LegendBoosts - Privacy Policy

The protection of your personal data is important to us, we want you to be able to trust us in this regard as well. Please read this Privacy and Cookie Policy ("Policy") carefully before using the http://legendboosts.com website (the "Service") operated by LegendBoosts LLC (registered in Hungary under company number 01-09-310839) as it contains important information on who we are and how we use cookies on our website.

This Policy should be read together with our Terms of Use ("Terms") which defines the content and the conditions of our Service as well as it sets out how and why we collect, store, use and share personal data generally for rendering our Services.

This Policy specifies your rights in relation to your personal data and details of how to contact us or supervisory authorities if you have a complaint not in relation to our Services but the usage of your personal data.

Your access to and use of the Service might be conditioned on your acceptance of the Policy. These Policies apply to all visitors, users and others who access or use the Service.

In the sort of the Policy, we took into account the relevant law of Hungary on personal data protection:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as the GDPR)
Act CXII of 2011 on the right to information self-determination and freedom of information ("Info Act")

During the operation of http://legendboosts.com ("Website"), LegendBoosts LLC ("Data Controller") handles personal data of visitors, users of the Services or anyone who provides personal data ("Individual") on the Website.

When handling the data of the Individual (such as name, address, e-mail address, telephone number), the Data Controller acts in accordance with the legal regulations in force at any time.

Data Controller qualifies under Article 30 (5) of the GDPR and in accordance with 25/L. § of the Info Act, Data Controller does not appoint a data protection officer (DPO), however You may contact us at:

e-mail: [email protected]

Pursuant to 25/E.-25/F § of the Info Act, Data Controller keeps record of its processing activities which is kept for 10 years.

This Policy is governed and construed in accordance with the laws of Hungary, without regard to its conflict of law provisions.

The Data Controller is unilaterally entitled to amend the Policy at any time.

Definitions

Personal data: any information relating to an identified or identifiable natural person ("Individual" or "Data Subject"); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online username or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of an identifiable natural person;
Data handling: any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data processing: the performance of technical tasks related to data handling operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the personal data;
Data transfer: making the personal data available to a specific third party;
Disclosure: making the personal data available to any third party;
Data controller: shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law. As part of the provision of the Website service, the Data Controller.
Data processor: means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of Data Controller;
Individual's consent: a voluntary, specific and duly informed and clear statement of the intention of the Individual is to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or an unequivocal statement of confirmation.

Data of the data controller and the data processor

Data Controller:

LegendBoosts LLC
e-mail: [email protected]

Data processors:

a.) Hosting provider: Namecheap, Inc.
- registered office: 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, United States
- support contact: https://www.namecheap.com/support/
- Location of hosting: United States
- Legal basis of transfer to the United States: Standard Contractual Clauses (SCC) based on the Data Protection Directive 95/46/EC as approved by the Article 29 Working Party based on the model contract 2010/87/EU, by virtue of which the data processor ensures that the personal data is processed and transferred in accordance with the EU data protection provisions. The SCC is available in the Namecheap Data Processing Agreement found at: https://www.namecheap.com/legal/dataprocessing-agreement/

