Updated: 24 April 2022
We are the data controller under the applicable privacy laws.
For the purpose of this Policy, “Information” means any information relating to an identified or identifiable individual. This includes Information relating to your use of: (a) our mobile app (“Mobile App” the “Service”); (b) www.luckyblock.com and any other dedicated websites which link to this policy (“Website”). When you use the App or website you accept our rules and policies which set out how we handle your Information, and you understand we may collect, process, use and store your Information as described in this Policy. “Payment” refers to deposits made using tokens via your virtual wallet. If you do not agree with this Policy, you must not use our app or website. If you change your mind in the future, you must stop using our app or website, and you may exercise your rights in relation to your Information as set out in this Policy.
Our services are not available for use by children and are intended for persons over the age of 18 years old and 21 years old in some jurisdictions. Please refer to your country laws in accordance with age-appropriate guidance.
To comply with the current ‘UK Data Protection Act’ for Children, specifically the Age-Appropriate Design Code (also known as the Children’s Act), risks have been assessed using a risk matrix during our Data Protection Impact Assessment. More information can be found https://ico.org.uk/for-organisations/childrens-code-hub/
1. PERSONAL INFORMATION WE COLLECT
We may collect and use the following Information about you:
Information you provide to us:
- Registration information: as no registration is needed, we will not collect any information from you. You will connect / login to our website and app by connecting your wallet held with Trust Wallet or MetaMask.
- Information collected via our customer support channels, for example, when you contact us via email, you may provide us with (a) your full name, email and (b) any information you choose to provide to allow us to assist you. This information is not used or shared for any purpose other than to assist with your reason for contact.
- Information you provide when using the app or website: You are only required to submit personal information, should you choose to opt into marketing emails, such as newsletters and updates.
- Information provided: It is the responsibility of the you, the ‘user’ to ensure your details are accurate and up to date and, where possible, to only provide such information as is necessary when you contact us.
Information we automatically collect or is generated about you when you, register for newsletters or updates or connect to our app or website:
- Identifiers, such as your name, email address, IP address, device and app ID, unique ID, location data and device information (such as model, brand and operating system).
- Information regarding your use of the website or app, such as date and time stamps of events, interactions with our teams.
- Location based data, is collected within the app, and can only be collected if you, the ‘user’ has your location services activated. When the app is installed, it will ask for permission to allow the app to access your location service, you can accept or deny. You can also go into your settings on your phone and disable this at any time.
Information received from third parties:
- Information we receive from third party platforms when you register: when you register through a third-party account (Apple or Google Play), we may receive your third- party ID.
- Partner Exchanges: when you make payments in the form of tokens via your wallet connection, we do not get a notification of the unique wallet number. This information is publicly held on the block chain.
- Analytics information: We integrate certain analytic software, Google analytics, a third-party analytics provider. They provide reports that help us optimise our features. This information may include user activity but is not identifiable information.
- Information from mobile measurement partners: we receive information from third parties to allow us to track performance and to detect fraud. This includes, IP address, location and in some circumstances transaction information.
- Third-Party Terms and Policies. When connecting your virtual wallet to our app or website to login, third-party terms or policies may apply. It remains the responsibility of the user to ensure you have read and agree to their terms.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2. HOW WE USE YOUR PERSONAL INFORMATION
We will only use your personal data (such as name, email address or telephone number if provided to us) when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
The UK GDPR highlights certain purposes that either ‘constitute’ a legitimate interest or ‘should be regarded as’ a legitimate interest. These are: fraud prevention; network and information security; and indicating possible criminal acts or threats to public security.
Some processing is necessary because it is in our or a third party’s legitimate interests, such as those of visitors, members, or partners.
We may collect information in a way that does not directly identify you; we may collect information you have shared with us, and we may use and share such information as necessary for our business purposes and as permitted by applicable law.
The Lawful Bases we rely on and our legitimate interests
We process your information on the following lawful bases and in furtherance of the following legitimate interests:
- Provide you with the service. More in particular, we will use Information to perform our contractual obligation towards you to allow you to connect to our services via your virtual wallet. The Information we process when doing so may include a unique identify which does not identify your personally.
- Improve and monitor use. To improve our service for our customers. When doing so, we may collect information such as a unique identify which will allow us to analyse information about your device such as battery, Wi-Fi strength, device manufacturer, model, and operating system.
- Provide you with support and to respond to your requests or complaints. If you reach out to us for support, we will use your Information to respond and resolve your queries and complaints, facilitate support. When doing so, we perform our contractual obligation towards you.
- Conduct analytics. To analyse interaction and to (a) create anonymised and aggregated data; (b) create segments of users who show characteristics or interests; and (c) conduct predictive analytics about your interests.
