Privacy Notice
Effective from
May 25, 2018
Last updated Oct 25, 2023
Change history
October 26,
2023 – inclusion of Minigolf Galaxy
Sep 05, 2023 –
inclusion of Pinball M
May 20, 2022 –
general review and clarification
March 30, 2022
– inclusion of Pinball FX and related services
January 20,
2021 – general review and clarification
December 3,
2020 – general review and clarification
February 11,
2020 — added California Consumer Privacy Act disclosures
Sep 19, 2019 –
added Dread Nautical application, specifying the scope of the present
Privacy Notice
Sep 13, 2019 –
added the title Star Wars™ Pinball (Nintendo Switch)
Jan 09, 2019 –
added the title Williams™ Pinball, added 3rd party SDK Fabric, updated 3rd
party SDK Crashlytics
We collect and
process personal data only in accordance with the General Data Protection
Regulation (Regulation 2016/679/EU of the European Parliament and of the
European Council) as adopted by member nations and their respective prevailing
laws and regulations.
We send direct
marketing letters (newsletters) exclusively on the basis of specific
consent. We may send system messages even without a consent. You must be at
least 16 years old to register to our newsletter.
We store data
as safely as possible.
We disclose
personal data to third parties exclusively on the basis of a consent;
however, we collect and transfer statistical data (excluding personal data)
on usage habits to third parties.
You are
required to declare that you accept the Privacy Notice (this document)
and/or user agreement (EULA – where applicable, there we ask for it) to install,
use, play, and/or access ZEN Studios’ online services, games and/or
applications. It is important that you must be at least 13 years old to
accept the Privacy Notice and/or EULA, but if you are under 16, your parent
or guardian is required; therefore, we ask you to have your parents or
guardian help you during registration. During registration, ZEN Studios
will ask for your parent’s or guardian’s consent to your statement, which
will require your parent’s or guardian’s email address and allows him or
her to do so. We will not email anything to your parents or guardian other
than the information required for his or her consent.
Our users may
request information regarding their data stored; furthermore, each user may
require the erasure of his/her personal data (collected and stored upon
his/her consent) at any time, by contacting us through our contact details.
Introduction
ZEN Studios
Software Developer Limited Liability Company (registered seat: H-1027
Budapest, Ganz utca 16. floor 2, company reg.
no.: 01-09-691205, tax number: 12532630-2-41) (hereinafter referred to as
the Service Provider, controller) hereby submits itself to the following
privacy notice.
REGULATION
(EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the
protection of natural persons with regard to the processing of personal
data and on the free movement of such data, and repealing Directive
95/46/EC (general data protection regulation), with special regard to
Sections (32), (39) and (58) as well as Article 12 therein, declare that
the data subject (hereinafter referred to as the user) shall be informed
prior to the commencement of data processing whether the legal basis of data
processing is the consent of the data subject, mandatory provision or
technical requirements.
Before
processing operations are carried out, the data subject shall receive clear
and detailed information of all aspects concerning the processing of
his/her personal data, such as the purpose for which his/her data is
required, the legal basis of data processing, the persons or entities that
are data controllers or data processors of your data, and the duration of
data processing.
Pursuant to
EUP and Regulation 2016/679, users shall be informed that if obtaining the
consent of the user is impossible or entails excessive costs, the
processing of personal data is allowed if:
- processing is necessary for compliance with a
legal obligation to which the controller is subject, or
- it is necessary for the enforcement of the
controller’s or a third party’s legitimate interest, and the
enforcement of such interest is proportionate to the restriction of
the data subject’s right to the protection of personal data.
The
information provided to the user shall cover his or her rights and remedy
options related to data processing.
If providing
information to users is impossible or entails excessive costs (in this case
on a website), information may be provided by the publication of the
following information:
(a) the fact
that data are collected, (b) data subjects involved, (c) the purpose of the
collection of personal data, (d) duration of data processing, (e) possible
controllers entitled to become aware of the personal data, (f) provision of
information to data subjects on their rights and remedies available to them
related to data processing, and (g) if there is a location for the data
protection registration of data processing, the registration number of data
processing.
This privacy
policy concerns data processing activities carried out on the following
websites: http://www.pinballfx.com, blog.zenstudios.com,
forum.zenstudios.com, www.bethesdapinball.com, www.castlestorm.com, www.infiniteminigolf.com, www.kickbeat.com, www.marvelpinball.com, www.starwarspinball.com, www.zenpinball.com, www.dreadnautical.com and
the applications referred to in this privacy notice, and is based on the
above criteria.
The Privacy Notice is available
on the following website:
http://blog.zenstudios.com/zen_privacy_policy.html
Amendments to
the Privacy Notice enter into effect upon their publication on the above website.
Terms,
definitions
data
subject/User: natural person that is or that can be directly or indirectly
identified based on any specific personal data, who contacts the Service
Provider through an application or website, or in any other (online or
offline) way.
personal data:
information relating to the user—especially the name, identifier, and one
or more factors specific to the physical, physiological, mental, economic,
cultural or social identity of the user, and the consequences that can be
drawn from the information related to the data subject;
data
controller: natural or legal person, or organisation without legal personality
which alone or jointly with others determines the purposes and means of the
processing of data; makes and executes decisions concerning data processing
(including the means used) or have it executed by a data processor;
the data
controller in this case: ZEN Studios Software Developer Limited Liability
Company (registered seat: HU-1027 Budapest, Ganz utca
16. floor 2, EUID: HUOCCSZ.01-09-691205, community VAT number: HU12532630)
data
controlling: any operation or the totality of operations performed on the
data, irrespective of the procedure applied; in particular, collecting,
recording, registering, classifying, storing, modifying, using, querying,
transferring, disclosing, synchronizing or connecting, blocking, deleting
and destructing the data, as well as preventing their further use, taking
photos, making audio or visual recordings, as well as registering physical
characteristics suitable for personal identification (such as fingerprints
or palm prints, DNA samples, iris scans);
data
processing: carrying out technical tasks in relation to data processing
operations, irrespective of the method or instrument used in performing
those operations, and of its application, provided that the technical tasks
are performed on data;
data
processor: any natural or legal person or organisation without legal
personality processing the data on the grounds of a contract concluded with
the controller, including contracts concluded pursuant to legislative
provisions;
data
protection officer: Service Provider
does not employ a dedicated data protection officer (the head of the
company /managing director/ is responsible for data protection)
personal data
breach: the unlawful processing or process of personal data, in particular
the illegitimate access, alteration, transfer, disclosure, deletion or
destruction as well as the accidental destruction or damage.
