PRIVACY POLICY
Last Update: December
11, 2024
Before
you access our Services and share any personal data with us, make sure to read
our Privacy Policy or have your parent or guardian read and explain it to you.
We want you to make informed decisions about what
personal data you share with us and how you share it.
This Privacy Policy explains who we are, how we process your
personal data, and how you can exercise your privacy rights.
We are HYPERHUG LTD, a company under laws of Republic of Cyprus, with its address at: 156 Ellados st., 3041 Limassol, Cyprus (“HYPERHUG”, “we”, “us”, “our”), a developer and publisher of games and mobile game applications that are made available via app stores including the Apple App Store and Google Play Store.
This Privacy Policy applies to personal data that we collect
through our websites (“Websites”), games and mobile applications (“Apps”), as
well as other products that link to this Privacy Policy (together, “Services”).
If you have
any questions regarding the processing of your personal data, please contact us
at [email protected].
I.
Data practices across our Services:
Our Services vary in the following aspects:
1) Content and functionality:
The personal
data you share with us will depend on the specific Service (e.g., Website, App,
or other product) you access or use. These differences arise from the varying
usage options available across our different Services.
2) Ways to exercise
your privacy rights:
The only
universal method to exercise your privacy rights across all our Services is by
contacting us at [email protected].
Other ways may
differ depending on the specific Service you access or use.
Regardless of these differences, we are
committed to providing you with the most effective means to safeguard your
privacy rights while ensuring an optimal experience with our Services.
II.
Scope of personal data processing
1.
Data subjects:
We value the privacy of those who access or
use our Services.
Our data protection system is designed to
safeguard the personal data of adults and minors (“Data subjects”).
Our Services are available only to
individuals who meet the minimum age requirements of their region. This is
typically 13 years, but in areas like the European Economic Area (EEA), users
must be at least 16 unless local laws allow a lower limit (no less than 13
years).
We take extra steps to protect the personal
data of users under 18. Read more about it in the Section “Children”.
2. Children:
A.
Minimum age of access and use of our
Services:
Use of our Services is restricted to users who meet the minimum age requirement specified in our Terms of Service.
The minimum age depends on your country of residence, but cannot be less than 13 years old.
The minimum age set in our Terms of Service is based not
only on the requirements of applicable data protection laws but also on the age
requirements in the contract laws of the territories we target with our
Services.
We encourage you to review our Privacy Policy and our Terms of Service periodically to stay informed.
Please note: You can find published age recommendations on: Apple’s App Store on iTunes and Google Play. However, these age or maturity classifications refer only to the content in our games (similar to movie ratings G, PG or PG-13 in the U.S., but related to gameplay, animations, etc.). For more on how these categories are defined, visit these support websites for Apple and Google.
For more information on how to protect children online, please visit this link.
If we become aware that you do not meet this requirement, we may take steps to restrict your access to our Services and delete your data.
B.
Conditions of data processing:
We do not knowingly collect or solicit personal data from anyone under the minimum age or knowingly allow such persons to use our Service.
If you are under the minimum age, please do not send any information about yourself to us.
From the moment we become aware that you are under the minimum age, we will immediately delete all your personal data that we may have collected.
If you believe that we might have any information from or about a child under the age of 13, please contact us at [email protected].
C.
Consent of children under the age of 16:
We are located in Cyprus (in the EU). This means that we are subject to the General Data Protection Regulation (“GDPR”) and Cypriot Law 125(I)/2018.
This means that you must be at least 14 years old to give your consent for data processing, unless your country of residence has set a higher age limit (15 and older) to give your consent for the processing of your personal data.
If you are under the minimum age of consent required by your country’s laws, your access and use of our Services will rely on your parent or legal guardian’s consent.
Before giving consent, you or your parent/legal guardian should carefully read this Privacy Policy, our Terms of Service (link), and other documents we will make available to you regarding our data practices and the Services’ functionalities.
If you have additional questions about our privacy practices related to children, please contact us at [email protected].
3. Personal data we process:
We want to make it clear that processing of
your personal data is necessary for providing our Services. Without data
processing, we cannot technically and organizationally provide our Services to
you.
We respect your privacy rights as specified
by law.
You are not required to share your personal
data with us if you do not agree with our data processing activities or for any
other reason.
Depending on their nature:
A. General (non-sensitive) personal data:
This category includes personal data that, by
its nature, does not present significant risks to your fundamental rights and
freedoms.
For example:
name;
email address; age; preferred language of our Services.
