Privacy & Cookies Policy
This is the Privacy & Cookies Policy (the “Policy”) of Day1 Games Limited (“Day1”). This Policy describes the ways in which Day1 collects and uses information about you when you visit Day1’s website at www.day1games.com (the “Website”) or when you play Crimes & Puzzles or another one of Day1’s games (each a “Game” and together the “Games”), such Games currently made available via a mobile application.
Day1 may change this Policy at any time and when this happens we will notify you of any changes to this Policy by noting this on our Website as well as within the Games. The changes will apply to your use of the Website and/or our Games after we have notified you. If you do not wish to accept the new Policy you should stop using the Website and/or playing our Games (as applicable). If you continue to use the Website and/or play our Games after the changes, your continued use of the Website and/or your continued playing of any of our Games shows us your agreement to be bound by the new Policy.
For the purposes of data protection legislation, Day1 is a joint controller together with Hutch Games Ltd, further details of this can be found in the Annex to this Policy. Day1 has notified the Information Commissioner’s Office (“ICO”) of its processing of personal data. The notification indicates what data is processed by Day1 and for what purpose, and to which persons or entities the data will be provided. Day1’s registration number is ZA762723.
1. What Personal Data is and Who this Policy applies to
Personal Data means information that identifies, relates to, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household, including identifiers such as a real name, alias, a device identification number, location data, an online identifier, commercial information (including products or services purchased), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or as further defined under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) (as applicable). We indicate in this Policy the information we collect from you.
By playing the Games or visiting the Website you are agreeing to be bound by this Policy in respect of the information collected about you. Day1 may change this Policy at any time. Day1 shall deem your continued use of the Games or access of the Website as indicating your consent to such changes.
2. Visitors to the Website
The Website collects information from you in the following ways:
A. Day1 uses cookies for the limited purposes set out in TABLE ONE below to collect certain analytical/technical information. Day1 relies on consent to collect this information, such consent obtained via you clicking to agree to such cookies being placed when you first visit the Website or otherwise changing the cookie settings so that such cookies are not placed.
B. Should you choose to contact Day1 via the Website, Day1 will collect your e-mail address together with any other information that you submit in connection with such contact request. Day1 relies on consent to collect this information because you choose whether to contact Day1 or not and can choose how much personal information to provide to Day1 in doing so.
3. People who use the Games
A. Game Data:
Day1 will collect the following information from you when you use the Games:
i. If you do not log in via a social network, certain information collected by Day1’s use of cookies and similar technologies (“Technologies”). These collect information such as your device ID and other technical/analytical information relating to how you interact and play the Game in question. Day1 will also assign you a User-ID which is a random string of characters used to identify you as a unique player going forward. The Technologies that Day1 places when you use the Games are detailed in TABLE 2 below (“Analytics Data”);
ii. If you sign into one of the Games through Facebook, Google or Apple , in addition to the Analytics Data above, Day1 will also collect such information as Facebook, Google or Apple may allow Day1 to access, namely your full name, and if you sign in using Facebook, your Facebook ID (“Player Data” which, together with the Analytics Data is the “Game Data”);
iii. if you make any purchases, Day1 will collect certain information in relation to your purchases (please see paragraph 4(b) below) (“Finance Data”);
iv. if you consent or where we are otherwise permitted to send such communications in accordance with applicable data protection and electronic marketing legislation, to provide you with a newsletter and other marketing information which we consider you may be interested in (for example in relation to ours or our group’s other games) (“Marketing Data”); and
v. in certain instances, Day1 may use certain information relating to your Game progress and/or Game spend and/or other Game activity to invite you to complete surveys in relation to its Games, including, for example, to join its “Player Council” (“Survey Data”).
B. Financial Information: Your purchase and in-app purchases within the Games are handled through the platform on which you purchased the Game or through other payment processors (e.g. the Apple App Store or Google Play). Day1 does not retain any card or payment details, although Day1 does keep a record of your purchases and your aggregate spending.
