Last updated: July 25, 2020
This Policy is effective when the User clicks on the “ACCEPT & CONTINUE” button during the Mistplay account creation process and by doing so, you agree that you have read and understood the terms of this Policy. If you do not agree with these terms or if you are younger than 13, please do not use our Services.
PERSONAL INFORMATION COLLECTION, DISCLOSURE, AND USE
If you sign into our Service using a third-party profile, we will import the first name and last name displayed in such profiles, such as information on Facebook or Google, on our platform.
When you use our Services, we will also collect information about how you interact with the games advertised on our platform. The type of information we collect relates to: i) achievements that are unlocked, ii) in-game purchases, iii) other apps on your device, iv) the time you spend playing games, v) the units you’ve earned in Mistplay, and vi) the game experience earned (collectively “User Gaming Profile”). A user’s gaming profile is visible to other users via the chat social networking feature.
Automatically Collected Information
Upon accessing and when using the Services, certain information will be required to provide the services and automatically collected, such as:
- aggregated usage information;
- the session ID;
- the time and date you access the mobile app; and
- device information and geolocation data.
A user cannot disable the collection of this information.
We use your data for the following purposes:
- Account creation;
- To provide, maintain, perform and improve the Services;
- To ship items that you have ordered from our online shop;
- Enabling you to redeem rewards earned on our platform;
- To perform internal operations, including, for example, to prevent fraud and abuse of our Services to troubleshoot software bugs and operational problems; to conduct data analysis, testing and research;
- To monitor and analyze usage and activity trends;
- Personalization of ads to provide you with better recommendations of advertised games in your country and to help you earn rewards; and
- To communicate with you about our products, services, promotions and news (we will only send you these materials if we have your consent and you can unsubscribe any time);
Additionally, personal data may be used and disclosed to the extent Mistplay may deem reasonably necessary to enforce the terms of any agreement between you and Mistplay, or to protect the rights, property or safety of any person or entity, or if required by law, specifically in response to a demand from government authorities.
We will also use your information to create de-identified statistical and analytical data.
Deletion of Collected Information
We will only retain personal data for as long as you use the Services or for as long as it is required to meet the purposes for which it was collected, or as otherwise required by law. When we delete your account, all personal data will be deleted except as required by law. We may also retain personal data for an additional twelve (12) months after deletion for administrative or accounting purposes. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
The Services are designed to comply with specific requirements relating to Children’s privacy, including the the Children’s Online Privacy Protection Act applicable in the United States (“COPPA”). COPPA requires that website operators or online services not knowingly collect personal information from anyone under the age of 13 without prior verifiable parental consent.
We restrict the use of our Services to individuals age 13 and above. In compliance with COPPA, we do not knowingly collect or retain Information from our Services from children under the age of 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
For Korean residents only, we restrict the use of our Services to individuals age 14 and above. We do not knowingly collect, maintain, or use personal data from children under the age of 14. If we learn we have collected or received personal information from a child under 14 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 14, please contact us at email@example.com.
RIGHT OF ACCESS
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By applicable law you have rights related to access and correction of the personal information that we hold about you.
You may make requests by writing to firstname.lastname@example.org (see below for a description of the augmented rights with respect to accessing and deleting Information that are provided to California, European and Korean residents). Upon receipt of such request, Mistplay will endeavor to provide you this information (in electronic readable format) within a reasonable time. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
- Information protected by solicitor-client privilege.
- Information that is part of a formal dispute resolution process.
- Information that is about another individual that would reveal their personal information or confidential commercial information.
- Information that is prohibitively expensive to provide.
If you are concerned about our response or would like to correct the information provided, please refer to Contact Information and Challenging Compliance below on how to contact us.
WITHDRAWAL OF CONSENT TO COLLECT PERSONAL INFORMATION
You may withdraw your consent to the collection of personal information at any time by sending a written request to email@example.com. Upon receiving notice that you have revoked your consent, we will stop processing your personal information within a reasonable time, which will vary depending on what information we have collected and for what purpose. Please note that by choosing to withdraw such consent, you may not be able to continue to use the Services or any of the benefits you have earned. You may also ask us to delete your account. By deleting your account, however, any loyalty points that you have earned and not redeemed will be deleted. Please note that we will send you an email requesting your confirmation before we delete your account (please refer to the Data Retention section above).
We will only send you promotional communications if we have your consent to do so. You may opt out of receiving promotional messages from us by following the instructions (unsubscribe mechanism) in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.
We will not sell, rent, share, or disclose to outside parties the information we collect, save and except that we may share the collected information with other parties as follows:
- Affiliated Service Providers: We have agreements with various affiliated service providers to facilitate the rendering of our Services. All administrative service providers that we use are required by contract to have the same level of privacy protection as we have and will follow the standards of this policy. These providers will never be permitted to use your data beyond the scope of our engagement with them.
