Effective Date: 01 February 2023
Last modified: 09 February 2023
Xirobit Ltd. and its subsidiaries and affiliates (collectively, “Xirobit”, “Xiroverse”, “we”, “our” or “us”) develops, publishes and operates social games for web and mobile environments (“Games”), as well as web and mobile applications (each, an “App”) for playing our Games across multiple devices and platforms (such as mobile devices ).
We also operate the websites www.xiroverse.com, their subdomains, and related features, as well as an online store (collectively, “Sites”, and together with the Games and App, collectively – the “Services”).
1. Data Collection
We collect five main categories of data (and to the extent it may enable the identification of a specific person, or is linked to such potentially identifying data, we will deem it as “Personal Data”):
a. Data automatically collected or generated:
When someone visits, interacts with or uses our Services, including any e-mail or text messages sent to them by us or via our Services, we may collect or generate technical data about them. We collect or generate such data either independently or with the help of third party services, including through the use of “cookies” and other tracking technologies (as further detailed below).
Such data consists of connectivity, technical or aggregated usage data, such as IP address, in-game identifier, game statistics, game preferences, unique direct marketing ID (e.g. IDFA; you may reset such ID based on the operating system instructions ), non-identifying data regarding a device, operating system, browser or App version, mobile carrier, locale and language settings, user activity on our Services, in-App or Game activity (such as game play content/product interaction and marketing data); diagnostic data (i.e. crash data and game performance data). We do not use such data to learn a person’s true identity or contact details, but mostly to have a better understanding on how our users typically use and engage with our Services. The use of such technical and device data also helps us and our partners to deliver interest-based or otherwise more effective direct marketing and content, to optimize our marketing management and our users' viewing experience), and to improve the overall performance and your user experience of our Services. For more information about our marketing uses, please see Section 9 below.
b. Data received from you:
You may provide us Personal Data voluntarily, such as when you set up an account with us, contact us (through Facebook, Messenger, e-mail, in-game chat or any other channel, including any support services), when you post on our public forums or groups, when you provide us your e-mail address (such as when you sign-up to receive e-mail updates or gifts), when you participate in competition, contest, tournaments and other promotions, when you place any purchases in any of our Games, when you interact with other users through the in-game chat or when you choose to connect your Facebook, Google, Apple or similar account to any of our Games.
c. Data received from Facebook, Google, Apple and other channels:
Once you connect the Games to your Facebook, Google, Apple or similar account, we will receive access to your public profile, including (to the extent you defined it as “public”), as applicable, your full name, e-mail address(es) provided to Facebook, Google or Apple, gender, profile picture or similar photo, location, time zone, and a list of your friends playing the Games (along with their photos and other public profile information). This will also allow us to present your and your friends’ public profile pictures inside the Games and to create your in-game friends list. In addition, we or our marketing partners may receive from Facebook and our other marketing channels general information concerning the performance of our direct marketing campaigns, such as the targeted age group or interests, and we or our partners may be able to link such general data to any other data in our possession. To learn more about our direct marketing practices, please refer to Section 9 below. If you access our Services through a third party such as Facebook, Google or Apple, or connect our Services to any third-party account, you should also read their terms and conditions and privacy policies. If you are unclear about what information a third-party application is sharing with us, please visit that third-party application's website in order to learn more about their privacy practices.
d. In-App Transaction Data:
In-Game purchases will typically be processed by the relevant platform provider (e.g. Apple, Google or Facebook), and we will not collect or store your financial data, e.g. your credit card numbers or bank account. We may still however receive your non-financial Personal Data related to the purchase, such as your name, billing address, e-mail address and the items purchased, in order to fulfil your purchase and for our accounting purposes.
e. Funds Withdrawal Data:
We may request your bank details or other appropriate information for any withdrawal or transfer of funds from Xirobit app or services. To be best of our ability, we will handle the information collected accordance with the relevant jurisdictions and applicable law
2. Data Uses
Our legal basis for collecting and using your Personal Data will depend on the particular purpose for which your data is being processed, however, we generally use the following:
1. Performance of a contract. We will use this basis for processing necessary to make the Games, including social gaming when you choose to log in with Facebook, Google or Apple, and support services, available to you, and to send you service communications, gifts and awards.
