True Pilots U.N. Limited (True Pilots) is seriously committed towards protecting the privacy of our users when processing personal data and considers this for all business processes. True Pilots observes the strict data protection guidelines. These data protection provisions apply to all services offered on websites operated by True Pilots as well as to all online and mobile games offered by True Pilots but not to pages belonging to other providers/social networks and services to which the website may link. In this respect, the data provision conditions of the relevant provider shall apply. Here we give you an overview on which data we collect, why we need it and how we might process it.
We use the term "personal data" in the sense of Article 4 of the General Data Protection Regulation ("GDPR").
True Pilots is a Cyprus company registered at 27 Evagorou Avenue, IRINI Building, Office 44, Trypiotis 1066, Nicosia, Cyprus.
If you have questions specifically about data privacy, you can contact us using email@example.com.
We collect personal data from you when you register an account with us (i.e. in our games). The following categories of data are processed by us:
Data for access management (credentials)
e.g. e-mail address, password (but also e.g. social network identifier if you connect through your social network account)
e.g. your display name, your avatar
Data about your game progress
e.g. your level, quest status, the number of in-game resources you have
Data about your preferences
e.g. sound on/off
e.g. device ID, operating system, browser string
Data about your online behaviour
e.g. logins, gameplay, clicks
Data about individual payments in our games
e.g. if you buy in-game currency/resources using our shop
e.g. IP address, referrer
e.g. country of origin, language
Personally identifiable data
e.g. your name
e.g. banner ads you clicked on to reach us
The way we process these data, why and on what legal basis we do this are explained below.
Sensitive data in the GDPR are the so-called "special categories of personal data", e.g. on your racial or ethnic origin, your health, or your political opinions.
We do not collect any sensitive data from you.
That said, we cannot control what content you put into messages you write through our games or websites (e.g. to other users, or when you create a support ticket). While we strive to protect any privacy implied by such a transfer, we cannot differentiate a particularly sensitive message from any other kind of message you may choose to write. Please be aware that such messages are not given any additional protection.
If you are younger than 16, you need to obtain a clear consent of your parent or guardian if you are willing to use our websites or games. A parent or a guardian can at any time exercise all the applicable rights available by law and those listed in this Data Policy on your behalf.
We only process a user’s personal data in compliance with the relevant and pertinent data protection regulations. This means that a user’s data shall only be processed if the user has given his or her legal permission for us to do so. This is the case especially then when data processing is required in order for us to be able to provide our contractual and online services, or when required by law, we are in possession of the consent of the user, and when it is collected for the sake of our legally legitimate interests (i.e. interest in the analysis, optimization, and economic operation and safety of our online product as per Article 6 (1) (f) of the GDPR, in particular with regard to range measurement, the creation of profiles for advertising and marketing purposes, as well as the collection of access data and the use of the services of third-party providers).
We feel obligated to point out that Art. 6 (1) (a) and Art. 7 of the GDPR serve as the legal basis for consent, Art. 6 (1) (b) of the GDPR serves as the legal basis for processing for the performance of services and the performance of contractual measures, Art. 6 (1) (c) of the GDPR serves as the legal basis for processing in order to fulfill our legal obligations, and Art. 6 (1) (f) of the GDPR serves as the legal basis for processing in order to safeguard legitimate interests.
(contractual fulfillment; Article 6.1.b GDPR)
Our games cannot function without certain data. In order for you to have any meaningful progress in your gameplay, we need to be able to reliably differentiate you from other users of our games, which is why we ask you to register an account. When you log in, we compare your login credentials against those we have on file, and maintain your customisation data and game progress.
Your display name, avatar, and certain elements of your progress are made public within our game platform (e.g. for in-game leaderboards, or in the in-game contest). You can change your display name and avatar at any time.
The recommendation and reward feature shows the friends you have invited to the game and the friends that have been invited by friends as well as the time these players have been using the service for the last time.
