04.12.2023
This Privacy Policy (the “Policy”) governs the protection and processing of your personal data that is collected or submitted, by using the mobile applications/games published by us, the website as well as any transactions which may be concluded within those mobile applications/games and the website (the “Services”) or any materials and services provided therein (regardless of where you visit it from).
The Services are owned and operated by Mindwood Limited, a company registered in Cyprus with Reg. Number HE 441540 and having its registered office at Kyriakou Matsi, 16, Eagle House, 8th Floor, 1082, Nicosia, Cyprus (“we” or “us” or “Mindwood”).
Please read this Policy carefully. By submitting your acceptance on the relevant notifications posted on the Services, you are deemed to have read, understood, agreed to and consented to this Policy.
It is important that you read this Policy together with any other privacy notices or fair processing notices we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why we are using your personal data. This Policy supplements such other notices and is not intended to override them.
We are the data controllers of your personal data. It should be noted however that any information (including personal data) submitted during the use of the Services by a user, may be handled and transmitted to us through third-party service providers who will only handle your personal data for the purpose of providing their services to us and only for as long as it is necessary.
We will only use your personal data as the law allows us to. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and the legal bases on which we rely for doing so. We have also identified our legitimate interests where appropriate.
Please note that we may rely on more than one lawful basis when using your personal data depending on the processing activity which we undertake. Please contact us if you need further details about the specific lawful purpose we rely on to process your personal data.
We will retain your personal data only for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
|
Types of Data |
Legal Basis for Processing |
Retention Period |
|
Data Submitted by the user (i) Contact information (name, surname, email address) (ii) In-game/in-app messages (including chat logs and support tickets) (iii) Other messages or data submitted (e.g. when you contact us through the email, social media channels or through our Services) (iv) IP addresses |
(i) to take steps upon the request of the data subject before entering into a contract. (ii) for the purposes of our legitimate interests in responding to a data subject’s request for a reply to communication and to provide information or a quotation to a user (iii) to carry out the contract in case a contract between us is in place. (iv) for the purposes of our legitimate interests in providing services/products and (v) in order to comply with our legal obligations |
(i) In case you are an account holder, then the data is deleted 6 years after the deletion of your account. (ii) In case you are not an account holder, then the data is deleted 6 months after the last communication in relation to the specific message. |
|
Data Collected Automatically (i) Data relating to the use of our Services (For example Apple, Amazon or Google User ID, In-App Purchases, date and time that the Service was last used, session duration, features used, history, interaction with advertisements, name you associated with your device) (ii) Unique Identifiers (such as IP address, device ID, MAC Address, IMEI, advertising ID) (iii) Non-Unique Identifiers (data about your device, device name, operating system, browser type, language, screen size etc) (iv) General Location Data (Country and/or city of location) (v) Data relating to the use of the Services (such as gameplay data, interactions with other users) (vi) Various additional data, such as: -age bracket: ie. 18-24, 25-34, 35-44, 45-54, 55-64, and 65+ of the user, -browser name, -city, country, subcontinent, continent and geographic region from which user activity originated. -brand name of the mobile device of the user (such as Motorola, LG, or Samsung) and the type of the mobile device (such as mobile or tablet), -gender of the user, -interests of the user -language setting of the user’s device operating system, -user’s device operating system -user’s device operating system version, -platform (such as web, iOS, or Android). |
(i) for the purposes of protecting our legitimate interests in improving and providing our services or products |
(i) The data is deleted 6 years after the deletion of your account. |
|
Data Collected from Others (i) Data collected from third parties when you login to your account through such a party (user id, name, picture, gender, email, friends playing the same game, date of birth, information about your activities on or through the connected third-party application, other publicly available information) (ii) Data collected from third party platforms relating to in-app purchases (typically that a purchase was successful). Note that we will not collect sales information, transactions history, payment information, bank account information or credit card information, but such information may be collected by third parties. (iii) Third-party service providers (such as information relating to the interaction with the Services and in-game advertisements, software errors etc (iv) Information obtained from Facebook and related platforms. When you use our Services on Facebook or connect our Services to a Facebook account, we may receive any of the information you provide or permit to be provided to us via Facebook (such us information your user ID, your email address) if you use our Services, including with whom you share our Services on Facebook. (v) Content generated by the user which we obtain from you. We can obtain and collect content from posts or uploads you make on social networks subject to your consent if applicable. Such content may include, your name, social media username, image, likeness, voice, other identifiable information available in such user generated content. |
(i) to carry out the contract in case a contract between us is in place. (ii) for the purposes of our legitimate interests in providing services/products |
(i) The data is deleted 6 years after the deletion of your account. |
If you have provided your express consent, we will use personalized advertisements through the Services. You can withdraw your consent at any time in the in-app/game privacy settings.
