Privacy Policy

Privacy Policy

Effective Date: May 01, 2024


Synaptic Labs Ltd, and its subsidiaries or affiliates (collectively, “Synaptic Labs”,“we”, “us” and “our”), takes your privacy seriously. This privacy policy (“Privacy Policy”) explains how we collect, use and share Personal Information (as defined below). This Privacy Policy applies to information you provide or we otherwise collect when you use our services, mobile game or other application (an “App”) or visit our websites (the “Sites”) (collectively, the “Services”). For the avoidance of doubt, this Privacy Policy does not apply to websites, applications or services owned by Synaptic Labs that display or link to different privacy statements.


The data controller for the purposes of the General Data Protection Regulation and other national data protection laws of the Member States, as well as any other data protection-related regulation is:

The Controller is Synaptic Labs Ltd.

71 Queen Victoria Street

EC4V 4BE London

United Kingdom

Email: privacy@synapticlabs.uk

Website: https://www.synapticlabs.uk/


Some of our Services may target an audience including children under the age of 13. We do not knowingly collect personal information from children under the age of 13. For more information on how we treat children’s privacy, see section 7 below.

Table of Contents

  • General Principles of fata processing

  • Specific Instances of Data Processing

  • Data processing in external countries

  • Your Rights

  • Cookies

  • Children’s privacy

  • Changes to this Privacy Policy

  • Contact us

GENERAL PRINCIPLES OF DATA PROCESSING

Below we would like to inform you about the general principles of data processing.

a. Scope of the Data Processing

We essentially only process your personal data to the extent necessary for making our Games available, along with their content and services, and for using them.

b. Legal Basis for the Data Processing

In so far as we obtain consent from you for the data processing, Art. 6(1)(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the data processing.

In the case of any data processing that is necessary in order to fulfill a contract to which you are a contracting party, Art. 6(1)(1)(b) GDPR serves as the legal basis. This also applies to any processing procedures that are required for conducting pre-contractual measures.

Should any data processing be required in order to fulfill a legal obligation to which our company is subject, Art. 6(1)(1)(c) GDPR serves as the legal basis.

Should the data processing be required in order to preserve a legitimate interest of our company or a third party, and should your interests, basic rights and basic freedoms not outweigh the first-mentioned interest, Art. 6(1)(1)(f) GDPR serves as the legal basis for the processing.

c. Storage period and erasure of personal data

Your personal data will be erased or blocked once the purpose of the storage has lapsed. It may be saved beyond that point in time if the latter has been stipulated by the European or national legislative authorities in any European Union regulations, laws or other provisions to which we are subject. Any blocking or erasure of said personal data will also be carried out if a storage period prescribed by said norms expires, unless there is any necessity to continue to store said personal data in regard to the conclusion of a contract or the fulfillment of a contract.

SPECIFIC INSTANCES OF DATA PROCESSING

The following instances of data processing are carried out with our Games:

a. Downloading of the Games

Our Games are provided via the platforms of Google and Apple. The platforms also offer an opportunity for in-app purchases and further proprietary services. We have no influence over the data processing in that respect, and the respective platform operator is the Controller under data privacy law. Said operator’s respective terms and conditions of use and privacy policies shall apply.

You can inspect the Google Play Store Privacy Policy here:

https://policies.google.com/privacy?hl=en

You can inspect the Apple AppStore Privacy Policy here:

https://support.apple.com/en-us/HT211970

b. Hosting

All data that arises when the following Games are made use of is stored on servers. In the case of the various purposes of processing, said data stored on the servers is accessed.

The data processing in the form of storage of personal data is carried out based on the use agreement that you accepted from us when opening the Game for the first time, and thus in accordance with Art. 6(1)(1)(b) GDPR.

The personal data will be erased from the servers once no grounds for processing any longer exist. This is typically the case upon the contractual relationship being terminated, as long as the legal regulations do not require the data to be stored for a longer period of time.

