Mistplay Loyalty Program & Website Privacy Policy

Last updated and effective: August 25, 2021, v.10

IMPORTANT: For privacy and fraud prevention purposes, as of August 25, 2021, individuals under the age of 18 are prohibited from creating a Mistplay user account. Current users under the age of 18 will be able to continue using the mobile application and redeem any rewards until  October 31, 2021. As of November 1, 2021, the Mistplay mobile application will no longer support existing user accounts of individuals under the age of 18.

Please read the terms of this Privacy Policy (this “Policy” or these “Terms”) carefully. The Policy describes to users (“User,” or “Users,” or “you”) how Mistplay Inc. (“Mistplay”, “we,” “us” or “our”) collects, uses, discloses or otherwise processes  personal information (the terms “personal data” and “personal information” will be used to mean any information that is able to directly or indirectly identify you, which might differ slightly depending on the laws that apply where you are located) and other data we receive from Users using Mistplay’s website, mobile app, products and services (the “Services”). Examples of personal data include your name, email address, gender, age, and other information about you.

This Policy is effective when the User clicks on the “ACCEPT & CONTINUE” button during the Mistplay account creation process and by doing so, you agree that you have read and understood the terms of this Policy. If you do not agree with these terms or if you are younger than 18, you are prohibited from registering for a Mistplay user account. If you are between the age of 13 and 17 and currently have a Mistplay user account, please note that your account will be suspended as of November 1, 2021. You may continue to use the mobile application up until this date.

Be sure to return to this page periodically to review the most current version of the Privacy Policy. We reserve the right to change or otherwise modify the Privacy Policy. If we modify it, we will update the "Last Updated" date and will alert users that a change has occurred within the mobile app. If the modified Privacy Policy is not acceptable to you, please do not use the Services.

PERSONAL INFORMATION COLLECTION, DISCLOSURE, AND USE

We do not use cookies (or similar technologies) to collect information about you. We collect information you provide directly or indirectly to us, such as when you create or modify your account, request on-demand services, redeem your rewards in our online shop, contact customer support, or otherwise communicate with us. This information may include: name, email, mailing address, age, gender, social media profiles, phone number, and PayPal information. During the registration process, we will also collect information such as your IP address and Google Advertising ID (together, the “ID”). 

We will only collect your personal data as described in this Privacy Policy and will not use or otherwise process your information for any other purposes than described below. 

If you sign into our Service using a third-party profile, we will import the first name and last name displayed in such profiles, such as information on Facebook or Google, on our platform.

When you use our Services, we will also collect information about how you interact with the games advertised on our platform. The type of information we collect relates to: i) achievements that are unlocked, ii) in-game purchases, iii) other apps on your device, iv) the time you spend playing games, v) the units you’ve earned in Mistplay, and vi) the game experience earned (collectively “User Gaming Profile”). A user’s gaming profile is visible to other users via the chat social networking feature.

Until October 31, 2021, existing users between the ages of 13 and 17 years old will be required to provide a phone number to verify their account upon redeeming a reward through our Shop. We use this information exclusively for the purpose of fraud prevention and to ensure that prizes are not earned through bots, automated processes or fraudulent use of software. Upon redeeming a reward from our Shop, you will be prompted to provide a phone number, which is linked to your user account to ensure the uniqueness of your user registration within the mobile application. If you do not want to redeem a reward from our Shop, you can use all other features of the mobile application without providing your phone number.

For all users 18 years old or above, when redeeming a reward through our Shop, we may verify your face via a ‘video selfie’ using a third party face verification technology. We use this information exclusively for the purpose of fraud prevention and to ensure that prizes are not earned through bots, automated processes or fraudulent use of software. 

By using our mobile application and accepting our Privacy Policy, you understand that requesting a reward within the Shop on the Mistplay mobile application will only be possible upon additional user authentication via face verification. Your consent applies to the processing of such biometric data as described below, and is an express acknowledgement that such data is “special category” personal data pursuant to Article 9 of the General Data Protection Regulation (GDPR).

