Preamble
This Privacy Policy ("Policy") is issued by the EXPERION IT SOLUTIONS SDN. BHD., including
its affiliates and
subsidiaries (collectively, "the EXPERION IT SOLUTIONS SDN. BHD.," "we," "us," or "our"). It is
designed to provide a
comprehensive and transparent explanation of our practices concerning the collection, processing,
use, storage, and disclosure of personal data related to individuals ("you," "your," or "User") who
access or use our suite of casual gaming applications, associated websites, forums, and related
services (collectively, the "Services").
This Policy constitutes a legally binding agreement between you and the Company Entity. By
creating an account, accessing, or otherwise using our Services, you acknowledge that you have read,
understood, and agree to the data practices articulated herein. If you do not agree with the terms
of this Policy, you must refrain from using our Services.
We are committed to the principles of data protection and privacy by design and by default.
Our objective is to process your personal data lawfully, fairly, and transparently, while empowering
you with meaningful control over your information.
A. Scope of this Policy
This Policy applies to all personal data processed by the Company Entity in the course of
your interaction with our Services, regardless of the device or platform used for access. It does
not extend to the practices of third-party companies that we do not own or control, or to
individuals that we do not employ or manage.
B. Key Definitions
· Personal Data: Any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an online
identifier, or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural, or social identity of that natural person.
· Processing: Any operation or set of operations which is performed on personal data,
whether or not by automated means, such as collection, recording, organization, structuring,
storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination, restriction, erasure, or
destruction.
· Data Controller: The natural or legal person which, alone or jointly with others,
determines the purposes and means of the processing of personal data. For the purposes of this
Policy, the Company Entity is the Data Controller.
· Data Processor: A natural or legal person which processes personal data on behalf of the
controller.
We collect and process various categories of Personal Data to provide and enhance our Services. The
collection methods and data categories are detailed below. We adhere to the principle of data
minimization, ensuring that we only collect data that is adequate, relevant, and limited to what is
necessary for the specified purposes.
A. Data Provided Directly by the User
This category includes Personal Data that you voluntarily submit when interacting with our
Services.
1.Account Registration and Profile Data: When you create a user account, we collect
necessary information to establish and manage your profile. This may include:
○ Identifiers: A unique username, alias, or screen name.
○ Contact Information: A valid email address for verification, communication, and account
recovery.
○ Authentication Credentials: A password or other credentials used to secure your account.
○ Demographic Information: Your date of birth for age verification purposes and compliance
with age-related legal requirements, and optionally, your gender for content personalization.
2.Transactional Data: When you make in-game purchases or engage in other financial
transactions, we or our third-party payment processors collect information necessary to securely
process the transaction. This includes:
○ Details of the purchase (e.g., item, cost, date).
○ Billing information, which may include your name, billing address, and payment instrument
details (e.g., credit card number, payment account identifier). Please note that full payment
instrument details are typically processed directly by our secure payment processors and are not
stored on our primary servers.
3. Customer Support and Communication Data: When you contact our customer support team,
participate in surveys, or communicate with us through other channels, we collect:
○ The content of your communications, including emails, chat logs, or support tickets.
○ Your contact information and any other data you choose to provide to assist in resolving
your query.
3. User-Generated Content (UGC): Some Services may allow you to create or share content.
This includes:
○ Text messages in in-game chats or forums.
○ Profile pictures, custom avatars, or other images you upload.
○ Any other content you create and make available through the Services.
B. Data Generated or Collected Automatically
This category includes data generated as a byproduct of your use of our Services, which is
collected automatically by our systems.
1. Gameplay and Activity Data: We collect extensive data related to your in-game activities
to provide core gameplay functionality and to analyze user behavior for service improvement. This
includes:
○ Game progress, levels completed, quests undertaken, and scores achieved.
○ In-game inventory, including in-game item balances, items acquired, and items used.
○ Session data, such as game start and end times, duration of play, and feature usage
frequency.
○ Interactions with other users, such as friend lists, team or guild memberships, and
records of in-game trades.
○ Player performance metrics and behavioral patterns.
1. Device and Technical Data: We automatically collect technical information from your
device to ensure compatibility, optimize performance, and for security purposes. This data
comprises:
○ Device Identifiers: Unique identifiers such as your device's advertising ID (e.g., IDFA
for iOS, GAID for Android), and in some cases, other hardware identifiers like IMEI or MAC address.
○ Network Information: Your IP address, which can be used to derive your approximate
geographical location (e.g., country, city).
○ Software and Hardware Information: Your device type, model, operating system (including
version), browser type and version, screen resolution, and preferred language settings.
