Privacy Policy

Krinsen LIMITED LIABILITY COMPANY

Last updated: September 6, 2024

We are here to provide you with the best experience with our games and services. To safeguard your privacy, below you will find all the essential information about how we process and protect your personal data.

To fully enjoy our games and services ("Services"), we need to process some of your data. If we need your data for other purposes, we will always ask for your explicit consent, which you can withdraw at any time.

We collaborate with trusted partners who assist us in developing our services. As a result, they may receive data to a limited extent. Your security and privacy are our priorities, which is why we work only with companies that adhere to high standards of data protection.

Our Privacy Policy is designed to be transparent so you can easily understand how we handle your data. By using our games and services, you agree to the terms described in this Policy. If you have any questions or need further information, we are here to help. Contact us at: [email protected].

Thank you for being with us!

Full text

1. About Us

Krinsen LIMITED LIABILITY COMPANY, located in Rzeszów, is the data controller under EU law (hereinafter "Krinsen"). To contact us, you can send an email to: [email protected].

2. Scope of the Privacy Policy

Our Privacy Policy aims to inform you about the principles regarding the collection and use of data while using the "BoardLand" game and related services, including websites.

We process your personal data in accordance with applicable data protection laws, particularly under Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – "GDPR"), which took effect on May 25, 2018. Additionally, we comply with the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, and the California Privacy Rights Act (CPRA), which took effect on January 1, 2023, expanding the CCPA.

Unless otherwise defined in the Privacy Policy, terms used in this document have the same meaning as in our Terms of Service, available on the "BoardLand" game website.

3. Child Protection

Child safety is our priority. Our services and products are not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we discover that we have inadvertently collected or received personal data from a child under 13, we will promptly delete it. If you suspect we may have collected personal data from a child under 13, please contact us.

Additionally, we do not collect personal data from children under 16 without prior parental consent. Parents or guardians can contact us in this regard at: [email protected].

4. Data Collected and Methods of Collection

• Information provided by the user when using the Services (automatically collected):

  • Unique device identifier (ID) and device name
  • User preferences
  • Data about user interactions with our Services, such as overall progress, virtual currency, purchases, or ad views

• Information voluntarily provided by the user or submitted when contacting us or reporting issues with our Services

  • Your email address
  • Your name
  • Other details necessary to process inquiries

• Information collected and used for advertising purposes

  • Device brand, model, and operating system
  • Device properties, such as screen size and orientation, sound volume, and battery
  • Mobile network operator associated with your device
  • Games you play
  • Country, time zone, and locale settings (e.g., country and preferred language)
  • Network connection type and speed
  • IP address
  • Web browser used to access the games
  • Advertiser ID, a unique identifier for users on Apple or Android devices

• Information collected for analytics

  • Device ID
  • Operating system and device version
  • Device brand and model
  • Number of games, progress, and results
  • Start, end, and duration of individual game sessions
  • Types of transactions and expenditures using virtual items in games
  • Country where your device is located
  • Time, date, and source of the first installation (e.g., from a clicked ad)
  • Ads viewed and clicked
  • Crash data and error logs

To fully utilize our Services, it is necessary to process the data mentioned above. If the user does not consent to this processing, access to the games and other Services may be limited.

If you make payments within our Services, we do not collect or store detailed payment information. These matters are managed by the payment operators you use. We only receive basic transaction details, such as the transaction date, currency, amount, and product details. This data is collected solely to ensure the proper delivery of purchased products and services.

5. Purpose of Processing Your Personal Data

The primary purpose of processing user data is to provide the Services you use, which relates to the execution of the contract and consent to use our Services. Other bases for processing data include fulfilling legal requirements, pursuing our company's "legitimate interests," or other purposes outlined in the Privacy Policy (e.g., "Collected Data" and "Purpose of Data Processing").

Our company's "legitimate interests" include reasonable data processing purposes such as ensuring data security, marketing our Services, and ensuring the adequacy of marketing actions directed at the user. This also includes conducting analyses to combat unauthorized practices.

When relying on legitimate interests, we conduct an analysis of the potential impact of data processing on the user and their rights. In other cases, data processing will be based on user consent, which can be withdrawn at any time. Withdrawal of consent does not affect the legality of processing data before its withdrawal.

When transferring data outside the European Economic Area, we will comply with the principles described in the "Trusted Partners" section below.

6. Protective Measures

The data we collect is stored on secure servers in Google Cloud, which provides an appropriate level of data protection in accordance with ISO 27001 certification and "EU-U.S. Data Privacy Framework" standards (formerly EU-U.S. Privacy Shield). We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized or unlawful processing, loss, destruction, or damage.

Despite our efforts, we cannot guarantee absolute data security or that data will not be lost, misused, or altered, despite our best efforts to prevent such occurrences.

7. Data Retention Period

Your data will be retained as long as necessary to achieve the purposes outlined in our Privacy Policy, particularly during the provision of Services to the user or providing technical support. For data processed based on user consent, upon its withdrawal, we will delete the data without undue delay, no later than 30 days from receiving such a request.

