Last Updated: 09 August 2021
1. Consent to installation of the App
Before installation of our Cluedo / Clue mobile application (“App”), please read the following carefully to understand our practices regarding your personal data and how we will treat it. If you do not agree to this policy, please do not install the App.
How you can withdraw consent
Once you provide consent by installing the App, you may change your mind and withdraw consent at any time by contacting us using the contact information provided at section 15 (below) but that will not affect the lawfulness of any processing carried out before you withdraw your consent.
This policy describes how we collect and use personal information about you, in accordance with the Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 which merge the previous requirements of that Act with the requirements of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”) and any other data protection and privacy laws and regulations applicable to us or to our processing of your personal information (“Data Protection Legislation”).
This Policy will help you understand what personal data we and our third-party processors collect from you or your devices in the App; how we use and share that data; and how you can exercise your privacy rights. If you have any questions about this Policy, please contact us using the information in Section 15 below.
3. About Us
Marmalade Game Studio Limited (“we”, “us”, “our” or “Marmalade”) is a private limited company registered in England and Wales with company number 03677408. Our registered office is at 33 Charlotte Street, London, England, W1T 1RR.
We have appointed a Data Protection Officer who is responsible for assisting with enquiries in relation to this privacy notice and our treatment of your personal data. If you wish to contact our Data Protection Officer please use the contact details in section 15 (Contact Us) below.
4. ESRB Membership
Marmalade is a valid licensee and participating member of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”). The App has been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use and disclosure practices. As a licensee of this privacy program, we are subject to audits of the App and other enforcement and accountability mechanisms administered independently by the ESRB.
5. Parents & Children
We have designed the App to provide a fun, family-friendly experience for users of all ages. Based on empirical data, the App is primarily accessed by users 18 years and older. Nonetheless, we have taken precautions for younger users who might access the App. Specifically, for children under the minimum applicable age, which varies by jurisdiction (e.g., under 13 years old in the US and under 18 years old in the UK) (“Children”), if we collect personal data, it will only be as necessary to support our core internal operations in compliance with the US’s Children’s Online Privacy Protection Act and the U.K.’s Age Appropriate Design Code. We also prevent Children from disclosing personal data publicly.
If you are a parent or legal guardian, you may contact us to review your child’s personal data, ask us to delete it, or tell us to stop collecting or using it. To do so, please contact us using the information provided in section 15 below.
6. Data Collected in the App
When you use the App, you will have the option to create a username. You should not disclose any personal data (e.g., your actual name or email address) when you create a username because it will be visible to other users of the App. For users Children, the ability to create a username will be limited to prevent the disclosure of personal data.
We (our processors or our third-party advertising and analytics partners) also collect the following data automatically when you use the App:
- Identity Data: date of birth;
- Device and Location Data: Information about your device and network, including your Internet Protocol address (“IP address”); device ID and name; Apple’s ID for Advertisers (“IDFA”) or Google Advertising ID (“GAID”); your general location (i.e., nearest City), which we determine from your mobile device settings; type of device; operating system; type of mobile browser; time zone settings; and platform;
- Profile and Usage Data: includes, your username and password; information about your use of the App, including when you installed the App; when you use the App; the content you view; your game usage data, including games played, game performance, and scores; and purchase history, including all purchases made within the App;
- Performance and diagnostic data: includes information such as if the App crashes or runs slower than expected; and
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
For Children, we do not knowingly collect any personal data.
7. How we collect and use the data
We may process your personal data for purposes necessary for the performance of our contract with you, or for steps preparatory to entering into a contract with you, and to comply with our legal obligations.
We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of your personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then (i) we will request such consent from you separately, and (ii) you have the right to withdraw your consent to processing for such specific purposes.
Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
Situations in which we will use your personal data
We may use your personal data to:
- make the App available to you, including to operate the App; to communicate with you about your access to and use of the App; to respond to your enquiries; to fulfil your orders and requests; to provide troubleshooting and other technical support; and for other customer service and support purposes;
- protect the integrity of the App, which includes to verify your identity; to detect and prevent fraud, cheating and unauthorised activities; to facilitate software updates; to secure our systems and the App; to prevent hacking, cheats and spamming; to enforce the terms of the EULA and other applicable terms; and to protect the rights and safety of our users;
- analyse and improve the App, including to better understand how you access and use the App; to evaluate and improve the App; to develop new games, features, offerings and services; and for other research and analytical purposes;
- tailor content we send or display on the App (e.g., for your geographic area);
- serve and improve advertising, marketing and promotions, including to reach you with more relevant ads outside the App and to evaluate, measure and improve the effectiveness of our ad campaigns; to contact you about our App or other products or information we think may interest you; and at times, to administer promotions and contests;
- defend our legal rights, including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with users or third parties;
- conduct necessary auditing, reporting, corporate governance, and internal operations; and
- comply with legal obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
In some circumstances we may anonymise the personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal information without your knowledge or consent, in accordance with this notice, where we are legally required to do so.
