1.1 Personal Information

In this Policy, "Personal Information" refers to any data that identifies or can be linked to an individual or household, directly or indirectly, including but not limited to data protected under data privacy laws. 

Your privacy is of utmost importance to us. Hence, we have crafted this Policy to provide you with a clear understanding of how we collect, use, communicate, disclose, and utilize personal information. Here's an outline of our Privacy Policy:

1. Before or at the time of gathering personal information, we will specify the purposes for which the information is being collected.
2. We will collect and utilize personal information solely to fulfill the purposes specified by us and for other compatible purposes, unless we obtain the individual's consent or as mandated by law.
3. Personal information will only be retained for as long as necessary to fulfill those purposes.
4. We will gather personal information through lawful and fair means, and with the individual's knowledge or consent where appropriate.
5. Personal data will be relevant to the purposes for which it is intended, and, to the extent necessary, it will be accurate, complete, and up-to-date.
6. We will safeguard personal information with reasonable security measures against loss, theft, unauthorized access, disclosure, copying, use, or alteration.
7. Information about our policies and practices concerning the management of personal information will be readily available to our customers.
8. We are dedicated to conducting our business in accordance with these principles to ensure the confidentiality of personal information is preserved and upheld.

1.2 Gathering of Personal Data

The scope of Personal Data we gather is shaped by the specifics of the services we provide and engage in, as well as our interactions with users.

1.3 Types of Personal Data Collected

The range of Personal Data we accumulate varies based on the interaction, yet may include the following categories, adhering to relevant legal standards and limitations:

• Identifying Information: This includes names, usernames, account names, blockchain addresses, physical addresses, phone numbers, birth dates, email addresses, discord username, twitter username and other online identifiers.
• Customer Records: Digital records that contain Personal Information. Note that payment details are also collected but are processed through a third-party payment processor.
• Blockchain Details: Information such as your wallet address, activities on the blockchain, and interactions with our services in the blockchain environment.
• Device Details: Data such as your IP address, type of web browser, operating system, mobile carrier and manufacturer details, installed applications, device and advertising identifiers, and push notification tokens.
• Protected Class Information: Data related to protected classifications under law, including race, gender, age, and disability.
• Communications: Information from direct interactions, such as through web forms, online polls, or engagements with our blogs and posts.
• Commercial Data: Records of products or services that have been purchased, acquired, or considered, along with other related purchase or consumption histories.
• Usage Data: Information on internet or other electronic network activity, including browsing and search history, and interactions with our website, applications, or advertisements.
• Location Data: General information about the location of an individual or device, derived from your IP address, but not including precise geolocation data.
• Profiles and Preferences: Inferences made from any of the data mentioned above to form a profile that reflects an individual’s preferences and behavior.

1.4 Sources of personal Data for Gaming Arcade

At Gaming Arcade, we gather Personal Data from a variety of sources to enhance your gaming experience:

• Directly from You: This includes data provided when you set up a user account with us, link your blockchain wallet to your Gaming Arcade account, interact with our chatbots, engage in transactions, use our services, enter our competitions and promotions, sign up for our marketing materials, or reach out to our customer support team.
• From Third Parties: We receive information from affiliates, public databases, service providers (like those for fraud detection, identity verification, and security), data resellers, social media platforms, marketing partners, and affiliates.
• Through Your Use of Our Services: We automatically collect data when you navigate our website or interact with our services, as well as derive insights about your preferences and interests from the personal data we've gathered and our interactions with you.

1.5 Personal Data We Collect From You

Our collection of your Personal Data can include:

• Registration and Account Information: Upon registering for an account with Gaming Arcade, we collect details such as your blockchain addresses, usernames, and email addresses. Connecting third-party services to your account also allows us to gather data from those services, along with other preferences and payment information you provide.
• Marketing Engagement: By opting into our marketing communications or participating in events we host, you're giving us information like your name, contact details, and your interests.
• Communications: Anytime you contact us through email, phone, or other means, we keep a record of your contact information, the content of your communications, and our responses to ensure we provide the best support and service.

