Privacy Policy
Redlab Games, Inc. (“Redlab Games”,
“we”, “us”, “our”) takes the protection of personal data (“Personal Data”) very seriously. Please read this privacy
policy (the “Policy”) to
learn what we are doing
with your Personal Data, how we protect it,
and what privacy rights you may
have under applicable data protection and privacy laws, such as
the European Union
General Data Protection Regulation
(“GDPR”) and the California
Consumer Privacy Act of 2018 (“CCPA”).
Within the scope of this
Policy, Redlab Games acts as a
data controller or “business” for
the Personal Data we process. This
means that we decide how
and why Personal Data is collected and further processed.
To use your Personal
Data, we must have a valid
reason, which under some laws
is called the “lawful basis
for processing” or “legal grounds
for processing.” We may process
your Personal Data based on these
reasons:
●
Your Consent: We may use
your Personal Data because you have
actively indicated that it is
okay for us to do
so. This includes situations where you have
given permission for us to
send you marketing emails or to participate
in beta testing
of the game service during the pre-registration process.
●
Legal Obligation: We may be
required to process your Personal
Data in order to comply with
a legal obligation.
●
Legitimate Interests: Where it is
necessary for our legitimate interests, we may
process your Personal Data, to the extent that
your interests and fundamental rights do not override
those interests. Here is what it normally
means for us:
●
Product Improvement: We may use data
to enhance the Service features and functionality, making them more useful
and user-friendly.
●
Customer Engagement: Keeping users and subscribers informed about updates, new features,
and content that may interest them.
●
Research and Development: Using aggregated and anonymized data to conduct
research on trends and user behavior to improve
the Services.
●
Marketing and Promotion: Promoting the Services to a wider audience
and providing tailored recommendations based on user data.
●
Security and Fraud Prevention: Protecting the Services and its users from
security threats, fraud, and abuse.
●
Legal Compliance: Ensuring compliance with relevant laws and regulations, including the rules from
other countries besides yours.
●
Business Operations: Managing day-to-day operations and ensuring the app’s sustainability
and growth.
If we use legitimate
interests as the reason for
using your Personal Data, you can ask us
for more details about why
we think it is a
good idea. Just get in
touch by using the contact
details here.
When we use your
Personal Data because you gave us
permission (consent), you can change
your mind at any time.
However, this will not undo the things
we did with
your data before you changed your mind.
It also will not change the things we
are allowed to do with
your data based on other legal reasons.
The table below describes the categories of Personal Data we have collected about you in
the last 12 months.
|
Personal Data We Collect, Process, or Store |
How We Obtain It |
|
●
Registered information: Authentication tokens issued by the third-party
platform through which you log-in
to sign up to the
Services (Google, Apple, Meta). |
Collected upon third-party authentication for game registration. |
|
●
Age information: Date of birth or whether
user is 16 years older ●
In-game character names and server names. |
Collected as chosen by
the user upon game registration
and use. |
|
●
Internet or other electronic
network activity information: Your IP and MAC address, device ID. ●
Mobile device information: Model name, carrier
information, OS information,
language and country information, unique device identifier, and advertising ID. |
Collected upon game registration
and use. |
|
●
In-game character name, email address and Information related to the issue
the user is inquiring about. |
Provided by the user
upon submitting a customer service
inquiry. |
|
●
Information required to facilitate
the processing of your purchases through third parties, e.g., as Apple store, Google play store, and Xsolla: Transaction date and time, transaction number, purchased product name, purchased amount, purchase market information, email address, phone number, IP address. |
Collected, created, or provided
by the user upon payment
and features provided to view this
data through admin interfaces. |
|
●
WEMIX PLAY Wallet address, WEMIX PLAY Wallet ID,
WEMIX PLAY Wallet user identifier. |
Collected upon linking game account with WEMIX PLAY wallet account |
We will not
collect additional categories of Personal Data without informing you.
We may process your
Personal Data for the following purposes:
●
To provide
you with Services: We use your information
to create and maintain your accounts,
facilitate the functionality of Services, and customize
the Services (where applicable).
●
To improve
the quality of our Services: We use your
information to maintain, improve, and administer our Services, including by troubleshooting,
data analytics, and testing.