We may process general personal data in
accordance with different legal bases.
Read more about legal bases for data
processing in the Section “How we process your personal data”.
B. Sensitive personal data:
This category includes personal data that, by
its nature, poses significant risks to your fundamental rights and freedoms.
For example:
Account
log-in information; financial information (financial account, debit/credit
card).
We may process sensitive personal data in
specific cases, such as when you give us your explicit
consent, or when processing is necessary for the establishment, exercise, or
defense of legal claims.
If you do not want to give us your explicit
consent to process your sensitive personal data, please do not provide such
data.
Read more about legal bases for data
processing in the Section “How we process your personal data”.
Depending on their source:
We collect personal data from various sources.
We may collect your personal data:
a) automatically
from the device you use to access our Services,
b) actively and
directly from you, or
c) from a third
party you have instructed to share your personal data with us.
A. Automatically from the device you use to
access our Services:
When you access or use our Websites, we do not
collect and subsequetly process any personal data.
When you access or use our Apps, we collect and subsequetly process the following personal data:
We log information about your use
of our Apps, including the type of device you use, the features you use, access
times and your IP address.
We collect information about the
device you use to access our Apps, including information about the device
manufacture, device model, device's OS, time zone of device, language of device.
We collect online identifiers of
the device you use to access our Apps, including IDFA, Google Ads ID, Google
Device ID, Game Center ID, Google Play Account ID.
We collect information relating to your use of our Apps, including your game progress, scores, achievements and interactions with other players.
We collect information about your consumption habits relating to your use of our Apps, including which purchases you make with both virtual and real currencies and the reception of virtual goods in-game.
B.
Actively and directly from you:
We collect the following personal data from
you when you access and use our Services, create an Account, communicate with
us, make a payment or interact with us any other way:
When you create an Account in our App, we may
require you to provide your nickname, and other necessary information to grant
you access and enable you to use our Services.
When you use our App (e.g., create a server
name, send messages in chat, add in-app friends), we may
collect the information you provide and record updates on your in-app status. You
freely determine the information you provide us.
When you communicate with us (e.g., via email,
forum, chat for support), we may collect your name, email address, the
contents of your message or any attachments you send, and other information you
choose to provide.
When we send you emails, we may track
whether you open them or click on links to help us improve our Services and
deliver a better user experience.
C. From third parties you have instructed to
share your personal data with us:
If you log into our Apps using a Third-Party Service (e.g., Apple ID and Google Account), we access information about you from that service, such as your screen name, profile information and friend lists.
Your personal data will be processed in accordance with the relevant privacy policies of Third-Party Services, such as:
When other users send us information about you (e.g., using the in-app report form), we may process this information under the warrant that it was provided in strict compliance with applicable laws and regulations.
When you make in-app purchases using the authorized Third-Party Payment Processors (e.g., Apple Payments and Google Payments), your payment transactions will be processed by the Third-Party Payment Processors. We will only get certain personal data about you from the Third-Party Payment Processors in accordance with the Third-Party Payment Processor’s privacy policies.
For Apple Payments, the privacy policy is located at https://www.apple.com/legal/applepayments/privacy-notice/.
For Google Payments, the privacy policy is located at https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice.
4. How we process your personal data:
To process your personal data, we need a
purpose (reason) and a legal basis (ground).
Legal bases for processing of your general
(non-sensitive) personal data and sensitive personal data are different.
We process
your personal data for the following purposes pursuant to the following
legal bases:
Purpose |
Description |
Legal bases |
|
Non-Sensitive Data |
Sensitive Data |
||
Provision and maintenance of Services. |
We use your information for: · providing our Services and their content, · resolving technical issues, · understanding and analyzing trends related to the usage of our Services, and · administering our Services. |
Contract
with you, i.e. Terms of Use (link) |
Explicit
consent |
Improvement and development of Services. |
We use your information for: · improving our Services and their functionality, · enhancing user experience, · identifying and addressing areas of improvement, · analyzing user feedback and behavior, and · developing new features and updates for our Services. |
Contract
with you, i.e. Terms of Use (link) |
Explicit
consent |
Security of Services. |
We use your information for enhancing the safety and security of our Services. |
Contract
with you, i.e. Terms of Use (link) |
Explicit
consent |
Customer support. |
We use your information for providing customer support to you and to respond to your inquiries. |
Contract
with you, i.e. Terms of Use (link) |
Explicit
consent |
Marketing. |
We use your information to show advertisements for: · our Apps within our Services, · our Apps in third-party apps, · third-party advertisements within our Apps. Please see more in the Section “How we share your personal data”. |
Legitimate
interest. |
We do not use your sensitive personal data for this purpose. |
Tracking and fraud prevention for advertising purposes.
