Privacy Policy of REBEL RUN
Creon FZC (referred to as "we" and "our" and "us") understands and respects your desire to maintain your privacy. It is our priority to maintain your privacy in all of your dealings with us, including through your use of the Rebel Run app (“App”).
We may in the course of providing our services to you be required to collect your personal information.
This Privacy Policy is intended to explain how we and our related entities will collect your personal information and protect your privacy.
We are headquartered in the UAQ Free Trade Zone Authority and our services are provided to you by us. This policy was written in English. To the extent a translated version conflicts with the English version, the English version controls.
Unless indicated otherwise, this Privacy Policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through our services.
We will always act in accordance with the General Data Protection Regulation (“GDPR”) when dealing with your personal information. As a global business, we also comply with various jurisdiction-specific privacy provisions outlined in this Privacy Policy.

What information is covered under this policy?
This Privacy Policy covers your personal information. Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. All personal information received in connection with our business is subject to strict rules of confidentiality.
Common examples include your name, username, password, IP address, unique device identifiers, gender, signature, address, telephone number, email, date of birth, bank account and digital wallet details, billing and credit or debit card details, photos and videos of you, other identification credentials and biographical details, and commentary or opinions about you.

Personal information that we may collect from you
We may collect some or all of the following types of personal information:

1. information that you give us through your dealings with us;
2. information that we may collect from you; and
3. information that we may receive from you from other third party sources.

By agreeing to this Privacy Policy, you consent to the fact that you are aware that we are collecting your personal information and disclosing it as required by us and in accordance with the General Data Protection Regulation (“GDPR”).

How personal information is collected
"Personal information" is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For the purposes of this Privacy Policy, there is no meaningful distinction between the terms "personal information" and "personal data".
You may choose not to provide some of the personal information described above. Please note, however, that some of our services require some personal information to operate, so if you choose not to provide the personal information necessary to operate and provide you with a particular service or feature of that service, you may not be able to use that service or feature.

Information that you give us
We may collect your personal information directly from our contact with you. This may include by you completing forms or parts of our website, Social Media, App and/or other software and/or mobile applications, by you providing us with consent to access personal information such as photographs, videos or photo albums, by you providing us with consent to access the microphone and/or camera on your device, or by you contacting us via the email, telephone, through Social Media and other similar functions either directly through our website or the App or through third party host websites, in person, through various marketing channels or competitions either directly through our website or the App or through third party host websites, and surveys.
You understand that any personal information that you provide to us must be accurate and up to date. We will assume this to be the case.

Information that we collect about you
In this Privacy Policy "Social Media" means social media networking sites of any kind or nature including but not limited to web or internet based or mobile telephonic devices or medium such as facebook, twitter, Instagram and LinkedIn which enable the creation and exchange of user generated content.
Our website, Social Media, App and/or other software and/or mobile applications may automatically collect the following information about you each time you visit or otherwise use our website, Social Media, App and/or other software and/or mobile applications:

1. technical information including but not limited to the Internet Protocol Address used to connect your device to the internet, the internet browser and version that you are using when accessing our website, Social Media, App or other software and/or mobile applications, any additional plug-ins that you are using, and your device's operating system and platform; and
2. information about the time and date you accessed our website, Social Media, App or other software and/or mobile applications, and what you accessed on our website, Social Media, App or other software and/or mobile applications. This includes links that you clicked on, what content you accessed, how long you accessed that content for, whether you downloaded any content, whether supplied by us or downloaded from a third party host, and how you navigated to and from our website, Social Media, App or other software and/or mobile applications to other sites, apps or other pages hosted by us.

How we use your personal information
You consent to the disclosure of your personal information to any of our related entities.
You consent to our collection of your personal information and disclosing it to third parties where necessary and for the purposes for which it was collected.
This may include:

