AviaGames, Inc., situated in Unit 225, 1840 Gateway Dr, San Mateo, CA 94404 (“
AviaGames”, “
we”, “
us”, “
our”) provides interactive skill-based games. This EU and UK Privacy Policy (or “Privacy Notice”) is designed to help the individuals engaging with us from the EU and UK understand how we as a controller collect, use, process, and share your personal data, and to inform of you of how to exercise your data subject rights.
This Privacy Notice applies to personal data processed by us, including on our websites, games, applications (including, but not limited to 8 Ball Strike: Cash Pool, 8 Ball Strike: Win Real Cash, Bingo Bliss, Bingo Clash, Bingo Tour, Blockolot, Bubble Buzz, Pocket7Games, Solitaire Clash, Solitaire Clash infinite, Solitaire Slam, Solitaire Venture) and all other online or offline products, services, and offerings we may provide in the future. To make this Privacy Notice easier to read, our websites, mobile applications, games, and other offerings are collectively called the “Services.”
Table of Contents
1. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity and Contact Data which includes first name, last name, any previous names, marital status, date of birth, gender, address, email address and telephone numbers.
- Profile Data which includes your username and password, biographies provided by you, profile pictures, purchases or orders made by you, your interests, preferences, feedback and survey responses, and statistical data regarding your game play (e.g. scores, rankings, and achievements).
- ID Data which includes copies of and information associated with any government issued id documentation such as passport or driving license provided to us by you (which may include biometric data).
- Biometric Data which includes information derived from your unique physical, physiological, or behavioural characteristics, allowing for identification (e.g. facial scans). Biometric Data is Special Category Data under the UK and EU GDPR.
- Location Data which includes the location where you live or the approximate location from where you are accessing our services, based on your device’s IP address and geolocation data (e.g. GPS coordinates).
- Financial And Transaction Data which includes bank account, payment card details, and other payment information associated with a transaction made by you in respect of our services, details about payments to and from you and other details of products and services you have purchased from us, in-service wallet account-related information and any withdrawal requests made by you, and details of the third-party payment system you use.
- Technical Data which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, App version used (if applicable), operating system and platform, device ID, access status/HTTP status code, language and version of the browser software or device used, Crash Logs (meaning information about usage and performance statistics, the time that certain features take to launch, when and how long the features run, and errors or delays (“Crash”) in using certain features, device hardware information associated with the Crash) and other technology on the devices you use to access this website.
- Usage Data which includes information about how you interact with and use our website, products and services.
- Gameplay Data which includes your gameplay records, performance records (including your button inputs), your grades, skill levels, entries and tournament, activities involved, game server usage, game device usage, game system interactions, friends you connect with through our Games, products, services, and other information you generated as a user in our Games.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share
aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
2. How We Collect Personal Data
We use different methods to collect data from and about you including through:
- Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you, for example, create an account on our website; request marketing to be sent to you; enter a competition, promotion or survey; or give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website and mobile apps, we will automatically collect certain personal data, for example, Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see Section 5 below on cookies for further details.
- Third parties. We will receive personal data about you from various third parties. For example, we will receive Technical Data from analytics providers, and we will receive Identity and Contact Data and Financial and Transaction data from providers of technical, payment and identity verification services.
3. Personal Data We Collect
The following tables set out further details about the categories of personal data we process about you, how we use that personal data, and the legal basis which we rely on to process that personal data.