AWS

In regards to our Game:

  • Peak

we use the Processor:

Amazon Web Services EMEA SARL

German Branch

Marcel-Breuer-Str. 12

80807 Munich

Germany (“AWS”).

You will find further information on the processing of personal data at AWS in AWS’ Privacy Policy:

https://aws.amazon.com/compliance/data-protection/

c. Setting up an Account

To use our Games, you need to set up an account. This in particular enables us to be able to allocate any scores to the respective player, and also enables the player to play the Game on various different terminals.

The following categories of personal data may be processed for this purpose:

  • Account name chosen by you

  • Email address

  • Internal ID (unique user ID that is generated when you set up an account)

The data is processed based on the use agreement, and thus in accordance with Art. 6(1)(1)(b) GDPR.

d. Running the Game

The use of our Games requires data processing, without which the Game cannot be run. Said instances of data processing are in particular necessary in order for the Game to first at all be made available and ready to play, to detect and fix any bugs, to access scores, or also to link in-app purchases with the player’s account.

The following categories of personal data may be processed for this purpose:

  • Account Name

  • Internal ID

  • Number and content of in-app purchases

  • Country where the Game was downloaded

  • Type of terminal used (iPhone, iPad, etc.)

  • Model number

  • Operating system of the terminal

  • Language settings of the terminal

  • Date of the download

  • App version

  • Days since the download (“Age of the account”)

  • Duration of use of the Game

  • Number of times the Game has been accessed

The data is processed based on the use agreement, and thus in accordance with Art. 6(1)(1)(b) GDPR.

e. Creation of Aggregate Information

We create aggregate statistical information from the personal data available to us. We use said statistical information for various purposes, such as for optimizing the Game, improving our marketing campaigns, etc. The aggregate information no longer concerns personal data.

When the data is aggregated, the following categories of personal data may be used:

  • Android ID

  • Device type

  • Operating system of the terminal

  • Version of the operating system of the terminal

  • Language settings of the terminal

  • Facebook ID

  • Audio settings of the terminal

  • List of the other games published by Phoenix that have been played

  • Graphic settings of the terminal

  • Source of installation of the Game

  • IP address of the terminal

  • Allocation information specific to marketing (if the user has installed the Game after seeing an advertisement)

  • Google Advertising ID (Advertising ID of Google)

  • Apple IDFA (Apple ID for advertisers)

  • IDFV (Apple ID for providers)

  • Paying user status

  • Player’s name

  • Days since the download

  • Settings for push notifications

  • Country where the Game was downloaded

  • Date of the download

  • Version of the app which was downloaded

  • Amount of the real cash spent

  • Playing time

  • Number of Games

  • Number of purchases

  • Country in which the user uses the app

  • Current app version

Aggregate statistical information is created based on our legitimate interest in enabling various evaluations and ratings of our Games, Art. 6(1)(1)(f) GDPR. Your interests also do not outweigh this, as the personal reference is removed through the process of the data being aggregated, which enables us to process the data on efficiently.

(1) Amplitude

In regards to our Game:

  • Peak

we sometimes use the Processor

Amplitude Inc.

201 3rd Street, Suite 200

San Francisco, CA 94103

United States

(“Amplitude”) to create the aggregate information. You will find further information on the processing of personal data at Amplitude in Amplitude's Privacy Policy:

https://amplitude.com/privacy

(2) Firebase

In regards to our Game:

  • Peak

we sometimes use the Processor

Google LLC

1600 Amphitheatre Parkway

Mountain View

CA 94043

USA

(“Firebase”), in so far as you downloaded the Game via the Google Play Store or the Apple Appstore. You will find further information on the processing of personal data at Firebase in the Firebase Privacy Policy:

https://firebase.google.com/support/privacy

g. Fraud Detection

We inspect and validate personal data in order to ascertain any misuse of our Games.

