AEG

Privacy Policy

AETHER FORGE LTD.
PRIVACY POLICY

Effective Date: October 28th, 2022

General

This Privacy Policy sets out our commitment to protecting the privacy of your Personal Data as it is defined herein, that is provided to us, or otherwise collected by us, offline or online, including when preparing to provide or providing our platforms to you, including our blockchain-based collectible digital card trading game Aether TCG, our online blockchain-based RPG Gates of Eternity, our other online, downloadable and mobile games and applications, and our websites (hereinafter collectively, the "Services"). In this Privacy Policy "We", "Us" or "Our" means Aether Forge Ltd., a company duly incorporated under the laws of the Republic of the Bahamas under Nº 209202B, address is 2nd Floor, Pineapple Place, Bernard Road P.O. Box N-8339 Nassau, N.P., Bahamas, and all group companies of Aether Forge Ltd.

This Privacy Policy takes into account the requirements of Data Protection (Privacy of Personal Information) Act of 2003 of the Republic of the Bahamas.

"Personal Data"as used in this Privacy Policy has the meaning attributed to in the Data Protection (Privacy of Personal Information) Act of 2003 of the Republic of the Bahamas, that is, data relating to a living individual who can be identified either from the data or from the data in conjunction with other information in the possession of the data controller, and includes anything defined as "Personal Data", "Personal data, "Personally Identifiable Information" or similar terms under applicable law.

In addition to the Republic of the Bahamas laws, individuals located in the European Union (EU) also have rights under the General Data Protection Regulation 2016/679 (the "GDPR"). Under the GDPR individuals located in the EU have extra rights which apply to their Personal Data. Personal Data under the GDPR means information relating to an identified or identifiable natural person (individual). This Privacy Policy sets out the rights we grant to individuals located, inter alia, in the EU.

Our Commitment to legally compliant processing

Your Personal Data will, at all times:

  1. Be processed by us or by our trusted personal data processors, whichever is applicable, lawfully, fairly and in a transparent manner;
  2. Only be collected for the specific purposes we have identified in the "Collection and Use of Personal Data" Section hereof and Personal Data will not be further processed in a manner that is incompatible with the purposes we have identified;
  3. Be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the Personal Data is processed;
  4. Be kept up to date, where it is possible and within our control to do so, and we request you to contact us if you would like us to correct any of your Personal Data;
  5. Be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the Personal Data was collected;
  6. Be processed securely and in a way that protects against unauthorized or unlawful processing and against accidental loss, destruction or damage.

How we collect personal data

We collect Personal Data in a variety of ways, including:

Directly: We collect Personal Data which you directly provide to us, including when you sign up to Aether TCG and / or Gates of Eternity, through the "Contact Us" form on our websites or when you request our assistance via email, our online chat or over the telephone, or when you attend or participate in any of our sessions,functions, events or activities.

Indirectly: We may collect Personal Data which you indirectly provide to us while interacting with us such as when you use any of our websites and/or Services (including Aether TCG and/or Gates of Eternity), in emails, over the telephone and in your online enquiries.

From Third Parties: We collect Personal Data from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the "Cookies" Section below for more detail on the use of cookies.

From Publicly Available Sources of Information: We may also collect Personal Data from publicly available sources, such as information from social media accounts and profiles, where relevant to your interactions with us, or to our business or relationship with you.

Types of collected personal data

The types of Personal Data we may collect about you include:

  1. your name;
  2. your contact details, including email address and name;
  3. your Ethereum (and/or other public blockchain) address and wallet, and public blockchain data such as your nominated public key for a digital asset wallet;
  4. your credit card or payment details (through our third party payment processor);
  5. your preferences and/or opinions;
  6. information you provide to us through customer surveys;
  7. details of products and services we have provided to you and/or that you have enquired about, and our response to you, including any support requests and any bug reports;
  8. where you play Aether TCG or Gates of Eternity - game progression data, such as your game saves and your achievements in the game, and your age;
  9. where you participate in transactions in Aether TCG or Gates of Eternity, your trading data;
  10. your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, your IP address, and demographic information;
  11. your connections with others whose Personal Data we may collect or hold;
  12. information about your access and use of our Services, including through the use of Internet cookies, your communications with our Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  13. additional Personal Data that you provide to us, directly or indirectly, by submitting forms or through your use of our Services and their relevant websites, associated applications, associated social media platforms and/or accounts from which you permit us to collect information;
  14. publicly available information from social media accounts, posts and profiles, where relevant to your interactions with us, or to our business or relationship with you;
  15. device information, such as mobile device type, mobile number, unauthorized third party applications (which allows us to identify whether our users are gaining an unfair advantage or cheating when using our games), and device specifications; and
  16. any other Personal Data requested by us and/or provided by you or a third party.

