(Last updated on 2023-08-01)
If you are a California resident, please also see our California Privacy Statement.
COLLECTION OF PERSONAL DATA
In this notice, “personal data” means any information about an identified or identifiable individual. We process the following categories of personal data from you when you use our Services:
- Contact information, such as your phone number and email address.
- Registration information such as authentication token issued by the third party platform through which you log-in to play our games (e.g. Google, Apple, or Facebook), your guest account ID and password (if you are playing without logging in), and your in-game or character nickname.
- Information required to facilitate the processing of your purchases through third-parties like the Apple App Store, such as country code, player key, receipt information.
- Information required to link your game account with your WEMIX wallet account, such as WEMIX wallet address, WEMIX wallet ID, UUID (Universally Unique Identifier).
- Information necessary to manage inquiries and requests from you such as information related to the issue you are contacting us about.
- Information necessary to organize an event such as your in-game nickname or name of the relevant server.
We receive the above categories of information from you when you directly provide it to us, or from other sources, including from users of our Services and third-party services and organizations. (e.g. Google, Apple, Facebook). Please see Appendix II for more information on personal data collected from third parties. Without this information, we are not able to provide you with all the requested services, and any differences in services are related to your information.
We do not collect any sensitive information (i.e. data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation) or any data relating to criminal conviction and offences from you.
USE OF PERSONAL DATA
We will use your personal data for the following purposes:
- To provide you with the Services. We may use your information to open and maintain user accounts, facilitate the functionality of our Services, customize the Services, to provide forum and community features, to respond to your inquiries and to organize and manage events;
- To improve the quality of our Services. We may use your information to maintain, improve, and administer our Services, including by troubleshooting, data analytics, and testing;
- To keep our Services and users safe. This includes to detect users illegally using our programs; and to otherwise prevent and respond to fraud, abuse, security risks, and technical issues.
- To send you electronic correspondence. We may send you emails or otherwise communicate with you in order to manage inquiries and requests from you or otherwise to communicate about your use of the Services. Upon your request, we may also send you a newsletter in an electronic form.
- To comply with applicable laws and regulations. This includes using your information to ensure compliance with legal obligations (such as recordkeeping obligations), solve disputes, enforce our contractual agreements, and to establish, exercise or defend legal claims.
We will use your personal data on the following legal bases as described in Appendix I:
- To perform a contract we have entered into with you;
- To comply with a legal obligation; or
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal data on the following less common legal bases:
- To protect your interests (or someone else’s interests).
- Where your consent is given; or
- Where it is required to defend or pursue legal claims.
Please see Appendix I for more information on those legal bases.
AUTOMATED DECISION-MAKING AND PROFILING
We do not engage in profiling or other automated decision making in the course of our relationship with you.
DISCLOSURE OF PERSONAL DATA
We may share your personal data with third parties in the following contexts:
- Disclosure to our service providers:
We may use third-party vendors and service providers (or “data processors”) to process your personal information for the purposes outlined above). Our data processors operate only in accordance with our instructions, in line with this policy, and are subject to appropriate confidentiality and security obligations.
-Disclosure pursuant to business transfers:
We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, initial public offering, or in the unlikely event of bankruptcy.
- Disclosure for legal purposes:
We may also transfer your personal data to law enforcement agencies, governmental authorities, legal counsel and external consultants in compliance with applicable data protection laws. The legal basis for such processing is compliance with a legal obligation to which we are subject to or our legitimate interests, such as the exercise or defense of legal claims.
- Disclosure with your consent: Lastly, we may also share information about you to third parties when you have consented to it.
Our services allow you to upload and share messages and other content with others. If you choose to engage in public activities on the Services, you should be aware that any information you share there can be read, collected or used by other users of these areas. You should always exercise discretion and use caution when disclosing information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
If a recipient of your personal data is located outside of the EU and the European Economic Area (“EEA”) in a country that is not recognized by the European Commission as ensuring an adequate level of data protection, we will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These safeguards include data transfer agreements implementing European Commission's Standard Contractual Clauses (a form of data transfer agreement pre-approved by the European Commission as providing adequate safeguards for personal data). You may ask for a copy of such appropriate measures by contacting us as set out above.
We do not knowingly collect or sell any information from children, as defined by applicable law, without parental consent or as otherwise permitted by applicable law.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to only those employees, agents, contractors and other third parties who have a business need for such access.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes set out above, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Broadly, most of your data will be deleted within 30 days after termination of our relationship with you. But in the following circumstances, your personal data will be retained for different set periods:
- Information related to your inquiry submitted to our customer service center – for 3 years; and
- Information related to your participation of an event – for 1 month.
Notwithstanding the above, we may keep your personal data as long as required to comply with legal or regulatory obligations to which we are subject.
YOUR DUTY AND RIGHTS IN RELATION TO YOUR PERSONAL DATA
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. If you become aware of changes or inaccuracies in your information, you should inform us of such changes so that the information may be updated or corrected.
