PRIVACY POLICY – LEGO® Bricktales , November 30th, 2023

Information on how we process your personal data

 

1. Introduction

This Privacy Policy (the “Policy”) describes how Thunderful Publishing AB, reg. no. 559154-8721 (“Thunderful”, “we”, “us” or “our”), at the address Kvarnbergsgatan 2, 411 05, Göteborg, Sweden, processes your personal data when you access and/or use the game LEGO® Bricktales made available by us, (the “Game”).

We are responsible for the processing of your personal data as described in the Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us, by writing a physical letter to the address above.

It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. If we make changes to the Policy, the new version will apply from the time it is published on our website. At the top of the page, you can see when the Policy was last changed.

2. How we collect your personal data

The personal data we process relating to you is mainly collected from you when you download and use the Game or when we come into contact with you – e.g., via email, telephone or personal meetings, conferences, conventions, or similar occasions. We may also collect your personal data from a third party.

3. How we process your personal data

 
3.1 Introduction

We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing of your personal data, which in our context generally means one of the following legal bases.

Performance of a contract – the processing is necessary in order for us to provide you with our services or otherwise perform a contract between us (e.g., our terms of use for the Game), or to take steps at your request prior to entering into a contract.

If you are acting on behalf of someone else, e.g., in the capacity of representative of a company, our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.

Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).

Consent – the processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.

Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data and who we share your personal data with.

3.2 To optimize the Game and the gaming experience
 
What we do and why:

When you engage with the Game, we collect specific details related to the device or console you use, the platform it operates on, and the country where you are located.


This information is crucial for optimizing the Game, tailoring it to different platforms, and providing you with a seamless and personalized gaming experience.


To do this we use third party analytics services, including but not limited to, “Unity Analytics”.

The personal data that we process:
 

The personal data we process consists of:

Legal basis:

Performance of contract, in order for us to provide an optimal gaming experience.

Storage period:

We collect and store information on how you interact with the Game, during the term of our contract.

Sharing of personal data:

We will share your personal data with our suppliers of IT services as well as our group companies.

3.3 For marketing and commercial strategies
 
What we do and why:

Through your use of the Game, we will receive information about you from the platform through which you are accessing the Game.


This data is combined with that of other players both on the platform and within your country.
To do this we use third party analytics services, including but not limited to, “Unity Analytics”. The statistics we produce and the analysis we carry out by using these services are based on aggregated data and other de-identified or anonymized data.


By analysing aggregated data, we gain insight into player preferences, different features used by you, engagement patterns, and regional trends. This analysis, in turn, informs our marketing and commercial strategies, helping us enhance your gaming experience and tailor our offerings to better suit the interests of our community.

The personal data that we process:

The personal data we process consists of:

Legal basis:

Legitimate interest, where our legitimate interest is to understand player behaviour and preferences to improve and market the Game.

Storage period:

We process and store your personal data regarding your gaming behaviour for no longer than twelve (12) months. If you have not interacted with the Game our accessed our services during this or the subsequent period, then we will delete your personal data from our systems.

Sharing of personal data:

We will share your personal data with our suppliers of IT services as well as our group companies.

3.4 To engage in studio/user interaction
 
What we do and why:

We engage in studio/user interaction to enhance the overall gaming experience and address any technical issues that may arise during your gameplay.

This interaction involves the collection of crash/bug reports submitted by you. The reports provide valuable insights into potential issues within the Game, allowing us to improve its performance and functionality.

Additionally, you have the opportunity to make suggestions about the Game through a provided mechanism, contributing to the ongoing development of the Game.
You may voluntarily include screenshots to illustrate the issues to us. Our tools are designed to recognize and obscure any potentially identifying information before transmitting the screenshots to us. However, we cannot guarantee anonymity, and if such information comes to our attention, we will promptly take steps to remove it from our systems.   

The personal data that we process:

The personal data we process consists of:

Legal basis:

Performance of contract, in order to improve and maintain the quality of our gaming products. By collecting crash/bug reports and user suggestions, we aim to identify and address technical issues, enhance gameplay, and provide an overall better experience for you.

Storage period:

We process and store your personal data collected through crash/bug reports for as long it is necessary to identify and address technical issues and during the term of our contract.

Sharing of personal data:

We will share your personal data with our suppliers of IT services as well as group

3.5 To track errors that occur on your device and send error reports
 
What we do and why:

We are committed to providing you with a seamless and error-free experience when playing the Game. To achieve this, we track errors that occur on your device when you play the Game.

The primary purpose of this process is to identify and address any issues promptly, ensuring the optimal functionality of the Game.

By collecting error reports that include information about your device type and operating system version, we gain valuable insights into the root cause of errors.
This allows us to enhance the overall performance and reliability of the Game, providing you with a more enjoyable user experience.

 
The personal data that we process:

The personal data we process consists of:

Legal basis:

Performance of contract, to ensure a seamless use of the Game by addressing any technical issues that may impact your user experience.

