Last updated on 08/03/2021
Previously updated on 01/06/2020
While operating https://mahjongchest.com/ ("Website") and all related services ("Service"), that is provided by Mahjong Chest entity indicated at the bottom of this document ("Mahjong Chest", "we", "us", "our"), we are committed to being fully transparent as regards our privacy practices.
In this document, you will find out:
- what data we process, how and for what purposes we process your personal data;
- when and how we can share your personal data with third parties;
- how long we retain your personal data;
- our protection measures to keep your personal data secure;
- your rights in respect of processing your personal data.
For General use of the Service, please see our Terms and Conditions of Use of MahjongChest.com.
What is personal data?
Personal data (or data) is any information relating to you and that alone or in combination with other pieces of information gives the opportunity to a person that collects and processes such information to identify you as an individual. It can be your name, address, your location data, or information related to your physical, physiological, genetic, mental, economic, cultural or social identity. Personal data also includes such technical information as a Media Access Control address (MAC-addresses), International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), the Identity for Advertisers (IDFA), Internet Protocol address (IP-address), browser and system information. Processing of the personal data means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means and so on.
What data do we collect?
You may use our Services anonymously. In such case, we may collect certain information automatically or through the contract form, if you send us your requests. Otherwise, we also collect the account data and the configuration data which is connected to your authorization on the Service.
Account data. For your better user experience, you may log in through Facebook, Google, Twitter and other OAuth third party providers. When you log in on our Website, basic contact details are collected (depending on your privacy settings in the respective service of the OAuth third party provider): your profile photo, e-mail address and name. Any additional information may be collected only upon your consent and you are informed about such collection when logging in with the use of the respective OAuth third party providers. You may also add your photo in your account.
- Puzzles you have completed;
- Favourite puzzles lists;
- Difficulty and time you’ve spent to complete puzzles;
- Progress for the uncompleted puzzles you’ve played.
- Your name;
- Your email;
- Your message.
We kindly ask you not to provide us with the excessive personal data in your requests.
Automatic collection. We may collect some of your personal data automatically with the help of cookies and other similar technologies. The data collected automatically could include your IP address, the date and time of the latest login, the pages that you visit etc. For more information, please see the “Cookies” section below.
You must be at least the age of majority in your place of residence to use the Website. We do not permit children under 13 years of age (or under 16 years of age for children residing in the EU/EEA) to register and does not knowingly collect any personal information from them. If you are under the age of 13 (or under the age of 16 if you reside in the EU/EEA), please do not use our Website and do not provide us with your consent for data processing. In the event that we learn affirmatively that we have obtained or collected information from or about children under 13 (or, where applicable, 16) years of age, we will use our best efforts to remove such information from our servers. If you are aware of any child under the age these age limits who have use our Website, please contact us by emailing at firstname.lastname@example.org.
Purposes and legal bases for processing
General information on legal basis. The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b) whatever is may be applicable.
If the processing is based on your consent, you may at any time withdraw your consent by simply deleting your personal data by clicking “Delete my Data” (in case of login) or by contacting us at email@example.com.
Account data. We process personal data that is required for the account registration to provide you with our services, including creating and maintaining your account, ensuring that everything works smoothly within your preferred email client, communicating with you at your request and identifying you, enabling the secure login for you in the Mahjong Chest Service. The legal basis for such processing is the performance of the contract.
At your own discretion you may supplement your account information, for instance, you can add your photo to the account. We will process such data only to let you customize your account at your own choice and only on the basis of your consent provided when registering.
Configuration data. We process the data about your progress and difficulties to personalize your experience (the information will help Mahjong Chest better respond to your individual needs). The legal basis for such processing is the performance of the contract.
Data we need to answer your request. We may process your email, name and message on the basis of your consent you provide when filling in the request.
Automatic collection. We use such information either on the basis of your consent, or, in case of necessary cookies – on the basis of our legitimate interest, and to improve our website, as well as to produce and display cookie declarations.
Cookies are small pieces of code that are stored on your device when you use websites or other services. They are installed on your device to enable different useful features, for example, to facilitate navigation on the service.
In some (but not all) cases, cookies are used to collect personal data, such as IP addresses and data linked to the IP address. The usage of such cookies is regulated by the data protection laws, and you as a user obtain more rights to control the collection and processing of these data.
