Marmalade The Game of Life 2 App Privacy Policy

Last Updated: 28 July 2021

1. Consent to installation of the App

Before installation of our Game of Life 2 mobile application (“App”), please read the following carefully to understand our practices regarding your personal data and how we will treat it. If you do not agree to this policy, please do not install the App.

How you can withdraw consent

Once you provide consent by installing the App, you may change your mind and withdraw consent at any time by contacting us using the contact information provided at section 15 (below) but that will not affect the lawfulness of any processing carried out before you withdraw your consent.

2. Introduction

This policy describes how we collect and use personal information about you, in accordance with the Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 which merge the previous requirements of that Act with the requirements of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”) and any other data protection and privacy laws and regulations applicable to us or to our processing of your personal information (“Data Protection Legislation”).

This policy (together with our end-user licence agreement as set out at https://marmaladegamestudio.com/wp-content/uploads/2018/05/EULA.pdf (“EULA”) and any additional terms of use incorporated by reference into the EULA, together with our Terms of Use) applies to your use of the App which is available on Android and IOS (the “App Stores”), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (“Device”).

This Policy will help you understand what personal data we and our third-party processors collect from you or your devices in the App; how we use and share that data; and how you can exercise your privacy rights. If you have any questions about this Policy, please contact us using the information in Section 15  below. 

We keep our privacy policy under regular review. If we make changes to this Policy, we will change the “Last Updated” date above and post the revised Policy in the App. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App.

3. About Us

Marmalade Game Studio Limited (“we”, “us”, “our” or “Marmalade”) is a private limited company registered in England and Wales with company number 03677408.  Our registered office is at 33 Charlotte Street, London, England, W1T 1RR.

We are registered as a data controller with the Information Commissioner’s Office under the Data Protection Act 2018 with registration number ZA763822. For the purpose of the Data Protection Legislation and this policy, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy policy.

We have appointed a Data Protection Officer who is responsible for assisting with enquiries in relation to this privacy notice and our treatment of your personal data. If you wish to contact our Data Protection Officer please use the contact details in section 15 (Contact Us) below.

4. ESRB Membership

Marmalade is a valid licensee and participating member of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”).  The App has been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use and disclosure practices.  As a licensee of this privacy program, we are subject to audits of the App and other enforcement and accountability mechanisms administered independently by the ESRB. 

5. Parents & Children

We have designed the App to provide a fun, family-friendly experience for users of all ages.  Based on empirical data, the App is primarily accessed by users 18 years and older.  Nonetheless, we have taken precautions for younger users who might access the App. Specifically, for children under the minimum applicable age, which varies by jurisdiction (e.g., under 13 years old in the US and under 18 years old in the UK) (“Children”), if we collect personal data, it will only be as necessary to support our core internal operations in compliance with the US’s Children’s Online Privacy Protection Act and the U.K.’s Age Appropriate Design Code. We also prevent Children from disclosing personal data publicly.    

If you are a parent or legal guardian, you may contact us to review your child’s personal data, ask us to delete it, or tell us to stop collecting or using it.  To do so, please contact us using the information provided in section 15 below.   

6. Data Collected in the App

When you use the App, you will have the option to create a username. You should not disclose any personal data (e.g., your actual name or email address) when you create a username because it will be visible to other users of the App.  For Children, the ability to create a username will be limited to prevent the disclosure of personal data.    

We (our processors or our third-party advertising and analytics partners) also collect the following data automatically when you use the App:

  • Identity Data:  date of birth;
  • Device and Location Data: Information about your device and network, including your Internet Protocol address (“IP address”); device ID and name; Apple’s ID for Advertisers (“IDFA”) or Google Advertising ID (“GAID”); your general location (i.e., nearest City), which we determine from your mobile device settings; type of device; operating system; type of mobile browser; time zone settings; and platform;
  • Profile and Usage Data: includes, your username and password; information about your use of the App, including when you installed the App; when you use the App; the content you view; your game usage data, including games played, game performance, and scores; and purchase history, including all purchases made within the App;
  • Performance and diagnostic data: includes information such as if the App crashes or runs slower than expected; and
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

For Children, we do not knowingly collect any personal data.

7. How we collect and use the data

We may process your personal data for purposes necessary for the performance of our contract with you, or for steps preparatory to entering into a contract with you, and to comply with our legal obligations.

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of your personal data. This includes processing for marketing, business development, statistical and management purposes.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then (i) we will request such consent from you separately, and (ii) you have the right to withdraw your consent to processing for such specific purposes.

Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.

