Bubble Forge

 

Privacy Policy for Mobile Games of Nexaplay Studios

Nexaplay Studios, situated at 332 Golden Square near D-Mart Utran, 394101 Surat, Gujarat, India, presents this Privacy Policy to offer detailed insights into the gathering, processing, and use of data related to our mobile application games ("the Games Apps").

Nexaplay Studios follows applicable legal regulations for the collection, processing, and utilization of personal data, ensuring conformity with the General Data Protection Regulation ("GDPR") and the Indian Data Protection Laws, including the Telecommunication, Telemedia, Data Protection Act.

1. Scope of Application

1.1 This Privacy Policy applies to all Users of the Games Apps ("Users"). If specific services or individual apps have a distinct data protection declaration, that declaration will take precedence.

1.2 Services and offers of third parties linked within the Games App are not covered by this Privacy Policy. Nexaplay Studios disclaims responsibility for the content and data protection compliance of third-party services, unless stated otherwise in the linked content's privacy policy. This includes links to social networks like Facebook or chat apps like WhatsApp and advertisements. Refer to the respective platform's privacy statement for details on handling personal data.

2. Downloading and Installing Game Apps

When downloading and installing Games Apps, the platform operator (e.g., Apple, Inc. for AppStore or Google Ireland Limited for PlayStore) collects necessary personal data, such as name, email, postal code, download time, IP address, device identification number (IMEI), and payment information if applicable. Nexaplay Studios processes this data based on the contract for app subscription/use, according to Article 6 (1) sentence 1 lit. b) GDPR.

3. Collection, Processing, and Use of Data during Game App Usage

3.1 Automatic Connection:

Upon starting and using Nexaplay Studios's Games Apps, a connection may be established to Nexaplay Studios's servers to retrieve current content. Device information, including IP address, operating system, installed Games App version, access date/time (including time zone), and specific requested content, is logged. Nexaplay Studios may also collect personal data to fulfill contractual obligations (e.g., creating User profiles).

3.2 Purpose of Data Processing:

Nexaplay Studios  processes this data for Games App provision and up-to-date content. While not legally required, providing this data is necessary for the respective Games App's use contract and associated Nexaplay Studios  service. It includes essential data for the user-requested game use. Users may voluntarily provide additional data. Basis for data collection is § 25 (2) no. 2 TTDSG, and Art. 6 (1) sentence 1 b) GDPR for further data processing to fulfill contractual obligations.

4. In-App Transactions

4.1 Payment Details:

Certain Games Apps may present extra versions or content for purchase, necessitating the input of bank specifics or payment-related data (e.g., credit card). The payment process employs services from the platform overseer (e.g., Apple, Inc. for AppStore, Google Ireland Limited for PlayStore). The overseer processes this data, alongside essential usage data, for payment processing. Check the particular platform overseer's confidentiality statement for particulars.

4.2 Compulsory Payment Services:

The utilization of these payment services is obligatory according to the platform overseer, allowing Nexaplay Studios to feature the app on the platform and guaranteeing a smooth payment procedure.

4.3 Data Handling for Supplementary Content:

Data processing when acquiring extra content in Games Apps, encompassing payment processing, is executed to meet the content pact, grounded in Article 6 (1) sentence 1 lit. b) GDPR.

5. Assistance Appeals and Interaction via Games App

5.1 Client Assistance Interaction:

Details provided while contacting client assistance or using interaction forms within the Games App are handled to tackle and resolve inquiries, including scrutinizing and rectifying app-related predicaments. Appeals via the Games App encompass information on the app, game advancement, Player-ID, and technical apparatus data.

5.2 Foundation of Data Handling:

Processing aligns with Article 6 (1) sentence 1 (b) GDPR for prevailing pacts or pact initiation. Otherwise, data storing and use adhere to Article 6 (1) sentence 1 (f) GDPR, with a legitimate interest in exhaustive appeal processing and technical dilemma resolution.

6. Error Announcement and Usage Examination via Firebase

6.1 Firebase Service:

Games Apps incorporate Firebase service by Google for functions like Google Analytics. Data on app use is compiled, encompassing error and crash reports for analysis and resolution. Apparatus-Related Data, IP address, and technical specifics are processed by Google.

6.2 Intent of Data Processing:

Google assesses data for insight into app usage, error analysis, and enhancement. Admission to in-game activity is provided through Google, but user-specific identification is inconsequential for Nexaplay Studios. Google may transfer data to its U.S. servers, but IP addresses are anonymized in the EU or other covered states.

6.3 Google's Data Handling:

Google processes data pursuant to its confidentiality policy, obtainable at https://policies.google.com/privacy, which also furnishes supplementary information.

