Privacy

LAST UPDATED: APRIL 16TH, 2025

Please read the terms of this Mistplay User Privacy Notice (this “Notice”) carefully. The Notice describes to users (“User”, “Users”, or “you”) how Mistplay Inc. (“Mistplay”, “we”, “us”, or “our”) use data related to our websites, mobile applications, progressive web applications, content, features, digital events, referral programs, promotions or products we create or operate (the “Services”). This Notice is incorporated into and forms a part of Mistplay’s Global Terms of Use (the “Terms”). Where an Annex applies to you, the terms of the Annex shall control to the extent it is in conflict with or different from this Notice.

As used below, capitalized terms not defined in this Notice have the meaning given to them in the Terms. “Personal data” and “personal information” generally mean any information that directly or indirectly identifies you, which might vary slightly depending on applicable laws. Examples of personal data include: your name, email address, gender, age, and other information about you such as data about your device or how you use the Services.

This Notice does not apply to your use of any third-party developer’s game that you find and access through the Services or any LoyaltyPlay participating app (“Partner App”). The processing of your data by a Partner App or game developer (“Game Partners”) is governed by the respective Partner App’s or Game Partner’s privacy policy.

Information specific to the LoyaltyPlay service is included in Annex C.

1. INFORMATION WE COLLECT ABOUT YOU

Mistplay is the controller, within the meaning of applicable laws, with regard to the collection, processing and use of personal data in the context of the Services and as described in this Notice. This means Mistplay is responsible for deciding the purpose and the means of how your personal information will be used and processed. We collect information about you, which include:

your name, age, gender, phone number, passwords, and email that you enter when you set up a Mistplay account, including information provided by third parties that you select during sign up (i.e. Facebook, Google, Kakao, LINE);
information regarding your activity within Mistplay, including game installations, play time, participation in surveys, sweepstakes, tasks, and promotional offers;
your device information such as device model, operating system, device ID, advertising identifiers, IP address, and device location;
information related to the apps installed in your device;
Session ID, information on how you access the Services (including frequency, what time, how long, and from which device(s), active users and intervals), your activity and engagement within the Services (such as in-app events, tasks, sweepstakes, leaderboards, surveys, ratings), your approximate and precise location or the country from which you are accessing the Services (“Usage Data”).
data related to software or applications when you play and engage with games discovered in our Service, including the duration of your game play time (which may require you to change your device settings). To enable Mistplay to provide you with the Services, including the loyalty rewards program, you direct Mistplay to collect information about you from Game Partners, including your installation of a particular game, in-game purchase information and in-game advertising information, transaction types, events, actions, clicks, impressions, and use of virtual items, game achievements, statistics and information on bugs and malfunctions (“Gameplay Data”).

We specify the personal data we collect for each purpose of processing, together with their applicable legal basis, in Annex B Table for Legal Processing Activities to this Notice.

2. USE OF PERSONAL DATA

Mistplay may link or combine the personal data we collect through several methods, including but not limited to software integrations, tools, and proprietary machine learning algorithms or artificial intelligence (“AI”), so that we may provide you with a personalized experience. We generally use personal data to:

provide, deliver, monitor and improve our Services (including customer support and respond to requests, complaints and feedback, troubleshoot software bugs and operational problems and to communicate with you according to your preferences), which requires us to track third party app installations (conversions) to award points, offer rewards to Users based on their active usage of Game Partner applications, and to enable gift card redemption. This includes meeting operational and business transaction requirements such as billing advertising clients, attribution of game installs, accounting, calculating Units earned in and otherwise enabling the Rewards Program and delivering prizes for leaderboards, sweepstakes and other promotions.
personalize advertisements and promotions of games on the Mistplay platform (including personalize the Services for you with tailored suggestions of games, features and events through the Services, promote games available in your country, and provide you with loyalty rewards in accordance with your profile and tier status using the parameters further explained in Annex B Table for Legal Processing Activities).
display your username and rewards or progress information to you and others on leaderboards and other community features within the Mistplay platform (including such display of your referred friends who have joined the Services on your referral leaderboards)
offering participation in activities such as leaderboards, sweepstakes, promotions, and other digital events and determine winners.
build the Mistplay community of users by marketing Mistplay’s Services on third-party platforms, including for targeted advertising of Mistplay on third party mobile applications and websites and for measurement and optimization of such marketing campaigns.
fraud prevention, including the need to verify your digital identity to secure our platform and Services, including automated detection of fraudulent activities as further explained in Annex B.
improve and develop new products and update features in our Services.
create industry reports and develop insights about our business with aggregate data or in a format that is anonymized and cannot be used to re-identify Users.
help train our machine learning and AI models to provide you with personalized content and user experience as well as for the purposes outlined in this Notice.
abide by local law.

The legal basis for Mistplay processing your personal data as described in this Notice will typically include one or more of the following:

performance of our agreement with you and our other Users, including to run and enable the Mistplay rewards program and provide customer support.
meeting our legal and compliance obligations under applicable laws.
our legitimate interest in, for example, monitoring, promoting and improving services we provide, securing the Services, assuring use of our Services in accordance with our Terms, business analysis, and developing new products and services.
consent, when required by applicable laws, as further explained in the regional notices in Annex A.

For more information on the legal basis for specific processing activities, see Annex B.

3. HOW WE SHARE PERSONAL INFORMATION ABOUT YOU

Username; Leaderboard; Community Features. We may display your username, profile information, play progress and reward information, on community features and leaderboards visible to you or other Users on the Mistplay platform. Your username, play progression, and rewards progression may appear on your friend’s referral leaderboard if you joined Mistplay through your friend’s referral link. You acknowledge that you can opt out of any leaderboard or community features by contacting Mistplay customer service. You can change your username at any time by editing your profile in Mistplay. We recommend that you do not include your personal information in your username, which can be displayed to other Users.

Corporate Affiliates and Transaction Parties. We may share your personal data with our subsidiaries or affiliates under common corporate control for the purposes described in this Notice. We may also share your personal data with counterparties as part of corporate transactions such as mergers, sales of company assets, financings or acquisitions but only to the extent necessary to evaluate and complete such transactions and subject to applicable legal or contractual requirements.

Law Enforcement, Regulators and Other Parties for Legal and Security Reasons. We may disclose personal data when necessary to protect the legal rights of Mistplay, Users or third parties, in order to avoid fraud, manage our risks or comply with applicable laws, legal orders or processes. This includes exchanging information with the authorities and security companies which act on our behalf for these purposes. In these cases and where permitted by applicable laws, we disclose personal data to comply with legal obligations or to protect the legitimate interests of Mistplay or affected third parties, for example if we are obliged to cooperate with government authorities in the context of legal investigations.

