AACT;AACA,IAAI,UAAU,GAAG;AACjB,MAAM,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC;AAC/C,KAAK;AACL,IAAI,GAAG,kBAAkB;AACzB,IAAI,MAAM;AACV,IAAI,iBAAiB;AACrB,IAAI,cAAc;AAClB,IAAI,gBAAgB;AACpB,IAAI,MAAM;AACV,IAAI,mBAAmB;AACvB,IAAI,GAAG;AACP,GAAG,CAAC;AACJ;;;;;;","x_google_ignoreList":[0,1,2,3,4]}
\ No newline at end of file
+{"version":3,"file":"manifest_CppTCdw4.mjs","sources":["../../../../node_modules/astro/dist/core/middleware/noop-middleware.js","../../../../node_modules/astro/dist/actions/runtime/virtual/shared.js","../../../../node_modules/astro/dist/core/routing/manifest/generator.js","../../../../node_modules/astro/dist/core/routing/manifest/serialization.js","../../../../node_modules/astro/dist/core/app/common.js"],"sourcesContent":["const NOOP_MIDDLEWARE_FN = (_, next) => next();\nexport {\n NOOP_MIDDLEWARE_FN\n};\n","import { parse as devalueParse, stringify as devalueStringify } from \"devalue\";\nimport { REDIRECT_STATUS_CODES } from \"../../../core/constants.js\";\nimport { ActionsReturnedInvalidDataError } from \"../../../core/errors/errors-data.js\";\nimport { AstroError } from \"../../../core/errors/errors.js\";\nimport { ACTION_QUERY_PARAMS as _ACTION_QUERY_PARAMS } from \"../../consts.js\";\nconst ACTION_QUERY_PARAMS = _ACTION_QUERY_PARAMS;\nconst ACTION_ERROR_CODES = [\n \"BAD_REQUEST\",\n \"UNAUTHORIZED\",\n \"FORBIDDEN\",\n \"NOT_FOUND\",\n \"TIMEOUT\",\n \"CONFLICT\",\n \"PRECONDITION_FAILED\",\n \"PAYLOAD_TOO_LARGE\",\n \"UNSUPPORTED_MEDIA_TYPE\",\n \"UNPROCESSABLE_CONTENT\",\n \"TOO_MANY_REQUESTS\",\n \"CLIENT_CLOSED_REQUEST\",\n \"INTERNAL_SERVER_ERROR\"\n];\nconst codeToStatusMap = {\n // Implemented from tRPC error code table\n // https://trpc.io/docs/server/error-handling#error-codes\n BAD_REQUEST: 400,\n UNAUTHORIZED: 401,\n FORBIDDEN: 403,\n NOT_FOUND: 404,\n TIMEOUT: 405,\n CONFLICT: 409,\n PRECONDITION_FAILED: 412,\n PAYLOAD_TOO_LARGE: 413,\n UNSUPPORTED_MEDIA_TYPE: 415,\n UNPROCESSABLE_CONTENT: 422,\n TOO_MANY_REQUESTS: 429,\n CLIENT_CLOSED_REQUEST: 499,\n INTERNAL_SERVER_ERROR: 500\n};\nconst statusToCodeMap = Object.entries(codeToStatusMap).reduce(\n // reverse the key-value pairs\n (acc, [key, value]) => ({ ...acc, [value]: key }),\n {}\n);\nclass ActionError extends Error {\n type = \"AstroActionError\";\n code = \"INTERNAL_SERVER_ERROR\";\n status = 500;\n constructor(params) {\n super(params.message);\n this.code = params.code;\n this.status = ActionError.codeToStatus(params.code);\n if (params.stack) {\n this.stack = params.stack;\n }\n }\n static codeToStatus(code) {\n return codeToStatusMap[code];\n }\n static statusToCode(status) {\n return statusToCodeMap[status] ?? \"INTERNAL_SERVER_ERROR\";\n }\n static fromJson(body) {\n if (isInputError(body)) {\n return new ActionInputError(body.issues);\n }\n if (isActionError(body)) {\n return new ActionError(body);\n }\n return new ActionError({\n code: \"INTERNAL_SERVER_ERROR\"\n });\n }\n}\nfunction isActionError(error) {\n return typeof error === \"object\" && error != null && \"type\" in error && error.type === \"AstroActionError\";\n}\nfunction isInputError(error) {\n return typeof error === \"object\" && error != null && \"type\" in error && error.type === \"AstroActionInputError\" && \"issues\" in error && Array.isArray(error.issues);\n}\nclass ActionInputError extends ActionError {\n type = \"AstroActionInputError\";\n // We don't expose all ZodError properties.