Effective 18 November 2024
WELCOME TO BIT ODD!
When you use our Services, we and third parties may process your personal data. We are committed to protecting your personal data and respecting your privacy.
This privacy policy (or “Policy”) explains how BIT ODD (“we” in this Policy) collects, uses, discloses, and safeguards your information when you use our games and websites or other Services, and what rights you have under this Policy. You will find more information from our Terms of Service.
TERMS
To help you to really understand this Policy, we have collected a small vocabulary for you to get the basic concepts straight. There are a lot of terms in data protection, and you might wish to do some further reading if any are unfamiliar (or just see HOW TO CONTACT US section further below), but these are the most commonly used ones and the ones that we believe help you the most to understand the content of this Policy.
Data Controller
The data controller is the company or other entity that decides how and why your personal data is used. Think of it as the manager who makes the rules about your data. In this Policy, the term “data controller” means BIT ODD Oy, address Ludviginkatu 3-5, 00130 Helsinki, Finland.
Data Processor
The data processor is a company or person that processes data on behalf of the data controller. They follow the rules set by the data controller. Imagine them as the worker bees who handle data tasks but don’t make the rules. As you can imagine, there are usually many of them.
Data Subject
A data subject is you! It’s any individual whose personal data is being collected, held, or processed. In other words, you are the data subject when we handle your information. When you use our Services such as play our games or visit our websites, you provide us with your personal information by, for example, creating an account. We may also collect personal data of your usage of the Services, for instance, when you log in, how long you use the games, the things you do when you play the games and similar things.
International Transfer
International transfer is when personal data is sent outside the country or region where it was collected. We ensure that your data is protected even when it travels internationally, kind of like sending a secure package across borders.
Joint Controller
A joint controller is when two or more companies decide together how and why to process your data, just like the data controllers above but just together. They share the responsibilities. It’s like co-managers who jointly oversee how your data is used.
Processing
Processing is any action performed on personal data. This includes collecting, storing, using, and deleting data. Think of it as anything we do with your data, from gathering it to deleting it.
Services
We have explained our Services in our Terms of Service in more detail. In short, this means all the content you interact with provided by BIT ODD, including our games and websites.
WHY WE PROCESS YOUR DATA
We use your personal data for various purposes in connection with your use of the Services. We also have various reasons to do so. Those reasons are called legal bases, and we may use all of them depending on the situation. It is important to know what the legal basis is, as your rights (see YOUR RIGHTS AND OPTIONS) depend on the legal basis based on which we process your personal data.
There are six possible legal bases:
Consent
: We can process your data if you give us clear permission to do so. This is like giving us a thumbs-up to use your data for a specific purpose.
Performance or entering into a contract
: We need to process your data to fulfil a contract we have with you. For example, if you sign up for one of our games, we need your data to provide you with that Service. Think of it as us needing to know your details to keep our end of the bargain.
Legal obligation
: Sometimes, we must process your data to comply with the law. It’s like following the rules set by the authorities to stay on the right side of the law.
Vital interests
: In rare cases, we might need to process your data to protect someone’s life. This is usually an emergency where we need to act quickly for your safety or someone else’s.
Public task
: We can process your data if it is necessary for us to carry out a task in the public interest or in the exercise of official authority. This is typically more relevant for public authorities and less for private companies like us.
Legitimate Interests
: We might process your data for our legitimate interests, as long as it doesn’t override your rights and freedoms. This could include things like improving our services or preventing fraud. Imagine it as us doing what’s best for the business while still respecting your rights.
We may process your personal data for several purposes, which we have listed below.
To provide you with the Services
To provide you with the Services, including:
Creating accounts
Providing you Services as described in the Terms of Service and all relevant operations relating to that
Verifying and confirming payments
Sending you communications related to the Services.
We are doing all this based on performing our contract with you and our legitimate interests.
To make our Services more enjoyable and secure
We put in a lot of effort to keep everything running smoothly and ensuring that you have a pleasant experience. To make all this happen, we also do need to process your personal data in some situations. To deliver a top quality experience to you, we may process personal data for the following purposes:
Providing you the Services, that is:
Updating, deleting and improving player profiles
Developing, improving and customizing the Services and player experience
Ensuring security
Providing you with updates of our Services and other similar products
Communicating with you and the others
Responding to your comments and questions and provide player support
Sending you related information, such as updates, security alerts, and support messages
Providing social features, including enabling you to communicate with other players
Analyzing and monitoring use of the Services and their social features
Moderating chats either automatically or manually
Taking action against fraudulent or misbehaving players
Preventing harassment and cyber-bullying
Otherwise managing our relationship with you.