In exceptional cases, a longer retention period may result from applicable legal requirements, such as tax laws or other imposed legal obligations.

When personal data is no longer needed for the provision of Services, it will be deleted or anonymized.

In case of any security breaches in our Services, please contact us, especially by sending an email to [email protected].

8. Purpose of Data Processing

Your data may be used for the following purposes:

• Contract Performance – Fulfilling our contractual obligations.
• Marketing – Sending personalized offers and information about our Services. We will obtain your consent when required.
• Service Provision – Delivering requested Services and communicating with you.
• Interactive Features – Enabling participation in interactive features of the Services, such as events or online competitions.
• Contract Performance – Fulfilling our contractual obligations.
• Notifications – Informing you about changes to the Services and their improvements.
• Contests – Organizing contests and handling related activities.
• Analytics – Determining conversion rates and analyzing data.
• Legal Obligations – Meeting tax, legal, and accounting requirements.

We may also process aggregate data regarding user behavior and share it with our Trusted Partners to enhance our Services.

9. Third-Party Websites and External Services

Our Services may contain links to third-party websites or services. Clicking on such links will redirect you to external sites that we do not control. We recommend reviewing the privacy policies of these sites and services, as we are not responsible for their content, privacy policies, or practices.

Some features of our Services may require interaction with our Trusted Partners. In such cases, we may share users' personal data with them, which will be protected according to their privacy policies. Such data sharing will require explicit user consent, which can be withdrawn at any time.

10. Trusted Partners

To provide our Services, we work with Trusted Partners to whom we may disclose your data. We ensure that we provide them with only the information necessary for the collaboration. Our Trusted Partners may access and process your data on our behalf as "Data Processors" for the purposes and by the entities listed below:

• Trusted Partners helping us with data analysis by providing analytical tools

  • Google Analytics -> https://policies.google.com/privacy?hl=en
  • Google (Firebase) -> https://firebase.google.com/support/privacy

• Our legal, tax, auditing, and accounting team

• Social media platforms for marketing personalization and targeting

  • Facebook Audience Network -> https://www.facebook.com/policy.php

• Trusted Partners assisting us in managing ads

  • Google AdMob -> https://policies.google.com/privacy
  • ironSource Mobile -> https://developers.ironsrc.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/

11. Push Notifications

If you use our Services on mobile devices, we may send you push notifications or local notifications to inform you about updates, provided we have obtained your prior consent.

12. Legal Obligations

Please be aware that Krinsen is a regulated entity, and we may be required to disclose your personal data based on requests from authorized governmental bodies or in connection with other legal entities.

13. Your Rights

Please remember that you have the right to object to the processing of your personal data. To do so, contact us at [email protected].

Additionally, you have the right to:

• access your personal data
• request deletion of your personal data
• correct your data
• restrict the processing of your data
• transfer data to another entity
• file a complaint with a data protection authority

If you have questions or concerns about the processing of your data, contact us at [email protected].

If you are dissatisfied with our response to your data request, you may report the issue to your local data protection authority or the President of the Personal Data Protection Office (PUODO) in Poland.

14. Privacy Protection for California Residents

This section supplements the information contained in this Privacy Policy to meet the legal requirements imposed by the California Consumer Privacy Act (CCPA) and applies to all users residing in the state of California in the United States of America. Required information can be found in the relevant sections of this Privacy Policy:

• categories of personal data collected about you in the past 12 months (see section 4)
• purposes for collecting personal data (see section 7)
• categories of third parties with whom we share personal data (see section 9)
• categories of personal data disclosed in the past 12 months (see section 4)
• categories of personal data sold in the past 12 months to our Trusted Partners assisting with managing advertisements and Third-Party services (see section 4.3)
• categories of personal data disclosed and sold to third parties in the past 12 months to our external advertising networks (see section 10.4.). We do not sell personal data of minors under 16 years of age without explicit authorization
• date of the most recent update to this Policy (at the top of this Privacy Policy).

You have the right to:

• Access your data: Request information about the personal data we hold, including the categories of data, sources, purposes of collection, and categories of recipients.
• Delete your data: Request deletion of your personal data, unless it is necessary for the functionality or security of our systems.
• Opt-out of data sales: Request that we stop selling your personal data.

We will not discriminate against you for exercising these rights.

To exercise these rights, contact us via email: [email protected]. We may ask for verification of your identity.

You may designate an authorized agent to submit a CCPA request on your behalf. The authorized agent must provide proof of authorization from you and their own identification.

15. Changes to the Privacy Policy

We reserve the right to amend the Privacy Policy as necessary, such as for legal reasons or changes in our Services. We will notify you of any changes by posting the updated Privacy Policy on our website with the date of the changes.

Changes will be effective 30 days after their publication. If you do not accept the changes, please stop using our Services. If you have any questions, contact us.