Bonus Level's Privacy Policy

Last updated: March 1, 2024

This Privacy Policy outlines our methods and practices regarding the gathering, utilization, and sharing of your information when you engage with our Service. It also informs you of your privacy rights and the legal protections afforded to you.

By engaging with our Service, you consent to our collection and use of your personal data as described in this Privacy Policy, aimed at enhancing and delivering the Service.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions.

The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  1. You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
    Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.
  2. Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to BONUS LEVEL LTD. Nikou & Despoinas Pattichi, 37, EVI COURT, 2nd floor, Office 202, 3071, Limassol, Cyprus.
    For the purpose of the GDPR, the Company is the Data Controller.
  3. Application means any of the software programs provided by the Company downloaded by You on any electronic device, named Scratch to Riches.
  4. Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  5. Account means a unique account created for You to access our Service or parts of our Service.
  6. Service refers to the Application.
  7. Country refers to: Cyprus
  8. Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

    For the purpose of the GDPR, Service Providers are considered Data Processors.
  9. Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  10. Personal Data is any information that relates to an identified or identifiable individual.

    For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

    For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
  11. Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  12. Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  13. Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
  14. Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
  15. Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
  16. Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
  17. Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal information to another business or a third party for monetary or other valuable consideration.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  1. Email Address
  2. Age (we may log Your age as indicated by you in the age gate upon downloading the App)
  3. Usage Data

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as:

Log Information: We log information about Your use of our Service, including the type of device You use, the features You use, access times, Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages.

Device Information: We collect information about the device You use to access Our Services, including information about the device’s software and hardware, unique device identifiers (i.e. Device ID and advertising ID), device tokens for push-messages, mobile network information and and other diagnostic data.

Usage Information: We collect information relating to Your use of the App, including Your game progress, scores, achievements and interactions with other players.

Consumption information: We collect information about Your consumption habits relating to Your use of the App, including which purchases you make with both virtual and real currencies and the reception of virtual goods in-game.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information Collected while Using the Application

We utilize the information we gather to enhance the features of our Service, tailor it to your preferences, and continually improve it. This data might be stored on the Company's or a Service Provider's servers, or directly on your device. You have the option to control access to this data at any time, either through your device's settings or by navigating to the Main Menu of the application and selecting the option to withdraw consent.

Use of Your Personal Data

We may process your information for specific purposes, in line with the legal foundations applicable to each type of personal data as outlined below:

Age Classification

- processing for:

  1. Identifying if you are a minor or adult to apply the correct data protection measures and comply with legal processing requirements.

    This processing is crucial for adherence to legal obligations, as specified in Article 6(1)(c) of the GDPR. Regulation (EU) 2016/679 by the European Parliament and of the Council from 27 April 2016 focuses on the protection of natural persons regarding personal data processing and the free movement of such data.

Data from Logs, Devices, Usage, Consumption, Third-Party Social Media Services, and Other Sources

- processed for:

  1. Maintaining and providing our Service, which includes monitoring Service usage.
  2. Fulfilling contractual obligations: Developing, adhering to, and executing the purchase agreement for products, items, or services you have acquired, or any other agreement made through the Service.
  3. Communicating with You: Reaching out via email, calls, SMS, or equivalent electronic communications like mobile app notifications about updates, technical notices, support messages, or information related to functionalities, products, or services, including security updates as necessary.
  4. Handling your inquiries: Addressing and managing your requests to us.

    Such processing is necessary to fulfill a contract you are part of, supporting the App's functionality, ensuring the delivery of requested services, and maintaining the App, as per Article 6(1)(b) of the GDPR.
  5. Customization and enhancement of the Service by providing personalized content and features.
  6. Analyzing trends and user activities related to our Service.
  7. Integrating information from various sources to better understand your needs and improve our service.

    This is justified by our legitimate interest in offering relevant content and advertisements and enhancing our services, in line with Article 6(1)(f) of the GDPR (known as the "balancing-of-interest rule").
  8. Delivering personalized ads to users who consented to share their advertising IDs with our advertising network partners for targeted advertising within the App.

    This approach is backed by our legitimate interest in delivering interesting advertisements to you under Article 6(1)(f) of the GDPR. Sharing your advertising ID for targeted advertising is based on your consent, following Article 6(1)(a) of the GDPR (detailed further under the Processing of Your Personal Data section).