- Third-party advertisers. We have advertisement agreements with various mobile game studios to facilitate the rendering of our Services and provide you with offers we feel you may be interested in. We do not share your personal information with these mobile game studios but rather use a service provider to measure the outcomes of the advertising campaign with the mobile gaming studio. All data associated with the campaign is collected, use, otherwise processed, and then deleted by our service provider in accordance with our agreement with them. If you choose to download a game and provide your personal information to the mobile gaming studio, please know that we do not control their data processing practices and recommend that you review their privacy policies before sending personal information to them.
- Statistical Analysis: We may share anonymized User ratings and review of apps and aggregated anonymized information with third parties, including but not limited to, for statistical, machine learning, advertising, or marketing purposes.
- Transactions: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition, or in any other situation where personal information may be disclosed or transferred as one of our business assets. However, under no circumstances will such transactions result in your information being used for other purposes than those for which you gave us your consent.
SPECIFIC RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOM (“EEA & UK”)
The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). The following section provides additional information regarding the lawful basis and purpose for data processing and specific rights regarding your personal data.
As a resident of the EEA & UK, you should know that the purposes of our data processing activities are being conducted on the following so-called “legal grounds:”
- where it is necessary for us to fulfill a contract between you and us (processing information for purposes of creating your account);
- where it is necessary based on our legitimate interests to process your data (for purposes of fraud prevention, to recommend specific games or to improve the Services we provide to you); or
- where it is necessary to comply with our legal obligations such as for accounting or tax purposes.
As a resident of the EEA & UK, you also have certain specific rights regarding your personal data. You are free to exercise any of these rights by contacting us or as specified herein:
- Access: You have the right to request a copy of the personal data that we process about you. However, there are exceptions to this right, so that access may be denied if, for example, making the information available to you would adversely affect the rights and freedoms of another person, or if we are legally prevented from disclosing such information.
- Accuracy: We aim to keep your personal data accurate and complete. We encourage you to keep us informed about changes that you would like reflected in our records.
- Objecting: In certain circumstances, you have the right to object to processing of your personal data. You may ask us to block, erase or limit the use or other processing of your personal data.
- Data Portability: You have the right to request that some of your personal data is provided to you, or to another provider should you wish to stop using our Services in favour of another, in machine-readable format.
- Erasure: You have the right to erase or request that we erase your personal data when it is no longer necessary for the purposes for which it was collected or if you think it has been used unlawfully.
- Complaints: You have the right to complain to the applicable data protection authority, or to seek a remedy in court.
SPECIFIC RIGHTS FOR RESIDENTS OF CALIFORNIA, USA
The California Consumer Privacy Act (CCPA) grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. As a consumer, you have the right to request, twice a year and free of charge, certain information about parties to whom we have disclosed or sold your personal information in the prior calendar year and a description of the categories of personal information shared. Additionally, upon request, twice a year and free of charge, we shall provide to you any information relating to your personal information and our processing of your personal information in a concise, transparent, intelligible, and easily accessible form using clear and plain language. To make such a request, please send an email to firstname.lastname@example.org and please include the phrase “Personal Information Privacy Request” in the subject line, the Service you are inquiring about, along with your name, address, and email address. You can also ask us to delete your personal data stored on our platform. If we receive a request to delete your data, we will ask you if you want your personal information to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose personal information we have deleted so you may be contacted again by us, should we come into possession of your personal information at a later date. Requests to know and requests to delete will be honored within 45 days; if more time is needed to respond, Mistplay will notify you.
The CCPA enables California users to appoint an authorized agent to act on their behalf to submit disclosure requests and or deletion requests under the CCPA. The authorized agent must register with the California Secretary of State. We will honor a request from an authorized agent provided you provide written authorization to the authorized agent to act on your behalf and we can verify your identity and the agent submits proof of authorization.
The following chart contains the categories of personal information, as enumerated in CCPA Sec. 1798.140(o), of personal information we may collect, use, and disclose, the sources of the personal information and our business and commercial uses of such personal information:
|Category||Name/Description||1. Sources||2. Business Use||3. Commercial Use|
|A||Identifiers – name, email, postal and IP address, unique personal identifier, online identifier, Internet Protocol address, account name||User provided on registration, customer service inquiries and claim forms; related and 3rd party sources to verify user supplied information||Operational purposes including customer service; fraud & security incidence detection; website improvement; award prize winners||None|
|B||Protected classification characteristics under California or federal law||Age and Gender||Recommend suitable Games||None|
|C||Internet or similar network activity -browsing and search history, information on a consumer’s interaction with a website, application, or advertisement||System collected activity logs and cookies||To determine performance of media content and analytics purposes||None|
|D||Geolocation data||Country Identified using IP Address||Recommend Games for Country||None|
|E||Inferences drawn from other personal information.||Profile reflecting a person's preferences||Recommend Games based on preference||None|
Mistplay has collected, will collect, and has disclosed the personal information described in the categories above during the last year for business purposes; however, we do not sell your personal information. If you exercise your rights under the CCPA, Mistplay will not discriminate against you.
CALIFORNIA ONLINE PRIVACY PROTECTION ACT
Browser “Do Not Track” Signals. Most browsers contain a “do-not-track” setting. In general, when a “do-not-track” setting is active, the user’s browser notifies other websites that the user does not want their personal information and online behavior to be tracked and used, for example, for interest-based advertising. As required by CalOPPA, we are required to inform you that, as is the case with most websites, we do not honor or alter our behavior when a user to one of our Websites has activated the “do-not-track” setting on her/his browser.
SPECIFIC RIGHTS FOR RESIDENTS OF SOUTH KOREA
(i) Purpose for collection and use of the personal information;
(ii) Items of personal information being collected;
(iii) Methods for collecting personal information;
(iv) Retention period of the personal information;
(v) Methods and procedures for the destruction of personal information;
(vi) Matters related to the transfer of personal information to third-parties;
(vii) Matters related to the outsourcing of personal information processing to third-parties;
(viii) Rights of users and their legal guardians and methods to exercise their rights;
(ix) Matters related to operation of mechanism for automatically collecting personal information such as cookies and disabling methods; and
(x) Name of Chief Privacy Officer or departments which handle complaints related to personal information, and its contact information such as telephone number.
SHARING INFORMATION (FOR RESIDENTS OF SOUTH KOREA)
We will not sell, rent, share, or disclose to outside parties the information we collect without your prior consent and taking all necessary measures in accordance with the applicable laws. For additional information regarding the type of third-party services that are used, please review the SHARING INFORMATION section for residents of South Korea.
OVERSEAS TRANSFER OF PERSONAL INFORMATION
We may transfer your personal information overseas as described below. Your personal information will be transferred overseas in accordance with the Korean PIPA and Network Act privacy requirements via an information communication network and will be retained and used until the relevant purpose is achieved.
|Company Name||Country||Contact of Employee or Department Responsible for Managing Personal Information||Date and Time of Transfer||Purpose of Transfer||Personal Information Items to be Transferred|
|Amazon Web Services, Inc.||U.S.Aemail@example.com||When the user uses the Service||Cloud storage of user account information||Mobile application account data such as name, email, mailing address, age, gender, language, social media profiles, application installed, time spent using an application, IP address, Google Ad ID, OS version, device model|
|Zendesk||U.S.Afirstname.lastname@example.org||When the user submits a request for support||Process customer support requests||Mobile application username, email|
|Appsflyer||U.S.Aemail@example.com||When the user uses the Service||Rewards and fraud detection||Mobile application Google Ad ID, IP address, age, device model, OS version|
|Twilio Sendgrid||U.S.Afirstname.lastname@example.org||When required||Send newsletter only to subscribers||Email address|
MATTERS RELATED TO THE COLLECTION OF INFORMATION
Please review the information provided within the COLLECTION OF PERSONAL INFORMATION and the WITHDRAWAL OF CONSENT TO COLLECT PERSONAL INFORMATION sections listed above for details regarding these matters.
The security of your personal information is important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers that are located on Amazon AWS in the United States.
Unfortunately, the transmission of information via the Internet is not completely secure and may pass through entities that we do not control. Although we do our best to protect your personal information, no data security measures can be guaranteed to be completely effective to avoid all risks related to transacting information on the internet.
Our Services may link to other websites or apps such as the Google PlayStore, including content offered by third parties that we do not control and whose privacy and data collection practices may differ from ours. We are not responsible for and have no control over these third-parties and their practices, including the information or content contained within them. Please make sure you understand how these sites or businesses use and collect your information by reading their privacy statements.
We are based in Canada and the information that we process is protected by Canadian privacy laws. The information that we collect may be transferred, stored, or used in other jurisdictions, such as the United States, where some of our service providers may be located. While we protect your information by choosing appropriate service providers and having contractual safeguards in place with those vendors, the privacy laws in such jurisdictions may not be as protective as in, for example, Canada or the EEA & UK, and may be subject to access by foreign governments, with or without your knowledge.
The information collected in the EEA & UK is transferred and stored behind firewalls on our secure servers that are located on Amazon AWS in the United States in accordance with the GDPR adequacy standards. Any other transfers to third countries will be done using mechanisms such as the “model clauses” or under the EU-US Privacy Shield.
CONTACT INFORMATION AND CHALLENGING COMPLIANCE
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Data Privacy Officer at:
Data Privacy Officer
481 Viger St, Suite 300, Montreal
Quebec, Canada, H2Z1G6
or via email at email@example.com