GDPR – Privacy-By-Design and Record of Processing Activities
We are committed to a lawful, fair, and transparent processing of personal data, adhering to the EU General Data Protection Regulation (GDPR). This file documents our general privacy-by-design considerations (articles 5, 25, and 26 GDPR) and records our processing activities.(Article 30(1) GDPR)
Company name: PIXOWL, INC.
Address: 350 Townsend Street #836, CA 94107, San Francisco, USA
Personal Data Processing: Player data
Creation date / last update: July 10th, 2019
Contact persons:* Sebastien BORGET, email@example.com
* Not formally a DPO under the GDPR.
Note that the below uses the “you” and “us” pronouns in paragraphs nrs. 1 o 11 to allow inclusion without modification in our information notices provided to data subjects.
1. We process the following (categories of) personal dataWhen you play our games, connect to a social networking site through our games, register an account, enter a promo code, or place an order, we process the following personal data:
· Your IP address, and the country,
· Your device type (for example, iPhone 7, Samsung Galaxy S7) and operating system version.
· Your Game Center ID (for iOS games) or Google Play ID (for Android games).
· When you connect to Facebook or Game Center, or other social platforms, we access your profile, including your username, email address and friends list.
· For analytics, most, when you installed and played the game, your progress throughout the game, and events that are connected to your game-play. We generally cannot identify you with this data, but treat it the same as personal data.
· For advertising, We may use collected IDFAs to (re)target users on advertising platforms.
Apps using ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information, TrueDepth API, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions
We do not collect, store or share data used by ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information, TrueDepth API, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions.
2. What (purposes) do we use the data forWe use this personal data to perform analytics for our games and allow third-parties to sell, buy and deliver advertising in those games that display advertising. We use social network data to show you personalized content and synchronise your online progression across multiple devices. For example, we might show a list with only your friends in it, or show your name or avatar on an in-game object. We use your email address that you provided when you signed up for our newsletter to send you the newsletter.
3. What is our legal basis for the processingFor both analytics and advertising we base the processing of personal data on the legitimate interest of PIXOWL, INC..
For analytics, this is our ability to analyze how players progress through our games to make them better, and to know our player-base on an aggregate level.
For advertising, this is our ability to be able to off-set development costs and risk with advertising income.For the third-parties we use, their legitimate interest is to be able to offer us their services, and for advertising third-parties and advertisers to be able to show you advertising.
4. Where do we obtain the data from (sources)We obtain the data from our third-party services providers:
Facebook Audience Network
5. How long and where do we store dataWe store the personal data that we collect for up to 5 years, and only aggregate data after that time. Aggregation data means that we can no longer look at data for individual players. We store the data onto the following third-party services providers:
When a third-party service provider is a controller, they may keep data as well, either for a shorter or longer period.
6. What safeguards have we taken to protect dataTaking into account the nature, scope, context and purpose of the processing, we have taken the following technical and organizational measures:
· Access to our database and user accounts with third-party service providers is protected with access control.
· Access to the database is limited, not all staff in our organization have full access.· Data sent from our games is encrypted in transit where technically possible.We do not actively monitor the security of our databases and need to rely on our processors to notify us of any data breaches.
7. Who we share data withWe share data with the following third-parties. These are either controllers, or processors acting on our behalf. We have linked to their respective policies and given a basic description of what they do:
Facebook Audience Network
Apple and Google may also collect data when you use their app stores to install our games.
8. Transfer of your personal dataYou should also know that your personal data may be transferred from your home country to third parties. If you are an EU resident, this could imply that we also transfer data to countries that do not offer an adequate level of protection for your personal data. When we transfer this data, we will do so only when we have put in place appropriate safeguards to protect your personal data. Please contact us to get a copy of the safeguards that we have put in place. Our contact details are at the bottom of this text.
9. Your RightsYou have the right to request access to your personal data that we process. You also have the right to:
· Rectify incorrect personal data or erase it in certain circumstances.
· Restrict or object to the processing of your personal data.
· Receive your data so that you can use it elsewhere (data portability).
If you wish to exercise any of the above rights, please write us at firstname.lastname@example.org. Finally, you have the right to lodge a complaint with a supervisory authority. If you do not know who your supervisory authority is, please contact us and we will tell you.
Address: 350 Townsend Street #836, CA 94107, San Francisco, USAMail: email@example.com