8. Data Sharing
This Section describes to whom and under what circumstances we share your personal data with third parties.
Why might you share my personal information with third parties?
We will share your personal information with third parties where we are required by law, where it is necessary to administer the relationship between us, or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and data storage services, software development services, professional advisory services, online and mobile analytics services, marketing and campaign services and administration services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal information. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of our business, where an external organisation conducts an audit or undertakes quality checks for us, or where sharing with third parties such as counsel or other lawyers, accountants and experts is appropriate in order to provide our services to you. We may also need to share your personal information with a regulator or to otherwise comply with the law. We may disclose your personal information in order to protect our rights or property or those of our clients or others; and this includes exchanging information with other companies and organisations for the purposes of fraud prevention, compliance with anti-money laundering and ‘know your client’ requirements, and credit risk reduction.
9. Transferring information outside the United Kingdom (UK) and/or the European Economic Area (EEA)
We may transfer the personal information we collect about you to countries outside of the UK and/or the EEA, where this is necessary for the purposes for which we collected it.
Whenever we transfer your personal data out of the UK and/or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Secretary of State (as applicable);
- Where we use certain service providers, we may use specific contracts approved by the European Commission and/or the UK Secretary of State (as applicable) which provide appropriate safeguards for personal data; and
- A specific situation may exist where the transfer is permitted under the GDPR (for example, where the transfer of your personal data is necessary for the performance of a contract with you).
We currently use the following service providers who will process your information as part of their contract with us:
- Game Sparks: https://www.gamesparks.com/fair-usage-policy/
- Firebase Crashlytics: www.firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms
- Facebook: www.facebook.com/privacy/explanation
- AppsFlyer: www.appsflyer.com/services-privacy-policy/
- Unity 3D: www.unity3d.com/legal/privacy-policy
Our contracts with Game Sparks, Firebase, Facebook, and AppsFlyer incorporate the contractual clauses referred to above which have been approved by the European Commission and/or the UK Secretary of State (as applicable).
Please contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
10. Data Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of Marmalade;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by other means.
In some circumstances (for example when we collect statistical data about users’ actions and patterns in the App) we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
In some circumstances you can ask us to delete your data: see section 12 below for further information.
11. Data Security
The security of your personal data is important to us. We implement technical, administrative, and physical security measures to protect your personal data from unauthorised access, use, and disclosure. This includes, for example, encrypted communications, physically secured rooms, firewalls, password protection systems. Despite these efforts, we cannot guarantee the security of your personal data. If we learn that your unencrypted personal data has been compromised by a data breach, we will notify you consistent with applicable laws.
12. Your Privacy Rights
Under certain circumstances by law, you have the right to:
- Request access to your personal data. This enables you to receive details of the personal information we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data we hold about you. You may ask us to correct personal data we hold about you if it is inaccurate or incomplete.
- Request erasure of your personal data. In some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), you may ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Request the restriction processing of your personal data. You may ask us to suspend the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to our use or stated legal basis.
- Object to our processing of your personal data. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the transfer of your personal information to another party.
- Withdraw your consent. If your personal data is processed based on your consent, you have the right to withdraw that consent at any time, in which case we must stop processing the data unless we have another legitimate basis for process for doing so in law. You may also ask us to explain the consequences of denying or withdrawing your consent.
If you wish to exercise any of the above rights, please contact us using the information in section 15.
You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
13. California Consumers’ Rights
California Shine the Light Law
California residents may request information from us concerning any disclosures of personal data we may have made in the prior calendar year to third parties for their own direct marketing purposes. If you are a California resident and you wish to request information about our compliance with this law or our privacy practices, please write us using the information in section 15 below and specify that you are making a “California Shine the Light” request.
