from May 25, 2018
January 20, 2021 – general review and clarification
December 3, 2020 – general review and clarification
February 11, 2020 — added California Consumer Privacy Act disclosures
Sep 19, 2019 – added Dread Nautical application, specifying the scope of the present Privacy Notice
Sep 13, 2019 – added the title Star Wars™ Pinball (Nintendo Switch)
2019 – added the title Williams™ Pinball, added 3rd party SDK Fabric,
updated 3rd party SDK Crashlytics
We send direct marketing letters (newsletters) exclusively on the basis of specific consent. We may send system messages even without a consent. You must be at least 16 years old to register to our newsletter.
We store data as safely as possible.
We disclose personal data to third parties exclusively on the basis of a consent; however, we collect and transfer statistical data (excluding personal data) on usage habits to third parties.
You are required to declare that you accept the Privacy Notice (this document) and/or user agreement (EULA – where applicable, there we ask for it) to install, use, play, and/or access ZEN Studios’ online services, games and/or applications. It is important that you must be at least 13 years old to accept the Privacy Notice and/or EULA, but if you are under 16, your parent or guardian is required; therefore, we ask you to have your parents or guardian help you during registration. During registration, ZEN Studios will ask for your parent’s or guardian’s consent to your statement, which will require your parent’s or guardian’s email address and allows him or her to do so. We will not email anything to your parents or guardian other than the information required for his or her consent.
Our users may request information regarding their data stored; furthermore, each user may require the erasure of his/her personal data (collected and stored upon his/her consent) at any time, by contacting us through our contact details.
ZEN Studios Software Developer Limited Liability Company (registered seat: H-1027 Budapest, Ganz utca 16. floor 2, company reg. no.: 01-09-691205, tax number: 12532630-2-41) (hereinafter referred to as the Service Provider, controller) hereby submits itself to the following privacy notice.
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation), with special regard to Sections (32), (39) and (58) as well as Article 12 therein, declare that the data subject (hereinafter referred to as the user) shall be informed prior to the commencement of data processing whether the legal basis of data processing is the consent of the data subject, mandatory provision or technical requirements.
Before processing operations are carried out, the data subject shall receive clear and detailed information of all aspects concerning the processing of his/her personal data, such as the purpose for which his/her data is required, the legal basis of data processing, the persons or entities that are data controllers or data processors of your data, and the duration of data processing.
Pursuant to EUP and Regulation 2016/679, users shall be informed that if obtaining the consent of the user is impossible or entails excessive costs, the processing of personal data is allowed if:
The information provided to the user shall cover his or her rights and remedy options related to data processing.
If providing information to users is impossible or entails excessive costs (in this case on a website), information may be provided by the publication of the following information:
(a) the fact that data are collected, (b) data subjects involved, (c) the purpose of the collection of personal data, (d) duration of data processing, (e) possible controllers entitled to become aware of the personal data, (f) provision of information to data subjects on their rights and remedies available to them related to data processing, and (g) if there is a location for the data protection registration of data processing, the registration number of data processing.
following websites: http://www.pinballfx.com,
The Privacy Notice is available on the following website: http://blog.zenstudios.com/zen_privacy_policy.html
Amendments to the Privacy Notice enter into effect upon their publication on the above website.
data subject/User: natural person that is or that can be directly or indirectly identified based on any specific personal data, who contacts the Service Provider through an application or website, or in any other (online or offline) way.
personal data: information relating to the user—especially the name, identifier, and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the user, and the consequences that can be drawn from the information related to the data subject;
data controller: natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor;
the data controller in this case: ZEN Studios Software Developer Limited Liability Company (registered seat: HU-1027 Budapest, Ganz utca 16. floor 2, EUID: HUOCCSZ.01-09-691205, community VAT number: HU12532630)
data controlling: any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronizing or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
data processing: carrying out technical tasks in relation to data processing operations, irrespective of the method or instrument used in performing those operations, and of its application, provided that the technical tasks are performed on data;
data processor: any natural or legal person or organisation without legal personality processing the data on the grounds of a contract concluded with the controller, including contracts concluded pursuant to legislative provisions;
data protection officer: Service Provider does not employ a dedicated data protection officer (the head of the company /managing director/ is responsible for data protection)
personal data breach: the unlawful processing or process of personal data, in particular the illegitimate access, alteration, transfer, disclosure, deletion or destruction as well as the accidental destruction or damage.
