Latest Update: 20 Nov 2024

Our Promise

NineZyme OÜ (henceforth "we", "us", or "NineZyme") values your privacy and your right to have full control over your personal data. This Privacy and Cookie Notice (henceforth "Notice") below sets out in detail how we may process your information under various circumstances.

We encourage you to read it full. However, we also understand that reading legal text is about as fun as becoming a snack for a man eating plant. It can be dense and difficult to sift through... and most people won't have the time or patience for it. So, dear reader, we offer you this brief summary, which covers the gist of it:

The majority of information that we collect from you, our customers, is completely anonymous and intended strictly for the purpose of improving our products and your overall experiences with them. It is mostly limited to data of a statistical nature, such as the application that you are using, what kind of device it is running on, how long you are engaging with it, your IP address, what type of interactions you most commonly perform, etc. This helps us learn about our audience and discover which parts of our products are most enjoyable, annoying, or potentially broken. We can then react to that information throughout our development processes.

In the event that an application may require storage of account information in order to directly identify you, for age verification, or login purpose... We vow to keep this data to an absolute minimum, and to use global encryption standards, on a secure server with limited access. We also vow to never sell your information to a third party, or sign you up for any additional services your behalf (no junk mail). However, some third party services that we use (for mailing lists, etc) may have different privacy procedures in place. Our current usage of third party services is extremely minimal, and long term we aim to have all services internal to the company.

1. Introduction

We are committed to protecting your privacy and personal data. This Notice will inform you as to how we process and look after your personal data when you visit our Website (regardless of where you visit it from) as well as any personal data processing that may happen as a result of you using our services.

This Notice has been drafted with the intention of complying with the laws applicable to the data processing carried out by us, in particular the European Union's General Data Protection Regulation (henceforth “GDPR”). Please note that depending on which country you use our services from, the laws governing your rights as a data subject might differ. We may also modify this Notice from time to time. Any changes to our Notice will become effective upon posting of the revised Notice on the Website and we will notify you of any material changes to this Notice. We recommend that you review this Notice from time-to-time.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. Data Controller

Our legal status under data protection law is that of a controller (also known as data controller) and in this capacity, we will securely store and process your personal data which you have provided to us. Controller is the legal term used to signify the organization that controls what to do with any given personal data.

As this Notice describes the data processing done by us in the context of offering you with services, this Notice does not describe the data processing which occurs from the moment you are either directed to a third party webpage or use the services of the third parties, for which dedicated third party privacy notices apply.

We have no influence on the content and function of the third-party services and are generally not responsible for the processing of your personal data by their providers. Insofar as the integration of a third-party service results in us establishing joint processes with its provider, we will define with this provider in an agreement on joint controllership pursuant to Article 26 of the GDPR how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which data protection obligations.

If you have a concern or any questions about our handling of your personal data, please get in contact with us so we can try to resolve your query using the email info@ninezyme.com. If you wish to contest our decision, you can report this to the supervisory authority responsible for the data protection supervision in your member state if you reside in the EU. You are also welcome to contest our decision at the lead supervisory authority: the Estonian Data Protection Inspectorate (henceforth “DPI”). The DPI-s official webpage and contact forms may be accessed from https://www.aki.ee/en/contact.

3. Information We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which includes:

Identity data may include first name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact data may include email address and telephone number as well as any other information provided at the time of subscribing to any of our services (including promotions about products), posting material or requesting further services.
Correspondence data may include information you provide when entering a promotion or competition, making a customer support enquiry or complaint or when you report a problem with our Website, any other records of correspondence if you contact us about any matter.
Financial data may include bank account information and information relating to your financial position.
Transaction data may include details about payments to and from you and other details of products and services you have purchased from us.
Technical data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
Usage data may include information about how you use our Website, services, or products.
Marketing and communications data may include your preferences in receiving marketing from us and our third parties and your communication preferences.

‍
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. We mainly collect data regarding app use, such as which application is used for how long, how long the user is active in the particular app, the app’s popularity, etc. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

We may also collect certain special categories of personal data about you and information about criminal convictions and offenses. This information is not collected by us in the ordinary course of business but only in exceptional circumstances and shall only be processed to comply with legal or regulatory obligations and responsibilities or where you have provided this information to us.

4. Minimum Age Requirements

Protecting the safety and privacy of children is very important to us. We do not voluntarily process personal data of persons under the age of 13 as pursuant to § 8 of the Personal Data Protection Act. The user must confirm that he or she is at least 13 years of age when using our services. If the person is under the age of 13, we will not collect and use the personal data of said person unless we have the consent of the legal guardian.

