Privacy Policy

Last updated: 2023-10-25

This privacy policy (“Privacy Policy”) informs you about the data processing carried out by Games for a Living for the users (“Users”) who visit the website, and who, if applicable, register (hereinafter, the “Website” or the “Site”). Games for a Living values your trust as a User and your privacy, and therefore explains below how your data is treated. If you have any questions or want to receive more information in this regard, you can write to Games for a Living at dpo@gfal.com

Who is responsible for processing your data?

The data controller is the one who decides the purpose for which your personal data is used, in this case, G4AL ENTERTAINMENT, S.L (“Games for a Living”) with tax identification number B16753725 and registered office at Morales 31, Entresuelo 1, 08029 Barcelona, Spain.

You can contact the Data Protection Officer (“DPO”) of Games for a Living at the following email address: dpo@gfal.com

What data is processed at Games for a Living?

Personal data (“Data”) is any information about an identified or identifiable natural person (the “Data Subject” or “Data Owner”). The personal data processed by Games for a Living comes from the information that you, as a User, provide us when filling out the forms found on the Website, when browsing the Website, when registering for our programs and/or making purchases through the website, and/or when sending us your inquiries or requests for information. The Wallet you create on the GFAL Platform will provide us with your Wallet Address, your email address, and metadata related to Wallet creation and recovery mechanisms, including:

Password encryption metadata (e.g., hash representations for secure storage).
Recovery kit details (used for fallback access, without storing the actual recovery kit).
Linked social login information (Google or Apple accounts) to enhance encryption layers for Wallet recovery.

In each form, Games for a Living indicates the contact information that is mandatory to be able to respond to your inquiry or request with an asterisk. Data that is not marked as mandatory through an asterisk is completely optional. Only the necessary data for each purpose is collected. Please note that if you do not provide the mandatory information, Games for a Living may not be able to respond to your inquiry or request or manage the processing.

Specifically, we process the following information about you:

Communication data: email address.
Public address of the User’s Wallet and encryption metadata (user’s hashed password).
Recovery kit usage metadata (e.g., logs of recovery attempts without storing actual recovery keys).
Social login metadata (Google or Apple) used to enhance encryption for Wallet recovery.
Browsing data: IP address, domain name, unique device identifier, browser fingerprint, device fingerprint, and cookie IDs if configured in your browser.
Usage data: actions taken on the platform, Wallet creation and recovery events, and other similar data.

To access some of the services that G4AL Entertainment, S.L offers through its website, you will need to provide some personal data. In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, we inform you that by filling out these forms, your personal data will be incorporated and processed in the files of G4AL Entertainment, S.L. The purpose of this is to provide and offer you our services, as well as to inform you of improvements to the website.

What is the purpose of Games for a Living processing your data?

Games for a living will process your Data for the following purposes:

CONTACT. If you contact Games for a Living through the channels enabled for this purpose, by email or any other means made available to you, Games for a Living will use the contact data and the details you provide to properly address your queries or requests, which includes the possibility of contacting you through different means and sending them to the corresponding managers so that they can give you an answer.
IDENTIFICATION DATA. To be able to access the Services, your identification data will be requested, and if applicable, a photograph. The purpose is to be able to provide a Wallet and for us to comply with the applicable regulations.
NAVIGATION THROUGH OUR WEBSITE. Through the use of cookies and other technologies, Games for a Living can measure and analyze navigation traffic, usability, and your experience as a User on the Website statistically. The installation and use of cookies depend on the configuration you make both in the cookie banner and through your browser.
DIGITAL ASSETS TRANSACTIONS, BALANCE VIEWING, AND WALLET MANAGEMENT. When you register as a user, your Wallet Address, encryption metadata, and optional recovery details will be processed to:
• Facilitate Digital Asset transfers (e.g., $GFAL Tokens and Collectibles) and show balances in your Wallet.
• Enable secure Wallet creation, encryption, and recovery via password, recovery kit, and/or linked social logins (Google and Apple).
• Provide disaster recovery Wallet functionality through Web3Auth.
TOKEN PURCHASE ($GFAL). To be able to acquire $GFAL on our platform, we will process the data of your bank card in order to formalize the agreement and provide the service.
PLATFORM IMPROVEMENT. In order to improve the service, detect possible technical problems, carry out statistical analyses and improve the User experience.

What is the legitimacy for the processing of your data?