We will use your ‘video selfie’ exclusively for fraud prevention. Upon redeeming a reward from our Shop, you will be prompted to provide a video selfie using your mobile device’s camera. This video selfie provides us with a face map (a mathematical representation of your face generated through our third party provider, Facetec). This video selfie is encrypted on your mobile device before being sent to our servers for processing, and is linked to your user account to ensure the uniqueness of your user registration within the mobile application. If you do not want to redeem rewards through the Shop, you can use all other features of the mobile application without providing a video selfie.


AUTOMATICALLY COLLECTED INFORMATION

Upon accessing and when using the Services, certain information will be required to provide the services and automatically collected, such as:

  • aggregated usage information;
  • the session ID;
  • the time and date you access the mobile app; and
  • device information and geolocation data.

A user, including individuals accessing our Service through a “Continue as Guest” option cannot disable the collection of this information.

We use your data for the following purposes:

  • Account creation;
  • To provide, maintain, perform and improve the Services;
  • To ship items that you have ordered from our online shop;
  • Enabling you to redeem rewards earned on our platform;
  • To perform internal operations, including, conducting data analysis, testing and research and to troubleshooting software bugs and operational problems; 
  • To monitor and analyze usage and activity trends; 
  • Personalization of ads to provide you with better recommendations of advertised games in your country and to help you earn rewards; and 
  • For legitimate interests under section 6(1)(f) of the General Data Protection Regulation (GDPR), including fraud prevention purposes, protection against abuse of our Services, and to guarantee that the use of our Services are in accordance with Mistplay’s Terms of Use.
  • To communicate with you about our products, services, promotions and news (we will only send you these materials if we have your consent and you can unsubscribe any time);

Additionally, personal data may be used and disclosed to the extent Mistplay may deem reasonably necessary to enforce the terms of any agreement between you and Mistplay, or to protect the rights, property or safety of any person or entity, or if required by law, specifically in response to a demand from government authorities.

We will also use your information to create de-identified statistical and analytical data.

DELETION OF COLLECTED INFORMATION

We delete your personal information stored in physical form by shredding and personal information stored in electronic files by deleting the files in an irrecoverable manner. Moreover, pursuant to our Terms of Use, if a user does not use the Service for at least one year, the user’s inactive account may be terminated, and the user’s personal data may be destroyed.

DATA RETENTION

We will only retain personal data for as long as you use the Services or for as long as it is required to meet the purposes for which it was collected, or as otherwise required by law. When we delete your account, all personal data will be deleted except as required by law. We may also retain personal data for an additional twelve (12) months after deletion for administrative or accounting purposes. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

CHILDREN’S PRIVACY

IMPORTANT: For privacy and fraud prevention purposes, as of August 25, 2021, individuals under the age of 18 are prohibited from creating a Mistplay user account. Current users under the age of 18 will be able to continue using the mobile application and redeem any rewards until  October 31, 2021. As of November 1, 2021, the Mistplay mobile application will no longer support existing user accounts of individuals under the age of 18.

The Services are designed to comply with specific requirements relating to Children’s privacy, including the the Children’s Online Privacy Protection Act applicable in the United States (“COPPA”).  COPPA requires that website operators or online services not knowingly collect personal information from anyone under the age of 13 without prior verifiable parental consent.  

We restrict the use of our Services to individuals age 13 and above. In compliance with COPPA, we do not knowingly collect or retain Information from our Services from children under the age of 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@mistplay.com.

For Korean residents only, we restrict the use of our Services to individuals age 14 and above. We do not knowingly collect, maintain, or use personal data from children under the age of 14. If we learn we have collected or received personal information from a child under 14 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 14, please contact us at privacy@mistplay.com.

RIGHT OF ACCESS

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By applicable law you have rights related to access and correction of the personal information that we hold about you.

You may make requests by writing to privacy@mistplay.com (see below for a description of the specific rights with respect to accessing and deleting Information that are provided to California, European, Taiwan and Korean residents). Upon receipt of such request, Mistplay will endeavor to provide you this information (in electronic readable format) within a reasonable time. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. 

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:

  • Information protected by solicitor-client privilege.
  • Information that is part of a formal dispute resolution process.
  • Information that is about another individual that would reveal their personal information or confidential commercial information.
  • Information that is prohibitively expensive to provide.