\n // Not all properties will serialize from server to client,\n // and we don't want to import the full ZodError object into the client.\n issues;\n fields;\n constructor(issues) {\n super({\n message: `Failed to validate: ${JSON.stringify(issues, null, 2)}`,\n code: \"BAD_REQUEST\"\n });\n this.issues = issues;\n this.fields = {};\n for (const issue of issues) {\n if (issue.path.length > 0) {\n const key = issue.path[0].toString();\n this.fields[key] ??= [];\n this.fields[key]?.push(issue.message);\n }\n }\n }\n}\nasync function callSafely(handler) {\n try {\n const data = await handler();\n return { data, error: void 0 };\n } catch (e) {\n if (e instanceof ActionError) {\n return { data: void 0, error: e };\n }\n return {\n data: void 0,\n error: new ActionError({\n message: e instanceof Error ? e.message : \"Unknown error\",\n code: \"INTERNAL_SERVER_ERROR\"\n })\n };\n }\n}\nfunction getActionQueryString(name) {\n const searchParams = new URLSearchParams({ [_ACTION_QUERY_PARAMS.actionName]: name });\n return `?${searchParams.toString()}`;\n}\nfunction serializeActionResult(res) {\n if (res.error) {\n if (import.meta.env?.DEV) {\n actionResultErrorStack.set(res.error.stack);\n }\n return {\n type: \"error\",\n status: res.error.status,\n contentType: \"application/json\",\n body: JSON.stringify({\n ...res.error,\n message: res.error.message\n })\n };\n }\n if (res.data === void 0) {\n return {\n type: \"empty\",\n status: 204\n };\n }\n let body;\n try {\n body = devalueStringify(res.data, {\n // Add support for URL objects\n URL: (value) => value instanceof URL && value.href\n });\n } catch (e) {\n let hint = ActionsReturnedInvalidDataError.hint;\n if (res.data instanceof Response) {\n hint = REDIRECT_STATUS_CODES.includes(res.data.status) ? \"If you need to redirect when the action succeeds, trigger a redirect where the action is called. See the Actions guide for server and client redirect examples: https://docs.astro.build/en/guides/actions.\" : \"If you need to return a Response object, try using a server endpoint instead. See https://docs.astro.build/en/guides/endpoints/#server-endpoints-api-routes\";\n }\n throw new AstroError({\n ...ActionsReturnedInvalidDataError,\n message: ActionsReturnedInvalidDataError.message(String(e)),\n hint\n });\n }\n return {\n type: \"data\",\n status: 200,\n contentType: \"application/json+devalue\",\n body\n };\n}\nfunction deserializeActionResult(res) {\n if (res.type === \"error\") {\n let json;\n try {\n json = JSON.parse(res.body);\n } catch {\n return {\n data: void 0,\n error: new ActionError({\n message: res.body,\n code: \"INTERNAL_SERVER_ERROR\"\n })\n };\n }\n if (import.meta.env?.PROD) {\n