The legal basis for sending commercial communications when you subscribe to the newsletter and for contact with Games for a Living is the company’s legitimate interest, unless you revoke your consent given through registration in the corresponding forms, at any time proceeding as indicated below: free of charge and without the need to provide any justification, you can request not to receive commercial communications by sending us an email to dpo@gfal.com mentioning “opt-out” in the subject of your email.

Alternatively, you can use the voluntary opt-out procedure provided in any promotional message you receive from us.

Please note that opting not to receive promotional messages from us will not prevent you from receiving information related to any contract you have entered into with us.

Likewise, the processing of your data when you contact Games for a Living may be based on the execution of pre-contractual measures or on the legitimate interest of Games For a Living in addressing the inquiry.

The legal basis for the processing of your identification data will be compliance with Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism.

The legal basis for the processing of your data in relation to browsing the Web is the consent you give when you accept the installation of cookies, and that you can revoke or configure at any time through the settings panel. You can find more information about the use of cookies in the Cookie Policy of Games for a Living.

The legal basis for being able to treat your Wallet address and the associated email, as well as the bank card number, is the achievement of the contract agreed by the Parties the legitimate interest of Games for a Living to process your data to provide the requested services. That is, to comply with the contract between you and us, and to ensure the security and confidentiality of transactions and information related to Digital Assets.

The legal basis for the purposes of improving the platform is the legitimate interest of the company in improving the platform and the user experience, as well as early detection of technical incidents and their resolution.

The legal basis for marketing purposes and non-mandatory Cookies will be your express consent, which you can revoke at any time:

It will also be necessary, as indicated in the previous section 3, your consent for the use of your data collected through non-mandatory Cookies as indicated in the Cookie Policy. This will be obtained, where appropriate, through the Cookie banner at the start of the Website and/or through the Cookie Settings.

How long are your data kept?

Your data will be kept for the necessary period to fulfill the purpose for which it was collected, specifically:

Regarding the data you provide to Games for a Living for inquiries, requests, or contacting Games for a Living, we will process the data for as long as necessary to respond to your inquiry or request and/or grant you access to the services, as well as, if applicable, for the time necessary to address any claims or queries from you.

Regarding the sending of communications, the data will be processed until you revoke your consent, object to the processing, and/or request the deletion of your personal data, for a maximum period of two years.
Regarding your Wallet Address, email address, encryption metadata, and identification data, we will process the data for the duration of your use of our platform and retain it for the necessary period to comply with legal or regulatory requirements. Encryption metadata related to Wallet recovery (e.g., password hash or recovery kit metadata) will also be retained for as long as your Wallet is active on the GFAL Platform.

Once the data is no longer necessary for the purpose for which it was processed, it will be kept blocked solely for the purpose of addressing any liability or obligations that may arise from the processing, in accordance with the legally established deadlines.

To which recipients will your data be communicated?

Your data may be communicated to third-party service providers who provide a service to Games for a Living in order for the latter to carry out its activities, such as IT tools, technical support services, payment providers, financial services, etc.

Some of the mentioned providers may have processing and/or support centers located outside the European Economic Area (EEA). Games for a Living guarantees that, when your data may leave the EEA, it will maintain the same level of protection based on compliance with the provisions of European data protection regulations. In this regard, international transfers of data will be carried out (i) to countries with an adequate level of protection declared by the European Commission, (ii) based on the provision of adequate safeguards (standard contractual clauses or binding corporate rules), or (iii) based on the authorization of the competent supervisory authority or other situations provided for in the regulations.

To receive more information about international transfers of data or to obtain confirmation or a copy of the safeguards used, you can contact Games for a Living at the address dpo@gfal.com.

In cases where it is necessary to comply with Games for a Living’s legal obligations, the data may be disclosed to public administration and law enforcement authorities.

Registration and monitoring of corporate accounts on web social networks

In the case of the profiles maintained by Games for a Living on different social media platforms linked from this Website, for example, through plugins or third-party applications, your data may be subject to the privacy policies of the owners of those social media platforms.

The use of these connectors is voluntary. If you choose to use them, you will be authorizing the communication of your personal data (IP address, browsing data) to the respective social media platforms, and Games for a Living will not be responsible for any further processing that they may carry out with your data. Games for a Living recommends that you review the terms and conditions of use of those platforms prior to interacting with Games for a Living profiles on social media.

The profiles on social media platforms linked from this Website have been created to provide you with better insight into our activities and offer different communication channels for individuals interested in our organization and the services we provide.

If you choose to link your Wallet to Google or Apple accounts for recovery purposes, Games for a Living will process social login metadata (e.g., account identifier) to enable this functionality. These accounts are subject to their respective privacy policies, and Games for a Living recommends reviewing these policies before enabling social login integration.

