Last Update: September 16, 2022
Table of contents
Who is the Data Controller
Information We Collect and How
Purpose of Processing Personal Data
Legal Basis for Processing Personal Data
The Security of Your Personal Data
Information We Share - Data Transfer
National Data Protection Authority in Cyprus
1.3 An overall principle is that we do not collect more information than is reasonably necessary to provide you with the best user experience.
For the purposes of this Policy:
a. “personal data” means data that relates to you as an identified or identifiable natural person.
b. “data subject” (or User) is any living individual who is using our Service and is the subject of Personal Data.
c. “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
d. “data controller” means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data;
e. “data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
f. “usage data” is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
g. “cookies” are small pieces of data stored on your device (computer or mobile device).
h. “GDPR” and/or “Regulation” is the EU General Data Protection Regulation 2016/679.
3. Who is the Data Controller
For the purposes of the relevant data protection legislation (GDPR), the data controller is the legal person “LAPITOPA LTD”, a Cyprus company, having its registered office at 35 Vragadinou, Ground floor, 3040 Limassol, Cyprus, e-mail: firstname.lastname@example.org.
4. Age Restriction
We do not knowingly collect personal information about persons under the age of 16 in cases where we can control it. For example, it is not possible to control information that is communicated to us online. In any event, if we find that we have collected any personal information from a person under the age of 16 (in accordance with Article 8 of the Regulation), we will delete the information from our records immediately and we will terminate the account (if any). If you believe we may have collected information from a person under the age of 16, please contact us.
5. Information We Collect and How
5.1 We collect information about you directly from you, automatically through your use of our Service and from third parties. We may combine the information that we collect about you from these various sources.
5.2 When you are using the Services or by corresponding with us by email or otherwise, you may give us information/personal data about you. This includes but not limited to information you provide when you register to use, subscribe to our Service, or when you report a problem with our Services. The information you give us may include:
a. Contact information (such as name, surname or nickname or email you submit as part of your register for log-in via social networks);
b. Data about the build version, your game account, game progress and in-game events, we create a Lapitopa-specific ID for you when you use The Services;
c. Your IP address and unique mobile device identification numbers (such as your device ID, advertising ID, MAC address);
d. Data about your device, such as manufacturer, operating system, CPU, RAM, browser type and language, current time;
e. Broad location data (e.g. country or city-level location);
f. Data (such as your nickname, email, profile picture) we receive if you link another provider’s tool with the Service (such as Facebook);
g. Purchase history, including details of orders (purchase ID, amount spent, currency, date, time, vouchers or offers used);
h. Data from platforms that the games run on (such as to verify payment);
i. Data for advertising and analytics purposes, so we can provide you a better Service;
j. Your email address and your messages to the Services (such as chat logs and player support tickets sent by email or through Helpshift service (or another service we can use in the future) any feedback you submitted about your experience with us; and/or
l. We may also collect certain data (like IP address, username, time of entry and re-entries etc.) that is required for our detection, investigation and prevention of cheating and/or violations in our Games. These data are used for the purposes of detection, investigation and prevention of frauds and cheating in our Games. If the data can be used to prove that cheating or another fraud or violation has occurred, we will further store the data for the establishment, exercise or defense of legal claims during the applicable statute of limitations. Please note that the specific data stored for this purpose may not be disclosed to you or any third parties, since the disclosure will compromise the mechanism through which we detect, investigate and prevent frauds and cheating in our Games. In such cases we might also need to pass your information to fraud prevention agencies, or any other related organizations involved in crime and fraud prevention, such as the police.
5.3 We collect information that comes from you while you are playing our Games, interacting with the application / website and the Services in general.
Such information includes but not limited to what device you are using, the way you play the game and your levels, profile visits and the information that you provide us with directly.
5.4 If you use any of the other services from other sources we provide, we may receive information about you from them. Furthermore, we may receive information about you from third parties with whom we are working closely including but not limited to Facebook, advertising networks, analytics providers, search information providers, credit reference agencies.
6. Purpose of Processing Personal Data
a. To respond to your submissions, questions, comments, requests and complaints and provide customer support;
b. To monitor and analyze usage of the Services and trends in order to personalize and improve the Services and experience of our users while using the Services;
c. To provide relevant content, ads and features that matches your or other people preferences;
d. To increase functionality and general quality of the Services;
e. To send you confirmations, updates, security alerts and support/administrative messages;
f. For marketing campaigns purposes, including (without limitation) email marketing campaigns;
g. To provide competitions;
h. To prevent cheating, fraud and crime and to verify your compliance with our terms and conditions and our policies;
i. To meet legal and tax obligations and to carry out financial, regulatory and management reporting, and audit and record keeping;
j. To provide and maintain our Service;
k. To notify you about changes to our Service;
l. To allow you to participate on interactive features of our Services when you choose to do so;
m. To gather analysis or valuable information so that we can improve our Service;
n. To detect, prevent and address technical issues;
o. For any other purposes, which we believe are necessary and for which the information is collected;
p. To protect our property rights and to enforce our legal rights.
