It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you are aware that any personal data, we hold is inaccurate.
Children’s Data Protection and Parental Responsibility
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes (but is not limited to) first name, last name, username or similar identifier, title, and date of birth.
- Contact Data includes (but is not limited to) billing address, residential address, email address and telephone numbers.
- Transaction Data includes (but is not limited to) details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes (but is not limited to) internet protocol (IP) address, unique mobile device identification numbers, type of device, login data, browser type and version, time zone setting and geo location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
- Profile Data includes (but is not limited to) your login details, purchases or orders made by you, preferences, feedback, and survey responses.
- Usage Data includes (but is not limited to) information about how you use the Services.
- Marketing and Communications Data includes (but is not limited to) your preferences in receiving marketing from us and our third parties, news about our products and your communication preferences.
If you decide to make a payment for any of our products and services, your Financial Data, which includes your bank account and payment card details, will be collected and processed by our external payment service provider. We will not have access to, collect, use, store or transfer your Financial Data.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your device. This software may record information such as aggregated usage and performance data. We do not link the information we store within the analytics software to any personal information you submit within the Services.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us.
HOW YOUR DATA IS COLLECTED
We use different methods to collect data from and about you including, but not limited to:
- Direct interactions. You may give us your Identity Data, Contact Data and Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:
- make purchases in the Services;
- create an account;
- subscribe to our newsletter or other publications;
- request marketing to be sent to you;
- request support for the Services; or
- give us feedback.
- Automated technologies or interactions. As you interact with the Services, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, pixels, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Technical Data from analytics providers, advertising networks and search engine providers.
- Identity, Transaction, Financial and Contact Data when shared with us by a business you interact with that uses the Services as part of their business.
- Contact and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from data brokers or aggregators.
- Identity and Contact Data from publicly availably sources.
HOW WE USE YOUR DATA
We will only use your personal data as allowed by law. Most commonly, we will use your personal data in the following circumstances:
- For the performance of a contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
You have the right to withdraw consent to marketing at any time by contacting us at firstname.lastname@example.org. The withdrawal of consent will not affect the lawfulness of any processing that took place before the withdrawal.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
|Purpose/Activity||Type of data||Basis for processing|
|To register you as a new user||(a) Identity
|Performance of a contract with you|
|To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Obtain consent for marketing activities performed by third parties
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Explicit consent
|To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey(c) Fulfilling our business relationship with you
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how users use our products/services)
|To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
(f) Profile Data
|(a) Performance of contract
(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(c) Necessary to comply with a legal obligation
(d) Necessary for our legitimate interests to detect or prevent unlawful acts
|To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve the Services, marketing, user relationships and experiences||(a) Technical
(c) Marketing and Communications
|Necessary for our legitimate interests (to define types of users, to keep the Services updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To process your job application to work with us||(a) Identity
|Performance of a contract with you|
|To facilitate a duty of care to you||(a) Identity
|Necessary for our legitimate interest (to help you manage aspects of your activities when interacting with our products/services)|
We may disclose information where we are required to do so by law, for example, in response to a court order or a subpoena, or where we disclose information to data processors who act on our behalf (service providers or other group companies who provide support for the operations of the Services and who do not use or disclose the information for any other purpose). To the extent permitted by applicable law, we also may disclose personally identifiable information in response to a law enforcement agency’s request or other public agency’s (including schools or children services) request or if we feel that such disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using the Services protect the security or integrity of the Services and networks, and/or enable us to take precautions against liability, misuse or unauthorized use.
We provide you with choices regarding our use of your personal data for marketing and advertising purposes. You will receive marketing communications from us if you have subscribed for an account with us or purchased goods or services from us and you have not opted out of receiving that marketing. All of our marketing communications to you contain an opt out option and you can opt out at any time. Please note that the opt out will not affect the lawfulness of processing that has taken place before the opt out.
We will get your explicit opt-in consent before we share your personal data with any company outside of Bolt On for marketing purposes.
You can ask us to stop sending you marketing messages at any time by contacting us at email@example.com at any time.
Opting Out of Geolocation
If you have previously allowed us to access your geolocation data, you can stop making geolocation available to us by visiting your mobile device’s settings for the Services or the “settings” page for the Services.
Opting Out of Other Communications
When you install the Services on your mobile device you can choose to receive push notifications, which are messages our games send you on your mobile device even when the mobile app is not on. You can turn off notifications by visiting your mobile device’s “settings” page.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and obtain your consent to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We incorporate commercially reasonable safeguards to help protect and secure your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Services, and you provide us with your information at your own risk.
If you have any questions about security on the Services or if you become aware of any unauthorized use of an account or suspect a security breach, notify us immediately via email at firstname.lastname@example.org. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Data Protection Rights Under the General Data Protection Regulation (GDPR)
If you are a resident of or located within the European Economic Area (EEA), you have certain additional data protection rights. These rights include:
- The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal information.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
Legal Basis for Processing Personal Information Under GDPR
We may process your personal information because:
- We need to perform a contract with you;
- You have given us permission to do so;
- The processing is in our legitimate interests and it is not overridden by your rights; or
- To comply with the law.
Retention of Information
We will also retain usage data for internal analysis purposes. Usage data is data collected automatically either generated by the use of the Services or from the Services’ infrastructure itself (for example, the duration of a page visit). Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services or we are legally obligated to retain this data for longer periods.
Transfer of Information
Your information, including personal information, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.
Disclosure of Personal Information
Disclosure for Law Enforcement – Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
We may disclose your personal information in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend our rights or property
- To prevent or investigate possible wrongdoing in connection with the Services
- To protect the personal safety of users of the Services or the public
- To protect against legal liability
Security of Information
The security of your personal information is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Please note that we may ask you to verify your identity before responding to such requests.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your personal information first.
For more information, please contact your local data protection authority in the EEA.
Your California Privacy Rights
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what personal information (if any) that we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to email@example.com.