1. Our details as the data controller
The provision of our application (hereinafter “App”), whether via websites or through various app stores, is brought to you by Spark Star Limited registered Unit А6, 12/F., Hung Fuk Bldg., 60 Hung To Road, Kwun Tong, Kowloon, Hong Kong with business address at: Office EO 04, Ground Floor, Dubai Internet City, Building#1 (VODAFON), Dubai, UAE (the “Data Controller” of your personal data). Consequently, “We”, “Us” and “Ours” refers to the Data Controller.
We have a designated data protection officer (DPO) to help us comply with the requirements of the General Data Protection Regulation (EU) 2016/679. You may contact the DPO directly by emailing firstname.lastname@example.org
In the alternative, you may email Us with regards to queries of any nature (in particular, to exercise Your Rights) at email@example.com
2. What personal data is processed and the legal basis for processing
We only collect personal data voluntarily provided by you, for example as part of the registration process or in the context of the processing of your contractual relationship with our company, and then only to the extent and for the purposes indicated by you.
There are different types of information we obtain, whether directly from you or automatically via your device when you use the App. Essentially, we only obtain what is strictly necessary to provide you with our services and only when you enter the information yourself - no more, no less.
Information, relating to you or your device, is either identified automatically by Our systems, provided to Us by the operating system of your device or is input by you manually when filling out certain fields, authorizing certain actions in the Apps.
|Information you provide Us with||Legal basis for processing|
1. Telephone number, email address or a social network profile when you log in to use the App as a registered user.
Performance of the contract with you.
This is how the Service works, We cannot let you sign into the App without a valid telephone number, email address or social network login.
It is entirely up to you, however, to log in via a social network and omit your email and telephone number.
We may contact you for marketing purposes of similar products and/or services. It will be in Our legitimate interests to do so, but you will always have a chance to opt out of such marketing communications prior to any such communication.
2. All of the social profile information
Profile photo (avatar), name, gender, date of birth, photos for albums, city, occupation, news feed, your schedules (see below), gifts, number of friends, followers and persons being followed by yourself.
Your consent at the time of provision of the same. You can always change or replace that information within the App settings, or choose not to give any of those details.
All of the above is totally optional and except your email/telephone numbers, does not even have to be accurate.
3. And if you do log in via a social network, you would do that via the “OAuth” method for secure login (read more about OAuth by following the link https://oauth.net/)
Essentially, this is information from your public profile (with, for instance, Facebook) that you can control at any stage.
Performance of the contract with you.
Same as above, We could not otherwise provide you with our services as a registered user.
4. Your contact list (whether from the device or a social network). This would allow you to link with your contacts from different areas, but not necessarily share your telephone number with them.
Your consent when you allow access via the settings of your device (when it prompts you for access).
Equally, you will have to enter your social network credentials to access contact list from that social network. You can always withdraw your consent and access to your contacts through the settings of the handset and your social network.
5. Your rough geo location
Your consent when you allow access (after being prompted by your device).
This can always be withdrawn but you will not be able to fully use the App and its benefits.
|Information collected automatically or assigned by Us to you||Legal basis for processing|
1. The server that hosts the App may record requests your device makes to the server, the details on device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information.
Performance of the contract.
The App would not operate otherwise, you need this to connect to the Internet.
This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents.
2. Advertising identifiers provided by the operating system of your handheld device (such as, for instance, IDFA, GAID)
Your consent to the provision of such identifiers given by default through the operating system of your device (Apple or Android, for instance). You are free to withdraw your consent by resetting those identifiers or opting out of interest based advertising.
This may be done via the settings of your handset and/or your browser. We respect those choices you make through the settings of your device.
3. Various device identifiers, provided by the operating system (device ID or a vendor ID, for instance) or assigned by Us
Our legitimate interests in fraud prevention and potential unauthorized access from multiple devices/locations, ensuring the technical availability and security of the App.
4. App version, OS version information, browser type, language used, make/model of your device
Performance of the contract.
We need to know this technical information so the App functions properly on your device.