b.) Payment processors:
- SimplePay (OTP Mobil Services LLC)
  - registered office: 1143 Budapest, Hungária krt. 17-19.
  - support contact or e-mail: [email protected]
  - Location of payment processing: Hungary and according to GDPR Policy (Terms of Use Point 125) can be downloaded at: http://simplepay.hu/kereskedo-aszf/ (Retrieved on 05/13/2021)
- Paymentwall
  - registered office: Paymentwall Global HQ (255 9th St, San Francisco, CA, 94103, United States), Paymentwall GmbH (Friedrichstraße 88, Berlin, 10117, Germany), Paymentwall Lisbon (Av. Óscar Monteiro Torres 35A, Lisbon, 1000-216, Portugal)
  - support contact or e-mail: http://www.paymentwall.com/support
  - Location of payment processing: may be out of the EU, Paymentwall acts as a data processor according to their Terms of Use, Section 4. C.
  - Legal basis of transfer to the United States: The consent of the Individual.
- Stripe
  - registered office: Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA), Stripe Payments Europe Limited (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland)
  - support contact or e-mail: http://stripe.com/privacy-center/legal#contact-us
  - Location of payment processing: may be out of the EU, Stripe acts as a data processor according to their website.
  - Legal basis of transfer to the United States: Standard Contractual Clauses (SCC) based on the Data Protection Directive 95/46/EC as approved by the Article 29 Working Party based on the model contract 2010/87/EU. The Court of Justice of the European Union issued a ruling in Data Protection Commissioner v Facebook Ireland Ltd and Maximilian Schrems (Schrems II), examining transfers of data from the European Economic Area (EEA). Here’s some additional information on Stripe’s approach to this judgment. Stripe continues to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data transferred outside the EEA and Switzerland. Stripe’s existing measures include the EU Commission’s approved Standard Contractual Clauses (SCCs) to accommodate international data transfers. Stripe no longer rely on the Privacy Shield as a transfer mechanism for data transfers given EU-U.S. However, Stripe do continue to commit to the principles of the Privacy Shield Framework as it can still provide privacy protections to users.
- PayOP
  - registered office: Administration -FinTech Decision pte LTD registered at 68 CIRCULAR ROAD #02-01 SINGAPORE 049422
  - support contact or e-mail: [email protected]
  - Location of payment processing: may be out of the EU, PayOP acts as a data processor and controller according to their Privacy Policy, Section 7.1.
  - Legal basis of transfer to the Singapore: The consent of the Individual.

Your data may be transferred also to UNLIMINT EU LTD, however they act as data controllers on their own behalf. (their registered office: 125 Georgiou Griva Digeni, Limassol, 3101, Cyprus, you may contact them at support contact or e-mail: http://www.unlimint.com/contacts/, location of payment processing: Cyprus, EU)

Principles

Data handling and processing must be appropriate to the purpose of the data handling at all stages. Data handling and processing must be fair and lawful. Data handling and processing can only take place to the extent and for the time necessary to achieve the purpose.

In all cases where we request personal data from you, you are free to decide whether to provide the requested information: the data handling and processing shall be based on a voluntary, well-informed consent of yours including your consent that Data Controller uses personal data provided on the Website. In case of doubt, it shall be assumed that the Individual has not given his consent.

According to the relevant legal regulations, personal data may be processed if:

you consented to the processing of your personal data for one or more specific purposes;
the processing is necessary for the performance of your contract or steps are necessary at your request prior to the conclusion of the contract;
processing is necessary for compliance with a legal obligation to which the Data Controller;
the processing is necessary in order to protect your vital interests or another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
processing is necessary for the protection of the legitimate interests of the Data Controller or of a third party, unless those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the Individual is a child.

The data handling and processing shall ensure the accuracy, completeness and, where necessary, the up-to-dateness of the personal data, and that the Individual can only be identified for the time necessary for the purpose of the data handling and processing.

In the sort of data handling and processing, only such personal data may be processed that is essential for the realization of the purpose of data handling and processing and is suitable for achieving the purpose.

The personal data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and loss of access as a result of changes in the technology used.

The Individual may request information or check the content of his / her data at any time during the handling and processing of data, and may at any time, if necessary, request their correction, modification, change, deletion or blocking. The Individual may modify or withdraw her / his consent to data handling and processing at any time.

We share your data with external third parties, as detailed above in Part 3 and below in Part 5 and Part 6, that are based outside of the EEA. We may sometimes contract with these third parties to supply certain services. These may include payment processing and marketing. In some cases, those third parties may require access to some or all of your personal data that we hold. The following safeguard[s] is applied to such transfers: We will only store or transfer your personal data to countries that the European Commission has deemed to provide an adequate level of personal data protection. More information is available from the European Commission or which applies the model contract as specified in Part 3.