- Prevent fraud, defend Lucky Block against legal claims or disputes, enforce our terms and to comply with our legal obligations. To detect fraud or any other user behaviour which prejudices the integrity of our services, (2) taking steps to remedy aforementioned fraud and behaviour, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will process the Information relevant in such a case, including information you provide us, information we automatically collect about you, and information which is provided to us by third parties.
3. WHO WE SHARE YOUR PERSONAL INFORMATION WITH:
We share and may receive your Information with selected third parties, including:
Vendors and service providers, we rely on for the provision of the service, for example:
- Cloud service providers who rely on for data storage, being Digital Ocean Cloud Computing Company.
- Analytics providers. We work with several analytics, segmentation and mobile measurement service providers who help us understand our userbase. This includes Apple, Google, Digital Ocean Cloud Computing Company.
- Partner Exchanges: Your payments are in the form of tokens, connected directly to your wallet, being either Trust Wallet or MetaMask. These processors are responsible for the processing of your Information, and may use your Information for their own purposes in accordance with their privacy policies as below:
- MetaMask: https://consensys.net/privacy-policy/
- Trust Wallet: https://trustwallet.com/privacy-policy
- Law enforcement agencies, public authorities or other judicial bodies and organisations. We disclose Information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection).
- Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, re-organisation, partnership, asset sale or other transaction, we may disclose your Information as part of that transaction.
Third Party Privacy Practices
Our payment merchant guardarian.com may provide us with your personal information.
We may collect from them the following categories of personal data:
- your identification information necessary for your identification such as name, address, etc.
- your phone number for authentication purposes.
- documents and information necessary for compliance with KYC and AML rules such as copies of your identification documents (passport, ID card, driving license or other documents for the compliance) and information from external sources such as public databases, credit bureaus, ID verification partners, resellers and channel partners, joint marketing partners, and social media platforms.
- other personal data you share with us or personal data that we may legally obtain from some sources.
We never collect sensitive data. We do not use automated decision making or any kind of automated profiling. The recipients of the collected data are
(1) the highest management level of our company for whom it is necessary to process personal data for the functionality of the company and
(2) third-party service providers
Although we have in place security measures to maintain the privacy and integrity of your Information, unfortunately, the transmission of Information via the internet is not completely secure. We may also take extra steps to protect your Information and minimise the Information we process. You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks.
4. WHERE WE PROCESS YOUR PERSONAL INFORMATION
Your Information will be processed by our employees and service providers, Apple, Google, Digital Ocean Cloud Computing Company. We take steps to ensure all transfers are protected by adequate safeguards. When you download the app via Google Play or Apple, you will need to read their Terms and Policies which are independent of Gadget Geek Online Limited Terms and Policies. We may share with Google, Apple, Digital Ocean Cloud Computing Company data we have collected from your device to track user experience, such as app or website crashes. This information does not include identifiable or personal information.
It is unlikely, however, should we need to transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
We use the main four grounds to process your personal data: consent, contract, legal obligation, and legitimate interests.
Consent – the freely given, informed, and unambiguous indication of your wishes to the processing of your personal data for a specific purpose which signifies agreement to the processing of personal data.
Contract – a legal ground for the processing of your personal data necessary for us to perform a contract or terms and conditions to which you are a party or to take steps at your request prior to entering the contract or terms and conditions.
Legal obligations – a legal ground for the processing of your personal data when it is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests – a legal ground for the processing of your personal data when it is based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.
We may process the data for:
|DATA PROCESSING||LEGAL BASIS|
|Providing services. We need to provide services via the Website||Contract|
|Providing newsletters/offers/updates which may be interesting to you||Consent for newsletters; Legitimate Interests for offers and updates.|
|Registering you as a user||Contract|
|Compliance with applicable anti-money laundering and know your client rules||Legal obligation|
|Keeping the Website running (managing your requests, remembering your settings, hosting, and back-end infrastructure)||Legitimate Interests|
|Improving the Website (testing features, interacting with feedback platforms, managing landing pages, heat mapping the Website, traffic optimization, and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this)||Legitimate Interests|
|Customer support (notifying you of any changes to the Website, services, solving issues, any bug fixing)||Legitimate Interests|
5. HOW LONG WE STORE YOUR INFORMATION
Your Information, provided to us, by you, will be stored for up to 6 years. When deleting Information, we will take measures to make the Information irrecoverable or irreproducible, and electronic files which contain Information will be deleted permanently.
6. YOUR RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights are:
- The right to request access to your personal data
- The right to request correction of your personal data
- The right to request erasure of your personal data
- The right to object to processing of your personal data
- The right to request restriction of processing your personal data
- The right to request transfer of your personal data
- The right to withdraw consent
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
If you are based a legal resident of California in the U.S. or Brazil, you have certain rights in relation to your Information. For Californian residents, please refer to Addendum 1 – California Privacy Rights. For Brazilian residents, please refer to Addendum 2 – Brazil Privacy Rights.
