PRIVACY POLICY
Last updated: November 27, 2023
Nørdlight is committed to protecting your privacy and the secure processing of your personal data and we strive to limit the processing of personal data as far as possible and do not collect personal data beyond what is necessary.
Needless to say all processing of personal data, including the collection, registration, storing and general handling is governed by applicable privacy legislation, including the General Data Protection Regulation (GDPR). Nørdlight strives to make sure that the processing of personal data done by Nørdlight, is done in accordance with applicable legislation.
Should you have any questions related to privacy and/or your rights, you can contact us at privacy@nordlight.io or our Data Protection Officer at DPO@spinmaster.com. Below you will also find detailed information on how we process your personal data, on your rights and how you can exercise them.
Who Are We?
We are Nørdlight Games AB, 559215-0816, with registered office at Box 90 293, 120 24 Stockholm, Sverige (“Nørdlight”, “we” or “us”) is a passionate Game Studio in Stockholm, Sweden.
We take privacy seriously at Nørdlight and this notice is designed to share what Personal Data we collect and how we use it. When Nørdlight processes your personal data in accordance with this Privacy Notice, Nørdlight is the “controller” of your data as defined by the GDPR and other applicable legislation.
Our contact details are:
Nørdlight Games AB
Attn: Privacy Officer
BOX 90293
120 24, Stockholm, Sweden
Our email address for all matters related to privacy is: privacy@nordlight.io
The contact details to our Data Protection Officer are:
SpinMaster Ltd.
Attn:Data Protection Officer
225 King Street West
Toronto, ON M5V 3M2, Canada
This privacy policy describes how we collect and use your personal data when you are using our services, playing our apps or interacting with us. It applies to all visitors of this website, end users (including paying and non-paying users) and our social media channels.
Under the GDPR and UK GDPR (UK General Data Protection Regulation) you have certain rights concerning the processing of personal data by us. The following rights may be applicable for you.
If you would like to access, correct, erase or limit the use or disclosure of any personal data about you that has been collected and stored by Nørdlight or exercise any other right under applicable data protection legislation, please notify us at privacy@nordlight.io so that we may consider and respond to your request in accordance with applicable law.
If you want to contact our Data Protection Officer directly you can do so at DPO@spinmaster.com.
Right of information: You have the right to be provided information regarding the processing of your personal data by us.
Right of access: You have the right to obtain confirmation as to whether or not we are processing your personal data and, if this should be the case, access to the personal data.
Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data concerning you.
Right to erasure (“right to be forgotten”): Under certain circumstances you have the right to obtain the erasure of personal data concerning you.
Right to restriction: Under certain circumstances you have the right to obtain the restriction of processing.
Right to data portability: Under certain circumstances you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit this data to another controller.
Right to object: Under certain circumstances you have the right to object to the processing of personal data concerning you. This includes but is not limited to the right to object in cases in which we process your personal data based on legitimate interest.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you consider that Nørdlight processing of personal data relating to you infringes the GDPR.
Right to withdraw consent: If a processing of your personal data is based on your consent as set out you have the right to withdraw your consent at any time.
Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
In this section, we describe the types of personal data that we collect or create. In Section 4 we describe for what purposes we use these types of personal data.
In the table below we indicate:
Here is a general explanation of each legal basis to help you understand the table:
What we use your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data and where they come from |
To provide the Rubik’s Match in accordance with Our agreement with you so that you can play. |
Contract with the Data Subject. |
|
In Rubik's Match we sell gold in the in-game shop. We are doing this to provide You as a player a more fun and different experience in our app. |
Contract with the Data Subject. |
|
Process players' in-app activity in order to answer questions relating to the performance of our app and our business. To understand how many active users, user experience and user engagement. |
It is necessary for the purposes of our (the organisation's) legitimate interests. |
|
When we have a crash in our apps we collect, store and analyze information about that crash. We do that to understand if something is wrong in the app, this could be a bug in the app that we need to fix so You can continue playing it. |
Contract with the Data Subject |
|
Whenever an action is performed in-game that requires a server side response we will be processing and storing pieces of data as part of log files. We do this to ensure technical functionality. |
It is necessary for the purposes of our (the organisation's) legitimate interests |
|
To allow you to play on another device we will offer You as a player to link your progress with a third party authentication service. |
It is necessary for the purposes of our (the organisation's) legitimate interests |
|
What we use your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data used for the purpose |
We reply to comments left by fans on our own posts, we define this as reactive engagement. We also engage (by liking, leaving emojis or commenting) with fan channels on an as needed basis, we define this as proactive engagement.
