Stillfront Group logo

Candywriter, LLC

Privacy Policy

Website: www.candywriter.com

Last updated: October 4, 2024

Candywriter respects your right to control your privacy. We have put in place security measures for your personal data and manage your personal data in accordance with applicable data protection and data privacy regulations. This Privacy Policy explains how we handle and treat your data when you register an account, visit our site, play our games or use their associated services, and engage or communicate with us.

Our Services are not directed to children and we do not knowingly collect Personal Data from children under 16 years of age.

Overview

Throughout this Privacy Policy, the following terms have the following meanings.

Data Privacy Laws
Applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (2016/679) (the GDPR).
United States Privacy Law
All applicable United States of America data protection and data privacy law on all levels applicable on the processing and the Services, including but not limited to the California Consumer Privacy Act.
Processing and Process
All activities involving your Personal Data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information.
Services
Applications, games and other products, Websites, Forums, Webb shop, email communications, social media accounts and any related services or properties the Company controls.
Personal Data
Personal Data that relates to you as an identified or identifiable individual.

While operating the Services, Personal Data will be shared with partners the Company works with. Some of these partners act as Controllers independently and therefore independently determine how and why they process your data. Under certain circumstances, Personal Data may also be transferred to countries outside the European Economic Area.

Section 1

Who We Are

Controller

The Controller responsible for your Personal Data for the purposes of the GDPR and applicable Data Protection Law is:

Candywriter, LLC
1521 Alton Rd, #670
Miami Beach, FL 33139

privacy@candywriter.com
candywriter.com

The Company is part of the Stillfront Group, a global group of gaming studios with its parent company, Stillfront Group AB (publ), incorporated in Sweden and listed on Nasdaq First North Premier Growth Market.

Data Protection Officer

The data protection officer of the Controller for the purposes of the GDPR is:

Peter Birgersson, Deloitte AB

dpo@stillfront.com

Section 2

What Information Do We Collect From You?

Information you provide voluntarily when using the Services

  • Your name, email address, or other contact information communicated to the Company.
  • Any Personal Data provided in and through communication channels available in the Services.
  • If you have subscribed to communications, your content preferences, language, contact information or other information you submit when subscribing.
  • If you participate in surveys or other research, any comments, feedback, responses, or other information you provide.
  • Any other information you choose to submit through the Services or otherwise.

Additional information you provide when using BitLife services

  • Appsflyer ID and unique account online identifiers automatically created upon application installation.
  • Inferences made based on your in-app activity.

Information collected directly from you and/or your device by automatic means

The Company collects Personal Data directly from you and/or your device when you use the Services or interact with ads outside of the Services on third-party websites or applications, including through cookies, similar technologies, or software development kits (SDKs).

  • Your device and browser, such as device type, model, manufacturer, operating system, language, display, processor, browser type, and IP address, including coarse location.
  • Your use of the Services, such as access date and time, access status, access location, duration of use, actions taken, visited sites, and information or files downloaded or added to the device from the Service.
  • Your connection method when first using the Services.
  • Crash logs, snapshots or other information related to bugs, errors, or other issues.
  • Inferences made based on your activity in the Services.

The Company does not expect or intend to collect or otherwise process special categories of data, such as genetic, precise location, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or information about criminal offences or convictions. Do not provide this kind of information or use the Services to make it available to others.

Section 3

How Do We Use Your Personal Data?

The Company uses your Personal Data for different purposes, including to provide requested Services, improve and develop Services, predict user trends, make recommendations and marketing activities based on usage, and customize the Services for you.

To perform the contract with you in respect of the Services

  • Enable you to use the Services and administer the Services.
  • Provide, maintain, enhance and personalize the Service(s), including selecting an appropriate language version based on your location.
  • Know your preferences and present Website content in the most effective manner for you and your computer or mobile device, based on browsing history on the Services.
  • Provide account and log in features and share that data depending on your chosen method.
  • Provide social features and communication channels in the Service.
  • Take appropriate actions in accordance with the Terms and Conditions and Game rules.

Based on your given consent when using the Services

  • Use data provided by you to send interest-based, personalised advertisements along with marketing of the Services and those of the Stillfront Group and partners.
  • Use survey data to improve the game and customer experience when interacting with the Services.
  • Deliver newsletters, update information and game information, including patches, updates, community events, special promotions, personalized updates, development information and, if applicable, offers related to the game.
  • Use stored relevant payment information and methods submitted and approved by you to ease future transactions and purchases.

Based on legitimate interest to improve the Services and user experience

  • Operate and maintain the Services, including improving current Services or developing new Services.
  • Where available, provide social features such as chat and forum functions or events in the Services or other Services.
  • Use contact information you provide to contact you, handle support requests, or otherwise manage the relationship with you.
  • Troubleshoot or debug bugs, errors, or other issues in the Services.
  • Measure and analyse use of the Services or data collected through the Services to discover trends, insights, and inform operations.
  • Create data that is not identifiable to you, such as aggregate data, which may then be used and shared freely.
  • Analyse how visitors use the Services.