6.4 Data Transference to the U.S.:

Data transfer to Google LLC servers in the USA implicates risks, tackled through standard data protection clauses with Google LLC, incorporating protective measures like data encryption.

6.5 Assent and Data Processing:

Firebase utilization for general analysis requires assent, grounded in §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. A pact with Google for commissioned processing (Art. 28 GDPR) ensures data processing aligns with Nexaplay Studios's directives. Data transfer to Google is anchored in Art. 28 GDPR.

7. Utilization Examination and Data Display through Looker

7.1 Introduction:

We employ Looker, an analytics and data portrayal utility provided by Looker Data Science Inc., to scrutinize and visually represent the patterns of utilization in our Games Apps for ongoing enhancements. Looker is headquartered in Santa Cruz, CA, USA.

7.2 Data Inspection with Looker:

Looker processes previously amassed data via the Firebase service to produce compiled reports on user interactions, app utilization, and demographic data. No data is directly amassed by Looker; it relies on Firebase data.

7.3 Confidentiality Policy:

Details concerning Looker's management of personal data can be found at Looker's Privacy Policy.

7.4 Data Transference to the USA:

Looker may convey data to servers in the USA. Adequate protective measures, including standard data protection clauses, are in place pursuant to Article 44 et seq. GDPR to ensure data protection.

7.5 Consent-Centric Operation:

We solely deploy Looker with your endorsement, governed by §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. You retain the ability to rescind your endorsement at any juncture.

8. Singular Solution

8.1 Objective of Singular Service:

Singular, Inc.'s analytical service, Singular, assesses user interactions with third-party ads exhibited in our Games Apps. It aids in examining the efficacy of advertising for app funding.

8.2 Data Compilation:

Singular compiles data on Games App installation, download sources, app usage, acquisitions, and ad engagements, encompassing IP addresses and device-associated data.

8.3 Opt-out Option:

Users can dissent to Singular service data deployment by adjusting app configurations.

8.4 Confidentiality Principles:

For particulars regarding Singular, Inc.'s data treatment, consult Singular's Privacy Policy.

8.5 Data Transference to the USA:

Data transference to Singular, Inc. in the USA aligns with Art. 46 (2) (c) GDPR, incorporating standard contractual clauses for data preservation.

8.6 Approval-Centric Utilization:

Singular is employed exclusively with user consent, as governed by §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. Withdrawal of consent is viable.

9. Partner Services for Promotion

9.1 Integration of Advertisement Networks:

Diverse advertising networks are amalgamated into Games Apps for exhibiting third-party ads globally. Data is dispatched to adhere to legal requisites and ensure ad pertinence.

9.2 Personalized Advertising:

Personalization is activated upon user endorsement. Users retain the option to revoke endorsement. For non-endorsing users, solely generic, non-personalized ads are showcased.

9.3 Google AdMob

9.3.1 Data Handling by AdMob:

Google's AdMob receives Games App information, device-associated data, and IP addresses. Data transference to Google LLC servers in the USA transpires.

9.3.2 Interaction Recording by Google:

Google records user engagements and IP addresses. Compiled reports are formulated to scrutinize ad efficacy.

9.3.3 Supplementary Particulars:

Further insights into data processing by Google can be retrieved from Google's privacy policy.

9.3.4 Legal Foundation:

Data access aligns with §25 (2) no. 2 TTDSG, and data processing under AdMob aligns with legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

9.3.5 Data Conveyance to the USA:

Conveyance to Google LLC aligns with Article 46 (2) lit. c) GDPR via standard data protection clauses.

9.4 UnityAds

9.4.1 UnityAds Data Processing:

UnityAds by Unity Technologies processes Games App information, device-associated data, and IP addresses.

9.4.2 Interaction Recording by Unity:

Unity records user engagements. Aggregated reports are dispensed without individual identification.

9.4.3 Privacy Stipulation:

Unity's privacy policy can be perused here.

9.4.4 Legal Grounds:

Data processing under UnityAds aligns with legitimate interests (Art. 6 (1) sentence 1 (f) GDPR) and §25 (2) no. 2 TTDSG.

9.4.5 Data Transference to the USA:

Transference to Unity servers in the USA aligns with Article 46 (2) lit. c) GDPR.

9.5 Facebook Audience Network

9.5.1 Facebook Audience Network Data Handling:

Facebook collects Games App data, device-associated data, and IP addresses. Processing may transpire on servers in the USA.

9.5.2 Interaction Recording by Facebook:

Facebook records interactions, processing data for advertising purposes and furnishing compiled reports.

9.5.3 Privacy Information:

Details regarding Facebook's data management can be perused here.

9.5.4 Legal Basis:

Data processing under Facebook Audience Network aligns with legitimate interests (Art. 6 (1) sentence 1 (f) GDPR) and §25 (2) no. 2 TTDSG.