Data
collection, the scope of data, purpose(s) of data processing
In line with
Articles 12, 13 and 14, the following shall be defined with respect to the
registration and use of application:
- the fact that data are collected,
- data subjects involved,
- the purpose of the collection of personal
data,
- duration of data processing,
- possible controllers entitled to become aware
of the personal data,
- provision of information to data subjects on
their rights available to them related to data processing.
The following
data are recorded and stored by the Service Provider upon the start and
while using the games and/or applications:
Applications
|
Personal data
|
Legal basis
|
purpose of data processing
|
duration of data storage
|
source
|
Planet Minigolf
|
Playstation
Network identifier (PSN ID)
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
PSN shall transmit
|
Infinite MiniGolf
|
Gamer Server identifier (Game Server ID)
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
user’s name
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Platform user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
Independence Day Resurgence: Battle Heroes
|
Platform type
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
Apple, Google, Amazon –
automatic recording
|
Platform user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
Apple, Google, Amazon –
automatic recording
|
Platform username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
Apple, Google, Amazon –
automatic recording
|
intra-game friend list
|
performance of contract
|
identification of friends
|
continuous (cancelling of registration)
|
to be provided by the user
|
CastleStorm Free
to Siege
|
Gamer Server identifier (Game Server ID)
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
user’s name
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
CastleStorm
(Nintendo Switch)
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Platform user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
Star Wars Pinball (iOS, Android),
Aliens vs. Pinball, Portal Pinball, Bethesda
Pinball
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Android: Google Game Services user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
iOS: Game Center user
ID
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
iOS: Game Center
username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Android: Google Game Services username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Facebook identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Facebook username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Star Wars Pinball (Nintendo Switch)
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
Platform user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Platform username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Zen Pinball (iOS, Android)
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Android: Google Game Services user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
iOS: Game Center user
ID
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
iOS: Game Center
username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Android: Google Game Services username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Pinball FX3
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
Platform user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Platform username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Pinball FX2 VR
|
Device identifier (Device ID)
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
IPv4/6
|
performance of contract
|
identification of the device
|
continuous (cancelling of registration)
|
automatic recording
|
Platform user identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
automatic recording
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
Bob’s Burgers Pinball, Family Guy Pinball,
Archer Pinball, American Dad! Pinball, The Walking Dead Pinball, Marvel
Pinball (iOS, Android)
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
iOS: Game Center
username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Android: Google Game Services username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Facebook identifier
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Facebook username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Williams™ Pinball (iOS, Android)
|
Generated user identification
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
To be generated by Service Provider
|
iOS: Game Center username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
Android: Google Game Services username
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
email
|
performance of contract
|
identification of the user
|
continuous (cancelling of registration)
|
to be provided by the user
|
email
|
performance of contract
|
sending newsletter
|
continuous (cancelling of registration)
|
subscription
|
Dread Nautical (iOS, tvOS,
MacOS)
|
Upon the start and during the term of use of
this application, Service Provider doesn’t record and/or store any
personal data.
|
Minigolf Galaxy
|
Platform specific username
|
Performance of contract
|
Operating the service
|
Continuous (cancelling of registration)
|
Platform specific API
|
Device identifier
|
Performance of contract
|
Identification of the user’s device
|
Continuous (cancelling of registration)
|
Automatic recording
|
IPv4/IPv6
|
Performance of contract
|
Operating the service
|
Continuous (cancelling of registration)
|
Automatic recording
|
Generated user ID
|
Performance of contract
|
Identification of the user
|
Continuous (cancelling of registration)
|
To be generated by Service Provider
|
Platform specific user ID
|
Performance of contract
|
Identification of the user
|
Continuous (cancelling of registration)
|
Platform specific API
|
|
|
|
|
|
|
|
Data subjects
involved: Every User using or otherwise accessing Service Provider’s game(s),
application(s).
The duration
of data processing and the deadline for the deletion of data are indicated
in the table. The possibilities introduced in games and/or applications
(virtual payment, virtual goods purchased, achievements and trophies, etc.)
require the continuous identification of users. After the termination of
the game and or application, personal data will be deleted within the end
of the year.
Possible
controllers entitled to become aware of the personal data: the managing
director, the developers of the given game and/or application and (if
needed) the customer service may process personal data in accordance with
the above principles.
Legal ground
of data processing: the performance of the contract (Article 6 (1)(b) of
the GDPR) and legitimate interest (Article 6 (1)(d) of the GDPR),
identification and follow-up of users, Directive 2000/31/EC of the European
Parliament and of the Council of 8 June 2000 on certain legal aspects of
information society services, in particular electronic commerce, in the
Internal Market and paragraphs 1 and 2 of Article 13 of Directive
2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning
the processing of personal data and the protection of privacy in the
electronic communications sector:
The service
provider may – for the purpose of providing the service – process personal
data indispensable for providing the service for technical reasons. Should
other conditions be identical, the service provider shall select and
operate the means applied in the course of providing information society
service at all times, so that personal data be processed only if it is
absolutely indispensable for providing the service or achieving other
objectives stipulated in this Act, and only to the required extent and
duration.