We use the following cookies divided by groups:
These cookies are strongly required for the error-free operation of the Site, as well as for its accessibility. You may decline these cookies by changing your browser settings, but this may affect the functioning of Mahjong Chest. There are several types of necessary cookies:
- Authorization token (we generate unique cryptographically signed token on every request from the browser, we validate this token and associate it with the User’s name, email, current language and favorites). It also stores every game progress and results;
- Anonymous Authorization token (stores only last game progress);
- Current language;
- Cookie settings.
Marketing cookies help us and our partners to fit the adverts and content you see during and after visiting our site to your interests. We use Google Doubleclick for Publishers (Google Adsense) https://policies.google.com/privacy.
These cookies allow us to track your activity on the Mahjong Chest to optimize it for our users. For instance, we may count the number of visitors, measure sessions durations, check the geographical location of the visitors, characteristics of their devices etc. The cookies are set by third-party analytics service Google Analytics https://policies.google.com/privacy. The data collected in such a way is stored in aggregated form, and it does not constitute personally identifiable information.
The cookies consent message is the first message that you were likely to see when you visited our Site. You may choose the types of cookies for the use of which you agree. If you want to change your cookies preferences, you can make it by the link below:The following links might be useful for you to configure the cookies on the Site with the use of the best option of browser and OS for the users of:
If at any time you would like to stop sharing your information, you can delete your data after login by clicking on “Delete my Data” (in case of login) or by contacting us at firstname.lastname@example.org.
See more information on the retention policies in the table below.
|Type of data||When we delete such data and why|
|Account data||As long as you keep your account active and within 30 days after the account deletion to be able to reactivate your account if you change your mind, and to be able to reach you in case of any dispute.|
|Configuration data||As long as you keep your account active and within 30 days after the account deletion to be able to reactivate your account if you change your mind, and to be able to reach you in case of any dispute.|
You cannot require us to change any of the default retention periods, except for the reasons for erasure as it is stated above, but may suggest changes for compliance with specific sector laws and regulations.
Please note that sometimes we may process your data for the period longer than indicated in the sections above. Such processing could be carried only for statistical purposes and subject to the appropriate safeguards in accordance with applicable data protection laws.
What are statistical purposes? Statistical purposes mean any collection and processing of personal data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical result does not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands and improve our Service.
In most cases, we will anonymize your data before starting processing it for the statistical purposes. As a result, such data will be no longer considered personal and its use will be not governed by data protection laws.
Additionally, we may process your data for the compliance with our legal obligations and for the purposes of the legitimate interests pursued by Mahjong Chest or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Website or to protect ourselves, our sub-contractors, partners and affiliates against damages of any king).
If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless additional purpose of processing is compatible with those listed above).
Accessing and sharing your personal data
We do not sell, trade or otherwise transfer to outside parties any personally identifiable information. However, in order to provide high-quality services, to support different features of our Website and ensure its overall functioning, Mahjong Chest hires people, enters into agreements with independent contractors as well as cooperates with other services providers, companies and organizations. For those reasons, some of your personal data can be passed to the mentioned persons.
When we transfer data to the country not recognised by the European Commission as ensuring an adequate level of data protection, we secure such transmission by choosing service providers certified under EU-U.S. Privacy Shield Framework, including standard contractual clauses compliant with the EU data protection laws into our data processing agreements or using alternative safeguards according with the applicable laws.
No transfer of your data will be carried unless appropriate safeguards are in place.
You also have to know that Mahjong Chest may disclose your personal data to enforce and comply with the laws. In other words, Mahjong Chest may disclose information necessary for the investigation or legal process on official request or the official bodies acting within their powers. When governments make a lawful demand for your data from Mahjong Chest, Mahjong Chests trives to limit the disclosure. Mahjong Chest will only release specific data mandated by the relevant legal demand. If compelled to disclose your data, Mahjong Chest will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
California Consumer Privacy Act (CCPA)
CCPA is a law designed to protect the data privacy rights of citizens living in California. Under this law you have important rights, describing below:
How your data is being used
Opt out of having your personal information been used
Find out how your data is been used by third party, which is Google for our project: https://policies.google.com/privacy
You can choose to opt out of having your personal information sold or been used by third-parties and businesses, such as Google Doubleclick or Google Adsense.
By clicking on the button below you will restricts Google to use your personal data. Google will only show you non-personalized ads. Non-personalized ads are based on contextual information, such as the content of our website.
Delete all your personal data
If you authorized on Mahjong Chest, you can delete all you personal data from our servers. All End User Data, Configuration Data and System Generated Data will be erased after account deletion in 29 days.