1.6 Gathering Data From External Source at Gaming Arcade

Gaming Arcade might obtain Personal Data about you from outside sources, which we might merge with the data we already have, including:

• External Accounts: When you link external accounts (like Twitter, Discord, or GitHub) to your Gaming Arcade profile, we gather specific information provided by these platforms.
• Transactions: For transactions such as purchasing NFTs or other blockchain assets through our services, we collect necessary details to process payments, including names, billing addresses, and payment methods like credit card numbers or PayPal accounts.
• Social Media Integration: If you integrate or interact with our services via social media platforms, we're authorized to access certain profile information. This extends to interactions on social media pages or posts involving Gaming Arcade, where we might collect data related to these engagements.
• Additional Third-party Data: We may receive updated contact details or demographic information from third-party sources, including public databases.

1.7 Automated Data Collection

Our collection of Personal Data may also happen automatically through your interaction with our services:

Digital Footprints: Gaming Arcade and our service partners employ various digital tracking tools, including cookies and pixels, to gather data from your browser or device. This includes but isn't limited to browser types, device specifications, operating systems, application details, and online activity indicators like page visits, link clicks, and timestamps within our website, as well as IP addresses tied to your activities. This automatically gathered information could be integrated with other Personal Data we've compiled to enhance your service experience

1.8 Utilization of Personal Data at Gaming Arcade

Gaming Arcade is committed to processing your Personal Data only when legally permissible. The diverse uses for Personal Data include, but are not limited to:

• Support and Services Provision: We use your data to deliver our services, manage our website and app, generate your unique gaming profile, update your Gaming Arcade user details, and engage with you across our platforms. This includes addressing inquiries, troubleshooting, fulfilling requests, processing payments, and offering customer support, grounded in fulfilling our contractual obligations to you.
• Business Analysis and Enhancement: We analyze user interaction with our services to enhance our offerings, develop new features, and improve overall service and operations. This includes conducting surveys, understanding customer interests, and performing other research and analytical tasks to better comprehend and serve our user base, justified by our legitimate interest in advancing our services.
• Personalizing User Experience: We aim to customize the content and services we offer, tailoring them to fit user preferences and interests. This personalization effort is based on our legitimate interest in providing a more engaging and tailored service.
• Marketing and Promotion: With your consent, we engage in marketing efforts to present you with more relevant advertisements and updates, aiming to inform you about our services and products that might interest you, thereby potentially expanding our customer base.
• Business Security: We take measures to protect our operations, assets, and technological infrastructure, actively preventing and addressing fraud, unauthorized access, and other threats, based on our legitimate business interest in safeguarding our enterprise.
• Legal Rights Defense: We manage and address legal disputes and claims, safeguarding our rights or interests, including in litigation contexts, relying on our legitimate interest in defending our business.
• Auditing and Governance: Our operations undergo various audits and reviews to comply with financial, legal, and operational obligations, supporting our business's legal and governance structures.
• Legal Compliance: We adhere to legal requirements, processing data as necessary to comply with laws, court orders, and law enforcement or regulatory requests.
• Legitimate Business Interests: We process your Personal Data in ways that are essential for our legitimate business interests, ensuring that the impact on you is considered and balanced against our business needs.

Aggregated and Anonymized Data: We may anonymize data to create aggregated datasets for business assessment, industry benchmarking, and analytical purposes, under the allowance of applicable data protection laws.

1.9 Disclosure of Personal Data at Gaming Arcade

At Gaming Arcade, we may share or reveal the Personal Information we gather as outlined below:

• Service Providers: We might disclose Personal Information with third-party service providers who utilize this data to render services for us, such as hosting providers, auditors, advisors, consultants, and customer service providers.
• Advertising and Marketing Partners: Personal Information may be shared with third parties offering advertising, campaign measurement, and analytics services. These parties may access data about your service usage to enhance our ad targeting and campaign measurement efforts.
• Subsidiaries, Affiliates, and Business Partners: We may share your Personal Information with affiliated companies and business partners for the purposes outlined in this Policy.
• Legal Compliance: We may share Personal Information in response to legal mandates, court orders, or government investigations, or when necessary to protect the rights, property, and safety of our company and others.
• Business Transfers: Personal Information may be disclosed as part of business mergers, sales, acquisitions, or similar events.
• Protection of Rights: We may disclose Personal Information to respond to claims, enforce agreements, prevent fraud, or protect the rights and safety of Gaming Arcade, our affiliates, partners, clients, and customers.
• Aggregated and De-identified Data: We may share aggregated or de-identified information with third parties for research, marketing, advertising, and analytical purposes.