Your rights in connection with personal data
You may be entitled, in accordance with applicable law, to the following rights to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- Request correction and/or deletion of your personal data;
- Request the restriction of the processing of your personal data;
- Request receipt or transmission to another organisation, in a machine-readable form, of the personal data that you have provided to us;
- Object, at any time, to the processing of your personal data by us; or
- Withdraw your consent.
To exercise any of your rights, please contact us by using the contact details at the end of this policy. We may need to request specific personal data from you to help us verify your identity and confirm your right to access the personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure, for example, that personal data is not disclosed to any person who has no right to receive it.
In the event that you wish to make a complaint about how we process your personal data, please contact us and we will endeavour to handle your request as soon as possible. You may lodge a complaint with a supervisory authority if you believe our processing of your information is unlawful. If you are in the EU, you can find the supervisory authority for your country and how to contact them in https://edpb.europa.eu/about-edpb/board/members_en. If you are in the UK, the supervisory authority is the Information Commissioner’s Office, who you can contact in https://ico.org.uk/make-a-complaint/your-personal-information-concerns.
YOUR DUTY AND RIGHTS IN RELATION TO YOUR PERSONAL DATA
The Company is the data controller for the purposes of the EU GDPR, the UK GDPR and other applicable data protection laws. If you have any questions about this notice or wish to contact the Company regarding your personal data or concerns you have about this notice, please contact
[DPO contact information]
- Anastasia Pavlou (Privacy Counsel)
- 100 M Street S.E., Suite 600
- Washington, D.C. 20003 USA
- +1 (617) 398-7067
[EU Representative contact information]
- VeraSafe Netherlands BV
- Keizersgracht 391 A
- 1016 EJ Amsterdam
- The Netherlands
- contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/. - +420 228 881 031.
[UK Representative contact information]
- VeraSafe United Kingdom Ltd.
- 37 Albert Embankment
- London SE1 7TL
- United Kingdom
- +44 (20) 45322003.
CHANGES TO THIS POLICY
We will update this policy to reflect changes in our practices and services, and take appropriate measures to notify you of any significant changes in accordance with applicable data protection laws. When we post changes to this policy, we will revise the "Last Updated" date at the top of this policy.
Purposes for Processing USER Data
|Purpose of Use||Categories of Personal Data||Legal Basis for Processing|
|Providing products and services||- Customer data, Identifiers, Network information, Device information, Usage data, Status of your consent||- Contract|
|Identifying individual users for provision of services||- Customer data, Identifiers, Device information||- Contract|
|Improve the quality of our service, user experiences and fix bugs||- Network information, Device information, Game data||- Our legitimate interests to improve our services|
|Detecting and preventing illegal, unjust or unapproved use of service||- Payment information, Identifiers, Network information, Device information||- Our legitimate interests to protect our business rights and services|
|Managing inquiries and requests from you||- Customer data, Device information, Game data, Payment information, Activity data, Customer service data||- Contract, if your request relates to your use of our services |
- Your consent, if you are contacting us in another context
|Providing forum service on the website||- Customer data, Network information, Activity data, User generated content||- Contract|
|Organizing and managing events||- Activity data, Usage data, Network information, Device information||- Contract|
|Sending out prize (e.g. game item) to the winner of the event||- Customer data, Identifiers, Status of your consent||- Contract|
|Management of cookie information||- Usage data||- Consent when the information is collected through non-essential cookies |
-Legitimate interest to ensure our Services function properly when the information is collected through essential cookies
|Planning, performing and managing the (contractual) relationship with you including processing the payment||- Payment information||- Contract|
|Ensuring compliance with legal obligations such as record keeping obligations||- Customer data, Identifiers, Network information, Device information, Status of your consent, Game data, Payment information, Customer service data||- Legal obligation|
|Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims||- Customer data, Identifiers, Network information, Device information, Status of your consent, Game data, Payment information, Customer service data||- Our legitimate interests to establish, exercise and defend our legal rights|
INFORMATION COLLECTED FROM THIRD PARTIES
|Third Parties||Purpose of Use||Information collected|
|Meta Platforms, Inc. (Formerly, Facebook, Inc.)||To set up a new account by using user’s Facebook account||- Authentication token issued by Facebook|
|To set up a new account by using user’s Twitter account||- Authentication token issued by Twitter|
|Google LLC||To set up a new account by using user’s Google account||- Authentication token issued by Google|
|To process payment-related procedures, such as checking payment status||- Country code, player key, receipt information, email address|
|Apple Inc||To set up a new account by using user’s Apple account||- Authentication token issued by Apple|
|To process payment-related procedures, such as checking payment status||- Country code, player key, receipt information|
|Xsolla Inc||To process payment-related procedures, such as checking payment status||- Email address, phone number, IP address, country code|
|PayPal Pte. Ltd||To process payment-related procedures, such as checking payment status||- Email address, phone number, IP address, country code|
|PAGSEGURO||To process payment-related procedures, such as checking payment status||- Email address, phone number, IP address, country code|
|Stripe||To process payment-related procedures, such as checking payment status||- Email address, phone number, IP address, country code|
|MyCard||To process payment-related procedures, such as checking payment status||- Email address, phone number, IP address, country code|