When necessary, the categories of data disclosed to such third parties may include your identifiers, Internet or other similar network activity, inferences drawn from other personal information, approximate and precise geolocation data and sensitive personal information. Where required or permitted by law or regulation and reasonably practicable, we will attempt to notify you of such requirements.

Service Providers. We have agreements with various service providers to facilitate delivery of our Services, which include those we engage to give customer support, operate the technical infrastructure needed to provide the Services, assist in providing you rewards and protecting and securing our systems and Services, and to help market Mistplay Services.

Advertising Platforms and Networks. We partner with certain providers, including but not limited to Google, Unity, and social media companies, to display, target, and suppress Mistplay advertisements on their or their partner sites (such as advertisements within games and other mobile apps). Such providers may conduct analytics in relation to advertisements and to manage our advertising on other sites. Personal information we disclose to these providers include device identifiers (e.g., Google Advertising Identifier), IP addresses, time and event data for certain actions (such as new game installation or in-game purchase made or game playtime milestone achieved). These providers use this information for marketing optimization, reporting, and analysis, and to prevent display of Mistplay advertisements to you and existing users, retarget inactive users, and reach new potentially interested users.
Administrative Service Providers. Our administrative service providers, acting as data processors, may receive and process your personal information to support the Services, including to administer testing, process support requests, detect and prevent fraudulent activity, provide communications (such as email and push notifications), and deliver surveys, sweepstakes, and events to engage with Users, subject to applicable law.
Analytics Service Providers. We work with analytics service providers that act as data processors to help us analyze and understand the personal data about you and develop trends, patterns and insights to personalize your experience with Mistplay, curate your game selection, improve our Services, optimize sales and advertising, and create new products. These analytics providers, such as Appsflyer, also measure, verify, and analyze performance of our marketing campaigns.

Game Partners. The main purpose of the Mistplay loyalty program is to promote and advertise the games of our Game Partners in the Mistplay platform. In order to enable the loyalty program and reward you for your engagement, (a) we must allow tracking and collection of certain personal data by applicable Game Partners and their analytics providers, such as your game installs or survey answers, for purposes of reporting, attribution, and billing of the Game Partners; and (b) you direct Mistplay to collect Gameplay Data from Game Partners, including your in-game purchases and advertising views, in order for Mistplay to reward you, provide you with personalized content, market new games of interest to you, to develop our AI and algorithms for predictive modeling, grow our business and community of users, and for development of new products, features, and services. If you choose to access or install a game recommended through our Services, you acknowledge that Game Partner and its analytics partner will collect your personal data from Mistplay and employ tracking technologies as set forth below in Section 6.3 “Cookies and Other Tracking Technologies.”

Mistplay may also disclose aggregated information about Users along with information that does not and cannot identify any individual or device, except where limited by applicable laws. For example, we may use anonymized user ratings, review of apps and aggregated information for statistical and machine learning purposes, to provide insights into developing or enhancing Services, for marketing and advertising and for other legally permissible purposes such as testing our IT systems and features. For more information regarding the sharing of data with third parties please review the applicable sections below and notices within Annex A and Annex B.

4. HOW WE STORE, TRANSFER AND SECURE PERSONAL INFORMATION ABOUT YOU

We are based in Canada, and we store information that we collect from your device on our Amazon Web Services servers located in the United States. The information that we collect may be transferred, stored, or used in other jurisdictions, where some of our providers may be located. While we protect your information by choosing appropriate providers and having contractual safeguards in place with those vendors, the privacy laws in such jurisdictions may not be as protective as in, for example, Canada, the UK or the EU.

We maintain administrative, organizational procedures, technical and physical safeguards, consistent with legal requirements where the personal data was obtained, designed to ensure the security and confidentiality against unlawful or unauthorized destruction, loss, alteration, use or disclosure of, or access to, the personal data we collect and process.

If you are resident of a country in Europe, please see Annex A below for more information on international data transfers that are applicable to you.

5. EXERCISING OF YOUR RIGHTS

You can always update preferences and exercise rights you may have under applicable data protection laws by contacting us as directed below. However, if you do choose to change preferences, opt-out or withdraw consent where it has been given, your experience with our Services may change, be diminished or your ability to use some of the features and options in our Services may be limited (such as access to Units and the Rewards Program described in our Terms). Please keep us informed if your personal data changes or should be corrected.

For a description of the specific rights with respect to your personal information that are provided to residents of certain European countries, Japan, Korea, Canada, and the states of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Utah, Tennessee, Oregon, Tennessee, Texas, Utah, Illinois, and Virginia, please see Annex A for Region-Specific Notices. We will handle your request in accordance with applicable laws, such as in relation to response time, verification of identity and content. If we cannot fulfill your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Depending on your jurisdiction, your rights may include:

