Valid from: January 16, 2023
document submitted by GREEN GREY HOLDING (CY) LTD (hereinafter referred to as “GREEN GREY HOLDING”), the company acting and organized under the laws of the Republic of Cyprus, with address: Agias Zonis & Thessalonikis, Nicolaou Pentadromos Center, 10th floor, Flat/Office 1001A, Block B, 3026, Limassol, Cyprus, care about personal data security and comply with all the laws and regulations on the personal data protection, including European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Our users can be sure that their privacy and protection of their personal information are the most significant values.
In order to demonstrate that GREEN GREY HOLDING is fully GDPR- and CCPA-compliant and provide you with information on what personal data we collect from you, for which purposes, and with the help of which companies, we establish and publish this Policy.1. HOW WE USE YOUR INFORMATION
We use the information we collect about you/your device to deliver services and our Games to you and to operate our business. We use it also for improving our services and Games, for enhancing security and for analytics and research purposes to make sure we provide you with the best experience. In addition, we use your information to promote our services and Games in our Games and also in other publisher’s apps and to display third-party advertisements to you. We use your information also for tracking and fraud prevention for advertising purposes and for complying with our legal obligations.We use your information for the following purposes:
- Delivering and improving our services. We use your information for developing, delivering and improving our Games and other products, services, and content, tailoring our products and services, providing Game updates, technical troubleshooting, understanding and analyzing trends in connection with usage of the Games, and administering the Games.
- Displaying advertisements. We use your information for showing advertisements for our Games in other publisher’s apps and for displaying third-party advertisements in our Games.
- Cross-promotion. We use your information for cross-promoting our Games and services, meaning to promote one of our Games while you are playing a different Game of ours.
- Tracking and fraud prevention for advertising purposes. We use your information for tracking how our advertising campaigns perform and for identifying and preventing fraud for our advertising campaigns.
- Analytics and research. We use your information for understanding and analyzing trends in connection with the usage of the Games, gathering demographic information about our user base, data about where the Game was downloaded from. We may also create reports and analysis for the purposes of research or business intelligence, for example to track potential problems or trends with our Games and services, or to test our new game features and content.
- Security. We use your information for enhancing the safety and security of our Games, products and services.
- Customer Support. We use your information for providing customer support to you and to respond to your inquiries.
- Our legal obligations. We use your information when we are required to do so by law, for example, we use your country or region for tax reporting purposes.
Most of the information that we collect about you comes directly from you when you visit our website, play our Games or interact with third-party ads in our Games or with our ads in other publisher’s Games. In general, the information we collect about you relates to the type of device you are using, information that helps us identify your device, how you play our Games and may include information that you submit to us when you voluntarily contact us. We may also collect information from app store platforms and partners and other third parties such as information about your interests and in-app purchases (provided that we never receive your payment or credit card information).
In order to provide you with our Services, we can collect and further process the following categories of your personal data:
- Your name, email address or other details, necessary to process your inquiries;
- Your Identifier for Advertisers (IDFA) or other kinds of Device ID that aggregate all the tracking information on how you use our Services through your device (hereinafter referred to as “Device ID”).
- Your online identifier that directly or indirectly identifies you as a personal data subject, including but not limited to Facebook ID, Google Play ID, Game Center ID etc. For the purposes of this Policy, the term “online identifiers” also includes profile names that you use in social networks for communication with other Users and GREEN GREY HOLDING.
- Your login or in-game nickname and password that you can create by obtaining access to Applications.
- Mobile telephone number.
- Country of residence
Besides, when you contact us through our web-site: http://ip.greengreyholding.com/ or other Sites, you may be required to provide us with the information about your Project that you would like to publish and promote by use of our Services.
We do not request or intend to collect any “special categories of information” such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Kindly be cautious when sharing this information about yourself (or others) in our Services.
Storage of Your Personal Data:
While we and our Processors take all the reasonable and necessary measures aimed at protection of your personal data against unauthorized access by third parties, we shall inform you about the possible risks of such storage of your personal data in jurisdictions outside European Union under Art.49(1)(a) GDPR. Such possible risks include:
How We Secure Your Personal Data Against Unauthorized Use:
- Efforts of hacking attacks. We take all the necessary measures to prevent such attacks and do not allow hackers to access your personal data.
- Storage of personal data in the jurisdictions to which has no access. However, Processors that store your personal data in such jurisdictions use all the necessary security mechanisms for protecting your personal data in accordance with Section 9 of this Policy. Furthermore, their storage authority is restricted and controlled by the written contracts.