○ Performance and Diagnostic Data: Crash reports, error logs, and performance metrics that
help us diagnose and resolve technical issues.
C. Data Obtained from Third-Party Sources
We may receive Personal Data about you from third parties that are integrated with our
Services.
1. Third-Party Platform Logins: If you choose to register or log in to our Services using a
third-party account (e.g., Facebook, Google, Apple), we receive certain information from that third
party in accordance with your privacy settings on that platform. This typically includes:
○ A unique authentication token.
○ Your public profile information, such as your name, profile picture, and email address
associated with the third-party account.
○ A list of your friends on that platform who also use our Services, subject to your
permissions.
2. Third-Party Service Providers: We work with partners for functions like advertising and
analytics who may provide us with data. For example, advertising partners may provide us with
information about your interactions with advertisements to measure campaign effectiveness.
We process your Personal Data for specific, explicit, and legitimate purposes. Each processing
activity is grounded in a valid legal basis as required by applicable data protection laws.
A. To Provide, Operate, and Maintain the Services
· Purpose: To establish and manage your account, deliver the core gameplay experience, save
your progress, facilitate in-game purchases, and enable social features.
· Data Categories Used: Account Data, Transactional Data, Gameplay Data, Device Data.
· Legal Basis: Contractual Necessity. The processing is necessary for the performance of the
contract (our Terms of Service) to which you are a party.
B. To Improve, Optimize, and Personalize the Services
· Purpose: To understand user behavior and preferences, conduct research and development,
fix bugs and technical issues, balance game economies, and provide a personalized experience by
recommending relevant content, features, and offers.
· Data Categories Used: Gameplay and Activity Data, Device and Technical Data, and
aggregated or anonymized Account Data.
· Legal Basis: Legitimate Interest. We have a legitimate interest in improving our Services
to enhance user engagement and retention. We have conducted a balancing test and determined that
this interest is not overridden by your fundamental rights and freedoms.
C. To Ensure Security, Fairness, and Legal Compliance
· Purpose: To protect the security and integrity of our Services, prevent fraud, detect and
sanction cheating or other unauthorized activities, enforce our Terms of Service, and moderate
user-generated content to maintain a safe and fair community.
· Data Categories Used: All categories, particularly Account Data, Device Data, and Gameplay
Data.
· Legal Basis: Legitimate Interest in protecting our business and users, and in some cases,
Legal Obligation when responding to violations of law.
D. For Marketing, Advertising, and Promotional Activities
· Purpose: To provide you with personalized or contextual advertising within our Services,
and to send you marketing communications about new games, updates, and special offers.
· Data Categories Used: Account Data (e.g., email), Device Data (e.g., advertising ID), and
Gameplay Data.
· Legal Basis:
○ Legitimate Interest: For displaying contextual or non-personalized ads, and for showing
personalized ads in jurisdictions where this is permissible.
○ Consent: For sending direct marketing emails or push notifications, and for certain types
of personalized advertising where opt-in consent is the required legal standard. You have the right
to withdraw your consent at any time.
E. To Comply with Legal and Regulatory Obligations
· Purpose: To fulfill our legal duties, such as responding to valid legal requests from law
enforcement or judicial bodies, complying with tax and financial reporting requirements, and
maintaining records as required by law.
· Data Categories Used: Account Data, Transactional Data, and other relevant data as
required by the specific legal obligation.
· Legal Basis: Legal Obligation.
We do not sell your Personal Data to third parties. We may, however, share your information with
certain trusted third parties under the following limited circumstances, while implementing
contractual and technical safeguards to protect it.
A. With Third-Party Service Providers (Data Processors)
We engage third-party companies and individuals to perform services on our behalf. These
Data Processors are contractually obligated to process your data only for the purposes we specify
and to implement robust security measures. Categories of processors include:
· Cloud Hosting and Infrastructure Providers: For data storage and service delivery.
· Payment Processors: For securely handling financial transactions.
· Analytics and Business Intelligence Providers: To help us understand and improve our
Services.
· Customer Support Platform Providers: To manage and respond to user inquiries.
· Advertising and Marketing Partners: To assist in ad delivery and campaign measurement.
B. For Corporate Transactions
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a
portion of our assets, your Personal Data may be transferred as part of the transaction. We will
provide notice of such a transaction and of any changes to this Policy.
C. For Legal Compliance and Protection
We may disclose your Personal Data if we believe in good faith that it is necessary to:
· Comply with a legal obligation, a court order, or a valid request from a governmental or
law enforcement authority.
· Enforce our Terms of Service or other agreements.
· Protect the rights, property, or safety of the Company Entity, our users, or the public
from harm or illegal activities.