Security Measures

Games for a Living places special emphasis on ensuring the security of your personal data. For Wallets, this includes:

Encryption of private keys using your password and optional recovery kits.
Secure storage of encryption metadata within GFAL systems.
Use of HTTPS data encryption protocols for all website communications.
Collaboration with Web3Auth, Google, and Apple to enhance Wallet recovery security through AES GCM encryption.
GFAL does not store private keys directly and ensures that only hashed or encrypted representations are maintained within its systems.

Your data is stored in Games for a Living’s information systems, where security measures, both technical and organizational, have been implemented to prevent any loss or unauthorized use by third parties.

Which are your rights?

As the owner of your data, you have the right to request confirmation of whether your personal data is being processed and, if so, to access that data. You can also request the rectification of inaccurate data or, where appropriate, the erasure of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Under certain circumstances, you may request the restriction of the processing of your data, in which case we will only retain the data for the exercise of legal actions or defense against claims.

You can revoke your consent at any time. Once the revocation is exercised, which will not have retroactive effect unless required by law, your data may be kept blocked during the prescription periods established by applicable regulations.

Please note that you also have the right to object to the processing of your data, particularly with regard to commercial communications. In this case, Games for a Living will not process your data unless there are compelling legitimate grounds or for the exercise or defense of possible claims.

To exercise these rights, please write to the Games for a Living Data Protection Officer (DPO), attaching a copy of an identification document, at the following email address: dpo@gfal.com. To help process your request, please indicate “Data Protection” in the subject line.

If you have any questions regarding the exercise of your rights, before contacting the supervisory authority, Games for a Living reminds you that you can directly consult the DPO of Games for a Living, who will try to assist you in the best possible way.

Finally, Games for a Living reminds you that you have the right to lodge a complaint with the competent data protection authority (in Spain, www.aepd.es) if you become aware of or believe that there has been a breach of the applicable data protection regulations.

Use of the Blockchain

The investment made in available cryptocurrencies through the Website will be recorded on the corresponding public blockchain. In addition, Wallet creation and recovery events are processed using encryption and recovery mechanisms managed by GFAL and third-party providers. While GFAL ensures the secure management of encryption metadata, risks include:

The possibility of losing access to the Wallet if the login credentials are lost or compromised.
Dependency on third-party services (Google, Apple, Web3Auth) for Wallet recovery, which are governed by their respective privacy policies.
The immutable nature of public blockchains, where personal data linked to blockchain transactions cannot be deleted or modified.

Public blockchains function as immutable ledgers designed to record transactions in computer system networks. Many of these public blockchains allow for forensic analysis, which can lead to the de-anonymization and unintentional disclosure of private financial information, especially when blockchain data is combined with other data.

Since blockchains are decentralized or third-party networks that are not controlled or operated by GFAL, we cannot delete, modify, or alter personal data recorded on the blockchain for the provision of the service.

Third-Party providers

We use various third-party services to help us operate our service, provide services on our behalf, or assist us in understanding how our service is used. These third parties can access your data only to perform specific tasks for us and are obligated not to disclose or use it for other purposes. Below are the third-party service providers we use:

ReCaptcha by Google: Employed for spam prevention and platform security.
Google Services: Used for analytics and platform optimization. Privacy Policy available at: https://policies.google.com/privacy
Google Tag Manager: Utilized for website tracking tags. Privacy Policy available at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
Web3Auth: Used to provide disaster recovery Wallets via passwordless email authentication. Privacy Policy available at: https://web3auth.io/docs/legal/privacy-policy
Google Services: Used for social login encryption layers for Wallet recovery. Privacy Policy available at: https://policies.google.com/privacy
Apple: Used for social login encryption layers for Wallet recovery. Privacy Policy available at: https://www.apple.com/legal/privacy/
Ramp.network: Used to buy and sell GFAL tokens directly from the web. Privacy policy available at: https://ramp.network/privacy-policy
OpenFort: Used as our blockchain account abstraction provider. Privacy Policy available at: https://openfort.xyz/privacy
Au10Tix: Used for identity verification services. Privacy Policy available at: https://au10tix.com/privacy-notice/
Helpshift: Used to offer customer support. Privacy Policy available at: https://helpshift.com/legal/privacy/
IPInfo: Used to retrieve localization information of the user’s requests. https://ipinfo.io/privacy-policy

For detailed information on the privacy practices of these third-party providers, we recommend visiting their respective privacy policy websites.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_KNFMZPPMYF	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.