TORNO'S PRIVACY POLICY

TORNO'S PRIVACY POLICY


Last Updated: 27th March 2024
Welcome to Torno’s Privacy Policy!

The “Torno” app (“App”) is owned and operated by Torno Solutions Inc., having its office at 16192 Coastal Highway, Lewes, County of Sussex, Delaware,19958, United States (“Torno”, “us”, “we”, “our”). We take your privacy and the security of your information very seriously and therefore request you to kindly read the terms of this Torno Privacy Policy (“Policy”) very carefully. The Policy describes to users (“User” or “Users”, or “you” or “your”) how we collect, use, disclose, transfer, or otherwise process your personal data collected in connection with the App, or products or services which we operate now or develop or create in the future (the “Services”). This Policy is an integral part of the App’s Terms Of Use (“Terms”) accessible here.

Users are requested to read this Policy in conjunction with the Terms. We request you to review the most recent version of the Policy periodically. By using the Services, you agree to the handling of your information in accordance with this Policy. If you provide us with your information (directly or indirectly through our service providers) we will treat your information according to this Policy. If we need to use your personal data for any other purpose, other than as disclosed herein, we will update this Policy or ask for your prior consent, if necessary.

If you do not agree with this Policy in general or any part of it, please do not use our Services. By continuing to use the Services, you acknowledge and expressly agree to our collection, processing, storing, transfer, and use of your information as described in this Policy.

  1. IMPORTANT TERMS
    2.

    1. Personal data as defined under the General Data Protection Regulations (“GDPR”) of the European Union means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    2. Usage data as defined under the General Data Protection Regulations (“GDPR”) of the European Union means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    3. Data controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is, or is to be, processed. For the purpose of this Policy, we are a data controller of your personal data.

    4. Data processors mean any natural or legal person who processes the data on behalf of the data controller. Such data processors usually refer to the service providers engaged by us. We use the services of various data processors in order to process your data more effectively, as more particularly detailed in this Policy.

    5. Data subject is any natural person/individual whose personal data we process.

  2. CHILDREN’S PRIVACY
    3.

    1. Torno respects the privacy of children. Our Services including the App is not intended or directed towards children under the age of 18. Please do not use our Services if you are under the age of 18.

    2. We do not knowingly collect or solicit personal data from children under the age of 18. We are committed to complying with the applicable laws and regulations pertaining to protection of children.

    3. In the event, it has been brought to our knowledge that we have inadvertently collected personal data from a child, we will delete that information as soon as possible. If you believe that we might have any information from or about a child, please contact us as described in the Contact Us section below.

  3. INFORMATION WE COLLECT
    4.

    1. There are two broad categories of information that we collect – information Users provide to us and information we collect, as more particularly detailed below.

    2. Please note that we do not, in any manner, collect any special category data such as racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, data concerning health or data concerning user’s sex life or sexual orientation. If it has been brought to our notice that we have inadvertently collected any such special category data, then please contact us as described in the Contact Us section below and we will as soon as possible, delete such special category data.

    3. Information Users Provide to us:
      • We and our third-party service providers collect information that Users provide when using the Services, including when Users create an account and sign up for Services.
      • To register an account on the Services, Users are asked to provide us with their mobile phone number and a valid referral code.
      • To successfully log into the Services, Users will be required to provide the one-time password (“OTP”) sent to their registered mobile phone numbers, for which we may ask Users to give us the permission to read the OTP sent to their registered mobile phone numbers. The provision of this information is optional, and it is at Users’ discretion to either provide us with the requisite permission to access the OTP for auto-filling on the Services or the Users may choose to key in the OTP on their own.
      • Users shall have the ability to complete their profile with additional information which is optional such as: display name/username, profile picture, and gender and any other information that the Service provides the User to optionally fill out in the “Profile” section of the Services.
      • Please note that certain information from your profile is public and therefore can be accessed by any other User such as your display name/username, profile picture, referral codes and game coins. By including information in your profile, you understand that the information that is public can be used by any person or entity for their own purposes.
      • There is also other information provided that depends on the type of account and the Services availed. For example, (i) Users will be required to provide their email address/mobile number to redeem the gift vouchers offered on the Services if a User collects minimum number of game coins; and/or (ii) payment information such as their bank account details, address, online payment service details and mobile payment service details is collected from Users when the Users redeem the game coins for fiat currency.
      • We and our third-party service providers also collect the information you provide to us when you correspond with us including when you require customer support, submit questions or comments, rate the Services and other content you post using the Services. The information collected through this may include your email address, name, phone number, messages you sent to us and other information you choose to share with us. If you submit any information relating to other people in connection with the Services, you represent that you have the authority to do so and permit us to use the information in accordance with this Policy.
      • We also collect your approximate location when you access our Service and when you authorise our Service, we also collect your precise location.

