Our Privacy Policy

Last Updated: April 27, 2023

Effective Date: April 17, 2023

Nørdlight Privacy Notice

For Participants of Rubik’s Match Play Test

Nørdlight is committed to protecting your privacy and the secure processing of your personal data, and we strive to limit the processing of personal data as far as possible and do not collect personal data beyond what is necessary.

Needless to say, all processing of personal data, including the collection, registration, storing, and general handling, is governed by applicable privacy legislation, including the General Data Protection Regulation (GDPR). Nørdlight strives to make sure that the processing of personal data done by Nørdlight is done in accordance with applicable legislation.

Should you have any questions related to privacy and/or your rights, you can contact us at info@nordlight.io or our Data Protection Officer at DPO@spinmaster.com. Below you will also find detailed information on how we process your personal data, on your rights, and how you can exercise them.

About

We take privacy seriously at Nørdlight, and this notice is designed to share what information we collect and how we use it. When Nørdlight processes your personal information in accordance with this Privacy Notice, we are the “controller” of your data as defined by the GDPR and other applicable legislation.

Our contact details are:

Nørdlight AB
Attn: Privacy Officer
BOX 90293
120 31, Stockholm, Sweden

Our email address for all matters related to privacy is info@nordlight.io.

The contact details to our Data Protection Officer are:

SpinMaster Ltd.
Attn: Data Protection Officer
225 King Street West
Toronto, ON M5V 3M2
DPO@spinmaster.com

When does this privacy notice apply?

This Privacy Notice applies when we collect, use, or otherwise process personal data in relation to play tests that Nørdlight conducts. This includes information processed during sign-up for the test as well as data collected in surveys, interviews, and during the testing.

The technical data which we process is collected directly from you or by monitoring your actions in testing.

Personal data we may process, for what purpose, and based on which legal ground?

Purpose of the Processing	Types of Information	Legal Grounds for the Processing
Play Test	Video and audio recording of the playtest. Name, age, gender, country of origin. Survey responses.	Our Legitimate Interest
Customer/Game database	Game specific data vital to play-experience hosting.	Our Legitimate Interest
Technical optimization of own services and products	User metrics to optimize our services and products. Technical analytics via App-instance ID (The ID is used to compute user metrics throughout Analytics), IP address.	Our Legitimate Interest
Customer management	User metrics helping users and parents experiencing issues in the app. Contact information: Name, Email address.	Our Legitimate Interest
App stability monitoring	User metrics to monitor app stability and solve live issues. Crashlytics: Firebase crashlytics monitoring and crash reports and Backtrace crash reports.	Our Legitimate Interest
Player data analysis	User metrics for: - Better understanding of player behaviors in general. - Better understanding of user behavioral patterns across sessions/over time in general. - Balance and tailor play experience and content offering to users in general. - Improving UX and UI. By using App-instance ID, we analyze user in-game behaviors (The ID is used to compute user metrics throughout Analytics) IP address.	Our Legitimate Interest
Customer Support	- Used to provide customers with in-app functionality to get help or reach FAQ sections through Helpshift. By contacting info@nordlight.io we can provide contextual help or customer support for issues in the game.	Our Legitimate Interest
Live-ops	We will collect user metrics to control live ops events in regions where Firebase is not available. By using device region settings we get a Coarse Location. (Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services)	Our Legitimate Interest

Whom may we share your data with?

We may share your personal data with the categories of recipients listed below, for the purposes listed below in the section "suppliers and subcontractors". When we share your personal data, we take all reasonable measures to ensure that your personal data is treated with an adequate level of protection and in accordance with applicable laws.

Suppliers and subcontractors

We collect and process personal data directly from you when you:

Play the app
Register for an account within the Rubik’s app
Pay for a purchasable item within Rubik
Complete a customer survey or provide feedback on Cubric
Request technical support

We are using service providers to help us collect and process some of your personal data. Although we are using the services of these providers, these providers are acting as our processors only processing your personal data as we instruct them to, unless you have given your direct consent for us to share the information with them.