The following data are
recorded and stored by the Service Provider upon the start and while using or
accessing the website and/or Customer Support and/or Forum and/or Mailing
List:
Website / e-mail
|
Personal data
|
Legal basis
|
purpose of data processing
|
duration of data storage
|
source
|
Pinball cabinet support request form
|
name
|
performance of contract
|
identification of the user
|
2 months
|
filling out user forms
|
email
|
performance of contract
|
identification of the user
|
2 months
|
filling out user forms
|
picture (of device)
|
performance of contract
|
checking of authorization
|
2 months
|
filling up/ filling out user forms
|
Customer Support mailing
|
name
|
performance of contract
|
settlement of ticket
|
continuous in address book
|
user / receipt of e-mail
|
email
|
performance of contract
|
settlement of ticket
|
continuous in address book
|
user / receipt of e-mail
|
Sales information
|
performance of contract
|
settlement of ticket
|
2 months
|
user / receipt of e-mail
|
Website / e-mail
|
Personal data
|
Legal basis
|
purpose of data processing
|
duration of data storage
|
source
|
Registration forms
|
age
|
legal obligation / protect the vital interests
of the data subject
|
identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
parent / guardian email
|
legal obligation / protect the vital interests
of the data subject
|
identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
parent / guardian consent
|
legal obligation / protect the vital interests
of the data subject
|
identification of the user
|
continuous (cancelling of registration)
|
parent / guardian
|
confirm of the email (by link)
|
Forum
|
name
|
consent, performance of contract
|
use of the forum, identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
email
|
consent, performance of contract
|
use of the forum, identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
MSN ID
|
consent, performance of contract
|
use of the forum, identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
date of birth
|
consent, performance of contract
|
use of the forum, identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
language
|
consent, performance of contract
|
use of the forum, identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet
|
profile picture
|
consent, performance of contract
|
use of the forum, identification of the user
|
continuous (cancelling of registration)
|
user
|
filling out the data sheet, uploading of picture
|
name
|
consent
|
sending newsletter
|
continuous (cancelling of registration)
|
user
|
subscription
|
email
|
consent
|
sending newsletter
|
continuous (cancelling of registration)
|
user
|
subscription
|
IP address
|
consent
|
sending newsletter
|
continuous (cancelling of registration)
|
automatic data recording
|
at the beginning of use
|
Mailing list
|
statistics
|
consent
|
sending newsletter
|
continuous (cancelling of registration)
|
automatic data recording
|
continuously
|
name
|
consent
|
Use of blog comment
|
continuous (cancelling of registration)
|
user
|
Posting comments
|
email
|
consent,
|
Use of blog comment
|
continuous (cancelling of registration)
|
user
|
Posting comments
|
IP address
|
consent, technical necessity
|
Use of blog comment
|
continuous (cancelling of registration)
|
automatic data recording
|
Posting comments
|
Blog
|
User comments
|
consent
|
Use of blog comment
|
continuous (cancelling of registration)
|
user
|
Posting comments
|
name
|
consent
|
Blog administration
|
continuous (cancelling of registration)
|
Administrator
|
Registration
|
email
|
consent
|
Blog administration
|
continuous (cancelling of registration)
|
Administrator
|
Registration
|
profile picture
|
consent
|
Blog administration
|
continuous (cancelling of registration)
|
user
|
Registration
|
Blog Admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We ask users not to provide personal information in their username or email
address.
Data subjects
involved: Each User using or otherwise accessing Service Provider’s
application(s), websites, forum/blog/mailing list and customer service.
The duration
of data processing and the deadline for the deletion of data are indicated
in the table. The storage of data of a continued conservation period is
necessary for the provision of more effective solutions to Users’ problems
and answers to Users’ questions, to keep the forum contents and to operate
the mailing list. After the termination of the forum or mailing list,
personal data will be deleted within five (5) years.
Possible
controllers entitled to become aware of the personal data: the managing
director, the developers of the given application and (if needed) the
customer service, blog administrators (who are the employees of the Service
Provider) may process personal data in accordance with the above
principles.
Legal ground
of data processing: the performance of the contract (Article 6 (1)(b) of
the GDPR) and legitimate interest (Article 6 (1)(d) of the GDPR),
identification and follow-up of users, Directive 2000/31/EC of the European
Parliament and of the Council of 8 June 2000 on certain legal aspects of
information society services, in particular electronic commerce, in the
Internal Market and paragraphs 1 and 2 of Article 13 of Directive
2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning
the processing of personal data and the protection of privacy in the
electronic communications sector:
The service
provider may – for the purpose of providing the service – process personal
data indispensable for providing the service for technical reasons. Should
other conditions be identical, the service provider shall select and
operate the means applied in the course of providing information society
service at all times, so that personal data be processed only if it is
absolutely indispensable for providing the service or achieving other
objectives stipulated in this Act, and only to the required extent and
duration.
Collection and
transfer of data concerning the use and statistical data
The Service
Provider informs the Users that during the use of the applications it
collects and transfers to third parties
identifiers and statistical data automatically.
The fact that
data are collected, personal data involved:
Data base / partner
|
The concerned applications
|
data
|
source
|
purpose of data processing
|
legal ground for data processing
|
duration of data processing
|
data controller / data processor
|
3rd party SDK
–
Photon Networking
|
Disco Dodgeball – REMIX
|
Xbox One:
For authentication: XSTSToken (time-depending
code generated by the platform, from which the xboxlive
identifier may be decrypted)
Shared information: OnlineID/GamerTag (public xboxlive
identifier), XboxLiveId (individual and private
xboxlive identifier)
IP address
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Exit Games servers
|
3rd party SDK
–
Photon Networking
|
PS4:
For authentication: OnlineID (public psn identifier), AuthCode
(time-dependent non-individual code generated by the platform)
Shared information: OnlineID, AccountId (individual and private psn identifier)
IP address
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Exit Games servers
|
3rd party SDK
–
Photon Networking
|
Nintendo Switch:
Shared information: NickName (public nintendo identifier), NsaId
(individual and private nintendo identifier)
IP address
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Exit Games servers
|
|
|
|
|
|
|
|
|
|
|
3rd party SDK
–
Flurry
|
Zen Pinball, Zen Pinball – eSports Edition,
Aliens vs. Pinball, Bethesda Pinball, Star Wars Pinball, Bob’s Burgers
Pinball, Family Guy Pinball, Archer Pinball, American Dad! Pinball, The
Walking Dead Pinball, Marvel Pinball, Portal Pinball
|
IP4/IP6
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Yahoo! servers
|
3rd party SDK
–
Flurry
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Yahoo! servers
|
3rd party SDK
–
Google Analytics
|
Independence Day Resurgence, Independence Day
Battle Heroes
|
IP4/IP6
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
Google Analytics
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
AppsFlyer
|
Aliens vs. Pinball, Bethesda Pinball,
Independence Day Resurgence, Independence Day Battle Heroes
|
IP4/IP6
|
automatic data recording
|
survey of user habits
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
AppsFlyer
servers
|
3rd party SDK
–
AppsFlyer
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
AppsFlyer
servers
|
|
|
|
|
|
|
|
|
|
|
3rd party SDK
–
Vungle
|
Pinball FX2 (Windows 10)
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Vungle
servers
|
3rd party SDK
–
Vungle
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Vungle
servers
|
3rd party SDK
–
AdColony
|
Aliens vs. Pinball, Bethesda Pinball, Zen
Pinball, CastleStorm – Free to Siege
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
AdColony servers
|
3rd party SDK
–
AdColony
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
AdColony
servers
|
3rd party SDK
–
UnityAds
|
Aliens vs. Pinball, Bethesda Pinball, Zen