We are processing personal data based on our legitimate interest to ensure the functionality of our products, conduct business, improve our Services and manage our customer relationship.
To market and target
Sometimes we want you to know more about our Services or other parties’ services and products. To do so, we can also process your personal data (only to the extent allowed by law of course!). Such situations may include:
Showing non-targeted ads to you in our Services
Keeping track of your activity in our Services to learn about your interests
Keeping track of installations and installation source of our games
Measuring, analyzing and improving the effectiveness of our advertising both in and outside of the Services
Sending you communications about offers, rewards, events, or other news related to the Services.
We may process this based on our legitimate interest. Sometimes we also need your consent, which is outlined in a later part!
To recruit
If you want to work for us, you can do so by sending us an application by using careers@bit-odd.com. If you do so, we also need to process your personal data. This is necessary in order to enter into a contract with you.
Other situations that require consent
We can process your personal data based on your explicit consent. We tell you about the purposes in the relevant consent screen in the applicable Services if we are using consent as the legal basis for processing personal data. Such situations may include e.g. us using cookies on our websites.
THE PERSONAL DATA WE PROCESS
There are two ways for us to receive personal data regarding you. Firstly, you may provide us with personal data by giving it directly to us by, for example, creating a profile. Secondly, we may infer personal data of yours, such as through technical data related to your device or internet connection.
Here are the data types we may process:
Player nickname and credentials, including game specific credentials
In-game chat messages, direct messages to other players and messages between us and you
Other data you choose to give us (such as your email address and information provided in tickets)
Your IP address and mobile device identifiers (such as your device ID, advertising ID, MAC address and IMEI) and other technical identifiers needed
Data about your device, such as device name and operating system, browser type and language and your device settings
Data of your network connectivity
Data we collect with cookies and similar technologies (see more below)
Location data (country or city-specific)
Data to fight fraud (such as refund abuse in games)
Data from platforms that the games run on (such as to verify payment)
Data for advertising and analytics purposes, so we can keep improving our games.
DATA SHARING AND DISCLOSURE
We cannot do everything by ourselves, so to provide you with the Services we need help from our external service providers and partners. Some of these are independent controllers, who have their own purposes and policies in place. However, most of them are data processors, who help us to provide you with the Services that you interact with. When we use data processors to process data on our behalf, we enter into appropriate agreements with them, and they only process personal data as we tell them to do.
Below we explain who and in which situations may process your personal data. Please find full list of our partners in our partners list.
Data processors
We work with partners who perform specific services on our behalf, such as hosting, player support, advertising, analytics, and fraud prevention. These partners process your data strictly according to our instructions to help us provide our services and they are our data processors.
Other players and users
Social features are a key part of our games. Other players and users might see your profile data, in-game activities, and any messages you post or that you send directly to another user or group.
Independent controllers
Partners and External Platforms
We may share some of your personal data with the partners we collaborate with. Also, some parts of our services might link to other platforms or properties controlled by third parties. These partners are independent data controllers who determine how they process your personal data. For more details on how our partners handle your data, please review their privacy policies.
Advertising and Social Media Partners
Our services include features from partners like social media tools and in-game advertising. A list of these partners is available on our partner page. These partners may access your data and operate under their own privacy policies. We recommend checking their privacy policies to understand their data processing practices.
Legal and compliance
Other Companies and Public Authorities
To combat fraud and illegal activities, we may exchange data with other companies and organizations and provide it to public authorities in response to lawful requests.
Legal Requirements
We may also disclose your data to comply with the law or to protect the rights, property or safety of us, our players, or others.
Transactions and arrangements
If our company is ever sold, merged with another company, or undergoes any other business transaction, your personal data might be part of that deal. We’ll make sure to let you know about any changes in who owns or controls your data, either by posting a notice on our website or by other means.
