§ 1
[General provisions]

  1. This Privacy Policy sets out the processing principles and methods of data protection, including personal data of persons using the Buddies – party game, Buddies Spicy - wild party or bad ideas - a card game application (hereinafter: "Application"), processed by Buddies Games Inc., 1207 Delaware Ave Suite 2137, Wilmington DE 19806, e-mail: help@buddies.fun (hereinafter: "Controller").
  2. Controller collects, processes and uses the data of the Application's users (hereinafter: "User"), including personal data.
  3. Controller pays special attention to protecting and respecting Users' rights, with particular emphasis on ensuring the right to protection of privacy and free disposal of personal data by the User.
  4. Controller makes every effort to secure Users' personal data and ensures the protection of personal data that he processes. In particular, the Controller uses appropriate technical safeguards and organizational measures to ensure the protection of personal data being processed, appropriate to the threats and categories of data protected. In particular, the Controller protects data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the provisions of law, as well as change, loss, damage or destruction.
  5. It is not allowed to use the Application by Users under 13 years of age; therefore, the Controller does not process data from persons under 13 years of age.
  6. To the extent that consent is required for data processing (art. 6 section 1 let. a GDPR), User who is under 16 years of age is required to obtain consent from a parent or legal guardian.
  7. In the event of a provision of personal data by a User under 13 years of age, such data shall be immediately deleted by the Controller, and the account created by such a User will be deleted.
  8. The User may at any time delete his own profile using the appropriate option in the Application. Removing the Application from a mobile device does not automatically delete the User's profile in the Application as it is connected to the respective Google and Apple accounts.

§ 2
[Personal data]

  1. The controller of Users' personal data is Buddies Games Inc. with registered office in 1207 Delaware Ave Suite 2137, Wilmington DE 19806 e-mail: help@buddies.fun.
  2. Users' personal data relate to:
    1. data collected as a result of their voluntary provision by Users (e.g. when creating your profile, using other functionalities of the Application) such as: name and image (if you decide to add photos your image);
    2. User's geolocation, i.e. the place where User is located (this data can be collected using GPS, Bluetooth or Wi-Fi);
    3. data related to the use of the Application (e.g. data regarding the dates of logging in to the Application, the time of its use, the way it was used, the functionalities used, reports form the played games);
    4. data of the mobile device used by the User (eg. data on the type of mobile device, data on the mobile operator);
    5. payment data (e.g. purchase history) if the User uses the paid services of the Application;
    6. data provided by the User as part of playing games with other Users and other data provided by the User voluntarily while using the Application, for example answers provided while playing games within the Application or data provided to the Controller while using the contact form available within the Application.
  3. As stated above, the Controller may collect information about mobile devices on which the User runs the Application. The information collected includes device name set by the User, unique device identifier, device manufacturer, name and version of the operating system, screen resolution as well as additional technical information.

§ 3
[Access to data from a mobile device]

  1. The Application may, with the consent of the User, access on a mobile device to the photo gallery and camera - thanks to access to the photo gallery, the User can place a photo previously taken by himself in the Application; access to the camera allows you to place a photo in the Application immediately after taking it.
  2. The User provides consent for the Application to use the access referred to in sections 1. The Access is revoked by uninstalling the Application or selecting the appropriate option in the settings of the mobile device. It is also possible to grant access to the photo gallery and camera on a one-off basis just during the single given use of the Application (if the mobile device OS allows such function).

§ 4
[Purpose and time of data processing]

  1. The processing of Users' personal data takes place for the purpose of:
    1. enabling Users to use the functionality of the Application, including the creation and use of the profile, due to the processing being necessary to conclude and implement the contract for the provision of electronic services (use of the Application) with the Users - pursuant to art. 6 section 1 let. b GDPR; and in the case of data regarding the User's image - based on art. 6 section 1 let. a GDPR, i.e. the User's consent;
    2. contact with the User to provide the support regarding the use of the Application, which is the Controller's legitimate interest - pursuant to art. 6 section 1 let. f GDPR;
    3. marketing, which is the Controller’s legitimate interest – art. 6 section 1 let. f GDPR;
    4. statistics, diagnostics and analysis of Users behaviour using the Application, which is the Controller's legitimate interest – art. 6 section 1 let. f GDPR.
  2. Personal data may be made available to entities providing IT services to the Controller and entities providing accounting and billing services. Other Users of the Application may also have access to the User's data provided when using the Application to the extent resulting from the functionality of the Application.
  3. The time of processing personal data by the Controller depends on the purpose of processing:
    1. in order to conclude and implement of the agreement for the provision of electronic services with the User is processed by the Controller for the period of agreement implementation and the period necessary to pursue own claims or defend against claims raised against Controller in connection with the agreement;
    2. on the basis of obtained consent are processed until the consent is withdrawn or the concluded contract expires;
    3. in order to contact the user are processed for a period of 1 year from the end of correspondence;
    4. for the purposes of marketing – are processed until there is an objection to their processing for this purpose, the consent is withdrawn or until the Controller decides to delete them;
    5. personal data processed for statistical, diagnostics purposes and analyses are processed for a period of 3 years from the moment of obtaining the data, however data regarding the games’ history including logs, images, chat messages and answers will be deleted within 30 days after the games were finished.