Pinball, CastleStorm – Free to Siege
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Unity servers
|
3rd party SDK
–
UnityAds
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Unity servers
|
3rd party SDK
–
Chartboost
|
Aliens vs. Pinball, Bethesda Pinball
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Chartboost
servers
|
3rd party SDK
–
Chartboost
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Chartboost
servers
|
3rd party SDK
–
Google AdMob
|
Zen Pinball
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
Google AdMob
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
IronSource
|
Bethesda Pinball, Aliens vs. Pinball, Independence
Day Battle Heroes, Independence Day Resurgence, CastleStorm
– Free to Siege
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
IronSource
servers
|
3rd party SDK
–
IronSource
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
IronSource
servers
|
3rd party SDK
–
Leadbolt
|
Aliens vs. Pinball, Bethesda Pinball
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Leadbolt
servers
|
3rd party SDK
–
Leadbolt
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Leadbolt
servers
|
3rd party SDK
–
AdDuplex
|
Pinball FX2 (Windows 10)
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
AdDuplex
servers
|
3rd party SDK
–
AdDuplex
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
AdDuplex
servers
|
3rd party SDK
–
TapJoy
|
CastleStorm –
Free to Siege
|
IP4/IP6
|
automatic data recording
|
advertisement services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
TapJoy
servers
|
3rd party SDK
–
TapJoy
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
TapJoy
servers
|
3rd party SDK
–
Crashlytics
|
Independence Day Battle Heroes, Independence Day
Resurgence, Bethesda Pinball
|
We insert platform ID into crash reports
|
automatic data recording
Platform API (iOS, Android)
|
survey of user habits, monitoring of stability
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
Fabric
|
Williams Pinball
|
IP4/IP6
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
Fabric
|
Device ID
|
automatic data recording
|
survey of users’ habits, development of products
and services
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Google servers
|
3rd party SDK
–
Xsolla
|
Pinball FX
|
Email Address
|
automatic data recording or provided by user
|
to license software to data subjects and to
comply with applicable laws
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 5 years
|
Xsolla
servers
|
3rd party SDK
–
Xsolla
|
Platform Specific Identifiers
|
automatic data recording
|
to license software to data subjects and to
comply with applicable laws
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 5 years
|
Xsolla
servers
|
3rd party SDK
–
Xsolla
|
IP4/IP6
|
automatic data recording
|
to license software to data subjects and to
comply with applicable laws
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 5 years
|
Xsolla
servers
|
3rd party SDK
–
Xsolla
|
Country from which a purchase originated
|
automatic data recording
|
to license software to data subjects and to
comply with applicable laws
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 5 years
|
Xsolla
servers
|
3rd party SDK
–
Xsolla
|
Partial or Hashed Payment Information
|
provided by user
|
to license software to data subjects and to
comply with applicable laws
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 5 years
|
Xsolla
servers
|
3rd party SDK
–
Saber Interactive
|
Platform Specific Username
|
provided by user
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Country of origin
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Generated User ID (hashed)
|
automatic data recording
|
user identification
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
IP4/IP6
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Platform Specific Identifiers (hashed)
|
automatic data recording
|
operation of service, user identification
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Pinball M, Minigolf Galaxy
|
Platform Specific Username
|
provided by user
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Country of origin
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Generated User ID (hashed)
|
automatic data recording
|
user identification
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
IP4/IP6
|
automatic data recording
|
operation of service
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
3rd party SDK
–
Saber Interactive
|
Platform Specific Identifiers (hashed)
|
automatic data recording
|
operation of service, user identification
|
consent
(EULA/PP pop-up)
|
Acceptance of Privacy Notice
|
termination of product support
|
+ 3 years
|
Saber Interactive servers
|
|
|
|
|
|
|
|
|
|
|
|
The Service Provider informs the Users that during the use of the Dread
Nautical application it doesn’t collect and/or transfer to third parties identifiers and/or statistical data.
Data subjects
involved: Each user using the applications.
Purpose of
data processing: Identification of users, follow-up of users’ habits and
the provision of advertisement services.
Duration of
data processing, deadline for the deletion of data: The table indicates the
duration of data processing the date of erasure shall be the end of third
year following the termination of product support.
Possible
controllers entitled to become aware of the personal data: use of the data
by the controller does not qualify as processing of personal data, as the
Service Provider has no further information necessary to the identification
of the user no connection between such data will be made.
Legal ground
of data processing: It is not necessary to obtain the data subject’s
consent, if the exclusive purpose of the use of the data is transmission of
communication via the electronic telecommunications network, or if it’s
essential for the service provider to provide services related to
information society.
Metrics –
pseudo-anonymized data of usage
The Service
Provider informs the Users that during the use of the games and/or
application it does collect and/or transfer to third parties
identifiers and/or statistical data of usage and users behaviour (hereafter
referred to as: metrics).
These game
and/or application usage data will be pseudo-anonymized by the Service
Provider, and the data used to identify the user will be removed. The
resulting data (metrics) will be analysed and used to improve the game
and/or application. The pseudo-anonymised data cannot be decrypted and it
is no longer possible to identify the user.
Data subjects
involved: Each user using the games and/or applications.
Purpose of
data processing: follow-up of users’ habits and improving services.
Duration of
data processing, deadline for the deletion of data: the duration of data
processing the date of erasure shall be the end of year following the
termination of product support.
Possible
controllers entitled to become aware of the personal data: use of the data
by the controller does not qualify as processing of personal data, as the
Service Provider has no further information necessary to the identification
of the user no connection between such data will be made.
Legal ground
of data processing: It is not necessary to obtain the data subject’s
consent, if the exclusive purpose of the use of the data is transmission of
communication via the electronic telecommunications network, or if it’s
essential for the service provider to provide services related to
information society.
Processing of cookies
The fact that
data are collected, personal data involved: unique identification number,
dates and times
Data subjects
involved: All users visiting the website.
Purpose of
data processing: Identification of users and follow-up of visitors.
Duration of
data processing, deadline for the deletion of data: In case of session
cookies, data processing shall terminate once the website visit is
finished.
Possible
controllers entitled to become aware of the personal data: The use of
cookies does not qualify as processing of personal data.
Provision of
information to data subjects on their rights available to them related to
data processing: the Users may delete cookies under menu item usually
called ‘Data Protection’ in the Tools/Settings menu of their browser.
Legal ground
of data processing: It is not necessary to obtain the data subject’s
consent, if the exclusive purpose of the use of cookies is transmission of
communication via the electronic telecommunications network, or if it is
necessary for the provision of services explicitly requested by the
subscriber or user related to information society.
Other cookies
The controller
uses the remarketing code of Facebook. In this respect we provide the
following information: duration of cookies: 20 days; purpose of data
processing: Personalization of Facebook advertisements; further
information: http://hu-hu.facebook.com/help/cookies/
Use of Google Adwords conversion tracking
The controller
uses the online ad programme called “Google Adwords”,
and within its framework it uses Google’s conversion tracking service.
