PRIVACY POLICY
Last updated: 2024-09-06
Nørdlight is committed to protecting Your privacy and the secure processing of Your personal data and We strive to limit the processing of personal data as far as possible and do not collect personal data beyond what is necessary.
Needless to say all processing of personal data, including the collection, registration, storing and general handling is governed by applicable privacy legislation, including the General Data Protection Regulation (GDPR). Nørdlight strives to make sure that the processing of personal data done by Nørdlight, is done in accordance with applicable legislation.
Should You have any questions related to privacy and/or Your rights, You can contact Us at privacy@nordlight.io or Our Data Protection Officer at DPO@spinmaster.com. Below You will also find detailed information on how We process Your personal data, on Your rights and how You can exercise them.
Who Are We?
We are Nørdlight Games AB, 559215-0816, with registered office at Lumaparksvägen 13A, 120 31 Stockholm, Sweden (“Nørdlight”, “We”, “Our” or “Us”) is a passionate Game Studio in Stockholm, Sweden.
We take privacy seriously at Nørdlight and this notice is designed to share what personal data We collect and how We use it. When Nørdlight processes Your personal data in accordance with this Privacy Notice, Nørdlight is the “controller” of Your data as defined by the GDPR and other applicable legislation.
Our contact details are:
Nørdlight Games AB
Attn: Privacy Officer
Lumaparksvägen 13A
120 31, Stockholm, Sweden
Our email address for all matters related to privacy is: privacy@nordlight.io
The contact details to Our Data Protection Officer are:
SpinMaster Ltd.
Attn: Data Protection Officer
225 King Street West
Toronto, ON M5V 3M2, Canada
This privacy policy describes how We collect and use Your personal data when You are using Our services, playing Our apps or interacting with Us. It applies to all visitors of this Website, end users (including paying and non-paying users) and Our social media channels.
Under the GDPR You have certain rights concerning our processing of Your personal data. If You would like to access, correct, erase or limit the use or disclosure of any of Your personal data that has been collected and stored by Nørdlight or exercise any other right under applicable data protection legislation, please notify Us at privacy@nordlight.io so that We may consider and respond to Your request in accordance with applicable law.
Right of information: You have the right to be provided information concerning our processing of Your personal data. This includes understanding the purposes of processing, the categories of personal data concerned, and who else might receive Your personal data.
Right of access: You have the right to obtain confirmation as to whether or not We are processing Your personal data and, if this should be the case, have access to Your personal data.
Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data concerning You.
Right to erasure (“right to be forgotten”): Under certain circumstances, such as if the personal data is no longer necessary for the original purpose, if You withdraw Your consent, or if the personal data has been unlawfully processed, You have the right to obtain the erasure of Your personal data. However, this does not apply if Our interest in continuing to process Your personal data outweighs Your interest in having it deleted or if We are subject to a legal requirement to retain Your personal data.
Right to restriction: Under certain circumstances, such as if You contest the accuracy of Your personal data or if the processing is unlawful but You oppose erasure and request restriction instead, You have the right to obtain the restriction of processing.
Right to data portability: Under certain circumstances, such as when the processing is based on Your consent or a contract with You and the processing is carried out by automated means, You have the right to receive Your personal data in a structured, commonly used and machine-readable format and the right to transmit this information to another controller.
Right to object: Under certain circumstances You have the right to object to the processing of Your personal data. This includes but is not limited to the right to object in cases in which We process Your personal data based on legitimate interest (Article 6(1)(f) GDPR).
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, Swedish Authority for Privacy Protection, if You consider that Nørdlight’s processing of Your personal data infringes the GDPR. You can also lodge a complaint with Your own national data protection authority, please see list here.
Right to withdraw consent: If a processing of Your personal data is based on Your consent as set out in this privacy policy, You have the right to withdraw Your consent at any time.
Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.
In this section, We describe the types of personal data that We collect or create. In Section 4 We describe for what purposes We use these types of personal data.