| How We Use Personal Data | Categories of Personal Data | Legal Basis for Processing such Data (pursuant to Art. 6 and (where relevant) Art. 9 of the UK GDPR and/or EU GDPR) |
| To Provide Our Services to YouWe will collect and process certain information from you when you first use our Services and Games, to be able to provide the Services and Games to you, including to identify you as an individual user in order to allow you to play our Games. | Identity and Contact DataProfile Data | The processing is necessary for the performance of a contract with you (provision of Services and Games). The legal basis for such processing is Art. 6.para 1 lit. b GDPR. |
| To Create an Account for YouYou can opt to create an account with us in order to play our Games. In order to do so you need to provide us with certain information (an email address and create a password associated with your account and you may also provide us with additional information (your phone number and/or email address)). | Identity and Contact DataProfile Data | The processing is necessary for the performance of a contract with you. The legal basis for such processing is Art. 6.para 1 lit. b GDPR. |
| To Communicate with YouWe will process your information to communicate service-related communications with you, and to allow us to communicate with each other via our customer service chat features. | Identity and Contact Data | The processing is necessary for our legitimate interests, namely, to communicate with our customers, to address any issues you might experience with our services and to ensure a good service. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Ensure Security of Your AccountYou can opt to provide your phone number and/or email address to us in our Products and/or Service so that we can use this information to verify your identity and grant you the access to your account in case you have difficulty logging into your account and thus secure your account security (i.e. to set up “Two Factor Authentication”). | Identity and Contact DataTechnology Data | The processing is necessary for our legitimate interests, namely, to ensure the security of our Services. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Personalise Your Profile and Allow You to Enjoy the ServicesIn your profile, you can choose to provide information to personalize your profile, which may include profile images, the country from which you access our Games, and a short description about yourself that you added to your profile. You may also enable the social media functions which allows you to publicly display certain statistical information about your game play, and to post and share comments and content with other users. This information will be visible to other Users.We may also personalise how you view our website and Services, to tailor how our website, Games, products and services are displayed to you (such as the language in which it is provided to you and the time zone in which you use our services). And we may use records of your in-game behaviour and skill levels to match you with other players or the recorded gameplay of other player(s) to create an appealing app and gaming experience for the users. | Identity and Contact DataProfile DataLocation DataTechnology DataGameplay Data | The processing is necessary for our legitimate interests, namely, to make our Games and Services more appealing to users, and to improve and grow our business. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Verify Minimum Age RequirementsWhen you make a deposit to your account for the first time, we will ask you to give your date of birth. We use this information to associate your account to verify that you meet the minimum age criteria to play the cash entries in our Games. | Identity and Contact Data | The processing is necessary for our legitimate interests to ensure that we can form a legally binding contract with you and to ensure we are complying with legal requirements regarding age restrictions in respect of our Games (if applicable). The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Conduct SurveysWe may contact you to participate in surveys in which you may share any user preferences, experiences, opinions or other personal information. We use and share this information with our third-party survey service providers (e.g. Surveymonkey.com) to design the surveys, to know you and your ideas, experiences, preferences about our website, products, Games and services, so to develop existing products, Games, and create new products, Games or otherwise improve our Services. | Identity and Contact DataAny other personal data you may choose to share. | The processing is necessary for our legitimate interests, to grow our business and ensure the efficient running of our surveys. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| For Prizes and CompetitionsWe use your information to send you physical prizes that you win when playing our Games or for any sweepstakes, tournaments, competitions, or contests that we offer you. We may also send you gifts in special occasions, like holidays. | Identity and Contact Data | The processing is necessary for the performance of a contract with you (e.g. where you have signed up to tournaments or Games where, in accordance with those terms, you will receive a prize). The legal basis for such processing is Art. 6 para. 1 lit. b GDPR.The processing is necessary for our legitimate interests, to grow our business and ensure the efficient running of our competitions. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Facilitate PaymentsWe use this information to process your purchases, deposits, withdrawals and other financial transaction requests in our Games, Products and Services.Any interactions with third party payment vendors for this purpose are governed by their privacy policies. | Identity and Contact DataFinancial and Transaction Data | The processing is necessary for the performance of a contract with you. The legal basis for such processing is Art. 6 para. 1 lit. b GDPR.Where you consent to Avia storing your Financial and Transaction Data to facilitate any future transactions, the legal basis for processing is consent (Art. 6 para. 1 lit. a GDPR). |