Google conversion tracking is the analysing service of Google Inc. (1600
Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
When a User
reaches a website via a Google ad, a cookie necessary for conversion
tracking is stored on his or her computer. The validity of these cookies is
limited; therefore, they do not contain any personal data, and Users cannot
be identified by them.
When the User
browses on certain pages of the website, and the cookie has not expired,
Google and the data controller may see that the User has clicked on the ad.
All Google
AdWords clients receive different cookies; therefore, they cannot be
tracked via the websites of the clients of AdWords.
Information
which have been obtained with the use of
conversion tracking cookies aim to prepare conversion statistics for the
clients of AdWords who opt for conversion tracking. This is how clients
receive information on the number of users clicking on their ad and
directed to the website having a conversion tracking label. However, they
cannot receive information based on which any of the users may be
identified.
If you do not
wish to participate in conversion tracking, then you may refuse it by
blocking the option to install cookies in your browser. After this, you
will not figure in statistics related to conversion tracking.
Further
information and the privacy policy of Google may be found at the following
website: www.google.de/policies/privacy/
Application of
Google Analytics
The websites
of ZEN Studios uses the application of Google Analytics which is the web
analysing service of Google Inc. (“Google”). Google Analytics uses
‘cookies’, text files which are saved on your computer, thus helping
analysis of the use of the webpage visited by the User.
Information
created with cookies related to the website used by the User are generally
stored on a Google server located in the US. By website activation of
IP-anonymization, Google shortens the IP-address of Users in advance in the
Member States of the EU or EEA.
The transfer
of the full IP-address is only transferred to a Google server located in
the US in special cases. On behalf of the operator of this website, Google
will use such information to evaluate how the User used the website, to
prepare reports for the operator of the website related to the activity of
the website, and to perform further services related to the use of the
website and the internet.
Within the
framework of Google Analytics, IP-address transferred by the User’s browser
is not linked to other data of Google. You may prevent the storage of
cookies by choosing the appropriate setting on your browser, however,
please note that in this case, it may occur that not all the functions of
the website will be fully available to you. You may also prevent Google
from collecting and processing the User’s data related to the use of the
website (including IP-address), if you download and install the following
browser plug-in. https://tools.google.com/dlpage/gaoptout?hl=hu
Newsletter
(mailing list), DM activity
In accordance
with Section 6 of Act XLVIII of 2008 on Essential Conditions of and Certain
Limitations to Business Advertising, the User may grant his or her explicit
and prior consent to that the Service Provider contact him or her with its
promotions and other messages at the contact details provided at
registration.
Being aware of
the provisions of this Privacy Notice, the User may also grant his or her
consent to the processing of his or her personal data necessary for sending
promotions by the Service Provider.
The Service
Provider may not send unsolicited promotions, and the User may unsubscribe
from such promotions and newsletters free of charge, without indicating his
or her reasons, at any time. In this case, the Service Provider shall
delete all personal data of the User necessary for the sending of
promotions from its data base, and may not continue to send its promotions
to the User. The User may unsubscribe from promotions and newsletters by
clicking on the link in the message.
Purpose of
data processing: sending of electronic messages which contain any
promotions to the data subjects, provision of information on news,
products, discounts, new functions, etc.
Duration of
data processing, deadline for the deletion of data: data processing lasts
until withdrawal of the data subject’s consent, that is until unsubscription.
Possible
controllers entitled to become aware of the personal data: employees of the
data controller may process personal data in accordance with the above
principles.
Data processor
employed during data processing: MailChimp – The
Rocket Science Group LLC. dpo@mailchimp.com.
The Rocket
Science Group LLC d/b/a MailChimp Attn. Privacy Officer (privacy@mailchimp.com) 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Further
information and the privacy policy of MailChimp
may be found at the following website: https://mailchimp.com/legal/privacy/
Legal ground
of data processing: the voluntary consent of the user, Article 6 (1) (a) of GDPR,
Section 6 (5) of Act XLVIII of 2008 on the Essential Conditions of and
Certain Limitations to Business Advertising:
The
advertiser, the advertising service provider and the publisher of
advertising shall keep records of the personal data of the natural persons
granting their consent thereto (to the extent and in the scope determined
in such consent). The data recorded into this registry with respect to the
addressee of the advertisement may only be processed in line with the
content of the consent and until the withdrawal thereof; furthermore, such
data may be transferred to third parties upon the prior consent of the user
thereto.
Social
networking websites
The fact that
data are collected, personal data involved: Name of the person registered
on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram
etc. and the public profile picture of the user.
The scope of
users: All data subjects who have registered on
Facebook/Google+/Twitter/Pinterest/Youtube/Instagram
etc, and have liked the website.
Purposes of
data collection: Sharing or liking, promoting certain contents, products,
discounts of the website or the website itself on the social networking
websites.
Duration of
data processing, deadline for the deletion of data, possible controllers
entitled to become aware of the personal data, and rights related to data
processing available to data subjects: users may refer to the social
networking website in question for information on the source of data, their
processing, and the manner of transfer and its legal ground. Data
processing is carried out on the social networking websites; therefore, the
provisions of the social networking website in question shall cover the
duration, manner of data processing, as well as options to delete or modify
data.
Legal ground
of data processing: the data subject’s voluntary consent to data processing
on the social networking websites.
Customer
service and other data processing activities
Should any
question occur in the course of using the services of the controller, or
should the data subject have any problems, he/she may contact the
controller through the contact points indicated on the website (phone,
e-mail, social media pages etc.).
The incoming
e-mails, messages, the data provided via phone, Facebook etc., together
with the name, e-mail address of and other data provided voluntarily by the
inquiring party shall be deleted by the controller after maximum 5 years of
the date of data provision.
We shall
provide information on any data processing not listed in this information
note upon recording the relevant data.
Upon the
exceptional request of a competent authority or other organs (authorized to
submit such request by the prevailing laws and regulations), the Service
Provider shall provide information, disclose or transfer data and make
available certain documents.
In such cases,
provided that the requesting party has defined the specific purpose of
request and the scope of the requested data, the Service Provider shall
make available the personal data for the requesting party to such an extent
essential for the achievement of the purpose of request.
Zen Studios
data security
The controller
shall design and implement the data processing measures in a way that
ensures the protection of data subjects’ data on the highest level that is
technically feasible and available.
The controller
shall implement adequate safeguards and appropriate technical and
organizational measures to protect personal data (by using passwords and
protection against viruses), as well as adequate procedural rules to
enforce the provisions of the Information Act and other regulations
concerning confidentiality and security of data processing.
