Who we are
AppyNation Ltd is a UK-based company (Reg No. 7760616) and is a publisher and developer of entertainment software. We operate the website – www.puzzling.com
Our correspondence address is:
APPYNATION LIMITED, River Studio Old Milverton Lane, Blackdown, Leamington Spa, England, CV32 6RW
Privacy overview
This our Privacy Policy and tells you what data we collect, why we collect and what we do with it. Our privacy and data protection policy has always met the conditions of the Data Protection Act (1998) and also complies with the recommended ways to handle data enshrined in the 2018 General Data Protection Regulation (GDPR). We will not hold sensitive information about you or transfer information about you to third parties without your permission, and you may request at any time a copy of all the information we hold about you. We reserve the right, under GDPR, to charge a fee for any request that is manifestly unfounded, excessive or repetitive. For details of how to obtain this information, see below under ‘Access to personal information’.
Lawful basis
The new regulations require that we have a Lawful Basis for collecting, processing and storing your data. In our case this is:
1. Consent. You have given us clear consent to process your personal data for a specific purpose – in this case the purchase and use of our software and/or for us to keep you appraised of new products and offers from AppyNation.
2. Contract. By purchasing from us and our supply of a product, we have entered into a contract. For example, we handle personal data on this basis to create your account and provide our Services.
3. Legal obligation. The processing is necessary for us to comply with the law (not including contractual obligations). For example, we need to know a customer’s country of residence in order to comply with VAT regulations.
The process
If you want to receive information from us by email you must choose to subscribe to our email newsletter via our website to give us the authority to do so. You can unsubscribe from this service at any time by following the unsubscribe link in our emails.
We have never sent any marketing material by post and we don’t do any form of telephone marketing.
Please note that this website may contain links to sites operated by other people or companies. If you follow a link to an external website, our security and privacy policies will no longer apply. We encourage you to read the privacy statements on the other websites you visit.
We use Facebook, Twitter, YouTube and other similar services to provide you with a way to ‘follow’ us and get information such as offers and new releases. As these services are provided on external third-party websites, any links to or from them, and their usage and policies are fully the responsibility of those third-party websites.
We have taken all reasonable steps to ensure that our website is secure and that all sensitive information transmitted through it is sent securely and held confidentially. Any third parties or agents that we may use to process this sensitive information on our behalf have also taken all reasonable security steps. The only exceptions to the above are where we may take appropriate and reasonable steps in the prevention of criminal and fraudulent activity.
The data we collect and keep
When you purchase or download a product from AppyNation, the transaction is handled by the relevant third party app store. The store will collect the minimum amount of data necessary to complete the transaction. This is your Title (which may or may not indicate your gender), name, address, email address, IP address and telephone number. This information is used by payment providers (such as PayPal) to verify your payment details.
The payment systems we use are all PCI DSS (Payment Card Industry Data Security Standard) compliant and, where they are based outside the European Union, they are obliged to confirm that they also comply with GDPR.
When our app store partners have collected the data outlined above, it is stored securely and encrypted using industry-standard systems. We have no access to your password or credit card or other payment details. When you select a payment option your payment details are collected directly by our payment providers and so our servers never see or store any of your payment information. Instead, we receive a single-use token from our payment provider to process the charge on your card that results in us receiving either an authorisation code or a failure message.
Cookies, analytical services and social media
Our website uses Internet technology to track the patterns of behaviour of visitors to our site. This can include using a ‘cookie’, which is a small piece of information sent by a Web server to a Web browser. It enables the server to collect information back from the browser. We use cookies for a number of reasons, such as keeping track of your purchases and basket contents so as you can move between pages; those are created by our website and contain no identifiable information, either financial or personal. If you disable cookies, you may find that our website will not function correctly and you will not be able to purchase products from our website. You can find details of how to disable cookies in your web browser’s help section.
