Privacy Policy

Last Updated: May 10, 2023

Code Dish GmbH develops and publishes games for web, mobile devices and other platforms on which players can use our Services. This Privacy Policy (this “Policy”) describes the ways Code Dish GmbH (“Code Dish,” “us”, “our” or “we”) collects, stores, uses, discloses or otherwise processes personal information of our users (“users” or “you”) in connection with their use of our products or services, including our product offerings such as our website available at https://codedish.co/ and Code Dish game(s) provided on a mobile platform or any other Code Dish product or service that posts or links to this Policy (each a “Service,” collectively, the “Services”). Additionally, this Policy describes the rights and choices concerning your information that may apply to you.

If you have questions regarding this Policy or our collection and use of personal information, please contact us as described in the Section “Contact Us”.

1. THE INFORMATION WE COLLECT

The categories of personal information we collect depend on the Services you use, and the requirements of applicable law.

Information you provide us directly.

When you use our Services, you may give us personal information directly (for example, details you register with us when setting up your account), and we will store that personal information on our systems and process it for the purposes described in this Privacy Policy.

Depending on the Service, the personal information we collect will be relevant to providing that Service and include some or all of the following:

Contact information (such as name and email address or phone numbers)
Player name or tag and password
Profile information (such as profile photo)
User messages and other content you submit when you use the Service (such as chat logs)
Information you provide in connection with surveys, promotions, sweepstakes, competitions and other events
If you purchase in-game virtual currency or items in a Code Dish game, our third-party payment processor will collect the billing and financial information it needs to process your charges.

Information we collect automatically.

Information about your account and game progress, including in most cases an automatically created internal account ID
Your IP address and mobile device identifiers (such as your device or advertising ID)
Information about your device, such as device name and operating system, browser type and language, internet service provider, and mobile carrier
Information we collect with cookies and similar technologies (see more below)
Approximate location information (as derived from IP address)
Information about your use of the Service, such as gameplay information, purchases made and your interactions with other players inside the Service

Information we collect from our partners.

We also use third-party partners, such as social networking sites, data analytics providers and advertising networks to supplement information we have about you, such as:

Informationwe receive if you link a third-party tool with the Service (such as Facebook)
Non-identifiable demographic information(such as to determine the coarse location of your IP address)
Informationto combat fraud (such as refund abuse in games or click fraud in advertising)
Informationfrom platforms that the games run on or information from payment service providers (such as payment verification information)
Informationfor advertising and analytics purposes (such as surveys), so we can provide you a better Service
Anonymized informationthat you have made available to us from a third party service (such as Facebook) via your privacy settings

If you access our Services from a third-party platform or connect our Services to a third-party account, you should also read that platform’s terms of service and privacy policy.

If you are unclear about what information a third-party platform is sharing with us, please go to that platform to find out more about their privacy practices and any options available to you regarding such sharing.

2. WHY DO WE COLLECT YOUR INFORMATION

We use information collected through our Service for purposes described in this Policy or disclosed to you in connection with our Service. For example, we may use your information for:

Service Delivery

Create your Service accounts and allow access to our Services;
Identify and suggest connections with other Code Dish users;
Operate our Services;
Improve our Services;
Understand you and your preferences to enhance your experience and enjoyment using our Services;
Respond to your comments and questions and provide customer service;
Provide and deliver products and services you request;
Send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
Conduct and administer surveys, user research projects, competitions and promotional events that you participate in;
Prevent fraud or potentially illegal activities, and enforce our Terms of Use;
Enable you to communicate with other users; and
Fulfill any other purpose for which you provide anonymized personal information.

Marketing and Advertising

Deliver and target advertising and marketing and promotional information to you; and
Communicate with you (including via email and push notifications) about promotions, contests, rewards, upcoming events, and other news about products and services offered by us and our selected partnerswith your consent.

Research and Development

Create aggregate or anonymous information derived from the personal information we handle, which we may use and disclose for research, development and other lawful business purposes;
Link or combine personal information with other information we get from third parties in an anonymized manner to help understand your preferences and provide you better services; and
Analyze anonymized information to choose to provide to us in connection with Code Dish surveys and user research projects to gain insights into how users engage with our Services, to improve our Services, to consider developing new products or services, and other lawful purposes.

Compliance and Protection

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety or property (including by investigating, bringing, making or defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements or our internal policies;
Enforce the terms and conditions that govern the Services; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theftin a manner consistent with applicable laws and regulations.