D. With User Consent or at User Direction
We may share your data with third parties when we have your explicit consent to do so. For
example, when you use social features to share your achievements on a third-party platform, you are
directing us to share that information.
A. Data Security Measures
We have implemented and maintain a comprehensive information security program with
administrative, technical, and physical measures designed to protect your Personal Data from
unauthorized access, use, disclosure, alteration, or destruction. These measures include:
· Encryption: Use of encryption protocols (e.g., Transport Layer Security/TLS) for data in
transit and encryption for sensitive data at rest.
· Access Controls: Strict access control policies and mechanisms to ensure that only
authorized personnel have access to Personal Data on a need-to-know basis.
· Network Security: Use of firewalls, intrusion detection systems, and other network
security technologies.
· Regular Audits and Training: Regular security assessments, vulnerability scanning, and
mandatory data protection training for our employees.
Despite these measures, no security system is impenetrable. We cannot guarantee the absolute
security of our systems, and we are not responsible for the security of information you transmit to
us over networks that we do not control.
B. Data Retention Policy
We retain your Personal Data for as long as is necessary to fulfill the purposes for which
it was collected, including for the purposes of satisfying any legal, accounting, or reporting
requirements. The criteria used to determine our retention periods include:
· The duration for which you maintain an active account with us.
· The necessity of the data to provide the Services to you.
· The existence of a legal obligation (e.g., tax or corporate laws requiring record-keeping
for a specific period).
· The necessity of the data to resolve disputes or enforce our agreements.
Upon the expiration of the applicable retention period, or upon your valid request for
erasure, we will securely delete or anonymize your Personal Data.
We recognize and respect your rights as a data subject under applicable data protection laws. You
may exercise the following rights concerning your Personal Data:
1. The Right to Access: You have the right to request a copy of the Personal Data we hold
about you.
2. The Right to Rectification: You have the right to request the correction of any
inaccurate or incomplete Personal Data we hold about you.
3. The Right to Erasure (Right to be Forgotten): You have the right to request the deletion
of your Personal Data under certain conditions (e.g., if the data is no longer necessary for the
purposes for which it was collected).
4. The Right to Restrict Processing: You have the right to request that we restrict the
processing of your Personal Data under certain circumstances (e.g., while we verify the accuracy of
your data).
5. The Right to Data Portability: You have the right to receive the Personal Data you have
provided to us in a structured, commonly used, and machine-readable format and have the right to
transmit that data to another controller.
6. The Right to Object: You have the right to object to the processing of your Personal Data
when it is based on our legitimate interests. You have an absolute right to object to processing for
direct marketing purposes.
7. The Right to Withdraw Consent: Where our processing is based on your consent, you have
the right to withdraw that consent at any time, without affecting the lawfulness of processing based
on consent before its withdrawal.
To exercise any of these rights, please contact us using the details provided in Section X.
We will require you to verify your identity before responding to your request.
The Company Entity operates on a global scale. Consequently, your Personal Data may be transferred
to, and stored and processed in, countries other than your country of residence. These countries may
have data protection laws that are different from the laws of your country.
When we transfer your Personal Data internationally, we take steps to ensure that it is
protected in accordance with this Policy and applicable law. We rely on legally-provided mechanisms
to lawfully transfer data across borders, such as adequacy decisions issued by relevant authorities,
or by implementing appropriate safeguards like Standard Contractual Clauses (SCCs) or other
recognized legal transfer mechanisms.
Our Services are not intended for or directed at children. We define "children" as individuals under the age of digital consent as specified by the laws of their jurisdiction (for example, under 13 in some regions and under 16 in others). We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child, we will take commercially reasonable steps to delete such information from our records as soon as possible. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us.
We use cookies and similar technologies (e.g., web beacons, pixels, ad tags, and device identifiers) to recognize you and/or your device(s), enhance your experience, analyze service usage, and for advertising purposes. For detailed information on the technologies we use and how you can manage your preferences, please refer to our dedicated Cookie Policy or the cookie management tools provided within our Services.
We reserve the right to amend or update this Privacy Policy at any time to reflect changes in our practices, the Services, or applicable law. We will notify you of any material changes by posting the updated Policy on our website, through in-game notifications, or by other appropriate means. We encourage you to review this Policy periodically to stay informed.
Should you have any questions, concerns, or requests relating to this Privacy Policy or our data
protection practices, please do not hesitate to contact our Data Protection Officer or privacy team.
Email:[email protected]
Mailing Address:20-13 Menara Mutiara Sentral Jalan Desa Aman 1 Cheras Business Centre
Cheras, Wilayah Persekutuan Kuala Lumpur, 56100 Malaysia
We are committed to resolving any privacy concerns in a timely and effective manner.