●
To keep our Services and users safe: We may use
your information to detect users
illegally using our programs, and to otherwise prevent
and respond to fraud, abuse, security
risks, and technical issues.
●
To provide
support services relevant to the
Services as requested by you.
●
To invite
you to an
event, organize the event, and facilitate communications with you around
the event and future events.
●
To manage
your preferences in relation to
use of cookies and other tracking technologies, to ensure our Services function properly when the information
is collected through essential cookies.
●
To comply
with applicable laws and regulations. This includes using
your information to ensure compliance
with our legal obligations (such as recordkeeping
obligations and transparency
obligations).
●
To resolve
disputes, enforce our contractual agreements, enforce our company policies
(such as the operational policy) and to establish, exercise or defend legal
claims.
●
To facilitate
your purchases and transactions.
●
We retain
your Personal Data for only as
long as it
is required to fulfil the
purposes stated above, including for the fulfillment
of legal, accounting, or report-related requirements.
●
Included in the main
criteria for deciding the data
retention period for certain purposes
may be the
recordkeeping obligations according to relevant
laws, relevance to potential lawsuits,
and the whether or not certain
data is required
for us to
exercise our rights or keep
providing the Services.
●
Information collected for separate
purposes such as for newsletters
and event participation are kept according
to the period
notified upon collection.
We may share your
Personal Data with third parties in
the following contexts:
●
Disclosure to our affiliates:
We share your personal data
with Wemix.PTE. if you link
your game account to use
the WEMIX PLAY Webshop or choose to
integrate the WEMIX PLAY wallet or other
services to the Services. We may share your
personal data with LatisGlobal to process service
operations such as multilingual translation, customer service, and community management.
●
Disclosure to service providers:
We may use
third-party vendors and service providers (otherwise known as “data processors”)
to process your Personal Data for the purposes
outlined above. Our data processors
operate only in accordance with
our instructions, in line with
this Privacy Policy, and are subject to appropriate
confidentiality and security
obligations. Our data processors include Amazon, our cloud
service provider.
●
Disclosure to external controllers:
We share your personal data
with external controllers to process your personal
information for their own purposes.
Please refer to the privacy
policies of those third-party controllers to understand what
personal data of yours they process
and why.
●
Disclosure pursuant to business
transfers: We may share your
personal data in connection with
a substantial corporate transaction, such as the
sale, merger, consolidation, asset sale, joint venture
initial public offering of our business, or in
the unlikely event of bankruptcy.
●
Disclosure for legal purposes
or to obtain
professional advice: We may also
disclose your personal data to
law enforcement agencies, governmental authorities, legal counsel, and external consultants in compliance with applicable data protection laws.
●
Disclosure with your consent:
Lastly, we may also share
information about you to third
parties when you have consented
to it.
Our Services allow you to
upload and share messages and other content with others.
If you choose
to engage in public activities
on the Services, you should be
aware that any information you share there
can be read,
collected, or used by other
users of these areas. You should
always exercise discretion and use caution when disclosing
information while participating in these areas. We
are not responsible
for how other
use the information
you choose to submit in
these public areas.
We are a global
company located in the Republic of Korea. Our service
providers and other third parties with
whom we share
Personal Data with operate globally.
When your Personal Data is safeguarded by the EU or
UK General Data Protection Regulation,
or Swiss data protection law, before sending
it to parties
the European Economic Area (“EEA”), the
UK, or Switzerland, we will do
one of two things:
●
Seek
your consent; or
●
Demand privacy and security: We will ensure the
third party maintains the same
level of privacy and security for your
Personal Data as we do.
In some cases, the
authorities of a country may have
determined that the laws of other
countries, territories or sectors within
a country provide a level
of protection equivalent to domestic law. You can see here the list of countries,
including the Republic of Korea, territories and specified sectors that the European
Commission recognized as providing an
adequate level of protection for personal data, here the list of the
UK, and here the list of Switzerland.
We are accountable for the protection
of your Personal Data when we transfer
it to others.
We either send it to
a country, territory or sector
within a country that is
recognized as providing the same
level of personal data protection as the country
of origin, or use safeguards like the Data Privacy Framework (as defined below),
Binding
Corporate Rules or the
Standard
Contractual Clauses (also known as the
“SCCs”) approved by the European
Commission under Article 46.2 of the GDPR, with necessary adjustments for transfers from the UK or Switzerland,
or use specific
transfer instruments like the UK
International Data Transfer Agreement.