Additionally, your country and language is used to provide you with a localisation of our games - we will try to serve you content in your language and our in-game shop in your local currency.
If you want to buy in-game currency in our in-game shop, your interaction will usually be with third-party payment processors. In either case, if a payment was successful, we get this information as a digital invoice, which we store to fulfil legal requirements (Article 6.1.c GDPR), to retain them in the case of legal dispute (legitimate interest; Article 6.1.f GDPR), and to optimise our web presence for you (legitimate interest; Article 6.1.f GDPR).
These invoices contain data on what item you purchased, how much you paid for the item and what method you used to pay us with. We do not store information that could be used to make a payment on your behalf.
(legitimate interest; Article 6.1.f GDPR)
To help secure our games and to prevent fraud, we store data such as your IP address and certain device information when you access our games and interact with those.
Your device data and IP address information is stored and logged to allow fraud and data security forensic investigation. Your IP address information is also processed automatically by our network devices - this infrastructure is needed to serve our website, but also to deny access to IP addresses known to be in use by malicious actors.
Due to the nature of this interest, we cannot offer you a means to opt-out of this processing, as this would undermine its purpose (and in some cases, an opt-out is technically impossible - e.g. we cannot exempt your IP address from processing by our network devices).
If you object to this processing, we ask that you please do not use our games.
(legitimate interest; Article 6.1.f GDPR)
To optimise our marketing campaigns and our games, we track information about your behaviour and preferences. These data are pseudonymised and stored separately from your account data. While they are stored on an individual basis, these data are only available to the employees that must work with these data, and they are reported on only in aggregate.
Over the course of campaign optimisation, we share some of these data with third-party trackers (listed below).
There are some data we require from you:
Data needed to fulfill our contractual obligations and the associated services
Data you explicitly make available: Data for access management, Personally identifiable data (where applicable), Data about your preferences (opt-in/opt-out).
Data you supply by browsing our websites and games: Network data, Data about your game progress.
Data that we are legally required to store
Data you supply by making a purchase: Data about individual payments in our games.
Data required for security
Data you supply by browsing our website: Device data, Network data.
Without these personal data we cannot provide our services to you.
We do not use your personal data for any automated individual decision-making that would have legal or otherwise similarly significant effects on you.
Any effects of automated decisions based on your personal data are confined to our game platform. For example, we may use your purchase information (frequency and amount) to give you automated, customised discounts in-game.
For data that we store for legal reasons, we retain the data as long as legally required of us (up to ten years).
For data that we store in consideration of legal disputes, we retain the data as long as legally permissible. This may be up to 30 years.
For logs storing network data, we delete the data in regular intervals - the exact time varies based on configuration rules (which may prune the logs based on size rather than a fixed time), on whether the data was part of a snapshot that landed in a backup, and on whether the logs are part of a set of logs that are routinely forwarded to a central log repository, but will not exceed 2 years.
Your personal data within True Pilots
Your personal data is processed only by the people necessary for us to pursue our legitimate interests, or to comply with our contractual or legal obligations.
Your personal data outside of True Pilots
We share your data only where it is legally permissible to do so, either when it’s required to fulfil contracts you may have with us (Article 6.1.b GDPR) or on basis of legitimate interest (Article 6.1.f GDPR).
We share your personal data only if you have given us permission to do so, in aggregate or anonymised form (preventing the data from being linked to other data you may have supplied elsewhere), or with providers that are contractually obliged to treat your data with care.
Hosting and content distribution providers. These typically have no direct access to our systems, but provide network infrastructure that will necessarily process your IP address to deliver our assets.
Payment providers. When you make a payment through a payment provider, we will get invoice information from these providers. Any payment details needed to actually make a payment on your behalf is handled only by the payment providers, not by us.
Social network operators. These are only relevant if you’re playing our games through their websites or explicitly choose their logins. For more information, please refer to the operators' documentation.
Business intelligence. We use providers to help us sift through our own tracking data.