Data shall be
protected by the controller by means of suitable measures against
unauthorized access, alteration, transmission, public disclosure, deletion
or destruction, as well as damage and accidental loss, and to ensure that
stored data cannot be corrupted and rendered inaccessible due to any
changes in or modification of the applied technique.
Suitable
technical solutions shall be introduced by the controller to prevent the
interconnection of data stored in these filing systems and the
identification of the data subjects. In order to prevent the unauthorized
access to, the unauthorized change and publication or use of the data, the
controller shall provide for the evolvement and operation of a suitable IT-
and technical environment, for the controlled selection and monitoring of
its employees participating in the provision of services, for the issuance
of detailed operation, risk management and service provision procedural
guidelines.
On the basis
of the above, the service provider shall make available the data processed
by it for the data subject, ensure the authenticity and verification
thereof, as well as to provide for the certification of the unchanged
nature of data.
The IT system
of the controller and its server service provider is to ensure protection
against computing fraud, espionage, computer viruses, spams, hacks and
other attacks.
The rights of
users
The user may
request the Service Provider to give information on the processing of
his/her personal data, to rectify, block or erase the data processed, save
where processing is rendered mandatory.
Information on
the User’s rights related to data processing: the User may initiate the
erasure or amendment of his/her personal data in the following ways: by
post, addressed to the Service Provider’s registered seat, to the attention
of the customer service or by e-mail sent to support@zenstudios.com, via
phone at number +36 1 780 4679.
The right of
the users in connection with mailing lists’ and
newsletters’ data processing: Data subjects may unsubscribe from mailing
lists and/or newsletters at any time, free of charge.
Upon the
user’s request the controller shall provide information concerning the data
relating to him/her, including those processed by a data processor on its
behalf or according to his/her notice, the sources from where they were
obtained, the purpose, grounds and duration of processing, the name and
address of the data processor and on its activities relating to data
processing, and the conditions and effects of the data incident and
measures taken with a view to eliminate them and – in case of data transfer
– the legal basis and the recipients.
The Service
Provider as data controller – by means of an internal data protection
officer should they have appointed one and with a view to control measures
relating to data incidents and to inform data subjects – shall keep records
containing the personal data affected, the personal scope affected by the
data incident, the time, circumstances and effects of the data incident and
measures taken to eliminate thereof as well as other information determined
by law.
With a view to
verifying legitimacy of data transfer and for the information of the data
subject, the Service Provider as data controller shall maintain a
transmission log, showing the date of time of transmission, the legal basis
of transmission and the recipient, description of the personal data
transmitted, and other information prescribed by the relevant legislation
on data processing.
Upon the
user’s request the Service Provider shall provide information concerning
the data processed by it, the sources from where they were obtained, the
purpose, grounds and duration of processing, the name and address of the
data processor (if any) and on its activities relating to data processing,
and –in case of data transfer – the legal basis and the recipients thereof.
The Service Provider shall provide the information in written and easily
understandable form as soon as possible after the submission of the request
but not later than within 1
(one) month. The provision of information shall be free of charge.
Where a personal
data is deemed inaccurate, and the correct personal data is at the
controller’s disposal, the Service Provider shall rectify the personal data
in question.
Instead of
deletion, the Service Provider shall block personal data if User requests
so, or if the violation of User’s legitimate interests by deletion is
reasonable assumable from the available information. The blocked personal
data may only be processed as long as the aim of data processing that
prevented the deleting of the personal data exists.
The Service
Provider shall erase the personal data if processing it is unlawful, if it
is requested to do so by the User, if the data processed is deficient or
erroneous—and it cannot be rectified lawfully—provided that erasure is not
prohibited by law, the purpose of the processing no longer exists, the
deadline for storing the data set forth in the law has expired or it is
ordered by court or by the National Authority for Data Protection and
Freedom of Information.
If the
accuracy of an item of personal data is contested by the data subject and
its accuracy or inaccuracy cannot be ascertained beyond doubt, the data
controller shall mark that personal data for the purpose of referencing.
When a data is
rectified, blocked, marked or erased, the data subject and all recipients
to whom it was transmitted for processing shall be notified. Notification
is not necessary if, with regard to the purpose of the processing, it does
not harm the legitimate interests of the data subject.
If the data
controller refuses to comply with the data subject’s request for
rectification, blocking or erasure, the factual or legal reasons on which
the decision for refusing the request or rectification, blocking or erasure
is based shall be communicated in writing, within 1 (one) month of receipt of the request.
Where rectification, blocking or erasure is refused, the data controller
shall inform the data subject of the possibilities for seeking judicial
remedy or lodging a complaint with the Authority.
Right
to restriction of processing: the user have the
right to request the restriction of processing of his/her personal data.
Doing so may prevent the controller from being able to provide legal
services to the user. In this case, the respective data will be marked and
may only be processed by the controller for certain purposes.
Right
to data portability: the user have the right to
receive the personal data concerning him/her which he/she has provided to
the controller in a structured, commonly used and machine-readable format
and the right to transmit that personal data to another entity without
hindrance from the controller.
The
user can object to the processing of his or her personal data if the
processing (or transmission) of the personal data is only necessary for the
Service Provider to perform its legal obligation, to pursue the legitimate
interests of either the Service Provider, the data recipient or a third
party, except if processing is a legal obligation, if the use and
transmission of the personal data occurs for direct marketing, polling
surveys or scientific research, in any other case determined in the respective
laws.
As soon as
possible after filing the request but not later than within 1 (one) month thereafter,
the Service Provider shall investigate the objection, shall make a decision
about the justification thereof, and inform the applicant about the
decision in writing. If, according to the findings of the Service Provider,
the data subject’s objection is justified, the controller shall terminate
all processing operations (including data collection and transmission),
block the data involved and notify all recipients to whom any of these data
had previously been transferred concerning the objection and the ensuing
measures, upon which these recipients shall also take measures regarding
the enforcement of the objection.
Should the
User disagree with the Service Provider’s decision taken on the basis of
the above, he may seek a judicial remedy against it within 30 days of its
communication. The court shall hear such cases in priority proceedings.
In case of
infringement committed by the controller, the concerned data subject (user)
may turn to the national data protection authority having competence at
his/her address of residence (DPAs
-http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm),
or to the authority having competence at the seat of the Service Provider:
The official
authority according to the registered office of the Service Provider:
(Hungarian) National Authority for Data Protection and Freedom of
Information
H- 1055 Budapest, Falk Miksa utca 9-11..
Mailing
address: 1363
Budapest, Pf.: 9.
