Privacy Policy

This Privacy Policy (“Policy”) describes  the different ways Creoteam Games Ltd (“we”, “us”, “our”, “Company”, “Creoteam“) may collect, use, and share information obtained when you interact with the website https://creoteam.com/ (the “Site”) and social media sites such as Facebook and Twitter, use Creoteam services (the “Services”), including, but not limited to accessing and playing our games like Football, Tactics & Glory, its DLCs (the “Games”), or provide us with information about yourself in other ways. Such treatment may include, but is not limited to, the following:

• collection; 
• recording;
• organization;
• storage;
• structuring;
• adaptation;
• alteration;
• retrieval;
• consultation;
• use;
• disclosure by transmission;
• dissemination or otherwise making available;
• alignment or combination;
• restriction; and
• erasure or destruction.

You can be our visitor or client (collectively “users”): 

• You are a visitor when you merely browse this Site and/or submit your personal data via the Site’s online chat, feedback forms or any other forms;
• You are a client when you accessing and playing Games;

When you submit your personal data via our Site or when you download and play our games, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.

We use the following definitions in this Policy: 

“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed. 

“data processor” means the natural or legal person who processes personal data on behalf of the data controller. 

“data subject” is any living individual who is using our Site and/or Services. 

“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc. 

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

“joint controllers” means two or more controllers jointly determining the purposes and means of processing. 

The definitions of terms used within this Policy are taken from the GDPR in consideration of the definitions established in the CCPA. The pair of definitions “personal data” and “personal information”; “controller” and “business”; “processor” and “service provider”; “data subject” and “consumer” may be used interchangeably unless another meaning is mentioned.

We collect information about you in connection with our Site and Services in two main ways: visitor data (obtained via the Site) and client data (obtained through the Games). In particular, we collect: 

Visitor data:

(a) Contact Information. We can collect some personal data when you submit your personal data via the Site’s form to contact, provide feedback on our Site or Games, or to subscribe to a newsletter to receive the news and updates on our Games. Such data may include name, email address, message, and other information you may provide us via available contact options.

(b) Cookies Information. On our Site, we may use cookies and other tracking technologies for a variety of purposes: for analytics, marketing activities, remembering your preferences, and other purposes. Such use may involve the transmission of information from us to you and from you to a third party website or us. To learn more regarding our use of cookies please see the ‘Use of Cookies’ section of this Policy.

(c) Payment Information. If you make a purchase via Site, you will need to provide certain banking information, so the order can be fulfilled. We may use the email address you provided when you purchased the game to provide you with information regarding your purchase, as well as to offer you the option to subscribe to our newsletter. 

Please note that we use third-party payment processors to collect this information from you and process your payment. Such a third-party payment processor is responsible for all collection, processing, and storage of your financial information and we do not have direct access to or possession of your payment card information or banking information. 

Client data:

(d) Advertising Information. We collect certain information about the client’s device and other in-game activity to serve the contextual advertising to the client and process it only if you have consented to such processing. Such information includes:

• IP address with the lowest 8 bits removed for IPv4 and lowest 32 bits removed for IPv6;
• Limit ad tracking status; 
• The client’s estimated location data estimated by the truncated IP address that includes: country, city; 
• The detected language of the client’s device; 
• Basic device information (desktop/mobile, manufacturer, model, operating system, operating system version, user agent,  limited tracking flag, location type, screen width and height in pixels); 
• Connection type, ISP and carrier name; 
• Randomly generated Anzu user ID per game/app;
• Analytics data (e.g., session start, session end, click).

Please note that if you have not consented to receive contextual advertising, we will still serve ads to you, but without using identifiable information about you, such as your location. In that case, we may collect the following anonymous information to share with advertisers:

• Limit ad tracking status; 
• The detected language of the client’s device; 
• Basic device information (desktop/mobile, manufacturer, model, operating system, operating system version, user agent,  limited tracking flag, location type, screen width and height in pixels); 
• Connection type, ISP and carrier name; 
• Randomly generated Anzu user ID per game/app;
• Analytics data (e.g., session start, session end, click).

We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

We collect and process your personal data in accordance with the provisions of the GDPR. 

GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing we rely only on four of them, namely: 

Article 6.1(a): consent 

We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time. 

Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by sending us an email at info@creoteam.com, or by contacting us in any other way convenient for you. 

Article 6.1(f): legitimate interests 

We process your personal data to prevent any fraudulent actions and to provide you with the desired services. Also, we need some data to enable our Site to run smoothly and give you a pleasant user experience. We use only strictly necessary data under this legal ground. 

Article 6.1(b): performance of a contract 

When you provide a third-party payment processor with the personal data with requested banking information to purchase services; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt. 

Article 6.1(c): legal obligation 

We process your personal data to fulfil the applicable legal obligations arising mainly from the GDPR. In the event of you sending us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.

We use cookies and other tracking technologies on our Site for a number of purposes, including enabling the functionality of the Site, enhancing user experience, understanding the online behaviour of people who interact with our Site, and delivering relevant interest-based advertising to you on third-party websites.

We do not use cookies to directly identify you. We only use cookies for the following purposes: 

Necessary: these cookies and other tracking technologies are essential for your use of the Site and our compliance with applicable data protection laws. We use them for certain purposes, such as checking if the user’s browser supports cookies and determining whether the user has accepted the cookie consent box or not. 

Analytics: these cookies help us to understand how users interact with our website (e.g., page visits and page load speed) by collecting information anonymously to avoid your identification. Their sole purpose is to improve website functions. 

Marketing: these cookies and other tracking technologies are used to deliver relevant online advertising to you on other websites. These cookies are placed by us and selected third parties and enable adverts to be presented to you on third party websites.

We store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law. 

We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.

Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at info@creoteam.com or contacting us via another way convenient for you. 

We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

We may share your personal data as a data controller to joint controllers and data processors in accordance with provisions specified hereafter.

Sharing data with joint controllers (other controllers)

In some cases we may act as a joint controller jointly with other joint controllers, for example, while using Facebook pixel. In respect to this case of personal data processing, we are the party to the Facebook Joint Controllership Addendum. In such a case, a data subject may exercise their rights under the GDPR in respect of and against both other joint controllers and us.

Sharing data with data processors

There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. 

Therefore, we may share and disclose your personal data to other data processors:

• Amazon Pay (Amazon Payments, Inc.): to process payments from the clients and enable clients. You may read its Privacy Policy here;
• PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., Luxembourg): to process payments from the clients. You may read its Privacy Policy here;
• Stripe (Stripe, Inc., USA): to process payments from the clients. You may read its Privacy Policy here;
• Humble Store (Humble Bundle, Inc, USA): to process payments from the clients. You may read its Privacy Policy here;
• Google Analytics (Google LLC, USA): to analyze statistical data on how the visitor uses the Site in order to improve our Site’s functionality. You may read its Privacy Policy here;
• reCaptcha (Google LLC, USA): to distinguish bots and humans for protecting our Site from spam and abuse. You may read its Privacy Policy here;
• Disqus (Disqus, Inc., USA): to allow users to leave comments on the Site. You may read its Privacy Policy here;
• Mailchimp (Intuit Inc., USA): to allow receiving marketing and informational email messages from Creoteam. You may read its Privacy Policy here;
• Anzu (Anzu Virtual Reality Ltd., Israel): You may read its Privacy Policy here.

During our business activities we may engage different specialists which may receive your personal data, including technical, sales and marketing specialists, to provide you with better client service. Also, we may disclose some of your personal data to our outsource legal professionals to make our business accurate and transparent. The abovementioned specialists are collectively referred to as Contractors. 

We may transfer your personal data to countries outside the EU and EEA (the USA, Ukraine, etc.) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Creoteam may adjoin such data processing agreement. If so, Creoteam and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.

For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to another third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.

We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal International Transfer Procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons. 

We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.

You may exercise the following rights by submitting your request at info@creoteam.com.

When we act as a joint controller with regard to particular processing of personal data, you may exercise your rights under the GDPR in respect of and against both advertising platform and us.

Rights under the GDPR

• right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
• right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data.  
• right to erasure (to be “forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws.
• right to restriction of processing means that you may ask us to restrict processing where:

1. your personal data is not correct or outdated;
2. the processing is unlawful.

• right to object to the processing means that you may raise objections on grounds relating to your particular situation;
• right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
• right to withdraw the consent when your personal data processed on a basis of your consent;
• right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data. 

You may submit the complaint to the supervisory authority of your place of residence within the EU or to the data protection authority stated in this Policy.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may contact us to address your inquiries: info@creoteam.com.

Supervisory Authority under GDPR: 

In case of any questions regarding data protection, you can apply to the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities through the link.

Under the California Consumer Privacy Act (the “CCPA”), California residents have certain rights regarding our collection, use, and sharing of their personal information.

We may collect various categories of personal information when you use and/or access our Services and Games. 

In particular, depending on actual circumstances, we may collect the following categories of personal information specified in the CCPA when you use and/or access our Services and Games:

• Category A – Identifiers;
• Category B – Personal information categories listed in the Cal. Civ. Code § 1798.80(e);
• Category D – Commercial information;
• Category F – Internet or other similar network activity;
• Category G – Geolocation data;

You can find a detailed description of the personal information that we may collect from you above in the ‘Use of Your Personal Data’ section of this Policy. Note that in the ‘Data Sharing and Disclosure’ section of this Policy you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA.

If you are a California resident, to the extent provided for by the CCPA and subject to applicable exception, you have the following rights in relation to the personal information we have about you:

• Right to obtain information. You can request information about what personal information has been collected about you and how we have used that personal information during the preceding 12 months. 
• Right of access. You can request a copy of the personal information that we have collected about you during the preceding 12 months. 
• Right to deletion. You can request us to delete the personal information that we have collected from you unless it is necessary for us to maintain your personal information in certain cases under the CCPA, such as protection against malicious, deceptive, fraudulent, or illegal activity. 
• Right to be free from discrimination relating to the exercise of any of your privacy rights.

We do not sell your personal information to third parties for monetary or other valuable considerations. Additionally, we do not offer any financial incentives associated with our collection, sharing, or retention of your personal information. 

We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA. 

You can exercise your rights under the CCPA by sending us an email by any other means of communication convenient for you, including those listed in the ‘How to Contact Us’ section of this Policy. 

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the CCPA. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Generally, our Site and Services are intended for general audiences and are not directed to children under 13. We do not knowingly collect any personal information from children under the age of thirteen without seeking any required parental approval in accordance with applicable legal and regulatory obligations, such as the U.S. Children’s Online Privacy Protection Act (“COPPA”). 

Platforms we use to distribute our Games permit to register an account only from the age of 13 subject to certain exceptions, i.e., higher age of consent to the processing of personal data established by the country or opportunity to create an account with a parental or guardian permission. 

If we become aware that a child has provided us with personal information without a parent’s permission, we will promptly delete this information. If you become aware that a child has provided us with personal information without parental consent, please contact us by email at info@creoteam.com.

This Policy may be changed from time to time due to the implementation of new updates, technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent for the subsequent processing. In any case, we encourage you to regularly review this Policy to check for any changes. 

Such notification may be provided via your email address, announcement published in our Games and/or by other means, consistent with applicable law.

If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR, CCPA, and other applicable laws, you can contact us directly using the following details: 

• Our email: info@creoteam.com