5. All the events that naturally occur during your usage of the App (such as logs, events, hands played, purchase history, crashes of the App, system reports and so on). Statistical information with regards to App usage.
Partly, performance of the contract and partly our legitimate interests in fraud prevention and potential unauthorized access, ensuring the technical availability and security of the App.
Analysis of statistical information helps us to optimize the App in future updates, such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts.
3. What we do with your personal data
We protect your data and do not treat your personal data in any way that would surprise you (unless We told you about it and you made an informed decision to consent to such usage).
For instance, We encrypt the password created by you at the sign up stage and then store your personal data on secure servers that would prevent unauthorized access or destruction of your personal data.
We use the advertising identifiers in strict compliance with the requirements of the operating systems (for otherwise We would be in breach of their usage terms). Thus, We only use those advertising identifiers to meet our contractual obligations towards the parties that brought you to Us (whether by you clicking on an advertising banner in our partners’ apps, watching the ad or otherwise).
Whenever We contact you, We would always give you the right to opt out prior to the first communication and at any time thereafter (see the section “Your Rights” below).
The purposes for processing the data provided by you include:
- Providing you with Our services
- Fraud prevention
- Improving our services
- Notifying you of any changes in our services
4. How long personal data is stored for
Depending on the type, your personal data is stored either until you delete that data, the App or after six months of inactivity. Some data (such as IP addresses or blacklisted email addresses used for fraud) may be held for longer in our legitimate interests to protect our business from losses and also to respect your choice of opt-outs from marketing emails.
5. Security measures used by Us
Your data is stored on one of the secure servers that we rent and We use the recommended industry practices to keep your data secure. We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Deac (the “Hosting provider”) is contracted by us to store your personal data. The Hosting provider is in possession of various international security certificates that ensure safety of your data with them. You can read more on the security measures of Hosting providers by following the link:
Thus, having the appropriate security with the Hosting providers when storing your data, We have to ensure that access to such data is provided on a need-to-know basis. Access to the Hosting providers is controlled via various technical and organizational measures that include:
- Two-factor authentication to access the Hosting providers;
- Following the principle of least privilege;
- All servers and services are subject to continuous monitoring. This includes the logging of personal access in the user interface.
- Each employee has access to the systems/services only via his/her own employee access. The access rights involved are limited to the responsibilities of the respective employee and/or team.
6. Categories of recipients and Data Processors
We do not share your personal data with any third parties, except where We have to comply with Our legal obligation. Some of the data of our users is aggregated for statistical purposes and processed in the legitimate interests as stated in section 2 above.
This does not mean that We blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offences.
As stated above, We share your advertising identifiers with third parties to meet our contractual obligations and pay their dues or protect ourselves against claims for payment.
And where We retain third parties (Data Processors) to assist Us in processing your personal data, We use the relevant contractual arrangements so that those third parties may not use the data for any other purpose than upon Our instructions and solely for Our purposes. Legislation imposes hefty fines for any data processor that uses the data beyond the instructions of data controllers. The following parties are retained as our data processors (subject to change with notice to you):
7. Transfer of your data abroad
While your data may be accessed from different parts of the world on our behalf, We do not actually transfer your personal data outside the EEA. To any extent that data is accessed from abroad, We follow set contractual safeguards and protections to ensure that your data is as safe abroad as it is within the EEA.
Where a third party accesses your data on our behalf or upon our instructions (be it inside or outside the EEA), We use the relevant legal basis to comply with the data protection legislation. In cases where there is no finding of an adequacy decision by the European Commission, we use model contracts to safeguard your rights and data.
8. Social Network Services (SNS)
When you log in to use any of Our Apps via an SNS (such as Facebook) you provide Us with certain information from you profile for that site. The information provided via SNS varies and depends on a particular SNS (for instance, Facebook provides information on your name, age range, picture, gender, friends list and email address). You can untick the boxes for information you prefer not to share with us during the sign up process (except the minimum required for the purposes).