|
We use your information for: · tracking how our advertising campaigns perform and · identifying and preventing fraud for our advertising campaigns. |
Legitimate
interest |
We do not use your sensitive personal data for this purpose. |
Analytics and research. |
We use your information for: · understanding and analyzing trends in connection with the usage of our Services, · analyzing demographic information about our user base, · creating reports and analysis for the purposes of research or business intelligence, for example to track potential problems or trends with our Services, or to test our new features and content. |
Legitimate
interest |
We do not use your sensitive personal data for this purpose. |
Legal compliance. |
We use your information for complying with applicable laws and regulations. For example, we use your country or region for tax reporting purposes. |
Legal
obligation |
Establishment, exercise or defense of legal claims. |
Defense
of rights and interests. |
We use your information for: · protecting our legal rights and interests, · responding to claims, disputes, or legal actions, · preventing fraud, abuse, or other unlawful activities, · ensuring the security and integrity of our Services, and · cooperating with law enforcement or regulatory authorities when required. |
Legitimate
interest |
Establishment, exercise or defense of legal claims. |
5.
We do not “sell”
your personal data.
Under certain data protection laws, such as California's CCPA, the term 'sell' refers to the act of transferring, sharing, or making your personal data available to a third party in exchange for monetary gain or other valuable consideration.
We do not “sell” your personal data.
However, we share your personal data with third parties to fulfill the purposes described above, in the Section “How we process your personal data”.
6. How we store your personal data:
We process your personal data only as long as necessary to provide our Services, fulfill the purposes described above, in the Section “How we process your personal data”.
The retention period for your personal data
is determined by the following criteria:
● The duration
for which personal data is needed to provide our Services.
● The nature of
personal data (e.g., general or sensitive).
● Any requests
by user for personal data deletion.
● Any
contractual or legal obligations requiring the ongoing processing of personal
data.
For details on why we process your data,
refer to Section “How we process personal data”.
7. How we share your personal data:
We share your personal data with the following categories of recipients:
To provide our Services, we may use the following service providers such as server hosting providers, technical service providers for supporting internal operations, user login services and analytics service providers:
· Adjust GmbH.
· Meta, Inc.
· Google LLC.
· Appfigures.
· AppsFlyer Ltd.
· Amplitude, Inc.
We may share your personal data with other users of our Services in order to provide certain in-app features (e.g., chat functions, leaderboards).
If you use the chat functions in our Services, please note that any personal data you share may be visible to others.
Once shared, you lose some control over your personal data, as others can extract and use it for their own purposes in breach of our Terms of Service (link).
Our Terms of Service outline the limitations and restrictions on the use of our Services and their contents. They also specify the liability for any breach.
As we cannot fully control how our Services and their contents are used, we strongly advise you to avoid any actions that could result in unwanted consequences for you, your personal data, or for us, including our reputation, Services, rights, and interests.
Our Apps offer or can offer social sharing features and other integrated tools (such as the Facebook “Like” button), which let you share actions you take in our Apps with other media.
The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature.
You must be over the minimum age limit that is prescribed by the legislation in the individual jurisdictions to use any social sharing features integrated in our Apps.
We may share your device identifiers with advertising network companies to deliver advertisements to you within our Apps, based on the information we collect about you from your use of our Services.
The list of advertising network companies may change. We encourage you to review our Privacy Policy periodically to stay informed.
We may use the following advertising network companies:
§ Meta, Inc.
§ Google LLC
§ Unity Technologies
§ IronSource
§ Applovin Corporation
§ MoPub, Inc.
§ ByteDance Ltd.
§ Amazon.com, Inc.
§ Fyber
§ MobFox US LLC
§ TapJoy, Inc.
§ Snap Inc.
§ Tencent Holding Ltd.
We may
share your personal data with our affiliated companies, which are businesses
that are either under our control or that control us.
If we’re
involved in a business deal like a merger, selling assets, financing, or being
bought by another company, we may share or transfer your personal data to a
successor or affiliate along with other assets.
We may be required by applicable law, rule, regulation, or legal process to disclose your personal data to third parties.
We may share your personal data with third parties, including authorities, when your actions are inconsistent with the spirit or language of this Privacy Policy, our Terms of Services (link), or any other document applicable to our Services or if the disclosure is necessary to protect the rights, property and safety of HYPERHUG or others.