The following categories of personal data may be processed for this purpose:

  • Android ID

  • Device type

  • Operating system of the terminal

  • Version of the operating system of the terminal

  • Language settings of the terminal

  • Audio settings of the terminal

  • List of the other games published by the respective controller that have been played

  • Graphic settings of the terminal

  • Source of installation of the Game

  • IP address of the terminal

  • Google Advertising ID (Advertising ID of Google)

  • Apple IDFA (Apple ID for advertisers)

  • IDFV (Apple ID for providers)

  • Paying user status

  • Player’s name

  • Days since the download

  • Settings for push notifications

  • Country where the Game was downloaded

  • Date of the download

  • Version of the app which was downloaded

  • Amount of the real cash spent

  • Playing time

  • Number of Games

  • Number of purchases

  • Country in which the user uses the app

  • Current app version

In that respect, personal data is processed on the basis of our legitimate interest, Art. 6(1)(1)(f) GDPR. We also have an interest in ascertaining any misuse of our Games. This is also, inter alia, substantiated by the fact that any misuse of our Games may also constitute violations of legislative regulations.

h. Advertising

We use different types of analysis and promotional tools in order to successfully advertise in our Games, and show advertisements on other websites.

The following categories of personal data may be processed for this purpose:

  • Android ID

  • Type of terminal used (iPhone, iPad, etc.)

  • Source of installation of the game (source from which the user downloaded the app.)

  • Game ID

  • Country Code

  • IP address of the terminal

  • Google Advertising ID (Advertising ID of Google)

  • Allocation information specific to marketing (if the user has installed the Game after seeing an advertisement)

  • Paying user status

  • User name

  • Country in which the user registered

  • Date on which the user registered

  • Time at which the user registered

The legal basis for the processing is your voluntary consent (Art. 6(1)(1)(a) GDPR). You can revoke your consent at any time. The lawfulness of the data processing procedures that have already been carried out will not be affected by the revocation.

The personal data is processed for the purposes of advertising until such time as you revoke your consent. Should the personal data not be required for any further purposes, it will be erased.

Google AdMob

In regards to our Game:

  • Peak

we use the Processor:

Google LLC

1600 Amphitheatre Parkway

Mountain View

CA 94043

USA (“Google AdMob”).

You will find further information on the processing of personal data at Google AdMob in Google AdMob’s Privacy Policy:

https://policies.google.com/privacy

i. Support requests

You can send us support requests. In this respect, your details are exclusively used for the purpose of handling the support request and for the eventuality of any follow-up questions that you may have.

The following categories of personal data may be processed for this purpose:

  • Email address

  • User name

  • Content of your request

  • Operating system and version

  • Device type

  • Stored User ID

  • Cash used for in-game purchases

  • IP address

  • Place of registration

  • Location

The legal basis for the processing of the data is Art. 6(1)(1)(f) GDPR. Our interest in answering your request corresponds to your interest. As you write to us, it is in your own interest that we answer, and you are aware that we need to process your data in order to answer your question. If you have accepted our terms and conditions of use, the processing is based on Art. 6(1)(1)(b) GDPR.

The data will be erased once it is no longer needed in order to achieve the purpose for which it was gathered. This is the case once the respective conversation with the user has been terminated. The conversation has been terminated once it can be inferred from the circumstances that the issue concerned has conclusively been clarified.

Zendesk

In regards to our Game:

  • Peak

we use the Processor:

Zendesk, Inc.

1019 Market Street

San Francisco

CA 94103

USA (“Zendesk”).

You will find further information on the processing of personal data at Zendesk in Zendesk’s Privacy Policy:

https://www.zendesk.com/company/privacy-and-data-protection/

j. External links

Our games may contain links to external web pages or services of third parties, over the content, data privacy standards and security standards of which we have no control. Please therefore inform yourself about the privacy statements of the corresponding providers on their web pages or services.