7. Legal Basis for Processing Personal Data
According to Article 6.1 of the GDPR, we rely on the following legal basis for the collection and use of your personal information:
a) You have given your consent to the processing of your personal data for one or more specific reasons. We may sometimes ask your consent to collect other information from you or your device. In such instances, we will inform you about the information we would like to collect, the reason we need it and what we will use it for. You have the right to withdraw consent at any time.
b) Processing is necessary in order to enter into or perform a contract with you. For example, we may need to use your information in order to provide you with the information, products and services that you request from us or information about goods and services we feel may interest you, to notify you of changes to our Service etc.
c) Processing is necessary for compliance with legal obligations we are subject to. For example, to prevent fraud or potentially illegal activities and, to take action against fraudulent or misbehaving players, or to keep our Services and its features safe, we may use your data.
d) Processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests, rights or freedoms, such as for the purposes of data analysis, testing, research and surveying, as well as for the purposes of marketing and promotion of our products.
8. Retention Period
We store personal data for as long as required by the respective processing purpose and any other lawful linked purpose.
Personal data that are collected under the legal basis of ‘Legal Obligations’, are maintained after the expiry of the legal obligations as long as the relevant institutional framework permits.
Data that may be necessary for our legitimate interests as the controller are kept until the reason for such storage has expired.
Personal data of expression of interest through a query or a complaint are kept no longer than 6 months after the query or the complaint is answered and permanently settled.
Players’ personal data are kept for 5 years since the last day of active participation in the Games. We will delete your personal data after you request your Account deletion and the grace period of 45 (forty - five) calendar days, during which we can restore your Account, expires.
Specifically for personal data we process based on your consent (e.g. for marketing purposes), such data are kept from obtaining your consent and until it is revoked.
Personal data that are no longer necessary are safely destroyed or anonymized.
9. The Security of Your Personal Data
We have implemented reasonable and appropriate organisational and technical measures to protect the personal data and the entire information we collect from security risks.
We do follow the rules of Regulation (EU) 2016/679 (General Data Protection Regulation) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the generally accepted industry standards to protect the personal information submitted, both during transmission and once we receive it. Therefore, while our goal is to use commercially acceptable ways to protect your personal information, we cannot guarantee it is absolutely secure, since no method of data transmission over the Internet, or method of electronic storage is 100% secure. Please note that information that you voluntarily make public, or which you disclose by posting comments or inserting of the content will be publicly available and viewable by others. We do not hold any liability for any information that you voluntarily choose to make public through such and/or other explicit actions.
10. Information We Share - Data Transfer
For the performance of an agreement with you, compliance with a legal obligation we are subject to, and based on our legitimate interests, we may share or disclose your personal data with the following categories of third parties:
a) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
b) third party companies that perform services on our behalf, including payment processing, data analysis, marketing services, email campaigns, hosting services, and customer service. While providing the services for us, these companies may access your personal information, and are required to use it solely as directed by us for the purpose of our requested service;
c) advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 200 women aged between 40-50 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
d) player support partners: for some territories and products we engage third parties to provide you with appropriate player support services. Such companies may get access to your personal data, including personal data that you may provide in your player support requests.
We may disclose your information when you give us your consent to do so, including if we notify you on the Games that the information you provide will be shared/disclosed in a particular manner and you provide such information.
Some personal data of yours may be disclosed to public authorities, e.g., tax and customs authorities, auditors, or to any supervisory or persecutory authority within its role or any judicial authority where required by law or judicial decision, after their request, in accordance with Union or Member State law.
Your information (including personal data) can only be accessed (with limited access rights to the absolutely necessary) by our authorized employees or consultants or the concerned group entities that need to have access to this data in order to be able to fulfil their given duties. In order to help ensure a secure of your data, we are developing and implementing administrative, technical and physical security measures to protect your data from unauthorized access or against accidental or unlawful loss, misuse or alteration.
We are working with third parties that are based outside of the European Economic Area (EEA), and may transfer data about you to the countries in which these parties reside. Whenever we share personal data originating in the EU with an entity outside of the EEA, we guarantee an adequate level of personal data protection and we will do so on the basis of the EU standard contractual clauses, with your consent, or because such transfer is necessary performance of an agreement.
