(update date: September 2, 2023)
If you are aged under 16 you must not use the app as it is not designed for you. We do not intend to collect the personal data of anyone under 16. If you are aware that any personal data of anyone under 16 has been shared with the app, please let us know so that we can delete that data.
Your personal data will be held by us in accordance with applicable data protection laws. For the purposes of data protection laws, the data controller will be DRAGONPLUS GAME LIMITED.
2.Why we collect your personal data
Under data protection law, we can only use your personal data if we have a proper reason, eg:
● where you have given consent
● for the performance of a contract with you or to take steps at your request before entering into a contract, or
● for our legitimate interests or those of a third party
● to comply with our legal and regulatory obligations
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us.
The table below explains what we use your personal data for and why.
What we use your personal data for
● Create and manage your account with us
● Providing services and/or the functionalities of the app to you
● Conducting checks to identify you and verify your identity or otherwise to help prevent and detect fraud against you or us
● To enforce legal rights or defend or undertake legal proceedings
● Communications with you not related to marketing, including about changes to our terms or policies or changes to the app or service or other important notices
● Protect the security of systems and data
● Operational reasons, such as improving efficiency, training and quality control or to provide support to you
● Statistical analysis to help us manage our business, eg in relation to our financial performance, customer base, product range or other efficiency measures
● Updating and enhancing customer records
● Disclosures and other activities necessary to comply with legal and regulatory obligations, eg to record and demonstrate evidence of your consent to our use of your personal data where relevant
● Marketing our services to existing and former customers
● We may need to share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvencyIn such cases information will be anonymised where possible and only shared where necessary
● For our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service to you at the best price
● Depending on the circumstances:To perform our contract with you or to take steps at your request before entering into a contract For our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service to you at the best price
● To comply with our legal and regulatory obligations OR For our legitimate interests or those of a third party, ie, to minimise the risk of account or identity theft or fraud that could be damaging for you, a third party or us
● Depending on the circumstances:To comply with our legal and regulatory obligations;In other cases, for our legitimate interests or those of a third party, ie to protect our business, interests and rights or those of others
● Depending on the circumstances:To comply with our legal and regulatory obligations;In other cases, for our legitimate interests or those of a third party, ie to provide the best service to you
● To comply with our legal and regulatory obligations.We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, ie to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
● For our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service to you at the best price
● For our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service to you at the best price.
● Depending on the circumstances:To perform our contract with you or to take steps at your request before entering into a contract;To comply with our legal and regulatory obligations;Where neither of the above apply, for our legitimate interests or those of a third party, eg making sure that we can keep in touch with our customers about existing orders and new products
● To comply with our legal and regulatory obligations
● For our legitimate interests or those of a third party, ie to promote our business to existing and former customers;See ‘Direct Marketing’below for further information
● Depending on the circumstances:To comply with our legal and regulatory obligations;In other cases, for our legitimate interests or those of a third party, ie to protect, realise or grow the value in our business and assets
We may use your personal data to send you updates by email or by Facebook Messenger or iMessage about our services, including exclusive offers, promotions or new services.
This marketing may relate to:
● products and services we (or permitted third parties) feel may interest you;
● information about other goods and services we offer that are similar to those that you have
already used or enquired about;
● upcoming events, promotions and new products/services or other opportunities as well as those
of selected third parties; and
● information regarding any applicable loyalty programs (including points earned and free, bonus
and promotional points).
If you no longer wish to receive marketing communications when using our apps, you may:
● contact us at email@example.com for direct marketing opt-out; or
● using the “unsubscribe” link in emails, or let us know you intent to opt-out in our phone calls to you.
3.How do we collect your personal information and what we collect
We collect personal data about you in the following ways when you use our products and services. We collect information in the following circumstances:
● when you use our Game apps;
● when a user account is created and managed;
● when you connect your user account to your Facebook;
● when you participate in any interactive features of the Service; or
● when you otherwise communicate with us or via the Service.