Data collection, the scope of data, purpose(s) of data processing
In line with Articles 12, 13 and 14, the following shall be defined with respect to the registration and use of application:
The following data are recorded and stored by the Service Provider upon the start and while using the applications.:,:
Data subjects involved: Each User using or otherwise accessing Service Provider’s application(s), websites, forum/blog/mailing list and customer service.
The duration of data processing and the deadline for the deletion of data are indicated in the table. The storage of data of a continued conservation period is necessary for the provision of more effective solutions to Users’ problems and answers to Users’ questions, to keep the forum contents and to operate the mailing list. After the termination of the forum or mailing list, personal data will be deleted within five (5) years.
Possible controllers entitled to become aware of the personal data: the managing director, the developers of the given application and (if needed) the customer service, blog administrators (who are the employees of the Service Provider) may process personal data in accordance with the above principles.
Legal ground of data processing: the performance of the contract (Article 6 (1)(b) of the GDPR) and legitimate interest (Article 6 (1)(d) of the GDPR), identification and follow-up of users, Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market and paragraphs 1 and 2 of Article 13 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector:
The service provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in this Act, and only to the required extent and duration.
Collection and transfer of data concerning the use and statistical data
The Service Provider informs the Users that during the use of the applications it collects and transfers to third parties identifiers and statistical data automatically.
The fact that data are collected, personal data involved:
Data subjects involved: Each user using the applications.
Purpose of data processing: Identification of users, follow-up of users’ habits and the provision of advertisement services.
Duration of data processing, deadline for the deletion of data: The table indicates the duration of data processing the date of erasure shall be the end of third year following the termination of product support.
Possible controllers entitled to become aware of the personal data: use of the data by the controller does not qualify as processing of personal data, as the Service Provider has no further information necessary to the identification of the user no connection between such data will be made.
Legal ground of data processing: It is not necessary to obtain the data subject’s consent, if the exclusive purpose of the use of the data is transmission of communication via the electronic telecommunications network, or if it’s essential for the service provider to provide services related to information society.
The fact that data are collected, personal data involved: unique identification number, dates and times
Data subjects involved: All users visiting the website.
Purpose of data processing: Identification of users and follow-up of visitors.
Duration of data processing, deadline for the deletion of data: In case of session cookies, data processing shall terminate once the website visit is finished.
Provision of information to data subjects on their rights available to them related to data processing: the Users may delete cookies under menu item usually called ‘Data Protection’ in the Tools/Settings menu of their browser.
The controller uses the remarketing code of Facebook. In this respect we provide the following information: duration of cookies: 20 days; purpose of data processing: Personalization of Facebook advertisements; further information: http://hu-hu.facebook.com/help/cookies/
Use of Google Adwords conversion tracking
The controller uses the online ad programme called “Google Adwords”, and within its framework it uses Google’s conversion tracking service. Google conversion tracking is the analysing service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
When a User reaches a website via a Google ad, a cookie necessary for conversion tracking is stored on his or her computer. The validity of these cookies is limited; therefore, they do not contain any personal data, and Users cannot be identified by them.
When the User browses on certain pages of the website, and the cookie has not expired, Google and the data controller may see that the User has clicked on the ad.
All Google AdWords clients receive different cookies; therefore, they cannot be tracked via the websites of the clients of AdWords.
Information which have been obtained with the use of conversion tracking cookies aim to prepare conversion statistics for the clients of AdWords who opt for conversion tracking. This is how clients receive information on the number of users clicking on their ad and directed to the website having a conversion tracking label. However, they cannot receive information based on which any of the users may be identified.
If you do not wish to participate in conversion tracking, then you may refuse it by blocking the option to install cookies in your browser. After this, you will not figure in statistics related to conversion tracking.
Application of Google Analytics
The websites of ZEN Studios uses the application of Google Analytics which is the web analysing service of Google Inc. (“Google”). Google Analytics uses ‘cookies’, text files which are saved on your computer, thus helping analysis of the use of the webpage visited by the User.
Information created with cookies related to the website used by the User are generally stored on a Google server located in the US. By website activation of IP-anonymization, Google shortens the IP-address of Users in advance in the Member States of the EU or EEA.
The transfer of the full IP-address is only transferred to a Google server located in the US in special cases. On behalf of the operator of this website, Google will use such information to evaluate how the User used the website, to prepare reports for the operator of the website related to the activity of the website, and to perform further services related to the use of the website and the internet.