C. What if Day1 cannot collect this information: You can use your browser settings and privacy settings on your social networks to prevent us collecting certain of the above information about you (see, for example, paragraphs 4(f) and 11 below). If you still have concerns about the information we collect please contact us at any time by sending an e-mail to support@day1games.com.
D. Usage by us: The categories of personal data mentioned above and otherwise herein have been collected and used by us in the past twelve (12) months for the business purpose(s) indicated herein.
4. How Day1 uses collected information from people who play the Games
Day1 will use the information it collects as set out in paragraph 3 above to:
A. in relation to the Game Data, offer the Games to the player in question;
B. in relation to the Analytics Data, to facilitate the improvement of the Games and your experience of the Games;
C. in relation to the Game Data and Finance Data to complete your transactions;
D. in relation to the Game Data to provide technical support in relation to player enquires, resolving disputes, collecting fees and troubleshooting;
E. in relation to the Game Data to prevent fraud or illegal activities;
F. in relation to the Game Data to serve targeted adverts to you (where you consent to this). You may opt-out of your Game Data being used for this purpose (or change your settings at any time) within the “Ad Settings” item of the “Settings” menu in-Game or by: (i) for iOS, going to “Settings”, scrolling down to “Privacy”, scrolling down to “Advertising” and then shifting the “Limit Ad Tracking” slider to the right; and (ii) for Android, going to “Settings”, scrolling down and clicking on “Google”, scrolling down and clicking on “Ads” and then shifting the “Opt out of Ads Personalisation” slider to the right;
G. in relation to the Marketing Data, to provide information about the Games, applications, services and other digital goods which Day1 thinks may be of interest to you. You can tell us to stop this at any time by sending an e-mail to support@day1games.com;
H. in relation to the Survey Data for Day1 to provide such survey to you; and
I. share with third parties for the purposes as described in paragraph 7 below.
5. Grounds for processing
Day1 relies on the legitimate interests processing ground to collect the information set out in paragraph 3 and use it for the purposes set out in paragraph 4, other than in relation to any Analytics Data which comprises non-essential cookies and/or Technologies, for the purposes of serving targeted advertising and/or the Marketing Data, in each case where Day1 relies on consent. Day1 also relies on consent in relation to the information collected by Day1 once a survey is presented to a player (no survey is compulsory to complete). It is in Day1’s legitimate interests to collect such items of personal data listed above because this is necessary in order to provide and improve the Games that are offered to you. The items of personal data collected are, in being limited to “business card” and “technical” type data, not of a nature whereby your rights and freedoms as a data subject are outweighed by such data collection.
6. Sharing information with third parties
Day1 will not pass your information to third parties other than as described in this paragraph. Day1 may, subject to its obligations to comply with applicable data protection legislation, share your information with third parties including:
A. its server providers which host and store the Game Data, such as Apple, Google, Microsoft Azure and AWS;
B. the third parties who assist Day1 in collecting the Analytics Data (as listed below);
C. where Day1 carries out any e-mail marketing campaigns, your name and e-mail address will be transferred to Mailchimp which carries out such campaigns on Day1’s behalf and, where Day1 carries out certain personalised advertising on TikTok Inc’s platform, your User ID and other device information may be shared with TikTok, Inc. (or its affiliates) in relation to allowing TikTok, Inc. to more carefully target our adverts to you;
D. Universally Speaking in relation to localisation services;
E. Helpshift and Keywords in relation to Day1’s customer support;
F. KTPlay, Vanilla Forum and Linkfluence in relation to the provision of various community features;
G. as part of the Games your information (for example your name, profile picture or user ID) may be posted on a Leaderboard of top scorers within the Game to be shared with other players and your social networks. You may also share elements of your performance or participation in the Games (e.g. your personal car design) with other players and your social networks;
H. with its group companies in order to assist and facilitate the services provided to you;
I. in relation to the sale of some or all Day1’s business, or its assets, to any third party, or as part of any business restructuring or reorganisation, but Day1 will take steps with the aim of ensuring that your privacy rights continue to be protected;
J. in anonymised form with data aggregators and service providers as part of an analysis of player metrics or sales performance; or
K. with law enforcement agencies in compliance with law enforcement.
7. Third Party Cookies
Third party advertisers may place or read cookies on your browser or device in the Games and on the Website. This Policy is applicable only to the use of cookies by Day1 and does not cover the use of cookie by any third parties (including advertisers or Facebook). For example, Facebook will place cookies to maintain a secure login to the Facebook network, amongst other things. More details of Facebook’s cookies are available on its website and further links to third party cookies are also set out in the tables below.