If you are concerned about our response or would like to correct the information provided, please refer to Contact Information and Challenging Compliance below on how to contact us.

WITHDRAWAL OF CONSENT TO COLLECT PERSONAL INFORMATION

You may withdraw your consent to the collection of personal information at any time by sending a written request to privacy@mistplay.com. Upon receiving notice that you have revoked your consent, we will stop processing your personal information within a reasonable time, which will vary depending on what information we have collected and for what purpose. Please note that by choosing to withdraw such consent, you may not be able to continue to use the Services or any of the benefits you have earned. You may also ask us to delete your account. By deleting your account, however, any loyalty points that you have earned and not redeemed will be deleted. Please note that we will send you an email requesting your confirmation before we delete your account (please refer to the Data Retention section above).

PROMOTIONAL COMMUNICATIONS

We will only send you promotional communications if we have your consent to do so. You may opt out of receiving promotional messages from us by following the instructions (unsubscribe mechanism) in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.

SHARING INFORMATION

We will not sell, rent, share, or disclose to outside parties the information we collect, save and except that we may share the collected information with other parties as follows:

  • Affiliated Service Providers: We have agreements with various affiliated service providers to facilitate the rendering of our Services. All administrative service providers that we use are required by contract to have the same level of privacy protection as we have and will follow the standards of this policy. These providers will never be permitted to use your data beyond the scope of our engagement with them.
  • Third-party advertisers. We have advertisement agreements with various mobile game studios to facilitate the rendering of our Services and provide you with offers we feel you may be interested in. We do not share your personal information with these mobile game studios but rather use a service provider to measure the outcomes of the advertising campaign with the mobile gaming studio. All data associated with the campaign is collected, processed, and then deleted by our service provider in accordance with our agreement with them. If you choose to download a game and provide your personal information to the mobile gaming studio, please know that we do not control their data processing practices and recommend that you review their privacy policies before sending personal information to them. 
  • Statistical Analysis: We may share anonymized User ratings and review of apps and aggregated anonymized information with third parties, including but not limited to, for statistical, machine learning, advertising, or marketing purposes. 
  • Transactions: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition, or in any other situation where personal information may be disclosed or transferred as one of our business assets. However, under no circumstances will such transactions result in your information being used for other purposes than those for which you gave us your consent.

For additional information regarding the type of third-party services that are used, please review the categories of personal information that we may share with third-party service providers and our business and commercial uses of such personal information on the Mistplay Privacy Centre at https://www.mistplay.com/privacy-centre

SPECIFIC RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOM (“EEA, SUI & UK”)

The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). There are three major laws regulating data protection and information privacy in Switzerland:Article 13 of the Swiss Constitution, the Federal Act on Data Protection (DPA) and the General Data Protection Regulation (GDPR). The following section provides additional information regarding the lawful basis and purpose for data processing and specific rights regarding your personal data.

As a resident of the EEA, SUI & UK, you should know that the purposes of our data processing activities are being conducted on the following so-called “legal grounds:”

  • where it is necessary for us to fulfill a contract between you and us (processing information for purposes of creating your account); 
  • where it is necessary based on our legitimate interests to process your data (for purposes of fraud prevention, to recommend specific games or to improve the Services we provide to you); or
  • where it is necessary to comply with our legal obligations such as for accounting or tax purposes.

As a resident of the EEA, SUI & UK, you also have certain specific rights regarding your personal data. You are free to exercise any of these rights by contacting us or as specified herein:

  • Access: You have the right to request a copy of the personal data that we process about you. However, there are exceptions to this right, so that access may be denied if, for example, making the information available to you would adversely affect the rights and freedoms of another person, or if we are legally prevented from disclosing such information. 
  • Accuracy: We aim to keep your personal data accurate and complete. We encourage you to keep us informed about changes that you would like reflected in our records.
  • Objecting: In certain circumstances, you have the right to object to processing of your personal data. You may ask us to block, erase or limit the use or other processing of your personal data. 
  • Data Portability: You have the right to request that some of your personal data is provided to you, or to another provider should you wish to stop using our Services in favour of another, in machine-readable format.
  • Erasure: You have the right to erase or request that we erase your personal data when it is no longer necessary for the purposes for which it was collected or if you think it has been used unlawfully.
  • Complaints: You have the right to complain to the applicable data protection authority, or to seek a remedy in court.

