Excitefunland

EXCITEFUNLAND
PRIVACY POLICY

1. SCOPE OF POLICY

At Cuthrough Holdings Limited (hereinafter referred to as the "Cuthrough", or "We", "Us", "Our"), we place great importance on safeguarding the privacy of Our Users. User term is defined in Our T&C. This document (hereinafter referred to as the "Policy") outlines the procedures, guidelines, and practices adopted for collecting, processing, and utilising personal data.
Ensuring confidentiality and security of Our Users' personal data is a fundamental priority. Therefore, the collection and handling of information related to Users of Our webpage, https://excitefunland.com/ (hereinafter referred to as the "Platform"), are kept to the necessary minimum to enable Us to provide high-quality services.

2. COMPLIANCE WITH GDPR

As stipulated under Regulation 2016/679 of the European Parliament and the Council (EU) of 27 April 2016 concerning the processing and free movement of personal data (commonly known as "GDPR"), We act as a Data Controller. This designation refers to an entity that independently or jointly determines the purposes and means of processing personal data.

3. DEFINITION OF PERSONAL DATA

Personal data comprises any information that enables Us to identify an individual User of the Platform, either directly or indirectly. The data collected is linked to the activities of Users.

4. PROCESSING OF PERSONAL DATA

Processing refers to any action taken on personal data, including collection, storage, modification, retrieval, use, dissemination, or erasure, whether performed manually or via automated means.

5. (PERSONAL) DATA PROCESSED AND LEGAL BASIS

We do not collect or process sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health details, genetic or biometric data, sexual orientation, or criminal records.

User data is collected indirectly through interactions with Our Platform. The scope of this collection depends on the User's engagement and preferences set within "Privacy and cookies settings." Users can modify the extent of data collection by exercising opt-out options as detailed in section 13.

Cuthrough process data, not necessarily personal data, but metadata - collected within and via Platform – which might be or become a personal data. Below is a summary of the categories of data collected, their intended purposes, and the corresponding legal basis for processing:

5.1. Cookies, Device Information, and Online Identifiers
- 5.1.1. Data Used: Cookies, browser type, language settings, screen size, and device identifiers.
- 5.1.2. Purpose: Recognising the User’s device for consistent service and functionality tracking.
- 5.1.3. Legal Basis: User consent (Article 6.1(a) GDPR).
5.2. Limited Data for Advertising
- 5.2.1. Data Used: Webpage/app usage, device type, and approximate location.
- 5.2.2. Purpose: Selecting and delivering ads with minimal profiling.
- 5.2.3. Legal Basis: User consent (Article 6.1(a) GDPR) and/or legitimate interest (Article 6.1(f) GDPR).
5.3. Activity Information and Combined Data for Advertising Profiles
- 5.3.1. Data Used: Forms submitted, pages viewed, and combined activity data from other services.
- 5.3.2. Purpose: Creating advertising profiles based on User interests and behaviours for personalised ad delivery.
- 5.3.3. Legal Basis: User consent (Article 6.1(a) GDPR).
5.4. Activity Information and Combined Data for Personalised Content
- 5.4.1. Data Used: Forms submitted, content interactions, and data from similar users.
- 5.4.2. Purpose: Creating content profiles for personalised and optimised content experiences.
- 5.4.3. Legal Basis: User consent (Article 6.1(a) GDPR).
5.5. Advertising Interaction Data
- 5.5.1. Data Used: Ads viewed, clicks made, and actions taken post-ad interaction.
- 5.5.2. Purpose: Measuring ad campaign effectiveness and improving future targeting.
- 5.5.3. Legal Basis: User consent (Article 6.1(a) GDPR) and/or legitimate interest (Article 6.1(f) GDPR).
5.6. Content Interaction Data
- 5.6.1. Data Used: Articles read, videos watched, and time spent on content.
- 5.6.2. Purpose: Evaluating non-advertising content performance and relevance.
- 5.6.3. Legal Basis: User consent (Article 6.1(a) GDPR) and/or legitimate interest (Article 6.1(f) GDPR).
5.7. Data from Combined Sources
- 5.7.1. Data Used: User profiles, market research, and analytics data.
- 5.7.2. Purpose: Generating audience insights and identifying trends among users.
- 5.7.3. Legal Basis: User consent (Article 6.1(a) GDPR) and/or legitimate interest (Article 6.1(f) GDPR).
5.8. Interaction Data for Service Improvement
- 5.8.1. Data Used: Ads and content engagement data, including interaction frequency and type.
- 5.8.2. Purpose: Enhancing and developing services based on User engagement patterns.
- 5.8.3. Legal Basis: User consent (Article 6.1(a) GDPR) and/or legitimate interest (Article 6.1(f) GDPR).
5.9. Device and Limited Interaction Data for Content Selection
- 5.9.1. Data Used: Device type, current webpage/app usage, and previous content interactions.
- 5.9.2. Purpose: Selecting relevant content and preventing repetitive displays.
- 5.9.3. Legal Basis: User consent (Article 6.1(a) GDPR) and/or legitimate interest (Article 6.1(f) GDPR).
5.10. Security and Fraud Prevention Data
- 5.10.1. Data Used: System logs, anomalous activity patterns, and ad click data.
- 5.10.2. Purpose: Detecting and preventing fraudulent activities while ensuring system security.
- 5.10.3. Legal Basis: Legitimate interest (Article 6.1(f) GDPR).
5.11. Technical Device information
- 5.11.1. Data Used: IP address, browser type, and device capabilities.
- 5.11.2. Purpose: Ensuring compatibility and seamless content or ad delivery.
- 5.11.3. Legal Basis: Contract necessity (Article 6.1(b) GDPR).
- 5.12. Privacy Preferences
- 5.12.1. Data Used: User choices regarding data usage and vendor preferences.
- 5.12.2. Purpose: Storing and enforcing User privacy settings across services.
- 5.12.3. Legal Basis: Legitimate interest (Article 6.1(f) GDPR).
5.13. Combined Data from External Sources
- 5.13.1. Data Used: Loyalty card usage, surveys, and activity data from other platforms.
- 5.13.2. Purpose: Analysing data from multiple sources for improved
- targeting and service quality.
- 5.13.3. Legal Basis: Legitimate interest (Article 6.1(f) GDPR).
5.14. Device Linking Data
- 5.14.1. Data Used: Shared logins and internet connection data from User’s devices.
- 5.14.2. Purpose: Linking multiple devices for seamless cross-platform service.
- 5.14.3. Legal Basis: Legitimate interest (Article 6.1(f) GDPR).
5.15. Automatically Transmitted Device Information
- 5.15.1. Data Used: IP address, browser details, and other automatically shared device data.
- 5.15.2. Purpose: Distinguishing the User’s device for personalisation and analytics.
- 5.15.3. Legal Basis: Legitimate interest (Article 6.1(f) GDPR).
5.16. Precise Geolocation Data
- 5.16.1. Data Used: GPS-based location data within a 500-metre radius.
- 5.16.2. Purpose: Providing location-specific services, ads, and content.
- 5.16.3. Legal Basis: User consent (Article 6.1(a) GDPR).