§ 5
[Data transfer]

  1. The Controller may make the Users' data available to his subcontractors (entities he uses for processing) such as IT service and solution providers.
  2. The Controller may use IT service providers who are based outside the European Economic Area. Accordingly, User data may be transferred there. The Controller uses entities that process personal data on the basis of the Standard Contractual Clauses adopted by the European Commission, referred to in Article 46 of the GDPR, concluded between the Controller and the entity, or on the basis of the Data Privacy Framework.
  3. Downloading the Application from Google Play or the App Store means for the User that Google LLC or Apple Inc. (or the their respective group companies), respectively will process his personal data. Google LLC and Apple Inc. are personal data controllers separate from the Controller.
  4. Links to the privacy policies of the subcontractors providing the Controller with various tools implemented into the Application can be found in §7.

§ 6
[User's rights]

  1. The User who is the data subject has the following rights:
    1. the right to access personal data and the right to receive a copy - the User may request from the Controller information whether his data are processed, and in the case of confirmation, the User may request the Controller to obtain access to them. The User may also request the Controller to provide a copy of his processed personal data. Provision of subsequent copies of data may require the User to pay a fee related to administrative costs;
    2. the right to request the rectification of personal data - User can request the rectification on his incorrect personal data by the Controller, or can request the completion of incomplete personal data, having regard to the purposes of the processing;
    3. the right to request the erasure of personal data - the User may request the Controller to delete personal data related to him in a situation that at least one of the following cases occurs:
      1. personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. personal data is processed contrary to the provisions of law;
      3. personal data have been unlawfully processed;
      4. User's consent, which is the basis for data processing in accordance with art. 6 section 1 let. a GDPR, and at the same time there is no other legal basis for the processing of personal data;
      5. User objects to the processing of personal data pursuant to art. 21 section 1 GDPR, and at the same time there are no valid legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims; or if the User objects to the processing of personal data pursuant to art. 21 section 2 GDPR;
      6. an obligation to delete personal data has been imposed on the Controller, resulting from the applicable European Union regulations;
    4. the right to request restriction of the processing of personal data - the User may request the Controller to restrict processing of personal data related to him in a situation that at least one of the following cases occurs:
      1. The User contests the accuracy of personal data - for a period enabling the Controller to check the correctness of this data;
      2. the processing is unlawful, and the User opposes the erasure of the personal data and requests the restriction of their use instead;
      3. Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
      4. User has objected to processing pursuant to art. 21 section 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject;
    5. the right to transfer personal data;
    6. the right to object to the processing of personal data;
    7. the right to lodge a complaint with a supervisory authority
  2. In order to exercise any of the rights referred to above, the User may submit a request to the Controller in writing to the address of 1207 Delaware Ave Suite 2137, Wilmington DE 19806, or via email to the addresshelp@buddies.fun.
  3. Providing data is voluntary, but without the provision, it will be impossible to provide services by the Controller or to contact the Controller.
  4. The Controller of shall not take decisions with regard to personal data which are based solely on automated processing, including profiling.

§ 7
[Tools used within the Application]