Within the framework of Google Analytics, IP-address transferred by the User’s browser is not linked to other data of Google. You may prevent the storage of cookies by choosing the appropriate setting on your browser, however, please note that in this case, it may occur that not all the functions of the website will be fully available to you. You may also prevent Google from collecting and processing the User’s data related to the use of the website (including IP-address), if you download and install the following browser plug-in. https://tools.google.com/dlpage/gaoptout?hl=hu
Newsletter (mailing list), DM activity
In accordance with Section 6 of Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising, the User may grant his or her explicit and prior consent to that the Service Provider contact him or her with its promotions and other messages at the contact details provided at registration.
Being aware of the provisions of this Privacy Notice, the User may also grant his or her consent to the processing of his or her personal data necessary for sending promotions by the Service Provider.
The Service Provider may not send unsolicited promotions, and the User may unsubscribe from such promotions and newsletters free of charge, without indicating his or her reasons, at any time. In this case, the Service Provider shall delete all personal data of the User necessary for the sending of promotions from its data base, and may not continue to send its promotions to the User. The User may unsubscribe from promotions and newsletters by clicking on the link in the message.
Purpose of data processing: sending of electronic messages which contain any promotions to the data subjects, provision of information on news, products, discounts, new functions, etc.
Duration of data processing, deadline for the deletion of data: data processing lasts until withdrawal of the data subject’s consent, that is until unsubscription.
Possible controllers entitled to become aware of the personal data: employees of the data controller may process personal data in accordance with the above principles.
Data processor employed during data processing: MailChimp – The Rocket Science Group LLC. email@example.com.
The Rocket Science Group LLC d/b/a MailChimp Attn. Privacy Officer (firstname.lastname@example.org) 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Legal ground of data processing: the voluntary consent of the user, Article 6 (1) (a) of GDPR, Section 6 (5) of Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising:
The advertiser, the advertising service provider and the publisher of advertising shall keep records of the personal data of the natural persons granting their consent thereto (to the extent and in the scope determined in such consent). The data recorded into this registry with respect to the addressee of the advertisement may only be processed in line with the content of the consent and until the withdrawal thereof; furthermore, such data may be transferred to third parties upon the prior consent of the user thereto.
Social networking websites
The fact that data are collected, personal data involved: Name of the person registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and the public profile picture of the user.
The scope of users: All data subjects who have registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc, and have liked the website.
Purposes of data collection: Sharing or liking, promoting certain contents, products, discounts of the website or the website itself on the social networking websites.
Duration of data processing, deadline for the deletion of data, possible controllers entitled to become aware of the personal data, and rights related to data processing available to data subjects: users may refer to the social networking website in question for information on the source of data, their processing, and the manner of transfer and its legal ground. Data processing is carried out on the social networking websites; therefore, the provisions of the social networking website in question shall cover the duration, manner of data processing, as well as options to delete or modify data.
Legal ground of data processing: the data subject’s voluntary consent to data processing on the social networking websites.
Customer service and other data processing activities
Should any question occur in the course of using the services of the controller, or should the data subject have any problems, he/she may contact the controller through the contact points indicated on the website (phone, e-mail, social media pages etc.).
The incoming e-mails, messages, the data provided via phone, Facebook etc., together with the name, e-mail address of and other data provided voluntarily by the inquiring party shall be deleted by the controller after maximum 5 years of the date of data provision.
We shall provide information on any data processing not listed in this information note upon recording the relevant data.
Upon the exceptional request of a competent authority or other organs (authorized to submit such request by the prevailing laws and regulations), the Service Provider shall provide information, disclose or transfer data and make available certain documents.
In such cases, provided that the requesting party has defined the specific purpose of request and the scope of the requested data, the Service Provider shall make available the personal data for the requesting party to such an extent essential for the achievement of the purpose of request.
Zen Studios data security
The controller shall design and implement the data processing measures in a way that ensures the protection of data subjects’ data on the highest level that is technically feasible and available.
The controller shall implement adequate safeguards and appropriate technical and organizational measures to protect personal data (by using passwords and protection against viruses), as well as adequate procedural rules to enforce the provisions of the Information Act and other regulations concerning confidentiality and security of data processing.
Data shall be protected by the controller by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.
