EU PRIVACY NOTICE FOR OUR CUSTOMERS AND OTHER BUSINESS RELATED PERSONAL DATA
1. Who is responsible for processing your data and how to contact us
This Privacy Notice applies to all of our games, websites and related services, collectively referred here as our Services. Your continued use of the Services after the effective date will be subject to the new Privacy Notice.
We know that you care about how your personal information is used and shared, and we take your privacy seriously. This Privacy Notice is for the EU users of our software and our EU business partners and suppliers. Please read the following to learn more about how we use your personal information.
For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the "GDPR"), Coolgc Limited (referred to as “Coolgc”, “we”, “us”, or “our”) will be the data controller responsible for any personal data we process.
If you have any questions or concerns about this Privacy Notice, including those related to exercise any of your rights, please contact us through the game’s Help & Support so we can reply to you more quickly.
The data controller: Coolgc
Email: contact@coolgc.com
Address: The Highline , Dun Laoghaire Industrial Estate, Pottery Rd, Dun Laoghaire, Co. Dublin, Ireland A96 KW29
2. WHAT PERSONAL DATA WE COLLECT AND WHY?
We may source, use and otherwise process your personal data in different ways. In all cases we are committed to
protecting your personal data.
In each of the sections listed below, we describe how we obtain your personal data and how we treat it.
2.1 Individual Customers
A - Sources of personal data
We may obtain your personal data from the following sources:
a) from you directly (through the game, website or online forms); and/or
b) from third parties, service providers that are assisting us in providing you with a service, or from your
social networks accounts you used to sign in to our online services (for example, Facebook, Google, Game Circle,
Weibo).
B - Personal data that we collect and process
We may collect the following categories of personal data relating to our existing or prospective individual
customers:
а) Contact information (such as name or nickname or email you submit as part of your register for our
Services
or log-in or via social networks);
b) Data about your account and game progress, we create a Coolgc-specific ID for you when you use the
Services;
c) Your IP address and unique mobile device identification numbers (such as your device ID, advertising ID,
MAC address);
d) Data about your device, such as manufacturer, operating system, CPU, RAM, browser type and language;
e) Broad location data (e.g. country or city-level location);
f) Precise geolocation data (GPS, with your consent);
g) Data we collect with cookies and similar technologies Cookies Notice;
h) Data we receive if you link a third party tool with the Service (such as Facebook, Google or Weibo);
i) details of orders (amount spent, date, time, vouchers or offers used);
j) Data to fight fraud (such as refund abuse in games or click fraud in advertising);
k) Data from platforms that the games run on (such as to verify payment);
l) Data for advertising and analytics purposes, so we can provide you a better Service;
m) Your messages to the Services (such as chat logs and player support tickets) any feedback you submitted
about your experience with us; and/or
n) Other data you choose to give us.
C - Why do we collect your personal data and what are our lawful bases for it?
Individual Customers
We may use your personal data to: | Our lawful basis for doing so is: |
---|---|
Provide you with our products or services (for example, play one of our online games and make online purchases) | Contract |
We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
---|---|---|
Establish and manage our relationship (this covers making your experience with us personalised, dealing with complaints or maintaining your account with us) | Legitimate Interest | Account Management Management Reporting (including at an intra-group level) Exercise or defend legal claims |
Learn about how our products and services are or may be used (for example, when we ask you to fill out surveys about the experience you had with us) |
Understand the market in which we operate Management Reporting (including at an intra-group level) |
|
Security (ensuring confidentiality of personal information or preventing unauthorised access and modifications to our systems) |
Managing security, risk and fraud prevention Management Reporting (including at an intra-group level) |
|
Let you know about our products, services and events that may be of interest to you by email or other forms of electronic communication |
Promote our goods and services Management Reporting (including at an intra-group level) |
If you object to us using your personal data for the above purposes, including direct marketing, please let us
know using the email address provided in section 1.
Where we use your email to communicate marketing information to you we will seek your prior consent where required
to do so by law.
We do not knowingly collect or solicit personal data about or direct or target interest based advertising to
anyone under the age of 16 or knowingly allow such persons to use our Services. If you are under 16, please do not
send any data about yourself to us, including your name, address, telephone number, or email address. No one under
the age of 16 may provide any personal data. If we learn that we have collected personal data about a child under
age 16, we will delete that data as quickly as possible. If you believe that we might have any data from or about
a child under the age of 16, please contact us.
D – How long do we keep your personal data?
