Panap Studio Inc. ("We," "Us," or "Our") provides websites, including www.panapstudio.com and its subdomains (collectively, the "Websites"), video games and software, including Mojitsunagi and My Room Planner (collectively, the "Software"), and other online services (collectively, with the Websites and the Software, the "Services").
2) What data do We collect?
3) How do We collect your data?
4) How will We use your data?
5) When may We disclose your data?
6) How do We store and protect your data?
7) Information of children
8) Your consent
10) Cookies and other automatic data collection technologies
11) Additional notice for European Union residents
12) Additional notice for California residents
13) Privacy policies of other websites and applications
15) How to contact Us
16) Contacting the appropriate authorities
We may collect different types of information from you depending on how you use Our Services, including Personal Data. “Personal Data" means information that relates to an identified or identifiable natural person. The categories of Personal Data We may collect are listed below. Certain types of Personal Data may fall under more than one category.
- Identifiers: We may collect your name, username, email address, billing address, shipping address, device information, Internet Protocol address, device identifiers, and other online identifiers, such as a support ticket ID.
- Commercial information: We may collect your payment information and purchase history, including the value and details of your purchases.
- Geolocation data: We may collect your location such as your zip code, city, state, and country.
- Internet or other similar network activity: We may collect information regarding your gameplay such as events completed or actions taken within the Software and your interaction with the Websites, including pages viewed.
- Categories of personal information described in Section 1798.80(e) of the California Customer Records: We may collect your name, billing address, shipping address, payment information, and telephone number.
- Other categories: We may collect information from the content that you share publicly in the Software through public functions or that you send to Us directly when you contact Us or report a problem with the Services. We may also collect information that does not generally identify you but may become associated with your account. We may use information that does not identify you for any permissible business purpose under applicable law.
You directly provide Us with most of the data We collect. For example, We collect data and process data:
- When you create an account for Software, We may collect your username, email address, and Internet Protocol address.
- When you play or use Software, We may collect your username, Internet Protocol address, and gameplay information, such as events completed or actions taken within the Software.
- When you use the public functions in Software, We may collect the information you choose to disclose.
- When you sign up for Our newsletter, We may collect your email address.
- When you contact Us or report a problem with the Services, We may collect your email address and records and copies of your correspondence.
- When you respond to a survey or questionnaire, We may collect the information provided.
We may receive your Personal Data from or through third parties that help Us provide or facilitate your access to the Services. For example, We may receive your Personal Data from e-commerce and merchandising service providers such as Shopify, digital content stores such as Google Play, data analytic partners such as Unity Analytics, and other users of Software (e.g., if a user reports to Us that you are using offensive language in the public functions of a Software or are attempting to hack Software, We may collect the information provided by that user about you and create a report of your actions).
- To provide or improve the Services: We may use your Personal Data to process your requests to access the Services and certain of their features and to generally present and improve the Services. For example, We may use your Personal Data to improve the Software.
- To administer the Services: We may use your Personal Data for any lawful business purpose in connection with administering the Services. For example, if you reach out to Us with a customer service inquiry, We may use your Personal Data to respond to you or to troubleshoot a problem you reported having with the Services.
- To market the Services: We may use your Personal Data to market the Services to you. For example, with your prior consent, We may send you news and updates about Our products and the Services.
- In connection with a sale or other transfer of Our business: In the event all or some of Our assets are sold, assigned, or transferred to or acquired by another company due to a sale, merger, divestiture, restructuring, reorganization, dissolution, financing, bankruptcy, or otherwise, your Personal Data may be among the transferred assets.
- As We may describe to you when collecting your Personal Data: There may be other situations when We collect your Personal Data and simultaneously describe the purpose for that collection.
We may disclose your Personal Data to a third party such as a service provider for a business purpose. When We disclose Personal Data for a business purpose, We enter into a contract with the service provider that describes the purpose and requires the service provider to both keep that Personal Data confidential and not use it for any purpose except performing the contract. These service providers include Our consultants, e-commerce and merchandising service providers, and player support service providers.