You can ask us or third parties to stop sending you personalised marketing messages at any time by checking the privacy settings of your Android or iOS device (e.g. by turning off “Allow Apps to Request to Track” or selecting “Limit Ad Tracking” (Apple iOS) or “Opt-out of Interest Based Ads” (Android)). By opting out, this does not mean that you will stop seeing advertisements in our Services, rather third-party advertising networks will show you contextual advertisements not tailored to your interests. Please, be aware that such actions may result in decrease of advertising quality and less enjoyable user experience.
You may accept all cookies or instruct your device to provide notice at the time of installation of cookies or refuse to accept all cookies by adjusting the relevant cookie retention function in your device. We, along with our third-party advertising networks and their associates, may utilize cookies and comparable technologies, including mobile “SDK,” to deliver and customize our Services and to offer targeted ads. Certain technologies have the capability to synchronize behavior across various mobile applications, devices, and websites in order to tailor ads to your preferences. This is known as personalized advertising. Additionally, we and specific advertising networks may review your list of installed applications to prevent advertising for apps you already have. If you disable or refuse cookies, please note that some parts of our Services may become inaccessible or be unable to operate as designed. You can view our Cookie Policy here.
We will use your personal data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as, this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature within our Services. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect your personal data for a number of reasons. These include the following:
For the performance of our Services under the Terms. We process such data to allow you to create accounts and use the Services, to recognise you when you use the Services, to verify and confirm payments in our Services, detect and prevent abuse/toxicity/cheating, to provide you with purchase options and send you communications relating to our Services and also to provide support to users when they use our Services.
For the development and improvement of our Services and your experience, providing social features as part of our Services, customizing your experience when using the Services, providing you with offers in our Services, sending your information, updates, security alerts and support messages, enabling you to communicate with other users, cross promoting our Services. We will present you with advertisements and suggestions within our Services. These may be ads relating to our own Services or other services you may be interested in. These ads and suggestions may be tailored specifically to you. Where it is required, we will only do so where we have your consent. If you no longer want to receive targeted advertising you can withdraw your consent in the in-app/game privacy settings. In situations where your consent is not required, or where we provide contextual and/or non-personalised advertising, we do so based on our legitimate interests.. In such case we will use data such as your IP address or certain non-personal identifiers and we will do it to further our legitimate interests in monetizing our Services. Our legitimate interests also allow us to analyze, profile and segment collected data and create aggregate statistical data or non-personal data which we may use to improve our services. We also protect our legitimate interests in protecting against fraud by analyzing, monitoring and moderating the use of the Services, taking action against users who are in breach of their obligations under the Terms, and tracking the performance of our advertising campaigns to prevent fraud. To allow you to back-up and sync your progress using third party social networks to our Services, such as Google Play Games, Apple Game Center or Facebook.
To serve personalized advertisements in our Services using third-party advertising networks. Our legal basis is legitimate interests to run our business. If you are located in the European Economic Area, the United Kingdom (the “UK”), Norway, Switzerland, or Brazil, certain third-party advertising networks we work with may require your consent to process Personal Data for the purpose of delivering tailored advertising to you. To decline or revoke your consent for receiving personalized advertisements.
In some cases, we may use your personal data in order to comply with legal obligations (such as for example court orders or requests from a regulatory authority).
We may share your personal data with the following:
Other users: In order to use some of our Services (such as games) other users may be able to see some of your personal information such as your profile data, in-game activities, or messages you post.