SPECIFIC RIGHTS FOR RESIDENTS OF CALIFORNIA, USA 

The California Consumer Privacy Act (CCPA) grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. As a consumer, you have the right to request, twice a year and free of charge, certain information about parties to whom we have disclosed or sold your personal information in the prior calendar year and a description of the categories of personal information shared. Additionally, upon request, twice a year and free of charge, we shall provide to you any information relating to your personal information and our processing of your personal information in a concise, transparent, intelligible, and easily accessible form using clear and plain language. To make such a request, please send an email to privacy@mistplay.com and please include the phrase “Personal Information Privacy Request” in the subject line, the Service you are inquiring about, along with your name, address, and email address. You can also ask us to delete your personal data stored on our platform. If we receive a request to delete your data, we will ask you if you want your personal information to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose personal information we have deleted so you may be contacted again by us, should we come into possession of your personal information at a later date. Requests to know and requests to delete will be honored within 45 days; if more time is needed to respond, Mistplay will notify you.

The CCPA enables California users to appoint an authorized agent to act on their behalf to submit disclosure requests and or deletion requests under the CCPA.  The authorized agent must register with the California Secretary of State.  We will honor a request from an authorized agent provided you provide written authorization to the authorized agent to act on your behalf and we can verify your identity and the agent submits proof of authorization.

The following chart contains the categories of personal information, as enumerated in CCPA Sec. 1798.140(o), of personal information we may collect, use, and disclose, the sources of the personal information and our business and commercial uses of such personal information:

Category

Name/Description

1. Sources

2. Business Use

3. Commercial Use

A

Identifiers – name, email, postal and IP address, unique personal identifier, online identifier, Internet Protocol address, account name, phone number

User provided on registration and upon redeeming points using online shop, customer service inquiries and claim forms; related and 3rd party sources to verify user supplied information, selfie in video format

Operational purposes including customer service; fraud & security incidence detection; website improvement; award prize winners

None

B

Protected classification characteristics under California or federal law

Age and Gender

Recommend suitable Games

None

C

Internet or similar network activity -browsing and search history, information on a consumer’s interaction with a website, application, or advertisement

System collected activity logs and cookies

To determine performance of media content and analytics purposes

None

D

Geolocation data

Country Identified using IP Address

Recommend Games for Country

None

E

Inferences drawn from other personal information

Profile reflecting a person's preferences

Recommend Games based on preference

None

Mistplay has collected, will collect, and has disclosed the personal information described in the categories above during the last year for business purposes; however, we do not sell your personal information.  If you exercise your rights under the CCPA, Mistplay will not discriminate against you.

CALIFORNIA ONLINE PRIVACY PROTECTION ACT

Browser “Do Not Track” Signals.  Most browsers contain a “do-not-track” setting.  In general, when a “do-not-track” setting is active, the user’s browser notifies other websites that the user does not want their personal information and online behavior to be tracked and used, for example, for interest-based advertising.  As required by CalOPPA, we are required to inform you that, as is the case with most websites, we do not honor or alter our behavior when a user to one of our Websites has activated the “do-not-track” setting on her/his browser.

OVERSEAS TRANSFER OF PERSONAL INFORMATION 

We may transfer your personal information overseas as described below. Your personal information will be transferred overseas in accordance with the Korean PIPA and Network Act privacy requirements via an information communication network and will be retained and used until the relevant purpose is achieved.

Company Name

Country

Contact of employee or Department Responsible for Managing Personal Information and Link to Privacy Policy

Date and Time of Transfer

Purpose of Transfer

Personal Information Items to be Transferred

Amazon Web Services, Inc.