You can find out more about these settings at the SNS where you play Our App (for instance, you can edit the privacy and settings of your apps with Facebook by following the link https://www.facebook.com/help/218345114850283?helpref=about_content - last accessed on December 20, 2019).
9. Your rights
You are entitled to the full spectrum of the rights under the General Data Protection Regulation and We will go out of our way to accommodate any valid request. You can either exercise your rights by deleting certain features through your device or by emailing us at firstname.lastname@example.org to exercise all the other rights.
You have a wide array of rights that we respect. Among those the right to:
- Require access to your personal data;
- Require rectification of your personal data;
- Require erasure of your personal data;
- Withdraw consent to processing of your personal data, where applicable;
- Lodge a complaint with your national supervisory authority (in the EEA) if you believe that your privacy rights have been breached
You may be required to provide certain proof of identify so that We do not disclose personal data to those that are not entitled to it.
If your personal data is erased at your request or in accordance with our data retention policy, We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.
Please note, all requests should be emailed to Us at email@example.com or sent to us by post. Due to the sheer volume of messages, in-App customer support messages cannot be regarded as an effective method of notice to Us.
10. Notice to California Residents
For the purposes of paragraph (5), section 1798.130 California Consumer Privacy Act of 2018:
- in accordance with subparagraph (A) the list of consumer rights is specified above;
- in accordance with subparagraph (B) the categories of personal information We collect and have collected about consumers in the preceding 12 months are listed above;
- subparagraph (C) does NOT apply to us as We DO NOT SELL and have not in the past 12 months sold your personal information as defined in subdivision (t) of section 1798.140 CCPA.
There is no consensus on how mobile application companies should interpret the DNT signals. For the purposes of the CalOPPA, We do not currently respond to DNT signals whether that signal has been received on a computer or a mobile device.
11. Cookies and similar technologies
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, i.e. text files which are stored on your computer and facilitate the analysis of your use of the website. The information generated by such cookies regarding your use of this website is generally transmitted to a Google server in the US, where it is then stored. However, because IP anonymisation is activated on this website, Google previously abbreviates your IP address within Member States of the European Union and in other states which are contracting parties to the Agreement on the European Economic Area. The full IP address is transmitted to servers in the US to be abbreviated there only in exceptional cases. Google uses this information on behalf of the operator of this website in order to evaluate your use of the website, to compile reports on website activity and to perform other services for the website operator in connection with the use of the website and the Internet. The IP address transmitted from your browser or device in the context of the provision of these Google Analytics services is not merged with any other Google data. You can prevent the storing of cookies by adjusting the settings of your browser software accordingly; however, we would like to point out that, in this case, you may not be able to use all of the functions of this website to their full extent.
Furthermore, you can prevent the collection and transmission to Google of the data generated by cookies regarding your use of the website (including your IP address) and the processing by Google of these data by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout.
More detailed information in this regard can be found at https://www.google.com/policies/privacy/ (general information on Google Analytics and data privacy).
We particularly urge users wishing to take an active role in the protection of their own data never to disclose their passwords. If a third party gains knowledge of a user’s password (as a result of either the loss or the disclosure thereof), the latter’s personal data will automatically be compromised. Should this occur, you should immediately contact our customer service, and additionally change your password in your settings.
12. Children’s privacy
We never knowingly collect or solicit any information from anyone of 13 years and younger. The App and its content are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at firstname.lastname@example.org
13. Our commitment
- We will only collect and use your data where We have a legal basis to do so;
- We will always be transparent and tell you about how we use your information;
- When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies;
- We will not ask for more data than needed for the purposes of providing our services;
- We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period;
- We will observe and respect Your rights (in section 8 above) by ensuring that queries relating to privacy issues are dealt with promptly and transparently;
- We will keep our staff trained in privacy and security obligations;
- We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held;
- We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment;
- We will obtain your consent and ensure that suitable safeguards are in place before personal data is transferred to other countries.
14. Contact us
Spark Star Limited
Attention: Data Protection
Support Team: email@example.com