return { error: ActionError.fromJson(json), data: void 0 };\n } else {\n const error = ActionError.fromJson(json);\n error.stack = actionResultErrorStack.get();\n return {\n error,\n data: void 0\n };\n }\n }\n if (res.type === \"empty\") {\n return { data: void 0, error: void 0 };\n }\n return {\n data: devalueParse(res.body, {\n URL: (href) => new URL(href)\n }),\n error: void 0\n };\n}\nconst actionResultErrorStack = /* @__PURE__ */ function actionResultErrorStackFn() {\n let errorStack;\n return {\n set(stack) {\n errorStack = stack;\n },\n get() {\n return errorStack;\n }\n };\n}();\nexport {\n ACTION_ERROR_CODES,\n ACTION_QUERY_PARAMS,\n ActionError,\n ActionInputError,\n callSafely,\n deserializeActionResult,\n getActionQueryString,\n isActionError,\n isInputError,\n serializeActionResult\n};\n","function sanitizeParams(params) {\n return Object.fromEntries(\n Object.entries(params).map(([key, value]) => {\n if (typeof value === \"string\") {\n return [key, value.normalize().replace(/#/g, \"%23\").replace(/\\?/g, \"%3F\")];\n }\n return [key, value];\n })\n );\n}\nfunction getParameter(part, params) {\n if (part.spread) {\n return params[part.content.slice(3)] || \"\";\n }\n if (part.dynamic) {\n if (!params[part.content]) {\n throw new TypeError(`Missing parameter: ${part.content}`);\n }\n return params[part.content];\n }\n return part.content.normalize().replace(/\\?/g, \"%3F\").replace(/#/g, \"%23\").replace(/%5B/g, \"[\").replace(/%5D/g, \"]\");\n}\nfunction getSegment(segment, params) {\n const segmentPath = segment.map((part) => getParameter(part, params)).join(\"\");\n return segmentPath ? \"/\" + segmentPath : \"\";\n}\nfunction getRouteGenerator(segments, addTrailingSlash) {\n return (params) => {\n const sanitizedParams = sanitizeParams(params);\n let trailing = \"\";\n if (addTrailingSlash === \"always\" && segments.length) {\n trailing = \"/\";\n }\n const path = segments.map((segment) => getSegment(segment, sanitizedParams)).join(\"\") + trailing;\n return path || \"/\";\n };\n}\nexport {\n getRouteGenerator\n};\n","import { getRouteGenerator } from \"./generator.js\";\nfunction serializeRouteData(routeData, trailingSlash) {\n return {\n ...routeData,\n generate: void 0,\n pattern: routeData.pattern.source,\n redirectRoute: routeData.redirectRoute ? serializeRouteData(routeData.redirectRoute, trailingSlash) : void 0,\n fallbackRoutes: routeData.fallbackRoutes.map((fallbackRoute) => {\n return serializeRouteData(fallbackRoute, trailingSlash);\n }),\n _meta: { trailingSlash }\n };\n}\nfunction deserializeRouteData(rawRouteData) {\n return {\n route: rawRouteData.route,\n type: rawRouteData.type,\n pattern: new RegExp(rawRouteData.pattern),\n params: rawRouteData.params,\n component: rawRouteData.component,\n generate: getRouteGenerator(rawRouteData.segments, rawRouteData._meta.trailingSlash),\n pathname: rawRouteData.pathname || void 0,\n segments: rawRouteData.segments,\n prerender: rawRouteData.prerender,\n redirect: rawRouteData.redirect,\n redirectRoute: rawRouteData.redirectRoute ? deserializeRouteData(rawRouteData.redirectRoute) : void 0,\n fallbackRoutes: rawRouteData.fallbackRoutes.map((fallback) => {\n return deserializeRouteData(fallback);\n }),\n isIndex: rawRouteData.isIndex\n };\n}\nexport {\n deserializeRouteData,\n serializeRouteData\n};\n","import { decodeKey } from \"../encryption.js\";\nimport { NOOP_MIDDLEWARE_FN } from \"../middleware/noop-middleware.js\";\nimport { deserializeRouteData } from \"../routing/manifest/serialization.js\";\nfunction deserializeManifest(serializedManifest) {\n const routes = [];\n for (const serializedRoute of serializedManifest.routes) {\n routes.push({\n ...serializedRoute,\n routeData: deserializeRouteData(serializedRoute.routeData)\n });\n const route = serializedRoute;\n route.routeData = deserializeRouteData(serializedRoute.routeData);\n }\n const assets = new Set(serializedManifest.assets);\n const componentMetadata = new Map(serializedManifest.componentMetadata);\n const inlinedScripts = new Map(serializedManifest.inlinedScripts);\n const clientDirectives = new Map(serializedManifest.clientDirectives);\n const serverIslandNameMap = new Map(serializedManifest.serverIslandNameMap);\n const key = decodeKey(serializedManifest.key);\n return {\n // in case user middleware exists, this no-op middleware will be reassigned (see plugin-ssr.ts)\n middleware() {\n return { onRequest: NOOP_MIDDLEWARE_FN };\n },\n ...serializedManifest,\n assets,\n componentMetadata,\n inlinedScripts,\n clientDirectives,\n routes,\n serverIslandNameMap,\n key\n };\n}\nexport {\n deserializeManifest\n};\n"],"names":[],"mappings":";;;;;;;;AAAA,MAAM,kBAAkB,GAAG,CAAC,CAAC,EAAE,IAAI,KAAK,IAAI,EAAE;;ACqB9C,MAAM,eAAkB,GAAA;AAAA;AAAA;AAAA,EAGtB,WAAa,EAAA,GAAA;AAAA,EACb,YAAc,EAAA,GAAA;AAAA,EACd,SAAW,EAAA,GAAA;AAAA,EACX,SAAW,EAAA,GAAA;AAAA,EACX,OAAS,EAAA,GAAA;AAAA,EACT,QAAU,EAAA,GAAA;AAAA,EACV,mBAAqB,EAAA,GAAA;AAAA,EACrB,iBAAmB,EAAA,GAAA;AAAA,EACnB,sBAAwB,EAAA,GAAA;AAAA,EACxB,qBAAuB,EAAA,GAAA;AAAA,EACvB,iBAAmB,EAAA,GAAA;AAAA,EACnB,qBAAuB,EAAA,GAAA;AAAA,EACvB,qBAAuB,EAAA,GAAA;AACzB,CAAA,CAAA;AACwB,MAAA,CAAO,OAAQ,CAAA,eAAe,CAAE,CAAA,MAAA;AAAA;AAAA,EAEtD,CAAC,GAAA,EAAK,CAAC,GAAA,EAAK,KAAK,CAAA,MAAO,EAAE,GAAG,GAAK,EAAA,CAAC,KAAK,GAAG,GAAI,EAAA,CAAA;AAAA,EAC/C,EAAC;AACH;;AC1CA,SAAS,cAAc,CAAC,MAAM,EAAE;AAChC,EAAE,OAAO,MAAM,CAAC,WAAW;AAC3B,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK;AACjD,MAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AACrC,QAAQ,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AACnF,OAAO;AACP,MAAM,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC1B,KAAK,CAAC;AACN,GAAG,CAAC;AACJ,CAAC;AACD,SAAS,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE;AACpC,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE;AACnB,IAAI,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC/C,GAAG;AACH,EAAE,IAAI,IAAI,CAAC,OAAO,EAAE;AACpB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;AAC/B,MAAM,MAAM,IAAI,SAAS,CAAC,CAAC,mBAAmB,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAChE,KAAK;AACL,IAAI,