Please read the terms of this Privacy Policy (this “Policy” or these “Terms”) carefully. The Policy describes to users (“User,” or “Users,” or “you”) how Mistplay Inc. (“Mistplay”, “we,” “us” or “our”) collects, uses, discloses or otherwise processes personal information (the terms “personal data” and “personal information” will be used to mean any information that is able to directly or indirectly identify you, which might differ slightly depending on the laws that apply where you are located) and other data we receive from Users using Mistplay’s website, mobile app, products and services (the “Services”). Examples of personal data include your name, email address, gender, age, and other information about you.
This Policy is effective when the User clicks on the “ACCEPT & CONTINUE” button during the Mistplay account creation process and by doing so, you agree that you have read and understood the terms of this Policy. If you do not agree with these terms or if you are younger than 18, you are prohibited from registering for a Mistplay user account. If you are between the age of 13 and 17 and currently have a Mistplay user account, please note that your account will be suspended as of November 1, 2021. You may continue to use the mobile application up until this date.
Be sure to return to this page periodically to review the most current version of the Privacy Policy. We reserve the right to change or otherwise modify the Privacy Policy. If we modify it, we will update the "Last Updated" date and will alert users that a change has occurred within the mobile app. If the modified Privacy Policy is not acceptable to you, please do not use the Services.
We do not use cookies (or similar technologies) to collect information about you. We collect information you provide directly or indirectly to us, such as when you create or modify your account, request on-demand services, redeem your rewards in our online shop, contact customer support, or otherwise communicate with us. This information may include: name, email, mailing address, age, gender, social media profiles, phone number, and PayPal information. During the registration process, we will also collect information such as your IP address and Google Advertising ID (together, the “ID”).
We will only collect your personal data as described in this Privacy Policy and will not use or otherwise process your information for any other purposes than described below.
If you sign into our Service using a third-party profile, we will import the first name and last name displayed in such profiles, such as information on Facebook or Google, on our platform.
When you use our Services, we will also collect information about how you interact with the games advertised on our platform. The type of information we collect relates to: i) achievements that are unlocked, ii) in-game purchases, iii) other apps on your device, iv) the time you spend playing games, v) the units you’ve earned in Mistplay, and vi) the game experience earned (collectively “User Gaming Profile”). A user’s gaming profile is visible to other users via the chat social networking feature.
Until October 31, 2021, existing users between the ages of 13 and 17 years old will be required to provide a phone number to verify their account upon redeeming a reward through our Shop. We use this information exclusively for the purpose of fraud prevention and to ensure that prizes are not earned through bots, automated processes or fraudulent use of software. Upon redeeming a reward from our Shop, you will be prompted to provide a phone number, which is linked to your user account to ensure the uniqueness of your user registration within the mobile application. If you do not want to redeem a reward from our Shop, you can use all other features of the mobile application without providing your phone number.
For all users 18 years old or above, when redeeming a reward through our Shop, we may verify your face via a ‘video selfie’ using a third party face verification technology. We use this information exclusively for the purpose of fraud prevention and to ensure that prizes are not earned through bots, automated processes or fraudulent use of software.
By using our mobile application and accepting our Privacy Policy, you understand that requesting a reward within the Shop on the Mistplay mobile application will only be possible upon additional user authentication via face verification. Your consent applies to the processing of such biometric data as described below, and is an express acknowledgement that such data is “special category” personal data pursuant to Article 9 of the General Data Protection Regulation (GDPR).
We will use your ‘video selfie’ exclusively for fraud prevention. Upon redeeming a reward from our Shop, you will be prompted to provide a video selfie using your mobile device’s camera. This video selfie provides us with a face map (a mathematical representation of your face generated through our third party provider, Facetec). This video selfie is encrypted on your mobile device before being sent to our servers for processing, and is linked to your user account to ensure the uniqueness of your user registration within the mobile application. If you do not want to redeem rewards through the Shop, you can use all other features of the mobile application without providing a video selfie.
Upon accessing and when using the Services, certain information will be required to provide the services and automatically collected, such as:
A user, including individuals accessing our Service through a “Continue as Guest” option cannot disable the collection of this information.
We use your data for the following purposes:
Additionally, personal data may be used and disclosed to the extent Mistplay may deem reasonably necessary to enforce the terms of any agreement between you and Mistplay, or to protect the rights, property or safety of any person or entity, or if required by law, specifically in response to a demand from government authorities.
We will also use your information to create de-identified statistical and analytical data.
We delete your personal information stored in physical form by shredding and personal information stored in electronic files by deleting the files in an irrecoverable manner. Moreover, pursuant to our Terms of Use, if a user does not use the Service for at least one year, the user’s inactive account may be terminated, and the user’s personal data may be destroyed.
