PRIVACY POLICY

1. DATA CONTROLLER

The data controller under the GDPR is Ray Browser Ltd. The contact details of the controller are as follows:

Ray Browser Ltd. (business ID 3290420-7)
Pihatörmä 1 A, 3rd floor
02240 Espoo
Finland

Contact details for data protection matters:
privacy@raybrowser.com

2. PERSONAL DATA PROCESSED AND SOURCES OF PERSONAL DATA

Your personal data is in most cases collected from yourself when you use our Services, create an account and log in to our Services, contact us, e.g., through the Website or via phone or other means of communication. In addition, we may also collect certain personal data automatically when you use our Services.

Personal data collected and processed may include:

Basic account data

• Name
• Age
• Contact information, such as telephone number and email address
• Username and password necessary for registering for the Services
• Marketing opt-out and opt-ins (please also see our Cookie Policy)

Other data you explicitly submit

We may also collect and process personal data whenever you explicitly provide it to us or send it to us as a part of communication with others or when you provide feedback or other user generated content. This data may include, e.g.:

• Information that you post, comment or follow in the Services
• Profile information including possible profile picture (to the extent such picture constitutes personal data)
• Information sent through chat functions in the Services
• Communication between Ray Browser and you when you are in contact with us, e.g. via phone or email

Analytics Data

The data logging systems we use automatically collect certain analytics data (hereinafter Analytics Data) when you visit the Website or use the Services. Although we do not typically use Analytics Data to identify you as an individual, you can sometimes be recognized from it when combined with the basic account data or other categories of data collected. In situations where Analytics Data is considered personal data under applicable laws, and we will process such data in accordance with this privacy policy.

We collect the following Analytics Data:

Device Information. We collect the following information relating to the technical device you use when visiting the Website and on your use of the Services:

• IP address and location of your device
• Mobile device identifiers such as unique device ID
• Device data and technical data, e.g., device type and operating system, network connection type, browser type and version, internet service provider
• User preference and settings, e.g., language settings, settings regarding push- notifications and in-game sound and music

Usage Information. We may also collect information on your use of the Services, such as:

• Game statistics e.g. game progress, rewards as well as data associated with any bugs and malfunctions or possible cheating or hacking
• Time spent in the Services and interactions with the Services (such as games played)

3. PURPOSE AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

3.1 Legal grounds for processing

We process your personal data based on the following legal grounds, as applicable:

• To provide you with our Services under the terms of service agreed between us (i.e., performance of contract).
• To fulfil our obligations under mandatory legislation (i.e., legal obligation).
• We may also process your personal data on the basis of our legitimate interests in order to carry out, maintain and develop our Services and to manage our customer relationships, and to handle any legal claims.
• In some cases, we may ask for your consent to process your personal data. In these cases, you have the right to withdraw your consent at any time.

3.2 Purpose

We process personal data for the following purposes:

To provide you our Services and perform our obligations under contractual relationships (legal basis: performance of contract or legitimate interest, as applicable)

We process your personal data to be able to offer you our Services and ensure their function. We also process personal data to operate our Services and develop and improve the Services and your user experience. In addition, we process your personal data to track your process in the Services and permit your interaction in with other users and players in the Services.

To comply with our legal obligations (legal basis: fulfilling a legal obligation)

We process your personal data to administer and fulfil our legal obligations. For example, we may process the data to fulfil our accounting obligations and to provide information to competent authorities such as tax authorities.

For customer service and communication (legal basis: legal basis: performance of contract or legitimate interest, as applicable)

We may process personal data to process and respond to customer feedback and service requests. We also process your personal data to communicate with you about our Services and any possible changes to them, to the extent permitted under applicable laws. If you contact our customer service, we may use the information you provide to answer any questions you may have and to resolve any problems you encounter with our Services.

Claims handling and legal proceedings (legal basis: performance of contract or legitimate interest, as applicable)

We may process personal data in connection with the processing of claims and legal proceedings. We may also process personal data to prevent fraud and misuse of our services and to maintain the privacy of the data we collect, the systems we use and our network.

To show personalized advertisement or for other additional purposes (legal basis: consent)

With your consent, we may process your personal data for additional purposes such as providing you personalized advertisements in the Services or sending you updates through push notifications. You have the right to withdraw your consent at any time. For more information on our personal data processing related to the use of cookies and similar technologies, please see our cookie policy.

4. RECIPIENTS OF PERSONAL DATA

We share your personal data within Ray Browser only to the extent reasonably necessary for the purposes set out in this privacy policy.

In certain circumstances, our activities may require us to share personal data with parties outside Ray Browser. In the situations described below, personal data will be transferred or disclosed in accordance with, and only to the extent permitted by, the GDPR and other applicable legislation and this privacy policy.

Service Providers

We use third party service providers in our business. Cooperation between service providers and us requires the transfer of personal data to such third parties, including service providers of IT systems and sales and marketing services. These service providers typically process your personal data on behalf of or for Ray Browser as processors of personal data.

Other players and users

Social features such as leaderboards or friend lists can be a component of the games available within the Services. Other players and users may, for example, see your profile data, in-game activities or high scores and read the messages you have posted.

Authorities

We may be required to transfer or disclose personal data to public authorities (such as the police or tax authorities) based on applicable law or the fulfilment of legal obligations.