The recipients’ processing of your personal data is not covered by this Privacy Policy.
If you have questions about the processing carried out by such recipients, you should review their privacy policies.
8. Cross-border transfer of your personal data:
Personal data is processed in places where
we, our Data processors and other data recipients are located. It means that
your personal data may be transferred to – and maintained on servers located
outside of your state, province, country or other governmental jurisdiction
where the applicable laws and regulations may differ than those from your
jurisdiction.
We are located at Cyprus (the EU). Therefore, depending on
the purpose of processing of your personal data, their nature, and your
location of access and use of our Services, your personal data
may be transferred to, stored, and processed in the EU countries. The
data processing in the EU countries may not provide the same protections as the
laws of your jurisdiction.
When the processing of your personal data is
taking place outside of your state, province, country or other governmental
jurisdiction from which you are accessing and using our Services, we have put
in place appropriate safeguards to protect your personal data.
When a cross-border transfer of your personal
data takes place, we typically rely on adequacy decisions or standard
contractual clauses (SCCs) as the legal bases. If these do not apply, but we
still need to transfer personal data in the course of our activities, including
to provide our Services, we may rely on your explicit consent or the necessity
for the performance of our Terms of Service (link), where applicable.
9. Push notifications and unsolicited messages:
We may send push notifications or alerts to your mobile device to provide game-related information, service updates, promotional communications and other related messages, if you have agreed to such notifications.
You can deactivate these notifications by changing your notification settings on your device.
10.
Security
of your personal data:
We implement technical, organizational and legal measures in an effort to protect personal data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the personal data that we process and the risks associated with it.
The high level of security and safety of your personal data is also ensured by our Data processors, whose data processing practices are described in their privacy policies. Read more about it in the Section “How we share your personal data”.
No security system is perfect. Therefore, we cannot guarantee the absolute security of our Services or that personal data will not be intercepted while being transmitted to us.
For your protection, we recommend accessing or using our Services within a secure environment.
III.
Your
Privacy Rights:
Depending on your territory of residence, your privacy rights will vary.
Notwithstanding your location, we will do our best to ensure that your personal data will be processed in accordance with best practices.
1. Privacy Rights of Residents in the EEA and UK:
We process and answer your requests without undue delay and in any event within one month of our receipt of the request unless a longer period is required due to the complexity of the request. In this case, our response time can be up to three months in total as permitted by Article 12 of the GDPR.
Right to withdraw your consent:
If you gave us your consent for the processing of your personal data, you
have the right to withdraw your consent at any time.
If you withdraw your consent, we will stop processing your personal data for the purpose for which it was withdrawn.
Withdrawing your consent does not affect the lawfulness of processing carried out based on your consent before its withdrawal.
Right
to be informed:
You have the right to be informed about the
collection and use of your personal data. This includes information on the
purposes of processing your data, the categories of data being processed, the
retention periods for that data, and who it will be shared with.
Right
to access:
You can request confirmation that your
personal data is being processed and obtain a copy of the data, as well as
additional information about the processing, such as the purposes, categories
of data, recipients, and retention periods.
Right
to rectification:
If you find any inaccuracies in the personal
data we hold about you, you can request a correction.
Right
to data portability:
You can obtain and reuse your personal data
for your own purposes across different services.
Rights
related to automated decision making:
You can opt out of profiling activities used
for making decisions that could have legal or similarly significant effects on
you.
Right
to restrict processing:
You can restrict the processing of your
personal data when:
● you contest
the accuracy of your personal data;
● you suspect
that the processing is unlawful;
● you believe
that we no longer need your personal data for the purposes of processing, but
you may require your personal data for the establishment, exercise or defense
of legal claims;
● you object to
the processing of your personal data based on our legitimate interest while we
are verifying whether our legitimate interest overrides yours.
Right
to object:
You can object to processing based on
legitimate interests.
Right
to opt-out of processing for advertising purposes:
You can object to the processing of your
personal data for advertising purposes and/or for analytics purpose.
If you object to the processing of your
personal data for advertising and/or analytics purposes, we will cease
processing your data for such purposes.
When you use our Services, third
parties may process data about your mobile device and how you use our Services
in order to serve ads on other apps or websites that are tailored to your
interests.
Examples of data that may be processed
can include:
IP addresses, identifiers associated with your mobile device or applications on the device, how you use our apps, items you put in your basket, or any links you click on when you are in our apps.
