VALUES AND PRINCIPLES OF TACTIC GROUP CONCERNING DATA PROTECTION
Tactic Games Oy provides its consumers with products and services that offer unforgettable moments of togetherness, memorable experiences and feelings of joy, excitement and success. We also feel very strongly about protecting our customers’ privacy, and one of our key values is taking great care and extensive measures to protect our customers’ data. We have therefore prepared and re-stated data protection principles that concern the entire Tactic Games Group.
Tactic Games Oy, P.O. Box 4444, 28101 Pori and its subsidiaries and branches (hereafter Tactic, we, us, our or ours) is the controller of personal data and is committed to protecting and respecting the privacy and personal integrity of data subjects when they use Tactic products and services, browse the Tactic website or use our applications. This document lays down the data protection principles according to which Tactic processes personal data.
Our personal data registers and privacy policies
Legal basis of our data registers and purpose of processing personal data
The legal basis of processing personal data pursuant to the EU General Data Protection Regulation is:
– the legitimate interest of the controller;
– the data subject’s consent;
– the agreement to which the data subject is a party, or
– obligation with a legal or regulatory basis
Data register content and period of storage of personal data
Information stored in our data registers may include the following: name, company/organisation, role in the organisation, contact details (telephone number, email address, address), product/service orders and any changes thereto, invoicing information, and other information related to the customer relationship and the products/services ordered.
Regular sources of information
We receive the data we store in our registers via webforms, email messages, telephone, agreements, customer meetings and other situations where a customer or a representative of a stakeholder discloses information.
Regular disclosure of information and transfer of information outside the EU or EEA
Information is not disclosed regularly to third parties. Information may only be published insofar as agreed with the customer.
The controller may transfer the data also outside the European Union or the European Economic Area. In such cases, transfers are made solely on business grounds and only as regards the data of the customers/stakeholder representatives involved in the business transaction in question.
Data register security
We handle our registers with due care and apply appropriate security measures to protect data processed by means of information systems. If register data is stored on an internet server, appropriate physical and digital information security measures are taken to protect the related equipment. The controller ensures that the stored data and the server user rights and other information critical for the protection of personal data are treated confidentially and only by employees whose duties involve processing such data.
The right to access and the right to rectify
Every data subject has the right to access the personal data that has been collected on him or her and to require the rectification or completion of any inaccurate personal data. Requests to access personal data or to rectify inaccurate data must be submitted in writing to the controller. If necessary, the controller may request the provision of additional information to confirm the identity of the data subject. The controller responds to the request at the latest within one month as stipulated in the GDPR.
Other rights of the data subject related to the processing of personal data
The data subject has the right to request the erasure of personal data concerning him or her (“the right to be forgotten”). Moreover, the data subject has all the other rights provided for in the GDPR, including the right to restriction of processing of personal data in certain circumstances. Requests must be sent to the controller in writing. If necessary, the controller may request the provision of additional information to confirm the identity of the data subject. The controller responds to the request at the latest within one month as stipulated in the GDPR.
Tactic Games’ websites
While a person is browsing Tactic Games’ websites, the browsing person’s computer operating system, Internet Protocol (IP) address, access times, browser type and language and referring website addresses may be logged automatically. We may use this information to monitor, develop and analyse the use of that website.
We and our marketing and outsourcing partners, affiliates, or analytics service providers use technologies such as cookies, beacons, scripts, and tags to identify a user’s computer/device and to “remember” things about that user’s visit, such as the user’s preferences or a user name and password. Information contained in a cookie may be linked to the user’s personal information, such as the user’s user ID, for purposes such as improving the quality of our websites, tailoring recommendations to interests, and making the website easier to use. A user can disable cookies at any time, although they may not be able to access or use features of that website after doing so.
Tactic websites and digital services may contain links to the websites of our online partners, advertisers and group companies. If a user follows a link to one of these websites or uses third-party services, the user must be aware that these websites have separate privacy policies and Tactic does not take responsibility for their data processing procedures.
We may feature advertisements served by third parties that deliver cookies to a person’s computer/device so the content the person accesses and advertisements the person sees can be tracked. Since the third party advertising companies associate the person’s computer/device with a number, they will be able to recognize the person’s computer/device each time they send the person an advertisement. These advertisers may use information about the person’s visits to our Service and third party sites and applications in order to measure advertisement performance and to provide advertisements about goods and services of interest.
We may feature advertising within our Services or Sites. The advertisers may collect and use information about users of those Services and Sites, such as a person’s Service or Site session activity, device identifier, MAC address, IMEI, geo-location information and IP address. For more information on our partners within the Services and Sites and how to opt out, contact info(at)tactic.net.
In addition, a person may see our digital games advertised in other Services or Sites. After clicking on one of these advertisements and installing our digital game, the person will become a user of our Service. In order to verify the installs, a device identifier may be shared with the advertiser.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on devices. This software may record information such as how often a person uses the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal information a person submits within the mobile application.
Whenever a person plays our digital games, we collect some data about that person’s interactions with the game. This information may be associated with the person’s player ID, IP address or device ID for the purpose of providing one our Services and improving them. With the person’s permission, we will also collect the person’s exact location so that we are able to match the person with other players in the area.
We take the safety and protection of privacy of children extremely seriously; we do not target marketing or request for personal data from children under the age of 18 without the confirmed consent of their parents.
Data protection related impact assessment
Our data processing operations do not involve a high risk as defined in the GDPR, and therefore we, as the controller, are not obliged to carry out a data protection impact assessment.
However, we have conducted and continue to conduct regular thorough assessments of personal data processing related risks.
We operate in compliance with the EU General Data Protection Regulation (2016/679) and are bound by it and the act complementing the EU General Data Protection Regulation (2018/218) and the Act on Electronic Communications Services (2014/917).
Period of validity and changes