In the table below We indicate:
Here is a general explanation of each legal basis to help You understand the table:
What We use Your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data and where they come from |
To provide the Rubik’s Match in accordance with our agreement with You so that You can play. |
Contract with You. |
|
In Rubik's Match We sell in-app currency and We provide other in-app purchases in the in-game shop. We are doing this to provide You as a player a more fun and different experience in Our app. |
Contract with You. |
|
Process players' in-app activity in order to answer questions relating to the performance of Our app and Our business. To understand how many active users, user experience and user engagement etc.
|
It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in continuously improving Our app and business operations. Analyzing in-app activity provides Us with valuable insights into user behaviour, app performance, and engagement levels. These insights are important for enhancing the user experience and ensuring the app meets the needs of Our users effectively. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1. |
|
When We have a crash in Our apps We collect, store and analyze information about that crash. We do that to understand if something is wrong in the app, this could be a bug in the app that We need to fix so You can continue playing it. |
Contract with You. |
|
Whenever an action is performed in-game that requires a server side response We will be processing and storing pieces of data as part of log files. We do this to ensure technical functionality. |
It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in maintaining and ensuring the technical functionality of Our game. By processing and storing log file data, We can monitor and troubleshoot server-side responses. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1.
|
|
To allow You to play on another device We will offer You as a player to link Your progress with a third party authentication service. |
It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in delivering a seamless and flexible gaming experience for Our users. By allowing the linking of progress across devices, We ensure that users can access their game data from any device. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1.
|
|
To allow You to display ads in Our game from third-party products and services. Some in-game ads will also provide You with in-game rewards.
|
Your consent.
|
|
Some of Our services use ad server technologies to send You offers and advertisements from third parties, and to measure how Our advertising campaigns work. Some of these technologies may sync or link behavior across multiple Websites, mobile apps and devices to tailor offers and advertising to Your interests.
These technologies collect and use information so that We can provide You with appropriate offers and advertising, to measure the effectiveness and distribution of such offers and advertising, and to understand how users interact with Our services. |
Your consent. |
|
What We use Your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data used for the purpose |
We reply to comments left by fans on Our own posts, We define this as reactive engagement. We also engage (by liking, leaving emojis or commenting) with fan channels on an as needed basis, We define this as proactive engagement.
These are posts that have either gained high traction among the Nørdlight community or have created content that We like to support. We also share social media posts internally, but these are also publicly accessible on all social media platforms. |
It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in being able to connect with You on social media, that the processing is necessary to achieve that purpose, and that Our interest outweighs Your right not to have Your personal data processed for this purpose. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1.
|
|
What We use Your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data used for the purpose |
To provide You with service in accordance with Our agreement with You. For example to give You access to games, figure out what problem You may have and help solve them. |
Contract with You. |
|
What We use Your personal data for and why |
Legal basis allowing the purpose |
Categories of personal data used for the purpose |
We perform all kinds of research activities so we can learn from users’ needs and improve our products and services. |
Your Consent |
|
Direct Marketing To build and maintain brand awareness and raise interest in Our products and services. |
Your Consent |
|
Recordings of your usage of our apps and services. We sometimes record You when you are playing Our apps to understand how you react etc. |
Your Consent |
|
In the case of a legal dispute or other legal matter between You and Us We would work together with Our owners, Spin Master Ltd, and external advisors to assess and manage the legal matter. We would however still be the controller of Your personal data. If there is a legal dispute or other legal matter We will process Your personal data relevant to the matter or dispute. In particular, this may include Your name, e-mail address, contact details and any actions, progress and purchases that You may have performed in the app.
The purpose of the processing of the data by Us would in this case be the effective and uniform handling of legal matters.
If the data processing concerns the conclusion or performance of a contract with You, the legal basis of the data processing is performance of a contract. If the data processing is based on a legitimate interest, the legal basis is Our legitimate interest in effectively and uniformly handling legal matters and disputes. In case of legally legitimate and binding obligations by authorized courts or governmental authorities the legal basis for disclosing data would be in connection with the respective laws that state the legal binding effect of the obligation.
The storage period for data processed for the purpose of handling legal matters, disputes or complying with legal obligations is governed by the relevant limitation period, so that We can sufficiently defend ourselves against claims, or by the relevant legal obligations to retain documents.
We will retain Your personal data for as long as necessary to provide Our services to You or as required by law.
We will keep Your personal data that is tied to Your account and Your usage of Our apps and services as long as You use the apps services and for a period of two years after You last used the app or service, unless You contact Us asking for a removal.
For analytics, instead of deleting Your personal data We may anonymise the personal data so that no direct or indirect identifiers remain and after such anonymisation We will store the information for an indefinite period.
For marketing attribution purposes, We keep Your personal data for three months after that We delete it.
For the purpose of customer support and services We will keep Your personal data for one year before We delete it.
We keep personal data collected during regular play tests, interviews and survey responses maximum three years after participation. Longer interviews and deep studies we keep a maximum of five years after you have participated.
Our Website and services may include community or social media features, such as forums and chat rooms. Please note that any information You post in these features may be publicly available. We encourage You to use caution when sharing personal data in these features. We take reasonable measures to keep these features secure and protect Your personal data.