Situations in which we will use your personal data

We may use your personal data to:

  • make the App available to you, including to operate the App; to communicate with you about your access to and use of the App; to respond to your enquiries; to fulfil your orders and requests; to provide troubleshooting and other technical support; and for other customer service and support purposes;
  • protect the integrity of the App, which includes to verify your identity; to detect and prevent fraud, cheating and unauthorised activities; to facilitate software updates; to secure our systems and the App; to prevent hacking, cheats and spamming; to enforce the terms of the EULA and other applicable terms; and to protect the rights and safety of our users;
  • analyse and improve the App, including to better understand how you access and use the App; to evaluate and improve the App; to develop new games, features, offerings and services; and for other research and analytical purposes;
  • tailor content we send or display on the App (e.g., for your geographic area);
  • serve and improve advertising, marketing and promotions, including to reach you with more relevant ads outside the App and to evaluate, measure and improve the effectiveness of our ad campaigns; to contact you about our App or other products or information we think may interest you; and at times, to administer promotions and contests;  
  • defend our legal rights, including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with users or third parties;
  • conduct necessary auditing, reporting, corporate governance, and internal operations; and
  • comply with legal obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.

In some circumstances we may anonymise the personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal information without your knowledge or consent, in accordance with this notice, where we are legally required to do so.

8. Data Sharing

This Section describes to whom and under what circumstances we share your personal data with third parties. 

Why might you share my personal information with third parties?

We will share your personal information with third parties where we are required by law, where it is necessary to administer the relationship between us, or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and data storage services, software development services, professional advisory services, online and mobile analytics services, marketing and campaign services and administration services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal information. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of our business, where an external organisation conducts an audit or undertakes quality checks for us, or where sharing with third parties such as counsel or other lawyers, accountants and experts is appropriate in order to provide our services to you. We may also need to share your personal information with a regulator or to otherwise comply with the law. We may disclose your personal information in order to protect our rights or property or those of our clients or others; and this includes exchanging information with other companies and organisations for the purposes of fraud prevention, compliance with anti-money laundering and ‘know your client’ requirements, and credit risk reduction.

9. Transferring information outside the United Kingdom (UK) and/or the European Economic Area (EEA)

We may transfer the personal information we collect about you to countries outside of the UK and/or the EEA, where this is necessary for the purposes for which we collected it.

Whenever we transfer your personal data out of the UK and/or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Secretary of State (as applicable);
  • Where we use certain service providers, we may use specific contracts approved by the European Commission and/or the UK Secretary of State (as applicable) which provide appropriate safeguards for personal data; and
  • A specific situation may exist where the transfer is permitted under the GDPR (for example, where the transfer of your personal data is necessary for the performance of a contract with you).

We currently use the following service providers who will process your information as part of their contract with us:

Our contracts with Playfab, Photon, Facebook, and AppsFlyer incorporate the contractual clauses referred to above which have been approved by the European Commission and/or the UK Secretary of State (as applicable).

Please contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

10. Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of Marmalade;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.

In some circumstances (for example when we collect statistical data about users’ actions and patterns in the App) we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

In some circumstances you can ask us to delete your data: see section 12 below for further information.

11. Data Security

The security of your personal data is important to us. We implement technical, administrative, and physical security measures to protect your personal data from unauthorised access, use, and disclosure. This includes, for example, encrypted communications, physically secured rooms, firewalls, password protection systems. Despite these efforts, we cannot guarantee the security of your personal data. If we learn that your unencrypted personal data has been compromised by a data breach, we will notify you consistent with applicable laws.

12. Your Privacy Rights

Under certain circumstances by law, you have the right to:

  • Request access to your personal data.  This enables you to receive details of the personal information we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal data we hold about you.  You may ask us to correct personal data we hold about you if it is inaccurate or incomplete.
  • Request erasure of your personal data. In some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), you may ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Request the restriction processing of your personal data. You may ask us to suspend the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to our use or stated legal basis.
  • Object to our processing of your personal data. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the transfer of your personal information to another party.
  • Withdraw your consent. If your personal data is processed based on your consent, you have the right to withdraw that consent at any time, in which case we must stop processing the data unless we have another legitimate basis for process for doing so in law. You may also ask us to explain the consequences of denying or withdrawing your consent.

If you wish to exercise any of the above rights, please contact us using the information in section 15.  

You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

13. California Consumers’ Rights

California Shine the Light Law

California residents may request information from us concerning any disclosures of personal data we may have made in the prior calendar year to third parties for their own direct marketing purposes. If you are a California resident and you wish to request information about our compliance with this law or our privacy practices, please write us using the information in section 15 and specify that you are making a “California Shine the Light” request.

California Consumer Privacy Act of 2018

In the chart below, we identify each category of personal information that we have collected about our users in the last 12 months, using the categories enumerated in the CCPA.  If we have collected that category of personal information in the last 12 months, an “X” appears in the corresponding row in the second column of the chart.  For each category of personal information we have collected, we also identify (i) the source(s) from which the information was collected; (ii) the purpose(s) for which it was collected; and (iii) the categories of third parties, if any, with which it has been shared.

Categories of Personal InformationCollected (in the last 12 months)Categories of Source(s)Purpose(s) for Collection or SaleCategories of Third Parties With Which It Has Been Shared
Name      
Alias      
Signature      
Postal address      
Email address      
Telephone number      
Unique personal identifier (e.g., device ID, ad ID, IP address, etc.)  Xconsumerinternal support analytics marketingdata analytics providers advertising networks
Account or policy number (e.g., banking, insurance, credit, etc.)      
Government ID number (e.g., SSN, driver’s license, passport, etc.)      
Physical characteristics or description      
Biometric information      
Professional or employment-related information      
Education information      
Medical information      
Financial information      
Insurance information      
Commercial information (e.g., purchase history)  Xapp storefront operatorsinternal support analytics marketingdata analytics providers advertising networks
Geolocation data  X (nearest City only)consumer data analytics providerinternal support analytics marketingdata analytics providers advertising networks
Internet or other electronic network activity information (e.g., browsing or search history, interaction with an online service, etc.)  Xconsumer data analytics providerinternal support analytics marketingdata analytics providers advertising networks
Audio information      
Visual information      
Electronic, olfactory, thermal, or similar information      
Inferences drawn from any of the above information to create a profile      

Categories of Personal Information Sold or Disclosed

In the last 12 months, we have not sold, rented, released, disclosed, disseminated, made available, transferred, or otherwise communicated your personal information to another business or third party for monetary or other valuable consideration.

SALE OF MINORS’ PERSONAL INFORMATION: If you are a California resident and we know you are under 16 years of age, we will not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate to any other business or third party for monetary or other valuable consideration your personal information. 

Rights of California Residents

Right to Know:  If you are a California resident, you may submit, free of charge, but no more than twice in a 12-month period, a verifiable request for the following information:

  • The specific pieces of personal information we have about you;
  • The categories of personal information we collected, sold or disclosed for a business purpose about you within the last 12 months;
  • The categories of sources from which the personal information was collected;
  • The purposes for which the information was collected or sold; and
  • The categories of third parties to which the information was sold, disclosed for a business purpose, or otherwise shared.

If possible, we will provide this information to you in a readily usable format that allows transmission to another entity.

To submit a request, please contact us using the information in section 15 below. Within 10 business days of receipt, we will let you know we received your request. We will provide a substantive response within 45 calendar days, unless we need more time, in which case we will notify you. If we need additional information to verify your identity, we will contact you to request that information. If we are not able to verify your identity, we will deny your request, but if applicable, we will refer you to the applicable sections of this Policy that address our data collection and use practices. If we deny your request, even if only in part, we will explain the reason in our response.

Right to Delete:  You may submit a verifiable request for us to delete any personal information we have collected about you. To submit a request, please contact us using the information in section 15 below. Within 10 business days of receipt, we will confirm receipt of your request. We will provide a substantive response within 45 calendar days, unless we need more time, in which case we will notify you. If we need additional information to verify your identity, we will contact you to request that information. If we are not able to verify your identity, we will deny your request to delete. If we deny your request, even if only in part, we will explain the reason in our response. In either case, we will maintain a record of your request and our response.

Right to be Free from Discrimination:  We may not discriminate against you because you have chosen to exercise your rights, including, for example, by denying you access to the App or charging you different rates or prices for the same online services, unless that difference is reasonably related to the value provided by your data.

Exercising Your Rights:  To submit a verifiable request or to otherwise contact us for more information about how to exercise your rights, please follow the instructions above. 

If you would like to designate an authorized agent to make a request on your behalf, you must (i) provide the agent signed permission to do so, (ii) provide proof of your identity, and (iii) directly confirm you provided the authorized agent permission to submit the request. If we do not receive the above, we will deny the request.

14. Nevada Consumers’ Rights

Nevada law requires each business to establish an email address or other means by which Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of certain kinds of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us using the information in section 15 below.

15. Contact Us

We are happy to answer any questions you have about this Policy, address any complaints, or help you exercise your privacy rights.  Please contact us at:

Marmalade Game Studio Ltd.

33 Charlotte Street

Fitzrovia, London W1T 1RR

United Kingdom

Data Protection Officer: Natalia.egyed@marmalademail.com or +44 7584603827.

For users located in the EEA:

Marmalade Game Studio Ltd.

Rua Marcos de Assunção

N6, Piso 3, GB 3.03

2805-290, Almada

Portugal

Data Protection Officer: Natalia.egyed@marmalademail.com or +44 7584603827.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO: www.ico.org.uk), the UK supervisory authority for data protection issues, at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Additionally, as mentioned above, Marmalade is a participating member of the ESRB Privacy Certified program. If we have not satisfactorily addressed your inquiry, you may contact ESRB Privacy Certified at privacy@esrb.org or https://www.esrb.org/privacy/contact.

Subscribe to the Marmalade Game Studio Newsletter!

Stay up to date with special offers, new releases, competitions and more

The personal data provided by you will be managed according to the information included in our Privacy Policy.
>