If you choose not to provide requested Personal Information or withdraw your consent to its processing, it may impact your ability to use our Services.

1.10.1 Managing Your Personal Information and Rights

Marketing Preferences: If you previously consented to the use of your personal information for direct marketing purposes and wish to revoke this permission, you can do so at any time by reaching out to us on [email protected]

1.10.2 Complaints Procedure:

Should you believe that we have violated any relevant data protection regulations and desire to file a complaint, kindly reach out to us using the contact details provided below, furnishing us with comprehensive information regarding the alleged breach. We will conduct a thorough investigation into your complaint and provide a written response outlining the findings of our investigation and the measures we intend to undertake to address your concerns. You may also have the option to escalate your complaint to a regulatory authority or data protection agency. For additional information, please refer to the EU/UK Addendum.

1.11 Handling of Sensitive Information

We kindly request that you refrain from sending or disclosing any sensitive Personal Information to Gaming Arcade unless explicitly requested. This includes, but is not limited to, details such as social security numbers, racial or ethnic origin, political opinions, religious beliefs, health information, biometrics or genetic characteristics, criminal background, or trade union membership. Please exercise caution and discretion when sharing any such sensitive information on our Services or directly with us.

1.12 Ensuring Your Information's Security

At Gaming Arcade, we prioritize the security of your personal data through stringent measures:

• We employ robust security protocols, including SSL technology, to encrypt all sensitive information during transmission.
• Your data is stored in secure databases managed by authorized personnel with strict access controls.
• We are committed to maintaining the confidentiality of your information and ensuring its safety at all times.

1.13 Ensuring Confidential, Resilient, and Available Processing Systems

At Gaming Arcade, we employ various measures to ensure the confidentiality, resilience, and availability of our processing systems. This includes implementing high availability practices, maintaining business continuity, and executing prompt disaster recovery plans. Additionally, we enforce stringent physical and logical access controls and conduct regular penetration testing to identify and address potential vulnerabilities.

• High Availability: We utilize properly-provisioned, redundant servers across all aspects of our gaming infrastructure to mitigate the impact of failures. Regular maintenance procedures are executed without disrupting availability.
• Business Continuity: We store encrypted backups of data daily in multiple regions on Google Cloud Platform, enabling swift restoration in the event of production data loss
• Disaster Recovery: In the case of a region-wide outage, we initiate duplicate environments in alternative Google Cloud Platform regions. Our operations team possesses extensive experience in conducting full region migrations.
• Physical Access Controls: Our gaming infrastructure is hosted on secure platforms like Amazon Web Services and Google Cloud Platform, which feature robust physical security measures such as biometrics, access cards, and surveillance systems.
• Logical Access Controls: Only designated Dapper operations team members with two-factor authenticated access have the authorization to configure our infrastructure on Google Cloud Platform. Private keys for individual servers are securely stored and encrypted.
• Penetration Testing: We engage independent third-party agencies to conduct annual black box penetration testing to identify and address security vulnerabilities proactively.
• Intrusion Detection and Prevention: Google Cloud Platform's intrusion detection and prevention systems (IDS/IPS) are deployed to identify and mitigate unusual network patterns or suspicious behaviour. We prioritise maintaining a secure environment to prevent known threats and remedy dangerous situations promptly.

1.14 Data Retention Policy

We retain Personal Information for as long as necessary based on the purpose for which it was collected and in accordance with relevant laws.

Factors influencing our retention periods include:

• Duration of our relationship and your use of our services (e.g., as long as you maintain an account or continue to use our services).
• Legal obligations we must adhere to (e.g., laws mandating certain transaction records be retained for a specific period).
• Prudence regarding our legal stance (e.g., considering statutes of limitations, ongoing litigation, or regulatory inquiries).

1.15 Erasure of Personal Data

We are committed to erasing your personal data when it is no longer necessary for the purposes for which it was collected or to meet specific legal requirements.