Some of the information you provide to us are stored on our secure servers, based in the European Economic Area (“EEA”) and/or in the United States of America.
By submitting your personal data, you agree to this transfer, storing or processing.
11. Your Rights
Under the General Data Protection Regulation, you have certain data protection rights when it comes to having access to your personal data, which you can exercise by contacting us at the email address provided below.
These rights are the following:
a) Right to be informed. Before data is collected, you have the right to know how it will be collected, processed and stored and for what purposes. This right is exercised through a privacy and data processing notification.
b) Right of access. You have a right to inquire and know what information we hold about you how and why we use your information, to whom we disclose your information, and request a copy of the information we hold about you. In order to exercise this right, you should contact us at email@example.com and to identify which information would you like to receive. We shall get back to you in the fullest extent possible, however please note, that we might need to verify your identity before sharing the information with you, as well as that we might not be able to provide you with certain types of information if it is related to other users information Please note that we may not be able to provide all the information you ask for, for instance if the information includes personal information about another person. Where we are not able to provide you with information that you have asked for, we will endeavor to tell you why.
c) Right to correction/rectification. We put our best effort to keep the information that we hold about you accurate and up to date. Since it is not possible for us to be aware of any changes to your personal data if you do not inform us, please help us keep your information accurate by informing us of any changes to your personal information we do process. In case you have reasons to believe that the information we hold is incomplete or inaccurate, please inform us at firstname.lastname@example.org and we will act accordingly.
d) Right to erasure/right to be forgotten. We have to answer such right when:
your personal data are no longer necessary in relation to the purposes for which we collected it;
withdraw your consent on which the processing is based and where there is no other legal basis for the processing;
your personal data have been unlawfully processed;
have to be erased for compliance with a legal obligation we are subject to;
We reserve the right to refuse this right of immediate implementation if the processing is necessary for compliance with any legal obligation we are subject to, or for reasons of public interest, or for the foundation and exercise or support of our legal claims (according to Article 17 par. 3 of the Regulation).
In case you want to exercise such a right, please let us know via e-mail at email@example.com. Be informed, that in order for us to process your request and to prevent us from collecting any future information about you, you should delete the Games and/or applications from your devices and terminate your account with us and clear your cookies from any device where you have played our Games in a web browser.
e) Right to restriction of processing of your personal data. You may have the right to request to block or suppress processing of your personal data, when certain conditions apply. If you would like to exercise this right, please contact us at firstname.lastname@example.org.
f) Right to data portability. In some circumstances, you have the right to request from us to move, copy or transfer to you, in a safe and secure way, in a commonly used and machine - readable format, the data which you have provided to us, in order to transfer it to another data controller. Whenever technically possible, this also includes the right to have the data transferred directly from us to another controller without you having to handle the data. If you would like to exercise this right, please contact us at email@example.com.
g) Right to object to processing/right to withdraw consent. You have the right to object to the processing of your personal data for specific reasons such as direct marketing purposes, purposes of historical/scientific research or for the performance of a task in the public interest. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. After your request, we shall no longer process your personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms. If you would like to exercise this right, please contact us at firstname.lastname@example.org.
h) Rights related to automated decision-making including profiling. We do not carry out any decision-making based solely on automated processing, including profiling unless we have your consent, or we need to do so to perform a contract with you.
Additionally, you have the right to opt-out of direct marketing. Specifically, if you have elected to receive direct marketing communications from us, you can change your mind at any time by following the opt out link in any marketing communication that is sent to you. If you have elected to receive more than one type of marketing communications from us, you may need to opt out of all of them individually. It may take a few days for us to update our records before any opt out is effective.
In the event that you make such request in a written or electronic form regarding any of the above rights and provided that the request is coming from the data owner and this may be verified, we will assess your request and respond within one month of its receipt, either for its satisfaction or to provide you with objective reasons preventing it from being satisfied, or, given the complexity of the request and the number of requests at the given time, request an extension of response for a further two months period (Article 12 par. 3 of the Regulation).
The exercise of your rights is free of charge.
Furthermore, you have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
If you are dissatisfied with the use of your data by us, or our response after exercising your rights, you have the right to lodge a complaint with a supervisory authority. Before such complaint, you may contact us if you wish so we can provide you with complete information and support.
12. Contact Us
For any questions regarding the processing of your personal data and the exercise of your rights mentioned above, you may contact us by e-mail at email@example.com.
13. National Data Protection Authority in Cyprus
If you wish to contact with the Supervisory Authority in the country of our establishment, the contact details are:
Iasonos 1 str.,