8. Links to third party websites and third party adverts
Day1 cannot be responsible for the privacy policies and practices of other sites even if you access them using links from the Games/Website, adverts in the Games/Website or from adverts on a webpage when you are playing the Game/are on the Website. Day1 recommends that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions. In addition, if you link to the Games from a third party site or via a social network (e.g. Twitter, Facebook), Day1 cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommends that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
9. Security, Storage and Data Retention
Day1 has implemented technology and policies to safeguard your privacy from unauthorised access and improper use. Where you log-in via a social network, you may also change your account settings on your social network to prevent both us and third parties seeing certain information in relation to you such as your Facebook profile. Day1’s physical servers are operated by third party cloud service providers and are located worldwide including in the EEA, USA and Asia. Where such information is transferred outside the EEA, Day1 has taken steps to ensure that its agreements with such third party providers contain provisions ensuring the adequacy of such transfer. Day1 has a retention policy in place with respect to the data it holds, ensuring that it does not retain such data for longer than is reasonable in line with the purposes for which it was originally collected.
10. Day1’s policy towards children
Day1’s Games are intended for anyone who is legally entitled to own a device that access them and play them and anyone who is legally entitled to make in-app purchases by the payment functionality the Games provide. However, Day1 does not knowingly collect personally identifiable information in relation to children under the age of 13. If Day1 discovers it has collected personal data in relation to any children under 13 Day1 shall take reasonable steps to delete such information. You may also be required to obtain your parents’/guardians’ permission to play the Games if you are under 18, as indicated in our Terms of Service.
11. Contact details
If at any time you would like to contact Day1 about your views on this Policy or any enquiry relating to your personal information, including but not limited to your rights under the GDPR and/or CCPA (as applicable), you can do so by sending an e-mail to us at support@day1games.com or write to us at Data Protection, 44-46 Scrutton Street, Shoreditch, London EC2A 4HH, UK. This is Day1’s registered address and we are a company incorporated in England and Wales with company number 10757385. You also have the right to make a complaint to the ICO by contacting them at any time.
12. Exercising your rights
You can contact us using the details set out in paragraph 12 above if you wish to: (i) access a copy of the personal data that we hold about you including what categories of personal data we have collected or sold about you; the categories of sources from which the personal data is collected by us; the business or commercial purpose for collecting or disclosing the personal data; the categories of third parties with whom we share your personal data; and the specific pieces of personal data that we have collected about you); (ii) correct any items of personal data that we hold about you; (iii) have any items of personal data that we hold about you erased or object to our processing of such items of personal data; and/or (iv) if applicable pursuant to the CCPA, receive a free copy of your personal data within 45 days of your verifiable request in a structured, commonly used and machine-readable or commonly used electronic format on request.
Day1 may ask you to verify your identity before Day1 responds to such requests. Please note that under the CCPA, Day1 is not required to delete information that is necessary to perform certain actions as outlined in the CCPA (e.g. to complete a transaction for which the information was collected or to provide the goods or services requested by you). You will not be discriminated against in retaliation for exercising the above rights and rights under the CCPA.
13. Cookies and other similar technologies
A. What are Cookies?
Cookies are small text files that are placed on your device when you visit a Website. Other similar technologies, defined in this policy as “Technologies”, are third party technologies used in a Game. Day1’s use of cookies and Technologies is detailed below. Session cookies enable you to move from page to page within websites and any information you enter will be remembered but is deleted when you close your browser. Persistent cookies allow us to remember your preferences and settings when you browse the Website in the future, in different browser sessions. We may use your social login (if you access a Game via a social media platform) and/or Day 1 User ID for save protection so that you can restore your progress in a Game. In our Games we use Technologies that track or store your data for advertising, attribution or analytics purposes.