U.S.A

Amazon.com

Upon accessing and using Mistplay services

Hosting and data security and management services for the personal data that we store. Also used for analytics to monitor and track the reliability of the Services

mobile application account data such as name, email, mailing address, age, gender, language, social media profiles, application installed, time spent using an application, IP address, Google Ad ID, OS version, device model

Zendesk

U.S.A

Zendesk.com
Email

When the user submits a request for support

Process customer support requests

Mobile application username, email

Adbrix

South Korea

Igaworks.com

Upon accessing and engaging with an ad and using Mistplay services

Advertising, rewards, and fraud detection

Mobile application Google Ad ID, IP address, age, device model, OS version

Adjust

U.S.A

Email
Adjust.com

Upon accessing and engaging with an ad and using Mistplay services

Advertising, rewards, and fraud detection

Mobile application Google Ad ID, IP address, age, device model, OS version

AppsFlyer

U.S.A

Appsflyer.com
Email

Upon accessing and engaging with an ad and using Mistplay services

Advertising, rewards, and fraud detection

Mobile application Google Ad ID, IP address, age, device model, OS version

Twilio Sendgrid

U.S.A

Twilio.com
Email

Upon subscribing to a newsletter

Send newsletter only to subscribers

Email address

Facetec

U.S.A

Email

Upon redeeming points in online store

Fraud detection

Biometric data - Selfie in video format (‘video selfie’)

Singular

U.S.A

Singular.net
Email

Upon accessing and engaging with an ad and using Mistplay services

Advertising, rewards, and fraud detection

Mobile application Google Ad ID, IP address, age, device model, OS version

Facebook

U.S.A

Facebook.com

Upon accessing and using Mistplay services

Used for business analytics to better understand how users interact with Mistplay Services

Google Advertising ID

Google

U.S.A

Google.com

Upon accessing and using Mistplay services

Used for business analytics to better understand how users interact with Mistplay Services

Google Advertising ID

Branch

U.S.A

Branch.io

Upon accessing and using Mistplay services

Used for fraud detection to identify how users interact with Mistplay Services

User-ID, Google Advertising ID

IPdata

U.S.A

Ipdata.co

Upon accessing and using Mistplay services

Detect anonymous users to protect our business from

Internet Protocol (IP) address

Twilio SMS

U.S.A

privacy@twilio.com
twilio.com/legal/privacy

Upon redeeming points in online store

Fraud detection

Phone Number

SECURITY

The security of your personal information is important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers that are located on Amazon AWS in the United States. 

Unfortunately, the transmission of information via the Internet is not completely secure and may pass through entities that we do not control. Although we do our best to protect your personal information, no data security measures can be guaranteed to be completely effective to avoid all risks related to transacting information on the internet. 

EXTERNAL LINKS

Our Services may link to other websites or apps such as the Google PlayStore, including content offered by third parties that we do not control and whose privacy and data collection practices may differ from ours. We are not responsible for and have no control over these third-parties and their practices, including the information or content contained within them. Please make sure you understand how these sites or businesses use and collect your information by reading their privacy statements.

INTERNATIONAL TRANSFER

We are based in Canada and the information that we process is protected by Canadian privacy laws. The information that we collect may be transferred, stored, or used in other jurisdictions, such as the United States, where some of our service providers may be located. While we protect your information by choosing appropriate service providers and having contractual safeguards in place with those vendors, the privacy laws in such jurisdictions may not be as protective as in, for example, Canada or the EEA, SUI & UK, and may be subject to access by foreign governments, with or without your knowledge. 

The information collected in the EEA, SUI & UK is transferred and stored behind firewalls on our secure servers that are located on Amazon AWS in the United States in accordance with the GDPR adequacy standards. Any other transfers to third countries will be done using mechanisms such as the “model clauses”.

TERMS OF USE

This Privacy Policy is incorporated into and forms part of our Terms of Use, which outlines the terms and conditions you agree to when using the Services, and which can be found at the bottom of most pages of the Mistplay website.

CONTACT INFORMATION AND CHALLENGING COMPLIANCE

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Data Privacy Officer at:

Data Privacy Officer

Mistplay Inc.

481 Viger St, Suite 300, Montreal

Quebec, Canada, H2Z1G6 or via email at privacy@mistplay.com