Privacy Policy | Mikha LTD

Mikha LTD, 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom ("Mikha LTD" or "we") respects and protects Meta Platform Data which includes your personal data.

Mikha LTD collects, processes or uses personal data exclusively within the applicable legal framework. Therefore, the high data protection level of the General Data Protection Regulation (GDPR) holds true.

1. Field of application

a. We develop games ("Facebook Instant Games") that are available on the social network Facebook, a platform provided by Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). In this Privacy Policy we inform you on the collection, processing and use of Meta Platform Data concerning the Facebook Instant Games.

b. Facebook Instant Games can only be accessed via the Facebook network, which is operated solely by Meta, and only if you have registered for the Facebook network and are logged in to your Facebook account. The processing of data by Facebook when you register your Facebook account and every time you access the Facebook network is excluded from the field of application of this Privacy Policy. Likewise, cookies that Facebook may use for statistical evaluations when you access the Facebook platform are not within this Privacy Policy's scope. Facebook organizes the aforementioned data processing independently and on its own responsibility, without us having any influence on this. For further information on this data processing by Facebook see the Meta Privacy Policy: https://www.facebook.com/privacy/policy/

2. Data processed when accessing and using Facebook Instant Games

a. When you first access one of our Facebook Instant Games, Facebook will assign you two unique IDs per Facebook Instant Game ("Facebook App User ID and Facebook Instant Game Player ID"), which are linked to your personal information, and will disclose these IDs to us. Facebook also provides us with the first name you have entered in your Facebook account, your profile picture, and the preferred language you set as the language of your Facebook account. Further, Facebook checks which other Facebook users, with whom you are connected on Facebook (so-called Facebook friends), have already played the respective Facebook Instant Game and notifies us of the results. Mikha LTD receives and uses the Facebook App User ID and the other aforementioned data solely to create your player profile in the Facebook Instant Game to the extent necessary for using the game. Hence, the data processing in this context is carried out for the purpose of performing the contract with you on the use of the Facebook Instant Game pursuant to Art. 6 (1) (b) GDPR. We would like to point out that Mikha LTD does not receive any additional personal data from your Facebook user account and will not use the data to identify you or to create user profiles for purposes other than providing the Facebook Instant Games.

b. In order for you to access and play the respective Facebook Instant Game including all game functions, Mikha LTD collects and processes data on the use of the Facebook Instant Game (data on game progress such as completed levels, decisions and answers made in the game, player aids used, high scores achieved, ongoing and pending game sessions). This data is linked to the Facebook App User ID and added to your player profile by Mikha LTD. The processing of this data for the use of the Facebook Instant Game is carried out in accordance with Art. 6 (1) (b) GDPR. Mikha LTD will not use this data to identify you or to create user profiles for purposes other than providing the Facebook Instant Games.

c. Facebook collects anonymous (non-personally identifiable) data about the players of the Facebook Instant Games in order to generate statistical graphs such as User Retention. These graphs can be accessed by the admin(s) of the Business Manager of Mikha LTD on the Facebook network through: https://business.facebook.com/

The data processing in connection with the above analyses of general game use and game sessions is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which consists in the continuous improvement of our games to ensure the best possible, entertaining gaming experience. For such adjustments based on user experience, we need to analyze the actual use of the games.

d. Furthermore, Facebook uses the aforementioned, recorded information independently and on its own responsibility for its own, individual purposes and also collects and processes additional data including information from your Facebook account for these purposes, without us being involved or having any influence on this. Details of this use of your personal data are explained in the Meta Privacy Policy, which you can view here: https://www.facebook.com/privacy/policy/

e. We would like to point out that data processing by Facebook can also take place outside the EU or the European Economic Area, in particular on Facebook servers located in the United States. This can result in risks for the users, because, for example, the enforcement of the users' rights could become more difficult. In this particular case, Facebook and we guarantee that appropriate protection measures are in place in accordance with Article 44 et seq. GDPR. In particular, Facebook and we have agreed on the standard data protection clauses of the EU Commission as a precautionary measure which provide for appropriate protection measures for the specific case, such as encryption of the data, in accordance with Article 46 (2) lit. c) GDPR. The measures are also continuously developed and supplemented to the extent necessary to ensure an adequate level of data protection throughout.

3. Meta Audience Network

a. Our Facebook Instant Games implement the so-called Meta Audience Network, a service by Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") for serving advertisements. This service is used by Facebook to display advertisements in our Facebook Instant Games. When an advertisement is to be displayed in a Facebook Instant Game or clicked on, Facebook will record notably your interaction with the advertisement, your IP address and, if applicable, your further usage behaviour after the click on the advertisement. Facebook processes this information in order to measure the success of the respective advertising and to provide us with excerpts of the results. However, Facebook only provides Mikha LTD with access to aggregated data on the results of the advertising feed, which Mikha LTD cannot trace back to individual persons. Besides, Mikha LTD only receives excerpts of data in the context of the advertisements that cannot be attributed to individual persons. In particular, Mikha LTD does not receive and process any IP addresses or cookies from user devices or other data that allow conclusions to be drawn about the identity of individual users.