We work with a number of trusted third parties, all of which may use cookies, web beacons and other internet technologies (collectively ‘cookies’) as part of their service, including:
Google Analytics; this is a statistical and analytics service used widely across the web by a large number of sites. The service allows us to see aggregate information on statistics such as how many visitors we are getting to the website, where in the world they are located (based on Google’s understanding of where your internet connection may be – we cannot see exact location details), what pages are most visited, referring sites, and other reporting information that helps us analyse the usage of our website and services. You can opt out of Google Analytics (on all websites, not just ours) by using their currently available opt out options.
Google Adwords; offers us the ability to place advertising on relevant search results and other third party websites to advertise our products and services to internet users. We utilise a Remarketing feature which sets a random unique identifier when you browse pages on our website – this allows us to create remarketing audiences which we can then target or exclude users from seeing our advertising, which can appear on third party websites/ad services based on your previous visits. This helps us to ensure we’re advertising to people who are interested in our products and services. You can opt out of Google’s use of cookies (on all websites, not just ours) by visiting Google’s Ads Settings.
Facebook; provides us with a conversion tracking and remarketing pixel, which sets a random unique identifier cookie so we can know the effectiveness our usage of Facebook and to allow us to advertise to users on Facebook based on their previous visits to our website via means of the advertising features in Facebook. We can also use this custom audience information to exclude visitors from our advertising in order to reach new users who have not previously visited our site in a recent period of time. You can find instructions on how to opt out of targeted advertising via Facebook (on all websites, not just ours) on the www.aboutads.info/choices website.
Twitter; provides us with a conversion tracking and remarketing pixel, which sets a random unique identifier cookie so we can know the effectiveness our usage of Twitter and to allow us to advertise to users on Twitter based on their previous visits to our website via means of the remarketing feature in Twitter. We can also use this custom audience information to exclude visitors from our advertising in order to reach new users who have not previously visited our site in a recent period of time. You can find instructions on how to opt out of Twitter’s collection of remarketing data (on all websites, not just ours) here: https://support.twitter.com/articles/20170405
All of these services allow us to continue providing our products and services to you in an efficient manner. We are unable to get any personally identifiable information from these services, and the only way we can get such information is if you supply it to us.
Contacting you
We will never contact you unless we have received your express consent to do so. This has always been our policy at AppyNation. If we send you an e-mail it will be because:
1) You signed up to the ‘Sign Up For Our Newsletter’ option on the front page of our site.
2) We are contacting you regarding a purchase you have made – to provide you with a receipt, for example or details about an update or change to the product you’ve bought. This is usually called a ‘transactional email’.
3) You have contacted us to request technical support, which, by definition, implies that you are consenting to us replying.
We have never had any automatic ‘opt in’ functions. If we contact you, it is because you have given us your permission.
You can unsubscribe at any time by following the link at the bottom of every email newsletter we send.
We use a third party provider, YMLP, to deliver our e-newsletters and email about new products or sales promotions. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see YMLP’s Privacy Policy here: https://www.ymlp.com/privacy_policy.html
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Customer support
When we receive a support request (or ‘ticket’) from a customer, we make up a file containing the details of the query. This normally contains the customer’s account number and/or order number.
We will only use the personal information we collect to process the query and to check on the level of service we provide.
We will keep personal information contained in support for three years from closure of the ‘ticket’. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Access to personal information
Individuals can find out if we hold any personal information on them by making a ‘subject access request’. In most cases, the information we hold is, as outlined above, your name, email address, and order history where relevant to resolve customer service enquiries. This follows the GDPR recommendation that if we hold information about you we should:
Give you a description of it;
Say why we are holding it and who it could be disclosed to;
Give you access to a copy of the information.
The only exception to the above would be for employees and ex-employees of AppyNation Ltd who can make a ‘subject access request’ to the address below.
Please check back frequently to see any updates or changes to our privacy policy.
If you have any questions regarding our privacy or security policies, we will be glad to answer your questions. Please write to us at the following address:
Data Protection, APPYNATION LIMITED, River Studio Old Milverton Lane, Blackdown, Leamington Spa, England, CV32 6RW
Your Rights
If you are based in the EEA, Switzerland or are a legal resident of California in the U.S., you have certain rights in relation to your Information. For Californian residents, please refer to Addendum 1 – California Privacy Rights. For Brazilian residents, please refer to Addendum 2 – Brazil Privacy Rights. For EEA and Switzerland based, you will find more information below on when which rights can apply.