2. Consent. In limited cases (where you choose to sign up to receive direct marketing emails, where you accept cookies on our Sites, we will process your Personal Data based on your consent. You can withdraw your consent at any time by contacting us using the details in Section 13.
3. Legitimate interests. We will process your Personal Data based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, serving effective marketing within our Games and through other channels, matching users to create in-game friends lists, improving our customer service and support operations, fraud detection and protecting and securing our users, ourselves and our Services.
4. Compliance with a legal obligation. In limited cases we may process your Personal Data where we need to do so to comply with a legal obligation e.g. which is set out in an applicable law, or if we receive an order from a court or regulatory body.
The purposes for which we use Personal Data are described in more detail below:
1. To facilitate, operate, and provide our Services;
2. To authenticate the identity of our players, and allow them access to additional features;
3. To provide our users with customer care, assistance and technical support services;
4. To enable you to interact with other players in the game;
5. To further develop, customize and improve the Services and your user experience, based on common or personal preferences, experiences and difficulties, including by personalizing your profile and friends list;
6. To manage and deliver direct marketing more effectively, including contextual, behavioral and interests-based marketing based on in-Games progress and activity, based on your preferences or other data available to us or to our Service Providers, including for re-targeting purposes; to contact our users (via e-mail, Facebook, push notifications or any other available channels) with general or personalized service-related messages (such as purchase confirmations or system maintenance notices);
7. To contact our users with promotional messages (such as Games updates, bonuses, new features, VIP services, etc.); and to facilitate, sponsor and offer certain events and promotions;
8. To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity;
9. To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our Service Providers may use to provide and improve our respective services; and
10. To comply with any applicable laws and regulations.
3. Storage and Retention
While privacy laws may vary between jurisdictions, Xirobit has taken reasonable steps to ensure that your Personal Data is treated by its affiliates and Service Providers in a secure and lawful manner, and in accordance with common industry practices, regardless of any lesser legal requirements that may apply in their jurisdiction. Any Personal Data collected will be uploaded via our API and sent outside of the mobile application to be securely stored on our cloud servers
We retain your Personal Data in order to maintain our relationship and to provide you with our Services. We will retain your Personal Data for only as long as necessary to fulfill the purposes for which we collected it. In other words, we will retain your Personal Data for as long as you remain our user and have not notified us otherwise. We will take reasonable measures to delete your Personal Data if you delete your account. We may also retain your Personal Data for legal and accounting purposes (i.e., as required by laws applicable to record and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), in accordance with our Data Retention Policy. If you have any questions about our Data Retention Policy, please contact us at firstname.lastname@example.org.
Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and are free to securely delete it for any reason and at any time, with or without notice to you.
4. Personal Data Deletion and Closure of Accounts
Upon receipt of your request, we will comply promptly but please allow some time for processing. We also reserve the right to retain a copy of any Personal Data that we are required by applicable law to retain.
5. Data Sharing
We may share your data with certain third parties, including law enforcement agencies, our Service Providers and our affiliates. The circumstances in which we share data are summarised below:
1. Compliance with Laws, Legal Orders and Authorities: We may disclose or allow government and law enforcement officials access to certain Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations, including for national security purposes. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally compelled to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
2. Service Providers: We may engage selected third party companies, contractors and individuals to perform services complementary to our own (e.g. hosting services, data analytics services, marketing agencies and tools, data and cyber security services, fraud detection and prevention services, payment processing services, customer support partners, external moderators and testers, user engagement services, e-mail distribution and monitoring services, session recording, and our business, legal, financial and compliance advisors) (collectively, “Service Providers”). These Service Providers may have access to your Personal Data, depending on each of their specific roles and purposes in facilitating and complementing our Services, and may only process your Personal Data for the purposes for which we have instructed them. We may also share anonymous, statistical or aggregated information with our Service Providers for legitimate business purposes.