Telephone: +36
-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Judicial
remedy
The burden of
proof to show compliance with the law lies with the data controller. The
lawfulness of data transfer shall be certified by the data receiving party.
The regional courts shall have the competence to decide in such cases. The
court case may be initiated before the court having jurisdiction either at
the place of the temporary or the permanent residence of the data subject.
Any person otherwise lacking legal capacity to be a party to legal
proceedings may also be involved in such actions. The Authority may
intervene in the action on the data subject’s behalf.
When the
court’s decision is in favour of the plaintiff, the court shall order the
controller to provide the information, to rectify, block or erase the data
in question, to annul the decision adopted by means of automated
data-processing systems, to respect the data subject’s objection, or to
disclose the data requested by the data recipient.
If the court
rejects the petition filed by the data recipient, the controller shall be
required to erase the data subject’s personal data within 3 days of
delivery of the court ruling. The controller shall erase the data even if
the data recipient does not file for court action within a determined time
limit.
The court may
order publication of its decision, indicating the identification data of
the controller as well, where this is deemed necessary for reasons of data
protection or in connection with the rights of large numbers of data
subjects under protection.
Compensation
and restitution
If the data controller,
by unlawful data processing or by breaching data security rules, violates
the personal rights of the data subject, the latter may demand restitution
from the data controller.
The data
controller shall be liable for damages caused by the data processor and
s/he will be liable to pay restitution for personal rights violations as
well. The controller shall be released from liability for damages and from
paying restitution if s/he demonstrates that the damage or the violation of
personal rights were brought about by reasons beyond his/her data
processing activity.
No
compensation shall be paid, and no restitution may be demanded where the
damage or the violation of rights was caused by intentional or seriously
negligent conduct on the part of the aggrieved party or the data subject.
Miscellaneous
provisions, information
The
information was prepared with due regard to the following laws and
regulations:
REGULATION
(EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April
2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation)
Directive
2000/31/EC of the European Parliament and of the Council of
8 June 2000 on certain legal aspects of information society
services, in particular electronic commerce, in the Internal Market;
Directive
2009/22/EC of the European Parliament and of the Council of 23 April 2009
on injunctions for the protection of consumers’ interests;
Directive
2002/58/EC of the European Parliament and of the Council of 12 July 2002
concerning the processing of personal data and the protection of privacy in
the electronic communications sector;
Regulation
(EU) No 524/2013 of the European Parliament and of the Council of 21 May
2013 on online dispute resolution for consumer disputes and amending
Regulation (EC) No 2006/2004 and Directive 2009/22/EC;
Directive (EU)
2016/1148 of the European Parliament and of the Council of 6 July 2016
concerning measures for a high common level of security of network and
information systems across the Union;
Furthermore,
the laws and regulations of the country of residence of the Service
Provider (Hungary), in particular:
Act CXII of
2011 on the Right to Informational Self-Determination and Freedom of
Information (hereinafter referred to as Infotv.)
Act CVIII of
2001 on Certain Issues of Electronic Commerce Services and Information
Society Services (in particular Section 13/A)
Act XLVII of
2008 on the Prohibition of Unfair Commercial Practices Against Customers;
Act XLVIII of
2008 on Essential Conditions of and Certain Limitations to Business
Advertising (in particular Section 6)
Act XC of 2005
on the Freedom of Electronic Information
Act C of 2003
on Electronic Communications (in particular Section 155)
opinion no.
16/2011 on the EASA/IAB recommendation concerning the approved practices of
behaviour-based online marketing
recommendation
of the European Data protection Body (EDPB) and the Hungarian National
Authority for Data Protection and Freedom of Information (NAIH) concerning
the data protection requirements of preliminary information
PLEASE REVIEW
THE FOLLOWING IF YOU ARE A CALIFORNIA RESIDENT:
California
Consumer Data Rights
ZEN Studios Software Developer Limited Liability
Company (registered seat: H-1027 Budapest, Ganz utca 16. floor 2, company
reg. no.: 01-09-691205, tax number: 12532630-2-41) complies with the
California Consumer Privacy Act of 2018 (CCPA), effective January 1, 2020.
This landmark piece of legislation secures new privacy rights for
California consumers.
Pursuant to CCPA we are required to give you the
option to opt-out of sales concerning your data as such is defined pursuant
to California Civil Code 1798.135. If you would like to opt out, please
click the link below.
OPT-OUT: DO NOT SELL MY
PERSONAL INFORMATION
http://blog.zenstudios.com/optout.html
Categories of Data we Collect and their Uses
In addition to the details provided in tables
provided in above, we collect information that identifies, relates to,
describes, references, is capable of being associated with, or could
reasonably be linked, directly or indirectly, with a particular consumer or
device (“personal information”). In particular, we have collected the
following categories of personal information from consumers within the last
twelve (12) months:
Category
|
Examples
|
Collected
|
Reason for Collection
(specifically identify business purpose if for business
purpose)
|
Is Information “Sold” to 3rd Pty?
|
Identifiers
|
A real name, alias, postal address, unique
personal identifier, online identifier, Internet Protocol address, email
address, account name, Social Security number, driver’s license number,
passport number, or other similar identifiers.
|
YES
|
To provide services specific to users.
|
YES
|
Personal information categories listed in the
California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|
A name, signature, Social Security number,
physical characteristics or description, address, telephone number,
passport number, driver’s license or state identification card number,
insurance policy number, education, employment, employment history, bank
account number, credit card number, debit card number, or any other
financial information, medical information, or health insurance
information. Some personal information included in this category may
overlap with other categories.
|
NO
|
N/A
|
N/A
|
Protected classification characteristics under
California or federal law.
|
Age (40 years or older), race, color, ancestry,
national origin, citizenship, religion or creed, marital status, medical
condition, physical or mental disability, sex (including gender, gender
identity, gender expression, pregnancy or childbirth and related medical
conditions), sexual orientation, veteran or military status, genetic
information (including familial genetic information).
|
NO
|
N/A
|
N/A
|
Commercial information.
|
Records of personal property, products or
services purchased, obtained, or considered, or other purchasing or
consuming histories or tendencies.
|
NO
|
N/A
|
N/A
|
Biometric information.
|
Genetic, physiological, behavioral, and
biological characteristics, or activity patterns used to extract a
template or other identifier or identifying information, such as,
fingerprints, faceprints, and voiceprints, iris or retina scans,
keystroke, gait, or other physical patterns, and sleep, health, or
exercise data.
|
YES
|
To improve services by tracking in-application
interactions
|
NO
|
Internet or other similar network activity.
|
Browsing history, search history, information on
a consumer’s interaction with a website, application, or advertisement.
|
YES
|
To provide ads for monetization.
|
YES
|
Geolocation data.
|
Physical location or movements.
|
NO
|
N/A
|
N/A
|
Sensory data.
|
Audio, electronic, visual, thermal, olfactory,
or similar information.
|
NO
|
N/A
|
N/A
|
Professional or employment-related information.
|
Current or past job history or performance
evaluations.
|
NO
|
N/A
|
N/A
|
Non-public education information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R.