The linked pages have been checked for any infringements of rights as at the date of linking. No unlawful content could be identified as at the date of linking. Should we become aware of any legal infringements, we will immediately remove the corresponding link.

Said external links solely serve the purpose of entertainment, and it is not absolutely necessary to visit corresponding web pages or services in order to play the game.

DATA PROCESSING IN EXTERNAL COUNTRIES

We may, in the process of providing Services to you, transfer information that we collect about you, including Personal Information, to affiliates and subsidiaries, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from Canadian or U.S law, please note that you are transferring information and permitting the transfer of information, including Personal Information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. and/or Canada and the use and disclosure of information about you, including Personal Information, as described in this Privacy Policy. If you are using the Services from outside the United States, please be aware that your Personal Data may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. As a result, your Personal Data may be subject to the laws of the United States and may be accessible without notice to you by the courts, law enforcement and national security authorities of the United States.


We keep Personal Information for as long as reasonably necessary for the purposes described in this Privacy Policy, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.

YOUR RIGHTS

a. Your right to information

You may request from us a confirmation about whether any personal data concerning you is being processed by us.

Should such processing be done by us, you may request the following information from us:

  1. The purposes for which the personal data is being processed;

  2. the categories of personal data that are being processed;

  3. the recipients or categories of recipients to whom the personal data about you has been disclosed or is yet to be disclosed;

  4. the period of time for which it is expected to store the personal data, or, if it is not possible to give specific details in this respect, criteria for establishing the period of storage;

  5. the existence of a right to rectify or erase the personal data concerning you, a right to restrict the processing by us or a right to object to such processing;

  6. the existence of a right to appeal to a supervisory authority;

  7. any information available on the origin of the data if the personal data is not gathered personally from the data subject;

  8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR, and – at least in such cases – meaningful information about the logic involved, as well as the impact and the intended effects of such processing upon the data subject.

You are entitled to request information on whether the personal data concerning you is transmitted to an external country or an international organization. In this context, you may request to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transmission.

b. Right to rectification

If the personal data processed relating to you is incorrect or incomplete, you are entitled to have your data rectified or completed by us. We will undertake the rectification without delay.

You can request for your information to be updated either directly through our Apps, if applicable, or by sending an e-mail to privacy@synapticlabs.uk

c. Right to restriction of the processing

You may, on the following prerequisites, request the restriction of the processing of personal data concerning you:

  1. If you dispute the accuracy of the personal data concerning you for a period of time which enables us to check the accuracy of the personal data;

  2. if the processing is unlawful and you reject the erasure of the personal data and instead request the restriction of use of the personal data;

  3. if we no longer need the personal data for the purposes of the processing, however you need it in order to assert, exercise or defend any legal claims; or

  4. if you have filed an objection to the processing pursuant to Art. 21(1) GDPR, and it has not yet been established whether our legitimate grounds outweigh your grounds.

Should the processing of the personal data concerning you have been restricted, this data may – except for being stored – only be processed with your consent or in order to assert, exercise or defend any legal claims or to protect the rights of another natural or legal person, or for reasons relating to a significant public interest of the EU or a Member State.

Should the restriction of the processing have been carried out in line with the above prerequisites, you will be notified by us before the restriction is lifted.

d. The right to have your data erased

You may require us to erase the personal data concerning you without delay. We are obliged to erase said data immediately if one of the following reasons applies:

  1. The personal data concerning you is no longer needed for the purposes for which it was gathered or processed in any other way;

  2. you revoke your consent, on which the processing pursuant to Art. 6(1)(1)(a) GDPR was based, and there is no other legal basis for the processing;

  3. pursuant to Art. 21(1) GDPR, you are filing an objection to the processing, and there are no overriding legitimate grounds for the processing, or you are filing an objection to the processing pursuant to Art. 21(2) GDPR;

  4. the personal data concerning you has been processed unlawfully;

  5. the erasure of the personal data is necessary in order to fulfill a legal obligation under EU law or the law of the Member States, to which we are subject;

  6. the personal data concerning you has been gathered in regard to information society services offered pursuant to Art. 8(1) GDPR.