Nørdlight may share Your personal data, which includes but is not limited to billing information,usernames and other unique identifiers, with Our third-party agents, contractors, or service providers who are hired to perform services on Our behalf. We may also share Your information with Our affiliates.
We disclose necessary information to authorities such as the Swedish Authority for Privacy Protection and other authorities if We are required to do so by law, or under some circumstances if You have requested Us to do so.
Description of the recipient: Suppliers and subcontractors are companies that only have the right to process the personal data they receive from Nørdlight on behalf of Nørdlight, i.e. data processors. Examples of such suppliers and subcontractors are software and data storage providers, and business consultants.
Service Providers - Processors
Description of the recipient: Companies in the Spin Master Group. List of companies that We share with on the basis of an intra group company agreement:
225 King Street West, Toronto
ON M5V 3M2
Canada
Lumaparksvägen 13A
120 31, Stockholm
Sweden
John St., 5th Floor, Toronto
ON M5T 1X3
Canada
Purpose and legal basis: This is required for Nørdlight to be able to provide You with its services and functionalities. Nørdlight has a legitimate interest in being able to access and provide these services and functionalities. We ensure that the processing this entails is necessary to pursue that interest, and that Our interest outweighs Your right not to have Your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in Your particular case. See section 2 for more information about Your rights.
Description of the recipient: Companies that provide social media services that We use. If You visit one of these third-party Websites or use one of these third-party services, You should also consult the respective privacy policies, as these govern Your use of such Websites or services.
Facebook - https://www.facebook.com/about/privacy
Instagram - https://help.instagram.com/155833707900388
TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/en
YouTube - https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/
Purpose and legal basis: To care for Our fans and to promote Our brand and services. We base the processing, after a balance of interests, on Our legitimate interest in marketing Our business and offering relevant information. You are entitled to object to this processing, for reasons connected to the circumstances in Your particular case. See section 2 for more information about Your rights.
Description of the recipient: Advertising partners and networks who offer advertisements from third parties, both contextual as well as personal interests, and to measure how Our advertising campaigns work.
List of advertising partners:
Facebook Ads - https://www.facebook.com/about/privacy
Facebook Custom List Custom Audiences - https://www.facebook.com/about/privacy
Facebook Business Tools- https://www.facebook.com/about/privacy
Google Ads - https://policies.google.com/privacy
Apple Search Ads - https://searchads.apple.com/privacy
IronSource - https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
Unity Ads network - https://unity.com/legal/game-player-and-app-user-privacy-policy
Tapjoy ad network part of Unity - https://dev.tapjoy.com/en/legal/Privacy-Policy
TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/en
Purpose and legal basis: Advertising partners who offer advertisements from third parties, to be able to show You both contextual and personalised ads and to measure how Our advertising campaigns work. This processing is based on Your consent. You are entitled to object to this processing. See section 2 for more information about Your rights.
In some cases Nørdlight might transfer personal data outside the EU, so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply;
We also identify and use additional protections as needed for each data transfer. For example, We use:
We are committed to protecting Our users' personal data and are among other things using pseudonymization, encryption and user based access levels to protect Your data. We strive to take appropriate technical and organizational measures to ensure the protection of Your personal data.
Data Protection Officer
225 King Street West Toronto, ON M5V 3M2, Canada
Under California Civil Code sections 1798.83, California residents are entitled to ask Us for a notice describing what categories of Personal Information We share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. Please note that We do not share Your Personal Information with any third parties or affiliates for their direct marketing purposes.
California Consumer Privacy Act of 2018 (CCPA) provides consumers who are California residents with specific rights regarding their Personal Information.
Right to Access: If You are a California resident, You have the right to request, up to two times each year, access to categories and specific pieces of personal data about You that We collect, use and/or disclose.
Right to Delete: If You are a California resident, You have the right to request that We delete personal data that We collect from You, subject to applicable legal exceptions.
Right to Opt Out of Sale of Personal Information: As the term is defined by the CCPA, Nørdlight does not sell any personal data.
To make a request regarding Your rights as described above, please send an email to privacy@nordlight.io or DPO@spinmaster.com or write to Us, using the addresses above.
This privacy notice may be changed from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to You if these changes are material and, where required by applicable law, We will obtain Your consent. The notice may be sent to You by email to the last email address You provided Us with, by posting notice of such changes on Our sites and applications, or by other means, consistent with applicable law. The date of the last modification is stated at the top of this document.