We employ reasonable security measures to protect your personal data from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. We do not use vulnerability scanning and/or scanning to PCI standards. We use regular Malware Scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. We implement a variety of security measures when Users enter, submit, or access their information to maintain the safety of their personal data. All transactions are processed through a gateway provider and are not stored or processed on our servers.Transfer of Personal Data to Third Parties:
We do not sell or otherwise transfer your personal data to any third parties. We have never sold any personal data to any third parties, and have not done so within the last 12 (twelve) calendar months. We are not planning to sell your personal data to any third parties in future. We can only transfer your personal data to the Processors determined in this Policy for the purposes specified in the Policy.
If we decide to change our policy on the sale of your personal data in future, we will provide you with all necessary updates and notifications in accordance with CCPA.3. CONSENT TO PROCESSING
You have a right to withdraw your consent to the processing of your personal data at any time. If you would like to withdraw your consent, please send us the verifiable request via email:firstname.lastname@example.org.
In the verifiable request, please identify your online identifier (such as Game Center ID) or other identifiers by which we can identify the personal data related to your use of our Services. However, we cannot guarantee that after the withdrawal of your consent you will be able to use all the features of the Services.
If you send us the request to withdraw your consent you also have the right to request the erasure (deletion) of your personal data that we collected during your use of our Services. Please send us the verifiable request via email: email@example.com.
We will not be able to erase your personal data if the processing of this personal data is necessary for the performance of our Terms of Service that you agreed to, for the compliance with legal obligations, when there are other legal grounds for processing your personal data established by GDPR.4. YOUR RIGHTS
You have certain rights in connection with your personal information and how we handle it. Some of these rights may be subject to some exceptions or limitations. You can exercise these rights at any time by following the instructions below or sending us relevant requests to email: firstname.lastname@example.orgYour rights include:
5. CHILDREN’S PRIVACY
- Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your email address has been changed and we should replace your old email address)
- Right to restrict processing of your personal information in accordance with Art. 18 GDPR (e.g. you can contact us if you want to restrict processing). You have the right, under certain circumstances, to restrict the processing of your Data. In this case, we will not process your Data for any purpose other than storing it.
- Right to take your data with you in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data if you want to upload it to another service)
- Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 of GDPR (e.g. you can contact the data protection supervisory authority directly).
Our Service does not address anyone under the age of 16 (“Children”). When we collect personal information, we do not know the age of our players. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 16 without verification of parental consent, we will take steps to remove that information from our servers.6. COOKIES
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
We use advertising to fund our Services and to make our games available for free. We offer our Games for free or at low cost and in order to do that we need to share information we collect from you with our third-party advertising partners. As a safeguard to protect your privacy, we only store personal information temporarily. The information collected helps us to improve our website and Games and – at the same time – keep our Games free for a wide player base.
As a European-based company, when you use our Games, we rely on our legitimate interest to show advertisements to you. The legal basis to show ads is the legitimate interest in accordance with the European data protection requirements under Art. 6 para. 1 lit. f GDPR, which we evaluated together with our data protection officer.
Before sharing any information with our advertising partners for the purposes of personalized advertising, we always ask for your consent, given when you press accept at relevant button at loading of the Game. The purpose is to improve our Games and provide the player with more relevant ads. We allow our advertising partners to show personalized ads to you only if you have pressed ACCEPT in relevant pop-up window and so consented to the sharing of your personal information for the purposes of personalized advertising. Our advertising partners use different technologies for the purposes of personalized advertising that process your personal information in different ways, so please review their data processing practices before you ACCEPT to show you personalized ads at loading of the Game.
The legal basis to show personalized ads is consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR. In addition, a data processing agreements were concluded with external ad technology providers networks in accordance with the requirements of Art. 28 GDPR. We also ensure that our external service providers are committed to a high level of data protection by concluding data protection agreements.
To enable us to show in-game ads, we may send your advertising ID and IP-address to advertisers (or ad networks) to enable them to find appropriate ads to serve to you in our games and on third-party properties. You can control and limit our use of your advertising ID in your device settings. We do not control which specific ads are shown in our games (it is controlled by ad networks), but we do blacklist certain categories of ads.
Advertising IDs are used by the ad networks for a number of purposes (please refer to the Privacy Notices of our advertising partners listed here) including:
8. DEVELOPER INFORMATION
- limit the number of times you see the same ad;
- ensure they are dealing with humans with real devices and not ‘automated’ bots;
- serve you with advertisements likely to be relevant to you based on your advertising ID engagement with other brands and ads, also recorded using your advertising ID and using your general geographic area. Other brands buy advertisement placement via an ad network or ad exchange to advertise their products in Our Games. The ad network or ad exchange acts as intermediary between the other game companies and Us. In order for an ad network to charge the company buying the ad, clicks from the ad and potentially installs of other developers’ applications party apps are tracked. Views, clicks, and installs from ads are measured using Advertiser ID;
- keep track what games you have used to market you similar kind of games. IP-address is typically used by advertisers to broadly see the general geographic area you are coming from for example country, state, and sometimes at city level).
