DATA SECURITY

Dear customer,This Data Security explains what personal data we will collect from you, how we process, use, store and protect such personal data, and whether we will disclose your personal data to anyone else. If you have any comments, questions or complaints regarding the processing of your personal data, please contact us. Our contact information is as follows: E-mail: support@sundaycreative.io

1.How We Protect Your Personal data

1.1.Data security management system

We have implemented data security management system that meets industry-standard, including organizational processes and technical solutions, to protect your personal data against unauthorized access, modification, copy, or deletion. For example, our network communication is encrypted and protected by HTTPS protocol. We have set up firewalls, WAF (web application firewall) and anti-DDOS flow cleaning devices at network boundary to detect and defend against web attacks. We have encryption mechanism and strict access control to protect data in database. Besides, we have implemented collaborative security defense system at both network and terminal level to protect the information system and the computing environment.

In addition to the technical solutions, we also implemented information security management system, which is based on ISO27001, to set up policy, process and procedures which regulate employees’ daily information processing activities, such as access, modify, editing, storage, share, transfer and deletion. This system ensures that only authorized personnel can access the protected data, and can be used only in the authorized way. And we also provide training and arrange awareness raising activities about data security and privacy protection, so as to enhance employees' awareness regarding the importance of personal data protection.

1.2.Data security capabilities

For the security of your personal data, we adopt leading security technologies and continuously update our data security capabilities. To be specific, our data security capabilities include but are not limited to application layer encryption, network layer encryption, database encryption, network access monitoring, database access monitoring, host behavior monitoring, terminal behavior monitoring and tracking, and other technologies.

1.3.Personal data protection suggestions

Even with our data security capabilities, the internet is still not an absolutely secure environment. We strongly recommend that you shall at least take the following steps to enhance the security of your account:

  1. Avoiding sending personal data in an unencrypted way;
  2. Avoid giving your cell phone device to others who are not trusted.

1.4.Response to data security incidents

We have implemented reasonable technical and organizational measures to safeguard your personal data. If unfortunately, any personal data breach or similar security incident happens, we will promptly take responses to control and mitigate the influence of the incident. According to mandatory requirements in applicable laws and regulations, we will timely inform you as needed and share with you the following information:

  1. The nature and possible impact of the incident;
  2. The name and contact details of the data protection officer or other contact point where more information can be obtained;
  3. The measures taken or proposed to be taken by us to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects;
  4. The suggested actions you can take to eliminate or reduce risks; and the remedial measures for you, where appropriate. We will promptly inform you of the incident by mail, telephone, push notification, etc. When it is difficult to inform the affected data subjects one by one, we will take a reasonable and effective way to publish the announcement.

Besides, in the case of any security incident, we will actively and timely, where feasible, notify the incident to the competent supervisory authority according to requirements in applicable laws and regulations.

2.Global Data Storage and International Transfer

If you are located outside USA, we will not transfer your personal data to our IDC until receipt of your explicit consent. In the meanwhile, we will implement all necessary and reasonable security measures before transferring data to our IDC, and you can refer to section 4. How we protect your personal data for details.

You are clearly aware of the above-mentioned cross-border transfer of personal data, understand the risks that may exist, and fully agree that we may transfer and store your personal data according to the Privacy Policy.

In case you want to withdraw your consent and stop us from transferring your personal data to our IDC, you can refer to section 7. How you can manage your personal data to submit a request.

3.How You Can Manage Your Personal data

You have certain rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances (as set out in more detail below). We must respond to a request by you to exercise those rights without undue delay and at least within 1 months (though this may be extended by a further 2 months in certain circumstances).

Please understand further information may be required to verify your identity when exercising your rights. You can refer the complaint to the relevant regulatory authority in your jurisdiction. For more information on how you can manage your personal data, you can reach out for us, and we will provide you with information on the applicable complaint route according to your actual situation.

3.1.Erasure data

Since the personal data we collect and store is necessary to deliver our Services, we will not delete them except in the following circumstances that you can ask us to delete your account and personal data. You can also exercise your right to restrict our processing of your personal data (as described below) whilst we consider your request. But please note, this may limit your access to our Services:

  1. Where our processing of the personal data violates laws and regulations;
  2. Where we collect and use your personal data without your consent;
  3. Where our processing of personal data breaches the agreement with you;
  4. Where your account is terminated and personal data deletion request is submitted.

When you delete the data from our Services, we may not immediately delete the corresponding data from the backup system, but will delete the data when the backup is updated within reasonable period. If there is any other personal data you believe we process that you would like us to erase, please contact us and complete the request form.

3.2.Restriction of Processing to Storage Only

You can require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances by visiting “Support” in our Games to submit your request or sending e-mail to support@sundaycreative.io. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection laws for us to do so (e.g., for the defense of legal claims or for another’s protection). As above, where we agree to stop processing the personal data, we will try to tell any third party to whom we have disclosed the relevant personal data so that they can stop processing it too.

3.3.Portability

You have the right to receive a copy of certain personal data we process about you. You can visit “Support” in our Games to submit your request, or send e-mail to support@sundaycreative.io. This comprises any personal data we process on the basis of your consent,pursuant to our contract with you, or to fulfill our legal obligations under the applicable laws, as described in the section “How We Use Your Personal Data”. You have the right to receive this information in a structured, commonly used and machine-readable format. You also have the right to request that we transfer that personal data to another party.

If you wish for us to transfer such personal data to a third party, please ensure you detail that party in your request. Note that we can only do so where it is technically feasible. Please note that we may not be able to provide you with personal data if providing it would interfere with another’s rights (e.g., where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).

4.Children Personal data Protection

We will not knowingly collect or store personal data from children under 16. If legal guardian believe that we have unintentionally collected their children’s personal data or otherwise used their children’s personal data for unauthorized purpose, please reach out to us immediately and we will delete relevant data as soon as possible.

If you are located in certain areas, in order to comply with the relevant laws, regulations and policies and the requirements of competent authorities, we will make a judgment on whether the real name information of an account belongs to a child based on the real-name ID information we collect through real-name verification. If such information indicates the user is under the age stipulated by the applicable laws and deemed as child under such laws, we will not collect further personal data from the child until a parent/guardian’s verifiable consent is obtained.

We urge children’s legal guardian to instruct children not to give out their real names, addresses, or other personal data without legal guardian’s permission during online service. We also recommend that legal guardians familiarize themselves with parental controls available.

5.Contact Us

For any inquiries or concerns of our services, you can send e-mail to: support@sundaycreative.io, we will respond to you within 15 working days.