The Right to Opt Out of Marketing Communications sent by Mistplay. This can be done also by clicking on the unsubscribe link in the marketing or promotion email you receive. Please note that if you opt out of receiving marketing or promotion messages from us, we may still send you important Service-related messages, from which you cannot opt out. You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Services.
The Right to Withdraw Consent. Where you provided us with your consent, you may withdraw your consent to the collection and processing of personal data at any time by contacting us as directed below or by sending a written request to Privacy@Mistplay.Com. Upon receiving notice that you have revoked your consent, we will stop processing your personal data without undue delay. Withdrawing consent may impact your use of the Services, such as access to your account, certain events, and eligibility for earning rewards.
The Right to Erase Your Personal Data or Delete Your account. By deleting your account, any Units that you have earned and not redeemed will be deleted. Please note that we will send you an email requesting your confirmation before we delete your account, and we may not be able to delete all data you requested, for instance to comply with applicable tax laws.
The Right to Object to the Processing of Personal Data or Tracking Technologies. If we receive such a request, we will review your objection and delete personal data that we processed for the purpose to which you objected without undue delay, unless another legal basis for processing and retaining this data exists or applicable law requires us to retain the data. Please note that certain types of personal data processing is required to enable the Mistplay rewards program, and your opt-out of such processing may impact your ability to continue receiving rewards from Mistplay. Please note that certain processing of personal data is necessary for Mistplay to provide you with the Services, including personalized game ads, reward program, etc. Thus, if you object to some of them, we may not be able to provide you with such Services. You may elect to receive alternative services from Mistplay without the loyalty rewards program by signing up for the Mistplay game discovery email newsletter.
The Right to Opt Out of Sharing Your Data with Advertisers of Mistplay’s Services. We provide your personal data, such as your device ID or Google advertising ID, to our advertisers in order to optimize our marketing of Mistplay services and prevent you from receiving Mistplay advertisements when you have already installed the Mistplay app. Depending on the jurisdiction, if you do not consent to this data sharing or if Mistplay receives an opt-out request from you, we will take steps to block sharing of your data for these purposes. As a result, you may receive Mistplay advertisements in other media channels even if you already have Mistplay installed in your device.
The Right to Opt Out of Targeted Advertising and Content Personalization within Mistplay. In order for Mistplay to supply you with the loyalty rewards program where you can earn units towards redemption of a variety of gift cards, Mistplay must be able to provide you with personalized content, including in-app promotions and a curated mixlist of games that Mistplay is advertising to you on behalf of the Game Partners. The Mistplay platform provides you with personalized game recommendations based on a number of factors, including game availability in your jurisdiction, predictive modeling by our algorithms, your game install history, your Gameplay Data, and game preferences you may provide in user surveys. If you wish to opt out of targeted advertising and content personalization in the Mistplay app or you do not provide consent to such processing, then Mistplay will not be able to provide you with the loyalty rewards program. If you wish to continue to receive Mistplay game discovery services without targeted advertising and loyalty rewards, contact customer service as directed below in order to close your Mistplay app account. You may elect to receive alternative services from Mistplay without the loyalty rewards program by signing up for the Mistplay game discovery newsletter.

6. OTHER IMPORTANT INFORMATION

6.1 CHILDREN’S PRIVACY

In accordance with the Terms, you may not use the Service if you are under 18 years old. Mistplay is committed to complying with laws protecting children, within the meaning of applicable law. If you believe we might have any information from or about a child, please contact us.

6.2 DATA RETENTION

Mistplay will only retain personal data for as long as is required by law, as long as you use the Services, or as long as is necessary to meet the purposes for which it was collected. For example, any personal data derived from facial scans are stored by Mistplay for six months for purposes of preventing fraudulent activity. Mistplay account balances or rewards earned as of termination must be preserved for some period to allow for such matters as billing and tax reporting. Specifically, we destroy your personal information or store it separately if you do not interact with our Services for 5 years.

Note, if a User does not use the Services for at least one hundred eighty days, the User’s inactive account may be terminated, Units earned may automatically expire and personal data may be deleted.

You may also ask us to delete your account. By deleting your account, however, any Units that you have earned and not redeemed will be deleted. Otherwise, if we choose to maintain or use de-identified information (where permitted by applicable law), we continue to do so in a de-identified manner and will not attempt to re-identify you. To delete personal data held by Game Partners, please contact them as directed under the terms of the Game Partners privacy policy.

6.3 COOKIES AND OTHER TRACKING TECHNOLOGIES

Like most online services and mobile applications, we or our Game Partners may use technologies, such as tracking links (embedded URLs), mobile measurement providers (e.g., Appsflyer, Adjust, Singular, etc.), cookies, web beacons (also known as pixel, tags or clear gifs) or integrated software development kits (SDKs) in connection with our Services. We use these technologies to secure and improve our Services, for attribution and billing our Game Partners, to understand your preferences, collect information about your activity, browser, and device, and to tailor our Services to your interests. We also use these technologies to collect information when you install games that were discovered from Mistplay, when you make in-game purchases or watch in-game advertisements, or when you engage or click on Mistplay ads in other digital media channels. Our Game Partners employ their mobile measurement partners to collect your information when you download games that you have discovered on Mistplay. These tracking technologies and the collection of Gameplay Data enable Mistplay to verify your task completion, calculate your loyalty rewards, and monitor against fraudulent behavior. As such, these are necessary tracking technologies for the operation of the Mistplay loyalty program. If not accepted, we may not be able to provide you with our Services.

For visitors of the Mistplay website, Mistplay may use cookies for tracking. A cookie is a small text file that allows us to remember your actions and preferences on the website (such as your login details, your language settings and your font size preference) over a period of time so you don't have to re-enter them whenever you come back to the website or browse from one page to another.

Some web browsers provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer. The procedure for managing cookies is slightly different for each internet browser. You can check the specific steps in your particular browser help menu. You also may be able to reset device identifiers or opt-out from having identifiers collected or processed by using the appropriate setting on your mobile device. Depending on your jurisdiction, we get your permission before we set certain cookies and other tracking technologies. For more information on how we use cookies and other tracking technologies, please review our Cookie Notice.

7. CONTACT US

If you have questions that do not relate to this Notice or data privacy, please write to our customer support team and Submit a Request. To exercise applicable data protection rights or comment about this Notice and our privacy practices, you may reach out to our data protection office at:

Data Privacy Officer
Mistplay, Inc.
Suite 200 - 1001 Blvd Robert-Bourassa, Montréal, QC H3B 0A7 or via email at Privacy@Mistplay.Com

ANNEX A: REGION-SPECIFIC NOTICES

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions or states. Disclosures for residents of Europe, United Kingdom, USA, and Canada are set forth below. Disclosures for residents of South Korea and Japan can be found at: https://www.mistplay.com/legal/privacy-centre.

EUROPE AND UNITED KINGDOM NOTICE

1. SPECIFIC RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA, SWITZERLAND AND THE UNITED KINGDOM (“EEA, SUI & UK”)

This Europe and United Kingdom Notice provides additional information for users located in the EEA, SUI and UK. Unless otherwise set forth in this Europe and United Kingdom Notice, all other terms and principles in Mistplay’s Global Privacy Notice continue to apply.