ADDENDUM 1 – CALIFORNIA PRIVACY RIGHTS
The terms of this Addendum apply to residents of California under the California Consumer Privacy Act of 2018 and its implementing regulations, as amended, or superseded from time to time (“CCPA”). For the purposes of this addendum, Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. Personal Information does not include information that is: lawfully made available from government records, deidentified or aggregated, or otherwise excluded from the scope of the CCPA.
Collection and Disclosure of Personal Information
Over the course of 12 months, through your use of our app and / or website, we may collect and disclose the following categories of Personal Information from or about you:
- Identifiers, including name, email address, IP address, device identifiers, game user ID. This information is collected directly from you or your device. If you have registered through a third-party account (Apple or Google), we may have also collected from those third-party services your third-party ID.
- Internet or other electronic network activity information, including your use of features. This information is collected from our selected third-party analytics providers and advertising partners.
- Geolocation data. This information is collected directly from you or your device and from third party services when you register through them.
- Commercial information, including records of products or services purchased, obtained, or considered, your Apple ID number for Apple, your postcode and state for Google. This information is collected directly from you or your device, and from our payment processors.
We collect personal information for the following purposes:
- To operate and administer the services.
- To improve the services.
- To communicate with you.
- For security and verification purposes, including to prevent and detect fraudulent activity.
- To address and remediate technical issues and bugs.
We may disclose personal information to the following types of entities:
- Other companies that provide services on our behalf who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing the services to us.
- Regulators, judicial authorities, and law enforcement agencies.
- Entities that acquire all or substantially all of our business.
ADDENDUM 2 – BRAZIL PRIVACY RIGHTS
The terms of this Addendum apply to residents of Brazil under the Lei Geral de Proteção de Dados (Lei nº 13.709, de 14 de agosto de 2018) and its implementing regulations, as amended or superseded from time to time (“LGPD”). For the purposes of this Addendum 2, Personal Information has the meaning as defined in the LGPD.
Categories of Personal Information collected and processed
How we use your Personal Information
Your rights under the LGPD
The LGPD provides residents of Brazil with certain legal rights; these rights are not absolute and are subject to exemptions. In particular, you have the right to:
- Ask whether we hold personal information about you and request copies of such personal information and information about how it is processed.
- Restrict the processing of your personal information that is not being processed in compliance with the LGPD.
- Obtain information on the possibility of refusing consent and the consequences of doing so.
- Obtain information about the third parties with whom we share your personal information.
- Obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in Art. 16 of the LGPD apply.
- Revoke your consent at any time.
- Oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law.
To exercise your rights, please email us at [email protected]
Subject should say ‘I have a data related question connected to my account’
- Access. You have the right to access Information, and to receive an explanation of how we use it and who we share it with. This right is not absolute. For example, we cannot reveal trade secrets, or give you Information about other individuals.
- Erasure. You have the right to request deletion of your Information. We may need to retain some of your Information where there are valid grounds for us to do so under data protection laws. For example, for the defense of legal claims, respect freedom of expression, or where we have an overriding legitimate interest to do so, but we will let you know when this is the case.
- Note that where the Information is held by a third-party data controller, such as a payment processor, we will use reasonable steps to inform them of your request, but we recommend you contact them directly in accordance with their own privacy policies to ensure your personal data is erased.
- Objection and withdrawal of consent. You have the right to (i) withdraw your consent where you previously provided such consent; or (ii) object to our processing of your Information where we process such Information based on our legitimate interests (see above under How we use your personal information). You may exercise this right as follows:
- Portability. You have the right to receive a copy of Information we process based on consent or contract in a structured, commonly used and machine-readable format, or to request that such Information is transferred to a third party.
- Correction. You have the right to correct any Information held about you that is inaccurate.
- Restriction. You have a right in certain circumstances to stop us processing Information other than for storage purposes.
7. CONTACT & COMPLAINTS
Questions, comments and requests regarding this Policy. These should be addressed to [email protected] You can also send a letter to the Data Protection Officer at 6-7 Waterside Station Road, Harpenden, England, AL5 4US
If you wish to make a complaint about how we process your Information, please contact us at [email protected] and we will endeavour to deal with your complaint as soon as possible. This is without prejudice to your right to launch a claim with a data protection authority.
We may need further information from them to verify you and will contact you to request further information if needed. We aim to respond to complaints within 30 days; however, this may be delayed if you have not provided us with all relevant information.
If you are a UK user and feel that we have not handled your compliant within a reasonable timeframe or have not satisfied your complaint, you can seek advice from ICO. https://ico.org.uk/make-a-complaint/
Any updates or changes to this Policy will be published here.
9. RESOMMENDATIONS FOR YOU