Your personal information may be shared under these circumstances:

  1. With Service Providers: Your personal information might be shared with Service Providers to help analyze how our Service is used, display advertisements to support and maintain our Service, communicate with you, promote our Service on third-party websites after your visit, or process payments.
  2. During Business Transfers: In the event of a merger, asset sale, financing, or acquisition of our business, either fully or partially, to another company, your personal information may be among the assets transferred.
  3. With Our Affiliates: We might share your information with companies within our corporate family, ensuring they comply with this Privacy Policy. This includes our parent company, subsidiaries, joint venture partners, or companies under shared control.
  4. With Business Partners: We may share your information with business partners to bring you specific products, services, or promotions.

Data Retention

We keep your Personal Data only as long as necessary for the purposes outlined in this Privacy Policy. Your data is used as required to fulfill legal obligations, resolve disputes, and enforce agreements and policies.

Usage Data is kept for internal analysis, retained briefly unless it helps enhance security, functionality, or we're legally required to keep it longer.

Data Transfer

Your information, including Personal Data, may be processed where the company or its partners operate. This means we may transfer the data to computers in different jurisdictions with varying data protection laws than yours.

By agreeing to this Privacy Policy and submitting such information, you consent to this transfer.

We ensure your data is securely processed in line with this Privacy Policy, promising no transfer of your Personal Data to an entity or country without proper controls over data and privacy security.

Data Disclosure

Business Transactions

Should the Company partake in a merger, acquisition, or asset sale, your Personal Data may be transferred. You’ll be notified before your data is transferred and subjected to a different privacy policy.

Law Enforcement

In certain instances, we might have to disclose your Personal Data if legally required or requested by public authorities (such as a court or government agency).

Other Legal Necessities

We may disclose your Personal Data if we believe it’s needed to:

  1. Fulfill a legal requirement
  2. Defend the Company’s rights or property
  3. Prevent fraud or investigate potential wrongdoing in relation to the Service
  4. Ensure the safety of the Service's users or the public
  5. Guard against legal liabilities

Ensuring the Security of Your Data

Protecting your Personal Data's security matters to us, but no digital or storage transmission method is infallible. Despite our best efforts to safeguard your data using industry-standard protections, we cannot promise its absolute security.

How We Process Your Data

Only designated Service Providers have access to your Personal Data, strictly for carrying out their duties. We share your details with specified categories of recipients under GDPR's legal frameworks detailed in Sections 6(1)(b), 6(1)(c), and 6(1)(f).

Analytics Services

Third-party services assist us in understanding how our Service is used. We employ data processors for various tasks, including server hosting, technical operations support, user authentication, and analytics.

Google Analytics

As a web analytics service, Google Analytics helps us track and report on website traffic. Shared with other Google services, the data aids in customizing and contextualizing adverts across Google's network. Learn more about Google's privacy practices here: https://policies.google.com/privacy?hl=en.

Firebase

Provided by Google Inc., Firebase analytics supports our Service by enabling push notifications, among other features. You can opt out of specific Firebase functions via your device's settings or Google's guidelines in their Privacy Policy: https://policies.google.com/privacy?hl=en. More details on Firebase data collection are available at: https://policies.google.com/privacy?hl=en.

Crashlytics

A Fabric service, now owned by Google Inc., Crashlytics provides us insights into app crashes and malfunctions. Adhere to their terms here: https://firebase.google.com/terms/crashlytics and their data processing terms here: https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms/.

Advertisements

Upon your consent, compliant with GDPR Section 6(1)(a), we share your ad ID with networks to deliver personalized ads within the app. Our advertising partners are chosen carefully to align with our Service's support and maintenance needs.

AdMob by Google

Google Inc. provides AdMob services, allowing opt-out options as per Google's instructions: https://support.google.com/ads/answer/2662922?hl=en. For insights on Google's data use in partner sites or apps, visit: https://policies.google.com/technologies/partner-sites and their Privacy Policy: https://policies.google.com/privacy.

Payment Processing

Our Service may include paid products/services, utilizing third-party payment processors. We never store your payment card information, instead relying on third-party processors governed by their Privacy Policies. Compliance with PCI-DSS ensures the secure processing of payment details.

Apple Store In-App Payments

View their Privacy Policy here: https://www.apple.com/legal/privacy/en-ww/

Google Play In-App Payments

View their Privacy Policy here: https://www.google.com/policies/privacy/

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We process Personal Data under the following conditions:

  1. Consent: You have given consent for processing Personal Data for one or more specific purposes.
  2. Performance of a contract: Providing Personal Data is essential for the performance of an agreement with you or for pre-contractual obligations.
  3. Legal obligations: Processing is necessary to comply with legal obligations to which the Company is subject.
  4. Vital interests: Necessary to protect your vital interests or those of another person.
  5. Public interests: Related to performing a task in the public interest or in exercise of official authority vested in the Company.
  6. Legitimate interests: Necessary for the purposes of legitimate interests pursued by the Company.