We may also disclose your Personal Data:
- To Our subsidiaries and affiliates;
- To Our lawyers, consultants, accountants, business advisors, and similar third parties who owe Us duties of confidentiality;
- To a buyer or other successor in the event of a sale, merger, divestiture, restructuring, reorganization, dissolution, or other transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us pertaining to the users of the Services is among the assets transferred;
- To comply with any court order, law, or legal process, such as responding to a government or regulatory request;
- To enforce any contract We may have in effect with you;
- If We believe disclosure is necessary or appropriate to protect the rights, property, or safety of Us, Our users, or others; and
- If you have consented to such a disclosure.
Security and protection of your data is important to Us. We use physical, technological, and process means to safeguard your information.
We protect your Personal Data through a combination of collection, security, and retention policies:
- Purpose limitation: We will use your Personal Data only for the Services you choose to access and for the purposes for which you choose to share it. We will respect your requests to start or stop processing your Personal Data for marketing purposes, as well as the types of marketing messages you may wish to receive.
- Security measures: We use appropriate measures to ensure a level of security appropriate to the risk involved and have implemented contractual, technical, administrative, and physical security measures designed to protect Personal Data from unauthorized access, disclosure, use, and modification.
In the event of a security breach, We will notify the proper regulatory authorities and any affected users of the breach within 72 hours after We become aware of the breach.
Your practices and activities are likewise very important for the protection of your own Personal Data. You can take certain steps to help protect your Personal Data, such as being mindful of what you share publicly in Software. For example:
- Do not use your real name when selecting a username.
- Do not post your real name in public-facing areas of the Services and do not share anything private about yourself or anyone else.
Please remember that We have no control over what third parties do with the content of your communications and no responsibility or obligation regarding third parties.
Our Services are not designed for Children, and We do not intentionally or knowingly colect, use, store, disclose, or otherwise process any Personal Data from Children. A "Child" is a person under 16 years old. If you are a parent or guardian of a Child who has submitted Personal Data, please contact Us by emailing Us at email@example.com.
Where the legal basis for Us processing your Personal Data is that you have provided your consent, you may withdraw your consent at any time. As part of your withdrawl of consent We will delete all data related to you and your associated email address that you used in creating your account but you will otherwise not suffer any other detriment for withdrawing consent. If you withdraw your consent, this will not make processing which We undertook before you withdrew your consent unlawful.
You can withdraw your consent by contacting Us as detailed in Section 12 below.
We do not currently use your data to send you information about any products and services and We do not share any data We collect with any other organizations or companies.
Cookies are small data file identifiers that are transferred to your computer or mobile web browser that allow Us and third parties to recognize your browser or mobile device and transfer information about you and your use of Our Services.
Cookies and other automatic data collection technologies on the Services may come from third parties. These cookies and other automatic data collection technologies improve your experience by helping Us better tailor Our Services to you.
The following applies to European Union residents pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation):
When transferring Personal Data out of the EU, We implement technical, organizational, and physical safeguards to protect your Personal Data. Please contact Us if you have questions related to the relevant transfer mechanism for your Personal Data.
We only collect, use, or store your Personal Data if:
- You voluntarily provide it to Us with your specific, informed, and unambiguous consent (for example, when you sign up for Our newsletter);
- It is necessary to provide you with a Service that you have requested (for example, providing you access to the Software);
- We have a legitimate business interest that is not outweighed by your privacy rights (for example, to provide customer service); or
- It is necessary to protect your vital interests or the vital interests of others (for example, We may collect or share Personal Data where necessary to resolve an urgent medical situation or protect the health or safety of one of Our users or someone else).
Subject to any limitations and exceptions under applicable law, you have the right to request access to your Personal Data and exercise the following rights:
- You have the right to correct or update certain types of Personal Data. In many cases, you can review or update your account information by accessing your account online.
- You have the right to request deletion of your Personal Data. If you choose to have your Personal Data removed from the Services, We will carry out your request within 30 days of account verification, subject to extension and We will only retain minimal Personal Data to document your request and the actions We took to carry out your request.
- You have the right to restrict certain processing of your Personal Data and the right to object to some types of processing of your Personal Data.
- You have the right to withdraw your consent at any time, including objecting to your Personal Data being used for marketing or advertising purposes.