b. Facebook autonomously decides on the specific advertisements that are displayed in each case and on the processing of your personal data in the context of selecting and playing these advertisements. Mikha LTD can only exclude certain categories, in particular sensitive categories (such as depictions of violence, politics, religion) by choosing between default settings. Facebook uses this information to display the advertisements: which specific Facebook Instant Game you are playing, information about your usage behaviour in the Facebook social network and your interaction with other content in the Facebook network, as well as information that you have entered in your Facebook account. Facebook also uses cookies for this purpose. Further information on the data processing by Facebook regarding the Meta Audience Network can be found at: https://accountscenter.facebook.com/ads/ and is explained in the Meta Privacy Policy: https://www.facebook.com/privacy/policy/

c. You will only receive personalised advertising via Meta Audience Network if you have consented to this in your Facebook settings. The legal basis is therefore Art. 6 (1) (a) GDPR. Of course, you can withdraw your consent at any time for the future by changing your Facebook settings under the following link: https://accountscenter.facebook.com/ads/. Please note that we can only provide the Facebook Instant Games free-of-charge with advertise funding. This means that even if you do not consent to receive personalised advertising, you will still see ads in Facebook Instant Games, but they will not be personalised, i.e., they will not be tailored to your personal interests. We have a legitimate interest in displaying advertisements in our Facebook Instant Games in order to generate revenue and thereby offer our games to you for free. There is also no indication apparent that your interest in not receiving advertising through Meta Audience Network is prevailing when you voluntarily play our Facebook Instant Games for free. The associated data processing is therefore justified in accordance with Art. 6 (1) (f) GDPR.

d. The data processed within the Meta Audience Network can be transferred to Facebook servers, which are also located in the United States. We have concluded the standard data protection clauses adopted by the EU Commission with Facebook for transferring data by the Meta Audience Network, having included the implementation of appropriate protective measures. Facebook and we also regularly review the need for possible additions and, if necessary, the implementation of additional appropriate protection measures within the meaning of Article 44 et seq. GDPR, to the extent as this is necessary to continuously grant a suitable level of data protection.

4. Player experience analysis with Mixpanel

a. In order to detect and correct technical errors and to improve the experience of the players of our Facebook Instant Games, we use the service Mixpanel provided by Mixpanel, Inc., One Front Street, 28th Floor, San Francisco, CA 94111, USA ("Mixpanel"). For these purposes, during the play session of a Facebook Instant Game, technical details regarding the use of the game and any in-game actions will be transmitted to Mixpanel and processed by Mixpanel along with the following data: your IP address, information regarding the hardware and operating system of your device, the name of the Facebook Instant Game being played, a hash of your Facebook App User ID as well as the date, time, details of the action taken or error occurred in the game. Never will personal data from your player profile, such as your Facebook App User ID, be forwarded to Mixpanel in clear text. Hence, neither Mixpanel nor we will be able to identify you based on the data transmitted to and processed by Mixpanel. Mixpanel will not profile you at any time. Based on the aforementioned information, Mixpanel, on behalf of Mikha LTD, merely provides reports and evaluations of actions taken or errors occured in the games, which gives insights that greatly help improve the exprience of the players of our Facebook Instant Games. In this context, the above-mentioned information may be transmitted to and stored on a Mixpanel server in the United States. However, Mixpanel will not merge the data transmitted as part of the Mixpanel service with any other data and the data will only be used for anonymous analyses of the games.

b. For further information and the applicable privacy policies of Mixpanel please visit:
https://mixpanel.com/legal/privacy-hub/
https://mixpanel.com/legal/terms-of-use/
https://mixpanel.com/legal/security-overview/

c. We use the Mixpanel service to resolve any errors in our Facebook Instant Games and difficulties in using them as swiftly and thoroughly as possible, and to further develop our services continuously for ensuring a smooth user experience. The basis for using the Mixpanel service is our legitimate interest, as described above, in accordance with Art. 6 (1) (f) GDPR. Your legitimate interests are taken into account by not sending any personal data, other than your hashed Facebook App User ID of the respective Facebook Instant Game, with the transmission of the technical data from your end device. If you still do not want your data to be collected by the Mixpanel service, we must ask you to refrain from playing our Facebook Instant Games.

d. We would like to point out that Mixpanel may also process data outside the EU or the European Economic Area, in particular on servers located in the United States. This may result in risks for users, for example because it may make it more difficult to enforce users' rights. We take these risks into account by taking appropriate protective measures in accordance with Art. 44 et seq. GDPR in particular by agreeing on the standard data protection clauses of the EU Commission with Mixpanel, which provide for appropriate protective measures such as encryption of data in individual cases. If data is transferred to Mixpanel in the United States, this is based on Art. 46 (2) (c) GDPR.

5. Storage period and erasure of data

a. We process your personal data as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in accordance with statutory laws.

b. Data that we store for legal reasons, however, is stored for as long as this is required by law. After expiry of a statutory retention period, the data will be deleted without undue delay, unless there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.