3. Third Party Integrations: The Services allow you integrate with certain third party services, such as in order to connect your Facebook, Google or Apple account to a certain Game, Login with Google, Facebook or sign in with Apple or to place purchases, in which case you will be bound by the terms and conditions and privacy notices of said third parties (e.g., Apple, Google or Facebook) – so please make sure that you read and accept them in advance. We do not receive or store your passwords for any of these third party services.
4. Protecting Rights and Safety: We may share your Personal Data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Xirobit, any of our users or any members of the general public.
For the removal of doubt, Xirobit may share your Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may transfer, share or otherwise use non-personal data in our sole discretion and without the need for further approval.
Service Communications: We may contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, billing issues, etc. You will not be able to opt-out of receiving such service communications.
Promotional Communications: If you have signed up to receive such communications from us, we may also notify you about new services, events and special opportunities or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.
You have the right to withdraw your consent to receiving such promotional communications at any time. You can do this by contacting us at email@example.com or by following the “unsubscribe”, “stop” or “change e-mail preferences” instructions in the promotional communications you receive.
7. Data Security
In order to protect your Personal Data held with us and our Service Providers, we use appropriate physical, procedural and electronic security measures, including encryption where deemed appropriate.. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties. If you discover any security or vulnerability issues related to the Services you should send an email to: firstname.lastname@example.org.
8. Cookies and Tracking Technologies
9. Direct Marketing
1. From time to time, we may conduct direct marketing of the Services through email and/or other form of communication to you. We intend to use your personal data for direct marketing carried out by us or one of our business partners or third party merchants.
2. The type of personal data we use for direct marketing purposes is:your email address
3. The direct marketing activities we conduct using your personal data are:
* newsletters and our blog updates
* promotions of our website, Services or applications
* competitions or contests held by us
* updates in respect our website, Services or applications
* surveys in respect of our website, Services or applications
* event invitations
* festive greetings
* marketing of our website, Services or applications
5. You may request us to cease using your personal data for direct marketing purposes at any time by emailing or writing to our Data Protection Officer, or if applicable, using the unsubscribe facility contained in the marketing message.
10. Data Subject Rights – European Economic Area, Switzerland and United Kingdom
If you are a resident of the European Economic Area (EEA), Switzerland or the United Kingdom (UK) about whom we process Personal Data, you have the right to:
1. Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
2. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
4. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
5. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
6. Request the transfer of your Personal Data to another party.
7. No fee usually required.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
8. What we may need from you.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
9. Right to Withdraw Consent.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you wish to exercise your rights under applicable law (e.g., the General Data Protection Regulation (GDPR) or the UK GDPR) please contact at firstname.lastname@example.org
If you reside in the EEA or UK you may also contact our EEA or UK representative at: email@example.com.
If you wish to manage the information we receive about you from a third-party application or platform where you play our Games, such as Facebook, Apple or Google, please follow the third-party application’s instructions for updating your information and changing your privacy settings.
You have the right to file complaints with a data protection supervisory authority. For EEA residents, you can find details of your national supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en. UK residents can contact the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/.
11. Data Transfers
Your Personal Data may be maintained, processed, accessed and stored by Xirobit and our authorized affiliates and Service Providers in and from the United States and other jurisdictions, as necessary for the proper delivery of our Services, or as may be required by law. Xirobit is based in a jurisdiction which is considered by authorities of the UK, Switzerland and the European Commission to be offering an adequate level of protection for the Personal Data of residents of the EEA and UK.We may transfer Personal Data we collect about you outside the EEA, Switzerland or UK, in order to perform our contract with you. To ensure that your Personal Data receives an adequate level of protection, we have put in place the following measures to ensure that your Personal Data is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection: Standard Contractual Clauses and countries that are the subject of an EU adequacy determination. If you require further information about the protective measures, you may contact us using the details in Section 13.
