Privacy and Personal Data Protection Notice

Initial information

We are Beatlog, a platform that allows users to connect and share information about their favorite games. We prepared this Privacy and Personal Data Protection Notice to provide transparency and inform data subjects about how we use personal data, who we share it with, what rights users have, how to exercise those rights, our official contact channel, and other relevant information.

This Notice applies to everyone who may be an interested party in relation to Beatlog: website users, collaborators, suppliers, third parties, and any other identifiable people whose data may be processed by Beatlog.

This Privacy Notice was prepared in accordance with the Brazilian Internet Civil Rights Framework (Federal Law 12.965/2014), the Access to Information Law (Federal Law 12.527/2011), and the Brazilian General Personal Data Protection Law or LGPD (Federal Law 13.709/2018).

This Privacy Notice has the nature of a policy that gathers important information on this topic for all interested parties and establishes Beatlog's commitment to privacy and data protection.

Meaning of some expressions

To make this Notice easier to understand, we provide a short glossary with the meaning of some expressions.

Processing agents: the Controller and the Operator. These are legal or natural persons, including self-employed professionals, that process personal data to offer products or services.

Brazilian National Data Protection Authority (ANPD): the public administration body responsible for safeguarding, implementing, and supervising compliance with the LGPD throughout Brazil.

Consent: a free, informed, and unambiguous manifestation by which the data subject agrees to the processing of their personal data for a specific purpose.

Controller: a natural or legal person, under public or private law, that is responsible for decisions regarding personal data processing.

Personal data: information related to an identified or identifiable natural person. Any information that may identify a person can be considered personal data, such as name, surname, date of birth, information in official personal documents, home address, landline or mobile phone, personal and professional email address, IP address, internet browsing history, or information collected through cookies.

Sensitive personal data: personal data about racial or ethnic origin, religious belief, political opinion, union membership or membership in a religious, philosophical, or political organization, data concerning health or sex life, genetic data, or biometric data.

Operator: a natural or legal person, under public or private law, that processes personal data on behalf of the Controller. Data subject: the natural person to whom the personal data being processed refers. In other words, this is the owner of the personal data and the person who may exercise rights regarding that data.

Processing: any operation performed with personal data, including collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, assessment or control of information, modification, communication, transfer, dissemination, or extraction. In short, processing is the use of personal data or any action performed with it, including storage.

How do we collect personal data?

We may collect personal data in the following ways:

Directly from you, the data subject, when you register on the platform.

Directly from you when you publish on our platform and use our services.

Directly from you when you agree to receive our newsletters and marketing communications.

From third parties when you authorize access to your gaming platform accounts, such as Steam, PlayStation, and similar services.

Automatically through cookies or artificial intelligence, or through system log records, to comply with the Brazilian Internet Civil Rights Framework.

What personal data do we use?

We use personal data whenever necessary or indispensable to provide services on our platform. The following categories of personal data may be processed:

Registration data, such as username, email address, and date of birth.

Data related to games accessed by you, including information such as game names, play time, and the platform where the game was accessed.

Unique identifier data collected through cookies when the user visits our website.

How do we use your personal data?

We use your information for the following purposes:

To comply with our Terms and Conditions of Use.

To provide services to you, for example, when you register on the site, we process your email address and information you choose to share about your favorite games.

To support users, such as answering questions about our services, processing reports, and contacting users when necessary.

For our legitimate commercial interests, such as improving our services through metrics and reports about platform usage.

To personalize the service offered to you, such as recommending games and information that may interest you.

With your consent, to send newsletters. You may revoke this consent at any time.

To comply with legal or regulatory obligations. We may also process data obtained through cookies on our website to improve safe browsing and the user experience.

Personal data controller

In the processing operations described above, Beatlog generally acts as the personal data controller, meaning the agent responsible for making the main decisions regarding personal data processing and defining the purpose of that processing.

To provide the available services, Beatlog may hire personal data operators, meaning agents responsible for processing data on behalf of the controller and according to the purpose defined by the controller, such as technology systems and software used to store and retrieve information in the cloud.

