Last updated: May 27, 2020

Privacy Policy

Background
  1. 1. We are Bright Star Studios ApS, company registration number: DK39822075 having its registered address at Filmbyen 19, 8000, Aarhus Denmark (“us”, “we”, “our”). We have developed the game Ember Sword “the Game”.
  2. 2. This document contains a policy statement regarding our processing of personal data as described below and helps you to understand which personal data we collect, why we collect it, and how we use it.
Personal data we collect from you
  1. 1. Personal data is data that may – indirect or direct – refer to you, such as an address, gender, name, email address etc.
  2. 2. Our Game does not require or support the registration of user data or your personal data.
    1. 1. If you write to our support at [email protected] we will process the information you have sent us such as e-mail address and your name. Processing is necessary for the purposes of our legitimate interests to support you with any questions or concerns you may have.
    2. 2. In Discord we have access to a list where we can see the username and a profile picture of the users who are following us. We have a legitimate interest to see our followers and to communicate with them. You can read the privacy policy here: https://discord.com/privacy
  3. 3. If you have given us your consent to send you our newsletter, we will process your name and e-mail address. You can at any time unsubscribe from the newsletter service which you have subscribed to either via the link at the bottom of the newsletter or by writing to us at [email protected].
  4. 4. When you place an order with us, we use your personal data (name, e-mail address and address) to handle your order and payment, including communicating with you about your order. The processing is necessary for the performance of our contract with you to fulfil the transaction. The processing is also necessary for compliance with a legal obligation to which we are subject in the form of the Danish Bookkeeping Act. We may share your personal data if necessary to comply with such a purpose and there is a legitimate basis for doing so. We use external payment services, which will process personal data about you, such as your payment information.
  5. 5. In addition, we may share your personal data if we are obliged to transfer/share your personal data to/with public and legal authorities.
Non-personal data we collect automatically
  1. 1. Non-personally identifiable data is every kind of data except for personal data. Under this Privacy Policy non-personally identifiable data includes device, OS, instore (where we can see once you have installed the Game), playtime (where we can see your start- and stop time of the Game), crash messages, and your deletion of the Game (“Usage Information”). We may collect the Usage Information automatically.
  2. 2. We only use this Usage Information to analyze our users’ preferences and technical background, so that we can improve our Game permanently and it enables us to make our Game appealing to as many users as possible. We do not use the information in a manner that would identify any single user.
  3. 3. Despite the fact that we have developed the Game, all user registration and the processing of personal data thereof takes place through the third parties in the table below (the “Platforms”):
  4. 4. You understand and agree that the relevant privacy policies and terms and conditions of these Platforms shall apply in respect of any personal data you have provided the Platforms.
Children Under the Age of 18
  1. 1. We will not knowingly collect personally identifiable personal data from any person under the age of 18. We encourage parents to instruct their children never to give out personal data when online. Parents who are concerned about the transfer of personal data from their children may contact us using the contact information below.
Transfer of personal data
  1. 1. Besides otherwise described in this policy, we may disclose personal data and information that we collect or that you provide to trusted third-party providers (data processors). We only use data processors that can give your information an adequate level of data protection.
  2. 2. In some cases, we may also transfer personal data to organizations in so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply:
    1. 1. The EU Commission has decided that there is an adequate level of protection in the country in question, or
    2. 2. Other appropriate safeguards have been taken, for example the use of the standard contractual clauses (EU model-clauses) approved by the EU Commission or the data processor has valid Binding Corporate Rules (BCR) in place, or
    3. 3. That there are exceptions in special situations, such as to fulfill a contract with you or your consent to the specific transfer.
Security
  1. 1. We have established and will maintain adequate organizational and technical measures in order for your personal data not to be accidentally or illegally deleted, deteriorated or lost, disclosed to unauthorized third parties or in any other way misused or used contrary to the data protection legislation.
  2. 2. We have adopted reasonable technical, administrative and physical security measures to help protect against unauthorized access, use or disclosure of the information we collect or store. The information is accessible only to trusted employees.
  3. 3. In the event of a security breach where we estimate that there is a high risk that your personal data may be misused, we will, without undue delay, notify you of such security breach. We will also inform you about what we have done to minimize the risk of misuse of your personal data.
Erasure of your personal data
  1. 1. We will erase your personal data when we no longer need it for the required purposes or to comply with specific legislative requirements.
  2. 2. Your consent for signing up to our newsletter will be retained for as long as we send you newsletters and up to two years after the last e-mail send.
  3. 3. If you have placed an order with us, your personal data will be deleted no later than five years after the end of the financial year in which your last transaction was made, unless we are obliged to a longer retention period to comply with legal requirements.
  4. 4. If you have communicated with us by e-mail, we will delete the information 30 days after, unless we are obliged to a longer retention period to comply with legal requirements.
Changes to Privacy Policy
  1. 1. This Privacy Policy may be amended from time to time. We will notify you of any changes to our Privacy Policy in the Game.
Your rights
  1. 1. According to the General Data Protection Regulation you with certain circumstances have the right to:
    1. 1. Access the personal data about you that we process and collect.
    2. 2. Ask for rectification of incorrect or inaccurate data concerning you, or to have incomplete personal data completed.
    3. 3. Ask that your personal data be erased.
    4. 4. Ask for the restriction of the processing of your personal data.
Ask for data portability of your personal data
  1. 1. Object to the processing of your personal data for marketing purposes.
  2. 2. The right to withdraw your consent. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Questions or concerns
  1. 1. You are free to email us directly at [email protected] with any questions or suggestions. We will do our best to reply to your questions and resolve your concerns.
  2. 2. If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html