ROVIO PRIVACY NOTICE FOR APPLE ARCADE GAMES

Page

ROVIO PRIVACY NOTICE FOR APPLE ARCADE GAMES

Last updated: March 12, 2021

This notice explains how Rovio Entertainment Corporation (referred to as “we” in this notice) collects, stores, uses, or otherwise processes the personal data of end users of Rovio games available on the Apple Arcade service (referred to as “you” in this notice), and what rights you have if we are processing your personal data.
In this notice, “Games” refers to those of our games which are available on the Apple Arcade service. The expression “your data” is used when referring to personal data that relates to you as an identified or identifiable individual.
It is important that you read this notice before accessing or using the Games so that you are aware of how and why we may use data relating to you. In addition to this notice, we encourage you to carefully review our Terms of Service, which govern your use of the Games.

1 Data controller

By “data controller,” we mean an entity that determines how and why personal data is processed. We are the data controller for the activities described in this notice. Our company name is Rovio Entertainment Corporation. Our address is Keilaranta 7, FI-02150 Espoo, Finland.

2 Contact information

In matters related to this notice, you can reach us by email at privacy@rovio.com. If you have any questions or concerns about the way we use your data, you may also contact our Data Protection Officer by email at dpo@rovio.com.

3 Why do we process your data and on what basis?

If you contact our player support team with a matter relating to the Games, we may process any information included in the support request to handle the request. We do this based on our legitimate interest to make sure you have the best possible user experience in the Games.
Based on our legitimate interest to safeguard our operations, we may also process your data to:

audit our operations or processes (for example, to verify that they function as intended and according to regulatory or contractual requirements) or
establish, exercise, or defend our legal rights to the extent permitted by applicable laws and regulations.

Finally, we may process your data as necessary to:

comply with legal obligations which we believe apply to us (including requirements to provide information to competent authorities upon due request) or
protect your vital interests or the vital interests of another person.

In addition, we may process your data for additional purposes which are compatible with any of the purposes listed above.
We do not use your data to make automated decisions which significantly affect you. By an “automated decision”, we mean a decision made by an information system without any human intervention.

4 What data do we process?

We may process any information included in the communications you send to our support team, such as your email address, the message body, and any attachments you choose to include.
We do not collect any other data relating to you in connection with the Games. Other data about how you play the Games (for example, your game account and related progress) may be stored locally on your device or on Apple’s servers. We have no access to such data.

5 Where do we collect your data from?

We collect your data directly from you when you submit it to us through our support channels or otherwise. Providing data to us is not mandatory. However, we may be unable to provide you with meaningful support without the information required to handle your request.

6 Who do we share your data with?

We may share your data with third parties to achieve the purposes described in this notice. This may include sharing data with the following types of recipients:

other companies in the Rovio group, for example where they help us operate the Games,
persons or companies outside of the Rovio group that provide services to us and process data on our behalf when providing those services (for example, our support platform provider),
prospective or actual buyers (including their agents or advisors) in the context of a planned or actual acquisition, merger, or other business restructuring,
competent courts of law or other government authorities where we believe disclosure is necessary as a matter of applicable law or regulation,
any person or entity where we believe disclosure is necessary to exercise, establish or defend our legal rights or to protect your or another person’s vital interests, or
with any other person or entity with your consent.

In connection with the processing activities described in this notice, your data may be transferred to and/or processed in countries outside of the European Union (“EU”) and the European Economic Area (“EEA”). These countries may have data protection laws that differ from the laws of your country. In these cases, we will provide appropriate safeguards to protect your personal data. These safeguards may include compliance with the European Commission’s standard contractual clauses for transfers of personal data. Upon request, we can provide you with details on the applicable safeguards.

7 How long do we keep your data?

We will keep your data for as long as necessary to achieve the purpose(s) for which it was collected, including to comply with any legal requirements.
After the applicable retention period, we will either delete or de-identify your data or, if neither deletion or de-identification is possible (for example, due to data being stored on a backup server), isolate your data from further processing until deletion or de-identification is possible. We may continue to use data that is not identifiable to you (for example, aggregate data).

8 How do we keep your data secure?

We have adopted measures to provide your data a level of security appropriate for the degree of risk involved with the processing activities described in this notice. These measures are designed to protect your data against accidental or unlawful destruction, loss, or alteration as well as unauthorized disclosure or access. The specific measures we employ vary, but typically include, for example, encryption in transit, controls to limit access to services or systems that contain personal data, and maintaining procedures to handle any suspected security incidents.

9 Your rights

If we are processing your data, you have the right to:

access, correct, or request the deletion of your data,
request us to restrict our processing of your data,
object to our processing of your data to the extent our processing is based on our legitimate interests or the legitimate interests of a third party, or
where technically feasible, request a copy of the personal data you have provided to us in machine-readable format.

To exercise any of your rights, you may also contact us at privacy@rovio.com. To fulfill requests submitted by email, we may need to confirm your identity to verify your right to make the request, which may involve requesting additional information from you.
Finally, you always have the right to lodge a complaint with your local data protection authority regarding our processing of your data. For more information, please contact your local data protection authority (for example, the Office of the Data Protection Ombudsman in Finland).

10 Age limit

We do not know the specific age of individual users of our Games. If you are under 13 years of age, please do not provide your personal data (including your name, address, telephone number, or email address) to us or use the Games to make your personal data available to others.
If we discover that we hold personal data relating to a user under 13 years of age, we will take appropriate measures to ensure that we process that data according to the requirements of applicable laws and regulations or promptly delete the data from our records. If you have reason to believe we hold personal data relating to a user under 13 years of age, please contact us.

11 Changes

We may update this notice from time to time, for example due to changes in our operations or the legal obligations that apply to us. Updates will be made available to you in the Games.