    4. Information we collect from Users:
      • We and our third-party service providers collect personal data directly from Users of the Services including in the form of the actions they take and activities they complete when using the Services. For example, from all Users, we may collect information about patterns of usage such as number of games played, session duration and number of sessions.

      • We and our third-party service providers also use a variety of technologies, such as application programming interface (“API”), to automatically collect certain technical information from your mobile device over time and across different websites/applications.

      • The information we and/or our third-party service providers collect includes the following
        • Approximate Location Data, including your general geographic location based on your IP address.

        • Gameplay content, including recordings of your gameplay and performance records.

        • User ID, that you are automatically assigned when you register on our Services.

        • Device IDs, such as IDFA and Android ID.

        • Usage Data, including the time you launch the Services, the pages and content viewed, IP address, unique device identifiers, any adverts that you viewed and clicked on, the objects and links you clicked on and interacted with, and scrolling/gesture/tap information.

        • Diagnostics Data, including any crash logs and usage and performance statistics.

        • Tracking Technologies, like most mobile applications, we may use technologies, such as software development kits (SDK) and API as part of Services we deliver to you. We use these technologies to secure and improve our Services, to understand your preferences, collect information about your activity, and device and tailor our Services to your interests. We may also use these technologies to collect information when you interact with Services, we offer through one of our service providers, including advertisers and marketing vendors. You also may be able to reset device identifiers or opt-out from having identifiers collected or processed by using the appropriate setting on your mobile device. Depending on your jurisdiction, we get your permission before we set tracking technologies.


    5. We collect different types of information for various purposes to provide and improve our Services, a detailed description of the same is provided in ANNEXURE-A - Table for Legal Processing Activities, to this Policy.

  4. HOW WE USE YOUR INFORMATION
    5.

    1. Use of your information

      We and/or our third-party service providers may use the personal data collected from you to -

      • allow you to register and create an account on the Services;
      • provide, deliver, monitor, and improve our Services, which requires us to track third-party app installations (conversions) to award game coins, to Users based on their activity on the Services, enable in-app redemption of game points for gift cards and/or redeem game coins for fiat currency in the Users bank account or online payment service account or mobile payment services account;
      • personalise our Services for you by providing you with personalised recommendations of games, features, tournaments, events available on the Services;
      • market our Services on third-party platforms, including mobile applications and websites;
      • offer participation in activities such as contests, tournaments, other digital events, determine winners and rank holders of various tournaments on the leaderboard;
      • process your payments and update your account on the Services to reflect any balance coins, total winnings and game coin history;
      • provide features and functionality of the Services such as in-app messages, push notifications, chat with us feature, and gameplay performance records;
      • to send you service-related communication such as redeem confirmations on the Services, availability of new games, and tournament notifications;
      • to inform and support our marketing and advertising activities, including helping us determine games, products, services and advertisements that may be of interest to you.
      • meet operational and business transaction requirements like billing or invoicing, attribution of game installs, calculating the points won through such attribution, accounting, delivering prizes, promotions, and also calculating game coins won through your active usage and participation on the Services.
      • detect behaviour anomaly, prevent fraud and secure our Services including the App. Additionally, we also use your personal data to monitor and detect fraud and other prohibited conducts or violations of the Terms.
      • update features to better our Services and develop new products, games, tournaments and other offerings and services.
      • create reports and develop insights about our business. We may use aggregated or anonymised data for such purposes.
      • communicate with you about your preferences or address your grievances by providing you with technical and customer support as well as respond to your requests, complaints, or feedback.
      • troubleshoot software bugs, patch errors, and maintain functionality of the Services.
      • help train our machine learning and AI models to provide you with personalized content and user experience as well as for the purposes outlined in this Policy.
      • comply with our legal obligations where we reasonably believe such action is necessary to comply with the applicable laws, reasonable requests of law enforcements, legal and regulatory proceedings, including the defence of legal claims and compliance with corporate reporting obligations.
      • enforce our rights to monitor, investigate, prevent and/or mitigate violations of the Terms, this Policy as well as enforce our agreements with third party service providers and business partners.
      • for any other lawful purpose or other purpose that you expressly consent to.