B. Disabling Cookies:
The use of the cookies and Technologies described above improves the functionality of the Games and the Website and your experience using them. If you do not want these cookies and/or Technologies to be served on your device, you are able to disable them by changing the settings on your browser, or on your device. Please note that if you do decide to disable cookies and/or Technologies you may not be able to access some of the Games or the Website, some of the features of the Games or the Website, or the Games or Website may not function properly. By continuing to use the Games, and/or the Website, including using social networking media functionality, you consent to the relevant cookies being set on your device.
C. More information:
Information about the Technologies can be found in Table Two below.
TABLE ONE – Cookies used on the Website:
| Cookie Type | Purpose | Further Information |
|---|---|---|
| Google Analytics | Day1 uses Google Analytics cookies to collect information about how visitors use our Website, which Day1 uses to help improve it. These cookies collect information in an anonymous form, including the number of visitors to the Website, where visitors have come to the Website from and the pages they visited. | Google Privacy Overview to opt out of being tracked by Google Analytics visit http://tools.google.com/dlpage/gaoptout |
TABLE TWO – Technologies used in the Games:
Puzzle Heist
| Cookie Type | Purpose | Further Information |
|---|---|---|
| Adcolony | Advertising | https://www.adcolony.com/gdpr/ |
| Admob | Advertising | https://policies.google.com/technologies/partner-sites |
| Applovin | Advertising | https://www.applovin.com/optout |
| Amplitude | Analytics | https://amplitude.com/privacy |
| Appsflyer | Attribution | https://www.appsflyer.com/optout |
| Sign-in, advertising and attribution | https://www.facebook.com/business/gdpr | |
| Sign-in, advertising and attribution | Via the Ad Preferences setting within Facebook | |
| Iron Source | Analytics, Advertising | https://developers.ironsrc.com/ironsource-mobile/general/making-sure-youre-compliant-post-gdpr/ |
| Mintegral | Advertising | https://www.mintegral.com/en/privacy/ |
| Soomla | Ad Tracking | https://soomla.com/privacy-policy.html |
| Unity | Advertising | https://unity3d.com/legal/privacy-policy |
| Vungle | Advertising | https://vungle.com/privacy/ |
ANNEX: Joint Controllership
What does joint controllership mean?
Day1 Games Limited (“we”, “us” or “Day1”) is a separate legal entity and a wholly owned subsidiary of Hutch Games Ltd, a company that develops and distributes video games and products related to such games. We work closely together with Hutch to develop and test our Games. This means that we and/or Hutch jointly determine if and how certain personal data of yours is processed when you play our Games. Since we and Hutch each are controllers of your data when doing so, the working relationship is called a joint controllership. We and Hutch have come to an agreement that defines the respective responsibilities of ours and Hutch for compliance with the UK GDPR. In summary, we are responsible for giving you notice and for being the primary point of contact if you want to exercise your data subject rights, otherwise Day1 and Hutch are broadly responsible for their own obligations under UK GDPR. You can find out more on this division of responsibility below.
Who processes which data and why?
Hutch and we jointly process personal data of yours only in order for Day1 to carry out its day-to-day business activities and legal obligations. This includes the following typical cases:
Development & Publishing: Hutch and we share certain IT services that are provided and administered by Hutch and through this process personal data of players required for developing and running Day1 Games (legal basis: Art. 6 para. 1 let. b) and f) UK GDPR).
Promotion & Marketing: Hutch and we jointly market Day1 products and services. For this purpose, Hutch and we may process personal data of yours as joint controllers. Hutch and we may jointly decide whether and how personal data is used for marketing purposes (legal basis: Art. 6 para. 1 let. a) UK GDPR).
Data Subject Requests: Hutch and we jointly handle data protection requests that a data subject might send to Day1. Through this Hutch and we may jointly process personal data of yours provided in connection with a data protection request (legal basis: Art. 6 para. 1 let. f) UK GDPR).
Analytics: Hutch and we jointly process analytical data that one of them might collect within a Day1 game or on Day1’s website (legal basis: Art. 6 para. 1 let. a) UK GDPR).