Suitable technical solutions shall be introduced by the controller to prevent the interconnection of data stored in these filing systems and the identification of the data subjects. In order to prevent the unauthorized access to, the unauthorized change and publication or use of the data, the controller shall provide for the evolvement and operation of a suitable IT- and technical environment, for the controlled selection and monitoring of its employees participating in the provision of services, for the issuance of detailed operation, risk management and service provision procedural guidelines.
On the basis of the above, the service provider shall make available the data processed by it for the data subject, ensure the authenticity and verification thereof, as well as to provide for the certification of the unchanged nature of data.
The IT system of the controller and its server service provider is to ensure protection against computing fraud, espionage, computer viruses, spams, hacks and other attacks.
The rights of users
The user may request the Service Provider to give information on the processing of his/her personal data, to rectify, block or erase the data processed, save where processing is rendered mandatory.
Information on the User’s rights related to data processing: the User may initiate the erasure or amendment of his/her personal data in the following ways: by post, addressed to the Service Provider’s registered seat, to the attention of the customer service or by e-mail sent to email@example.com, via phone at number +36 1 780 4679.
The right of the users in connection with mailing lists’ and newsletters’ data processing: Data subjects may unsubscribe from mailing lists and/or newsletters at any time, free of charge.
Upon the user’s request the controller shall provide information concerning the data relating to him/her, including those processed by a data processor on its behalf or according to his/her notice, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, and the conditions and effects of the data incident and measures taken with a view to eliminate them and – in case of data transfer – the legal basis and the recipients.
The Service Provider as data controller – by means of an internal data protection officer should they have appointed one and with a view to control measures relating to data incidents and to inform data subjects – shall keep records containing the personal data affected, the personal scope affected by the data incident, the time, circumstances and effects of the data incident and measures taken to eliminate thereof as well as other information determined by law.
With a view to verifying legitimacy of data transfer and for the information of the data subject, the Service Provider as data controller shall maintain a transmission log, showing the date of time of transmission, the legal basis of transmission and the recipient, description of the personal data transmitted, and other information prescribed by the relevant legislation on data processing.
Upon the user’s request the Service Provider shall provide information concerning the data processed by it, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor (if any) and on its activities relating to data processing, and –in case of data transfer – the legal basis and the recipients thereof. The Service Provider shall provide the information in written and easily understandable form as soon as possible after the submission of the request but not later than within 1 (one) month. The provision of information shall be free of charge.
Where a personal data is deemed inaccurate, and the correct personal data is at the controller’s disposal, the Service Provider shall rectify the personal data in question.
Instead of deletion, the Service Provider shall block personal data if User requests so, or if the violation of User’s legitimate interests by deletion is reasonable assumable from the available information. The blocked personal data may only be processed as long as the aim of data processing that prevented the deleting of the personal data exists.
The Service Provider shall erase the personal data if processing it is unlawful, if it is requested to do so by the User, if the data processed is deficient or erroneous—and it cannot be rectified lawfully—provided that erasure is not prohibited by law, the purpose of the processing no longer exists, the deadline for storing the data set forth in the law has expired or it is ordered by court or by the National Authority for Data Protection and Freedom of Information.
If the accuracy of an item of personal data is contested by the data subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the data controller shall mark that personal data for the purpose of referencing.
When a data is rectified, blocked, marked or erased, the data subject and all recipients to whom it was transmitted for processing shall be notified. Notification is not necessary if, with regard to the purpose of the processing, it does not harm the legitimate interests of the data subject.
If the data controller refuses to comply with the data subject’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request or rectification, blocking or erasure is based shall be communicated in writing, within 1 (one) month of receipt of the request. Where rectification, blocking or erasure is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.
Right to restriction of processing: the user have the right to request the restriction of processing of his/her personal data. Doing so may prevent the controller from being able to provide legal services to the user. In this case, the respective data will be marked and may only be processed by the controller for certain purposes.
Right to data portability: the user have the right to receive the personal data concerning him/her which he/she has provided to the controller in a structured, commonly used and machine-readable format and the right to transmit that personal data to another entity without hindrance from the controller.
The user can object to the processing of his or her personal data if the processing (or transmission) of the personal data is only necessary for the Service Provider to perform its legal obligation, to pursue the legitimate interests of either the Service Provider, the data recipient or a third party, except if processing is a legal obligation, if the use and transmission of the personal data occurs for direct marketing, polling surveys or scientific research, in any other case determined in the respective laws.