9.5.5 Data Transference to the USA:

Transference to Facebook servers in the USA aligns with Article 46 (2) lit. c) GDPR.

10. Advertising on Facebook for Nexaplay Studios's Propositions

10.1 Facebook Advertising Facilities:

We utilize Facebook's advertising amenities to publicize our offerings on third-party websites and apps within the Facebook advertising network.

10.2 Independent Ad Processing by Facebook:

Facebook autonomously selects and processes specific ads. We possess restricted authority over the user categories targeted.

10.3 Success Tracking by Facebook:

Facebook records ad success for invoicing and analysis. Installations of Games Apps through ads are tracked.

10.4 Legal Basis:

Data processing for ad effectiveness aligns with legitimate interests (Art. 6 (1) sentence 1 (f) GDPR) and §25 (2) no. 2 TTDSG.

10.5 Data Transference to the USA:

Data transference to Facebook in the USA complies with suitable protective measures under Article 44 et seq. GDPR with standard data protection clauses.

10.6 Further Information:

Details on Facebook's data processing concerning advertising are accessible here https://www.facebook.com/policy.php..

10.7 Ad Preferences Control:

Users retain control over ad preferences on the Facebook advertising network, accessible here. Configurations apply universally across linked devices to the Facebook account.

11. Facebook Login

11.1 Player Profile Setup and Facebook Connect:

In some Games Apps, creating a player profile involves filling out a registration form. Alternatively, you can opt for Facebook Connect ("Log in with Facebook"), where your consent, expressed by clicking the corresponding button, allows the entry of your Facebook login details. This Facebook Login, powered by Facebook, sends your login data directly to their servers. We lack access to this login information. Once Facebook verifies your credentials, they share specific details with us: your registered name, profile image, language preference, and your playing location. We utilize this information to establish your player profile in the Games App. Additionally, we use data about your Facebook friends who have played the same Games App to facilitate joint game sessions and improve your overall gaming experience.

11.2 Consent and Facebook Data Handling:

Your use of the Facebook Login function implies your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR) to link your player profile with your Facebook account. It's important to note that we don't have access to your Facebook login details. For details about how Facebook handles your data, please refer to Facebook's Privacy Statement.

11.3 Legal Basis and Withdrawal of Consent:

The legal basis for processing data within the Facebook login function is your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR). You have the right to withdraw your consent for data processing when using the Facebook login function at any time.

11.4 Personal Data Transfer to Facebook:

The transfer of your personal data to Facebook is based on Article 46 (2) lit. c) GDPR. The statements in section 9.5 also apply to this context.

12. Apple Sign In

12.1 Creating Player Profiles through Apple Sign In:

Certain Games Apps allow you to register a player profile using Apple Sign In. If you agree by clicking the appropriate Apple connection button, the Apple Sign In function provided by Apple Distribution International Ltd facilitates this process. We don't have access to the login details of your Apple profile. After verifying your login data, we only receive the necessary information for your player profile: the registered name, Apple ID, language setting, and your playing location.

12.2 Legal Basis and Consent Withdrawal:

Your use of the Apple Sign In function implies your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR). You have the right to withdraw your consent for future data processing at any time.

12.3 Apple's Data Management:

Details on how Apple handles your personal data can be found in Apple's Privacy Statement.

12.4 Data Transfer to Apple:

If the Apple Sign In feature transfers personal data to Apple, Inc. in the USA, Apple ensures that this transfer is covered by the EU Commission's standard data protection clauses pursuant to Article 46 (2) (c) of the GDPR. Additional technical security measures, including encryption and pseudonymization, are employed to protect your data.

13. Inviting Players Using Links

13.1 Generating Game Session Invitations through Links:

In specific Games Apps, you may generate invitations to shared game sessions via direct links. The Google Firebase Dynamic Links service assists in creating these links, ensuring that the intended recipients can join the game session directly. When recipients click the link, Google collects their IP address and device-related data to redirect them to the correct game session.

13.2 Purpose of Data Processing:

Data processing related to the direct link to the game session is carried out to provide an easy method for players to initiate game sessions. This aligns with Art. 6 (1) sentence 1 (f) GDPR and serves our legitimate interest in offering users a seamless and enjoyable gaming experience.

13.3 Necessity of User Data Access:

Access to recipient data is crucial to identify the contact clicking on the link, ensuring their inclusion in the game session (§25 (2) no. 2 TTDSG).

13.4 Google's Report Generation:

Google compiles reports on link usage, functionality, and subsequent app interactions, utilizing aggregated data for evaluation and enhancement of user functionalities.