These are posts that have either gained high traction among the Nørdlight community or have created content that we like to support. We also share social media posts internally, but these are also publicly accessible on all social media platforms. |
It is necessary for the purposes of our (the organisation's) legitimate interests |
|
What we use your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data used for the purpose |
To provide you with service in accordance with our agreement with you. For example to give you access to games, figure out what problem you may have and help solve them. |
Performance of a contract |
|
What we use your personal data for and why |
Legal basis allowing the processing |
Categories of personal data used for the processing |
Some of our services use ad server technologies to send you offers and advertisements from third parties, and to measure how our advertising campaigns work. Some of these technologies may sync or link behavior across multiple websites, mobile apps and devices to tailor offers and advertising to your interests.
These technologies collect and use information so that we can provide you with appropriate offers and advertising, to measure the effectiveness and distribution of such offers and advertising, and to understand how users interact with our services. |
Your Consent |
|
What we use your personal data for and why |
Legal basis allowing the processing |
Categories of personal data used for the processing |
We collect personal data directly from you in connection with your visit to our website. We use only strictly necessary cookies that are required for the functions of the website. |
Our legitimate Interest of providing a functioning website. |
|
We will retain your personal data for as long as necessary to provide our services to you or as required by law. We may also retain your personal data for research and analysis purposes.
Our website and services may include community or social media features, such as forums and chat rooms. Please note that any information you post in these features may be publicly available. We encourage you to use caution when sharing personal data in these features. We take reasonable measures to keep these features secure and protect your personal data.
Nørdlight may share users' information, including Personal Data which includes but is not limited to billing information or usernames, with our third-party agents, contractors, or service providers who are hired to perform services on our behalf. We may also share your information with our affiliates. We disclose necessary information to authorities such as the Swedish Authority for Privacy Protection and other authorities if we are required to do so by law, or under some circumstances if you have requested us to do so.
Description of the recipient: Suppliers and subcontractors are companies that only have the right to process the personal data they receive from Nørdlight on behalf of Nørdlight, i.e. data processors. Examples of such suppliers and subcontractors are software and data storage providers, and business consultants.
Description of the recipient: Companies in the Spin Master Group. List of companies that we share with:
225 King Street West Toronto
ON M5V 3M2
Canada
BOX 90293
120 24, Stockholm
Sweden
Purpose and legal basis: This is required for Nørdlight to be able to provide you with its services and functionalities. Nørdlight has a legitimate interest in being able to access and provide these services and functionalities. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
Description of the recipient: Companies that provide social media services that we use. If you visit one of these third-party websites or use one of these third-party services, you should also consult the respective privacy policies, as these govern your use of such websites or services.
https://www.facebook.com/about/privacy
https://help.instagram.com/155833707900388
TikTok
https://www.tiktok.com/legal/page/eea/privacy-policy/en
Purpose and legal basis: To care for our fans and to promote our brand and services. We base the processing, after a balance of interests, on our legitimate interest in marketing our business and offering relevant information. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.
Description of the recipient: Advertising partners and networks who offer advertisements from third parties, and to measure how our advertising campaigns work.
List of advertising partners:
Facebook Ads
https://www.facebook.com/about/privacy
Facebook Custom List Custom Audiences
https://www.facebook.com/about/privacy
Facebook Business Tools
https://www.facebook.com/about/privacy
Google Ads
https://policies.google.com/privacy
Apple Search Ads
https://searchads.apple.com/privacy
Purpose and legal basis: Advertising partners who offer advertisements from third parties, and to measure how our advertising campaigns work. This processing is based on your consent. You are entitled to object to this processing. See section 2 for more information about your rights.
In some cases Nørdlight might transfer personal data outside the EU, so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply;
We also identify and use additional protections as needed for each data transfer. For example, we use:
We are committed to protecting our users' personal data and are among other things using pseudonymization, encryption and user based access levels to protect your data. We strive to take appropriate technical and organizational measures to ensure the protection of your personal data.
If you have any questions or concerns about this privacy policy or our privacy practices, please contact us
By email:
dpo@spinmaster.com
By mail:
Data Protection Officer
225 King Street West Toronto, ON M5V 3M2
Canada
Under California Civil Code sections 1798.83, California residents are entitled to ask us for a notice describing what categories of Personal Information we share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. Please note that we do not share your Personal Information with any third parties or affiliates for their direct marketing purposes.
California Consumer Privacy Act of 2018 (CCPA) provides consumers who are California residents with specific rights regarding their Personal Information.
Right to Access: If you are a California resident, you have the right to request, up to two times each year, access to categories and specific pieces of personal data about you that we collect, use and/or disclose.
Right to Delete: If you are a California resident, you have the right to request that we delete personal data that we collect from you, subject to applicable legal exceptions.
Right to Opt Out of Sale of Personal Information: As the term is defined by the CCPA, Nørdlight does not sell any personal data.
To make a request regarding your rights as described above, please send an email to privacy@nordlight.io or DPO@spinmaster.com or write to us, using the addresses above.
This privacy notice may be changed from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. The notice may be sent to you by email to the last email address you provided us with, by posting notice of such changes on our sites and applications, or by other means, consistent with applicable law. The date of the last modification is stated at the top of this document.