Crash reporting. Our mobile games embed crash reporting functionality. The crash reports contain only anonymous information. Nonetheless, you can opt-out of this in the settings of the application.
Geolocation. We receive data about the approximate geographical location of IP addresses from geolocation services. (We do not share any information with these services, we are only consumers of this data.)
Support ticket system. We use an external provider to handle our support ticketing for us. Any support ticket you write us through official channels will be stored with this provider.
Video streaming. In some cases, we use video streaming services to show you advertisements. Your impression of these videos is recorded by these services.
The providers we use are contractually bound to treat your data with the utmost care. Whenever the process allows, we anonymise or pseudonymise your data.
Under no circumstances do we sell your data to third parties.
We are committed to complying to the General Data Protection Regulation (GDPR) - one of the strictest Data Privacy regulation in the world. This affords you several inherent rights to your personal data.
You have the right to…
…request access to your personal data (Article 15 GDPR) in a portable format (Article 20 GDPR),
…request correction of your personal data (Article 16 GDPR),
…request restriction of the processing of your personal data (Article 18 GDPR),
…request deletion of your personal data (Article 17 GDPR),
…withdraw consent for your processing of data, when we do this in accordance with a legitimate interest (Article 7.3 and Article 21 GDPR),
…lodge a complaint with a supervisory authority (Article 77 GDPR).
You can easily ask us to delete your data (which is only possible with the full deletion of your game account): please contact us either through the support widget on our website, or by contacting us via email (firstname.lastname@example.org). If you contact us, please understand that we may need to ask you to prove your identity - after all, you wouldn’t want a random stranger to get access to your data/delete your profile, and neither do we.
Note that it may take up to a month for us to process a request of yours. Should there be any delay, we will of course let you know.
You can find additional legal information in the Articles 7.3, 15 – 21 and 77 of the GDPR.
(Articles 15, 16, 17 and 20 GDPR)
At any time, you can request information on whether your personal data is processed by True Pilots or not, what the conditions of such processing are, and to receive a copy of your personal data. More specifically, you can request information about:
the purposes for which the data are processed,
the categories of personal data that are processed,
the categories of recipients with whom we have shared the data,
the intended duration of storage,
your rights in regards to this data (correction, erasure, restriction, withdrawal of consent, and lodging a complaint with the supervisory authority),
the source of the data in cases where we did not obtain it from your direct interactions with us,
and the existence of any automated decision-making based on this data, including profiling, and your right to request meaningful information about the algorithms involved.
If you make this request electronically, the information will be provided in a commonly used electronic form. Should you make this request several times, we may ask a fee of you to cover administrative costs.
You also have the right to instruct us to correct any personal data that is inaccurate.
Lastly, you have the right to ask us to erase your personal data, if there are no legal reasons for us to retain it (such as freedom of expression, legal requirements, public interest or if required as evidence in legal disputes) and one of the following reasons applies:
your personal data is no longer necessary considering the purposes for which it was collected or processed;
you wish to revoke your consent having served as the basis for the processing and there is no other basis justifying such processing;
your personal data has been the subject of unlawful processing;
your personal data should be erased pursuant to a legal requirement.
When we delete data that we’ve shared with third parties, we will also contact those third parties and ensure that your data are erased there as well.
When we delete data that we’ve made public over the course of offering our services to you, we will, to the degree feasible, contact any third party providers that may have this information cached to forward your request to them.
(Article 18 GDPR)
You can assert your right to limit the processing of your personal data when:
you contest the accuracy of your personal data, during the time necessary to verify the accuracy of such data;
the processing of your personal data is unlawful but you oppose the erasure thereof and instead demand the limitation of processing;
when we no longer need your personal data but you still need such personal data for the establishment, exercise or defense of legal claims.
(Article 20 GDPR)
You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit such data to another controller without hindrance from True Pilots.