INTERNATIONAL DATA TRANSFERS
Our Services are global, and your data might be transferred anywhere in the world. We also use service providers who may be located outside of the EU or EEA, especially in the US and Australia. Different countries have different data protection laws, so we take steps to ensure adequate safeguards are in place to protect your data. These safeguards include using and enforcing the European Commission adequacy decisions, including Data Privacy Framework (DPF) as well as the so-called standard contractual clauses approved by the European Commission.
DATA RETENTION
After the required retention period, we will either delete or anonymize your personal data. If that’s not possible (for example, because the data is on a backup server), we will isolate your data from any further use until we can delete or anonymize it. We may continue to use data that doesn’t identify you personally (such as aggregated data).
In general, we will store your data for 5 years and always at least for the time you use our Services. There might be situations where we will need to keep your data for longer period. Regardless, we will process your personal data only for as long as necessary to achieve the purposes for which it was collected. This includes providing you with the Services or complying with any legal, accounting, or reporting requirements.
AUTOMATED DECISION MAKING
We do not use automated decision making as part of our Services.
HOW WE PROTECT YOUR DATA
To keep your data and your experience safe, we continuously develop and implement various security measures, including administrative, technical and physical protections. These measures are designed to protect your data from unauthorized access, loss, misuse or alteration.
Our security practices are tailored to the level of risk involved. The specific measures include things like encryption in transit, pseudonymization of identifying data when possible, access controls to limit who can access your personal data, and procedures to handle any suspected security incidents. Please consider that the internet is an inherently insecure environment, and we cannot guarantee absolute security for your data.
YOUR RIGHTS AND OPTIONS
Depending on the legal basis (see WHY WE PROCESS YOUR DATA for more information), you may have the following rights:
Access Your Data
You have the right to know what personal data we hold about you and whether we process any data of you or not. This also means you have the right to know what data is processed of you. The easiest way is by contacting us via support@bit-odd.com
Correct Your Data
If you find that any of your personal data is incorrect or outdated, you have the right to ask us to correct it. Think of it as fixing any errors in your information.
Delete Your Data
In certain situations, you can ask us to delete your personal data. This is often called the “right to be forgotten”. It’s like asking us to erase your data from our records. We may have, however, legal reasons to keep the data you would wish to delete, in which case we cannot fulfil your request.
Restrict Processing
You can ask us to limit how we use your personal data in certain cases. For example, you might want to stop us from using your data while we check if it’s accurate or until you receive an answer from the data protection authorities regarding the lawfulness of that set of data.
Data Portability
You have the right to receive your personal data in a structured, commonly used format if we are processing your data based on consent or contract and transferring the data to you is possible for us. This allows you to easily move your data to another service. It’s like downloading your data to take it with you.
Object to Processing
If you don’t agree with how we are using your personal data, you can object to it. For example, you can ask us to stop using your data for direct marketing purposes. Again, we may sometimes have legal reasons why we continue to process the personal data despite the request.
Opt-out of Targeted Advertising
You can always opt-out of targeted advertising in our games by checking the privacy settings of your device or by using the applicable opt-out function provided by us or our partners.
Withdraw Consent
If you’ve given us permission to use your data, you can revoke that consent at any time. This means we’ll stop processing your data based on your original consent.
Complain to a Supervisory Authority
If you believe we are not handling your personal data correctly, you have the right to file a complaint with a supervisory authority. This is like taking your concern to an official organization that oversees data protection. You can find your European authority here.
CHILDREN
Our Services are intended and designed for adults. As such, when you access and use our Services, we may ask you to confirm your age. You can find the applicable age limit in our Terms of Service.
If we discover that you are a minor or do not meet another age threshold, we may take steps to limit, suspend, or terminate your access to the Services where we believe that to be necessary due to applicable regulatory or platform requirements or to provide you with an appropriate experience. If your access to the Services is not suspended or terminated, we alter or remove access to some parts of the Services to comply with applicable laws, regulations, and platform policies.
CHANGES TO THIS PRIVACY POLICY
Please note that our company and our Services are constantly evolving and that is why we may from time to time update this Policy by posting a new version on bit-odd.com. If we make any material changes, we will notify you. If you continue using the Services after those changes, the continued use will be subject to the updated policy. Please always ensure that you have familiarized yourself with the latest version of this Policy and our Terms of Service!
HOW TO CONTACT US
If you have questions about data protection or requests regarding your personal data, we encourage you to primarily contact us through our games so we can reply to you more quickly.
You can also reach us by email at support@bit-odd.com.