We will only retain personal data for as long as you use the Services or for as long as it is required to meet the purposes for which it was collected, or as otherwise required by law. When we delete your account, all personal data will be deleted except as required by law. We may also retain personal data for an additional twelve (12) months after deletion for administrative or accounting purposes. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
The Services are designed to comply with specific requirements relating to Children’s privacy, including the the Children’s Online Privacy Protection Act applicable in the United States (“COPPA”). COPPA requires that website operators or online services not knowingly collect personal information from anyone under the age of 13 without prior verifiable parental consent.
We restrict the use of our Services to individuals age 13 and above. In compliance with COPPA, we do not knowingly collect or retain Information from our Services from children under the age of 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@mistplay.com.
For Korean residents only, we restrict the use of our Services to individuals age 14 and above. We do not knowingly collect, maintain, or use personal data from children under the age of 14. If we learn we have collected or received personal information from a child under 14 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 14, please contact us at privacy@mistplay.com.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By applicable law you have rights related to access and correction of the personal information that we hold about you.
You may make requests by writing to privacy@mistplay.com (see below for a description of the specific rights with respect to accessing and deleting Information that are provided to California, European, Taiwan and Korean residents). Upon receipt of such request, Mistplay will endeavor to provide you this information (in electronic readable format) within a reasonable time. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
If you are concerned about our response or would like to correct the information provided, please refer to Contact Information and Challenging Compliance below on how to contact us.
You may withdraw your consent to the collection of personal information at any time by sending a written request to privacy@mistplay.com. Upon receiving notice that you have revoked your consent, we will stop processing your personal information within a reasonable time, which will vary depending on what information we have collected and for what purpose. Please note that by choosing to withdraw such consent, you may not be able to continue to use the Services or any of the benefits you have earned. You may also ask us to delete your account. By deleting your account, however, any loyalty points that you have earned and not redeemed will be deleted. Please note that we will send you an email requesting your confirmation before we delete your account (please refer to the Data Retention section above).
We will only send you promotional communications if we have your consent to do so. You may opt out of receiving promotional messages from us by following the instructions (unsubscribe mechanism) in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.
We will not sell, rent, share, or disclose to outside parties the information we collect, save and except that we may share the collected information with other parties as follows:
For additional information regarding the type of third-party services that are used, please review the categories of personal information that we may share with third-party service providers and our business and commercial uses of such personal information on the Mistplay Privacy Centre at https://www.mistplay.com/privacy-centre
The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). There are three major laws regulating data protection and information privacy in Switzerland:Article 13 of the Swiss Constitution, the Federal Act on Data Protection (DPA) and the General Data Protection Regulation (GDPR). The following section provides additional information regarding the lawful basis and purpose for data processing and specific rights regarding your personal data.
As a resident of the EEA, SUI & UK, you should know that the purposes of our data processing activities are being conducted on the following so-called “legal grounds:”
As a resident of the EEA, SUI & UK, you also have certain specific rights regarding your personal data. You are free to exercise any of these rights by contacting us or as specified herein:
The California Consumer Privacy Act (CCPA) grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. As a consumer, you have the right to request, twice a year and free of charge, certain information about parties to whom we have disclosed or sold your personal information in the prior calendar year and a description of the categories of personal information shared. Additionally, upon request, twice a year and free of charge, we shall provide to you any information relating to your personal information and our processing of your personal information in a concise, transparent, intelligible, and easily accessible form using clear and plain language. To make such a request, please send an email to privacy@mistplay.com and please include the phrase “Personal Information Privacy Request” in the subject line, the Service you are inquiring about, along with your name, address, and email address. You can also ask us to delete your personal data stored on our platform. If we receive a request to delete your data, we will ask you if you want your personal information to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose personal information we have deleted so you may be contacted again by us, should we come into possession of your personal information at a later date. Requests to know and requests to delete will be honored within 45 days; if more time is needed to respond, Mistplay will notify you.
The CCPA enables California users to appoint an authorized agent to act on their behalf to submit disclosure requests and or deletion requests under the CCPA. The authorized agent must register with the California Secretary of State. We will honor a request from an authorized agent provided you provide written authorization to the authorized agent to act on your behalf and we can verify your identity and the agent submits proof of authorization.
The following chart contains the categories of personal information, as enumerated in CCPA Sec. 1798.140(o), of personal information we may collect, use, and disclose, the sources of the personal information and our business and commercial uses of such personal information:
Category
Name/Description
1. Sources
2. Business Use
3. Commercial Use
A
Identifiers – name, email, postal and IP address, unique personal identifier, online identifier, Internet Protocol address, account name, phone number
User provided on registration and upon redeeming points using online shop, customer service inquiries and claim forms; related and 3rd party sources to verify user supplied information, selfie in video format
Operational purposes including customer service; fraud & security incidence detection; website improvement; award prize winners
None
B
Protected classification characteristics under California or federal law
Age and Gender
Recommend suitable Games
None
C
Internet or similar network activity -browsing and search history, information on a consumer’s interaction with a website, application, or advertisement
System collected activity logs and cookies
To determine performance of media content and analytics purposes
None
D
Geolocation data
Country Identified using IP Address
Recommend Games for Country
None
E
Inferences drawn from other personal information
Profile reflecting a person's preferences
Recommend Games based on preference
None
Mistplay has collected, will collect, and has disclosed the personal information described in the categories above during the last year for business purposes; however, we do not sell your personal information. If you exercise your rights under the CCPA, Mistplay will not discriminate against you.