Other Disclosures of Your Personal Data
We may disclose your
Personal Data to the extent required
by law, or
if we have
a good-faith belief that we
need to disclose
it in order
to comply with official investigations
or legal proceedings (whether initiated by governmental/law enforcement officials, or private
parties). If we have to
disclose your Personal Data to governmental/law enforcement officials, we may not
be able to
ensure that those officials will maintain the
privacy and security of your Personal Data.
We may also disclose
your Personal Data if we transfer
all or some
of our company’s business interests, assets, or both,
or in connection
with a corporate
restructuring. Finally, we may disclose
your Personal Data to our subsidiaries
or affiliates, but only if
necessary for business purposes, as described in
the section above.
We reserve the right
to use, transfer,
and share aggregated, anonymous data for any legal
purpose. Such data does not
include any Personal Data. The purposes may include analyzing
usage trends or seeking compatible
advertisers, sponsors, and customers.
You have specific rights
regarding your Personal Data that we collect and process. Please note that you
can only exercise these rights with respect
to Personal Data that we process
about you when we act
as a data
controller or as a “business”
under the CCPA. To exercise your
rights with respect to information
processed by us on behalf
of one of our customers, please read the privacy
policy of that Customer.
This is called the
right to be informed. It
means that you have the
right to obtain from us
all information regarding our data
processing activities that concern you
(or that of your child), such
as how we
collect and use your Personal Data, how long we
will keep it, and who it
will be shared
with, among other things.
We are informing you
of how we process your Personal
Data with this Policy.
This is called the
right of access. This right allows
you to (1) get confirmation of whether we process
Personal Data about you (2) ask for
full details of the Personal Data we hold about
you and certain related information; and (3) get a copy
or access to the Personal
Data.
You have the right
to obtain from us, including
confirmation of whether or not we
process Personal Data concerning you, and, where that is
the case, a copy or
access to the Personal Data and certain related information.
Once we receive and confirm that the
request came from you or
your authorized agent, we will
disclose to you:
●
The categories of your Personal Data that we process;
●
The categories of sources for your
Personal Data;
●
Our purposes
for processing your Personal Data;
●
Where possible, the retention
period for your Personal Data, or, if not
possible, the criteria used to
determine the retention period;
●
The categories of third parties with
whom we share
your Personal Data;
●
If we carry out automated
decision-making, including profiling, meaningful information about the logic involved,
as well as
the significance and the envisaged consequences
of such processing for you;
●
The specific pieces of Personal Data we process about
you in an
easily-sharable format;
●
If we disclosed your Personal Data for a business purpose,
the categories of Personal Data and categories of recipients of that Personal Data for disclosure;
●
If we rely on legitimate
interests as a lawful basis
to process your Personal Data, the specific legitimate
interests; and
●
The appropriate safeguards used to transfer Personal
Data from the EEA or the UK to
a third country,
if applicable.
Under some circumstances, we may deny
your access request. In that
event, we will respond to
you with the reason for
the denial.
For security and legal compliance, we cannot disclose certain sensitive information like Social Security numbers, driver’s license numbers, financial account numbers, health insurance or medical
IDs, passwords, or security questions
and answers. However, we can inform
you if we
have such information without disclosing specific details.
This is called the
right to rectification. It gives you the
right to ask us to
correct without undue delay anything
that you think is wrong
with the Personal Data we have on file
about you (or your child),
and to complete any incomplete Personal Data.
If your account settings
do not allow
you to change
the information yourself, please contact us and we will do
our best to change the
Personal Data for you.
This is called the
right to erasure, right to deletion, or
the right to be forgotten.
This right means you can
ask for your
Personal Data to be deleted.
Sometimes we can delete
your information, but other times
it is not
possible for either technical or legal reasons.
If that is
the case, we will consider
if we can
limit how we use it.
We will also
inform you of our reason for
denying your deletion request.
This is called the
right to restrict processing. It is the
right to ask us to
only use or store your
Personal Data for certain purposes. You have this
right in certain instances, such as where
you believe the data is
inaccurate or the processing activity is unlawful.