3. SHARING OF YOUR INFORMATION

We may share information we collect for the following purposes:

Service Providers. With service providers that perform services on our behalf or enhance our Services, including hosting services, customer service, analytics services and to assist us in our marketing efforts in compliance with applicable data protection laws.

Flurry: https://www.verizonmedia.com/policies/us/en/verizonmedia/.privacy/index.html
AppsFlyer: https://www.appsflyer.com/privacy-policy/
Firebase: https://policies.google.com/privacy

Payment Processors. With third-party payment processors that process payments you make while adhering to necessary security and privacy standards;

Advertising Partners. Advertisers, ad exchanges and other ad technology companies that require the information to select and serve our relevant advertisements to you and others, and assist us in our marketing efforts. Those partners usually collect information via their own tools (Software Development Kits or “SDK”). You will find a list of our partners implementing advertising SDKs through our applications and the privacy policies of their services that describe their practices and allow you to exercise your rights directly toward them hereafter provided that they comply with applicable data protection regulations:

Facebook: https://www.facebook.com/policy.php
Google: https://policies.google.com/privacy
AppLovin: https://www.applovin.com/privacy/
Unity: https://unity.com/legal/privacy-policy
Verve: https://verve.com/product-privacy-policies/
Inmobi: https://www.inmobi.com/privacy-policy
Smaato: https://www.smaato.com/privacy/
Pangle: https://www.pangleglobal.com/privacy
Liftoff: https://liftoff.io/privacy-policy/
Digital Turbine: https://www.digitalturbine.com/privacy-policy/
ironSource: https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
TikTok: https://www.tiktok.com/legal/page/us/privacy-policy/en
Amazon Publisher Services: https://aps.amazon.com/aps/privacy-policy/

The privacy policies of our partners may include additional terms and disclosures regarding their information collection and use practices. We encourage you to review those privacy policies to learn more about their information collection and use practices.

Affiliates. With our parent company, subsidiaries and other affiliates in accordance with applicable data protection laws;

Professional Advisors. With professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us while respecting confidentiality obligations;

Authorities and others. With law enforcement and public authorities, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above and in compliance with applicable laws and regulations;

Business Transferees. With acquirers and other relevant participants (and their advisors) in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Studio or our affiliates (including, in connection with a bankruptcy or similar proceedings) subject to appropriate confidentiality agreements and legal safeguards;

Your specified recipients. We may disclose personal information about an individual to certain other third parties or publicly with their consent or direction in compliance with applicable data protection laws.

4. SECURITY OF YOUR INFORMATION

We implement reasonable and appropriate technical and organizational measures to protect the security of your personal information against accidental or unlawful destruction, loss, change or damage in accordance with industry standards and applicable data protection laws.

However, no security system is impenetrable, and we cannot guarantee the security of your personal information. Any transmission is at your own risk.

5. DATA RETENTION

We retain your personal information for as long as needed to provide you Services, unless we are required by law to delete or if we accept your request to delete the information pursuant to applicable law. We will also retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements in compliance with relevant data retention regulations.

When we no longer require your personal information, we will look to delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will apply security measures to your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

6. CHILDREN’S PRIVACY

In compliance with applicable data protection laws, Our Services are not marketed to, or intended for, children. For these purposes, we use the term “children” to refer to someone who is: (a) under 13 years old or, if older, (b) between 13 and 18 years old but under the age at which they can give valid consent to processing of their personal information under applicable data privacy laws. Code Dish strives to follow the different minimum age guidelines set by the laws of individual regions when determining the age that children can access certain features of our Services.

Children are not permitted to use these Services, and we do not knowingly collect any personal information from children. Though our Services are not intended for children as the primary audience, we may collect age information before allowing a user to proceed for certain Services. For users who identify themselves as children in our age-gate on such Services, if we allow children to use the Services, we will either provide a version of that Service that does not collect, use, or disclose “personal information” (as defined in the Children’s Online Privacy Protection Act (“COPPA”)), except as permitted by COPPA or other privacy laws (where applicable), or obtain legally valid parental consent in accordance with relevant regulations.

If we learn that we have inadvertently gathered personal information about a child that is not subject to an exemption under COPPA or another applicable privacy law, we will take measures to promptly remove that information from our records and take necessary steps to prevent such occurrences in the future.

7. YOUR RIGHTS

Your privacy rights are explained below. These rights apply to information about you, and their scope and applicability can vary across different regions. For example, they could extend to your household or a legal entity or could be exercised by a legal representative on your behalf. We will comply with applicable privacy laws, including any required response times.