| To Identify and Prevent Fraud and other Illegal ActivitiesWe will process certain information to identify and prevent fraud or other illegal activities.In individual cases where there is an actual suspicion of fraud or other illegal activities and when the total deposit or withdrawal amount exceeds a certain threshold (e.g. when your total withdrawal amount has reached at least EUR1000 or GBP1000, we may update this amount threshold from time to time), you will be asked to upload a copy of your government issued ID documentation such as your passport or driving license (both front page and back page) and a selfie of yourself. The selfie may be considered Biometric Data in certain processing scenarios. We will use and share the information with our third-party service providers (e.g. Jumio) to verify the authenticity of your government issued ID, recognize the faces both in the government issued id and the selfie you provided for matching purposes, as well as recognize the liveness in the selfie provided. Your submission of a photo and government-issued ID to our service provider may be subject to that service provider’s privacy policy, and you should review that privacy policy before submitting any personal information. | Identity and Contact DataFinancial and Transaction DataID DataBiometric DataTechnology Data | The processing is necessary for our legitimate interests, namely, to detect, prevent, or otherwise address fraud and potentially deceptive or illegal activities, as well as to provide you with a secure and seamless payment experience. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. For the purposes of Article 9, with your explicit consent. |
| To Develop Our ServicesWe may use your information to further develop existing products and create new products or otherwise improve our Services.We may also record and use your gameplay information, including using records of your in-game behaviour and skill levels, to create “simulated players” that we match with other player(s), or to match you with “simulated players” that we have created from other users’ gameplay records. We do this where there are not enough players that have a similar skill level to play a game tournament online together. | Usage DataGameplay Data | The processing is necessary for our legitimate interests, namely, to develop our Games and Services, improve/grow our business, and create an appealing App. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Remedy any Technical Errors in Our ServicesWe use and share certain information with our third-party partners (e.g. Google Firebase) to identify and remedy errors in our website, Games, products, and Services. | Technology DataUsage Data | The processing is necessary for our legitimate interests, namely, to allow us to identify and fix errors in our website, Games, products, and Services and improve them. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Prevent CheatingWe will use and replay your gameplay records to you or other Users to identify and prevent cheating or fraud or possible illegal activities in the use of Our Games, products and Services. | Gameplay Data | The processing is necessary for our legitimate interests, namely detecting, identifying and preventing of fraud, cheating and other illegal activities. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
| To Comply with a Legal ObligationWe may process your information for compliance with a legal obligation to which we are subject and for establishing, exercising, or defending legal claims.For example, in some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.We may also use and share certain information with our third-party geolocation service providers (e.g. Google Geocoding Api, Geocomply) to identify the applicable jurisdiction and ensure that we comply with our legal obligations with respect to our product and operation compliance in different jurisdictions. | Identity and Contact DataLocation DataTechnology Data | The processing is necessary for compliance with a legal obligation which we need to comply with. The legal basis for such processing is Art. 6 para. 1 lit. c GDPR.The processing is necessary for our legitimate interests in establishing, exercising, or defending legal claims, and to ensure compliance with various legal obligations to which we are subject in different jurisdictions. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR. |
4. Marketing
In addition to the purposes set out above, we may process your personal data where you have provided your explicit consent for
marketing purposes.
You will receive marketing communications from us if you have requested information from us or purchased Services from us and you have not opted out of receiving the marketing.
We may also analyse your Identity and Contact Data, Technical Data, Usage Data and Profile Data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.
We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.
You can ask to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us. If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.
We may engage third-party advertising partners to promote our Services based on your interactions with our Services.
5. Cookies and Technologies
We, as well as third parties, may use cookies, pixel tags, and other similar technologies (“
Technologies”) to automatically collect your data through your use of the Services. For example, we use event tracking technologies on our website (which evaluates your use of the website). We only use Technologies that are not strictly necessary for the operation of the website if you have given your explicit consent to their use (pursuant to Sec. 25 para. 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Art. 6 para. 1 lit. a GDPR).