When you access to our websites and our apps , we won’t collect your legally-sensitive data (i.e. race, ethnicity, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, sexuality and/or criminality) and other sensitive data (i.e. child data, social security numbers, bank account or payment card details).
We may also employ third party ad-serving(including but not limited to Google, Facebook, Mopub and its affiliates) and/or analytics technologies(including but not limited to Tableau, Kibana and its affiliates) that may use various methods to collect information through our software and the Service. These technologies may be embedded within our software and the Service and may collect, amongst other things, the information below.
We may collect user’s data from you, which includes:
● your name, date of birth, email address, and personal description,if you specifically provide to us upon our requests;
● demographic and location information as well as information from your device including but not limited to IP address, device UDID, IDFA, IDFV, Android ID, software, applications, hardware, browser information, internet usage information and in-game information;
● technical information such as the internet protocol (known as IP) address used to connect your computer to the internet, your log-in information, time of access, date of access, time zone setting, web page(s) visited, software crash reports, type and version of browser used, browser plug-in types and versions used, and operating system and platform to ensure the security of your account and to verify that the person operating your account is you;
● your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites and apps(including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call out customer service team; and
● in-game behaviors when you play a game, participate in discussions board or other social media functions, or when you report a problem on our websites or mobile apps.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfill our contractual requirements or, in extreme cases, may not be able to continue with our relationship. We will inform you if your failure to provide any requested personal information is going to result in these consequences.
For California Consumer Privacy Act of 2018 (CCPA) Consumers (Notice of Collection of Information)
We collect the categories of personal information about California consumers identified in the chart below. As further set forth in the chart below, in the past 12 months we have disclosed and “sold” (as defined in the CCPA) California consumers’ personal information to third parties for business or commercial purposes.
|Categories of Personal Information:
|Categories of sources from which information is collected:
|Business or commercial purposes for collection, use and sharing:
|Disclosed for business purposes to the following categories of third parties:
|Sold to the following categories of third parties:
|Personal and online identifiers (such as unique online identifiers, IP address)
|Marketing;Advertising;Authentication;Identity resolution;Fraud detection;Fulfillment services;Facilitating transactions;Auditing related to our interactions with you;Legal compliance;Detecting and protecting against security incidents, fraud, and illegal activity;Debugging;Performing services (for us or our service providers) such as account servicing, processing orders and payments, and analytics;Internal research for technological improvement;Internal operations;Activities to maintain and improve our services; andOther one-time uses
|Affiliates;Service providers; andGovernment agencies
|Advertising/marketing companies;Advertising networks;Social networks
|Internet or other electronic network activity information (such as interactions with an application, or advertisement)
|Marketing;Advertising;Authentication;Identity resolution;Fraud prevention;Fulfillment services; Facilitating transactions;Auditing related to our interactions with you;Legal compliance;Detecting and protecting against security incidents, fraud, and illegal activity; Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;Internal research for technological improvement;Internal operations;Activities to maintain and improve our services; andOther one-time uses
|Advertising/marketing companies;Advertising networks;Social networks
|Commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered; purchasing or consuming histories or tendencies)
|Consumers;Service Providers;App store providers
|Fulfillment services; Facilitating transactions;Auditing related to our interactions with you;Debugging;Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;Internal research for technological improvement;Internal operations;Activities to maintain and improve our services;andOther one-time uses
|Affiliates;Service providers;App store providers
|Marketing;Advertising;Fulfillment services; Facilitating transactions;Auditing related to our interactions with you;Legal compliance;Debugging;Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;Internal research for technological improvement;Internal operations;Activities to maintain and improve our services; andOther one-time uses
|Advertising/marketing companies;Advertising networks;Data analytics providers; andSocial networks
|Inferences drawn from the above information about your predicted characteristics and preferences
|Marketing;Advertising;Legal compliance;Detecting and protecting against security incidents, fraud, and illegal activity;Debugging;Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;Internal research for technological improvement;Internal operations;Activities to maintain and improve our services; andOther one-time uses
4.Who do we share your information with
We may share your personal data with the following categories of recipients:
Your personal data will be used by us and disclosed to our group companies, including DRAGONPLUS GAME LIMITED and all of its subsidiaries.