• If you have made a purchase, your personal data will be deleted no later than two years after your last transaction, unless a longer retention period is required by law.
• If you have communicated with us via email, we will delete the information within 30 days, unless obligated by law to retain it longer. 
• Alternatively, you may request the deletion of your personal data by sending an email to us at [email protected]with "Please delete my personal data" in the subject line. We will verify your request and delete the associated personal data. We aim to respond to your request within 14 days, but in any case, within 30 days of receiving it.

2. AUTOMATED DECISIONS

Automated decisions, which are decisions made without human intervention and hold legal implications or similarly significant effects, are not conducted as part of our processing activities within the Gaming Arcade.

3. COOKIES & DATA ANALYTICS

At Gaming Arcade, we employ cookies, pixels, tags, and other technologies, some of which may be provided by third parties, across our platform to enhance specific functionalities, ensure security, and prevent fraud. Additionally, these tools help us gather usage data about our website and emails, personalize content, and deliver more relevant advertisements and information. The information collected through these means may be combined with other data, including Personal Information.

For further details, please refer to our cookie policy accessible here: [insert Cookie Policy URL here]

3.1 Cookies: Alphanumeric identifiers transferred to your computer via web browsers serve record-keeping functions. While certain cookies facilitate log-ins or save preferences, others aid in tracking usage and activities on our platform, personalizing content, or delivering targeted ads. Although most web browsers automatically accept cookies, you have the option to adjust your browser settings to block them. However, please note that blocking cookies may affect the availability or functionality of certain features on our website.

3.2 Third-Party Cookies: Third parties may utilize cookies and similar technologies to gather information from our site and other online sources to deliver targeted advertisements. If you wish to opt out of such advertising practices on the device you're currently using, please visithttp://optout.aboutads.info . Additionally, the Network Advertising Initiative provides a means to opt out of several advertising cookies. For more information, please visitHome - NAI: Network Advertising Initiative. . Please note that opting out does not mean you'll cease to receive online advertisements; it simply means that the opted-out companies will no longer deliver ads tailored to your preferences and usage patterns.

3.3 Pixel Tags and Embedded Scripts: Pixel tags, similar to cookies but embedded invisibly on web pages, track user activities, improve ads, manage content, and gather usage data about our website. These tags may also be used in HTML emails to monitor email engagement rates and forwarding.

3.4 Third-Party Analytics Tools: Our website employs automated devices and applications operated by third parties, such as Google Analytics, to collect and analyze information about website usage. Google Analytics may also gather data regarding the use of other websites, apps, and online resources. To learn more about Google’s practices, please visit www.google.com/policies/privacy/partners/ , and to opt out, you can download the Google Analytics opt-out browser add-on from Google Analytics opt-out browser add-on.

4. EXTERNAL WEBSITE LINKS

Within Gaming Arcade's services, you may encounter links to various websites operated by third parties, including those displaying Gaming Arcade trademarks. This Privacy Policy does not govern third-party websites accessible through our services unless such sites explicitly refer users or visitors to this Policy. Clicking on these links will redirect you away from our services to the website of the respective organization or company. Despite any affiliations, we do not oversee these linked websites. Each maintains its own privacy and data collection policies. We encourage you to review the privacy policies of these external sites to understand how they collect, use, share, and secure your information before providing any Personal Information.

5. Minor's Privacy

Gaming Arcade restricts the use of its services to individuals of legal age, and users under the age of 18 are prohibited from accessing our services. Gaming Arcade does not knowingly collect or retain Personal Information from individuals under the age of 18. If it comes to our attention that we have inadvertently collected Personal Information from a child under 18, we will promptly remove such information. If you have any concerns regarding the collection of Personal Information from minors using our services, please reach out to us using the contact information provided in the "Contact Us'' section below. While our services are not intended for individuals under the age of 18, if your child has used our services and you wish to review or delete their Personal Information, you can make such a request by contacting us at the address or email provided under 'Contact Us' below.