We may collect these types of Personal Data directly from you or from third parties.

Purposes of collection and use of your personal data

We may collect, hold, use and disclose Personal Data for the following purposes:

  1. to enable you to access and use our Services, associated online resources and applications (such as the Aether TCG website and application and Gates of Eternity website and application) and associated social media platforms, and to personalize and customize your experiences using our Services;
  2. to enable you to perform transactions on and within the Services;
  3. where you are playing Aether TCG or Gates of Eternity, to enable you to communicate with other Services users, including through direct and / or group conversations and by creating a friend list;
  4. to contact and communicate with you about our Services;
  5. for internal record keeping, administrative purposes, invoicing and billing purposes;
  6. to compare information for accuracy and verification purposes, including (where relevant to our Services) verifying your identity based on information you have provided to us;
  7. to carry out appropriate administration in relation to our investors, including communicating with corporate regulators;
  8. for analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms;
  9. to run promotions, competitions and/or offer additional benefits to you, and to measure the effectiveness of those activities;
  10. for advertising and marketing, including to send you promotional information about our group's products and services and information about third parties that we consider may be of interest to you;
  11. if you are a contractor, supplier or service provider to us, to enable us to conduct or administer our relationship with you or your employer, including when you are carrying out activities in connection with our operations or your supply of goods or services to us;
  12. to investigate, review, mitigate risks associated with, and inform you or appropriate authorities of, any data or other security breach involving your Personal Data;
  13. to comply with our legal obligations and resolve any disputes that we may have;
  14. to identify, prevent and respond to fraud and abuse, and otherwise protect our users, our property and our rights;
  15. telephone calls to us may be recorded for training and quality assurance purposes;
  16. if you have applied for employment with us, to consider your employment application;
  17. if otherwise notified to you at the time of collection, or in accordance with any agreement you enter into with us; and
  18. if otherwise required or authorized by law.

We may aggregate Personal Data for reporting, statistical and analysis purposes, and for business, product and service improvement purposes. This allows us to better inform ourselves and anticipate our users' preferences and requirements, and to monitor and improve the effectiveness of our business, products and services. We may also de-identify information for inclusion in such aggregated databases or reports.

Disclosure of your personal data

Where we disclose your Personal Data to third parties referenced herein, or where their or our computer systems including IT servers and website hosts are located overseas, your Personal Data may be stored, transferred or accessed by those parties or by us outside of Republic of the Bahamas, including but not limited to, United States of America, United Kingdom, Singapore, European Union (including Ireland, Germany, Belgium, Greece and Italy), New Zealand, Canada, Indonesia and Brazil. We will only disclose your Personal Data to countries with laws which protect your Personal Data in a way which is substantially similar to the Republic of the Bahamas' Data Protection (Privacy of Personal Information) Act of 2003 and/or the GDPR or we will take such steps as are reasonable in the circumstances to protect your Personal Data in accordance with the Republic of the Bahamas' Data Protection (Privacy of Personal Information) Act of 2003 and/or the GDPR. In certain instances,the countries to which we send data for the purposes listed above may not have the same data protection laws as the country in which you initially provided your Personal Data. If we transfer your Personal Data to third parties in such other countries:

  1. We will perform those transfers in accordance with the requirements of the Data Protection (Privacy of Personal Information) Act of 2003 of the Republic of the Bahamas and the GDPR; and
  2. We will protect the transferred Personal Data in accordance with this Privacy Policy and use best market practices for these purposes.

Treatment of sensitive personal data

"Sensitive Personal Data" is a sub-set of Personal Data that is given a higher level of protection under the Republic of the Bahamas' Data Protection (Privacy of Personal Information) Act of 2003 and the GDPR, which defines it as "Special Categories of Data". Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information and/or biometric information (hereinafter collectively, "Sensitive Personal Data"). Provided you consent, your Sensitive Personal Data may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected. Sensitive Personal Data may also be used or disclosed if required or authorized by law.

Data retension

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means and the applicable legal requirements.In certain circumstances you can ask us to delete your Personal Data. See "Access, Erasure and Data Portability" Section hereof for further information. In certain circumstances we may anonymize your Personal Data, so that it can no longer be associated with you, for analytics, research or statistical purposes. In this case we may use such anonymized Personal Data indefinitely without further notice to you.

Your rights and control of personal data

Your Choice: Please read this Privacy Policy carefully. If you provide Personal Data to us, you understand and expressly agree that we will collect, hold, use and disclose your Personal Data in accordance with this Privacy Policy. You do not have to provide Personal Data to us; however, if you do not provide us with your Personal Data, it may affect our ability to provide our Services to you and/or your use of our Services.