Users in the EEA and UK have certain privacy rights as specified under applicable law, including the General Data Protection Regulations (“GDPR”), SUI Article 13 of the Swiss Constitution and Federal Act on Data Protection (DPA) and UK Data Protection Act 2018. The Notice and the privacy controls we offer to all users are in line with these laws. As a resident of the EEA, SUI & UK, you also have certain specific rights regarding your personal data. You are free to exercise any of these rights by contacting us under the contact details in the Contact Us section of the Notice or as specified herein:

Access. You have the right to know if your data is being processed and to request a copy of the personal data that we process about you. However, there are exceptions to this right, so that access may be denied if, for example, making the information available to you would adversely affect the rights and freedoms of another person, or if we are legally prevented from disclosing such information.
Rectification. We aim to keep your personal data accurate and complete. We encourage you to keep us informed about changes that you would like reflected in our records. You have the right to request the rectification of inaccurate personal data and, taking into account the purposes of the processing, to complete your personal data.
Restriction: You have the right to request a restriction of processing from us, provided that the legal requirements for restriction are met.. This includes situations where you have objected to the processing and we are in the process of verifying whether our legitimate grounds override yours.
Data Portability. Provided further legal requirements are fulfilled, you have the right to request that your personal data is provided to you, or, where technically feasible, to have your personal data transmitted to another provider should you wish to stop using our Services in favor of another, in a structured, commonly used and machine-readable format.
Erasure. You have the right to erase or request that we erase your personal data as far as legal requirements for erasure are fulfilled, such as when your personal data is no longer necessary for the purposes for which it was collected.
Withdraw consent. Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you as far as further legal requirements are fulfilled.
For France, you also have the right to provide guidelines relating to the retention, deletion and communication of your personal data after your death under the conditions set forth by Article 85 of the French Data Protection Act (Loi Informatique et Libertés).

Objecting. In certain circumstances, you have the right to object to processing of your personal data. You may ask us to block, erase or limit the use or other processing of your personal data.

The specific further legal requirements for the exercise of these rights depend on the applicable statutory data protection laws. For your protection, we only fulfill requests for the personal data associated with the email address that you identify in your request, and we may need to verify your identity before fulfilling certain requests. See the Section entitled “EXERCISING OF YOUR RIGHTS” of the Notice for more information.

2. SUBMITTING COMPLAINTS

If you are resident in the EEA, you have the right to make a complaint at any time to the regulator in your jurisdiction. To find out how to contact your local regulator, please visit https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you reside in the UK, you have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues. You can make a complaint via the ICO’s website (https://ico.org.uk/make-a-complaint/). This website also provides additional contact details for the ICO.

If you reside in the Switzerland, you have the right to make a complaint at any time to the Federal DataProtection and Information Commissioner (FDPIC). You can make a complaint via the FDPIC’s website (https://www.edoeb.admin.ch/edoeb/en/home/meldeportale.html). This website also provides additional contact details for the FDPIC.

3. TRANSFERS OF PERSONAL DATA

For EEA, SUI & UK based users, your personal data may be transferred to recipients located outside of the EEA, SUI & UK for example to countries where we have facilities or engage service providers, or where our corporate entities and our hosting provider, are located. The processing of your data may take place worldwide but will occur primarily in countries of the EEA, Canada and the USA. Some of these countries may not offer the same level of privacy protection as the laws in your country of residence or citizenship.

Some of these countries are recognized by relevant governmental authorities such as the European Commission as providing an adequate level of data protection according to EEA/UK/Swiss standards, such as Canada (commercial organisations). For transfers from the EEA, the UK or Switzerland to countries not recognized as offering an adequate level of data protection, such as India and the US for customer support and hosting services, we have put in place adequate measures as required by applicable laws, such as entering into standard contractual clauses adopted by the European Commission and/or the ICO to protect your personal data. If you would like to receive a copy of our implemented safeguards and/or information on the third countries to which your personal data are being transferred (where possible) you can contact us as directed in the Notice under the Contact Us section.

4. FRAUD PREVENTION (INCLUDING PROCESSING OF BIOMETRIC DATA) AND AUTOMATED DECISION MAKING

We use automated anti-fraud heuristics and machine learning to detect and prevent fraudulent behavior and to avoid misuse of the Services, including to combat against bots and synthetic users. The information processed for this purpose may include in-app behavior modeling and user device characteristics, among others. This processing is necessary for securing the Services and prevent misuse of the loyalty program. Without this activity, we will not be able to provide the Mistplay loyalty program and rewards.

In addition, we may process your biometric data using facial scan technology to prevent fraudulent, synthetic, or illegitimate users from misusing the Mistplay loyalty rewards program to wrongfully acquire gift cards. Such processing is of utmost importance for maintaining the integrity of our Services and our ability continue providing Services to you. Therefore, if you do not provide your consent for processing the biometric data, we may not be able to provide you with such Services. You may elect to receive alternative services from Mistplay without the loyalty rewards program by signing up for the Mistplay game discovery email newsletter.

When fraudulent or synthetic behavior is detected, we will remove or block the account. We have implemented suitable measures to safeguard User’s rights and freedoms and legitimate interests, including the right to obtain human intervention, to express their point of view and to contest the decision by means of the appealing the account block or termination by contacting customer support at support@mistplay.com.

5. DATA COLLECTED FROM THIRD PARTY SOURCES

We collect the following personal data form the following third party sources:

SPECIFIC NOTICE FOR RESIDENTS OF THE UNITED STATES

1. ADDITIONAL DISCLOSURES FOR RESIDENTS OF CALIFORNIA, USA

This section applies to the personal information of residents of California and supplements the other sections of Mistplay’s Global Privacy Notice, which continue to apply.

Collection and Use of Personal Information: We have collected the following categories of personal information about you in the past 12 months:

Category

Examples

Business Purpose

Identifiers

Name, email, unique personal identifier, online identifier, IP address, device identifier, advertising identifiers, account name, phone number, and selfie video or image

Operational purposes including customer service; fraud & security incident detection; website improvement; award prize winners; to deliver our Services to you, including personalized recommendations, advertisements, and promotions of Games; and to grow the Mistplay community by marketing and advertising the Services.

Protected classification characteristics under California or federal law

Age and gender

To determine if you are an adult qualified to receive Mistplay services and to recommend suitable games and rewards promotions.

Internet or other similar network activity

Usage Data, Gameplay Data, information related to the apps installed in your device

To prevent fraudulent activity and provide better game recommendations (including personalization of Services, game ads and promotions and building User´s profiles), maintain and improve Services, and enable the rewards program, marketing and advertising of the Mistplay Services, monitor and analyze usage and activity trends, training ouch machine learning and AI models, improve and develop new products, carrying out surveys, law enforcement.

Approximate and precise geolocation data

Country, location

To recommend games based on your country; and precise geolocation data is used for fraud prevention

Inferences drawn from other personal information

Profile reflecting your preferences

To recommend games based on preference

Sensitive personal information

The biometric processing of video selfies to ensure the uniqueness of your user registration. Please see Annex B below for more details

To ensure that rewards are not earned through bots, automated processes, or fraudulent use of software; to provide you with better game recommendations.