We reserve the right to request proof of age or parental consent at any stage. We may block Users whom we suspect are under the applicable age. We do not knowingly collect Personal Data from minors and do not wish to do so. If we learn that a minor is using the Services or playing any of our Games, we may prohibit and block such use and will make all efforts to promptly delete any Personal Data stored with us with regard to such minor.
If you believe that we might have any such data, please contact us at firstname.lastname@example.org.
13. Amendments and Controlling Version
14. Contact Us
If you reside in the EU or UK you may also contact our EU or UK representative at email@example.com
Candidate Privacy Addendum
Xirobit is committed to protecting the privacy and security of your Personal Data. This Candidate Privacy Addendum describes how we collect and use Personal Data about you prior to your working relationship with us, in accordance with applicable data protection legislation. It applies to all candidates for positions as employees, workers or contractors.
This Candidate Privacy Addendum applies to candidates applying for employment and contractor roles with Xirobit. This Candidate Privacy Addendum does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.
A. Data Protection Principles:
We will comply with data protection law, which requires that the Personal Data we hold about you be:
1. Used lawfully, fairly and in a transparent way;
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
3. Relevant to the purposes we have told you about and limited only to those purposes;
4. Accurate and kept up to date;
5. Kept only as long as necessary for the purposes we have told you about; and
6. Kept securely.
B. The Kind Of Information We Hold About You:
Personal data, or Personal Data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation.
We may collect, store, and use the following categories of Personal Data about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Next of kin and emergency contact information.
- Location of employment or workplace.
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
- Employment records (including job titles, work history, working hours, holidays, training records and professional memberships).
- Compensation history.Performance information.
- Disciplinary and grievance information.
- CCTV footage and other information obtained through electronic means such as swipe card records during the interview process, if applicable.
- In the United Kingdom, results of HMRC employment status check, details of your interest in and connection with the intermediary through which your services are supplied.
C. How Is Your Personal Information Collected?
We collect Personal Data about candidates through the application and recruitment process, either directly from candidates or sometimes from an employment agency. We may sometimes collect additional information from third parties, including former employers.
D. How We Will Use Information About You
We will only use your Personal Data when the law allows us and when we have a lawful ground to do so. Most commonly, we will rely on the following lawful grounds to process your Personal Data:
- Where we have your consent to do so (“Consent”).
- Where we need to perform the contract we have entered into with you or take steps to enter into a contract with you (“Contract”).
- Where we need to comply with a legal obligation (“Legal Obligation”).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“Legitimate Interests”).
If you fail to provide certain information when requested, we may not be able to assess your eligibility or suitability for an open position, or we may be prevented from complying with our legal obligations.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed of changes to your Personal Data during your candidacy.
E. Data Sharing:
We may have to share your data with third parties, including third-party Service Providers and other entities at Xirobit.
We require third parties to respect the security of your data and to treat it in accordance with the law.
Why might you share my Personal Data with third parties?
We will share your Personal Data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Which third-party Service Providers process my Personal Data?
“Third parties” includes third-party Service Providers (including contractors and designated agents).
How secure is my information with Service Providers and other entities in our group?
All our Service Providers are required to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow our Service Providers to use your personal data for their own purposes. We permit them to process your personal data for only specified purposes and in accordance with our instructions.
What about other third parties?
We may need to share your Personal Data with a regulator or to otherwise comply with the law.
F. Rights Of Access, Correction, Erasure, And Restriction
G. Data Retention
We will retain your Personal Data for only as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements in accordance with applicable laws and regulations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal requirements. Once we no longer need candidate data, we will retain and securely destroy your Personal Data in accordance with applicable laws and regulations.
H. Contact Us