5. Failure To Provide Data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

6. Data Collection Methods

We use different methods to collect data from and about you including through:

Personal data disclosed by you as a result of the intended use of the Website and any subsequent processing, e.g. data disclosed during e-mail correspondence, emerged as a result of normal communication between you and NineZyme and data disclosed by you when expressing your interest in receiving additional information about NineZyme.
Personal data disclosed by you as a result of the intended use of the application and subsequent processing, e.g. statistical data generated and disclosed during your usage of the application.
Automated technologies or interactions. As you interact with our Website, we may automatically collect data about your equipment, browsing actions and patterns, which may include personal data. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie section below for more information.

7. How Data Is Used

In accordance with data protection laws, we will only process your personal data where we have a lawful basis for doing so. In respect of your personal data, these bases are: (i) where it is necessary to provide services to you under the performance of the contract we have with you; (ii) where we are required to do so in accordance with legal or regulatory obligations; (iii) where you have given your consent; and (iv) where it is in our legitimate interests to process your personal data provided that these interests do not prejudice your own rights, freedoms and interests.

We will process your personal data for the purposes and in accordance with the following bases:

Purpose

Lawful Basis

Verifying your age and identity, including disclosing your personal data to third parties regarding such verification

Necessary to comply with a legal or regulatory obligation

Making available to you online advertisements and branding in relation to our goods, services, promotions and offers which may be of interest to you

Consent / Legitimate interests

Improve our service and make your experience as enjoyable as possible by preparing statistics and providing analytical reports and analysis relating to the use of the services by our customers

Legitimate Interests

Enforcing or applying our agreements, and to protect the rights of our company, our users, or others

Necessary for the performance of a contract and also necessary to comply with a legal or regulatory obligation / Legitimate Interests

Undertaking research, conducting surveys, technical diagnostics, research analyses and obtaining feedback from our players (which may include us contacting you directly) in order to better understand and improve our services

Legitimate Interests (and you can opt-out of us contacting you at any time)

Training and quality management to improve our services and customer relations (which may include recording telephone calls)

Legitimate interests

Responding to communications you send to us

Consent / Legitimate interests / Necessary for the performance of a contract

Providing you with any other services or complying with other legal or regulatory obligation from time-to-time

Necessary to comply with a legal or regulatory obligation and/or necessary for the performance of a contact

The management and use of cookies on the Website

Consent / Legitimate interest

We may use non-personal information (which is non-identifiable information that, when taken alone, cannot be used to identify or contact you). This could include gameplay information, technical information and analytics information. As such, we are not aware of the identity of the user from which the non-personal information was collected. We use such information for different purposes, such as advertising, improvement of our services and performing web analytics. We may gather such information, either independently or through the help of our third-party service providers.

Where we process your personal data as set out above, we may do this directly or appoint members or service providers (known as processors) to do this on our behalf and all of whom adhere to this Notice, and who only process your personal data on our behalf for the purposes set out above.

8. Data Transfer

Data protection laws vary from country to country and sometimes it may be necessary to transfer your information to countries outside the European Union (EU) and European Economic Area (EEA). Some countries offer more protection in this respect, others less. Regardless of where your information is processed, we apply the same safeguards as described in this Notice.

The European Commission has found that certain countries outside the European Economic Area (EEA) adequately protect personal data, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein and Iceland to these countries. We rely on the adequacy decisions of the European Commission available here.

Where necessary (in case the data protection and other laws of these countries may not be as comprehensive as those in the EU and EEA) and in cases where adequacy decisions do not apply, we will take steps such as rely on Standard Contractual Clauses (SCC) pursuant to European Commission Decision 914/2021/EU available here to ensure that an adequate level of protection is given to your personal data.

9. Marketing

In general, we will send you marketing communications where you have consented to receive such communications. You may at any time decline receiving further marketing offers from us or from our business partners by contacting us or following the links in the relevant communication to unsubscribe. Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications which are not categorized as marketing communications, but as an essential part of the service. This specifically refers to situations wherein you may be contacted as part of our legal and regulatory obligations within our jurisdiction.

From time to time, if your consent for this purpose is not required by law, we may use contact details to send you information about our services, which you accessed or subscribed to, including, but not limited to news about product updates, events, promotional materials and contests based on our legitimate interests. You can opt out of these communications at any time should you wish by contacting us or following the links in the relevant communication to unsubscribe. Additionally, it is also possible to discontinue all general communications whilst receiving important update messages.

For ease, each communication from us will include instructions for discontinuing the receipt of further communications.

10. Security

We employ security measures to protect your personal data from access by unauthorized persons and to prevent unlawful processing, accidental loss, destruction and damage. These safeguards vary based on the sensitivity of the information that we collect and store. Protection of your personal data, including your registration details and any debit or credit card information you provide to us, is a priority for us.

Unfortunately, the transmission of Information via the internet is not completely secure. Although we will do our best to protect your Information, we cannot guarantee the security of any personal data that you disclose online. For your own privacy protection, we encourage you not to include sensitive information in any emails you may send to us.