Purpose of data handling and processing

Handling and processing of personal data is necessary for visiting the Website or for using the Service advertised on the Website for the following purposes:

Personal data	Purpose of the data handling	Legal basis	Period of data handling
First and last name	For concluding a contract with you.	GDPR Article 6 para. (1) point a) and b)	5 years
Email address	To stay in touch and to discuss Services related issues more effectively.	GDPR Article 6 para. (1) point a) and b)	5 years
Billing data (name and address)	In order to issue an invoice, as well as to conclude or amend our Service contract with you, to monitor its fulfillment, and to invoice the resulting fees and enforce the related claims.	GDPR Article 6 para. (1) point b) and c)	6 years (based on Tax regulations of Hungary)
IP address	Perform a technical operation.	GDPR Article 6 para. (1) point a)	5 years
Country and languages	Personalizing and tailoring our Services to you.	GDPR Article 6 para. (1) point a) and b)	5 years
Information about „potential booster” related to game League of Legends	Identification of the boosters as League of Legends players for protecting players. Fraud monitoring and prevention. Perform a technical operation.	GDPR Article 6 para. (1) point a)	5 years

Some of the information provided in the sort of purchasing on the Website (billing name, billing address, e-mail address, bank card details) are forwarded to the Data Processors listed in Point 3. b) as Payment Service Providers for the purpose of authorization of the payment transactions, fraud monitoring, fraud prevention and bankcard acceptance. These data you share will be kept as long as it is provided in the current GDPR Policies of the Payment Service Providers. You can read more about this in the GDPR policies linked above.

Cookie policy

Data handling in general

A cookie is a unique set of data used by the Website to identify and store profile information on the computer of the Individual. It is important to know that such a sequence of signals alone is in no way capable of identifying the Individual, i.e. the visitor of the Website, it is only capable of recognizing the Individual 's machine. In the sort of the visiting of the Website and with the exception of the IP address, it is not necessary to provide a name, e-mail address or any other personal information, as when using such solutions, the Data Controller does not even request data from the visitor, the data is actually exchanged between machines.

The cookie serves web analytics purposes, helps to differentiate users and prevents data loss. The anonymous visitor ID also allows the cookie user to track your internet usage, including the history of the websites you visit, and your browsing habits.

After the registration, by using a cookie, only the Data Controller can contact the affected data with the person of the Individual, and only in case of visiting the relevant domain address and registering on thatof.

By accessing the Website, if allowed by the browser settings used by the Individual or explicitly approved by the Individual on the first visit to the Website, the Website can automatically save information about the Individual's computer or device used for browsing (tablet, smartphone, wearable smart devices).

If you do not want such a set of data to be placed on your computer, you can set your browser so that it does not allow you to place your unique set of data on your computer or delete them in your browser's privacy settings after set-up. In this case, without cookies you may not be able to fully use all the functions and services of our Website, and without their use we cannot guarantee you the full use of the Website. To learn more about changing your browser settings, see your browser's instructions or help.

Cookies record and process the following data:

IP address,
browser type,
the operating system characteristics of the device used for browsing (e.g. type, set of language),
the exact date of the visit,
the title of the previously visited page,
the page you visited, the subpage, the feature or service used, the time spent on the page.

These cookies alone cannot personally identify the Individual.

Visit log files are deleted 7 days after the visit.

Legal basis: Article 6 (1) (f) GDPR - legitimate interest of Data Controllers.

Special provisions on cookies

Consent

Legitimate interest (There are service providers that do not ask for your consent but use your personal information based on their legitimate interests.)

The following cookies are placed on the Website:

Type	Purpose of the data handling	Legal basis	Period of data handling
Necessary cookie: _cfduid	Identify trusted web traffic	GDPR Article 6 para. (1) point f)	29 days
Statistical cookie: _ga	Unique ID to generate statistical data on usage of the Website	GDPR Article 6 para. (1) point f)	2 years
Statistical cookie: _gat	Used by Google Analytics to throttle request rate	GDPR Article 6 para. (1) point f)	1 day
Statistical cookie: _gid	Unique ID to generate statistical data on usage of the Website	GDPR Article 6 para. (1) point f)	1 day
Marketing cookie: _fbp	Used by Facebook to deliver a series of ads	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	3 months
Marketing cookie: _uetsid and _uetsid_exp	Collects data on visitors behavior to show more relevant ads and limit repetitive ads used by Bing Ads and Expiry data for _uetsid cookie	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	1 day/Persistent
Marketing cookie: _uetvid and uetvid_exp	Tracks visitors on other sites to show more relevant ads and limit repetitive ads used by Bing Ads and Expiry data for _uetvid cookie	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	16 days/Persistent
Marketing cookie: ATN	Targets ads based on behavioral profiling and geographical location used by Facebook	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	2 years
Marketing cookie: fr	Used by Facebook to deliver a series of ads	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	3 months
Marketing cookie: atdmt	Sets a unique ID for the visitor that allows third party advertisers to target the visitor with relevant ads used by Facebook subsidiary Atlas Solutions	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	Session
Marketing cookie: MUID	Used by Microsoft as a unique user ID to enable tracking and synchronizing the ID across Microsoft domains	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	1 year
Marketing cookie: tr	Used by Facebook to deliver series of ads	GDPR Article 6 para. (1) point f) if GDPR Article 6 para. (1) point a) is not given	Session