To exercise your rights, please follow the procedure set out below, contact us via the Contact Support option with one of our apps, or email us at dataprotection@puzzling.com.
Access. You have the right to access Information, and to receive an explanation of how we use it and who we share it with. This right is not absolute. For example, we cannot reveal trade secrets, or give you Information about other individuals.
Erasure. You have the right to request deletion of your Information. We may need to retain some of your Information where there are valid grounds for us to do so under data protection laws. For example, for the defence of legal claims, respect freedom of expression, or where we have an overriding legitimate interest to do so, but we will let you know when this is the case.
Note that where the Information is held by a third party data controller, such as an advertising partner or a payment processor, we will use reasonable steps to inform them of your request, but we recommend you contact them directly in accordance with their own privacy policies to ensure your personal data is erased.
Objection and withdrawal of consent. You have the right to (i) withdraw your consent where you previously provided such consent; or (ii) object to our processing of your Information where we process such Information on the basis of our legitimate interests (see above under How we use your personal information). You may exercise this right as follows:
To stop receiving personalized advertising: for Mobile Games, please withdraw your consent in the in-app Settings.
To stop receiving marketing emails: please follow the unsubscribe mechanism at the bottom of each email communication.
To stop receiving push notifications: please change your device or browser settings.
Portability. You have the right to receive a copy of Information we process on the basis of consent or contract in a structured, commonly used and machine-readable format, or to request that such Information is transferred to a third party.
Correction. You have the right to correct any Information held about you that is inaccurate.
Restriction. You have a right in certain circumstances to stop us processing Information other than for storage purposes.
Contact and Complaints
We welcome questions, comments and requests regarding this Policy. These should be addressed to dataprotection@puzzling.com. You can also send a letter to Data Protection, APPYNATION LIMITED, River Studio Old Milverton Lane, Blackdown, Leamington Spa, England, CV32 6RW.
If you wish to make a complaint about how we process your Information, please contact us at dataprotection@puzzling.com and we will endeavour to deal with your complaint as soon as possible. This is without prejudice to your right to launch a claim with a data protection authority.
Changes
Any updates or changes to this Policy will be published here. If there are any significant changes, we will notify you through the website and in-game.
Please ensure that you have read and understand our Terms of Use
A complete list of our advertising partners is provided here: Marketing Partners
Last updated October 2021
ADDENDUM 1 – CALIFORNIA PRIVACY RIGHTS
The terms of this Addendum apply to residents of California under the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”). For the purposes of this addendum, Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. Personal Information does not include information that is: lawfully made available from government records, deidentified or aggregated, or otherwise excluded from the scope of the CCPA.
Collection and Disclosure of Personal Information
Over the past 12 months, through your use of the Games, we may have collected and disclosed the following categories of Personal Information from or about you:
Identifiers, including name, email address, IP address, device identifiers and advertising ID. This information is collected directly from you or your device. If you have registered through a third party account (Apple, Facebook, or Google), we may have also collected from those third party services your third party ID, name, and avatar.
Internet or other electronic network activity information, including your use of in-game features and events and information on your in-game activity, and information on your interactions with advertising shown in on our Games. This information is collected from our selected third party analytics providers and advertising partners.
Geolocation data, including city level location data. This information is collected directly from you or your device and from third party services when you register through them.
Commercial information, including records of products or services purchased, obtained, or considered, your Apple ID number for Apple and your postcode and state for Google. This information is collected directly from you or your device, and from our payment processors.
In the preceding twelve months, we have collected Personal Information from the following categories of sources:
You/Your Devices directly.
Advertising Networks and other advertising partners.
Analytics Providers.
Social Networks, to the extent this applies to you and within the limits of your permission.
We collect personal information for the following purposes:
To operate and administer the Games;
To improve the Games;
To communicate with you;
To serve advertising;
For security and verification purposes, including to prevent and detect fraudulent activity;
To address and remediate technical issues and bugs.