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAChC,GAAG;AACH,EAAE,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AACvH,CAAC;AACD,SAAS,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE;AACrC,EAAE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACjF,EAAE,OAAO,WAAW,GAAG,GAAG,GAAG,WAAW,GAAG,EAAE,CAAC;AAC9C,CAAC;AACD,SAAS,iBAAiB,CAAC,QAAQ,EAAE,gBAAgB,EAAE;AACvD,EAAE,OAAO,CAAC,MAAM,KAAK;AACrB,IAAI,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACnD,IAAI,IAAI,QAAQ,GAAG,EAAE,CAAC;AACtB,IAAI,IAAI,gBAAgB,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,EAAE;AAC1D,MAAM,QAAQ,GAAG,GAAG,CAAC;AACrB,KAAK;AACL,IAAI,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC;AACrG,IAAI,OAAO,IAAI,IAAI,GAAG,CAAC;AACvB,GAAG,CAAC;AACJ;;ACvBA,SAAS,oBAAoB,CAAC,YAAY,EAAE;AAC5C,EAAE,OAAO;AACT,IAAI,KAAK,EAAE,YAAY,CAAC,KAAK;AAC7B,IAAI,IAAI,EAAE,YAAY,CAAC,IAAI;AAC3B,IAAI,OAAO,EAAE,IAAI,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC;AAC7C,IAAI,MAAM,EAAE,YAAY,CAAC,MAAM;AAC/B,IAAI,SAAS,EAAE,YAAY,CAAC,SAAS;AACrC,IAAI,QAAQ,EAAE,iBAAiB,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC;AACxF,IAAI,QAAQ,EAAE,YAAY,CAAC,QAAQ,IAAI,KAAK,CAAC;AAC7C,IAAI,QAAQ,EAAE,YAAY,CAAC,QAAQ;AACnC,IAAI,SAAS,EAAE,YAAY,CAAC,SAAS;AACrC,IAAI,QAAQ,EAAE,YAAY,CAAC,QAAQ;AACnC,IAAI,aAAa,EAAE,YAAY,CAAC,aAAa,GAAG,oBAAoB,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC;AACzG,IAAI,cAAc,EAAE,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK;AAClE,MAAM,OAAO,oBAAoB,CAAC,QAAQ,CAAC,CAAC;AAC5C,KAAK,CAAC;AACN,IAAI,OAAO,EAAE,YAAY,CAAC,OAAO;AACjC,GAAG,CAAC;AACJ;;AC5BA,SAAS,mBAAmB,CAAC,kBAAkB,EAAE;AACjD,EAAE,MAAM,MAAM,GAAG,EAAE,CAAC;AACpB,EAAE,KAAK,MAAM,eAAe,IAAI,kBAAkB,CAAC,MAAM,EAAE;AAC3D,IAAI,MAAM,CAAC,IAAI,CAAC;AAChB,MAAM,GAAG,eAAe;AACxB,MAAM,SAAS,EAAE,oBAAoB,CAAC,eAAe,CAAC,SAAS,CAAC;AAChE,KAAK,CAAC,CAAC;AACP,IAAI,MAAM,KAAK,GAAG,eAAe,CAAC;AAClC,IAAI,KAAK,CAAC,SAAS,GAAG,oBAAoB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;AACtE,GAAG;AACH,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACpD,EAAE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;AAC1E,EAAE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC;AACpE,EAAE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;AACxE,EAAE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;AAC9E,EAAE,MAAM,GAAG,GAAG,SAAS,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;AAChD,EAAE,OAAO;AACT;AACA,IAAI,UAAU,GAAG;AACjB,MAAM,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC;AAC/C,KAAK;AACL,IAAI,GAAG,kBAAkB;AACzB,IAAI,MAAM;AACV,IAAI,iBAAiB;AACrB,IAAI,cAAc;AAClB,IAAI,gBAAgB;AACpB,IAAI,MAAM;AACV,IAAI,mBAAmB;AACvB,IAAI,GAAG;AACP,GAAG,CAAC;AACJ;;;;;;","x_google_ignoreList":[0,1,2,3,4]}
\ No newline at end of file
diff --git a/astro.config.ts b/astro.config.ts
index 4c35412a..0a304121 100644
--- a/astro.config.ts
+++ b/astro.config.ts
@@ -7,6 +7,9 @@ export default (await import("astro/config")).defineConfig({
site: "HTTPS://PlayForm.Cloud",
compressHTML: true,
prefetch: true,
+ build: {
+ concurrency: 9999
+ },
integrations: [
// @ts-ignore
import.meta.env.MODE === "production"
☁️ Cloud —