    2. Legal basis

      The legal basis for processing your personal data as described in this Policy will typically include one or more of the following -

      • To perform our agreement with you and provide our Services to you and also in order to take steps at your request prior to entering into an agreement.
      • To meet our legal obligations and compliance requirements under the applicable laws.
      • For our legitimate interest in, for example, monitoring, promoting and improving Services we provide, providing you with technical and customer support, securing and protecting the Services, ensuring that your use of our Services is in accordance with the Terms and this Policy, analysing personal data and developing new products and services.
      • To protect the vital interest of the Users of the Services, for example, in case of fraudulent activities being undertaken by the Users on the Services.
      • Your consent, when required by applicable laws.

    3. Our legal basis for processing your personal data for specific processing activities is more particularly described in ANNEXURE-A to this Policy.

  5. SHARING OF INFORMATION
    6.

    1. We do not sell your information to third parties without your express prior consent.

    2. We share your information with third parties who help us in delivering and analysing our Services. These third parties are not authorised to retain, share, store or use the information shared by us for any purpose other than to provide the services they have been engaged to provide.

    3. The service providers that we share your information with include:

      • Service Providers: We engage various service providers to help facilitate delivery of the Services, which include those who we engage to give us hosting and storing services, operate our technical infrastructure, which is required to keep the Services operational, assist in helping us provide you with coins, protecting and securing our systems and Services, provide personalised content, to grow our business, for attribution of game installs, for reporting purposes, as well as helping us market the Services. These service providers also include our third-party professional advisors such as auditors, law firms, etc. The service providers that we engage are required by contract to have similar level of privacy protection as we do and are required to follow the same standards as this Policy and as far as practicable or as required by applicable law, we include the Standard Contractual Clauses as required under the GDPR in such service provider contracts.
      • Advertising Platforms and Networks (commonly known as ‘ad networks’): We have partnered up with various ad networks to display advertisements on our Services.
      • Analytics providers: We work with several providers that help us analyse and understand personal data and identify and develop trends, patterns, and insights to optimise and improve the Services and create new products or features. These service providers also help us track App usage and Users’ engagement with the Services including games available on the Services and gameplay to help us provide better games and services to you. These analytics providers also support billing and attribution by providing and analysing Gameplay Data.
      • Payment gateways: We have partnered with various payment gateways who offer payment support. These payment gateways help us in processing payments to be made to you by transferring your game points to your bank account or mobile payment services or online payment services. Certain personal data is transmitted to these payment gateways for the purpose of processing any payments. The transmission of your payment information is automatic, and at no point do we, or any of our agents or employees, have the ability to review, access or retain such payment information. To process any of your customer support queries related to payment processing, and/or to map your User ID to your bank information, we retain certain information such as the last 4 digits of your bank account number in an encrypted format so that we can perform the contract with you. We are also required to retain your email address by some of our online payment service providers. For more information on how your payment information is processed, please see the terms and privacy policies of those payment gateways..
      • Gift Voucher Providers: From time to time, we may partner with various entities or individuals for provision of gift vouchers to the Users against redemption of the game coins won by the Users on the Service. Such partners will process the personal data provided by the Users at the time of such redemption to facilitate the delivery of the gift vouchers to the Users.
      • The service providers and other partners we share your data with, and the processing of such data by such service providers and partners will be in accordance with their terms of use and privacy policies. An indicative list of our service providers and links to their terms of use and privacy policy is more particularly detailed in ANNEXURE-B. If you have any questions regarding the service providers that we share your personal data with or who undertake processing on your personal data, please contact us as described in the “Contact Us” section below.