Personal Data Received from Third Parties: If we receive Personal Data about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing Personal Data about somebody else, you represent and warrant that you have such person's express and explicit consent to provide the Personal Data to us.

Anonymity: Where practical, we will give you the option of not identifying yourself or using an alias / a pseudonym in your dealings with us.

Restrict and Unsubscribe: We may communicate with you by phone, email, SMS or push notifications, including for the purposes of informing you about existing and new products and services that may be of interest to you. To object to processing for direct marketing/unsubscribe from our marketing database or opt-out of communications (including marketing communications), please contact us using the details in the "Contacts" Section hereof, or opt-out using the opt-out facilities provided in the communication. You may decline marketing messages sent by push notifications by refusing the relevant permission in your device settings. However, this setting may prevent you from receiving other messages from us via push notification.

Access, Erasure and Data Portability: You may request access to the Personal Data that we hold about you. An administrative fee may be payable for the provision of such information. Please note that in certain situations, if so required or authorized by law, or requested by law enforcement authorities or courts, we may be legally permitted to withhold access to your Personal Data. You may also request that we erase your Personal Data we hold, or that we transfer your Personal Data to a third party upon your request.

Accuracy, Correction and Rectification of Personal Data: If you believe that any information, including but not limited to your Personal Data, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details given in the "Contacts" Section hereof. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, irrelevant, misleading or out of date. Please note, in some situations, we may be legally permitted to not correct your Personal Data.

Objecting to Personal Data Processing: You have the right to object to processing of your Personal Data that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms available to you under applicable laws in order to proceed with the processing of your Personal Data.

Restricting Processing of Personal Data: You have the right to request that we restrict the processing of your Personal Data if:

  1. You are concerned about the accuracy of your Personal Data;
  2. You believe your Personal Data has been unlawfully processed;
  3. You need us to maintain the Personal Data solely for the purpose of a legal claim; or
  4. We are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Complaints: If you wish to make a complaint with respect to your Personal Data, this Privacy Policy, or the collection, use and processing of your Personal Data hereunder, please contact us using the details given in the "Contacts" Section hereof and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. You also have the right to contact the relevant privacy authority. The privacy authority of the Republic of the Bahamas is the Office of the Data Protection Commissioner, the contacts of which are given in the "Contacts" Section hereof.

Storage and security of personal data

We will take reasonable steps to ensure that the Personal Data we collect, process and use is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Data and protect it from misuse, interference, loss and unauthorized access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorized disclosures of information, we cannot assure you that the Personal Data we collect will not be accessed or disclosed in a manner that is inconsistent with this Privacy Policy.

Cookie and web beacon policy

We may use cookies on our online Services and their relevant websites from time to time. "Cookie files" or "cookies" are text files placed in your computer's browser to store your browsing preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognize you when you return to our online Services and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online Services with Personal Data, this information may be linked to the data stored in the cookie and that information could potentially be used to identify you. It may be possible for us to identify you from information collected automatically from your visit(s) to our Services, for example, we will be able to identify you through your user name and password when you log into our Services. Further, if you access our Services via links in an email we have sent you, we will be able to identify you.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our online Services.

We may use "web beacons" on our websites from time to time. Web beacons (also known as "clear GIFs") are small pieces of code placed on a web page to monitor the visitor's behavior and collect data about the visitor's viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

Use of third-party analytical instruments

We may use third-party analytical instruments such as Google Analytics to collect and process data. To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time. If you do not want your visit data relating to you visiting the Services and their relevant websites reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout.

Links to third-party websites

Our Services may contain links to other websites that are operated or are under control of third parties unrelated to us. We do not have any control over those websites and we are not responsible for the protection and privacy of any Personal Data which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy and you expressly and explicitly agree that if you provide any Personal Data on or through these websites you do so at your own risk, and that you must at all times review privacy policies of operators or controllers of such websites.

Amendments

We may, at any time and at our sole discretion, amend and update this Privacy Policy. We will notify you if we amend this Privacy Policy, by contacting you through our Services or the contact details you have provided to Us. Any amended Privacy Policy is effective once we notify you of the change, and the effective date of the newest version of this Privacy Policy in force shall be reflected accordingly on Page 1 hereof.

Contacts

For any questions, notices or requests relating to this Privacy Policy, its consents, your rights hereunder please contact us at:

Aether Forge Ltd.

By post: Aether Forge Ltd., 2nd Floor, Pineapple Place, Bernard Road P.O. Box N-8339 Nassau, N.P., Bahamas