Our uses of these Technologies fall into the following general categories:
- Site Operations. These Technologies are used to provide Services functionality, for security and fraud prevention services, and other purposes we deem necessary to provide and maintain the Services. Examples of data collected through these Technologies includes:
- IP address,
- Geolocation,
- date and time of the request,
- time zone difference from Greenwich Mean Time (GMT),
- content of the request (specific page),
- access status/HTTP status code,
- the amount of data transferred in each case,
- web page from which the request came and the parameters it carried,
- browser,
- events data related to troubleshooting issues,
- operating system and its interfaces, and the device information, and
- language and version of the browser software.
- Analytics. These Technologies are used to assess the performance of our Services, and to collect analytics about use of the Services.
- Functionality. These Technologies are used to offer functionality on our Services, such as to identify you when you sign in or to keep track of your specified preferences, interests, or past items viewed.
- Sale, Sharing and Targeted Advertising. These Technologies are used for targeted advertising, and to deliver content, including ads tailored to your interests on our Services or on third-party websites and services. Some of these Technologies may in volve a “sale” or “sharing” (for targeted advertising) in some jurisdictions.
Your Options for Cookies and Technologies.
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for
Android,
iOS, and
others.
The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the
Network Advertising Initiative,
the Digital Advertising Alliance, and
the European Digital Advertising Alliance.
When you visit a website we operate, where required under the applicable law, we will provide mechanisms that allow you to opt out of Technologies as required by applicable law.
Please note you must separately opt out in each browser and on each device.
6. RECIPIENTS OF PERSONAL DATA
In order to provide you with our Services, we use the services of third party providers including those listed below. We may share your personal data with these third party providers for the purposes set out above. We also share data with our professional advisors where necessary for the purposes set out above.
As far as the third party providers are situated outside of the EU or UK, we have put in place the appropriate safeguards as detailed in section 4 of these Privacy Disclosures.
| Payment Providers | Paypal, Venmo and Braintree: provided by PayPal (Europe) S. à r.l. & Cie, S.C.A. situated in Luxemburg; PayPal Privacy, Venmo - Share Payments.Apple Pay: provided by Apple Payment Inc. situated in the USA privacy policy under Privacy - Apple |
| Communication Providers | Twilio and Sendgrid: provided by Twilio Inc. situated in the USA, privacy policy under Twilio Privacy Notice | Twilio |
| Other service providers and business partners | Geocomply: provided by GeoComply Solutions Inc. situated in Canada, privacy policy under Privacy Statement | Legal - GeoComply.ID Scan: provided by IDScan.net, Inc. situated in the USA, privacy policy under Privacy Policy - IDScan.net.AppsFlyer: provided by AppsFlyer Ltd. situated in the USA, privacy policy under: AppsFlyer Services Privacy Policy | AppsFlyer.ironSource: provided by ironSource Ltd. situated in Israel, privacy policy under Privacy Policy | ironSource (is.com).Unity: provided by Unity Software Inc. situated in the USA, privacy policy under Privacy Policy (unity.com).Applovin: provided by Applovin Corporation situated in the USA, privacy policy under: Privacy Policy | AppLovin.Vital4: provided by Vital4DATA LLC situated in the USA, privacy policy under Privacy Policy.Jumio: provided by Jumio Corporation situated in the USA, privacy policy under Privacy Notices - Jumio: End-to-End ID, Identity Verification and AML Solutions.Google Firebase and Google Geocoding API: provided by Google Ireland Limited; situated in Ireland, privacy policy under Privacy Policy – Privacy & Terms – Google.Surveymonkey: provided by SurveyMonkey Inc. situated in the USA, privacy policy under Region Specific Privacy Notice | Momentive (surveymonkey.com). |
| Login Providers | Google Sign-in: provided by Google Ireland Limited; Gordon House, Barrow Street, Dublin 4, Ireland, privacy policy under Privacy Policy – Privacy & Terms – Google.Apple Login: provided by Apple Inc. https://support.apple.com/en-us/HT210426, situated in the United States of America.Facebook Login: provided by Meta Platforms Ireland Ltd.; https://developers.facebook.com/docs/facebook-login/ |
| Hosting Provider | Our software is hosted on servers provided to us by AWS (Amazon Webservice Inc. situated in the USA) https://aws.amazon.com/. The servers are located in the USA. |
7. INTERNATIONAL TRANSFERS OF PERSONAL Data
We may transfer personal data about you to our affiliates, service providers and partners. When we do this, your personal data may be transferred to, stored and processed in a country other than the one in which it was collected, including, but not limited to, the United States.