You can request for your data to be deleted either directly through our Apps, if applicable, or by sending an e-mail to privacy@synapticlabs.uk

Information passed on to third parties

Should we have published the data concerning you, and should we be obliged, pursuant to Art. 17(1) GDPR, to erase it, we will, taking into account the available technology and the costs of implementation, take reasonable steps, also of a technical nature, to inform the Controllers responsible for the data processing, who processes the personal data, that you, as a data subject, have required all links to said personal data or copies or replications of said personal data to be erased.

Exceptions

The right of erasure does not exist if the processing is necessary

  1. to exercise the right to freely express an opinion and provide information;

  2. to fulfill a legal obligation which requires the processing under the law of the European Union or the Member States to which the Controller is subject, or to take on a task which is in the public interest or in exercise of public authority that has been conferred upon the Controller;

  3. for reasons of the public interest in the field of public health pursuant to Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR;

  4. for archival purposes or scientific or historic research purposes that are in the public interest, or for statistical purposes pursuant to Art. 89(1) GDPR, in so far as the right mentioned in Section a) will probably make the implementation of the objectives of said processing impossible or seriously impede them; or

  5. in order to assert, exercise or defend any legal claims.

e. The right to notification

Should you have asserted the right to rectification, erasure or restriction towards us, we shall be obliged to inform all recipients to whom the personal data concerning you has been disclosed about said rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves disproportionate effort.

You are entitled to assert against us the right to be notified about said recipients.

f. The right to data portability

You are entitled to be given the personal data concerning you, with which you have provided us, in a structured, well-established and machine-readable format. In addition, you have the right to transmit said data to another controller, without any impediment by the Controller to whom the personal data was provided, as long as

  1. the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR, or a contract pursuant to Art. 6(1)(1)(b) GDPR; and

  2. the processing is carried out using automated procedures.

When exercising this right, you are, moreover, entitled to arrange for the personal data concerning you to be transmitted directly by us to another controller, in so far as this is technically feasible. No freedoms or rights of other persons may be compromised by this.

The right to data portability shall not apply to the processing of personal data that is required in order to take on a task that falls within the public interest or is carried out in exercise of public authority, which has been transferred to us.

g. The right to object

You are entitled, for reasons arising from your particular situation, to raise an objection at any time to the processing of the personal data concerning you based on Art. 6(1)(1)(e) or (f) GDPR. This also applies to any profiling activities conducted based on these provisions

We will then no longer process the personal data concerning you unless we can provide evidence of compelling reasons for the processing, worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending any legal claims.

Should the personal data concerning you be processed in order to engage in direct marketing, you are entitled to raise an objection to the processing of personal data concerning you for the purpose of such advertising at any time. This also applies to profiling, in so far as it is connected with such direct marketing.

Should you raise an objection to the processing for direct marketing purposes, the personal data concerning you will no longer be used for said purposes.

In connection with the use of services of the information society, you may, notwithstanding Directive 2002/58/EC, exercise your right of objection using automated procedures that make use of technical specifications.

h. Right to revocation of any consent under data privacy law

You are entitled to revoke your declaration of consent under data privacy law at any time. The legitimacy of the processing that has been carried out based on the consent prior to revocation is not affected by the consent being revoked.

i. Automated decisions in the individual case, including profiling

You have the right not to be made the subject of any decision based exclusively on automated processing – including profiling – insofar as this decision has legally valid consequences for you or significantly adversely affects you in a similar manner.