Part 99)).
|
Education records directly related to a student
maintained by an educational institution or party acting on its behalf,
such as grades, transcripts, class lists, student schedules, student
identification codes, student financial information, or student disciplinary
records.
|
NO
|
N/A
|
N/A
|
Inferences drawn from other personal
information.
|
Profile reflecting a person’s preferences,
characteristics, psychological trends, predispositions, behavior,
attitudes, intelligence, abilities, and aptitudes.
|
NO
|
N/A
|
N/A
|
Personal information does not include:
- Publicly
available information from government records.
- De-identified
or aggregated consumer information.
- Information
excluded from the CCPA’s scope, like:
- health or medical information covered by the
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
and the California Confidentiality of Medical Information Act (CMIA)
or clinical trial data;
- personal information covered by certain
sector-specific privacy laws, including the Fair Credit Reporting Act
(FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial
Information Privacy Act (FIPA), and the Driver’s Privacy Protection
Act of 1994.
We obtain the categories of personal information
listed above from the following categories of sources: Identifiers;
biometric data; Internet or other similar network activity
- Directly
from our end users. For example, from customers who engage us for
customer support or to provide customer feedback.
- Indirectly
from our end users. For example, through information we collect from
our end users in the course of providing customer support to them.
- Directly
and indirectly from activity on our website or in our games. For
example, from APIs and cookies (described above) embedded in our
website or games to measure game metrics and progress, play time per
level, and other information related to improving our products.
- From
third-parties that interact with us in connection with the services we
perform. For example, from third party analytics or anti-cheat
providers, or to ad mediators for the purpose of providing
personalized advertising and marketing customized to you.
All such Personal Information is used as otherwise
described in our Privacy Policy.
Sharing Personal Information
We may disclose your personal information to a
third party for a business purpose. When we disclose personal
information for a business purpose, we enter a contract that describes the
purpose and requires the recipient to both keep that personal information
confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have
disclosed the following categories of personal information for a business
purpose: Identifiers; Internet or other similar network activity
We disclose your personal information for a
business purpose to the following categories of third parties:
- Our
affiliates.
- Service
providers.
- Third
parties to whom you or your agents authorize us to disclose your
personal information in connection with products or services we
provide to you.
- Our
vendors.
Your Rights and Choices
Access to Specific Information and
Data Portability Rights
You have the right to request that we disclose
certain information to you about our collection and use of your personal
information over the past 12 months. Once we receive and confirm your verifiable
consumer request, we will disclose to you:
- The
categories of personal information we collected about you.
- The
categories of sources for the personal information we collected about
you.
- Our
business or commercial purpose for collecting or selling that personal
information.
- The
categories of third parties with whom we share that personal
information.
- The
specific pieces of personal information we collected about you (also
called a data portability request).
We generally do not sell our player data. However,
if we do sell your personal information for a business purpose, we will
also disclose to you:
- The
personal information that each category of recipient purchased; and
- disclosures
for a business purpose, identifying the personal information
categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any
of your personal information that we collected from you and retained,
subject to certain exceptions. Once we receive and confirm your verifiable
consumer request, we will delete (and direct our service providers to
delete) your personal information from our records, unless an exception
applies.
We may deny your deletion request if retaining the
information is necessary for us or our service providers to:
- Complete
any transaction for which we collected the personal information,
provide a product or service that you requested, take actions
reasonably anticipated within the context of our ongoing business
relationship with you, or otherwise perform our contract with you.
- Detect
security incidents, protect against malicious, deceptive, fraudulent,
or illegal activity, or prosecute those responsible for such
activities.
- Debug
products, including our website and games, to identify and repair
errors that impair existing intended functionality.
- Exercise
free speech, ensure the right of another consumer to exercise their
free speech rights, or exercise another right provided for by law.
- Comply
with the California Electronic Communications Privacy Act (Cal. Penal
Code § 1546 seq.).
- Engage
in public or peer-reviewed scientific, historical, or statistical
research in the public interest that adheres to all other applicable
ethics and privacy laws, when the information’s deletion may likely
render impossible or seriously impair the research’s achievement, if
you previously provided informed consent.
- Enable
solely internal uses that are reasonably aligned with consumer
expectations based on your relationship with us.
- Comply
with a legal obligation.
- Make
other internal and lawful uses of that information that are compatible
with the context in which you provided it.
Exercising Access, Data Portability,
and Deletion Rights
To exercise the access, data portability, and
deletion rights described above, please submit a verifiable consumer
request to us by either:
E-mailing us at: support@zenstudios.com
Calling us at: +36 1 780 4679
Only you or a person registered with the California
Secretary of State that you authorize to act on your behalf, may make a
verifiable consumer request related to your personal information. You may
also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request
for access or data portability twice within a 12-month period. The
verifiable consumer request must:
- Provide
sufficient information that allows us to reasonably verify you are the
person about whom we collected personal information or an authorized
representative.
- Describe
your request with sufficient detail that allows us to properly
understand, evaluate, and respond to it.
We cannot respond to your request or provide you
with personal information if we cannot verify your identity or authority to
make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an
account with us. We will only use personal information provided in a
verifiable consumer request to verify the requestor’s identity or authority
to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer
request within 45 days of its receipt. If we require more time (up to
90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding
the verifiable consumer request’s receipt. The response we provide
will also explain the reasons we cannot comply with a request, if
applicable. For data portability requests, we will select a format to
provide your personal information that is readily useable and should allow
you to transmit the information from one entity to another entity without
hindrance.
We do not charge a fee to process or respond to
your verifiable consumer request unless it is excessive, repetitive, or
manifestly unfounded. If we determine that the request warrants a
fee, we will tell you why we made that decision and provide you with a cost
estimate before completing your request.
Non-Discrimination
We will not discriminate against you for
exercising any of your CCPA rights. Unless permitted by the CCPA, we will
not:
- Deny
you goods or services.
- Charge
you different prices or rates for goods or services, including through
granting discounts or other benefits, or imposing penalties.
- Provide
you a different level or quality of goods or services.
- Suggest
that you may receive a different price or rate for goods or services
or a different level or quality of goods or services.
|