This is called the
right to object. This is
your right to tell us
to stop using
your Personal Data. You have this
right where we rely on
a legitimate interest of ours (or of a third
party). You may also object
at any time
to the processing
of your Personal Data for direct marketing
purposes.
We will stop processing
the relevant Personal Data unless:
(i) we have
compelling legitimate grounds for the
processing that override your interests,
rights, or freedoms; or
(ii) we need
to continue processing your Personal Data to establish, exercise, or defend a
legal claim.
This is called the
right to data portability. It is the
right to ask for and receive
a portable copy of your Personal
Data that you have given us
or that you
have generated by using our
Services, so that you can:
●
Move
it;
●
Copy
it;
●
Keep
it for yourself;
or
●
Transfer it to another organization.
We will provide your
Personal Data in a structured, commonly
used, and machine-readable format. When you
request this information electronically, we will provide
you a copy
in electronic format.
Where we rely on
your consent as the legal
basis for processing your Personal Data, you may withdraw your
consent at any time. If
you withdraw your consent, our
use of your Personal Data before you withdraw is
still lawful.
If you have given
consent for your details to
be shared with a third
party and wish to withdraw this
consent, please also contact the
relevant third party in order
to change your preferences.
We will not discriminate
against you for exercising any of your privacy
rights. Unless the applicable data protection laws permit it,
we will not:
●
Deny you goods or
services;
●
Charge you different prices
or rates for goods or
services, including through granting discounts or other
benefits or imposing penalties;
●
Provide you a different
level or quality of goods or services; or
●
Suggest that you may
receive a different price or rate for
goods or services or a
different level or quality of goods
or services.
To exercise any of the rights described
above, please submit a request
by contacting us by email
at privacy@redlabgames.net.
In order to correctly
respond to your privacy rights
requests, we need to confirm
that YOU made the request. Consequently,
we may require
additional information to confirm that
you are who
you say you
are.
We will only use
the Personal Data you provide us
in a request
to verify your identity or
authority to make the request.
If you are submitting
a request on behalf of somebody
else, we will need to
verify your authority to act
on behalf of that individual. When contacting us, please provide
us with proof
that the individual gave you signed permission
to submit this request, a
valid power of attorney on behalf
of the individual, or proof of parental
responsibility or legal guardianship. Alternatively, you may ask the
individual to directly contact us by using
the contact details above to
verify their identity with Redlab Games
and confirm with us that they
gave you permission to submit
this request.
We will confirm the
receipt of your request within ten (10) business days and, in that
communication, we will also describe
our identity verification process (if needed) and when you should
expect a response, unless we have already
granted or denied the request.
Please allow us up
to a month
to reply to your requests
from the day we received
your request. If we need
more time (up to 90 days
in total), we will inform
you of the reason why and the extension period
in writing.
If we cannot satisfy
a request, we will explain
why in our
response. For data portability requests, we will
choose a format to provide
your Personal Data that is readily
useable and should allow you to
transmit the information from one entity to
another entity without difficulty.
We will not charge
a fee for
processing or responding to your
requests. However, we may charge
a fee if
we determine that your request
is excessive, repetitive, or manifestly unfounded. In those cases,
we will tell
you why we
made that determination and provide you with a
cost estimate before completing your request.
We are strongly committed
to keeping your Personal Data safe. We have
implemented and will maintain technical, administrative, and physical measures that are
reasonably designed to help protect
your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. Some of those measures
include encryption and redaction and we also have dedicated
teams to look after information
security and privacy.
If the EU or UK General Data Protection Regulation applies to our
processing of your Personal Data, you have the right
to lodge a complaint with
a supervisory authority if you
are not satisfied
with how we process your
Personal Data.
Specifically, you can lodge
a complaint in the Member
State of the European Union
of your habitual residence, place of work, or the
alleged violation of the GDPR. In the
UK, you can lodge a complaint
with the UK Information Commissioner’s
Office.
If we make any
material change to this Policy,
we will post
the revised Policy to this
web page. We will also
update the “Effective” date. By continuing to
use our Services after we post
any of these changes, you accept
the modified Policy.
If you have any
questions about this Policy or
our processing of your Personal Data, or want to
submit a verifiable consumer request, please write to our
Privacy Team by email at
privacy@redlabgames.net.
Please allow up to
four weeks for us to
reply.