If you wish to opt out, please
use one of the following methods:
Right
to erasure:
You can request the deletion or removal of
your personal data, in particular, when:
● your personal
data is no longer necessary for the purposes of its processing;
● you withdraw
consent on which the processing is based, and where there is no other legal
ground for the processing;
● you object the processing based on our legitimate interest;
● you suspect
that your personal data has been unlawfully processed.
Right
to lodge a complaint:
If you believe that our processing of your
personal data infringes upon your rights, you can lodge a complaint with the
relevant Data Protection Authority (DPA) (for UK residents, this would be the
Information Commissioner’s Office).
2. Privacy Rights of Residents in California:
For
California residents, we are not currently subject to the requirements
of the CCPA as amended by the CPRA because:
● our annual
gross revenues do not exceed $25 million,
● we do not buy,
receive, sell, or share the personal information of 100,000 or more California
residents, households, or devices annually, and
● we do not
derive 50% or more of our annual revenues from selling or sharing California
residents' personal information.
Therefore, you will only have rights under
the EU GDPR.
Even though you are located in California,
the EU GDPR applies because the processing is carried out by us, an EU-based
entity.
Once we meet any of the criteria for CCPA
applicability mentioned above, we will implement the following procedures.
We endeavor to respond to a verifiable consumer request
within 45 days of its receipt. If we require more time (up to 90 days), we will
inform you of the reason and extension period in writing. We will deliver our
written response by mail.
Any disclosures we provide will only cover the 12-month period preceding the
verifiable consumer request’s receipt. The response we provide will also
explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your personal data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Right to opt out of the sale or sharing of your
personal data:
You may request us to stop selling or sharing your personal data
(“opt-out”).
“Sharing” refers specifically to sharing for cross-context behavioral advertising, which is the targeting of advertising to a consumer based on the consumer’s personal data obtained from the consumer’s online activity across numerous websites.
Right to know:
You can request us to provide you the following information:
a) the categories and/or specific pieces of personal data we have collected about you,
b) the categories of sources for that personal data,
c) the purposes for which we use that information,
d) the categories of third parties with whom we disclose the data, and
e) the categories of information that we sell or disclose to third parties.
You can make a request to know up to twice a year, free of charge.
Right to delete:
You can request us to delete personal data we collected from you and tell our service providers (Data processors) to do the same, unless certain exceptions apply (such as if we are legally required to keep your personal data).
Right to correct:
If you find any inaccuracies in the personal
data we hold about you, you can request a correction.
Right to limit use and disclosure of sensitive personal information:
You can direct us to only use your sensitive personal data for limited purposes, such as providing you with the Services you requested.
Right
to non-discrimination:
We will not treat you unfairly if you
exercise your privacy rights.
In particular, for exercising your rights we
will not:
1) deny you our
Services;
2) charge you
different prices or rates;
3) provide a
different quality of our Services;
4) suggest that
you will receive a different price or level of our Services.
3. How to exercise your rights:
You can exercise your rights within our App or by contacting us at [email protected].
When you exercise your rights, we will confirm your identity by
comparing the details in your request with the information you previously
shared with us. This may involve contacting you through the email linked to
your Account.
To respond to your request, it is necessary for us to verify your
identity. Therefore, you can only exercise the above rights by submitting a
verifiable request, which must:
1)
Provide sufficient information to reasonably verify
that you are the individual whose personal data we have collected or an
authorized representative;
2)
Describe your request with enough detail to allow
us to properly understand, evaluate, and respond to it.
We use the information provided solely for verification purposes and
will not request additional details unless essential. Any extra information you
provide will be deleted once the verification process is complete.
We will not respond to requests if we cannot verify your identity and,
therefore, cannot confirm that the personal data we hold pertains to you.
If you are a parent or legal guardian, you may submit a verifiable
request on behalf of your child.
IV.
For Your Information
1. Changes to this Privacy Policy:
We will occasionally update this Privacy Policy as necessary
to protect our users, furnish current information, and respond to legal and
technical changes. The most current version of the Privacy Policy will govern
our use of your information and will be available here.
For previous versions of this Privacy Policy, please contact us at [email protected].
2. Contact us:
If you have questions or concerns about this Privacy Policy,
please contact us at [email protected].
For information collected under this Privacy Policy, the data controller is
HYPERHUG LTD, a company under laws of Cyprus, with its address at: 156 Ellados
st., 3041 Limassol, Cyprus.