2)selected business partners and advertising partners
Your personal data will be disclosed by us to our business partners and advertising partners, including without limitation, Google, Facebook (including their sub-contractors) who will use your data, amongst other things, to review and improve their products and services, to help them identify new products and services, for statistical analytical purposes and for the purpose of directly marketing their products and services to you, subject to you consenting to their private policies as presented in each of their websites.
3)public authorities/regulatory bodies/industry bodies
We may disclose your personal data:
● to regulators and law enforcement agencies (including those responsible for enforcing anti-money laundering legislations);
● in response to an enquiry from a government agency.
We may disclose your personal data to third party service providers (including our professional advisors, data analysis processors and data storage service providers) who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data in order to provide us with their services and will not be able to use it for their own purposes.
Your personal data and your in-game behaviours will be recorded in US by AWS from Amazon.
If the management and operation of DRAGONPLUS GAME LIMITED and its affiliates are transferred from us to another company, we may disclose your personal data to the other company so the products and services can continue to be provided to you.
In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
If DRAGONPLUS GAME LIMITED or substantially all of its assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
We encourage you to read our partners’policies to understand their privacy practices, the legal basis for their processing of your personal data, and any options that they provide for exercising control over such processing. We are not responsible for the information practices of our partners since we are each independent controllers of your data.
Advertising partners are companies that require us to integrate their codes in order to provide advertising services in our inventory, which may lead to serve the advertisements that are mostly relevant to you.
Our Advertising partners include:
Data processing partners
Data processing partners are companies that create or store demographic and interest segments based on device identifiers, location data, and other personal data in order to help us improve our products and services for you.
Our Data Partners include:
Facebook Fan Page
Data Controller for the Facebook Fan Page
The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Fan Page , the Company and the operator of the social network Facebook are Joint Controllers.
The Company has entered into agreements with Facebook that define the terms for use of the Facebook Fan Page, among other things. These terms are mostly based on the Facebook Terms of Service: https://www.facebook.com/terms.php.
We use the Facebook Insights function in connection with the operation of the Facebook Fan Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.
For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook Fan Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period.
Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Fan Page and services by other companies that use Facebook services.
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You.
Constant Contact is an email marketing sending service provided by Constant Contact Communications.
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).
Apple Store In-App Payments
Google Play In-App Payments
Facebook In-App Payments
Amazon In-App Payments
We will take all reasonable precautions necessary to protect your personal data from
● loss, theft, misuse and interference;
● unauthorised access, disclosure, use or modification.
Such measures will vary depending on the sensitivity, amount, format, nature and storage of the information and will involve, as applicable, physical, organizational and electronic security measures.
This includes, for example, the protection of passwords using industry standard encryption, measures to preserve system security and prevent unauthorised access and back-up systems to prevent accidental or malicious loss of data. We may use third party data storage providers to store personal data electronically. We take reasonable steps to ensure this information is held as securely as information stored on our own equipment.
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
6.International transfers of data
The data that we collect from you will be transferred to, and stored at, destinations both within and outside the EEA. As mentioned above, we may disclose your personal data to our group companies and their service providers located in US and elsewhere, and to employees operating outside of the EEA who work for us or for one of our group companies or their respective service providers.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:
● by way of an intra-group agreement between DRAGONPLUS entities, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
● by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
● by transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
● by transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
● where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
● where you have consented to the data transfer.
7.How long will we keep your personal data?
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
In general, we will retain your personal data for as long as we provide services to you and your account is active and following that period, for as long as we provide you directly with any other service offering.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
A cookie is a small data file sent by a website to your computer that is stored on your hard drive when you visit certain online pages of our website.