Based on legitimate interest to understand behaviour and performance

  • Analyse aggregated data regarding recency and frequency of player events such as "game closed" or "in-app purchases" to understand retention patterns and player behaviour.
  • Use aggregated data regarding events such as "watched in-game advertising" or "in-app purchases" to understand and measure player lifetime value and analyse expected future revenue from players.

Based on legitimate interest to provide interest-based services and contextual advertisement

  • Use ad identifiers, third-party tracking IDs such as AppsFlyer ID, and similar technologies to collect data from your device.
  • Combine information from third-party providers with features including device type, system language and IP address to create a unique player ID.
  • Recognise you and your device and provide customised player experiences and contextual in-app activity based advertising.

Based on legitimate interest to safeguard operations and defend claims

  • Audit operations or processes to verify that they function as intended.
  • Establish, exercise and defend legal claims, including in the unlikely event of a dispute or criminal investigation.
  • Disclose Personal Data to applicable governmental, regulatory, sporting or enforcement authorities where required by law.
  • Disclose Personal Data to regulatory bodies in connection with prevention and detection of crime where there are reasonable grounds to suspect that you may be involved in a breach of the law.

In addition, the Company may process your data for additional purposes that are compatible with any of the purposes listed above.

Section 4

Who We Share Your Information With

Your Personal Data may be transferred or disclosed to third parties for the processing of that Personal Data on the Company's behalf, such as the following categories.

This list is non-exhaustive. When Personal Data is shared with business partners, group affiliates or other trusted entities, the Company requires them to use the information in accordance with its instructions.

Section 5

Appropriate Safeguards to Countries Outside the EU/EEA

In connection with the processing activities described in this Privacy Policy, information may be shared outside of the European Union (EU) and the European Economic Area (EEA). A number of servers used for hosting data are located in the United States, the main office is in the United States, and some group companies or service providers are also located outside of the EU and EEA.

Where the Company transfers Personal Data outside the EU/EEA, it will ensure that Standard Contractual Clauses have been entered into between the transferring entity and the receiving external party, or that other equivalent safeguards are put in place prior to such transfers.

Data shared may consist of information you provide voluntarily when using the Services, Service-specific personal data, and data collected from your device by automatic means. Under the GDPR, you are entitled upon request to receive a copy of documentation demonstrating that appropriate safeguards have been taken. Requests can be sent to privacy@candywriter.com.

Section 6

How Long Do We Keep Hold of Your Information?

Information is retained only for as long as necessary for the purposes set out in this Privacy Policy. The retention period is established based on:

  1. How long there is an ongoing relationship with you.
  2. Legal obligations to which the Company is subject, such as tax and accounting obligations.
  3. The Company's legal position, including applicable statutes of limitations.

For more specific information about data retention terms, contact the Data Protection Officer at dpo@stillfront.com.

Section 7

Security

The Company applies appropriate safeguards to protect your Personal Data, taking into account the state of the art, implementation costs, and the nature, scope, context, purposes and risks of processing. Technical, physical and organisational measures are in place to protect Personal Data against unauthorised or accidental destruction, alteration or disclosure, misuse, damage, theft, accidental loss or unauthorised access.

Section 8

Your Rights Under the GDPR and Applicable Data Protection Law

Providing data is not mandatory, but the Company may be unable to provide the Services or some features without processing your data. You may limit or control certain processing choices by not connecting third-party accounts, resetting or limiting your Advertising ID, or disabling some or all cookies in your browser settings.

Access

You may request confirmation whether Personal Data is processed and, if so, access to your Personal Data and additional information such as the purposes of the processing.

Object to certain processing

You may object to processing based on legitimate interest, on grounds relating to your particular situation, and to processing for direct marketing purposes.

Rectification

You have the right to have inaccurate Personal Data rectified and incomplete Personal Data completed.

Erasure

You may have your Personal Data erased under certain circumstances, such as when it is no longer needed for the purposes for which it was collected.

Restriction of processing

You may ask the Company to restrict processing of your Personal Data to storage only under certain circumstances.

Withdrawal of consent

You may withdraw consent at any time to the extent the processing is based on consent.

Data portability

You may ask to receive a machine-readable copy of Personal Data processed and ask for the information to be transferred to another Controller where possible.

Complaints to the supervisory authority

You have the right to lodge complaints pertaining to the processing of your Personal Data to the relevant data protection supervisory authority.

How to adjust your preferences

To access your data in the Services or request its deletion, use the automatic tools provided in the Services, typically in the game settings. On the same page, you can also opt out of personalised offers and access your consent status where applicable.

If you opt out of interest-based advertising, you may still be able to play the games and still see advertising in them. You can also choose to prevent your device's ad identifier by changing your device settings.

The Company asks that you primarily use these tools because they help validate, process and fulfil your request more quickly and reliably.

Questions about the policy

If you have any questions about this Privacy Policy or the Company's data collection practices, contact the Company at the address or email set out in section 1 and specify your country of residence and the nature of your question.

Section 9

US Residents

If you are based in the United States and connecting from states in which data protection laws have been enacted, this section forms part of the Privacy Policy and should be read together with the other sections. If there is any conflict between this section and the remainder of the Privacy Policy, this section prevails.