When we transfer your personal data to another country which has laws that do not provide the same level of protection as EU or UK data protection law (as applicable), we always ensure that a similar degree of protection is afforded to your personal data. We do so by ensuring that we implement appropriate and suitable safeguards recognized under UK or EU privacy laws (as applicable), including adequacy decisions (countries that are deemed to adequately safeguard personal data) and standard contractual clauses (specific contracts approved by regulators in the UK or EU which give personal data the same protection it has in the jurisdiction where you are located). You can request a copy of our standard contractual clauses by contacting us using the contact details located in the “Contact Us” section below.
8. IF YOU FAIL TO PROVIDE PERSONAL Data
We will notify you if the provision of certain personal data is mandatory or optional.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you (to provide you with the Services).
In this case, we may not be able to provide certain features of the Services to you, or we may have to cancel the Services. We will notify you if this is the case at the time of collection.
9. RETENTION Periods
Unless a specific duration of data storage is specified in this Annex, we will only process your data as long as this is necessary for the respective purposes or as long as there are legal retention obligations (e.g. under commercial or tax law pursuant to Sec. 257 of the German Commercial Code (HGB) or Sec. 147 of the German Fiscal Code (AO)). After the respective processing purpose ceases to apply and retention obligations end, your data will be routinely deleted.
10. YOUR RIGHTS
You have the following rights in relation to the personal data about you that we have collected (subject to certain limitations under UK or EEA privacy laws, including Art. 15 to 23 of the UK and EU GDPR). If you would like to exercise your privacy rights, please contact us using the contact details located in the “Contact Us” section below.
Your privacy rights under UK and EEA privacy laws are set out below:
| The right to withdraw consent at any time | You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.If you withdraw your consent, we may not be able to provide the Services to you. We will advise you if this is the case at the time you withdraw your consent. |
| The Right to Access (Art. 15 GDPR) | You have the right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. |
| The Right to Correction (Art. 16 GDPR) | You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us. |
| The Right to Deletion (Art. 17 GDPR) | You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. |
| The Right to Object to Processing (Art. 21 GDPR) | You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.You also have the right to object where we are processing your personal data for direct marketing purposes. |
| The Right to Restrict Processing (Art. 18 GDPR) | You have the right to request restriction of processing of your personal data under the conditions. This enables you to ask us to suspend the processing of your personal data in the scenarios listed in Art. 18 GDPR. |
| The Right to Request Transfer (Art. 20 GDPR) | You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. |
You also have a right to submit a complaint.
If you reside in the UK, you have the right to make a complaint at any time to the Information Commissioner’s Office (“
ICO”), the UK regulator for data protection issues. You can make a complaint via the ICO’s website (
https://ico.org.uk/make-a-complaint/). This website also provides additional contact details for the ICO.
If you are resident in the EEA, you have the right to make a complaint at any time to the regulator in your jurisdiction. To find out how to contact your local regulator, please visit:
https://edpb.europa.eu/about-edpb/about-edpb/members_en.
11. Contact US
If you have any questions about our privacy practices or this Annex, or to exercise your rights as detailed above, please submit a privacy request using our online
Data Subject Request Form, or contact us at:
privacy@aviagames.com. If by postal mail to AviaGames, Unit 225, 1840 Gateway Dr, San Mateo, CA 94404, Attn: Legal Office.
12. UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our website, and/or we may also send other communications.