6. INTERNATIONAL  DATA TRANSFERS

6.1 Data Transfers Outside UK/Europe

Processing Your Personal Information

We handle your personal information to fulfill our contractual obligations and provide you with optimal services, including:

• Registering and maintaining your account with us
• Delivering our Services, content, and website functionalities
• Enabling your access to and usage of our Services, associated applications, and affiliated social media platforms

We seek your consent to process your personal information for the following purposes

• Subscribing you to marketing communications
• Customizing our Services to suit your preferences
• If you opt into marketing, communicating with you about products, services, marketing, promotions, events, and other relevant information we believe will interest you

In line with our legitimate interests to be responsive, provide effective services, and maintain our business relationship, we may use your personal information to:

• Contact and engage with you

Furthermore, we may process your personal information to comply with legal obligations (e.g., compliance requirements), resolve disputes, and ensure security and fraud prevention. This includes ensuring the safety and security of our sites and apps, aligning with our Terms of Use at [https://gamingarcade.io/policy/terms-of-use ].

6.2 Data Storage Locations:

The personal information we gather from you may be transferred to and stored or processed in countries beyond the European Economic Area (EEA) and the United Kingdom (UK). Additionally, your personal information may be processed by personnel outside the EEA and the UK, including employees of ours or our third-party service providers or partners. We commit to taking all reasonably necessary steps to ensure that your personal information is handled securely and in accordance with this Privacy Policy

It's important to note that privacy laws in these countries may differ from those in your home country. When transferring data to a country without adequate data protection standards, we ensure the implementation of security measures and approved European or UK model clauses (accessible on the European Union’s legal website at EUR-Lex — Access to European Union law — choose your language and the UK's ICO website at www.ico.gov.uk ), or other suitable safeguards to protect your Personal Information. Should you require further details about our data transfer safeguards outside the UK/EEA, please contact us.

For users outside the UK and EEA, if we transfer your Personal Information to countries beyond your home country, we will adhere to the necessary requirements for such transfers as mandated by relevant laws in your home country.

6.3 UK/EEA Residents Rights Regarding Personal Information

According to the law, you possess several rights concerning your Personal Information. For additional information and guidance regarding your rights, you may contact the data protection authority in your jurisdiction. Many countries allow individuals to file complaints with the regulator if necessary.

You have the right to request a copy of the Personal Information we have on record about you, or details about how we utilize or disclose your Personal Information. Additionally, you can ask us to rectify or update your Personal Information, or withdraw your consent and request cessation of the use or disclosure of your Personal Information for any of the purposes outlined in this Policy.

To exercise these rights, you can submit your request in writing or via email using the contact details provided below.

While we typically fulfill requests and provide information at no cost, we reserve the right to charge a reasonable fee to cover administrative expenses for baseless, excessive, or repeated requests, or for additional copies of the same information. Alternatively, there may be circumstances in which we are entitled to decline the request. Please carefully consider your request before submission. We will strive to respond promptly, typically within one month of receiving your request. However, if additional time is required to address the request, we will inform you accordingly.

6.4 Rights of Data Subjects Under United Kingdom and European Regulations:

In compliance with the GDPR, EEA/UK citizens are granted the following rights to safeguard their data privacy:

1. Right to information: Individuals have the entitlement to be informed about the processing of their personal data, including how and when it occurs.
2. Right to Access: Individuals can request access to their processed data, along with details about the purpose and duration of processing.
3. Right to Object: Individuals reserve the right to object to the processing of their personal data for purposes they find inappropriate
4. Right to Erasure: Data subjects can request the deletion of their data if it's no longer necessary or if consent is withdrawn, except when required for legal obligations or public tasks.
5. Right to Rectification: Individuals can request the correction of inaccurate or incorrect data concerning them
6. Right to Restrict Processing: Data subjects can limit the processing of their personal data for purposes they don't approve of, with compliance to the imposed restrictions.
7. Rights Related to Data Portability: Upon choice, data subjects can transfer their data to other data controllers and request a copy of their personal data for such purposes.
8. Right to Automated Decision Making: In instances of automated decision making during data processing, individuals must be informed and have the right to intervene or object to the process. 

6.5 California Residents' Privacy Rights

Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents providing us with certain personal data have the right to request and receive, free of charge, information about any personal data we have shared with third parties for their direct marketing purposes during the preceding calendar year. Requests can be made once per calendar year for information regarding relevant third-party sharing from the prior calendar year. California residents wishing to make such a request can do so by submitting a request to the contact information provided below. The request should confirm the requester's California residency and include a current California address. We are obligated to respond to a customer request only once during any calendar year. Please note that not all information sharing falls under California’s “Shine the Light” law, and our response will only include information sharing covered by this law.