With the help of functional / necessary cookies, it is possible to save the details on the Website and to offer more tailored functions based on the data collected by the cookies. These cookies also allow the Website to continue to use the optional features offered to you. You do not need your approval to use these cookies. However, there are options to turn them on and off.

Please note that disabling functional cookies may limit the operation of certain features of the Website. Technical cookies provide functions without which the Website cannot be used as intended. These cookies are absolutely necessary for the proper operation of the website, therefore they cannot be activated and deactivated individually.

You can revoke the result of your use of security cookies individually at any time in the future by adjusting your cookie settings accordingly.

Third-party cookies or other similar programs used by my Website:

With the help of marketing cookies we facilitate better access to our Website. Our Website uses analytics provided by Facebook, Bing, and Microsoft, web analytics services provided by the relevant companies. Analytics cookies may use a cookie in a specific format, computer storage, and which allows you to analyze the use of the website by you. These cookies are usually transmitted to and stored on servers located in the U.S.A.

Your rights

You have the right to receive information from us, as Data Controller, as to whether your personal data is being handled. If we handle your personal data, you will be provided with at least the following information:

The purpose of the data handling and processing;
The category of personal data handled and processed;
The recipients or categories of recipients to whom the personal data have been or will be transferred, including in particular third country recipients or organizations;
Where applicable, the intended period of storage of the personal data or, if this is not possible, the criteria for determining this period;
The Data Subject's right to request the Data Controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
The right to file a complaint with a supervisory authority;
In the case of transfers of personal data of the Data Subject, the legal basis and the recipient of the transfer.

As a Data Controller, I undertake to provide the information in writing at the request of the data subject in an intelligible form as soon as possible after the submission of the request, but no later than within 30 days.

I do not use an automated decision-making process (profiling). I do not supplement or link personal or other data.

Additional rights of the Data Subject in relation to data handling and processing

Right to rectification: You can request the correction / supplementation of your personal data without undue delay, if we handle your personal data inaccurately / incompletely.
Right to Delete: You can request the deletion of personal data concerning you in full or for certain personal data we handle or process. Under this right, you have the right to irrevocably and permanently delete / anonymize your personal data (and to destroy / anonymize the documents containing your deleted personal data).
Right to restrict data handling or processing: You can request a restriction on the handling or the processing of your personal data concerns you by indicating the personal data you want to restrict. Under this right, you have the right to restrict the handling or processing of your personal data if you dispute their accuracy or if, in your opinion, the handling or processing is unlawful.
Right to information: You can ask us to indicate which recipients I have informed about the correction, deletion or restriction of data handling or processing.
Right to withdraw consent: If we handle or process your personal data on the basis of your consent, you may withdraw your consent to the handling or processing of data at any time for the future. We may also handle or process your personal data for the purpose of fulfilling our legal obligation or enforcing my legitimate interest after the withdrawal of your consent, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data.
Right to data portability: You have the right to receive the personal data provided by you to the data Controller in a structured, widely used machine-readable format. In addition, you have the right to request a third party with your legal authorization to transfer this data to another Data Controller (if the data processing by the Data Controller is based on your consent or a contract with the Data Controller).
Right to object: You have the right to object to the handling or processing of your personal data processed on the basis of a legitimate interest.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held).

All requests should be made in writing and sent to the email or postal addresses shown in Part 1. There is not normally any charge for any such requests. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your request within 21 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.