Please note that we use and disclose sensitive personal information only for purposes expressly permitted under California law.

Disclosure of Personal Information: We may disclose your personal information to third parties for the business purposes outlined in Mistplay’s Global Privacy Policy Notice and in the chart above. Such disclosures include Identifiers and Internet or other similar network activity as described in the table below. In the past 12 months, we may have disclosed your personal information for a business purpose or at your direction. For more details on third parties we share data with see the How We Share Personal Information About You section of this Notice.

In the preceding twelve (12) months and currently, we may have and may continue to sell or share your personal information, or disclosed it for a business purpose, to the following Third Parties as defined by the California Consumer Privacy Act: advertising networks and platforms. We share or sell this information to grow the Mistplay community, optimize marketing of the Mistplay Services, and to prevent you from receiving Mistplay advertisements if you have already installed the Mistplay app. Such information includes identifiers (mobile device or advertising identifier such as Google Ad ID), IP addresses, and event data and Internet or others similar activity (such as a game installation was made, an in-game purchase was made, or a game playtime milestone was achieved). Although we do not “sell” personal information in exchange for money, some of our sharing of personal information to optimize advertising and marketing of the Services (including to prevent you from receiving Mistplay advertisements in other media channels) may be classified as a “sale” or “sharing” under applicable California laws. You may opt out of such “sale” or “sharing” by contacting customer service at support@mistplay.com.

We do not knowingly sell or share the personal information of anyone in the state of California under the age of 16.

Retention of Your Data: Mistplay will only retain personal data for as long as you use the Services, as required by law or for as long as it is required to meet the purposes for which it was collected. For example, Personal data derived from facial scans are stored by Mistplay for six months for purposes of preventing fraudulent activity. Mistplay account balances or rewards earned as of termination must be preserved for some period to allow for such matters as billing and tax reporting. Note, under the Terms, if a user does not use the Service for at least one hundred eighty days, the user’s inactive account may be terminated, units earned may automatically expire, subject to the Terms of Use and the user’s personal data may be destroyed.

Notice of Financial Incentive: Under California law, the Rewards Program enables you to earn Units and may be considered a financial incentive provided in exchange for the collection, processing, and retention of personal information. In particular, the Mistplay Rewards Program may serve as a financial incentive for Mistplay’s use of your personal information for targeted advertising and personalizing content to you within the Services. Mistplay uses the information to better understand how you use our Services, to improve our products and Services, to personalize our advertising and provide better game recommendations to you, to optimize our marketing of the Services to grow the Mistplay community, to enhance our user analytics, and to operate and fund the Rewards Program. By accessing the Services, you acknowledge that the value of the Rewards Program to you is worth sharing your personal information with Mistplay for the purposes described in this Privacy Notice. Note that participation in the Rewards Program is completely voluntary and you can withdraw at any time. For further details of the Rewards Programs and its terms, including how to withdraw or terminate your participation, please refer to Terms.

Your CCPA Rights: The California Consumer Privacy Act (CCPA) grants California consumers the following rights with respect to their personal information:

Right to Know. You have the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information that we have collected about you.
Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Right to Correct. You have the right request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sales and Sharing. You have the right to opt out of sales of your personal information to third parties and to opt out of the disclosure of your personal information to third parties for cross-context behavioral advertising, if applicable. However, if you choose to opt out, note that we would not be able to prevent or suppress advertising partners from displaying Mistplay advertisements to you, and as a result of your opt out, it is possible that you may encounter more Mistplay advertisements in other channels.
Right to Non-discrimination. You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.

Exercising Your Rights: You may opt out of sales and/or sharing or exercise your right to limit the use/disclosure of your sensitive personal information by sending a request to Privacy@Mistplay.Com. See the Section entitled “EXERCISING OF YOUR RIGHTS” of the Notice for more information.

You may submit requests to know, delete, or correct by contacting us as directed in the Notice. To make such a request, please include the phrase “Personal Information Privacy Request” in the subject line, the Service you are inquiring about, along with your name, address, and email address. If we receive a request to delete your data, we will ask you if you want your personal information to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose personal information we have deleted so you may be contacted again by us, should we come into possession of your personal information at a later date. Requests to know and requests to delete will be honored within 45 days; if more time is needed to respond, Mistplay will notify you.

The CCPA enables California users to appoint an authorized agent to act on their behalf to submit disclosure requests and or deletion requests under the CCPA. We will honor a request from an authorized agent provided that: i) you provide written authorization to the authorized agent to act on your behalf and we can verify your identity and account, and ii) the agent submits proof of authorization.

Browser “Do Not Track” Signals. Most browsers contain a “do-not-track” setting. In general, when a “do-not-track” setting is active, the user’s browser notifies other websites that the user does not want their personal information and online behavior to be tracked and used, for example, for interest-based advertising on a website. As required by California law, we are required to inform you that, as is the case with most websites, we do not honor or alter our behavior when a user to one of our Websites has activated the “do-not-track” setting on her/his browser. You may seek to opt out of tracking technologies by sending a request to by sending a request to Privacy@Mistplay.Com; however, please note that there are necessary tracking technologies within the Mistplay application to validate your game engagement and enable Mistplay to supply you with our loyalty rewards program.

2. ADDITIONAL DISCLOSURES FOR RESIDENTS OF ILLINOIS, COLORADO, CONNECTICUT, DELAWARE, INDIANA, IOWA, MONTANA, TENNESSEE, TEXAS, UTAH, AND VIRGINIA, USA

This section applies to the personal data of residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and Virginia and supplements the other sections of this Notice.

For information on the categories of personal data that we collect, the purposes for which we process that personal data, and how we disclose that personal data, please refer to the Information We Collect About You, Use of Personal Data and Legal Basis for Processing, and How We Share Personal Information About You sections above, as well as Annex B: Table for Legal Processing Activities below. For additional information about the categories of personal information we collect and our purposes for doing so, please refer to the Collection and Use of Personal Information section in the Additional Disclosures for Residents of California notice above.

In some cases we may share your information with third parties for purposes of marketing and advertising the Services and to grow the Mistplay community. These disclosures may be considered “sales” or “targeted advertising” under applicable state privacy laws. For more information about the categories of personal data that we may sell to or share with third parties for such purposes, see the Disclosure of Personal Information subsection in the Additional Disclosures for Residents of California, USA section above. You may opt out disclosure of your data to advertising networks and platforms for these purposes by contacting customer service at support@mistplay.com.