Candywriter, LLC does not sell personal data and has not done so in the last 12 months. The Company may share identifiers and cookie information with third-party advertisement platforms to provide interest-based and personalised advertisements, measure attributed installs and optimise marketing. To the extent such practices are considered a sale under applicable data protection law, you may opt out by following the steps described below.

Opt Out

You have the right to opt out of the sale or sharing of your personal information for targeted advertising purposes, sale, or profiling with legal or significant effect on you. How to opt out depends on the service you use and may be limited to the specific service.

Access and Data Portability

You may have the right to request details about the Personal Data collected about you and receive a copy of it.

Right to Correction and Deletion

You may have the right to request correction of inaccurate Personal Data and deletion of Personal Data unless an exception applies.

Right to Non-Discrimination

The Company will not deny access, reduce service quality or provide a different level of quality because you exercise your rights, unless allowed or required under applicable law.

Right to Appeal and Limitation

If a privacy rights request is denied or rejected, you may have a right to appeal if permitted by your state's privacy law. Depending on your state of residence, you may also have the right to ask the Company to limit use of sensitive personal information if it is used to infer characteristics about you.

California residents, Shine the Light

California residents may request information once a calendar year about customer information shared with other businesses for their own direct marketing uses. The source PDF contains the contact instruction as [insert contact email] and that wording has been preserved here.

Section 10

Changes to the Terms of This Privacy Policy

The Company reserves the right to update this Privacy Policy from time to time, for example due to changes in operations, new partners or the legal obligations that apply. Updates will be made available here and, where appropriate, users will be informed of changes by other means appropriate to the significance of the changes.

Last updated: October 4, 2024

Section 11

Data Controllers

Bidmachine

Purpose: Ad Monetization provider

Location: United States

Adcolony

Purpose: Ad Monetization & User Acquisition provider

Location: United States

Apple

Purpose: Platform provider and Monetization and User Acquisition provider

Location: United States

Applovin

Purpose: Ad Monetization & User Acquisition

Location: United States

Facebook/Meta

Purpose: Ad Monetization & User Acquisition

Location: United States

Google

Purpose: Platform provider & Monetization and User Acquisition provider

Location: United States

HyprMX

Purpose: Ad Monetization

Location: United States

Inmobi

Purpose: Ad Monetization

Location: India

Ironsource

Purpose: Ad Monetization & User Acquisition

Location: Israel

Liftoff

Purpose: Ad Monetization & User Acquisition

Location: United States

Reddit

Purpose: User Acquisition

Location: United States

Smaato

Purpose: Ad Monetization

Location: United States

Snapchat

Purpose: User Acquisition

Location: United States

TikTok

Purpose: User Acquisition

Location: United States

Unity

Purpose: User Acquisition

Location: United States

AdJoe

Purpose: User Acquisition

Location: Germany

Mintegral

Purpose: Ad Monetization & User Acquisition

Location: China

Tapjoy

Purpose: Ad Monetization & User Acquisition

Location: United States

Mistplay

Purpose: Ad Monetization & User Acquisition

Location: Canada

Amazon Publisher Services

Purpose: Ad Monetization

Location: United States

X

Purpose: User Acquisition

Location: United States

Section 12

Data Processors / Service Providers

Didomi

Purpose: Consent management platform

Location: France

Appsflyer

Purpose: Advertising Attribution and Analytics

Location: United States

Firebase

Purpose: Analytics

Location: United States

GameAnalytics

Purpose: Analytics

Location: Denmark

Looker

Purpose: Analytics

Location: United States

Embrace

Purpose: Analytics

Location: United States

Clevertap

Purpose: Analytics

Location: United States

Zendesk

Purpose: Customer Support

Location: United States

Addendum

Privacy Policy Addendum - Asia

This section applies to residents connecting from or for the services offered in India, the Philippines, Indonesia, Malaysia, Thailand, Singapore, Japan, Bangladesh, Mongolia, Australia, New Zealand, and Vietnam.

Consent to the collection, use and transfer of personal information

By using the Services, you consent to the collection, transfer and use of your personal information as outlined in this Privacy Policy. This includes consenting to the transfer of personal information to other parties, including overseas transfers, as outlined above in sections 4, 10 and 11 of the Policy.

You may withdraw your consent at any time. Withdrawing your consent may impact your ability to use the Services, because the use of personal information is necessary for the functioning of the Services.

Retention and methods of destruction of personal information

When personal information becomes unnecessary, the retention period has expired, or the purpose of processing has been achieved, appropriate measures are taken to render the personal information unreadable and/or unidentifiable. This may include permanent deletion of collected personal information.

If personal information must be kept in order to comply with relevant laws or regulations, the information will be stored separately and used only for such compliance purposes.

Personal information is removed and destroyed in accordance with applicable law and only for the duration of the relevant retention period. Information stored in electronic form is destroyed and/or anonymized so that it cannot reasonably be reproduced, and physical records are destroyed through actions such as shredding or incineration.

This page is a static HTML version of the provided PDF for deployment under the /privacypolicy route.