    4. We may also share your personal data in the following circumstances:

      • Legal obligations, Law Enforcement, Regulators and Other Third Parties for Legal and Security Reasons: We may share your personal data with government bodies and law enforcement or where we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including any contractual obligations of Torno or lawful requests by public authorities to meet national security or law enforcement requirements. If required or permitted to do so under the law, and if deemed necessary or warranted, we may provide notice to Users prior to the disclosure. We may also share your personal data when necessary to protect legal rights, property or safety of Torno, our Users or third parties in order to avoid fraud, hacking, identity theft, manage our risks or comply with applicable laws or legal orders. In these cases, we disclose personal data to comply with legal obligations or to protect the legitimate interests of Torno or affected third parties.
      • Corporate Transactions and Affiliates: We may share your personal data in the event of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, re-organisations, liquidations, similar transactions, or proceedings involving all or a portion of Torno. In these cases, the personal data may be shared with our subsidiaries or affiliates under common control and with counterparties as part of corporate transactions.

    5. We may also disclose aggregated or anonymised information about Users along with information that does not identify any individual or device, except where limited by applicable laws. For example, we may use anonymized session duration data, number of game plays, number of sessions and aggregated information for statistical and machine learning purposes, to provide insights into developing or enhancing Services, for marketing and advertising and for other legally permissible purposes such as testing our IT systems and features.

    6. We may also disclose aggregated or anonymised information about Users along with information that does not identify any individual or device, except where limited by applicable laws. For example, we may use anonymized session duration data, number of game plays, number of sessions and aggregated information for statistical and machine learning purposes, to provide insights into developing or enhancing Services, for marketing and advertising and for other legally permissible purposes such as testing our IT systems and features.

  6. DATA TRANSFER, STORAGE AND RETENTION
    7.

    1. We are based out of Delaware, United States of America (US) and store information collected from you on our or our third-party service providers’ servers located in US (currently being Amazon Web Services and Google Cloud). The information collected through the Services will be stored and processed in the US and any other country in which Torno or its affiliates or service providers operate or maintain facilities or for service efficiency purposes.

    2. In case the information collected is processed or stored in territories that do not have the same data protection laws as your jurisdiction or that may not be as protective as in for example in the European Union (EU) including for service efficiency purposes and/or due to affiliates and third parties being located in such territories, we may transfer your personal data to a third country not being approved by the European Commission as a safe country for such transfer, to which you explicitly consent. Whenever applicable, we will use the Standard Contractual Clauses as required under GDPR to ensure an equivalent level of protection or other lawful grounds for carrying out said transfer.

    3. We retain personal data for as long as required under applicable laws, as long as necessary to provide the Services to you and fulfil the transactions you have requested, to meet the purpose for which the personal data was collected or for other business purposes, to comply with our legal obligations, resolving disputes, and enforcing our agreements. We decide how long we need personal data on a case-by-case basis. We may consider, amongst others, the following factors when making retention decisions:

      • Whether we need to keep some of your personal data to maintain your account on the Services;
      • Whether we are required by law to keep some types of personal data for certain periods of time to comply with our legal obligations. For instance, we retain data pertaining to the game coins won and redemption history for some period of time to allow for matters such as accounting and tax reporting;
      • Whether we need some of your personal data for other business purposes, such as to prevent harm and ensure safety and security of our Services; investigate possible violations of our Terms; or protect ourselves; and
      • Whether we need some of your personal data for our legitimate interest. For instance, it is in our legitimate business interest to help Users access the game coins earned and other features available on the Service, to prevent wrongful exploitation of our reward program and to identify returning Users whether those who were inactive or had stopped using our Services for a certain period of time and to restore their game coins, transaction history, and profile data.

    4. Where we determine that the personal data which is collected is not required to be stored or retained in a manner in which a natural person can be identified using such personal data, we anonymise such personal data before further processing. The details of the information that we collect and subsequently anonymise before further processing is detailed in ANNEXURE-Abelow.

    5. Anonymized information may nonetheless persist internally in our backup, archive files or similar databases, and may still be used anonymized, for our internal support, administrative, and record-keeping purposes including, but not limited to, allowing us to improve the Services and other services we provide through research, evaluation, and analytics as permissible by applicable laws and for other purposes specifically outlined in this Policy.