Depending on where you reside, and subject to certain exceptions, you may have the following rights with respect to your personal data:

Access. You may have the right to request that we confirm whether we process your personal data and that we provide you access to such personal data.
Data Portability. You may have the right to request that we provide a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
Correction. You may have the right to request that we correct inaccuracies in the personal data that we process.
Deletion. You may have the right to request deletion of your personal data.
Opt Out of Sales and Targeted Advertising. You may have the right to request that we not process your personal data for the purposes of marketing the Mistplay Services to others, including to prevent you from receiving Mistplay advertisements in other channels or for targeted advertising, sales, or profiling in furtherance of decisions that produce legal or similarly significant effects, as those terms are defined by applicable state law.
Opt Out of Profiling. You may have the right to request that we not process your personal data for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects. However, if you exercise this opt out, Mistplay will be unable to provide you with the loyalty rewards program. You may instead elect to receive alternative Mistplay game promotion services without loyalty rewards and associated profiling of your data by signing up to the Mistplay game discovery email newsletter.

You may exercise your opt out of rights by contacting customer support or Privacy@Mistplay.com.

You may submit requests to exercise your other rights as directed in the Notice. Please include the phrase “Personal Information Privacy Request” in the subject line, the Service you are inquiring about, along with your name, address, and email address. If we receive a request to delete your personal data, we will need to close our Mistplay account. We cannot keep a record of individuals whose personal data we have deleted, so you may be contacted again by us, should we come into possession of your personal data at a later date.

Depending on where you reside, you may also use an authorized agent to act on your behalf to submit requests to exercise your rights. We will honor a request from an authorized agent provided that: i) you provide written authorization to the authorized agent to act on your behalf and we can verify your identity, and ii) the agent submits proof of authorization.

SPECIFIC NOTICE FOR RESIDENTS OF CANADA

This addendum applies to the personal information of residents of Canada and supplements the other sections of the Notice.

1. HOW WE COLLECT YOUR INFORMATION

Depending on how you interact with us, we collect the personal information described in the Notice, including in Annex B: Table for Legal Processing Activities, in the following ways:

Directly from you: We collect information that you provide to us when you set up a Mistplay account, communicate with us by email, telephone or otherwise, submit an inquiry or other type of request (including customer support requests), participate in our surveys, promotions, sweepstakes or User testing, or otherwise voluntarily provide your information to us in the course of our interactions. This may include your name, contact information, age, gender, location, facial scans, and account preferences.
Through automated means: When you visit our website, use our mobile application or otherwise interact with us digitally, we or our Game Partners may use automated means (such as cookies, web beacons and similar technologies) to collect information about the device you are using (such as IP address, device model, operating system, device ID, advertising identifiers), your approximate location (based on your IP address), and how you access, use or otherwise interact with our Services, content, features or ads (such as game installs, play time, log data), including when you click on or engage with Mistplay ads in other digital media channels and when you install games discovered on Mistplay. We collect information about the apps already installed on your device in order to prevent fraud, launch certain games from the Mistplay app, provide you with more personalized game recommendations, and enable the rewards program. For more details on how we or our Game Partners use cookies and similar technologies in the context of our Services, please see the Cookies and Other Tracking Technologies section of the Notice.
From Game Partners: When you play and engage with games discovered on our Services, we may collect information from our Game Partners about your game installs and game play, including your in-game purchase information and in-game advertising information, as further described in the Notice.
From Third-Party Social Networks: When you sign-up using your account on a third-party social network (such as Facebook, Google, Kakao, LINE), we collect information about your profile on those platforms, including your name, email address and profile ID, as further described in the Notice.
From other third parties or sources: We may also collect information about you from other third parties or sources with your consent or as otherwise permitted by applicable law.

2. HOW WE MANAGE CONSENT AND YOUR PRIVACY CHOICES

In Canada, we rely on your consent to collect, use or disclose your personal information for the purposes described in the Notice, including providing our Services, content personalization, targeted advertising, marketing communications and data sharing with advertisers, unless an exception to consent applies under applicable law. Consent may be express or implied, depending on the context, and you have the right to withdraw your consent, subject to reasonable notice and legal or contractual restrictions. You consent to this processing by your agreement to the Terms, which include this Privacy Notice. If you withdraw your consent for one or more of these purposes, we may not be able to provide you with the products or services you have requested (such as our loyalty rewards program), or your user experience may be adversely affected (such as certain features of our platform may not function properly).

In some cases, we may be required or permitted by law to collect, store or otherwise process your personal information without your consent, such as to comply with our legal or regulatory obligations, to establish, exercise or defend our rights or interests, to enforce our Terms or other relevant terms and policies, or to detect, investigate or prevent fraud or other illegal activities. In this case, your right to withdraw consent will not apply and we may continue to process your information in accordance with such legal authority. For more information about how we manage consent or your privacy choices, please see the Exercising Your Rights section of the Notice or contact us using the contact details in the Contact Us section of the Notice.

3. SPECIFIC RIGHTS FORRESIDENTS OF CANADA

Users in Canada have the right to access or rectify their personal information if it is inaccurate, incomplete or no longer up-to-date, subject to certain limited exceptions under applicable law. If we receive a request to exercise these rights, we will respond to your request in accordance with applicable laws. In some cases, we may ask you for additional information to verify your identity (or your legal authority if the request is made on behalf of another individual) before responding to your request. To exercise any of these rights, please contact us using the contact details in the Contact Us section of the Notice.

4. DATA GOVERNANCE POLICIES AND PRACTICES

We protect your personal information by implementing and maintaining physical, technical and organizational security measures appropriate to the sensitivity of the information, the purposes for which it is used, and its volume, format and distribution. This includes internal policies and controls to limit access to personal information to employees who have a “need-to-know” based on their job functions and to monitor access to certain systems containing personal information.

We also have procedures in place to handle complaints about our information handling practices and to limit the retention of personal information to that necessary to fulfill the purposes for which it was collected or otherwise lawfully processed, as further described in the Data Retention section of the Notice. When the information is no longer needed to fulfill those purposes and is not otherwise required to be retained by law, we take appropriate steps to anonymize or dispose of the information securely and in accordance with applicable laws.

5. CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

We or our service providers may access, store or otherwise process your personal information outside of Canada or the province in which you reside, including the United States, India, the Czech Republic, Poland and other EU member states. In this case, your information may be lawfully accessed by foreign courts, law enforcement or government authorities in accordance with the laws of those other jurisdictions. If you have any questions or concerns about how we or our service providers (including service providers outside of Canada) process your information, please contact us using the contact details in the Contact Us section of the Notice.

SPECIFIC NOTICE FOR RESIDENTS OF SOUTH KOREA

For additional disclosures specific to Users in South Korea, please see the SOUTH KOREA PERSONAL INFORMATION PROCESSING NOTICE available at https://www.mistplay.com/legal/south-korean-addendum.

SPECIFIC NOTICE FOR RESIDENTS OF JAPAN

For additional disclosures specific to Users in Japan, please see the JAPAN PERSONAL INFORMATION PROCESSING NOTICE available at https://www.mistplay.com/legal/japan-addendum-to-privacy-notice.

ANNEX B: TABLE FOR LEGAL PROCESSING ACTIVITIES

Processing Purpose

Categories of Data used

Legal Basis for Processing

Account creation and editing, and to provide access to and deliver our Services

First and last name, age,gender, email, phone number, account preferences and other communication when you set upyour account with Mistplayand data related to community features you use (“Account Data”).

Processing is necessary for the performance of a contract with the User (i.e. the account creation). Without this information,we will not be able to provide the service you have requested.

Ensuring compliance with our statutory retention obligations under commercial and tax law as well as other legal obligations of Mistplay.

‍

In accordance with your privacy settings on a social network, the third-party profile (e.g., Facebook, Google, Kakao, LINE) you provide for sign-up, including the first name and last name displayed and information you provided on such profiles (including information in your posts), as well as the email address and profile ID for these platforms (“Personal Data from Third-Party Social Networks”). Where offered and as required by applicable laws, you may choose to register for and sign in to your Mistplay account using your email address or phone number.

User consent when actively deciding to sign up via social networks profile. Then, the processing will be necessary for the performance of a contract with the User (i.e. account creation).

Without this information, we will not be able to provide the service you have requested.

To maintain and improve the Services

Account Data
‍
Usage Data (Defined in Section 1of the Notice)
‍
Gameplay Data (Defined in Section 1of the Notice)

IP address (including approximate location andcountry), exact geolocation data (including longitude and latitude), mobiledevice identifier, advertising identifier (e.g. Google advertising ID) or otherunique identifiers, data about your operating system, device model and devicelanguage, log data (e.g. network connection type, applications connected to theplatform including the site you came from, go to next, and the web page(s) youaccess during your session in the platform), data on apps already installed onyour device (“Device Data”).

It is in our legitimate interest to maintain and improve our Services by better understanding your preferences, the use of Services, and to avoid bugs or similar errors in order to ultimately provide you with the best possible Service.This basis also applies for the EU.

Where required by applicable laws we will obtain your consent.

Enabling you to redeem rewards earned in our Services or to engage in and claim prizes on our Promotions

Account Data
‍
Gameplay Data
‍
Device Data (mainly location)
‍
Loyalty Rewards Tier status
‍
Participation in community features including data sharing with other Users, certain Gameplay Data, image and/or User name
‍
Gameplay Data
‍
Device Data (with precise geolocation)
‍
Usage Data

Processing is necessary for the performance of a contract with the User (i.e. display rewards selection available in your country and providing you with the reward or prize from Promotions we run). Without this information, we will not be able to provide the service you have requested.

Processing is necessary for Mistplay to enable you to redeem rewards and to prevent abuse of Reward Program. This basis also applies for the EU.

Where required by applicable laws, we will rely on User consent.

Personalization of Services,including content on the Mistplay platform, game ads, and promotions; and building user profiles

Account Data
‍
Device Data
‍
Gameplay Data
‍
Usage Data

It is in our legitimate interest to show you game recommendation advertisements and promotions that are tailored to your interests.

Where required by applicable laws and in the EU, we will obtain your consent. Where User freely decides not to grant or to withdrawn the consent, access to a generic newsletter will alternatively be accessed as this personalization, even if voluntary, is essential for the purposes of due development of the Services.

Usage Data including information on device installed apps is used in the context of profiling user preferences.

Law Enforcement, Regulators and Other Parties for Legal and Security Reasons

Account Data
‍
Device Data
‍
Gameplay Data
‍
Usage Data

It is in our legitimate interest to protect our rights and the App.

Compliance with due EU laws where we are required to cooperate with due and competent authorities and courts

Marketing and advertising of the Mistplay Services (including data sharing with third-party platforms)

Device Data (limited to advertising ID and IP address)

Gameplay Data

It is in our legitimate interest to acquire new users and build the Mistplay community.

Where required by applicable laws and in the EU, we will obtain your consent

Monitor and analyze usage and activity trends, including measuring the effectiveness of our Services to clients, creating operational reports and developing insights about our business with aggregate data

Account Data

Device Data

Gameplay Data

Usage Data

It is in our legitimate interest to monitor and analyze the use and effectiveness of our Services in order to improve our Services. This basis also applies for the EU.

Where required by applicable laws we will obtain your consent.

Send marketing communications, surveys and participating in User testing

Account Data

Other voluntary data you may provide when you are participating in our surveys or User testing phases. This can include income range, occupation, preference for games and other choices.

It is in our legitimate interest to keep you updated on our existing and new Services by sending you relevant marketing communications and surveys, and by processing the data that we collect in this respect or via User testing.

Where required by applicable laws and in the EU, we will obtain your consent

Customer service, including when contacting us by phone, email or otherwise

Account Data

Device Data

Gameplay Data

Usage Data

It is for performance of the contract to provide you with customer support,ensuring efficient and user-friendly communication and processing of your request.

Where required by applicable laws we will obtain your consent

Security and fraud detection prevention including sharing of information with, and collection of information by, fraud detection and identify verification vendors

Account Data

Personal Data from Third Party Social Networks

Device Data

Gameplay Data

Usage Data

This processing is necessary for the performance of a contract with the User (i.e. the account creation). Without this activity, we will not be able to provide the service you have requested.

This includes determining if user is real or synthetic (i.e.a bot) or has other Apps on the relevant device that could be used to conduct fraudulent activities (such us wrongfully acquire units or gift cards).

Where required by applicable law, we will obtain your consent or rely on our legitimate interest in providing a secure Service

Training our machine learning and AI models to provide you with personalized content and user experience

Improve and develop new products and features in our Services.

Account Data

Device Data

Gameplay Data

Usage Data

It is in our legitimate interest to optimize and provide better Services to our Users.