(Article 7.3 and 21 GDPR)
We only process your personal data with your consent, unless the data processing is otherwise required. If you have a registered account with us, you may revoke your consent at any time by changing the settings associated with your account (or by deleting your account outright, if you prefer).
Please note that a revocation of your consent does not affect the lawfulness of processing carried out prior to such revocation.
(Article 77 GDPR)
If, despite our efforts to protect the confidentiality of your personal data, you consider that your rights have not been respected, you have the right to file a complaint with the national data protection authority in your country.
To improve our games, to correct errors, to optimise the site and our campaigns used to promote it, we store pseudonymised data about our players' behaviour on our website and in games and use several tracking services to assist us (on basis of Article 6.1.f GDPR).
Data exchanged may be information on when you registered an account with us, from where you came (which banner you clicked or which game site you play our games on), your device parameters (e.g. operating system, brand), your user ID in our games, page impressions (time and page identifier) or payments you make.
The trackers use these data either to craft approximate behavioural profiles of you (enabling them to supply better marketing targeting to the users of their service), or to permit us to pay our campaigns by registration events or paying users rather than impressions ("performance marketing").
Should you object to the use of this pseudonymised processing of your data and to better enable you to opt-out of the tracking services effectively, this section contains an overview of all trackers we use and where you can opt-out of them.
The opt-out options of many tracking services can also be found on youronlinechoices.eu, which provides a unified and central opportunity for you to opt-out of various tracking services. That site can also help you if you want to review your online choices for other providers not used by us.
Unless otherwise noted (be it here or on our tracking partners' opt-out pages), your browser will need to accept cookies for the opt-out process to work.
AppsFlyer are based in the US, are committed to the Privacy Shield Framework and offer an opt-out on https://www.appsflyer.com/optout.
Facebook are based in the US, are committed to the Privacy Shield Framework and offer opt-out instructions on https://www.facebook.com/help/568137493302217.
We use Facebook fanpages to answer questions, moderate our communites and conduct marketing activities for our products.
While using Facebook, certain data is being processed. Data you provide directly while creating an account and logging in and data Facebook collects. This data will regularly be used to show you personalized ads. In order to do so, e.g. Cookies will be set and device data noted. Facebook regularly processes this data outside of the European Union. This applies to the use of Facebook in general - regardless whether you are visiting our page / own a Facebook account or not. In the case of requests for information or the assertion of your rights as a user of Facebook, please contact Facebook directly, as only Facebook has access to the corresponding user data.
Facebook is certified for the EU-US Privacy Shield Framework Agreement and the Swiss-US Privacy Shield Framework Agreement and agrees to comply with EU privacy standards (https://www.facebook.com/about/privacyshield).
Additional Facebook data policy information and Opt out options:
Facebook data policy: https://www.facebook.com/about/privacy/
Facebook ad settings / Opt out options: https://www.facebook.com/settings?tab=ads
Additional Opt out options: You can also find the opt-out options of many other providers on the US site https://www.aboutads.info/choices/ and on the EU website https://www.youronlinechoices.eu. These websites can help you to contradict the tracking of multiple providers at once.
Google are based in the US and are committed to the Privacy Shield Framework.
Google offer opt-out instructions for Google Ads and AdMob on https://adssettings.google.com/authenticated.
Google offer opt-out instructions for Google Analytics on https://tools.google.com/dlpage/gaoptout.
Your IP address is masked when it is sent to Google Analytics.
For further information, see https://www.google.com/analytics/terms/
We make use of the widespread SSL (Secure Socket Layer) encryption method to deliver our site securely when you visit it, in conjunction with the highest level of encryption supported by your browser.
You can tell when any single page at our website is transmitted in encrypted form by the closed presentation of the lock (or key) symbol in your browser’s status bar.
We also take appropriate technical and organizational security measures to protect your data against destruction, accidental or intentional manipulation, partial or total loss, or against the unauthorized access by third parties. Our security measures are continuously improved upon in accordance with technological developments.