11. Retention

We will hold your personal data for so long as you use our service and for no more than five years after (unless required to be kept longer in accordance with legal and regulatory requirements). We will endeavor to delete any personal data sooner where it is not necessary for us to hold this, but please be aware that we may hold personal data for longer if we are under a legal obligation to do so or where we have a reasonable belief that it is necessary to do so for business or legal reasons.

12. Your Legal Rights And Fees

If you are a person whose data is being processed, you have certain rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights set out below, please contact us at info@ninezyme.com. Please note, however, that not all rights are absolute. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Your legal rights:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or regulatory reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Any privacy data request should be directed to info@ninezyme.com wherein you will be provided with further details.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

13. Third Party Collection

Please keep in mind that this Notice does not apply to any third-party websites, services or applications, even if they are accessible, downloadable, or otherwise distributed through the Website. You should always review their privacy practices carefully before providing personal information to such third parties.

14. Corporate Transaction

We may share Information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, reorganization, bankruptcy, consolidation or asset sale of an asset or transfer in the operation thereof) in relation to our company. In the event of the above, the acquiring company or transferee will assume the rights and obligations as described in this Notice.

15. Cookies And Pixels Notice

Like many other websites, we and some of our partners (third party service providers) may use cookies and pixels when you visit our Website, or when you use our services. Below you can find information on how we use cookies and pixels.

‍

Cookies and pixels

A 'cookie' is a small text file containing small amounts of information which is downloaded to your device when you visit a website or use applications. The cookie enables the server to collect information from the browser. Cookies can be categorized as being either persistent or session cookies. Persistent cookies are saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, so the correct language is presented and to improve our users’ experience of the Website as well as present different marketing messages and advertisements for existing users. Session cookies are used by the server to store information about user page activities so users can easily pick up where they left off on the server's pages.

‍

We may also use pixel-based tracking to track a visit or event on the platform or an app and use it to track advertisements' impressions. This information is also used by us for remarketing purposes and for tracking conversions that are used to optimize our marketing activities. We may share such information (which is non-personal information) with our advertising and marketing partners. Please see specific information about our marketing practices in section 9.

‍

We may use to following cookies:

Essential Cookies: Cookies that are essential to the running of a website. Without the use of cookies, parts of the Website would not function correctly. For example, when logging in to your account a session is created to allow you to browse the site and play games. We do not need to obtain your consent in order to use these cookies;
Analytical Cookies: We use analytical cookies to monitor our Website and app performance and to determine how visitors use the site and our apps. These cookies provide us with information that helps us create better products for our users and to identify areas that may need maintenance. We currently use Google Analytics, a popular web analytics service provided by Google, Inc. Google Analytics uses cookies to help us to analyze how players use our Website. We also use analytical cookies from additional third-party providers;
Functional Cookies: Functional cookies are used to remember your preferences on our Website and apps, enhancing the user experience. This can have a range of functions such as remembering your username or recording that you have read a site message so you don’t need to view it again;
Marketing Cookies: These cookies help us and our partners to show personalized and relevant ads based on your browsing behavior with us, even when you later visit other websites. Cookies in this category are used for targeted marketing and profiling, regardless of which device(s) you have used. Information collected for marketing purposes can also be combined with customer and traffic data but only if you have not refused to use your data for marketing purposes.

‍

We use a number of different cookies on our Website and applications to help us to recognize you, track your activity and improve your use and experience of the Website. In addition, we use a number of third party service providers, who also set cookies on our Website and applications, in order to deliver the services that they are providing to us. Such services include, but are not limited to, helping us to improve your use and experience of our services by tracking your activity on the Website and applications, measuring the effectiveness of the Website and the effectiveness of our marketing campaigns.

‍

We and/or third parties may use cookies to collect or receive information from the Website and applications and use that information to advertise to you on other websites or applications. You can view the cookies used for such purposes on this Website and opt out of the collection and use of your information for such targeted advertising. Please note that not all of the third parties have enabled to set the controls via the use of the referenced website and you may still receive other types of online advertising from participating companies that you opted-out of.

‍

When you visit our Website or applications for the first time, you will be requested to choose which cookies you wish to accept or reject. We can store cookies on the user’s device if they are strictly essential for the operation of this Website or application. We require your consent for all non-essential cookies, which is acquired by ticking the pop-up box upon accessing the Website or application. Insofar as we use cookies in order to analyze the use of the Website or application, to remember your preferences and to be able to target it to your interests and, if necessary, to provide you with interest-based content and advertisements, this is done exclusively on the basis of your voluntary consent. If you refuse cookies you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly. You may revoke any such consent you have given at any time with effect for the future via the use of the consent management platform available on the Website or application.

‍

Some people find the idea of a website or application storing information on their computer or mobile (or other) device intrusive, particularly when this information is stored and used by a third party without them knowing. Although this is generally quite harmless, you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set but you need to be aware that you might lose some functions of that website. Most online browsers automatically accept cookies. However, if you wish to block or delete cookies you can do this through your browser settings.

PUBLIC PRIVACY POLICY