Our Privacy Policy

Last Updated: April 27, 2023

Effective Date: April 17, 2023

Nørdlight Privacy Notice

For Participants of Rubik’s Match Play Test

Nørdlight is committed to protecting your privacy and the secure processing of your personal data, and we strive to limit the processing of personal data as far as possible and do not collect personal data beyond what is necessary.

Needless to say, all processing of personal data, including the collection, registration, storing, and general handling, is governed by applicable privacy legislation, including the General Data Protection Regulation (GDPR). Nørdlight strives to make sure that the processing of personal data done by Nørdlight is done in accordance with applicable legislation.

Should you have any questions related to privacy and/or your rights, you can contact us at info@nordlight.io or our Data Protection Officer at DPO@spinmaster.com. Below you will also find detailed information on how we process your personal data, on your rights, and how you can exercise them.


We take privacy seriously at Nørdlight, and this notice is designed to share what information we collect and how we use it. When Nørdlight processes your personal information in accordance with this Privacy Notice, we are the “controller” of your data as defined by the GDPR and other applicable legislation.

Our contact details are:

Nørdlight AB
Attn: Privacy Officer
BOX 90293
120 31, Stockholm, Sweden

Our email address for all matters related to privacy is info@nordlight.io.

The contact details to our Data Protection Officer are:

SpinMaster Ltd.
Attn: Data Protection Officer
225 King Street West
Toronto, ON M5V 3M2

When does this privacy notice apply?

This Privacy Notice applies when we collect, use, or otherwise process personal data in relation to play tests that Nørdlight conducts. This includes information processed during sign-up for the test as well as data collected in surveys, interviews, and during the testing.

The technical data which we process is collected directly from you or by monitoring your actions in testing.

Personal data we may process, for what purpose, and based on which legal ground?

Purpose of the Processing Types of Information Legal Grounds for the Processing
Play Test Video and audio recording of the playtest.
Name, age, gender, country of origin.
Survey responses.
Our Legitimate Interest
Customer/Game database Game specific data vital to play-experience hosting. Our Legitimate Interest
Technical optimization of own services and products User metrics to optimize our services and products.
Technical analytics via App-instance ID (The ID is used to compute user metrics throughout Analytics), IP address.
Our Legitimate Interest
Customer management User metrics helping users and parents experiencing issues in the app.
Contact information: Name, Email address.
Our Legitimate Interest
App stability monitoring User metrics to monitor app stability and solve live issues.
Crashlytics: Firebase crashlytics monitoring and crash reports and Backtrace crash reports.
Our Legitimate Interest
Player data analysis User metrics for:
- Better understanding of player behaviors in general.
- Better understanding of user behavioral patterns across sessions/over time in general.
- Balance and tailor play experience and content offering to users in general.
- Improving UX and UI.
By using App-instance ID, we analyze user in-game behaviors (The ID is used to compute user metrics throughout Analytics) IP address.
Our Legitimate Interest
Customer Support - Used to provide customers with in-app functionality to get help or reach FAQ sections through Helpshift.
By contacting info@nordlight.io we can provide contextual help or customer support for issues in the game.
Our Legitimate Interest
Live-ops We will collect user metrics to control live ops events in regions where Firebase is not available.
By using device region settings we get a Coarse Location.
(Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services)
Our Legitimate Interest

Whom may we share your data with?

We may share your personal data with the categories of recipients listed below, for the purposes listed below in the section "suppliers and subcontractors". When we share your personal data, we take all reasonable measures to ensure that your personal data is treated with an adequate level of protection and in accordance with applicable laws.

Suppliers and subcontractors

We collect and process personal data directly from you when you:

We are using service providers to help us collect and process some of your personal data. Although we are using the services of these providers, these providers are acting as our processors only processing your personal data as we instruct them to, unless you have given your direct consent for us to share the information with them.

The purposes of collecting this information can be for functions such as technical support, ad attribution, transactional or marketing emails, parental control emails, multiplayer game experience, and payment processing.

For these purposes, we are engaging the services of the following service providers:

Nørdlight acts as the "data controller" (GDPR) or "business" (The California Consumer Privacy Act, CCPA) for any personal data or information about our users. Nørdlight’s suppliers and subcontractors operate as "data processors" (GDPR) or "service providers" (CCPA).


We disclose necessary information to authorities such as the Swedish Authority for Privacy Protection and other authorities if we are required to do so by law, or under some circumstances if you have requested us to do so.

Where do we process your personal data?

Our aim is to process your personal data within the EU/EEA. In some situations, such as when we share your personal data with a supplier or subcontractor located outside the EU/EEA, your personal data may, however, be transferred to, and processed in, a destination outside of the EU/EEA.

We strive to ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted. This means ensuring that the third country or state is subject to an adequacy decision by the European Commission or implementing the European Commission’s Standard Contractual Clauses.

For how long will we store your personal data?

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice. When your personal data is no longer relevant for the purposes for which it has been collected, we strive to erase or anonymize it.

Your rights

Under the GDPR and UK GDPR (UK General Data Protection Regulation), you have certain rights concerning the processing of personal data by us. The following rights may be applicable for you.

If you would like to access, correct, erase or limit the use or disclosure of any personal data about you that has been collected and stored by Nørdlight or exercise any other right under applicable data protection legislation, please notify us at info@nordlight.io so that we may consider and respond to your request in accordance with applicable law.

If you want to contact our Data Protection Officer directly, you can do so at DPO@spinmaster.com.

How we protect your information

We are committed to protecting our users' personal data and are, among other things, using pseudonymization, encryption, and user-based access levels to protect your data. We strive to take appropriate technical and organizational measures to ensure the protection of your personal data.

Notice to California Residents:

Under California Civil Code sections 1798.83, California residents are entitled to ask us for a notice describing what categories of Personal Information we share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. Please note that we do not share your Personal Information with any third parties or affiliates for their direct marketing purposes.

CCPA provides consumers who are California residents with specific rights regarding their Personal Information.

To make a request regarding your rights as described above, please send an email to info@nordlight.io or DPO@spinmaster.com or write to us, using the addresses above.

Changes to this Privacy Notice

This privacy notice may be changed from time to time to accommodate new technologies, industry practices, regulatory requirements, or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. The notice may be sent to you by email to the last email address you provided us with, by posting notice of such changes on our sites and applications, or by other means, consistent with applicable law. The date of the last modification is stated at the top of this document.