  1. Within the Application the Controller uses the following tools provided by the third-party partners (which may collect additional data):
    1. Firebase – this Google’s platform supports mobile and web application development capabilities. The platform provides a range of tightly integrated features that can be combined with each other. These include analytics, a backend tailored for mobile devices and tools to support app development; Firebase's key security and privacy information can be found here:https://firebase.google.com/support/privacy; within the Google Firebase ecosystem, the Controller uses the technological solutions available within the Firestone, such as:
      1. Firebase user agent;
      2. FirebaseCore,
      3. GoogleUtilities,
      4. Google DataTransport,
      5. FirebaseABTesting;
      6. FirebaseAppCheck;
      7. FirebaseAuthentication;
      8. FirebaseCrashlytics;
      9. FirebaseDatabase;
      10. FirebaseDynamicLinks;
      11. FirebaseFunctions;
      12. FirebaseInAppMessaging;
      13. FirebaseInstallations;
      14. FirebaseInstanceID;
      15. FirebaseMessaging;
      16. FirebaseRemoteConfig;
      17. FirebaseSessions;
      18. FirebaseStorage;
        (detailed iOS information regarding those tools can be found here:https://firebase.google.com/docs/ios/app-store-data-collection, detailed Android information regarding those tools can be found here:https://firebase.google.com/docs/android/play-data-disclosure);
    2. Google Analytics– this tool is that is used together with Firebase to analyze Application statistics; as indicated by Google – Google Analytics automatically collects certain data and offers optional features that determine which additional types of data are collected and how they are used:https://support.google.com/analytics/answer/9234069?sjid=10298719674834095183-EU;
      Google’s privacy policy can be found here: https://policies.google.com/privacy?hl=en;
      Information regarding Google’s safeguarding of the data can be found here:https://support.google.com/analytics/answer/6004245?sjid=10298719674834095183-EU;
    3. Grafana this tool processes logs from the last 14 days with all gameplay information, including all User’s interaction within the games played using Application, for the diagnostics purposes; Grafana’s services privacy policy can be found here:https://www.appsflyer.com/legal/services-privacy-policy/;
    4. AppsFlyer – this a tool providing technologies for measurement, analysis, engagement of the User’s using the Application; AppsFlyer privacy policy can be found here:https://www.appsflyer.com/legal/privacy-policy/;
    5. AppLovin – this a tech and software tool used to optimize app monetization, and to empower data-driven marketing; AppLovin privacy policy can be found here: https://www.applovin.com/privacy/;
    6. Facebook SDK – this is an analytical tool that helps to measure the effectiveness of advertisements based on the analysis of actions taken by end users on the Application, which in turn allows for conducting more effective advertising campaigns; Meta’s (Facebook’s) privacy policies can be found here: https://www.facebook.com/privacy/policy/;
    7. AdMob – this is a platform allowing the display of advertisements on the Application; Information regarding data disclosure due to the AdMob can be found here: (iOS)https://developers.google.com/admob/ios/privacy/data-disclosure and here: (Android):https://developers.google.com/admob/android/privacy/play-data-disclosure;
    8. Unity Ads – this is a programmatic monetization solution; Unity Ads privacy policy can be found here: https://unity.com/legal/privacy-policy/.
    9. DT Exchange – this is a programmatic monetization solution; DT Exchange (Digital Turbine) privacy policy can be found here: https://www.digitalturbine.com/privacy-policy/.
  2. In addition, Google requires the Controller to state in the Privacy Policy that third parties may be placing and reading cookies on User’s browsers, or using web beacons to collect information as a result of ad serving.

§ 8
[Cookies]

  1. As part of the functionality of the Application, small files called cookies are used. These files are saved by the server on end user’s mobile device. Using cookies should be understood as their storage and access to them by the Controller.
  2. Cookies are IT data, in particular text files and identifiers, which are stored in the User's mobile device and are intended for the use of Application. Cookies usually contain the name of the Application they come from, the time they are stored on the end device, content (e.g. action identifiers) and a unique number.
  3. With regard to the length of time for which cookies are installed on the User's terminal device, the cookies used on the Application are divided into two main types:
    1. session cookies (session storage) - are temporary files that are stored on the User's end device until the session expires (e.g. leaving the Application, deletion by the User, or turning off the software);
    2. permanent (persistent cookies, local storage) - are stored on the User's final device for the time specified in the parameters of cookies or until they are deleted by the User.
  4. Depending on the purpose for which they are used, cookies are divided into:
    1. Strictly necessary cookies – enable you to use the basic functions of the Application. Without the strictly necessary cookies, one cannot use the Application properly;
    2. Performance cookies – collect information about how visitors use the site, such as analytical cookies. These cookies cannot be used to directly identify a specific user;
    3. Targeting cookies – are used to identify visitors between different Applications, e.g. content creation partners, advertising networks. These cookies may be used by companies to create profiles of user interests or display relevant ads on other Applications;
    4. Functionality cookies – are used for additional purposes regarding the proper functionality of the Application (for example language preferences and user authentication), however cannot be classified as the strictly necessary cookies.
      The detailed descriptions of the given cookies are specified in the table below.
  5. The default settings of mobile device’s operating systems usually allow the storage of strictly necessary cookies on the end devices of Application users. However, these settings may be changed by the User.
  6. Personal data will be processed in connection with the use of non-strictly necessary cookies only after the User's consent in the use of the Application to the use of the aforementioned cookies has been obtained. Consent to their use may be revoked at any time by selecting the appropriate option in the cookie settings available on the Application.
  7. Notwithstanding the above, if allowed by the mobile device’s operating system, the User may have the ability to determine the conditions for the use of cookies through the settings of the software installed on the mobile device. The change may consist in partial or complete restriction of the possibility of storing cookies on the User's mobile device, while at the same time it may cause the incorrect display of the Application content.
  8. The use of cookies does not cause configuration changes in the mobile device’s other installed software.