Date of Last Update: 26 October 2021
Owner and Data Controller
Mighty Bear Games Pte. Ltd. 75 Ayer Rajah Crescent, #02-13 Singapore 139953, Singapore
Data Protection Officer (DPO) contact email: firstname.lastname@example.org
Our Policy Concerning Children
We process Personal Data from children under 13 years of age, or equivalent minimum age in the child’s relevant jurisdiction, according to applicable law and as described in this Policy. We limit our Personal Data collection and use to persistent identifiers to support the internal operations of the game only. You may choose to opt out of the collection and processing of Personal Data of your child by not participating in the multi-player functions of the Game. At any time, you can prevent collection of Personal Data from your child by turning off iCloud for our Game and signing your child out of Game Center. If you wish to request the deletion of the Personal Data we have collected as described in this Policy, please make a request in accordance with the procedures outlined at the end of this Policy.
If you are a parent or guardian of a child that uses the Application, you can use Content & Privacy Restrictions in Screen Time to limit time spent in specific apps and block features on your child’s device, including multiplayer functionality, the ability to add friends, and the ability to connect with friends playing the same game. More information on this can be found on this page.
Types of Personal Data collected
We only receive limited Personal Data about you and only when you choose to access any multiplayer or online only features of the Game. A unique player ID (“Game Center ID”) relating to you will be created and stored in the Game. This Game Center ID on its own cannot identify you nor can it be used to identify you if coupled with any other data we hold about you.
In addition to the Game Center ID, a unique token will also be created about you which is held and controlled by us, Mighty Bear Games Pte. Ltd. We process your Personal Data in order to provide multiplayer functionality and other online functionality within the Game.
We will also collect your IP address only for the duration of a gameplay session, but we do not store it. We require your IP address in order to route network traffic to your game for multiplayer purposes.
The precise Personal Data collected about you and used by us is as follows:
PLAYER SERVICE DATA:
Player data is Personal Data that does not directly relate to gameplay functionality but is required to provide online multiplayer functionality (matchmaking, real-time multiplayer gameplay)
Game Center GamePlayerID – To identify the player and associate player with our internal Support ID;
Game Center nickname: Used to display your nickname in squad mode, squad related screens and also used in matchmaking and multiplayer modes. You can also see the name of your opponent(s);
Support ID: A Support ID will be created for the player and associated with the players Game Center GamePlayerID. The Support ID is used for customer support purposes, including retrieving player data once the player has logged in using their Game Center ID, and responding to your queries when you reach out to us.
PLAYER PROGRESSION DATA:
This is Personal Data about the players progression inside the game. Player progression data is transmitted to iCloud to enable your game progress and settings to be saved.
Achievements unlocked (Synced with Game Center Achievements)
Currency values (Crystals, Gems, Event Currency)
Champion and Player Progression
o Champion Fragments
o Champion Perks
o Specific Champions Unlocked
o Specific Skins Unlocked
o Specific Trails Unlocked
o Specific Emotes Unlocked
o Current Event progression
o Event Rewards claimed
o Vanity metrics like playtime, most used unlockable etc.
Current and upcoming event data
CUSTOMER SERVICE DATA:
This is Personal Data which you provide to us when getting in touch with us for support related purposes. We will not collect any customer service data if you do not contact us.
Mode and place of processing the Personal Data
METHODS OF PROCESSING
The Owner takes reasonable security measures to prevent unauthorized access, use, disclosure, modification, or destruction of the Personal Data. The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Application (such as but not limited to administration, sales, marketing, legal, system administration) or external parties (such as but not limited to third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner.
LEGAL BASIS OF PROCESSING
The Owner may process Personal Data relating to Users if one of the following applies:
Users have given their consent for one or more specific purposes.
provision of Personal Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
processing is necessary for compliance with a legal obligation to which the Owner is subject;
processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
processing is permitted by applicable law.
processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party, where permitted under applicable law.
In any case, where such rights are available under applicable laws, you may request the Owner to identify the specific legal basis that applies to the processing, and whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. This may not apply in all countries.
The Personal Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located. Depending on the User’s location, data transfers may involve transferring the User’s Personal Data to a country other than their own. In such cases, the Owner will take appropriate measures and comply with the applicable data protection law for such overseas transfers. To find out more about the place of processing of such transferred Personal Data, please refer to the “Detailed information on the processing of Personal Data” section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for or if the Owner has the legal right to retain the Personal Data under applicable law.
The Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted or anonymized. Therefore, the applicable Data Subject rights, such as the right to access, the right to erasure, the right to rectification and the right to data portability, are not available after expiration of the retention period.
THE PURPOSES OF PROCESSING
The Personal Data concerning the User is collected to allow the Owner to provide the Application, as well as for The hosting and backend infrastructure of the Application.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Detailed information on the processing of Personal Data
Personal Data may be processed by our Data Processors for the following purposes:
PLATFORM SERVICES, HOSTING AND BACKEND INFRASTRUCTURE
This type of service has the purpose of running key components of the Application, and hosting Personal Data and files that enable the Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Platform services also provide a wide range of tools to the Owner – e.g. analytics, user registration, database management.
Some services may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
The rights of Users
Users may exercise certain rights regarding their Personal Data processed by the Owner.
Where provided under applicable law, Users may have the right to do the following:
Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to processing of their Personal Data. Users have the right to object to the processing of their Personal Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
Make an Access Request to their Personal Data. Users may have the right to learn if Personal Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected.
Restrict the processing of their Personal Data. Users have the right, under certain circumstances, to restrict the processing of their Personal Data. In this case, the Owner will not process their Personal Data for any purpose other than storing it.
Make a Request to have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to request the erasure of their Personal Data from the Owner.
Make a Request to have their Personal Data transferred to another controller. Users may have the right to receive their Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to make a complain to the competent data protection authority.
HOW TO EXERCISE THESE RIGHTS
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests will be addressed by the Owner within a reasonable timeframe.
Additional information about Personal Data collection and processing
The User’s Personal Data may be used for legal purposes by the Owner in court, before a tribunal or regulatory authority or in the stages leading to possible legal action. The User should be aware that the Owner may be required to reveal Personal Data upon request of public authorities.
INFORMATION NOT CONTAINED IN THIS POLICY
If you have further questions concerning the collection or processing of Personal Data, you may contact the DPO through the contact email above.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Definitions and legal references
Any information that directly, indirectly, or in connection with other information that the Owner has or is likely to have access to that allows for the identification or identifiability of a natural person.
USER (OR YOU)
The individual using the Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
DATA PROCESSOR (OR DATA SUPERVISOR)
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this Policy.
DATA CONTROLLER (OR OWNER)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
THIS APPLICATION (OR GAME)
The means by which the Personal Data of the User is collected and processed.