You can set your browser to accept or reject all cookies, or notify you when a cookie is sent. If you reject cookies or delete our cookies, you may still use our websites, but you may have reduced functionality and access to certain areas of our websites or your account. You may disable or accept cookies at any time by changing your web browser’s options.
9.Your Rights Under the GDPR
|Access to a copy of your personal data
|The right to be provided with a copy of your personal data
|Correction (also known as rectification)
|The right to require us to correct any mistakes in your personal data
|Erasure (also known as the right to be forgotten)
|The right to require us to delete your personal data—in certain situations
|Restriction of use
|The right to require us to restrict use of your personal data in certain circumstances, eg if you contest the accuracy of the data
|The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
|To object to use
|The right to object:—at any time to your personal data being used for direct marketing (including profiling)—in certain other situations to our continued use of your personal data, eg where we use you personal data for our legitimate interests.
|Not to be subject to decisions without human involvement
|The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by the app
|Right to Complain
|You have the right to lodge a complaint with our regulator, who is the Information Commissioner’s Office in the UK. You can contact them in the following ways:· Phone: 0303 123 1113· Email: firstname.lastname@example.org· Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
10.Your Rights Under the CCPA
You have the right under the CCPA and certain other privacy and data protection laws, as applicable, to exercise free of charge:
|Disclosure of Personal Information We Collect About You
|You have the right to know:· The categories of personal information we have collected about you;· The categories of sources from which the personal information is collected;· Our business or commercial purpose for collecting or selling personal information;· The categories of third parties with whom we share personal information, if any; and· The specific pieces of personal information we have collected about you.· Please note that we are not required to;· Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;· Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or· Provide the personal information to you more than twice in a 12-month period.
|Personal Information Sold or Used for a Business Purpose
|In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know:The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; andThe categories of personal information that we disclosed about you for a business purpose.You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale of your personal information. If you exercise your right to opt-out of the sale of your personal information, we will refrain from selling your personal information, unless you subsequently provide express authorization for the sale of your personal information. To opt-out of the sale of your personal information, visit our homepage and contact us at: email@example.com.
|Right to Deletion
|Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:· Delete your personal information from our records; and· Direct any service providers to delete your personal information from their records.· Please note that we may not delete your personal information if it is necessary to:· Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;· Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;· Debug to identify and repair errors that impair existing intended functionality;· Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;· Comply with the California Electronic Communications Privacy Act;· Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;· Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;· Comply with an existing legal obligation; or· Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
|Protection Against Discrimination
|You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:· Deny goods or services to you;· Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;· Provide a different level or quality of goods or services to you; or· Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.Please note that we may charge a different price or rate or provide a different level or quality of services to you, if that difference is reasonably related to the value provided to our business by your personal information.
11.How to Exercise Your Rights
Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.
If you choose to contact us directly by email, you will need to provide us with:
· Enough information to identify you [(e.g., your full name, address and customer or matter reference number)];
· Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
· A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
12.Do Not Sell My Personal Information
If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.
Please note that any opt-out is specific to the browser you use. You may need to opt out on every browser that you use.
Please refer to your operating system settings, or follow instructions below:
● Android Users (version 2.3 and above)
To use the “opt-out of interest-based advertising” option, follow the instructions provided by Google here: Google Play Help.
● iOS users (version 6 and above)
To use the “Limit Ad-Tracking” option, follow the instructions provided by Apple here: Apple Support Center
Please note that these are device settings and will disable interest-based ads from all providers, and not just for us. We have decided to offer this way of opting-out, as we estimate users will either want to receive interest-based advertising or no interest-based advertising at all. The above described way is the most efficient way to achieve that goal. While we do provide the possibility to opt-out of remerge processing only, that would only mean that someone else but us would deliver the exact same advertisements.
You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:
● From our “Cookie Consent” notice banner
● Or contact us at: firstname.lastname@example.org.
The opt out will place a cookie on your computer that is unique to the browser you use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.