Carrying out surveys and building reports

Account Data

Gameplay Data

Other voluntary data you may provide when you are participating in our User surveys or User testing phases. This can include income range, occupation, game experience, and preference for games and other choices.

It is in our legitimate interest to obtain better understanding of the user experience, to develop industry research reports, and for Game Partners’ legitimate interest in developing further games.

ANNEX C: LOYALTYPLAY

The following Annex C: LoyaltyPlay (“Annex”) applies specifically to Mistplay’s LoyaltyPlay Service (“ LoyaltyPlay”). Users of LoyaltyPlay should examine this information in addition to the information contained in the rest of this Notice, including any relevant Local Law Annex. LoyaltyPlay is a service operated by Mistplay that allows users of participating apps to discover new games and play games that then earn reward points which are then redeemed in the Partner App.

The Partner App’s privacy policy will govern the treatment of the data that the Partner App collects and processes. Mistplay does not control and is not responsible for a Partner App’s data processing activities. Please review the Partner App’s terms of use and privacy documentation for information regarding their practices.

You may use LoyaltyPlay if you are over 16 years of age and have an active account on the Partner App. LoyaltyPlay is not directed at children under 17 years old, and Mistplay does not knowingly collect or maintain personal information from individuals under 17 years of age.

This Annex does not govern your use of a Game Partner that you discover, install, and play in connection with LoyaltyPlay. The processing of your data by a Game Partner is governed by the game developer’s privacy policy which you should review prior to using their game and when exercising any rights subject to Game Partners privacy policy.

By using the LoyaltyPlay service you acknowledge and agree to data sharing as between Promoted Games and Mistplay. If you do not agree, please do not agree and stop using LoyaltyPlay.

INFORMATION WE COLLECT ABOUT YOU

When you first launch LoyaltyPlay via the Partner App, the Partner App will send your user and device information to Mistplay. While using LoyaltyPlay, Mistplay may collect information (from Game Partners and their service providers) about how you interact with Game Partners’ apps that you play through LoyaltyPlay, including information about: completing certain milestones, reaching various checkpoints, completing tutorials, and reaching specific levels in a Game Partner’s game (“Achievements”).

This information will be used to operate and improve the LoyaltyPlay. We may disclose this information to the Partner App, so that the Partner App may reward you in accordance with the Partner App’s own terms of use or applicable rules. Mistplay may share your information with its service providers or suppliers to ensure the proper functioning of LoyaltyPlay. The information we collect is listed below:

User ID from the Partner App
User ID from the Partner App
Identifier for advertisers (“IDFA”) for iOS device user
Device ID
Gender
Game experience earned

THE PURPOSE OF COLLECTION

Your personal data will be collected as outlined in this Annex. We may use or process your information including but not limited to for the legal bases specified below:

To provide you with access to LoyaltyPlay
To operate LoyaltyPlay by communicating your Achievement completion and point calculations to a Partner App
To perform internal operations, including fraud prevention, troubleshooting bugs, and for data analysis, product testing and research
To serve personalized game recommendations

Personal data may be used and disclosed by Mistplay to the extent reasonably necessary to: enforce contractual terms; protect rights, property, or safety; or comply with legal requirements, including lawful government requests.

ACHIEVEMENTS AND REWARDS

For Mistplay to accurately track game achievements completed on installed apps and reward a user with the appropriate reward points in a Partner App, the user must grant permission to both the Partner App and the installed Game Partner to collect a device identifier that tracks the user across apps and services. If this permission is not granted within both apps, then you may still install and play games via LoyaltyPlay but you may not be accurately rewarded with reward points in the Partner App rewards program.

FOR MORE INFORMATION

For additional information about LoyaltyPlay, please refer to our Frequently Asked Questions Page for LoyaltyPlay, our Mistplay Terms of Use, the Service-Specific Terms for LoyaltyPlay, and within the LoyaltyPlay application.

MISTPLAY USER PRIVACY NOTICE

LAST UPDATED: APRIL 16TH, 2025

1. INFORMATION WE COLLECT ABOUT YOU

2. USE OF PERSONAL DATA

3. HOW WE SHARE PERSONAL INFORMATION ABOUT YOU

4. HOW WE STORE, TRANSFER AND SECURE PERSONAL INFORMATION ABOUT YOU

5. EXERCISING OF YOUR RIGHTS

6. OTHER IMPORTANT INFORMATION

6.1 CHILDREN’S PRIVACY

6.2 DATA RETENTION

6.3 COOKIES AND OTHER TRACKING TECHNOLOGIES

7. CONTACT US

ANNEX A: REGION-SPECIFIC NOTICES

EUROPE AND UNITED KINGDOM NOTICE

1. SPECIFIC RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA, SWITZERLAND AND THE UNITED KINGDOM (“EEA, SUI & UK”)

2. SUBMITTING COMPLAINTS

3. TRANSFERS OF PERSONAL DATA

4. FRAUD PREVENTION (INCLUDING PROCESSING OF BIOMETRIC DATA) AND AUTOMATED DECISION MAKING

5. DATA COLLECTED FROM THIRD PARTY SOURCES

SPECIFIC NOTICE FOR RESIDENTS OF THE UNITED STATES

1. ADDITIONAL DISCLOSURES FOR RESIDENTS OF CALIFORNIA, USA

2. ADDITIONAL DISCLOSURES FOR RESIDENTS OF ILLINOIS, COLORADO, CONNECTICUT, DELAWARE, INDIANA, IOWA, MONTANA, TENNESSEE, TEXAS, UTAH, AND VIRGINIA, USA

SPECIFIC NOTICE FOR RESIDENTS OF CANADA

1. HOW WE COLLECT YOUR INFORMATION

2. HOW WE MANAGE CONSENT AND YOUR PRIVACY CHOICES

3. SPECIFIC RIGHTS FORRESIDENTS OF CANADA

4. DATA GOVERNANCE POLICIES AND PRACTICES

5. CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

SPECIFIC NOTICE FOR RESIDENTS OF SOUTH KOREA

SPECIFIC NOTICE FOR RESIDENTS OF JAPAN

ANNEX B: TABLE FOR LEGAL PROCESSING ACTIVITIES

ANNEX C: LOYALTYPLAY

INFORMATION WE COLLECT ABOUT YOU

THE PURPOSE OF COLLECTION

ACHIEVEMENTS AND REWARDS

FOR MORE INFORMATION