6. Data storage

a. Members of Mikha LTD have been informed that it is forbidden to store any Meta Platform Data, including users personal data, on any organizational or personal device under any circumstances for any reason and they have acknowledged their understanding of this policy.

b. Any new member who joins Mikha LTD gets informed of and agrees to the aforementioned policy as part of their onboarding process as a new employee.

7. Data security

a. Mikha LTD has taken appropriate technical and organisational measures to protect personal data against accidental loss, damage, unauthorised access or unauthorised changes. In particular, Mikha LTD will transmit data only in encrypted form. However, Mikha LTD points out that privacy and data security cannot be guaranteed for transmissions outside Mikha LTD's sphere of influence.

8. Transmission to Third-Parties

a. Personal data will only be passed on to third-parties - unless otherwise set out elsewhere in this Privacy Policy - without the express consent of the user, if this is necessary for the provision of Mikha LTD's services or for contract execution with the user. Accordingly, the data are transmitted to such service providers (such as technical service providers) in our legitimate interests pursuant to Art. 6 (1) (f) GDPR, namely to provide access to our Facebook Instant Games. Of course, before passing on any personal data, Mikha LTD ensures that the relevant service provider has taken appropriate technical and organizational measures to ensure the security of the data.

b. We store the data collected by us in the context of access and use of our Facebook Instant Games (i.e. hashes and ciphers of Facebook App Users IDs and hashes of Facebook Instant Game Players IDs and data on the use of the game such as game progress and completed levels, player aids, and achieved high scores) via third-party services. We use Layershift Platform as a Service (PaaS), provided by LAYERSHIFT LIMITED, 83 Ducie Street, Manchester, England, M1 2JQ ("Layershift"). Layershift also transfers the collected data to its servers in United Kingdom. We use this service to provide the aforementioned data for playing our Facebook Instant Games efficiently and with the lowest possible susceptibility to errors, thus ensuring the smooth use of the game functions. The legal basis for the associated data processing is Art. 6 (1) (f) GDPR, whereby our legitimate interest is an optimal, technically flawless provision of the Facebook Instant Games. We have concluded the standard data protection clauses adopted by the EU Commission with Layershift to safeguard the transfer of data to United Kingdom. We have also concluded a data processing agreement with Layershift. The forwarding of personal data to Layershift in connection with the aforementioned services is therefore based on Article 46 (2) lit. c) and 28 GDPR

c. Otherwise, Mikha LTD will not pass on the user's personal data to third-parties unless the user has expressly consented to the transfer (Art. 6 (1) (a) GDPR), or Mikha LTD is entitled or obliged to do so by legal provisions or court orders. In the latter case, the transmission is carried out by Mikha LTD to fulfil a legal obligation pursuant to Art. 6 (1) (c) GDPR.

9. Right to object

a. The user has the right to object at any time to data processing based on Art. 6 (1) (e) or (f) GDPR for reasons arising from his/her particular situation, unless Mikha LTD can prove compelling reasons worthy of protection, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.

10. Right to information

a. The user has the right to obtain, free of charge, from Mikha LTD the personal data stored by Mikha LTD concerning him/her, the processing purposes, their origin, which transfer to which recipients or categories of recipients took place, the storage period and the rights of the data subjects available to him/her.

11. Right to data correction or restriction of data processing

a. The user has the right to request, at any time, the correction of incorrect data or the restriction of the processing of the personal data stored about him/her in accordance with Art. 18 GDPR. Insofar as this includes personal data that is necessary for the provision of services to the user, the restriction of the processing of this data can only take place when the user no longer uses Mikha LTD's services.

12. Right to data deletion

a. The user has the right to request, at any time, the deletion of his/her personal data with no need to contact Mikha LTD, insofar as there is no legal obligation for Mikha LTD to keep records or other reasons in the sense of Art. 17 (3) GDPR which prevent deletion.

To request the deletion of your personal data stored due to playing any of our Facebook Instant Games:
1. Go to https://www.facebook.com/settings?tab=applications&ref=settings
2. Click the "Remove" button beside the name of the game and remove it
3. Click the "View Removed Apps and Websites" link
4. Click the "View" button next to the name of the game and follow the instructions from there

If the automatic deletion of your personal data fails for any technical or unknown reason, you can request us to manually destroy your data from the servers. To do so, send an email to contact@mikha.ltd with the name of the game along with your Facebook App User ID (can be obtained by following the aforementioned steps).

13. Right to revoke consent

a. Any consent given by the user to the use of personal data can be freely revoked by the user at any time with effect for the future. This can be done by following the steps mentioned in Art. 12.

14. Right to complain to a supervisory authority

a. The user may lodge a complaint with a supervisory authority against data processing which he/she believes to be in breach of the statutory provisions.

15. Changes to the Privacy Policy

a. Mikha LTD reserves the right to change this Privacy Policy at any time whilst complying with the legal requirements of data protection. Therefore, Mikha LTD recommends that users regularly check this Privacy Policy for updates.

Last updated on 4 September, 2024