California Consumer Privacy Act of 2018
In the chart below, we identify each category of personal information that we have collected about our users in the last 12 months, using the categories enumerated in the CCPA. If we have collected that category of personal information in the last 12 months, an “X” appears in the corresponding row in the second column of the chart. For each category of personal information we have collected, we also identify (i) the source(s) from which the information was collected; (ii) the purpose(s) for which it was collected; and (iii) the categories of third parties, if any, with which it has been shared.
|Categories of Personal Information||Collected (in the last 12 months)||Categories of Source(s)||Purpose(s) for Collection or Sale||Categories of Third Parties With Which It Has Been Shared|
|Unique personal identifier (e.g., device ID, ad ID, IP address, etc.)||X||consumer||internal support analytics marketing||data analytics providers advertising networks|
|Account or policy number (e.g., banking, insurance, credit, etc.)|
|Government ID number (e.g., SSN, driver’s license, passport, etc.)|
|Physical characteristics or description|
|Professional or employment-related information|
|Commercial information (e.g., purchase history)||X||app storefront operators||internal support analytics marketing||data analytics providers advertising networks|
|Geolocation data||X (nearest City only)||consumer data analytics provider||internal support analytics marketing||data analytics providers advertising networks|
|Internet or other electronic network activity information (e.g., browsing or search history, interaction with an online service, etc.)||X||consumer data analytics provider||internal support analytics marketing||data analytics providers advertising networks|
|Electronic, olfactory, thermal, or similar information|
|Inferences drawn from any of the above information to create a profile|
Categories of Personal Information Sold or Disclosed
In the last 12 months, we have not sold, rented, released, disclosed, disseminated, made available, transferred, or otherwise communicated your personal information to another business or third party for monetary or other valuable consideration.
SALE OF MINORS’ PERSONAL INFORMATION: If you are a California resident and we know you are under 16 years of age, we will not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate to any other business or third party for monetary or other valuable consideration your personal information.
Rights of California Residents
Right to Know: If you are a California resident, you may submit, free of charge, but no more than twice in a 12-month period, a verifiable request for the following information:
- The specific pieces of personal information we have about you;
- The categories of personal information we collected, sold or disclosed for a business purpose about you within the last 12 months;
- The categories of sources from which the personal information was collected;
- The purposes for which the information was collected or sold; and
- The categories of third parties to which the information was sold, disclosed for a business purpose, or otherwise shared.
If possible, we will provide this information to you in a readily usable format that allows transmission to another entity.
To submit a request, please contact us using the information in section 15 below. Within 10 business days of receipt, we will let you know we received your request. We will provide a substantive response within 45 calendar days, unless we need more time, in which case we will notify you. If we need additional information to verify your identity, we will contact you to request that information. If we are not able to verify your identity, we will deny your request, but if applicable, we will refer you to the applicable sections of this Policy that address our data collection and use practices. If we deny your request, even if only in part, we will explain the reason in our response.
Right to Delete: You may submit a verifiable request for us to delete any personal information we have collected about you. To submit a request, please contact us using the information in section 15 below. Within 10 business days of receipt, we will confirm receipt of your request. We will provide a substantive response within 45 calendar days, unless we need more time, in which case we will notify you. If we need additional information to verify your identity, we will contact you to request that information. If we are not able to verify your identity, we will deny your request to delete. If we deny your request, even if only in part, we will explain the reason in our response. In either case, we will maintain a record of your request and our response.
Right to be Free from Discrimination: We may not discriminate against you because you have chosen to exercise your rights, including, for example, by denying you access to the App or charging you different rates or prices for the same online services, unless that difference is reasonably related to the value provided by your data.
Exercising Your Rights: To submit a verifiable request or to otherwise contact us for more information about how to exercise your rights, please follow the instructions above.
If you would like to designate an authorized agent to make a request on your behalf, you must (i) provide the agent signed permission to do so, (ii) provide proof of your identity, and (iii) directly confirm you provided the authorized agent permission to submit the request. If we do not receive the above, we will deny the request.
14. Nevada Consumers’ Rights
Nevada law requires each business to establish an email address or other means by which Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of certain kinds of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us using the information in section 15 below.
15. Contact Us
We are happy to answer any questions you have about this Policy, address any complaints, or help you exercise your privacy rights. Please contact us at:
Marmalade Game Studio Ltd.
33 Charlotte Street
Fitzrovia, London W1T 1RR
Data Protection Officer: Natalia.firstname.lastname@example.org or +44 7584603827.
For users located in the EEA:
Marmalade Game Studio Ltd.
Rua Marcos de Assunção
N6, Piso 3, GB 3.03
Data Protection Officer: Natalia.email@example.com or +44 7584603827.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO: www.ico.org.uk), the UK supervisory authority for data protection issues, at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Additionally, as mentioned above, Marmalade is a participating member of the ESRB Privacy Certified program. If we have not satisfactorily addressed your inquiry, you may contact ESRB Privacy Certified at firstname.lastname@example.org or https://www.esrb.org/privacy/contact.