Subject to certain exemptions, you have the right to:

Request a copy of your personal information (known as ‘accessing your data’).
Delete your information. When you ask us to delete your personal information please remember that there may be lawful limitations on this right. For example, we will keep certain payment records or customer service records where we need to, including for legal or accounting purposes. We’ll also keep information in order to exercise, protect, defend, or establish our rights or the rights of third parties.
Correct or update your personal information where it is inaccurate. To review and update personal information associated with your Code Dish player profile in certain games, visit the “settings” page in that game.
Opt-out of marketing communications we send you by following the instructions in “Opting Out of Promotional Communications from Code Dish” below.
Where applicable, withdraw your consent at any time directly in the Service or by contacting us. Withdrawing your consent will not affect the processing already undertaken before your withdrawal. Also, it will not affect processing of your personal information under other lawful grounds.
Object to processing of your personal information, ask us to restrict processing of your personal information or Request portability of your personal information.
Ask that you are not subject to automated decision-making that has a legal effect or any other significant effect on you.
Complain to a data protection authority.

For California residents, please also review section 8 below for additional rights.

Managing Personal Information We Receive From Third-Party Applications / Platforms And From Your Mobile Device

You can manage the information we receive from third-party applications or platforms and from your mobile device as follows:

To manage the personal information we receive about you from a third-party application or platform where you play our games, like Facebook, Apple, Google, or Amazon, you can update your privacy settings through the third-party application or platform’s “settings” menu.
For your mobile device, visit the “settings” page or web browser to review the access permissions of each of our Services.

Once we receive your information from a third-party application or platform or from your mobile device, that information is processed by us in accordance with this Privacy Policy.

Opting Out of Promotional Communications from Code Dish

Opting Out of Third-Party Behavioral Advertising

8. SPECIFIC PROVISIONS FOR CALIFORNIA CONSUMERS

These additional provisions for California consumers apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”) provide additional rights to know, access, correct, delete, and opt out, and requires “businesses” collecting or disclosing personal information to provide notice and a means to exercise those rights.

Your California Privacy Rights. California residents have the rights listed below under the CCPA. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law in compliance with the law.

You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties to whom we disclose Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
You can request a copy of the Personal Information that we have collected about you during the past 12 months.
You can request that we correct any information on your account that is not accurate, complete, or updated by providing us with the necessary information to correct it.
You can ask us to delete the Personal Information that we have collected from you, subject to applicable legal limitations.
Opt-out of sales. You can opt-out of any sale of your Personal Informationto the extent applicable under the law.
You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.

Right to Opt Out of Information Sales

We do not “sell” information about our users as most people would commonly understand that term. However, consistent with common practice among companies that operate online, we do “share” information in the sense that we allow certain third-party advertising networks and other third-party businesses to collect and disclose your personal information directly from your browser or device through cookies or tracking technologies when you visit or interact with our websites, use our apps or otherwise engage with us, in compliance with applicable laws and regulations.

How to Exercise Your Rights

To exercise your right to know, right to access, right to correct, right to delete, right to opt out of information sales, or any other right you may have under applicable law, please submit a request by emailing support@codedish.co or by writing to us at the physical address in the “Contacts” section below, with the subject line “California Rights Request” and specifying which right(s) you would like to exercise (for example, your right to delete). We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems, in compliance with applicable laws. In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorized agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us, as required by applicable laws.

We aim to respond to a consumer request within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing, in compliance with applicable laws.

9. INTERNATIONAL DATA TRANSFERS

Our Service is global by nature and your data can therefore be transferred to anywhere in the world. Because different countries may have different data protection laws than your own country, we take steps to ensure adequate safeguards are in place to protect your data as explained in this Privacy Policy. Adequate safeguards that we may use include standard contractual clauses approved by EU Commission and other lawful safeguards, in compliance with applicable laws.

Some of the partners and processors referred to in this policy are located outside of the European Union.

In such case, we ensure that:

the personal data is transferred to countries recognized as offering an equivalent level of protection or,
For personal data transferred outside of countries recognized by the European Commission as having a sufficient level of protection, any of the mechanisms offering appropriate guarantees is used, for which provision is made by applicable regulations, and notably the adoption of the standard contractual clauses of the European Commission, in compliance with applicable laws.

10. CHANGES TO THIS POLICY

We may update this Policy to reflect changes to our data and information privacy practices. We encourage you to periodically check www.codedish.co and this Privacy Policy for updates. Your continued use of the Service after the effective date will be subject to the new Privacy Policy, provided that such changes comply with applicable laws and regulations.

11. CONTACT US

If you have any questions or concerns about our Privacy Policy, including the exercise of any rights as permitted under applicable laws, please contact us at support@codedish.co.