We are ready to clarify the specific legal basis for processing, especially regarding whether providing Personal Data is a statutory or contractual requirement, or a requirement to enter into a contract.

Your Rights under the GDPR

We respect the confidentiality of your Personal Data and ensure you can exercise your rights.

If you are within the EU, you have the right to:

  1. Request access to your Personal Data. You can request a copy of the Personal Data we hold about you.
  2. Request correction. You have the right to have incorrect data we hold about you corrected.
  3. Object to processing. You can object to our processing of your Personal Data based on legitimate interests or direct marketing purposes.
  4. Request erasure. You can ask us to delete or remove Personal Data where there is no good reason for us continuing to process it.
  5. Request the transfer. We will provide your Personal Data to you or a third party in a structured, commonly used, machine-readable format.
  6. Withdraw consent. You can withdraw consent at any time, affecting the lawfulness of processing based on consent before its withdrawal.

Exercising Your GDPR Data Protection Rights

You can exercise your rights by contacting us. We may request verification of your identity before responding. We will respond as quickly as possible.

If you are in the European Economic Area (EEA), you can lodge a complaint with your local data protection authority if you have concerns about our data collection and usage.

CCPA Privacy

Your Rights under the CCPA

If you are a resident of California, you have specific rights regarding your Personal Data:

  1. The right to be informed about the categories of Personal Data collected and the purposes for which the Personal Data is used.
  2. The right to access the Personal Data collected by the Company over the past 12 months and information about sharing with third parties for direct marketing purposes.
  3. The right to say no to the sale of Personal Data. You can request the Company not to sell your Personal Data.
  4. The right to know about the Personal Data collected, including categories, sources, commercial purposes, and third parties it is shared with.
  5. The right to delete Personal Data collected in the past 12 months.
  6. The right against discrimination for exercising consumer rights, including differences in prices, quality, or levels of service.

Exercising Your CCPA Data Protection Rights

To exercise any of your CCPA rights, contact us. We will respond to verifiable requests within 45 days, with a possibility of extending the period once for another 45 days with prior notice.

Do Not Sell My Personal Information

We don't sell personal information. However, our Service Providers may use technology that constitutes a "sale" under CCPA. You can opt-out of these potential sales for interest-based advertising purposes by following the provided instructions.

Mobile Devices

Your mobile device may offer settings to opt-out of interest-based ads:

  1. On Android: "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization"
  2. On iOS: "Limit Ad Tracking"

"Do Not Track" Policy as per CalOPPA

Our Service does not respond to Do Not Track signals. Some third-party sites do track your browsing activities, and you can set your preferences in your web browser to inform sites you do not want to be tracked.

Children's Privacy

Our Service is not aimed at individuals under the age legally defined for consent without parental approval in the jurisdiction of the user. We do not deliberately gather personal information from minors under this legal age threshold. If you are a parent or guardian and discover that your child has provided us with personal information, please contact us. Upon learning we have inadvertently collected personal information from a minor without appropriate consent, we will take steps to delete such data from our servers.

Additionally, for users aged 21+, we may restrict the collection, usage, and retention of their information, potentially affecting the availability of certain service features.

Your California Privacy Rights (California Business and Professions Code Section 22581)

Under California Business and Professions Code section 22581, California residents under 18 who are registered users of online sites, services, or applications have the right to request the removal of unwanted public posts.

If you are a California resident looking to remove such content, please reach out to us at the provided contact details, including your email address associated with your account. Note that removal requests do not ensure the complete deletion of the content or information published online and may not be feasible or required under certain legal conditions.

Links to Other Websites

Our Service may feature links to external sites not operated by us. Clicking on a third-party link will direct you to that site. We strongly advise reviewing the Privacy Policy of each site you visit.

We do not control and are not liable for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy periodically. We will notify you of any changes by updating the date at the top of this policy. For significant changes, we will provide more specific notice or obtain your renewed consent as required. We encourage you to review our Privacy Policy regularly for the latest information on our privacy practices. Changes to this Privacy Policy become effective when they are posted on this page.

Contact Us

For any questions or concerns regarding this Privacy Policy, please contact us at:

Address: BONUS LEVEL LTD., Nikou & Despoinas Pattichi, 37, EVI COURT, 2nd floor, Office 202, 3071, Limassol, Cyprus.

Email: support@bonuslevel.eu