We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
2.2 Representatives of our Existing or Prospective Corporate Customers, Business Partners, and Vendors
We may collect personal data related to employees, directors, authorised signatories, or other individuals associated with Coolgc’s existing or prospective corporate customers, business partners, and vendors.
A - Sources of personal data
a) We may obtain your personal data from the following sources:
b) from you directly,
c) from a company that employs you, if you are an employee of our existing or prospective customer, business
partner, or vendor,
d) during networking events that we have either hosted, or sponsored, or attended; and/or
from publicly available sources (for example, your company website or social media sites, such as LinkedIn).
B - Personal data that we collect and process
We may collect the following categories of personal data relating to our existing or prospective customers’,
business partners’, and vendors’ employees, officers, authorised signatories, and other associated individuals:
a) name;
b) business address;
c) business email address;
d) business telephone number; and/or
e) job title.
C - Why do we collect your personal data and what are our lawful bases for it?
Representatives of our Existing or Prospective Corporate Customers, Business Partners and Vendors
We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
---|---|---|
Provide you with our products or services or receive products or services from you | Legitimate Interest | Efficiently fulfil our contractual and legal obligations Management Reporting (including at an intra-group level) |
Establish and manage our relationship | Efficiently fulfil our contractual and legal obligations Account Management Understand the market in which we operate Management Reporting (including at an intra-group level) Exercise or defend legal claims |
|
Learn about how our products and services are or may be used | Understand the market in which we operate Management Reporting (including at an intra-group level) |
|
Security | Managing security, risk and fraud prevention Management Reporting (including at an intra-group level) |
|
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication | Promote our goods and services Management Reporting (including at an intra-group level) |
If you object to us using your personal data for these purposes, including direct marketing, please let us know
using the email address provided in section 1.
Where we use your email to communicate marketing information to you we will seek your prior consent where required
to do so by law.
D – How long do we keep your personal data?
We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your business relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
2.3 WEBSITE VISITORS
A - Sources of personal data
We may obtain your personal data from the following sources:
a) from you directly (for example, at the time of subscribing to any services offered on our website,
including but not limited to email mailing lists, interactive services, posting material); and/or
b) from your device or browser.
If you contact us, we may keep a record of that correspondence.
B - Personal data that we collect and process
a) browser type;
b) information on the use of our website (for example, pages visited, geographical location, time spent on the
website, online transactions);
c) cookie data (for more information please see our Cookie Notice);
d) preferences regarding online marketing; and/or
e) IP address.
C - Why do we collect your personal data and what are our lawful bases for it?
Website Visitors
We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
---|---|---|
Provide our website services to you | Legitimate Interest | Website Management Promote our goods and services Account Management |
Establish and manage our relationship | Understand the market in which we operate Management Reporting (including at an intra-group level) Account Management |
|
Learn about our website(s) users’ browsing patterns and the performance of our website(s) | Website Management | |
Security | Managing security, risk and crime prevention Management Reporting (including at an intra-group level) |
|
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication | Promote our goods and services Management Reporting (including at an intra-group level) |
|
Learn about how our products or services may be used | Understand the market in which we operate Management Reporting (including at an intra-group level) |
If you object to us using your personal data for the above purposes, including direct marketing, please send us an
email using the email address in section 1.
Where we use cookies or similar technologies we will seek your prior consent where required to do so by law.
Where we use your email to communicate marketing information to you we will seek your prior consent where required
to do so by law.
D – How long do we keep your personal data?
We will keep your personal data only for as long as is necessary for the purposes for which it was collected in
connection with your requests via our website or your use of our website.
2.4 JOB APPLICANTS
We may collect personal data related to job applicants for positions advertised on our website.
A - Sources of personal data
We may obtain your personal data from the following sources:
a) from you directly;
b) from a third party, for example, individual referrals or a recruitment agency;
c) via hard copy and web-based application forms;
d) during networking events that we have either hosted, or sponsored, or attended; and/or
e) from publicly available sources (for example, professional networks, such as LinkedIn).
B - Personal data that we collect and process
We may collect the following categories of personal data, which may differ, depending on the content of your
CV or baseline documents you submit to us:
a) name;
b) residence address;
c) personal email address;
d) telephone number;
e) date of birth;
f) career and education history;
g) skills, experience, and qualifications;
h) personal interests, languages spoken, questionnaire results;
i) gender;
j) names and contact details for references. Please note that it is your responsibility to obtain consent from
your references prior to providing us personal information about them;
k) current and historic salary details together with salary expectations;
l) details of your current benefit entitlements; and/or
m) information about your entitlement to work in the country in which the Coolgc EU affiliate is located.