The data used for legal purposes or in legal proceedings

We may also share your personal data with third parties outside of Ray Browser if we consider that access to and use of the personal data is reasonably necessary to: (i) comply with applicable laws and regulations and/or an order of a court or authority; (ii) detect and prevent misuse, crime, technical failures and information security problems; and/or (iii) guarantee our and your safety and the protection of property, as well as the public interest.

The data used for other legitimate reasons

If Ray Browser is a party to or contemplates a merger, asset deal or other acquisition or transaction, we may transfer your personal data to a third party involved in the transaction, such as a prospective buyer and its advisors, to the extent permitted under applicable privacy laws. In addition, we may receive personal data in connection with such processes.

The data used based on your consent

We may share your personal information with third parties outside Ray Browser if we have your explicit consent to do so. You have the right to withdraw your consent at any time.

5. INTERNATIONAL DATA TRANSFERS OUTSIDE EUROPE

In principle, we process your personal data within the territory of the Member States of the European Union (EU) and in the European Economic Area (EEA).

However, the service providers we use may process personal data on our behalf on servers located outside the EU or EEA. Where personal data is transferred to countries outside the EU/EEA, we will ensure that the transfer of personal data only takes place in accordance with the appropriate safeguards of the GDPR, for example by means of an adequacy decision or standard contractual clauses approved by the European Commission. For the current standard contractual clauses, please visit the European Commission’s website.

6. STORAGE PERIOD

As a general rule, we will only store your personal data for as long as necessary for the purpose(s) for which your personal data was collected. The data will be deleted when it is no longer needed for the purpose for which it was collected, unless it is necessary to store the personal data for longer than is necessary for the purposes of the specific processing in order to comply with the requirements of applicable laws (for example, for accounting purposes).

Below you can find examples of the storage periods for certain personal data:

• Your basic account data will be stored usually within 6 months from when you have deleted your account. However, we may store some basic account data like your contact and payment information including your communication with us as long as required under applicable legislation or as long as we have a legitimate reason store such data for example for claims handling, bookkeeping or other legal action purposes. All basic account data shall however be deleted within 10 years from the end of the customer relationship or your last contact with us, unless a longer storage period is exceptionally necessary, for example, for legal proceedings.

We regularly review the storage periods for your personal data. When personal data is no longer needed, we will delete or anonymize it as soon as possible.

7. CHILDREN

We do not knowingly collect or solicit personal data about or direct or target interest-based advertising to anyone under the age of 13 or knowingly allow such persons to use our Services. If you are under 13, please do not send any data about yourself to us, including your name, address, telephone number, or email address. No one under the age of 13 may provide any personal data through the Website or Services. The legal guardians are responsible for ensuring that children under the age of 13 do not provide personal data through the Website or Services. If we learn that we have collected personal data about a child under the age of 13, we will delete such data. If you believe that we might have any data from or about a child under the age of 13, please contact us by sending an email to privacy@raybrowser.com.

8. YOUR RIGHTS

You have various rights regarding our processing of your personal data. These rights include, in particular, the rights listed below. These rights are not absolute, and each right is subject to exceptions and conditions as set out in applicable legislation which are not exhaustively described below.

• Right of access to data: You have the right to access or obtain a copy of the data we process about you. We may refuse to provide you with a copy of some of your data if providing such data would compromise the rights and freedoms of others.
• Right to request the correction of data: You have the right to require us to correct or complete any inaccurate or outdated personal data that we store about you.
• Right to request the deletion of data: You may request us to erase personal data about you from our systems in certain circumstances, such as where the personal data is no longer necessary for the purposes for which it was collected, where the processing of such data is unlawful, or where the data has been processed on the basis of consent and you withdraw your consent. We will take the requested action unless we have a legitimate reason not to delete the data.
• Right to object to data processing: You always have the right to object to the processing of your personal data for direct marketing purposes. In addition, you may object to the processing of your personal data based on legitimate interests on the basis of your particular situation, unless we can demonstrate compelling legitimate grounds for such processing.
• Right to restrict the processing of data: You may request us to restrict your personal data processing, for example, for the period required for verifying the correctness of your personal data if you have denied the accuracy of your personal data.
• Right to withdraw consent: Where we process personal data on the basis of your consent, you have the right to withdraw your consent at any time by sending an email or postal letter to the email or postal address provided in this privacy policy. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out prior to the withdrawal.
• Right to transfer data from one system to another: You have the right to receive your personal data from us in a structured and commonly used format and the right to transfer the data independently to a third party.

9. LODGING A COMPLAINT

If you consider that our processing of personal data infringes the applicable data protection laws, you may lodge a complaint with a local supervisory authority. You can find a list of local supervisory authorities in: https://edpb.europa.eu/about-edpb/about-edpb/members_en. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/home.

10. SECURITY OF INFORMATION

We use technical and organizational safeguards to protect the personal data we collect and process. The measures Ray Browser (and/or our suppliers, as applicable) uses include data encryption, firewalls, secure facilities and systems protected by limited access rights and passwords. Our security measures are designed to maintain an appropriate level of data confidentiality, integrity, availability, fault tolerance and recoverability. We regularly test our services, systems and other hardware for vulnerabilities.

11. EXERCISE OF RIGHTS

Ray Browser is the controller of the personal data processed as described in this privacy policy. If you have any questions or comments about the processing of your personal data or this privacy policy, or if you wish to exercise your rights, you may contact us by letter or email at the addresses set out at the beginning of this privacy policy.