The purposes of collecting this information can be for functions such as technical support, ad attribution, transactional or marketing emails, parental control emails, multiplayer game experience, and payment processing.

For these purposes, we are engaging the services of the following service providers:

Google Inc (Workspace) used for communication and productivity
Google Firebase used for user analytics
Google Firebase Crashlytics used for crash tracking
Google Firebase Remote Config used for A/B testing
Google Play to track app conversions
Google BETA test used as a platform to test launch the app
Amazon Web Services - Such as EC2, S3, Cloudfront, RDS, Cloudwatch - used for ....

Nørdlight acts as the "data controller" (GDPR) or "business" (The California Consumer Privacy Act, CCPA) for any personal data or information about our users. Nørdlight’s suppliers and subcontractors operate as "data processors" (GDPR) or "service providers" (CCPA).

Authorities

We disclose necessary information to authorities such as the Swedish Authority for Privacy Protection and other authorities if we are required to do so by law, or under some circumstances if you have requested us to do so.

Where do we process your personal data?

Our aim is to process your personal data within the EU/EEA. In some situations, such as when we share your personal data with a supplier or subcontractor located outside the EU/EEA, your personal data may, however, be transferred to, and processed in, a destination outside of the EU/EEA.

We strive to ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted. This means ensuring that the third country or state is subject to an adequacy decision by the European Commission or implementing the European Commission’s Standard Contractual Clauses.

For how long will we store your personal data?

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice. When your personal data is no longer relevant for the purposes for which it has been collected, we strive to erase or anonymize it.

Your rights

Under the GDPR and UK GDPR (UK General Data Protection Regulation), you have certain rights concerning the processing of personal data by us. The following rights may be applicable for you.

If you would like to access, correct, erase or limit the use or disclosure of any personal data about you that has been collected and stored by Nørdlight or exercise any other right under applicable data protection legislation, please notify us at info@nordlight.io so that we may consider and respond to your request in accordance with applicable law.

If you want to contact our Data Protection Officer directly, you can do so at DPO@spinmaster.com.

Right of information: You have the right to be provided information regarding the processing of your personal data by us.
Right of access: You have the right to obtain confirmation as to whether or not we are processing your personal data and, if this should be the case, access to the personal data.
Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data concerning you.
Right to erasure ("right to be forgotten"): Under certain circumstances, you have the right to obtain the erasure of personal data concerning you.
Right to restriction: Under certain circumstances, you have the right to obtain the restriction of processing.
Right to data portability: Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit this data to another controller.
Right to object: Under certain circumstances, you have the right to object to the processing of personal data concerning you. This includes but is not limited to the right to object in cases in which we process your personal data based on legitimate interest.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you consider that Nørdlight’s processing of personal data relating to you infringes the GDPR.
Right to withdraw consent: If a processing of your personal data is based on your consent as set out, you have the right to withdraw your consent at any time.
Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How we protect your information

We are committed to protecting our users' personal data and are, among other things, using pseudonymization, encryption, and user-based access levels to protect your data. We strive to take appropriate technical and organizational measures to ensure the protection of your personal data.

Notice to California Residents:

Under California Civil Code sections 1798.83, California residents are entitled to ask us for a notice describing what categories of Personal Information we share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. Please note that we do not share your Personal Information with any third parties or affiliates for their direct marketing purposes.

CCPA provides consumers who are California residents with specific rights regarding their Personal Information.

Right to Access: If you are a California resident, you have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use and/or disclose.
Right to Delete: If you are a California resident, you have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.
Right to Opt Out of Sale of Personal Information: As the term is defined by the CCPA, Nørdlight does not sell any personal information.

To make a request regarding your rights as described above, please send an email to info@nordlight.io or DPO@spinmaster.com or write to us, using the addresses above.

Changes to this Privacy Notice

This privacy notice may be changed from time to time to accommodate new technologies, industry practices, regulatory requirements, or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. The notice may be sent to you by email to the last email address you provided us with, by posting notice of such changes on our sites and applications, or by other means, consistent with applicable law. The date of the last modification is stated at the top of this document.