C - Why do we collect your personal data and what are our lawful bases for it?
Job Applicants
We may use your personal data to: | Our lawful basis for doing so is: |
---|---|
Check your eligibility to work in the country in which Coolgc affiliate is located Where you provide us with information regarding your disability, we will process it as part of our legal obligation to make reasonable adjustments for recruitment process |
Legal obligation |
We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
---|---|---|
Facilitate the selection process Assess and confirm your suitability for employment Communicate with you |
Legitimate interests | Talent Management (including at an intra-group level) |
Execute business process and internal management | Management Reporting (including at an intra-group level) | |
Safeguard the security of our infrastructure, premises, assets and office equipment, including prevention of criminal activity, defending legal claims | Managing security, risk and crime prevention
Exercise or defend legal claims |
D – How long do we keep your personal data?
We will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates for no longer than [six] months, unless we obtained their consent to keep it for longer.
2.5 Visitors to Our Premises
A - Sources of personal data
We may obtain your personal data from you directly and from our systems’ records.
B - Personal data that we collect and process
a) name;
b) business contact details;
c) organisation;
d) role;
e) time and date of your visit; and/or
f) image (for example, from CCTV cameras at our premises).
C - Why do we collect your personal data and what are our lawful bases for it?
Visitors to our Premises
We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
---|---|---|
Security | Legitimate Interest | Managing security, risk and crime prevention |
Maintain records of visitors to our premises | Legitimate Interest | Management Reporting |
If you object to us using your personal data for the above purposes, please let us know using the email address
provided in section 1.
D – How long do we keep your personal data?
We keep your personal data for as long as necessary to ensure security of visitors to our premises and as soon
as it is no longer necessary, usually after 90 days, we delete it.
3. WHO DO WE SHARE YOUR PERSONAL DATA WITH
We do not sell your personal data to third parties.
Our Partner Organisations and Service Providers
We may disclose information about you to organisations that provide a service to us, ensuring that they are
contractually obligated to keep your personal data confidential and will comply with the GDPR and other relevant
data protection laws.
We may share your information with the following types of service providers:
a) technical support providers who assist with our website and IT infrastructure,
b) third party software providers, including ‘software as a service’ solution providers, where the provider
hosts the relevant personal data on our behalf;
c)professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
d) providers that help us generate and collate reviews in relation to our goods and services;
e) our advertising and promotional agencies and consultants and those organisations or online platforms
selected by us to carry out marketing campaigns on our behalf and to advertise their own products or services that
may be of interest to you; and/or
f) service providers that assist us in providing our services.
Law enforcement or government bodies
We may disclose your personal data as permitted by law in order to investigate, prevent or take action
regarding
illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential
threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as
required by law.
4. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EUROPEAN ECONOMIC AREA
We share your personal data with our affiliates in the EU and outside the EU. International transfers with Coolgc
affiliates outside the EEA, are governed by EU Commission-approved Standard Contractual Clauses for Controllers
and, where relevant, for Processors.
We share personal data with external vendors or service providers or suppliers that we engage to perform
services or functions on our behalf and under our instructions. Where these vendors are located within the EU, we
ensure that they are contractually obligated to comply with the EU data protection rules. We also ensure in our
contracts with these organisations that they only Process Personal Data in accordance with our instructions and in
order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted
to them.
We may also disclose personal data to our advisers, consultants, law enforcement and other public authorities
(such as tax and social security bodies), the police, prosecutors, courts and tribunals. All these recipients are
themselves responsible to comply with the EU data protection rules.
Some of the vendors that we engage to are located outside the European Economic Area. Where the EU Commission
did not recognise them as locations providing adequate protection for personal data, we sign the EU
Commission-approved contract (so called Standard Contractual Clauses) to protect your data.
You may request a copy of these agreements by contacting us using the email address in section 1.
5. Your Rights
You are entitled to obtain information from us on how we handle your personal data, to see copies of all personal
data held by us and to request that your personal data is amended, corrected or deleted from our systems. You can
also limit, restrict or object to the processing of your data.
We do not carry out any decision-making based solely on automated processing, including profiling.
If you gave us your consent to use your data, e.g. so that we can send you marketing emails or display
personalised ads, you can withdraw your consent at any time. Please note that even if you withdraw your consent,
we can still rely on the consent you gave as the lawful basis for processing your personal data before you
withdrew your consent.
You can object to our use of your personal data where we stated we rely on our legitimate business interests
to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and
what are our lawful bases for it?’ above.
If you would like to exercise any of your above rights, contact us using the contact details in section 1
above.