Your rights as to your personal data
You have the following rights regarding your personal data Mahjong Chest collects and processes:
You have a right to access to your personal data processed by Mahjong Chest and right to data portability
You may at any time obtain confirmation from Mahjong Chest as to whether or not personal data concerning you are being processed. You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Mahjong Chest as files in CSV format. Logical relations between datasets will be preserved in form of unique identifiers.
You have a right to request from Mahjong Chest to rectify your personal data
You can request all the inaccurate personal data concerning you being corrected. You may also request to complete your personal data if you consider that something is missed.
You may without undue delay request the erasure of personal data concerning you, and Mahjong Chest shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if you object to the processing in case the processing is for direct marketing purposes;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation in EU or national law.
You may at any time request us to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling Mahjong Chest to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if Mahjong Chest no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
You have a right to withdraw your consent
You can withdraw your consent for the processing of your personal data at any time by simply contacting us, without affecting the lawfulness of processing based on the consent before its withdrawal. After receiving such a withdrawal request from you, we will process it in a timely manner and will no longer process your personal data unless otherwise is set by law.
You have a right to object to the processing
In some cases, prescribed by the applicable laws you can object to processing of your personal data.
You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms.
If you make a request objecting to processing, we will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing.
How to exercise your rights as to your personal data?
Any requests to exercise your rights can be directed to Mahjong Chest via the contact details provided below. These requests are free of charge. Please note that we may ask you to verify your identity before responding to such requests.
Time for reply and reaction to your request
Mahjong Chest will provide information on action taken on your request related to your rights specified above within one month of receipt of the request for the longest. That period may be extended by two months if Mahjong Chest is overwhelmed by the number of requests or the request at issue is complicated and requires a lot of action. Mahjong Chest will inform you of any such extension within one month of receipt of the request, together with the reasons of such delay.
Where do we store the information?
All data are stored in databases and file repositories hosted in Falkenstein, Germany (Hetzner DC5). All data are automatically replicated in real time to secondary hot failover databases and file repositories Falkenstein, Germany (Hetzner DC5). Databases are continuously backed up to enable restore to any point in time within a retention period. Backups are stored on file storage in Falkenstein, Germany (Hetzner DC7).
No stored data will be transferred, backed up and/or recovered by Mahjong Chest outside of the European Union.
No installation of software is required to use the Service. The login-protected Service is accessible through a standard web browser.
Accountability, security of data and breach notifications
Mahjong Chest will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
We use logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made. You may request a data protection audit performed by an independent third party who is also accepted by Mahjong Chest. You may pay a Fee associated with the request plus applicable taxes as well as any other costs related to the audit as the case may be.
Mahjong Chest processes your data using computers and/or other IT enabled tools. We also take technical and organizational measures to ensure the personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Availability. Mahjong Chest uses distributed system and doing its best to provide the best availability possible, but service is provided as is, and Mahjong Chest is not responsible for any damage which might be caused by interruptions.
Confidentiality. All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties. The personal data can be only accessed through private network over an encrypted connection and only from the limited set of IPs. Also any access by authorized personnel is logged. We do not store personal information outside of the private servers even temporarily.
Transparency. Mahjong Chest will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. Mahjong Chest will also provide the summaries of any independent audits of the Service (if applicable).
Isolation. All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel. Authorized personnel are granted a minimum access on a need-to-have basis.
The ability to intervene. Mahjong Chest enables your rights of access, rectification, erasure, blocking and objection mainly by providing built-in functions for data handling in the Service, and also by informing about and offering you a possibility of objection when Mahjong Chest is planning to implement changes to relevant practices and policies.
Monitoring. Mahjong Chest uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made. System performance and availability is monitored from both internal and external monitoring services.
While taking necessary steps to secure your data, we have no choice than to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violation of your rights as a data subject, we would inform you and the respective data protection agencies as to the accidents.
In the event that your data is compromised, Mahjong Chest will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact on the Service and Mahjong Chest's action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
We will also do our best to minimize any such risks.
FinalLevel OU, Pärnu mnt 158, 11317 Tallinn, the Republic of Estonia
You also may submit inquiries regarding personal data protection, privacy and security matters to email@example.com.
Also you may at any time lodge a complaint with a supervisory authority regarding Mahjong Chest’s collection and processing of your personal data. The Data Protection Inspectorate will continue to act as the supervisory authority in Estonia:
Data Protection Inspectorate, Väike-Ameerika 19, 10129 Tallinn, Estonia, www.aki.ee