    6. We may also keep certain information in backup or archive records if required by law or if it is relevant to prevent fraud or future violations of our policies or for legitimate business purposes when permitted by applicable law. All retained data will continue to be subject to our Policy in effect at that time.

    7. Specifically, we may destroy your personal data or store it separately if you do not interact with our Services for 5 (five) years. Please note that if you have not interacted with our Services or do not use our Services for the time period as mentioned above or if you request for deletion of your account, it will also result in expiration/deletion of the game coins which you have won on our Services which have not been redeemed by you. In the event we decide to maintain your information after you are being inactive on our Services or after deletion of your account, we may anonymise such data and ensure that it is in a de-identifiable state, to the best of our ability and available tools. Notwithstanding the foregoing, if game coins are not redeemed by the Users within a period of 1 (one) year from the date of winning such game coins, then such game coins shall stand expired as more particularly detailed in the Terms Of Use.

    8. Please note that any personal data about you stored or retained by a third party is subject to the third party’s terms of use and privacy policy and you must contact them directly to get your data deleted. The third parties that we have engaged for the purposes of delivering and analysing our Services, are listed out in ANNEXURE-B along with the links of their terms of use and privacy policy.

    9. Please note that the principles of data protection under GDPR do not apply to data that is anonymised i.e., information that does not relate to identified or identifiable natural persons or to personal data rendered anonymised in such a manner that a natural person is not or is no longer identifiable.

  7. DATA SECURITY
    8.

    1. We care about the security of your information, and use appropriate physical, technical, and administrative security measures to preserve the integrity and security of your personal data collected by us through the Services. Where personal data is not anonymised, we use industry standard SSL (secure socket layer technology) encryption for personal data in transit. Other security safeguards include, but are not limited to, anonymisation, pseudonymisation, data encryption, firewall, and physical access controls to buildings and files. We also get periodic audits conducted of our security to apply best practices and reasonable industry standards.

    2. Some of the precautions we take to protect personal data includes: (a) limiting employee/consultant access to personal data to only those employees/consultants with a need to such access to fulfil their job responsibilities; (b) requiring employees/consultants to sign confidentiality agreements upon hiring; (c) conducting regular employee/consultant privacy and data security training and education; and (d) protecting personal data with commercially reasonable technical, contractual, administrative, and physical security safeguards.

    3. At registration, we assign a User ID to each account on our Services and use those User IDs to authenticate logins, allow access to the different game levels, tournaments and to monitor compliance. The User ID is also used to authenticate Users when requesting customer and technical support. Access to information is limited to those employees/consultants who require it to perform their job functions.

    4. Although we endeavour to deploy state of the art security measures, tools and practices, we cannot ensure or warrant that any of your information will not be subject to any unlawful disclosure as no data transmission over the internet can be guaranteed to be completely secure. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the internet and wireless networks. If you have reason to believe that your interaction with us is not secure, please contact us as described in the Contact Us section below.

    5. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and notify you and the relevant data authorities that information has been compromised if and as required under the applicable laws or deemed necessary and appropriate under the circumstances. We will also take reasonable steps, in accordance with the applicable laws and regulations.

  8. YOUR RIGHTS
    9.

    1. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data. You can edit certain information with respect to your profile on our Service at any time in accordance with the mechanism provided under the Terms.

    2. In certain circumstances, you have the following data protection rights which can be exercised by you by contacting us at the contact information provided in the Contact Us section below -