This does not apply if the decision

  1. is necessary for the conclusion or fulfillment of an agreement between you and us;

  2. is legitimate based on legislation of the European Union or the Member States to which we are subject and said legislation includes appropriate measures to preserve your rights and freedoms, as well as your legitimate interests; or

  3. is taken with your express consent.

j. The right to appeal to a supervisory authority

Irrespective of any other legal remedy under administrative law or any judicial remedy, you are entitled to lodge a complaint with a supervisory authority, especially in the Member State of your place of residence, place of work or the place of the presumed infringement, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform the Appellant (you) about the status and results of the complaint, including the option of a judicial remedy under Art. 78 GDPR.

COOKIES

We use cookies on our Website. These are text files that are stored in or by the web browser on the system of the user’s terminal when the user visits a website. Such a cookie contains a characteristic character string, which enables the browser to be clearly identified the next time that it accesses the Website.

A) TECHNICALLY NECESSARY COOKIES

We use technically necessary cookies so that our system recognizes whether the user has consented to or restricted processes requiring consent, such as the placing of cookies, in his or her browser (“Opt-out Cookies”). These technically necessary cookies are not used to ascertain the user’s identity or create user profiles. The legal basis for the storage of the technically necessary cookies is Sec. 25(2) Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG). For the processing of the personal data arising thereby it is Art. 6(1)(1)(f) GDPR. The use of said cookies is technically necessary in order to operate the Website. Consequently, there is no option for the user to raise objections.

B) OPTIONAL COOKIES

We essentially use optional analysis cookies of external media and services on our Website. Optional cookies are used for functional, analysis or marketing purposes. The use of said cookies is based on the user’s consent, which the user grants when visiting the Website for the first time, and, firstly, comprises storing and accessing cookies as such, as well as processing the personal data arising therefrom for analysis purposes. The legal basis for storing and accessing the analysis cookies is Sec. 25(1) Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG). In regard to the processing of the personal data arising therefrom it is Art. 6(1)(1)(a) GDPR.

You can read more on each individual type of cookie here: https://support.squarespace.com/hc/en-us/articles/360001264507-The-cookies-Squarespace-uses

CHILDREN’S PRIVACY

We recognize the need to provide further privacy protections with respect to Personal Information that we may collect from children who may use our Services. Some of the features on our Sites and Apps are age-gated so that they are not available for use by children, and we do not knowingly collect Personal Information from children in connection with those features.

If you are under the age of 13, you may only use the Services and provide Personal Information if you have the consent of, and are supervised by, a parent or guardian.

If we believe a child using the Services is under 13 we will not process any Personal Information of that child without the consent of the parent or guardian. If the user is 13 or over we will only collect and process Personal Information taking into account the level of maturity of youth of different ages.

We comply with the Children’s Privacy Protection Act of 1998 (“COPPA”), a United States federal law. We do not knowingly collect personal information from children under the age of 13.

We do not publish apps or own services that target children as their primary audience. Some of our apps or services may be considered mixed audience services under COPPA, meaning that they may be directed at children under the age of 13, but children are not the primary audience. For these apps and services, we employ methods to ensure that we do not collect any personal information from users under the age of 13.

If you believe that we have collected personal information from your child, please contact us at: privacy@synapticlabs.uk. Such personal information will be promptly deleted.

Although we do not collect personal information from children under 13, parents and guardians may contact us to request to review, modify, delete, or stop further collection of their child’s personal information. This can be done by emailing us at: privacy@synapticlabs.uk or using other contact information provided in the Contact Us section of this Privacy Policy.

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy at any time. We will post all changes to this Privacy Policy on our website and will indicate at the top of the page the modified policy’s effective date. Please check back from time to time for such changes. By continuing to access and use the Services, you agree to the terms of the then-current Privacy Policy.

If we change our privacy practices in a way that requires us to obtain verifiable parental consent under COPPA, we will solicit and obtain such consent.

CONTACT US

If you have any questions about our Privacy Policy or any privacy-related concerns, please do not hesitate to contact our Privacy Officer at privacy@synapticlabs.uk or by writing to:

Attention: Privacy Officer

Synaptic Labs Ltd

71 Queen Victoria Street, London, EC4V 4BE, United Kingdom