13.5 Intentional Data Processing:

Data processing for insights into link utilization aligns with Art. 6 (1) sentence 1 (f) GDPR, protecting user interests and enhancing gaming functionalities.

13.6 Google's Data Processing Practices:

Google processes the data collected via the Firebase service in line with its own privacy policy, accessible here.

13.7 Data Transfer to Google in the USA:

The transmission of data to servers in the USA used by Google LLC entails additional risks. To mitigate these risks, we've implemented standard data protection clauses by the EU Commission with Google LLC, ensuring appropriate protection measures, including encryption, based on Article 46 (2) lit. c) GDPR.

14. Error Analysis with Sentry Analytics

14.1 Identification and Correction of Technical Errors:

To identify and rectify technical errors, we employ the Sentry Analytics service by Functional Software, Inc., based in San Francisco, CA. During a game session, technical usage details and actions are locally stored on your device. In case of an error, these details, time-related to the error occurrence, and your IP address are transmitted to Sentry. Sentry processes this information, including hardware details, operating system, Games App name/version, date, time, error specifics, and game-related data. Sentry generates reports for Nexaplay Studios on identifiable errors and their circumstances, aiding in error cause analysis. The data is stored by Sentry for a maximum of 90 days.

14.2 Privacy Assurance and Consent Withdrawal:

Sentry's data processing aims to eliminate bugs promptly for an optimal user experience. Your legitimate interests are considered by anonymizing data after transfer (§25 (2) no. 2 TTDSG). If you prefer not to have your data collected by Sentry during error analysis, refrain from playing the free Games Apps.

14.3 Risk Mitigation for Data Processing Outside EU:

Sentry may process data outside the EU, especially on USA servers. Protective measures, such as EU Commission's standard data protection clauses, are in place to mitigate risks. Data transfer to Sentry in the USA complies with Article 46 (2) (c) GDPR.

15. Data Storage, Retention, and Deletion

15.1 Processing Duration and Legal Compliance:

Personal data is processed as long as needed for processing purposes, legal retention requirements, or other justified reasons. Afterward, data is deleted following statutory provisions.

15.2 Legal Retention and Deletion Exceptions:

Legally required data is retained until necessary. After the retention period, data is promptly deleted unless exceptions under Article 17 (3) GDPR apply.

16. Data Security

16.1 Measures Taken for Data Protection:

Nexaplay Studios implements technical and organizational measures for data protection. Data transmission occurs in encrypted form. However, data protection and security may not be guaranteed outside Nexaplay Studios's control.

17. Sharing Personal Data with Third Parties

17.1 Data Transfer to Service Providers:

Personal data is shared with third parties if necessary for Nexaplay Studios's services, safeguarding legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR). Service providers must implement security measures before receiving personal data.

17.2 Usage of Third-Party Services:

Data collected through third-party services like Google Cloud, Google Firebase, and Couchbase Capella Cloud may include IP addresses, stored up to 30 days. Nexaplay Studios uses these services for efficient Games App provision, ensuring optimal technical functionality. Data transfer to Google and Couchbase in the USA adheres to GDPR Article 46 (2) lit. c).

17.3 Exceptions to Data Transfer:

Nexaplay Studios refrains from sharing personal data unless expressly consented by the user (Art. 6 (1) sentence 1 lit. a) GDPR) or obligated by legal regulations or court orders (Art. 6 (1) sentence 1 lit. c) GDPR).

18. User Rights

18.1 Right to Object

Users can object to data processing based on Art. 6 (1) sentence 1 lit. f) GDPR, with Nexaplay Studios weighing compelling interests. Direct marketing objections are accepted without specific reasons.

18.2 Right to Information

Users have the right to obtain free, written, or electronic information on stored personal data, processing purposes, data origins, disclosures, recipients, storage duration, and rights.

18.3 Rectification, Erasure, and Restriction

Users can request rectification of inaccurate data or deletion and/or processing restriction. The right to erasure depends on legal requirements and user service usage.

18.4 Data Portability

If users provided data based on consent or for contract performance, they can request structured, machine-readable data and transmit it to another controller if technically feasible (right to data portability).

18.5 Consent Withdrawal

User consents for personal data use can be freely revoked for the future.

18.6 Complaints to Supervisory Authority

Users can file complaints with supervisory authorities for data processing violating statutory provisions.

19. Privacy Policy Updates

19.1 Policy Changes and User Notification:

Nexaplay Studios retains the right to update the Privacy Policy, ensuring legal compliance. Users are informed of data usage changes through messages, in-app notifications, or push notifications if permitted.

For any privacy concerns or questions:

Nexaplay Studios, 332 Golden Square Near D-Mart Utran, 394101 Surat, Gujarat, India, contact@nexaplaystudios.com.