6.6 California Consumer Privacy Act Disclosures

In accordance with the California Consumer Privacy Act of 2018 ("CCPA"), we offer additional insights into the types of Personal Information we collect, utilize, and disclose about California residents. This section is not applicable to our job applicants, employees, contractors, owners, directors, or officers, concerning Personal Information collected in relation to their current, former, or potential roles with us.

6.7 Collection and Disclosure of Personal Information

The following table outlines the categories of Personal Information about California residents that we intend to collect, as well as those we have collected and disclosed for our operational business purposes in the past 12 months.

Categories of Personal Information	Disclosed to Which Categories of Third Parties for Operational Business Purposes	To Whom We Sell Information
Audio/Video Data; Audio, electronic, and similar information	Affiliates; service providers; business partners; joint marketing partners; contest sponsors; legal authorities; debt collectors, payment system operators or sub-contractors	N/A
Identifiers, such as username, contact information, government-issued ID, IP address and other online identifiers	Affiliates; service providers; business partners; joint marketing partners; contest sponsors; legal authorities; debt collectors, payment system operators or sub-contractors	Analytics vendors; advertising partners
Internet or network activity information, such as interactions with our online properties	Affiliates; service providers; business partners; joint marketing partners; contest sponsors; legal authorities; debt collectors, payment system operators or sub-contractors	Analytics vendors; advertising partners
Commercial Information, such as transaction information and purchase history	Affiliates; service providers; business partners; joint marketing partners; contest sponsors; legal authorities; debt collectors, payment system operators or sub-contractors	Analytics vendors; advertising partners
Geolocation Data, such as approximate location derived from IP address	Affiliates; service providers; business partners; joint marketing partners; contest sponsors; legal authorities; debt collectors, payment system operators or sub-contractors	N/A
Personal information as defined in the California customer records law, such as name, contact information and government-issued ID	Affiliates; service providers; business partners; joint marketing partners; contest sponsors; legal authorities; debt collectors, payment system operators or sub-contractors	N/A

In the preceding 12 months, we have not engaged in the "selling" or past "sale" of Personal Information as defined by the CCPA. This includes refraining from any sale of Personal Information belonging to minors under the age of 16.

6.8 Privacy Policy - California Privacy Rights

As a California resident, these are your rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), and how you can exercise these rights with respect to the Personal Information we collect.

6.9 Your Rights under the CCPA and CPRA

As a California resident, you are afforded specific rights regarding your personal information. These include:

1. The Right to Know: You have the right to request information about the categories of personal information we have collected about you, the sources from which we have collected that information, the purposes for collecting or selling the information, and the categories of third parties with whom we share personal information. This includes access to the specific pieces of personal information we have collected about you.
2. The Right to Delete: You may request the deletion of your personal information that we have collected, subject to certain exceptions prescribed by law.
3. The Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information to third parties. This includes the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes.
4. The Right to Data Portability: Upon request, you have the right to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format that can be transferred to another entity without hindrance.
5. Non-Discrimination: Exercising your CCPA rights comes with the assurance that you will not receive discriminatory treatment by us for the exercise of the privacy rights conferred by the CCPA.
6. No Sale of Personal Information of Minors: We respect the privacy of minors. If you are under 16 years of age, we will not sell your personal information without affirmative authorisation.
7. Legal Action:You have the right to exercise legal action in the event of a data breach, as permitted under the CCPA and CPRA.

6.10 How to Exercise Your Rights

To exercise any of the rights described above, please follow the instructions available in our Privacy Policy regarding the submission of requests. You can typically submit requests through a designated email address [email protected] .

We are committed to honouring your rights under the CCPA and CPRA and will respond to your requests in accordance with applicable law.

6.11 Additional Information for Nevada Residents

If you reside in Nevada, you have the option to opt-out of the sale of specific Personal Information to third parties intending to license or sell that data. You can exercise this right by reaching out to us at [email protected], using the subject line "Nevada Do Not Sell Request," and providing your name along with the email address linked to your account. Please be aware that we presently do not engage in the sale of your Personal Information as defined in Nevada Revised Statutes Chapter 603A. Should you have any inquiries, feel free to contact us using the information provided below.