Storage period:

We process and store your personal data to track errors for as long it is necessary to fix errors and send error reports and during the term of our contract. 

Sharing of personal data:

We will share your personal data with our suppliers of IT services as well as our group companies.

3.6 To create a worldwide statistic of scores
 
What we do and why:

We are dedicated to fostering a global gaming community by creating a comprehensive worldwide statistic of scores attained across all levels in the Game.

Our primary objective is to provide you as a player with valuable insights into your collective achievements and progress, ultimately enhancing the gaming experience.

By compiling aggregated statistics, we aim to celebrate the collective accomplishments of our player base, promoting a sense of community and friendly competition.

 
The personal data that we process:

The personal data we process consists of:

Legal basis:

Legitimate interest, where it is our legitimate interest to enhance the gaming experience for you. The creating of aggregated statistics serves as a valuable tool to analyse global trends, identify areas for improvement, and offer insights that contribute to the overall enjoyment of the Game.

Storage period:

We process and store your personal data collected to create a worldwide statistic of scores for as long it is necessary to fulfil the purposes of enhancing the gaming experience and analysing global trends, however we will not store your personal data for longer than twelve (12) months.

Sharing of personal data:

We will share your personal data with our suppliers of IT services as well as our group companies.

 
3.7 To fulfil legal obligations or to establish, exercise or defend legal claims

We may process your personal data in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

We may also process your personal data so that you, or the company or organization you represent, we or any relevant third party can establish, exercise or defend its legal claims, e.g. in connection with an ongoing dispute.

4. Security measures

We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities. In addition, data processing agreements have been entered into with our suppliers of systems and services (see further Sections 5 and 6 below).

5. How we share your personal data

Access to your personal data is limited to recipients who require such access for the purposes described in Section 3 above or as otherwise stated below. Your personal data will therefore be shared with the following categories of third party recipients:  

a) Companies within our group: We will share your personal data with other companies within our group if necessary. If we share your personal data with other companies within our group, we will ensure that the personal data continues to be processed in line with this Policy.

b) Service providers: We use third party service providers to manage parts of our business operations. We will share personal data with such third parties in order for them to supply us with services, e.g., IT services or other administrative functions or provide services as sub-contractors in connection with our own services. When we use such service providers, we enter into data processing agreements and take other suitable measures to ensure that your personal data is processed in line with this Policy.

c) Our partners: We will from time to time cooperate with external parties in order to improve our services and business. Such parties either process your personal data as data controllers according to their own terms and policies for handling personal data, or as our data processors according to our instructions. In the latter case, we enter into data processing agreements and take other suitable measures to ensure that your personal data is processed in line with this Policy.

d) Sale or transfer of business or assets: We will share your personal data with a buyer/investor or prospective buyer/investor in the event of a sale, assignment or other transfer of all or parts of our shares, assets or operations. When such transfer occurs, we will take actions in order to ensure that the receiving party processes your personal data in accordance with this Policy. The purpose of such sharing or processing of your personal data is to allow a (potential) buyer/investor to carry out an assessment of us as a company and, where necessary, take actions and make preparations in the event a sale, assignment or other transfer should occur, where such sharing or processing of your personal data is carried out with reference to the legitimate interests of allowing such assessment, actions and preparations by the (potential) buyer/investor.

e) Public authorities: We will share your personal data with public authorities such as the Swedish Police or the Swedish Tax Agency when we are required to do so by e.g., applicable law or other legal statutes or orders or decisions by courts or authorities in order to fulfil the legal obligation specified therein.

6. Where we process your personal data

We strive to always process your personal data within the EU or EEA. However, we will transfer your personal data to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g. by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, is participating in the EU-U.S. Data Privacy Framework, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.

You may access the European Commission’s standard contractual clauses at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.

The countries outside the EU/EEA to which our suppliers currently transfer personal data are: the United States of America and Singapore.

7. Your rights

You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.

Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g., confirm your identity before proceeding with your request to exercise your rights.

To exercise your rights or request information about them we ask that you contact us, which is most easily done via writing a physical letter to: Thunderful Publishing AB, Kvarnbergsgatan 2, 411 05, Göteborg, Sweden.

7.1 Right of access

You have the right to obtain a confirmation as to whether or not we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.

7.2 Right to rectification

You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.

7.3 Right to erasure

You have the right to obtain that we erase your personal data without undue delay in the following circumstances:

7.4 Right to restriction

You have the right to request that we restrict the processing of your personal data in the following circumstances:

7.5 Right to object

You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.

7.6 Right to data portability

If our processing of your personal data is based on the performance of a contract with you or your consent, you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible.

We ask you to observe that this right to so called data portability does not cover personal data which we process manually.

7.7 Right to withdraw consent

If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before your withdrawal.

7.8 Complaints with the supervisory authority

In Sweden, the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may file a complaint with the Swedish Authority for Privacy Protection at any time.