1. providing our services;
2. where we collect or disclose information that is or relates to the Internet Protocol Address used to connect your device to the internet, for the purpose of fraud detection and management of the integrity of the game system and other services. This may include detecting when users are cheating the game system, and for handling accounts we suspect are stolen or have otherwise been compromised. This information helps us verify whether the account or associated assets belong to a particular user;
3. where information is or relates to system version information of your device, or the make and model of your device, for the purpose of our compatibility assessments with our software versions and other aspects of our services;
4. creating Leader boards of players, comprising all players or players meeting particular criteria;
5. operating the Rebel Run Marketplace;
6. investigating disputes between players;
7. using your personal information to provide you with information that you have requested from us, although we do not create a link between your user ID and your user email;
8. communicate with you, including to inform you of updates to the App, Rebel Run website, our Terms of Use and/or this Privacy Policy;
9. authenticating your financial account information or processing the transfer of digital assets;
10. authenticating your credit or debit card information;
11. using your personal information for marketing purposes to provide or offer services to you. This includes, but is not limited to, keeping you up to date with our latest news, events, special offers and promotion of our brand or other similar products that we think that you may be interested in. This includes both our direct marketing to you or another third party whom you have authorized us to disclose your personal information to;
12. notifying you about any changes to our products, website, App and/or other software and/or mobile applications, brand or services offered;
13. seeking your opinion and feedback on any of our services, including for the purposes of product improvement and customization, website/software improvement and personalization and other general services;
14. for consumer engagement and/or customer service purposes, including but not limited to identifying the effectiveness of advertising, allowing you to participate on website viral features such as sharing website content and other community features (for example, blogs);
15. analyzing the usage of, and improve our services;
16. for other general services such as website/software security, maintenance, identification of fraud or errors, internal accounting and administration, and for any other purpose that we are required or permitted to do by law; and managing our relationships with you and our other customers.

Certain of your personal data may be shared with other players of the App as part of the normal operation of our services. Additionally, we may, from time to time, expand or withdraw our business which may involve the transfer of certain of our divisions or assets to other parties, and the data we store and use, where relevant, may be transferred to such third parties. From time to time we may also transfer the data we store and use to locations outside the territory where GDPR takes effect, some of which may have different data protection laws to GDPR.
In addition we may utilize overseas IT services (including software, platforms and infrastructure), such as data storage facilities or other IT infrastructure. In such cases, we may own or control such overseas infrastructure or we may have entered into contractual arrangements with third party service providers to assist us with providing our services to you.
As we utilize cross border IT services and platforms which can be accessed from various countries via an internet connection, it is not always practicable to know where your information may be held.

Legal obligations to disclose
We may be required to disclose your personal information for the purposes for which it was collected and also subject to our legal obligations:

1. as required by law;
2. to any person where necessary or desirable in connection with our provision of services; and
3. on a confidential basis to our external service providers and advisors.

To be clear, you consent to our disclosure of your personal information to any of our business partners, suppliers, subcontractors or the like, advertisers and other advertising networks, analytics and search engine providers and other third parties provided the disclosure of your personal information is for the purpose or ancillary to the services that we or these third parties offer you and for the purposes the information was originally collected.
We may share your information with other third party business partners for their own marketing purposes. These third parties include online advertisers or ad tech companies, who may provide you with targeted advertising and marketing communications, where permitted under law. The information we share includes information collected through your use of our services and information we collect about you through the use of cookies and similar technologies.
You understand that we are authorized to disclose your personal information to third parties if we buy or sell any business or assets, including our business, if we are under a duty to disclose your information, or if the disclosure of your personal information is necessary for us to conduct an investigation into any unlawful activity that we know or suspect has or may be engaged in.
You consent to the disclosure of all information necessary for our company to comply with any relevant reporting obligations (if any). We will take all reasonable steps to ensure that any overseas recipient of your personal information does not willingly or knowingly breach the GDPR in relation to your personal information.

How we store your personal information
We maintain commercially reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
When your credit or debit card account, financial account or digital wallet information is being transmitted to our services or through our services, it will be protected by cryptographic protocols. To be clear, we do not ourselves store your credit or debit card account information, and we do not have direct control over or responsibility for your credit or debit card account information. We may use third party payment processors that are the controllers of your information. Our contracts with third parties that receive your information require them to keep it secure and confidential.
However, we cannot guarantee that transmissions of your information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third party service providers. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third party access, or other causes beyond our control.
We will only keep your information for as long as reasonably necessary to fulfill the purposes for which your personal information was originally collected.
We will delete your information after a reasonable time. You may be required to re-enter your personal information if it has been deleted.
We will take all reasonable steps and precautions to ensure that any transmission of your personal information via the internet is secure. However, we cannot guarantee the security of any data transmitted to our website and you agree and acknowledge that any such transmissions are at your own risk.
Once we receive your information, we take reasonable steps to protect your personal information. This may include storing any information on a secure server and employing strict procedures and security features to protect your personal information from any unauthorized recipients and to prevent unauthorized access to the same. We may also store your personal information in physical form.
All our employees with access to your information will be held to the confidentiality obligations as set out in this Privacy Policy.