      • Access: You have the right to request a copy of the personal data that we process about you. However, there are exceptions to this right, so that access may be denied if, for example, making the information available to you would adversely affect the rights and freedoms of another person or User, or if we are legally prevented from disclosing such information, or if we only store such information about you in an anonymised or aggregated manner where we cannot identify the particular User to whom the data belongs to.
      • Accuracy: We aim to keep your personal data accurate and complete. We encourage you to keep us informed about changes that you would like reflected in our records. You are also able to update, correct or rectify certain inaccurate personal data in accordance with the mechanism provided in the Terms.
      • Objecting: You have the right to object to processing of your personal data. You may ask us to erase or limit the use or other processing of your personal data where we relied on your consent to process your personal data by contacting us via the contact information provided in Contact Us section unless another legal basis for processing and retaining this data exists or applicable law requires us to retain the data.
      • Rectification: You have the right to request the rectification of inaccurate personal data and, taking into account the purposes of the processing, to complete your personal data. You are also able to update, correct or rectify certain inaccurate personal data in accordance with the mechanism provided in the Terms.
      • Data Portability: Provided further legal requirements are fulfilled, you have the right to request that some of your personal data is provided to you, or, where technically feasible, to have your personal data transmitted to another provider should you wish to stop using our Services in favour of another, in a structured, commonly used and machine-readable format.
      • Deletion: You have the right to delete or request that we delete your personal data as far as legal requirements for deletion are fulfilled, such as when your personal data is no longer necessary for the purposes for which it was collected or where we have relied only on your consent to process your personal data.
      • Automated Decision-Making: As far as further legal requirements are fulfilled, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
      • Opt-out of Marketing Communications sent by One Game: You can opt-out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Services.
      • The Right to Withdraw Consent: Where you provided us with your consent and where we relied on your consent to collect and process your personal data, you may withdraw your consent to the collection and processing of personal data at any time by sending a written request to the contact details provided under the Contact Us at section in this Policy. Withdrawing consent may impact your use of whole or part of the Services, such as access to certain Services including games and eligibility for winning and/or redeeming game coins. We may still be able to process the personal data for which you have withdrawn your consent if any other legal basis applies for collection and processing of such data or if required under the applicable laws.

    3. We will handle your request for exercising your data protection rights in accordance with the applicable laws. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions. Please note that we may ask you to verify your identity before responding to such requests. Some of these rights only apply in certain circumstances and in many cases, are limited by law. For example, where fulfilling your request will adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data. We will respond to your requests to exercise these rights as required by applicable law.

    4. You also have the right to complain to the relevant data protection authority about our collection and use of your personal data. However, we invite you to contact us with any concern, as we would be happy to try to resolve it directly. For more information, please contact your local data protection authority in the country in which you reside, or where you think an infringement of data protection laws occurred.

  9. CHANGES IN THE POLICY
    10.

    1. We may periodically update this Policy to reflect the existing practice and to ensure compliance with the applicable laws. We may change or otherwise modify this Policy to reflect changes to our Services or changes to the applicable laws. If we modify this Policy, we will update the “Last Updated” date which can be found at the top of this Policy.

    2. If we make any material changes to the way we collect, use, store and/or share your personal data, we will notify you by prominently posting a notice of the changes on the Services or through push notifications on the Services. We highly recommend that you check this page from time to time to inform yourself of any changes.

    3. By continuing to use the Service after receiving such updates, you agree to comply with, and to be bound by such updated Policy.

  10. California Privacy Rights Act (CPRA)
    11.

    1. This section is tailored to provide additional information for users residing in California and complements our Policy. It is specifically crafted to adhere to the California Consumer Privacy Act (CCPA). Please be aware that certain exemptions may apply to specific types of Personal Information (PI) and services we offer, in accordance with the above laws.
      These laws grant specific rights to the residents of California concerning their Personal Information. This section outlines those rights and offers guidance on how to exercise them. Throughout this section, the terms "you" or "your" exclusively refer to the people residing in the above mentioned states. Per the regulations, we are obligated to disclose the categories of sources from which we collect Personal Information, as well as the third parties with whom we share it, as detailed in the INFORMATION WE COLLECT , How We Use Information , and SHARING OF INFORMATION sections above.
      Only residents or individuals registered with the California Secretary of State, whom you authorize to act on your behalf, are eligible to make verifiable consumer requests related to your Personal Information.
      A verifiable consumer request must:
      • Provide sufficient information for us to reasonably verify that you are the person whose Personal Information we collected or an authorized representative. We will authenticate your request by soliciting information related to your interactions with us. We will not request Personal Information beyond what is necessary for us to provide our services.
      • Clearly describe your request to ensure we understand, evaluate, and address it appropriately.