We may disclose personal information to the following types of entities:
Other players and users who will see your profile information and in-game activities, as well as any other information you choose to share with them, such as chat data;
Our affiliate companies within our corporate group who process personal information in order to operate the Games;
Marketing and advertising partners who use your information to serve you ads in the Games and on other sites;
Other companies that provide services on our behalf who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing the services to us;
Regulators, judicial authorities and law enforcement agencies;
Entities that acquire all or substantially all of our business.
SALES OF PERSONAL INFORMATION / NOTICE OF RIGHT TO OPT-OUT
Over the past 12 months, we have used third party advertising and other tracking technologies on our Games to collect information about you, your device(s), and your use of our Games. We share that information with selected third parties such as advertising partners who use it to target advertisements to you online.
You can opt-out and exercise control over the use of these technologies at any time by adjusting the in-app settings.
Rights under the CCPA
The CCPA provides California residents with certain legal rights; these rights are not absolute and are subject to certain exemptions. If you are a California resident, and the CCPA does not recognize an exemption that applies to you or your personal information, you have the right to:
submit a verifiable request for the following information covering the 12 months preceding your request:
the categories of Personal Information about you that we collected, sold, or disclosed;
the categories of sources from which the Personal Information was collected;
the purpose for collecting or selling Personal Information about you;
the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
the specific pieces of Personal Information we collected about you;
Submit a verifiable request that we delete Personal Information we collected from you; and
Be free from unlawful discrimination for exercising your rights, including providing a different level or quality of services or deny goods or services to you when you exercise your rights under the CCPA, subject to certain limitations.
We aim to fulfill all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.
How to Exercise Your Rights
To exercise your rights, please follow the procedure set out below, contact us via the Contact Support option with one of our apps, or email us at dataprotection@puzzling.com .
If you wish to opt-out or update your preferences, you may do so by adjusting the in-app settings.
Verification
Requests for access to or deletion of Personal Information, whether submitted by you directly or via an authorized agent, are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations. To verify your access or deletion request, please be prepared to provide us with identifying information (such as your User ID, Game name etc.) that and we can match against our records in order to confirm you are the rightful account holder.
Authorizing an Agent
To authorize an agent to make a request to know or delete or opt out on your behalf, please email us at dataprotection@puzzling.com.
Shine the Light
We do not rent, sell, or share Personal Information with nonaffiliated companies for their direct marketing uses as contemplated by California’s “Shine the Light” law (Civil Code § 1798.83), unless we have your permission.
Do Not Track
There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.
ADDENDUM 2 – BRAZIL PRIVACY RIGHTS
The terms of this Addendum apply to residents of Brazil under the Lei Geral de Proteção de Dados (Lei nº 13.709, de 14 de agosto de 2018) and its implementing regulations, as amended or superseded from time to time (“LGPD”). For the purposes of this Addendum 2, Personal Information has the meaning as defined in the LGPD.
Categories of Personal Information collected and processed
To find out what categories of your Personal Information are collected and processed, see “The data we collect and keep” in the main portion of the Privacy Policy.
How we use your Personal Information
To find out how we process and use your Personal Information, including on what grounds, see “The data we collect and keep” in the main portion of the Privacy Policy.
Your rights under the LGPD
The LGPD provides residents of Brazil with certain legal rights; these rights are not absolute and are subject to exemptions. In particular, you have the right to:
Ask whether we hold personal information about you and request copies of such personal information and information about how it is processed.
Request that personal information be corrected.
Restrict the processing of your personal information that is not being processed in compliance with the LGPD.
Obtain information on the possibility of refusing consent and the consequences of doing so.
Obtain information about the third parties with whom we share your personal information.
Obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in Art. 16 of the LGPD apply.
Revoke your consent at any time.
Oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law.
How to exercise your rights
To exercise your rights, please follow the procedure set out below, contact us via the Contact Support option with one of our apps, or email us at dataprotection@puzzling.com .