Collections of your information using cookies and other tracking technologies
Our website and/or App and/or other mobile applications use "cookies". Cookies are small pieces of data sent from a website and stored in your web browser. These pieces of data will allow our website and/or App and/or other mobile applications to remember who you are and to obtain information from you which allows us to deliver you a better and more customized service.
As a result of our website and/or App and/or other mobile applications' use of cookies, we may collect information such as your IP address, online activity and your web browser details. Information that we will not collect or store includes your passwords or other sensitive information.
We will use both persistent cookies, which could remain on your device until their expiration (which can be, in some cases, up to 10 years), and session cookies, which are temporary files removed from your device once your browser is closed.
The types of cookies we may use include analytical and tracking cookies, which allow us to recognize and count the number of visitors and analyse use of the services, as well as to verify transactions, and advertising and re-targeting cookies, which allow us to generate appropriate advertising directed to you on our website as well as on the App.
If you enabled cookies when accessing our website and/or App and/or other mobile applications, we will take this as consent to our use of cookies and other technologies mentioned in our Privacy Policy.
Please note that you should also refer to our website's Terms of Use for further information on this issue.

Your rights
You have the right to request access to the personal information we hold about you by contacting us or our Privacy Officer by emailing privacy@creon.games or in writing at the following address: 07/1 One Uaq Building, Umm AI Quwain. 
If we cannot provide you with access, we will write to you and provide you with the reasons why we are unable to provide you with access.
If any personal information that we hold about you is inaccurate, incomplete or not up to date, you may write to us or our Privacy Officer and request that we correct the information at the above address.
You have the right to request that we do not disclose your personal information (for example, for marketing purposes). You can exercise your rights by unchecking the relevant check boxes on our website and/or App and/or other mobile applications when you provide us with your personal information, or by writing to us at the above address.
You may choose to opt out of receiving any further correspondence from us by writing to us at the above address or emailing us at the above email address.

Jurisdiction-specific provisions – Residents of the EEA and the United Kingdom
Through our website, Social Media, App and/or other software and/or mobile applications, we provide services to users throughout the world. We are primarily bound by the General Data Protection Regulation (“GDPR”) we will manage your personal information pursuant to these laws. In addition, as we process personal information of data subjects inside the European Economic Area (“EEA”) we are also bound by the California Consumer Privacy Act (“CCPA”).
The purpose of the following data protection information is to provide you with an understandable, transparent and concise explanation of how we intend to process your personal data in accordance with Articles 13 and 14 of the GDPR. However, should you require further explanations relating to our data protection or wish to exercise any of your rights, please do not hesitate to contact our Privacy Officer at privacy@creon.games
We recognize the below rights which you enjoy under the applicable data protection law with respect to your personal data:

• Right to be informed: You have the right to be informed about the collection and use of your personal data. This information is set out in the terms of our Privacy Policy.
• Right of access: You may request information from us at any time as to whether we have stored your personal data and which personal data it has stored. We are required to provide this information to you free of charge.
• Right to rectification: If your personal data stored by us is inaccurate or incomplete, you have the right to demand at any time that we correct the information.
• Right to erasure: You have the right to demand that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of your consent and you have opted to revoke your consent. In such cases, we must cease processing your personal data and remove that data from our IT systems and databases. You do not have a right to erasure if:
• The data may not be deleted due to a statutory obligation or must be processed due to a statutory obligation.
• The processing of data is necessary for the establishment, exercise or defence of legal claims.
• Right to restriction of processing: You have the right to demand that we restrict the processing of your personal data.
• Right to object to processing: If your data is processed by us on the basis of Article 6(1)(f) GDPR, you may object at any time to processing by us. You may assert any and all of the rights of data subjects described above against us by addressing your specific requests by contacting our Privacy Officer via privacy@creon.games
• Right to lodge a complaint with a data protection supervisory authority: Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.

Complaints
If you are concerned about a possible interference with your privacy or about the potential misuse of your personal information, please contact us at the above email address.
We take all complaints very seriously. It is our policy to handle complaints in a timely, effective, fair and consistent manner.

Privacy Policy updates
This Privacy Policy was last updated in December 2022.