      If we cannot verify your identity or authority to make the request, or confirm that the Personal Information pertains to you, we are unable to respond to your request or provide Personal Information. However, initiating a verifiable consumer request does not necessitate creating an account with us. Any Personal Information provided in a verifiable consumer request will only be utilized to authenticate the requestor's identity or authority.
      To exercise your rights, you can submit a request to us via email at legal@tornogames.com or by following the instructions below:
      • Right to Access Personal Information: You have the right to receive information about the categories of Personal Information we collected, the sources from which we obtained it, the purposes for which we collected and shared it, the categories of Personal Information shared, and the categories of third parties with whom we shared it in the last 12 months. This right can be exercised through the "My Data" (Insert Link) section of our services.
      • Right to Data Portability: You are entitled to receive a copy of your electronic Personal Information in a readily usable format for transmission to another organization. This right can be exercised twice within a 12-month period through the "Example" (Insert Link) section of our services.
      • Right to Correction: You have the right to request corrections to inaccurate Personal Information that we maintain about you. Additionally, you can manually correct any inaccuracies by accessing your “Profile” section in the app.
      • Right to Deletion: You may request the deletion of the Personal Information we have collected from you. While we will make commercially reasonable efforts to honor your request in compliance with applicable laws, certain information may need to be retained for legitimate business purposes or to comply with the law. Please refer to the "Example" (Insert Link) section of this Policy for instructions on how to exercise your right to deletion.
      • Right to Opt-Out of Certain Sharing with Third Parties: We do not sell your personal information to third parties. However, you have the right to request that we refrain from disclosing your Personal Information to third parties in exchange for monetary or other valuable consideration.

    2. Do not sell or share my personal Information:
      Even though we do not share your information in exchange for compensation, if you are a California resident, you have the right to request us to not disclose your PI to third parties for monetary or other valuable consideration.You can exercise such a right to opt-out by submitting the following form.
      • Information we collect and share: Section 3 of the Privacy policy document details the information that is collected by us.
      • Business and Commercial Purposes for Which We Use PI: We may use or disclose the PI we collect as described in the Section 5 of this privacy policy. We may share your PI by disclosing it to a third party for a business purpose described below. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the PI confidential, and prohibit using the disclosed information for any purpose except performing the contract.
      • Our Retention of PI: We retain PI for as long as necessary to provide the Services and fulfill the transactions you have requested, or for other business purposes, to comply with our legal obligations, resolving disputes, and enforcing our agreements. We decide how long we need PI on a case-by-case basis. Details for the same are mentioned in Section 6 of the privacy policy document.
      • Non-Discrimination: We fully support your privacy rights and will not discriminate against you for exercising any of your CCPA rights.

  11. Colorado Privacy Rights Act (CPA)
    12.

    1. This section applies only to Colorado residents. It describes how we collect, use, and share Personal Data of Colorado residents in our capacity as a business under the Colorado Privacy Rights Act (“CPA“) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data“ has the meaning given in the CPA but does not include information exempted from the scope of the CPA. Please note that we may claim legal exemptions for certain types of Personal Data and certain of our Services from all or certain parts of the CPA.
      As a Colorado resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
      • Access: You may request confirmation whether we are processing your Personal Data and access to such Personal Data by requesting it on the “My data“ Section of our Services.
      • Correction: You can edit and correct your Personal Data at any time by accessing your profile on the “Profile” sections of the Services.
      • Deletion: You may have the right, under certain circumstances, to request that we delete the Personal Data you have provided to us. To know how to exercise your right to deletion, please refer to the section titled: “YOUR RIGHTS“ from this Policy or contact us at the contact information provided in Section Contact Us.
      • Data portability: You may be entitled to receive a copy of your electronic Personal Data in a readily usable format. You can exercise this right by requesting it on the “My data“. Section of our Services.
      • Opt-out of tracking for targeted advertising purposes: If available in your residence or if mandated by law, you may be able to submit requests to opt-out of tracking for targeted advertising purposes by clicking on the following link. (Insert Link). We do not otherwise “sell“ your Personal Data to third parties for monetary consideration.
      • Opt-out of profiling: You have the right to opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects. However, we do not perform this type of profiling.
      • Sensitive Personal Data: We will not process your sensitive Personal Data without your consent.
      • Non-discrimination: You have the right to be free from discrimination related to your exercise of any of your Colorado privacy rights.

    2. Authentication: In order to protect your Personal Data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect that your account has been accessed without your authorization, we may ask you to provide additional Personal Data for verification. If we are subsequently unable to confirm your identity, we may refuse your rights request.