We will comply with your requests in accordance with, and subject to, applicable law. For example, We are not required to delete your Personal Data if We have an overriding legitimate ground for retaining that information, such as to prevent fraud. Please note that We are legally prohibited from carrying out requested actions in some instances, including (1) when We are unable to confirm your identity, (2) where the request is considered excessive, and (3) where doing so would adversely affect the rights or freedoms of other individuals.
Please email Us at firstname.lastname@example.org with the subject line “GDPR” if you would like to exercise any of the rights described above or if you have questions regarding your rights.
You have the right to lodge a complaint regarding Our collection, storage, or processing of your Personal Data with a data protection supervisory authority in the country where you live or work.
The following applies to California residents pursuant to the California Online Privacy Protection Act:
- We do not track users of Our Services over time and across third party websites or online services and therefore do not respond to Do Not Track signals. We are not aware of any third party that tracks users of Our Services over time and across third party websites or online services.
The following applies to California residents pursuant to the California Shine the Light Law:
- California residents may request information from Us concerning any disclosures of Personal Data We may have made in the prior calendar year to third parties for direct marketing purposes. If you are a California resident and you wish to request information about Our compliance with this law or Our privacy practices, please contact Us at email@example.com.
The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“CCPA”):
- We have disclosed the categories of Personal Data listed in Section 2 above for business purposes to those persons or companies identified in Section 5 above.
- In the preceding 12 months, We may have sold the following categories of Personal Data to Our advertising partners, Google AdMob and Unity Ads: country, device information, Internet Protocol address, device and online identifiers, and information regarding gameplay and purchases made in Software. Currently, We do not sell your Personal Data and do not partner with Google AdMob and Unity Ads. We only disclose Personal Data to Our service providers and those other persons or companies identified in Section 5 above.
- You have the right to request that We disclose certain information to you about Our collection and use of your Personal Data over the past 12 months. Once We receive and confirm your verifiable consumer request, We will disclose to you, to the extent retained by Us:
- The categories of Personal Data We collected about you.
- The categories of sources for the Personal Data We collected about you.
- Our business or commercial purpose for collecting or selling that Personal Data.
- The categories of third parties with whom We share that Personal Data.
- The specific pieces of Personal Data We collected about you (also known as a data portability request).
- If We sold or disclosed your Personal Data for a business purpose, two separate lists disclosing: (1) sales, identifying the Personal Data categories that each category of recipient purchased; and (2) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.
- You have the right to request that We delete any of your Personal Data that We collected from you and retained, subject to certain exceptions. Once We receive and confirm your verifiable consumer request, We will delete (and direct Our service providers to delete) your Personal Data from Our records, unless an exception under CCPA applies. We may deny your deletion request if retaining the information is necessary for Us or Our service providers to:
- Complete the transaction for which We collected the Personal Data, provide the Service that you requested, take actions reasonably anticipated within the context of Our ongoing business relationship with you, or otherwise perform Our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug the Services to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another user to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code Section 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with user expectations based on your relationship with Us.
- Comply with a legal obligation.
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, We will not:
- Deny you the Services.
- Charge you different prices or rates for the Services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of the Services.
- Suggest that you may receive a different price or rate for the Services or a different level or quality of the Services.
To exercise your rights described above, please email Us at firstname.lastname@example.org with the subject line “CCPA.” Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your Child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows Us to reasonably verify you are the person about whom We collected Personal Data or an authorized representative.
- Describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if We cannot verify your identity or authority to make the request and confirm that the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with Us. We will only use Personal Data provided in a verifiable consumer request to verify your identity or authority to make the request.
We endeavor to respond to a verifiable consumer request under CCPA within 45 days of its receipt. If We require more time, We will inform you of the reason and extension period in writing. If you have an account with Us, We will deliver Our written response to that account. If you do not have an account with Us, We will deliver Our written response by mail or electronically, at your option.
Any disclosures We provide will only cover the 12-month period preceding the receipt of verifiable consumer request. The response We provide will also explain the reasons We cannot comply with a request, if applicable.
For data portability requests, We will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.
If you are a law enforcement agency, please email Us at email@example.com with your request for Personal Data with the subject line “Law Enforcement Request.”
Should you wish to report a complaint or if you feel that We have not addressed your concern in a satisfactory manner, you may contact the appropriate regulatory body in your country.
March 12, 2021