Privacy policy (creon.games website)

1. Introduction
1.1. We are committed to safeguarding the privacy of our website visitors, service users, individual customers and customer personnel.
1.2. This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.
1.3. We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.
1.4. In this policy, "we", "us" and "our" refer to Creon FZC. For more information about us, see Section 12.

2. The personal data that we collect
2.1. In this Section 3 we have set out the general categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data.
2.2. We may process data enabling us to get in touch with you ("contact data"). The contact data may include your name, email address, telephone number, postal address and/or social media account identifiers. If you log into our website using a social media account, we will obtain elements of the contact data from the relevant social media account provider.
2.3. We may process your website user account data ("account data"). The account data may include your account identifier, name, email address, business name, account creation and modification dates, website settings and marketing preferences. If you log into our website using a social media account, we will obtain elements of the account data from the relevant social media account provider.
2.4. We may process information contained in or relating to any communication that you send to us or that we send to you ("communication data"). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
2.5. We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.

3. Purposes of processing and legal bases
3.1. In this Section 4, we have set out the purposes for which we may process personal data and the legal bases of the processing.
3.2. Operations - We may process your personal data for the purposes of operating our website, the processing and fulfilment of orders, providing our services, supplying our goods, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business.
3.3. Relationships and communications - We may process contact data, account data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of relationships, and the proper administration of our website, services and business.
3.4. Research and analysis - We may process usage data and/or transaction data for the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.
3.5. Record keeping - We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
3.6. Security - We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.
3.7. Insurance and risk management - We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
3.8. Legal claims - We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.9. Legal compliance and vital interests - We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

4. Providing your personal data to others
4.1. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
4.2. [Identify personal data category or categories] will be stored on the servers of our hosting services providers identified at https://www.creon.games/.
4.3. In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

5. Retaining and deleting personal data
5.1. This Section 6 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3. We will retain your personal data as follows:
(a) contact data will be retained for a minimum period of 1 year following the date of the most recent contact between you and us, and for a maximum period of 2 years following that date;
(b) account data will be retained for a minimum period of 1 year following the date of closure of the relevant account, and for a maximum period of 2 years following that date;
(c) communication data will be retained for a minimum period of 1 year following the date of the communication in question, and for a maximum period of 2 years following that date;
(d) usage data will be retained for 1 year following the date of collection.
5.4. Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6. Your rights
6.1. In this Section 7, we have listed the rights that you have under data protection law.
6.2. Your principal rights under data protection law are:
(a) the right to access - you can ask for copies of your personal data;
(b) the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
(c) the right to erasure - you can ask us to erase your personal data;
(d) the right to restrict processing - you can ask us to restrict the processing of your personal data;
(e) the right to object to processing - you can object to the processing of your personal data;
(f) the right to data portability - you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority - you can complain about our processing of your personal data;
(h) the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
6.3. These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices.
6.4. You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

7. About cookies
7.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
7.2. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.78.3 Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

8. Cookies that we use
8.1. We use cookies for the following purposes:
(a) authentication and status - we use cookies to identify you when you visit our website and as you navigate our website, and to help us determine if you are logged into our website;
(b) security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally (cookies used for this purpose are: [identify cookies]);
(c) analysis - we use cookies to help us to analyse the use and performance of our website and services (cookies used for this purpose are: [identify cookies]);
(d) cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.

9. Cookies used by our service providers
9.1. Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
9.2. We use Google Analytics. Google Analytics gathers information about the use of our website by means of cookies. The information gathered is used to create reports about the use of our website. You can find out more about Google's use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google's privacy policy at https://policies.google.com/privacy.
9.3. We use Yandex Metrics to collect information for our website optimisation. This service uses cookies for analytics. You can view the privacy policy of this service provider at https://yandex.ru/legal/rules/.

10. Managing cookies
10.1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(b) https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);
(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari);
(f) https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).
10.2. Blocking all cookies will have a negative impact upon the usability of many websites.

11. Amendments
11.1. We may update this policy from time to time by publishing a new version on our website.
11.2. You should check this page occasionally to ensure you are happy with any changes to this policy.

12. Our details
12.1. This website is owned and operated by Creon.Games.
12.2. We are registered in the United Arab Emirates under registration number 8556, and our registered office is at 507/1 One Uaq Building, Umm AI Quwain.
12.3. Our principal place of business is at 507/1 One Uaq Building, Umm AI Quwain.
12.4. You can contact us:
(a) using our website contact form;
(b) by email, using the email address published on our website.