Any of above listed data can be or become the personal data. Data becoming the personal data create specific rights for User - data subject, being among others, the right to be forgotten and the opt out right – further details are specified in sections 12 and 13.

6. DATA SECURITY MEASURES

We implement robust technical, organisational, and security measures to safeguard personal data against unauthorised access, modification, or loss.

7. INTERNATIONAL DATA TRANSFERS

Some third-party recipients may be located outside the European Economic Area (EEA), including the United States. In such cases, standard contractual clauses approved by the European Commission are used to ensure data protection compliance.

8. EXTERNAL LINKS AND THIRD-PARTY POLICIES

Our Platform may contain links to external webpages. We do not assume responsibility for their data policies. Users are advised to review their privacy policies separately.

9. AUTOMATED PROCESSING AND PROFILING

Automated decision-making and profiling may be conducted to enhance service provision at the Platform. If consent is granted, third-party providers may also be involved in such processing.

10. PERSONAL DATA RETENTION PERIOD

The duration for which personal data is stored depends on the basis of collection:

10.1. Consent-based processing: Data is retained until consent is withdrawn.
li>10.2. Contractual necessity: Retention extends until contract expiry or termination, plus an addition of 6 (six) years.
10.3. Justified interest: Retention continues until the interest ceases or the User objects, whatever appears first.
10.4. Maximum/General retention: If no legal or contractual obligations exist, data is retained for a maximum of 10 (ten) years.

11. DISCLOSURE TO THIRD PARTIES

We may engage third parties to process personal data under contractual obligations ensuring data confidentiality and security. Third-party recipients may include:

11.1. Data security providers (services, software, hardware).
11.2. Analytics service providers.
11.3. Hosting service providers.
11.4. Marketing representatives.
11.5. Subcontractors and survey providers.
11.6. Legal, financial, and business advisors.

Third parties’ contracts assume Cuthrough remaining the (personal) data controller, while the aforementioned third parties are data processors.

12. USERS RIGHTS UNDER GDPR

Users are entitled to:

12.1. Access their data.
12.2. Request rectification.
12.3. Request erasure (right to be forgotten).
12.4. Transfer data to another controller.
12.5. Object to processing, including profiling.
12.6. Withdraw consent at any time.
12.7. Limit data processing (opt-out).
12.8. Lodge complaint with relevant data protection authorities.

13. EXERCISING USER RIGHTS

Users can exercise rights set out in Section 12 as follows:

13.1. 12.1 - 12.6: by contacting Us using the details provided in Section 14.
13.2. 12.7: by managing Platforms “Privacy and cookies settings” located at the bottom of the webpage.

Once the “Privacy and cookies settings” is clicked, the browser will display the window presented below. To access Platforms data management panel User shall click “Manage options” button.

As per examples presented below; once User advances to the next window – “Manage your data’” – granting and withdrawal of specific consent can be executed.

Assistance is available for Users facing difficulties in exercising their opt-out rights; please contact Us using the details provided in Section 14.

13.3. 12.8: by contacting national data protection authorities listed at:
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en# .

14. CONTACT DETAILS

The data controller is Cuthrough Holdings Limited having its business premises in Kostas Varnalis, 53 Latsia, postal code: 2232, Nicosia, Cyprus, registration number: 424398.

15. POLICY UPDATES

Policy amendments may occur due to technological advancements or legal changes. We also adhere to guidelines issued by national and international authorities.