Public authorities: Disclosure in accordance with, or as required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements (e.g. to combat fraud and illegal activities);
Change of corporate structure/ownership: Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets, so that you can continue to receive the Services with as little disruption as possible. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
Service Providers and Partners in order to improve our Services: For example we may share personal data with parties who assist us in our on-going development, analytics, customer care, marketing and advertising. We may also share information with advertising partners who distribute advertising in our Services. Disclosures such as these, only take place provided that we have a legal basis to do so. Examples of service providers include:
Cloud service providers who we rely on for data storage (including Amazon Web Services, Cloudflare and DigitalOcean);
User acquisition partners who help us report on the success of our marketing campaigns;
Analytics providers who help us in understanding our userbase;
Advertising partners to which (subject to your settings) we provide certain information who will use them to serve you with ads in our Services, and we measure who sees and clicks on their ads.
Payment processors to process payments for in-app purchases made through our Services.
Social sharing features several of our Services provide social sharing functionalities, allowing you to share your activities within our platform with other media. To utilize any integrated social sharing features in our Services, you must meet the minimum age requirement specified by the laws of your respective jurisdiction. Our Services incorporate social features from the following providers:
We note that our Partners may have their own privacy policies and your data is shared with them and used in accordance with their Privacy Policies. A list of our Partners’ privacy policies may be found in ANNEX 1 below.
In case we do transfer your data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least that we use specific contractual arrangements approved by the European Commission which give personal data the same protection they have in Europe. For that reason, all transfers made by Mindwood to other entities outside the EEA, are subject to agreement incorporating the Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and the UK International Data Transfer Addendum to the EU Commission Standard Contractual
Clauses.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We reserve the right to update and change to any part of this Policy. Should this Policy be amended, we will publish details of the amendments on our website and we will post a notice on the website or through the Services. The changes will take effect as soon as they are posted on our website and you are notified in-game about them. Your continued use of our Services will signify that you acknowledge these changes.
Our Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Services or interact outside our Services, we encourage you to read the privacy policy of third parties which you interact before providing any personally identifiable information.
If this Policy or any part of it should be determined to be illegal, invalid or otherwise unenforceable under the laws of any country in which this Policy is intended to be effective, then to the extent that it is determined to be illegal, invalid or unenforceable, it shall in that country be treated as severed and deleted from this Policy and the remaining terms of this Policy shall survive and remain in full force and effect and continue to be binding and enforceable in that country.
We are not responsible for any breach of this Policy caused by circumstances beyond its reasonable control.
Our Services are not intended to be used by people under the age of 16. We do not knowingly collect personal information from children under the age of 16. Persons under the age of 16 should not use the Services and should not provide any personal data through our Services. We ask that parents supervise their children while online.
If you are a parent or guardian and wish to review personal data collected from your child, or have that information modified or deleted, you may contact us as described above. If we become aware that a child has provided us with personal data contrary to the above, we will delete any personal data we have collected, unless we have a legal obligation to keep it, and terminate the child’s account.
If you submit or have already submitted to us, personal data about you through the use of our Services, then you have the following rights under this Policy and the relevant legislation on the protection on personal data.
You may at any time withdraw the consent you have given us to process your personal data.
You may at any time send us any of the following requests:
If you wish to contact us in relation to any questions you may have in relation to this Privacy Policy or exercise any of the above rights, you will be able to do so by contacting us at any of the following:
Mindwood Limited
Address: Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Nicosia, Cyprus
Email: [email protected].
We have designated a Data Protection Officer (“DPO”) to enhance and promote compliance with and understanding of privacy and data protection principles. If you wish to exercise any of the above rights or if you wish to notify us of a breach of your personal data, please send an email to [email protected].
You also have a right to lodge a complaint with the supervisory authority, The Office of the Commissioner for the protection of personal data, however we would appreciate the chance to deal with your concerns before you approach the supervisory authority.
At any time after providing your consent, you will have a right to withdraw it through the procedure mentioned below. The withdrawal of your consent will not affect the way that the Services will be offered.
Opt-out of targeted advertising by emailing: [email protected].
Opt-out of analytics by emailing: [email protected].
