Your personal data will be held by us in accordance with applicable data protection laws. For the purposes of data protection laws, the data controller will be DragonPlus Limited and Beijing DragonPlus Game Limited.
You can contact our Privacy Officer to discuss any privacy and related queries you may have via email: firstname.lastname@example.org
2. How we collect your personal data
We collect personal data about you in the following ways when you use our products and services. We collect information in the following circumstances:
- when you use our apps;
- when a user account is created and managed;
- when you connect your user account to your Facebook;
- when you participate in any interactive features of the Service; or
- when you otherwise communicate with us or via the Service.
When you access to our websites and our apps , we won’t collect your legally-sensitive data (i.e. race, ethnicity, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, sexuality and/or criminality) and other sensitive data (i.e. child data, social security numbers, bank account or payment card details).
We may collect user’s data from you, which includes:
- your name, date of birth, email address, and personal description;
- demographic and location information as well as information from your device including but not limited to IP address, device UDID, IDFA, IDFV, Android ID, software, applications, hardware, browser information, internet usage information and in-game information;
- technical information such as the internet protocol (known as IP) address used to connect your device to the internet, your log-in information, time of access, date of access, time zone setting, web page(s) visited, software crash reports, type and version of browser used, browser plug-in types and versions used, and operating system and platform to ensure the security of your account and to verify that the person operating your account is you;
- your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites and apps(including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call out customer service team; and
- in-app behaviors when you use an app, participate in discussions board or other social media functions, or when you report a problem on our websites or mobile apps.
We may also employ third party ad-serving (including but not limited to Google, Facebook, Mopub and its affiliates) and/or analytics technologies(including but not limited to Tableau, Kibana and its affiliates) that may use various methods to collect information through our software and the Service. These technologies may be embedded within our software and the Service and may collect, amongst other things, the above information
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfill our contractual requirements or, in extreme cases, may not be able to continue with our relationship. We will inform you if your failure to provide any requested personal information is going to result in these consequences.
For details of the legal bases that we rely on to be able to use and process your personal data, please see section 11 below.
3. Why we collect your personal data
We collect, use and disclose your personal data collected through our Service for a number of reasons, including:
- to carry out our obligations as a result of any contract entered into between you and us and to provide you with the information and services that you request from us, including to set up, manage and administer your account (including for anti-money laundering, prevention of terrorist financing, processing any self-exclusion requests and identity verification purposes);
- to notify you about changes to the products and services that we offer and (where you have indicated your consent) to directly market these products and services to you;
- to administer our websites for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in interactive features of our products and services
- as part of our efforts to keep our products and services safe and secure;
- to measure or understand the effectiveness of our advertising and marketing;
- to operate and improve our products and services;
- to set up and maintain your registration with the Service;
- to improve customer service;
- to provide features available in the Service;
- to audit and analyze the Service;
- to ensure the technical functionality and security of the Service;
- to inform you of promotions, rewards, upcoming events, and other news about products and services offered by DragonPlus;
- to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- for statistical and research purposes (including market research, marketing and data analysis purposes);
- to identify your behavior, habits and preferences;
- to handle payment and collection processes to and from customers;
- to ensure the effective operation of software and IT services procured by us (including disaster recovery);
- to comply with licensing and regulatory requirements that are applicable to us; and
- for other reasons with your consent.
We (and permitted third parties, including but not limited to Google, Facebook, Mopub and its affiliates) may contact you for direct marketing purposes via social and direct messages, email, etc.
This marketing may relate to:
- products and services, we (or permitted third parties) feel may interest you;
- information about other goods and services we offer that are similar to those that you have already used or enquired about;
- upcoming events, promotions and new products/services or other opportunities as well as those of selected third parties; and
- information regarding any applicable loyalty programs (including points earned and free, bonus and promotional points).
If you no longer wish to receive marketing communications from us, you may:
- contact our Privacy Officer at email@example.com; or
- refer to your operating system settings, or follow instructions below:
- Android Users (version 2.3 and above)
To use the “opt-out of interest-based advertising” option, follow the instructions provided by Google here: Google Play Help.
- iOS users (version 6 and above)
To use the “Limit Ad-Tracking” option, follow the instructions provided by Apple here: Apple Support Center.
For clarity, any telephone calls that you make to us may be recorded for training or security purposes and may be stored and used to verify your instructions to us.
For information about the legal conditions which allow us to do this, please see section 11 below.
4. Who do we share your information with
We may share your personal data with the following categories of recipients:
1) related entities
Your personal data will be used by us and disclosed to our group companies, including DragonPlus Limited and all of its subsidiaries.