We may collect personal data related to developers who wish to submit their Games to publishing. We do this in order to carry out the application process and to have a possibility to contact the developers.
(A) Our purposes and legal bases for collection and using developer’s personal data. We may
collect personal data in the following purposes:
- to communicate with the developer (or its representative) about your application for publishing. In this case we have a legitimate interest to collect and process your personal data to be able to enter a contract with you or to communicate with you;
(B) Types of personal data collected
We may collect personal information directly from the developer (or its representative) via filing and submitting web-based application forms, such as:
- full name and surname of the developer or its representative;
- email address and phone number.
We do not transfer your personal data to third parties (except for affiliates, when such transfer within a group of companies is legally permitted and to the extent necessary for the execution of the application process).9. INFORMATION FOR CALIFORNIA CONSUMERS
This part of the document uses the term “personal information“ as it is defined in The California Consumer Privacy Act (CCPA).
How we collect information: what are the sources of the personal information we collect?
We collect the above mentioned categories of personal information, either directly or indirectly, from you when you use our services and Games.
For example, you directly provide your personal information when you submit requests via any forms on the services or Games. You also provide personal information indirectly when you navigate the services and Games, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the Service or with the functioning of the Games and features thereof.
How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose.
We may disclose the personal information we collect about you to a third party for business purposes. In this case, we enter a written agreement with such third party that requires the recipient to both keep the personal information confidential and not use it for any purpose(s) other than those necessary for the performance of the agreement.
We may also disclose your personal information to third parties when you explicitly ask or authorize us to do so, in order to provide you with our Service.
What are the purposes for which we use your personal information?
We may use your personal information to allow the operational functioning of the services or
Games and features thereof (“business purposes”). In such cases, your personal information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes.
We may also use your personal information for other reasons such as for commercial purposes, as well as for complying with the law and defending our rights before the competent authorities where our rights and interests are threatened or we suffer an actual damage.
Your California privacy rights and how to exercise them The right to know and to portability
You may submit once a year, free of charge, a verifiable request to disclose what personal information we collect about you. The easiest way to submit a request is to use the in-app support feature (“Contact Us”) in our Games (if possible).
You may also submit your request via e-mail at email@example.com.
The disclosure described above will be limited to the personal information collected or used over the past 12 months.
If we deliver our response electronically, the information enclosed will be "portable", i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.
The right to request the deletion of your personal information
You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on this Application, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights etc.).
If no legal exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so. However, we may deny your deletion request if retaining the information is necessary for us or our service providers under certain circumstances, which will be explained to you at the time of the denial, if any.
Right to opt-out
You have the right to opt-out of “sale” of your personal information, as defined by the CCPA. In certain circumstances we may share your information with our partners, who help us deliver advertisements in our games tailored to your interests.
Right to be free from discrimination
We may not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: (i) deny your our Services; (ii) charge you different prices or rates for our Services; (iii) provide you a different level or quality of Services; (iv) suggest that you may receive a different price or rate for Services or a different level or quality of Services.
You may exercise your CCPA rights by designating an authorized agent. If you would like to designate an authorized agent to make a request on your behalf, please, be sure that the agent can (i) demonstrate you have provided written permission for the agent to submit a request on your behalf and (ii) provide proof of his or her own identity. We reserve the right to require further reasonable information to verify the request. If the agent does not satisfy these requirements, we may deny the request.
How to exercise your rights
To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this document.
For us to respond to your request, it’s necessary that we know who you are. Therefore, you can
only exercise the above rights by making a verifiable request which must:
provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.
If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.
You can submit a maximum number of 1 request over a period of 12 months. How and when we are expected to handle your request?
We will respond to your request within 45 days of its receipt. Should we need more time, we
will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfill your request. Our disclosure(s) will cover the preceding 12 months period.
Should we deny your request, we will explain to you the reasons behind our denial.
We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.10. SECURITY
Your information privacy and security are important to us and we always pay special attention to ensure that we process your information lawfully in accordance with one of the legal bases set out under EEA data protection laws that apply to our users. We have appointed data protection officer to help us ensure compliance with EEA data protection laws. We store your information for as long as needed to provide you with our services. We may store information longer, but only in a way that it cannot be tracked back to you. We operate globally and we share your information with our Partners, which may include a transfer of your personal information outside of the European Economic Area (the “EEA”).
Because we regularly and systematically monitor personal data subjects on a large scale, we have appointed the Data Protection Officer (DPO) in accordance with Art.37 GDPR.
Our DPO is Zinaida Kobzarenko.
Our DPO monitors the compliance with GDPR by and our Processors, and performs other tasks provided by Art.39 GDPR.