The following types of personal data will be shared between and processed jointly by Hutch and us:
Information collected from players playing Day1’s Games, e.g., analytical and technical information collected by Day1’s use of cookies and similar technologies placed in such game; and information collected from a player who chooses to log-in to play the particular game via their chosen social network or Apple (e.g., name, e-mail address).
Information collected from the use of cookies on Day1’s website in relation to any visitors to such website who consent to such cookies being placed.
Information collected in relation to Day1’s players’ purchases and aggregate spending within each of Day1’s Games.
E-mail addresses of those Day1 players who consent to receiving electronic marketing messages from Day1, or to which Day1 is otherwise entitled to send such electronic marketing messages.
E-mail addresses, names and other personal data submitted when a data subject makes a data subject request to Day1.
Who is responsible for what?
Under the UK GDPR you have certain rights, namely:
Right of information: You have the right to be provided information regarding the processing of your personal data by us, in accordance with Art. 13 and 14 UK GDPR.
Right of access: You have the right to obtain confirmation as to whether or not we are processing your personal data and, if this should be the case, access to the personal data, in accordance with Art. 15 UK GDPR.
Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data concerning you, in accordance with Art. 16 UK GDPR.
Right to erasure (“right to be forgotten”): Under certain circumstances you have the right to obtain the erasure of personal data concerning you, in accordance with Art. 17 UK GDPR.
Right to restriction: Under certain circumstances you have the right to obtain the restriction of processing, in accordance with Art. 18 UK GDPR.
Right to data portability: Under certain circumstances you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit this data to another controller, in accordance with Art. 20 UK GDPR.
Right to object: Under certain circumstances you have the right to object to the processing of personal data concerning you, in accordance with Art. 21 UK GDPR. This includes but is not limited to the right to object in cases in which we process your personal data on the legal basis of Art. 6 para. 1 let. f) UK GDPR.
Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner (UK citizens), or a supervisory authority in particular in the Member State of the EU of your habitual residence (EU citizens), place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the UK GDPR or GDPR (Art. 77 (UK) GDPR).
Right to withdraw consent: If a processing of your personal data is based on your consent as set out in Art. 6 para. 1 let. a) UK GDPR or Art. 9 para. 2 let. a) UK GDPR, you have the right to withdraw your consent at any time with effect for the future, in accordance with Art. 7 para. 3 UK GDPR.
Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, as set out in Art. 22 para 1 UK GDPR.
Day1 is the primary contact point for you to exercise these rights of yours when data of yours is processed in connection with the joint controllership (see contact section below) and will be supported by Hutch to respond to your request. You can at any time of course also contact Hutch directly to exercise your data subject rights. Hutch and Day1 can assist each other to comply with our obligations set out in the UK GDPR we may have towards you. Irrespective of this, the UK GDPR grants you the possibility to exercise your rights in respect of and against each of the joint controllers.
How is your data secured?
We have implemented technical and organisational measures to ensure a level of security appropriate to the risk presented by the processing in accordance with Art. 24 and 32 UK GDPR.
What happens in a case of a personal data breach?
In case of a personal data breach and if this breach is likely to result in a risk to your rights and freedoms, we will, if necessary, with the assistance of Hutch and without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority. Should such breach likely result in a high risk for your rights and freedoms, we or Hutch (as appropriate), will, where required by Art. 34 UK GDPR, inform you about the personal data breach without undue delay.
Contact:
If you want to contact Day1 to exercise your rights or if you have any questions for us regarding the use of your data, please see the contact details in this privacy policy.
You can also at any time contact Hutch if you would like to make a request relating to your personal data, by using the contact details in Hutch’s privacy policy.
Depending on your request, it is possible that Hutch and we will forward your request to one another, should this be necessary to help each other out to answer your request or to get directly in touch with you for this purpose. The legal basis for this is Art. 6 para. 1 lit. f) UK GDPR, as we each have a legitimate interest in answering your inquiry effectively and satisfactorily for you. In case of a forward of your request, we and Hutch inform each other about the matter to the extent necessary for answering your request.