As soon as possible after filing the request but not later than within 1 (one) month thereafter, the Service Provider shall investigate the objection, shall make a decision about the justification thereof, and inform the applicant about the decision in writing. If, according to the findings of the Service Provider, the data subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
Should the User disagree with the Service Provider’s decision taken on the basis of the above, he may seek a judicial remedy against it within 30 days of its communication. The court shall hear such cases in priority proceedings.
In case of infringement committed by the controller, the concerned data subject (user) may turn to the national data protection authority having competence at his/her address of residence (DPAs -http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm), or to the authority having competence at the seat of the Service Provider:
official authority according to the registered office of the Service
H- 1055 Budapest, Falk Miksa utca 9-11..
Mailing address: 1363 Budapest, Pf.: 9.
Telephone: +36 -1-391-1400
The burden of proof to show compliance with the law lies with the data controller. The lawfulness of data transfer shall be certified by the data receiving party. The regional courts shall have the competence to decide in such cases. The court case may be initiated before the court having jurisdiction either at the place of the temporary or the permanent residence of the data subject. Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene in the action on the data subject’s behalf.
When the court’s decision is in favour of the plaintiff, the court shall order the controller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to respect the data subject’s objection, or to disclose the data requested by the data recipient.
If the court rejects the petition filed by the data recipient, the controller shall be required to erase the data subject’s personal data within 3 days of delivery of the court ruling. The controller shall erase the data even if the data recipient does not file for court action within a determined time limit.
The court may order publication of its decision, indicating the identification data of the controller as well, where this is deemed necessary for reasons of data protection or in connection with the rights of large numbers of data subjects under protection.
Compensation and restitution
If the data controller, by unlawful data processing or by breaching data security rules, violates the personal rights of the data subject, the latter may demand restitution from the data controller.
The data controller shall be liable for damages caused by the data processor and s/he will be liable to pay restitution for personal rights violations as well. The controller shall be released from liability for damages and from paying restitution if s/he demonstrates that the damage or the violation of personal rights were brought about by reasons beyond his/her data processing activity.
No compensation shall be paid, and no restitution may be demanded where the damage or the violation of rights was caused by intentional or seriously negligent conduct on the part of the aggrieved party or the data subject.
Miscellaneous provisions, information
The information was prepared with due regard to the following laws and regulations:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market;
Directive 2009/22/EC of the European Parliament and of the Council of 23 April 2009 on injunctions for the protection of consumers’ interests;
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector;
Regulation (EU) No 524/2013 of the European Parliament and of the Council of 21 May 2013 on online dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC;
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union;
Furthermore, the laws and regulations of the country of residence of the Service Provider (Hungary), in particular:
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Infotv.)
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (in particular Section 13/A)
Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices Against Customers;
Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising (in particular Section 6)
Act XC of 2005 on the Freedom of Electronic Information
Act C of 2003 on Electronic Communications (in particular Section 155)
opinion no. 16/2011 on the EASA/IAB recommendation concerning the approved practices of behaviour-based online marketing
recommendation of the European Data protection Body (EDPB) and the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) concerning the data protection requirements of preliminary information
PLEASE REVIEW THE FOLLOWING IF YOU ARE A CALIFORNIA RESIDENT:
California Consumer Data Rights
ZEN Studios Software Developer Limited Liability Company (registered seat: H-1027 Budapest, Ganz utca 16. floor 2, company reg. no.: 01-09-691205, tax number: 12532630-2-41) complies with the California Consumer Privacy Act of 2018 (CCPA), effective January 1, 2020. This landmark piece of legislation secures new privacy rights for California consumers.
Pursuant to CCPA we are required to give you the option to opt-out of sales concerning your data as such is defined pursuant to California Civil Code 1798.135. If you would like to opt out, please click the link below.
OPT-OUT: DO NOT SELL MY PERSONAL INFORMATION
Categories of Data we Collect and their Uses
In addition to the details provided in tables provided in above, we collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources: Identifiers; biometric data; Internet or other similar network activity
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose: Identifiers; Internet or other similar network activity
We disclose your personal information for a business purpose to the following categories of third parties:
Your Rights and Choices
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
We generally do not sell our player data. However, if we do sell your personal information for a business purpose, we will also disclose to you:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
E-mailing us at: firstname.lastname@example.org
Calling us at: +36 1 780 4679
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: