1. OUR PRIVACY POLICY
Last updated: August, 2024
Nørdlight is committed to protecting Your privacy and the secure processing of Your personal data and We strive to limit the processing of personal data as far as possible and do not collect personal data beyond what is necessary.
Needless to say all processing of personal data, including the collection, registration, storing and general handling is governed by applicable privacy legislation, including the General Data Protection Regulation (GDPR). Nørdlight strives to make sure that the processing of personal data done by Nørdlight, is done in accordance with applicable legislation.
Should You have any questions related to privacy and/or Your rights, You can contact Us at privacy@nordlight.io or Our Data Protection Officer at DPO@spinmaster.com. Below You will also find detailed information on how We process Your personal data, on Your rights and how You can exercise them.
Who Are We?
We are Nørdlight Games AB, 559215-0816, with registered office at Lumaparksvägen 13A, 120 31 Stockholm, Sweden (“Nørdlight”, “We”, “Our” or “Us”) is a passionate Game Studio in Stockholm, Sweden.
We take privacy seriously at Nørdlight and this notice is designed to share what personal data We collect and how We use it. When Nørdlight processes Your personal data in accordance with this Privacy Notice, Nørdlight is the “controller” of Your data as defined by the GDPR and other applicable legislation.
Our contact details are:
Nørdlight Games AB
Attn: Privacy Officer
Lumaparksvägen 13A
120 31, Stockholm, Sweden
Our email address for all matters related to privacy is: privacy@nordlight.io
The contact details to Our Data Protection Officer are:
SpinMaster Ltd.
Attn: Data Protection Officer
225 King Street West
Toronto, ON M5V 3M2, Canada
When does this Privacy Policy Apply
This privacy policy describes how We collect and use Your personal data when You are using Our services, playing Our apps or interacting with Us. It applies to all visitors of this Website, end users (including paying and non-paying users) and Our social media channels.
2. YOUR RIGHTS
Under the GDPR You have certain rights concerning our processing of Your personal data. If You would like to access, correct, erase or limit the use or disclosure of any of Your personal data that has been collected and stored by Nørdlight or exercise any other right under applicable data protection legislation, please notify Us at privacy@nordlight.io so that We may consider and respond to Your request in accordance with applicable law.
Right of information: You have the right to be provided information concerning our processing of Your personal data. This includes understanding the purposes of processing, the categories of personal data concerned, and who else might receive Your personal data.
Right of access: You have the right to obtain confirmation as to whether or not We are processing Your personal data and, if this should be the case, have access to Your personal data.
Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data concerning You.
Right to erasure (“right to be forgotten”): Under certain circumstances, such as if the personal data is no longer necessary for the original purpose, if You withdraw Your consent, or if the personal data has been unlawfully processed, You have the right to obtain the erasure of Your personal data. However, this does not apply if Our interest in continuing to process Your personal data outweighs Your interest in having it deleted or if We are subject to a legal requirement to retain Your personal data.
Right to restriction: Under certain circumstances, such as if You contest the accuracy of Your personal data or if the processing is unlawful but You oppose erasure and request restriction instead, You have the right to obtain the restriction of processing.
Right to data portability: Under certain circumstances, such as when the processing is based on Your consent or a contract with You and the processing is carried out by automated means, You have the right to receive Your personal data in a structured, commonly used and machine-readable format and the right to transmit this information to another controller.
Right to object: Under certain circumstances You have the right to object to the processing of Your personal data. This includes but is not limited to the right to object in cases in which We process Your personal data based on legitimate interest (Article 6(1)(f) GDPR).
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, Swedish Authority for Privacy Protection, if You consider that Nørdlight’s processing of Your personal data infringes the GDPR. You can also lodge a complaint with Your own national data protection authority, please see list here.
Right to withdraw consent: If a processing of Your personal data is based on Your consent as set out in this privacy policy, You have the right to withdraw Your consent at any time.
Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.
3. TYPES OF PERSONAL DATA WE COLLECT
In this section, We describe the types of personal data that We collect or create. In Section 4 We describe for what purposes We use these types of personal data.
User Information: Information about Your use of Nørdlight’s apps such as: In-game generated events based on Your interaction with the app.
Device Information: Information from Your device - such as Device IDs, Android ID, Advertising ID, IDFA, IDFV, Operating System, Platform, screen resolution and similar Information about Your device and Device Settings/Usage, IP address (including Your approximate location).
Purchasing Data: Information relating to Your purchase history such as: In-game Properties/In-game buildings and items, Purchasing Tendencies.
Social Media Data: Information about You and Your interactions with Nørdlight fan pages on social media - such as name and/or user name, posts You like and comment.
Customer Information: Information from You provided to Us via Our customer support and/or service functions - such as first name, last name, email, age, Your issues and/or ideas.
Unique Identifiers: Information from Your account - such as Account ID, Rubik's Match ID.
4. WHAT PERSONAL DATA ARE USED FOR WHAT PURPOSE AND WITH WHICH LEGAL BASIS?
In the table below We indicate:
what We use Your personal data for;
our legal justifications (each called a "legal basis") under the GDPR and the UK GDPR for each purpose; and
the categories of personal data We use for each purpose.
Here is a general explanation of each legal basis to help You understand the table:
Contract with the data subject: Where it is necessary for Nørdlight (or a third party) to process Your personal data to:
fulfill obligations under a contract with You. This includes Nørdlight’s obligations under the Terms of Service to provide Our apps or services, such as Rubik's Match, service to You.
verify information before the start of a new contract with You.
Legitimate interest: Where Nørdlight or a third party has an interest in using Your personal data in a particular way, which is necessary and justified after considering any risks to You and other Nørdlights users. For example, We may use Your usage data to improve the Rubik's Match service for all users. Contact Us if You want to understand a specific legitimate interest and retain information on the balancing test.
Consent: When Nørdlight asks You to actively consent to Our services or processing, such as Rubik’s Match, use of your personal data for a specific purpose.
4.1 We collect the following information from You when You install and/or use the app Rubik’s Match on platforms such as Google Play Store and Apple AppStore:
What We use Your personal data for and why | Legal basis allowing the purpose | Categories of personal data and where they come from |
To provide the Rubik’s Match in accordance with our agreement with You so that You can play. | Contract with You. |
|
In Rubik's Match We sell in-app currency and We provide other in-app purchases in the in-game shop. We are doing this to provide You as a player a more fun and different experience in Our app. | Contract with You. |
|
Process players' in-app activity in order to answer questions relating to the performance of Our app and Our business. To understand how many active users, user experience and user engagement etc. | It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in continuously improving Our app and business operations. Analyzing in-app activity provides Us with valuable insights into user behaviour, app performance, and engagement levels. These insights are important for enhancing the user experience and ensuring the app meets the needs of Our users effectively. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1. |
|
When We have a crash in Our apps We collect, store and analyze information about that crash. We do that to understand if something is wrong in the app, this could be a bug in the app that We need to fix so You can continue playing it. | Contract with You. |
|
Whenever an action is performed in-game that requires a server side response We will be processing and storing pieces of data as part of log files. We do this to ensure technical functionality. | It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in maintaining and ensuring the technical functionality of Our game. By processing and storing log file data, We can monitor and troubleshoot server-side responses. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1. |
|
To allow You to play on another device We will offer You as a player to link Your progress with a third party authentication service. | It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in delivering a seamless and flexible gaming experience for Our users. By allowing the linking of progress across devices, We ensure that users can access their game data from any device. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1. |
|
To allow You to display ads in Our game from third-party products and services. Some in-game ads will also provide You with in-game rewards. | Your consent. |
|
Some of Our services use ad server technologies to send You offers and advertisements from third parties, and to measure how Our advertising campaigns work. Some of these technologies may sync or link behavior across multiple Websites, mobile apps and devices to tailor offers and advertising to Your interests. These technologies collect and use information so that We can provide You with appropriate offers and advertising, to measure the effectiveness and distribution of such offers and advertising, and to understand how users interact with Our services. | Your consent. |
|
4.2 Social Media
What We use Your personal data for and why | Legal basis allowing the purpose | Categories of personal data used for the purpose |
We reply to comments left by fans on Our own posts, We define this as reactive engagement. We also engage (by liking, leaving emojis or commenting) with fan channels on an as needed basis, We define this as proactive engagement. These are posts that have either gained high traction among the Nørdlight community or have created content that We like to support. We also share social media posts internally, but these are also publicly accessible on all social media platforms. | It is necessary for the purposes of Our legitimate interests. When balancing interests, Nørdlight has determined that We have a legitimate interest in being able to connect with You on social media, that the processing is necessary to achieve that purpose, and that Our interest outweighs Your right not to have Your personal data processed for this purpose. You may contact Us for more information about how the determination was made. Please see Our contact details in Section 1. |
|
4.3 We Collect the Following Information from You when You Contact Our Customer Support
What We use Your personal data for and why | Legal basis allowing the purpose | Categories of personal data used for the purpose |
To provide You with service in accordance with Our agreement with You. For example to give You access to games, figure out what problem You may have and help solve them. | Contract with You. |
|
4.4 We Collect the Following Information from You when You Participate in Testing Activities
What We use Your personal data for and why | Legal basis allowing the purpose | Categories of personal data used for the purpose |
We perform all kinds of research activities so we can learn from users’ needs and improve our products and services. | Your Consent |
|
Direct Marketing To build and maintain brand awareness and raise interest in Our products and services. | Your Consent |
|
Recordings of your usage of our apps and services. We sometimes record You when you are playing Our apps to understand how you react etc. | Your Consent |
|
4.5. Other Processing that We may Conduct
In the case of a legal dispute or other legal matter between You and Us We would work together with Our owners, Spin Master Ltd, and external advisors to assess and manage the legal matter. We would however still be the controller of Your personal data. If there is a legal dispute or other legal matter We will process Your personal data relevant to the matter or dispute. In particular, this may include Your name, e-mail address, contact details and any actions, progress and purchases that You may have performed in the app.
The purpose of the processing of the data by Us would in this case be the effective and uniform handling of legal matters.
If the data processing concerns the conclusion or performance of a contract with You, the legal basis of the data processing is performance of a contract. If the data processing is based on a legitimate interest, the legal basis is Our legitimate interest in effectively and uniformly handling legal matters and disputes. In case of legally legitimate and binding obligations by authorized courts or governmental authorities the legal basis for disclosing data would be in connection with the respective laws that state the legal binding effect of the obligation.
The storage period for data processed for the purpose of handling legal matters, disputes or complying with legal obligations is governed by the relevant limitation period, so that We can sufficiently defend ourselves against claims, or by the relevant legal obligations to retain documents.
5. HOW LONG DO WE KEEP THE DATA?
We will retain Your personal data for as long as necessary to provide Our services to You or as required by law.
We will keep Your personal data that is tied to Your account and Your usage of Our apps and services as long as You use the apps services and for a period of two years after You last used the app or service, unless You contact Us asking for a removal.
For analytics, instead of deleting Your personal data We may anonymise the personal data so that no direct or indirect identifiers remain and after such anonymisation We will store the information for an indefinite period.
For marketing attribution purposes, We keep Your personal data for three months after that We delete it.
For the purpose of customer support and services We will keep Your personal data for one year before We delete it.
We keep personal data collected during regular play tests, interviews and survey responses maximum three years after participation. Longer interviews and deep studies we keep a maximum of five years after you have participated.
6. COMMUNITY OR SOCIAL MEDIA FEATURES AND HOW WE KEEP THEM SECURE
Our Website and services may include community or social media features, such as forums and chat rooms. Please note that any information You post in these features may be publicly available. We encourage You to use caution when sharing personal data in these features. We take reasonable measures to keep these features secure and protect Your personal data.
7. WITH WHOM DO WE SHARE YOUR INFORMATION?
Nørdlight may share Your personal data, which includes but is not limited to billing information,usernames and other unique identifiers, with Our third-party agents, contractors, or service providers who are hired to perform services on Our behalf. We may also share Your information with Our affiliates.
We disclose necessary information to authorities such as the Swedish Authority for Privacy Protection and other authorities if We are required to do so by law, or under some circumstances if You have requested Us to do so.
7.1 CATEGORIES OF RECIPIENTS WITH WHOM WE SHARE WITH, REGARDLESS OF APP OR SERVICE
7.1.1 Suppliers and subcontractors
Description of the recipient: Suppliers and subcontractors are companies that only have the right to process the personal data they receive from Nørdlight on behalf of Nørdlight, i.e. data processors. Examples of such suppliers and subcontractors are software and data storage providers, and business consultants.
Service Providers - Processors
We use the following service providers that acts as processors in our app:
We use Google Firebase and BigQuery for analytics.
We use Google Oauth to connect Your account with Our app.
We use Google Workspace to process information about You you are involved in testing activities.
We use Amazon Web Services for hosting Our servers.
We also work with AppsFlyer as an attribution provider to help Us understand Your interactions with the apps and to optimize and analyze mobile ad campaigns and provide contextual ads.
We use BackTrace for monitoring bugs, crashes and crash reports.
We use Helpshift for customer service and to host Our FAQs.
We use Data Dog to monitor Our technical environments. This helps Us to keep Our services running and if something unexpected happens.
We use Playtest Cloud for some of our testing activities.
7.1.2 Spin Master Group - Processors
Description of the recipient: Companies in the Spin Master Group. List of companies that We share with on the basis of an intra group company agreement:
Spin Master Ltd
225 King Street West, Toronto
ON M5V 3M2
Canada
Toca Boca AB
Lumaparksvägen 13A
120 31, Stockholm
Sweden
Sago Sago Toys Inc
John St., 5th Floor, Toronto
ON M5T 1X3
Canada
Purpose and legal basis: This is required for Nørdlight to be able to provide You with its services and functionalities. Nørdlight has a legitimate interest in being able to access and provide these services and functionalities. We ensure that the processing this entails is necessary to pursue that interest, and that Our interest outweighs Your right not to have Your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in Your particular case. See section 2 for more information about Your rights.
7.1.3 Social Media Partners and Online Search Platforms - Joint Controller and or Separate Controllers
Description of the recipient: Companies that provide social media services that We use. If You visit one of these third-party Websites or use one of these third-party services, You should also consult the respective privacy policies, as these govern Your use of such Websites or services.
Facebook - https://www.facebook.com/about/privacy
Instagram - https://help.instagram.com/155833707900388
TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/en
YouTube - https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/
Purpose and legal basis: To care for Our fans and to promote Our brand and services. We base the processing, after a balance of interests, on Our legitimate interest in marketing Our business and offering relevant information. You are entitled to object to this processing, for reasons connected to the circumstances in Your particular case. See section 2 for more information about Your rights.
7.1.4 Marketing and Advertising Partners - Separate Controllers
Description of the recipient: Advertising partners and networks who offer advertisements from third parties, both contextual as well as personal interests, and to measure how Our advertising campaigns work.
List of advertising partners:
Facebook Ads - https://www.facebook.com/about/privacy
Facebook Custom List Custom Audiences - https://www.facebook.com/about/privacy
Facebook Business Tools- https://www.facebook.com/about/privacy
Google Ads - https://policies.google.com/privacy
Apple Search Ads - https://searchads.apple.com/privacy
IronSource - https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
Unity Ads network - https://unity.com/legal/game-player-and-app-user-privacy-policy
Tapjoy ad network part of Unity - https://dev.tapjoy.com/en/legal/Privacy-Policy
TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/en
Purpose and legal basis: Advertising partners who offer advertisements from third parties, to be able to show You both contextual and personalised ads and to measure how Our advertising campaigns work. This processing is based on Your consent. You are entitled to object to this processing. See section 2 for more information about Your rights.
8. THIRD COUNTRY TRANSFERS
In some cases Nørdlight might transfer personal data outside the EU, so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply;
The EU Commission has decided that there is an adequate level of protection in the country in question;
Standard Contractual Clauses (EU model-clauses) are used; or
Exceptions in special situations apply, such as to fulfil a contract with You or Your consent to the specific transfer.
We also identify and use additional protections as needed for each data transfer. For example, We use:
technical protection measures, such as encryption and pseudonymization.
9. HOW DO WE KEEP YOUR INFORMATION SAFE?
We are committed to protecting Our users' personal data and are among other things using pseudonymization, encryption and user based access levels to protect Your data. We strive to take appropriate technical and organizational measures to ensure the protection of Your personal data.
10. HOW CAN YOU CONTACT US WITH PRIVACY QUESTIONS OR CONCERNS?
If You have any questions or concerns about this privacy policy or Our privacy practices, please contact Us.
Or if you want to contact our DPO
dpo@spinmaster.com
Data Protection Officer
225 King Street West Toronto, ON M5V 3M2, Canada
11. NOTICE TO CALIFORNIA RESIDENCE
Under California Civil Code sections 1798.83, California residents are entitled to ask Us for a notice describing what categories of Personal Information We share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. Please note that We do not share Your Personal Information with any third parties or affiliates for their direct marketing purposes.
California Consumer Privacy Act of 2018 (CCPA) provides consumers who are California residents with specific rights regarding their Personal Information.
Right to Access: If You are a California resident, You have the right to request, up to two times each year, access to categories and specific pieces of personal data about You that We collect, use and/or disclose.
Right to Delete: If You are a California resident, You have the right to request that We delete personal data that We collect from You, subject to applicable legal exceptions.
Right to Opt Out of Sale of Personal Information: As the term is defined by the CCPA, Nørdlight does not sell any personal data.
To make a request regarding Your rights as described above, please send an email to privacy@nordlight.io or DPO@spinmaster.com or write to Us, using the addresses above.
12. CHANGES TO THIS PRIVACY POLICY
This privacy notice may be changed from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to You if these changes are material and, where required by applicable law, We will obtain Your consent. The notice may be sent to You by email to the last email address You provided Us with, by posting notice of such changes on Our sites and applications, or by other means, consistent with applicable law. The date of the last modification is stated at the top of this document.