GDPR – Privacy-By-Design and Record of Processing Activities
We are committed to a lawful, fair and transparent processing of personal data, adhering to the EU General Data Protection Regulation (GDPR). This file documents our general privacy-by-design considerations (articles 5, 25 and 26 GDPR) and records our processing activities.(article 30(1) GDPR)
Company name: RedLine Games
Address: F-47 Manibhadra Row House, Chala - 396191, Gujarat, India
Personal Data Processings: Player data
Creation date / last update: 10 September 2019
Contact persons:* Abhijeet Singh, email@example.com
* Not formally a DPO under the GDPR.
Note that the below uses the “you” and “us” pronouns in paragraphs nrs. 1 o 11 to allow inclusion without modification in our information notices provided to data subjects.
1. We process the following (categories of) personal data
When you play our games, connect to a social networking site through our games, register an account, enter a promo code, or place an order, we process the following personal data when you consent:
· Your IP address, and the country,
· Your device type (for example, iPhone 7, Samsung Galaxy S7) and operating system version.
· Your Game Center ID (for iOS games) or Google Play ID (for Android games).
· When you connect to Facebook or Game Center, or other social platforms, we access your profile, including your username and friends list.
· For analytics, most, when you installed and played the game, your progress throughout the game, and events that are connected to your game-play. We generally cannot identify you with this data, but treat it the same as personal data.
· For advertising, We may use collected IDFAs to (re)target users on advertising platforms.
2. What (purposes) do we use the data for
We use this personal data to perform analytics for our games and allow third-parties to sell, buy and deliver advertizing in those games that display advertizing.
We use social network data to show you personalized content. For example, we might show a high score list with only your friends in it, or show your name or avatar on an in-game object.
3. What is our legal basis for the processing
For both analytics and advertising we base the processing of personal data on the legitimate interest of RedLine Games. For analytics, this is our ability to analyze how players progress through our games to make them better, and to know our player-base on an aggregate level. For advertising, this is our ability to be able to off-set development costs and risk with advertizing income.
For the third-parties we use, their legitimate interest is to be able to offer us their services, and for advertising third-parties and advertisers to be able to show you advertising.
4. Where do we obtain the data from (sources)
We obtain the data from our third-party services providers:
5. How long and where do we store data
We store the personal data that we collect for up to a year, and only aggregate data after that time, except for email addresses for our newsletter. Aggregation data means that we can no longer look at data for individual players.
When a third-party service provider is a controller, they may keep data as well, either for a shorter or longer period.
6. What safeguards have we taken to protect data
Taking into account the nature, scope, context and purpose of the processing, we have taken the following technical and organizational measures:
· Access to our database and user accounts with third-party service providers is protected with access control.
· Access to the database is limited, not all staff in our organization have full access.
· Data sent from our games is encrypted in transit where technically possible.
We do not actively monitor the security of our databases and need to rely on our processors to notify us of any data breaches.
7. Who we share data with
We share data with the following third-parties. These are either controllers, or processors acting on our behalf. We have linked to their respective policies and given a basic description of what they do:
Apple and Google may also collect data when you use their app stores to install our games.
8. Your Rights
You have the right to request access to your personal data that we process. You also have the right to:
· Rectify incorrect personal data or erase it in certain circumstances.
· Restrict or object to the processing of your personal data.
· Receive your data so that you can use it elsewhere (data portability).
· Request to be reviewed manually if a decision has been based on automated processing and profiling.
If you wish to exercise any of the above rights, please write us at firstname.lastname@example.org. We shall act on the data subject access request without undue delay and at the latest within one month of receipt. Finally, you have the right to lodge a complaint with a supervisory authority. If you do not know who your supervisory authority is, please contact us and we will tell you.
9. How to contact us
You can contact us with any questions you may have about the processing of your personal data, or to exercise the above rights: