- Who collects and process your Personal Data
- Which Personal Data do we collect and process
- Term of Personal Data processing and place of storage
- Third persons and your Personal Data
- Your rights under the GDPR
- Cookies and similar technology
- Age limits
- Contact us
When you (1) play the games developed by us and/or by our partner developers (“Game(s)”) or (2) use our websites https://estoty.com we can collect information about you that can directly or indirectly identify you (“Personal Data”).
Our websites may provide links to third-party websites, applications, and services, which are operated and provided by the independent providers. These providers shall have their own privacy policies, cookies policies, as well as terms and conditions, which we encourage you to review before using their services. We are not responsible for the processing activities conducted by third-party providers via their websites, applications, and/or services.
The controller of your Personal Data who determines purposes and means of the processing is SIA Estoty, registered in the Register of Legal Entities of the Republic of Latvia on July 18, 2012, under Registration Number 40103567138, legal address: Republic of Latvia, Riga, 6-1 Pulkveza Brieza Street, LV-1010 (“we”, “us”, “our”, etc.).
We collect Personal Data in the following ways: if you provide it to us or automatically by electronic means, including with the help of cookies, when you play our Games or use our websites. If you contact us on social networks, we may also collect information about you available on such social networks.
We respect your privacy and aim to limit the Personal Data that we collect from you to the amount which is strictly necessary to fulfil the purposes of processing. Categories of Personal Data that we process are specified below.
Your Personal Data is used as follows:
Checking the quality of game content
Identification of problems in the games
To consider and reply to incoming queries
To conduct due diligence when preparing for an M&A deal
We retain your Personal Data for as long as it is necessary to fulfil the purposes specified in the section “Which Personal Data do we collect and process”.
The time limits are:
For Personal Data of Game players (app users) – as long as you use the application and 2 years after (in any case not exceeding 3 years in total);
For Personal Data of visitors (users) of our website https://estoty.com/ or social media users – as long as it is necessary to respond to the query and 2 years after;
In case of conducting due diligence when preparing for an M&A deal Personal Data will be stored for the period of cooperation with a business partner.
Once these time periods have expired, we will delete your data as soon as possible.
We securely store your data at servers provided by Google Cloud which are physically located in Finland (EU). We also take security precautions such as:
Measures of pseudonymisation and encryption of Personal Data;
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing;
Measures for user identification and authorisation;
Measures for the protection of data during transmission;
Measures for the protection of data during storage;
Measures for ensuring physical security of locations at which Personal Data are processed;
Measures for ensuring events logging;
Measures for ensuring system configuration, including default configuration;
Measures for internal IT and IT security governance and management;
Measures for certification/assurance of processes and products;
Measures for ensuring data minimisation;
Measures for ensuring data quality;
Measures for ensuring limited data retention;
Measures for ensuring accountability;
Measures for allowing data portability and ensuring erasure;
When processing and transmitting data, the HTTPS protocol is used. To ensure the security of data storage and processing, SSL certificates and other information protection tools are used. When processing data, caching may be performed.
Third persons that we share your personal data with:
We may share your Personal Data collected and processed by us (i) in the Games and (ii) via cookies and similar technology (for more information refer to section “Cookies and similar technology”) but only for the purposes specified in section “Which Personal Data do we collect and process” with the companies (third persons) specified in clause 4.3 below.
Please note that some of these companies (or some of their offices/group members) may be located outside the European Union (international data transfers) including in the countries which do not ensure an adequate level of protection of your Personal Data. Where this is the case, we meet the strict conditions of Personal Data transfers from the member states of European Union to other countries by using the Standard Contractual Clauses (SCC) adopted by the European Commission to ensure that Personal Data are properly protected or relying on other derogations compliant with GDPR as specified in clause 4.3 below. In case you want to check the relevant SCC, the links to them are provided in clause 4.3. If the link is not provided and you want to check the SCC, please, contact us by using one of the contact means specified in section “Contact us”.
The list of third persons with whom we may share your Personal Data:
Google Firebase Crashlytics
Google AdMob Native
Our partner developers
We may also transfer Personal Data related to the Games to our partner developers by granting access to Personal Data via our internal website, but in a personalized and limited way: a user from the specific team /studio/company will only see data for Games owned by this team/studio/company and not for Games owned by our other partner developers.
Third persons that may process your personal data independently from us:
Other third persons may process your personal data with regard to your use of the Games as independent controllers of your personal data when you make in-app purchases payments or save your game progress via such third persons.
Google Play Store: https://policies.google.com/privacy
Apple App Store: https://www.apple.com/legal/privacy/data/en/app-store/
When you play the Game(s) with the Cloud Save feature while signed in to Game Center, Apple Inc. collects your Game data allowing you to save your progress in the Game. This Game data is processed by Apple according to its own policy: https://www.apple.com/legal/privacy/data/en/game-center/ . We will only have access to your Apple Game Center ID, but not your name and other data that will allow us to easily associate your Game Center ID with other information that may identify you, like your IP address. You can stop sending your Game data to Game Center by signing out of Game Center in Apple Settings.
You have following rights under the GDPR:
The right of access to your Personal Data meaning that you can receive a copy of the Personal Data that we hold about you, as well as other supplementary information.
The right to rectification of your Personal Data which is incomplete or inaccurate.
The right to erasure of your Personal Data meaning that you can ask us to delete or remove your Personal Data in certain circumstances.
The right to restrict processing of your Personal Data if (a) the accuracy of the Personal Data is contested by you, (b) the processing is unlawful and you oppose the erasure of the Personal Data, (c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, and (d) you have objected to processing pending the verification whether the legitimate grounds override this.
The right to data portability. Please note that this right only applies to information that we processed based on your consent or contract.
The right to object to the processing of your Personal Data where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to the processing on this ground. We will no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your explicit consent serves the basis for Personal Data processing, you have the right to recall your consent to process your Personal Data by at any time. If we have no other grounds for processing your Personal Data, after you send us a request to withdraw consent, we will stop processing your Personal Data that we were processing under your consent.
Right to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes the relevant legislation.
You may exercise these rights by means of an email sent to our email address or written notice sent to the address of our registered office. We will address your request as early as possible and no longer that within one month. Please note that this period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within one month of receipt of your request and will explain you the reasons for the delay.
Note that if you ask us to delete your Personal Data, we may retain your Personal Data as necessary to comply with our legal obligations or resolve disputes.
We may collect your Personal Data by automated means, such as cookies (strictly necessary, analytical, marketing and social media cookies), web beacons and web server logs when you visit our website https://estoty.com/.
Cookie is a simple text file sent by our website https://estoty.com/ to your web browser to uniquely identify you and/or function properly and/or to store information or settings in the corresponding browser, effectively, in your computer or mobile device or other internet connectable devices. We use following types of cookies:
Analytical (measurement) cookies
Marketing (targeting) cookies:
Social media cookies:
Web Server Log
With the help of cookies and similar technology we collect your internet protocol (IP) address, unique device identifier (UDI), browser characteristics, device characteristics, operating system (OS), referring uniform resource locators (URLs), information concerning your website activities, dates and times of your visits to our website https://estoty.com/ and other related statistics. We may create and implement our cookies and similar technology or cookies from third-party providers, namely, we use third-party analytics service Google Analytics. Google Analytics uses technologies such as cookies, web beacons and web server logs to help us analyse your activities on our website https://estoty.com/ (for more information please refer to section “Third persons and your Personal Data”).
Cookies and similar technology, except for strictly necessary cookies (without which our website https://estoty.com/ cannot function properly and which do not contain Personal Data), are processed based on your explicit consent received via cookies banner.
We retain your Personal Data collected via cookies and similar technology as long as you browse our website and 2 years after.
Providers of third-party applications, tools, widgets and plug-ins on our website https://estoty.com/, if any, such as social media sharing tools, may also rely on automated means to collect information regarding your interactions with their applications, tools, widgets and plug-ins. The processing of such information is conducted directly by the corresponding providers of the designated features and therefore is governed by the privacy policies of these providers. We are not responsible for the processing activities conducted by third-party providers.
We do not knowingly collect or solicit Personal Data about or direct or target personalized advertisements to anyone under the age of 16, or knowingly allow such persons to use our Games of websites. If you are under the age of 16, please do not send any Personal Data to us. If we learn that we have collected Personal Data about a child under age 16, we will delete that Personal Data as quickly as possible. If you believe that we might have any Personal Data from or about a child under the age of 16, please contact us.
Would you have any questions regarding the processing of your Personal Data by us, do not hesitate to contact us under the email address: firstname.lastname@example.org (DPO) or by means of a written notice sent to the address of our registered office: Republic of Latvia, Riga, 6-1 Pulkveza Brieza Street, LV-1010.
Be also informed, that since we are registered under the law of the Republic of Latvia, the personal data authority overseeing us regarding the Personal Data processing is Data State Inspectorate. In case you have any doubts how we process your Personal Data, you may contact the personal data authority of the Republic of Latvia anytime.