Sharing personal data

As part of Beatlog's normal operation, we may share data subjects' personal data with duly authorized professionals who provide contracted services, respecting the principles established by applicable law. All access to personal data will preserve confidentiality according to this Notice.

Personal data may also be shared with service providers, such as management software and cloud computing services. Whenever these providers process your data, the processing will occur in accordance with privacy and personal data protection rules.

We may also share your data, when indispensable, with an authority that has police power, such as the ANPD or consumer protection agencies. We may also share data with the Judiciary in case of a valid and effective court order or for legal defense.

How long will data be stored?

We store personal data for as long as necessary to fulfill the purposes for which it was collected, and we may retain it to comply with a legal obligation or to exercise rights. The storage period may observe limitation and statute-of-limitations periods established by Brazilian law.

We commit to storing information securely and, when data must be discarded, using efficient technical means for secure disposal.

What measures do we take to protect personal data?

To protect personal data, we rely on security mechanisms provided by HostGator, the company responsible for hosting our platform on a dedicated server located in Brazil, as well as data encryption systems, two-factor authentication, and digital certificate usage according to strong security standards.

Even with these measures, we cannot guarantee absolute security. In case of an incident, Beatlog will follow a response procedure and may communicate with the ANPD and data subjects when necessary, if there is relevant risk after internal assessment.

Rights of personal data subjects

The Brazilian General Data Protection Law grants a series of rights to data subjects:

Confirmation of the existence of processing operations involving your personal data. In other words, you may know whether or not we process your personal data.

Right to access your own personal data if we process it.

If the legal basis used to justify processing is consent, you have the right to revoke or withdraw the consent given and to know the consequences of that withdrawal.

Right to request portability of personal data to another service or product provider, through an express request, according to future ANPD regulation and subject to trade and industrial secrets.

Right to correct incomplete, inaccurate, or outdated data. Help us keep your data complete, necessary, accurate, and up to date as far as possible and reasonable.

Right to delete personal data processed with your consent, except in cases of compliance with legal or regulatory obligations by the Controller, study by a research body with anonymization whenever possible, transfer to a third party according to LGPD requirements, or exclusive use by the Controller with data anonymized and no third-party access.

Information about public and private entities with which Beatlog shared data.

Information about the possibility of not providing consent and the consequences of refusal.

Petition to the Brazilian National Data Protection Authority (ANPD) regarding Beatlog and any right that was not fulfilled.

Opposition to personal data processing operations based on one of the consent-waiver hypotheses, in case of noncompliance with the LGPD.

Review of decisions made solely on the basis of automated personal data processing that affect your interests, including decisions intended to define your personal, professional, consumer, or credit profile or aspects of your personality.

Exercising your rights

To exercise your rights and submit a request, contact social@beatlog.net with the subject "LGPD", informing your full name and which right you wish to exercise. Beatlog will make efforts to respond as quickly as possible, respecting legal retention periods, and may request additional information to enable the request.

For your own security, after a request is sent, we will perform an identity authentication procedure. Once the requester's identity is verified, the request will proceed; otherwise, it will be archived.

It is preferable for the data subject to exercise their rights directly. If the data subject appoints a representative, a specific power of attorney for this purpose must be presented, with notarized signature recognition at a registry office.

Finally, the data subject should be aware that their request may be legally rejected for formal reasons, such as inability to prove identity, or legal reasons, such as the user's right falling under a legal or regulatory exception.

International transfer of personal data

Some personal data processing operations carried out by Beatlog, or by companies that provide services to Beatlog, may involve international transfer of personal data.

We commit to complying with the Brazilian General Data Protection Law and ANPD guidance on this topic, seeking to ensure that transfers occur only to countries that provide a level of personal data protection equivalent to Brazil's, or through guarantees and safeguards such as specific clauses, standard contractual clauses, global corporate rules, or other measures that may be necessary.

Periodic update of this Privacy Notice

Our Privacy Notice will be continuously improved, following good practices and guidance from the ANPD. If changes are substantial, the information will be prominently displayed on our website. We recommend reading this Privacy Notice periodically. Your privacy and trust are important to us.

This version is dated May 18, 2023.