  12. Connecticut Data Privacy Act (CDPA):
    13.

    1. This section applies only to Colorado residents. It describes how we collect, use, and share Personal Data of Colorado residents in our capacity as a business under the Colorado Privacy Rights Act (“CPA“) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data“ has the meaning given in the CPA but does not include information exempted from the scope of the CPA. Please note that we may claim legal exemptions for certain types of Personal Data and certain of our Services from all or certain parts of the CPA.
      As a Colorado resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
      • Access: You may request confirmation whether we are processing your Personal Data and access to such Personal Data by requesting it on the “My data“ Section of our Services.
      • Correction: You can edit and correct your Personal Data at any time by accessing your profile on the “Profile” sections of the Services.
      • Deletion: You may have the right, under certain circumstances, to request that we delete the Personal Data you have provided to us. To know how to exercise your right to deletion, please refer to the section titled: “YOUR RIGHTS“ from this Policy or contact us at the contact information provided in Section Contact Us.
      • Data portability: You may be entitled to receive a copy of your electronic Personal Data in a readily usable format. You can exercise this right by requesting it on the “My data“. Section of our Services.
      • Opt-out of tracking for targeted advertising purposes: If available in your residence or if mandated by law, you may be able to submit requests to opt-out of tracking for targeted advertising purposes by clicking on the following link. (Insert Link). We do not otherwise “sell“ your Personal Data to third parties for monetary consideration.
      • Opt-out of profiling: You have the right to opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects. However, we do not perform this type of profiling.
      • Sensitive Personal Data: We will not process your sensitive Personal Data without your consent.
      • Non-discrimination: You have the right to be free from discrimination related to your exercise of any of your Colorado privacy rights.

    2. Authentication: In order to protect your Personal Data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect that your account has been accessed without your authorization, we may ask you to provide additional Personal Data for verification. If we are subsequently unable to confirm your identity, we may refuse your rights request.

  13. Virginia Consumer Data Protection Act (VCDPA):
    14.

    1. This section applies only to Colorado residents. It describes how we collect, use, and share Personal Data of Colorado residents in our capacity as a business under the Colorado Privacy Rights Act (“CPA“) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data“ has the meaning given in the CPA but does not include information exempted from the scope of the CPA. Please note that we may claim legal exemptions for certain types of Personal Data and certain of our Services from all or certain parts of the CPA.
      As a Colorado resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
      • Access: You may request confirmation whether we are processing your Personal Data and access to such Personal Data by requesting it on the “My data“ Section of our Services.
      • Correction: You can edit and correct your Personal Data at any time by accessing your profile on the “Profile” sections of the Services.
      • Deletion: You may have the right, under certain circumstances, to request that we delete the Personal Data you have provided to us. To know how to exercise your right to deletion, please refer to the section titled: “YOUR RIGHTS“ from this Policy or contact us at the contact information provided in Section Contact Us.
      • Data portability: You may be entitled to receive a copy of your electronic Personal Data in a readily usable format. You can exercise this right by requesting it on the “My data“. Section of our Services.
      • Opt-out of tracking for targeted advertising purposes: If available in your residence or if mandated by law, you may be able to submit requests to opt-out of tracking for targeted advertising purposes by clicking on the following link. (Insert Link). We do not otherwise “sell“ your Personal Data to third parties for monetary consideration.
      • Opt-out of profiling: You have the right to opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects. However, we do not perform this type of profiling.
      • Sensitive Personal Data: We will not process your sensitive Personal Data without your consent.
      • Non-discrimination: You have the right to be free from discrimination related to your exercise of any of your Colorado privacy rights.

    2. Authentication: In order to protect your Personal Data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect that your account has been accessed without your authorization, we may ask you to provide additional Personal Data for verification. If we are subsequently unable to confirm your identity, we may refuse your rights request.

  14. CONTACT US

    1. If you have any questions that do not relate to this Policy or data privacy, then please write to our customer support team at support@tornogames.com so that our customer support team can address your concerns. If you have any legal queries, please write to our legal team at legal@tornogames.com.

    2. To exercise applicable data protection rights or have any questions or comment about this Policy and our privacy practices to the extent you may enjoy any data subject rights as per the privacy laws applicable to you, please reach out to our data protection officer at DPO@tornogames.com.