2) selected business partners and advertising partners
Your personal data will be disclosed by us to our business partners and advertising partners, including without limitation, Google, Facebook (including their sub-contractors) who will use your data, amongst other things, to review and improve their products and services, to help them identify new products and services, for statistical analytical purposes and for the purpose of directly marketing their products and services to you, subject to you consenting to their private policies as presented in each of their websites.
3) public authorities/ regulatory bodies/industry bodies
We may disclose your personal data:
- to regulators and law enforcement agencies (including those responsible for enforcing anti-money laundering legislations);
- in response to an enquiry from a government agency.
4) service providers
We may disclose your personal data to third party service providers (including our professional advisors, data analysis processors and data storage service providers) who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data in order to provide us with their services and will not be able to use it for their own purposes.
Your personal data and your in-game behaviors will be recorded in US by AWS from Amazon.
5) replacement providers
If the management and operation of DragonPlus Limited and its affiliates are transferred from us to another company, we may disclose your personal data to the other company so the products and services can continue to be provided to you.
In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
If DragonPlus Limited or substantially all of its assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
5. What are your rights?
You have various rights in relation to the data which we hold about you. We have set these out below.
To get in touch with us about any of these rights, please contact our Privacy Officer at firstname.lastname@example.org. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
The EU General Data Protection Regulation ("GDPR") gives you the following rights in relation to your personal data:
1) Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
- because it is in our legitimate interests to do so (for further information please see section 11 below);
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials; or
- for scientific, historical, research, or statistical purposes.
2) Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
3) Data subject access requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
4) Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
- the data are no longer necessary;
- you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- the data has been processed unlawfully;
- it is necessary for the data to be erased in order for us to comply with our obligations under law; or
- you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
5) Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
6) Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data too. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
7) Right of data portability
If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
8) Right to complain
You have the right to lodge a complaint with our regulator, who is the Information Commissioner's Office in the UK. You can contact them in the following ways:
- Phone: 0303 123 1113
- Email: email@example.com
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We will take all reasonable precautions necessary to protect your personal data from
- loss, theft, misuse and interference;
- unauthorized access, disclosure, use or modification.
Such measures will vary depending on the sensitivity, amount, format, nature and storage of the information and will involve, as applicable, physical, organizational and electronic security measures.
This includes, for example, the protection of passwords using industry standard encryption, measures to preserve system security and prevent unauthorized access and back-up systems to prevent accidental or malicious loss of data. We may use third party data storage providers to store personal data electronically. We take reasonable steps to ensure this information is held as securely as information stored on our own equipment.
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
7. Children’s Privacy
This Service is not directed to children younger than thirteen (13) years of age. We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to use our Services. If you are under 13, please do not use the Service and do not send any information about yourself to us.
8. International transfers of data
The data that we collect from you will be transferred to, and stored at, destinations both within and outside the EEA. As mentioned above, we may disclose your personal data to our group companies and their service providers located in US and elsewhere, and to employees operating outside of the EEA who work for us or for one of our group companies or their respective service providers.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:
- by way of an intra-group agreement between DragonPlus entities, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
- by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
- by transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
- by transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
- where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
- where you have consented to the data transfer.
A cookie is a small data file sent by a website to your computer that is stored on your hard drive when you visit certain online pages of our website.
You can set your browser to accept or reject all cookies or notify you when a cookie is sent. If you reject cookies or delete our cookies, you may still use our websites, but you may have reduced functionality and access to certain areas of our websites or your account. You may disable or accept cookies at any time by changing your web browser’s options.
10. How long will we keep your personal data?
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
In general, we will retain your personal data for as long as we provide services to you and your account is active and following that period, for as long as we provide you directly with any other service offering.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavor to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
11. Legal grounds for using your personal data
There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.
1) Where using your data is in our legitimate interests
We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:
- to help us satisfy our legal obligations (for example, in relation to prevention of money laundering and anti-terrorism);
- to help us understand our customers better and provide better, more relevant services to them;
- to ensure that our service runs smoothly;
- to help us keep our systems secure and prevent unauthorized access or cyber-attacks; and
- to drive commercial value for the benefit of our shareholders.
2) Where you give us your consent to use your personal data
We are allowed to use your data where you have specifically consented. In order for your consent to be valid:
- It has to be given freely, without us putting you under any type of pressure;
- You have to know what you are consenting to – so we'll make sure we give you enough information;
- You should only be asked to consent to one thing at a time – we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and
- You need to take positive and affirmative action in giving us your consent – we're likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
When you register for an account with us, we ask you for specific consents to allow us to use your data in certain ways. If we require your consent for anything else in the future we will provide you with sufficient information so that you can decide whether or not you wish to consent.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in section 5 above.
3) Where using your personal data is necessary for us to carry out our obligations under our contract with you.
We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you.
4) Where processing is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.