Please keep in mind that if you wish to exercise any of the above rights in relation to any processing that is necessary to fulfill a contractual obligation based on the agreement between us or in relation to processing that is necessary to fulfill a legal obligation or in relation to processing that is necessary to safeguard the legitimate interests of the company, then we will examine your request by taking into consideration the need to comply with our obligations and the effect on our ability to continue collaboration within the bounds set by the agreement between us, the relevant law and our legitimate interests.
To examine a request or a notification of data breach or a withdrawal of consent, we will request proof that the person submitting such, is the same as the person to which the data refers or that the person is a duly authorised representative. The personal data that will be processed for the purposes of submitting, examining and responding to such a request or a notification of data breach or a withdrawal of consent, shall be retained for a period of one year from the data any related procedure is finalized, or for a period of three months after the expiry of the initial retention period, whichever period is largest.
The competent authority in Cyprus for the enforcement of personal data protection legislation is:
The Office of the Commissioner for the protection of personal data
Address: Iasonos 1, 1082 Nicosia Cyprus or P.O.Box 23378, 1682 Nicosia Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]
We prioritize safeguarding your privacy and ensuring that your personal information is managed in compliance with relevant privacy regulations in the United States, encompassing the California Consumer Privacy Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and Connecticut Data Privacy Act. Our goal is to address your access or deletion request within 40 days of its receipt. In the event that additional time is needed, we will notify you in writing, explaining the reason for the extension. If we are unable to fulfill your request, we will provide you with a clear explanation for our decision not to proceed.
This privacy notice for California consumers applies solely to those who reside in the State of California and supplements the information contained in our general Privacy Policy. This notice describes your rights under the California Consumer Privacy Act (“CCPA”) and how to exercise them.
Subject to certain exceptions, you have the right to:
You can request certain information about our disclosure of your information to third parties for their own direct marketing purposes during the preceding calendar year (to the extent we have shared information for such purposes within the given period). This request is free and may be made once a year. In certain cases, you may also have the right to correct inaccurate personal information we hold about you. You also have the right not to be discriminated against for exercising any of the rights listed above.
We will not discriminate against you for exercising your rights under the CCPA, such as denying services, charging different prices, or providing a different level of quality.
We may share your personal information with certain third parties for business purposes. For details, please refer to our Privacy Policy.
This privacy notice for Virginia, Colorado and Connecticut consumers applies solely to those who reside in the State of Virginia, Colorado and Connecticut and supplements the information contained in our general Privacy Policy. This notice describes your rights under the object to the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”) and the Connecticut Data Privacy Act (“CDPA”). These State Laws provide their respective state’s residents with certain rights listed here.
You have the right to ask us to verify whether or not we are processing your personal data and to receive a copy of the personal data you have previously furnished to us in a format that is portable and, to the extent technically possible, easily usable.”
Depending on your location, you have the entitlement to ask us to rectify any inaccuracies in your personal data, considering the nature of the information and the objectives for processing it.
You have the right to request that we delete the information we have collected from you.
You have the right to “opt-out,” from targeted advertising, to the sale of your personal data, or depending on your state, to profiling in furtherance in decisions that produce legal or similarly significant events.
Residents in some states have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the US State Laws.
To tailor advertising to your preferences, the advertising networks and their affiliates listed below may ask for your consent if you reside in the EEA, UK, Norway, Switzerland, or Brazil. Instructions on opting out can be found in our Privacy Policy. Additionally, the advertising networks below with the exception of Fyber, independently control your personal data.
Google AdSense
Google, as a third-party vendor, uses cookies to serve ads on our Service. Google’s use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Service or other websites on the Internet.
You may opt-out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page.
Our analytics processes, including those conducted by third-party providers, utilize your information for essential operations and analytical assessments. To understand the usage of your information by these analytics service providers, please refer to their respective privacy notices accessible through the links provided below.
Digital Ocean
DigitalOcean Holdings, Inc (US) offers cloud computing services
Their Privacy Policy can be found here.
Google Analytics
Google Analytics This is an analytical tool offered by Google Inc. Their Privacy Policy can be found here.
Additional details can be found on the webpage titled “How Google uses data when you use our partners’ sites or apps,” accessible at https://policies.google.com.