Browser “Do Not Track” Signals. Most browsers contain a “do-not-track” setting. In general, when a “do-not-track” setting is active, the user’s browser notifies other websites that the user does not want their personal information and online behavior to be tracked and used, for example, for interest-based advertising. As required by CalOPPA, we are required to inform you that, as is the case with most websites, we do not honor or alter our behavior when a user to one of our Websites has activated the “do-not-track” setting on her/his browser.
We may transfer your personal information overseas as described below. Your personal information will be transferred overseas in accordance with the Korean PIPA and Network Act privacy requirements via an information communication network and will be retained and used until the relevant purpose is achieved.
Company Name
Country
Contact of employee or Department Responsible for Managing Personal Information and Link to Privacy Policy
Date and Time of Transfer
Purpose of Transfer
Personal Information Items to be Transferred
Amazon Web Services, Inc.
U.S.A
Upon accessing and using Mistplay services
Hosting and data security and management services for the personal data that we store. Also used for analytics to monitor and track the reliability of the Services
mobile application account data such as name, email, mailing address, age, gender, language, social media profiles, application installed, time spent using an application, IP address, Google Ad ID, OS version, device model
Zendesk
U.S.A
When the user submits a request for support
Process customer support requests
Mobile application username, email
Adbrix
South Korea
Upon accessing and engaging with an ad and using Mistplay services
Advertising, rewards, and fraud detection
Mobile application Google Ad ID, IP address, age, device model, OS version
Adjust
U.S.A
Upon accessing and engaging with an ad and using Mistplay services
Advertising, rewards, and fraud detection
Mobile application Google Ad ID, IP address, age, device model, OS version
AppsFlyer
U.S.A
Upon accessing and engaging with an ad and using Mistplay services
Advertising, rewards, and fraud detection
Mobile application Google Ad ID, IP address, age, device model, OS version
Twilio Sendgrid
U.S.A
Upon subscribing to a newsletter
Send newsletter only to subscribers
Email address
Facetec
U.S.A
Upon redeeming points in online store
Fraud detection
Biometric data - Selfie in video format (‘video selfie’)
Singular
U.S.A
Upon accessing and engaging with an ad and using Mistplay services
Advertising, rewards, and fraud detection
Mobile application Google Ad ID, IP address, age, device model, OS version
Facebook
U.S.A
Upon accessing and using Mistplay services
Used for business analytics to better understand how users interact with Mistplay Services
Google Advertising ID
Google
U.S.A
Upon accessing and using Mistplay services
Used for business analytics to better understand how users interact with Mistplay Services
Google Advertising ID
Branch
U.S.A
Upon accessing and using Mistplay services
Used for fraud detection to identify how users interact with Mistplay Services
User-ID, Google Advertising ID
IPdata
U.S.A
Upon accessing and using Mistplay services
Detect anonymous users to protect our business from
Internet Protocol (IP) address
Twilio SMS
U.S.A
privacy@twilio.com
twilio.com/legal/privacy
Upon redeeming points in online store
Fraud detection
Phone Number
The security of your personal information is important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers that are located on Amazon AWS in the United States.
Unfortunately, the transmission of information via the Internet is not completely secure and may pass through entities that we do not control. Although we do our best to protect your personal information, no data security measures can be guaranteed to be completely effective to avoid all risks related to transacting information on the internet.
Our Services may link to other websites or apps such as the Google PlayStore, including content offered by third parties that we do not control and whose privacy and data collection practices may differ from ours. We are not responsible for and have no control over these third-parties and their practices, including the information or content contained within them. Please make sure you understand how these sites or businesses use and collect your information by reading their privacy statements.
We are based in Canada and the information that we process is protected by Canadian privacy laws. The information that we collect may be transferred, stored, or used in other jurisdictions, such as the United States, where some of our service providers may be located. While we protect your information by choosing appropriate service providers and having contractual safeguards in place with those vendors, the privacy laws in such jurisdictions may not be as protective as in, for example, Canada or the EEA, SUI & UK, and may be subject to access by foreign governments, with or without your knowledge.
The information collected in the EEA, SUI & UK is transferred and stored behind firewalls on our secure servers that are located on Amazon AWS in the United States in accordance with the GDPR adequacy standards. Any other transfers to third countries will be done using mechanisms such as the “model clauses”.
This Privacy Policy is incorporated into and forms part of our Terms of Use, which outlines the terms and conditions you agree to when using the Services, and which can be found at the bottom of most pages of the Mistplay website.
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Data Privacy Officer at:
Data Privacy Officer
Mistplay Inc.
481 Viger St, Suite 300, Montreal
Quebec, Canada, H2Z1G6 or via email at privacy@mistplay.com
