GDPR Compliance

About GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It gives you control over your personal data and strengthens data protection for individuals.

At CraftyGem Studio, we are committed to protecting your privacy and complying with GDPR requirements. This page explains how we handle your data and your rights as an EU resident using our Trivia Battles application.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

How to Exercise Your Rights

If you wish to exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month.

When making a request, please:

• Clearly state which right you wish to exercise
• Provide sufficient information to verify your identity
• Specify the data or processing activities you are concerned about

What Data We Collect

We collect and process the following types of personal data:

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: You have given us clear consent to process your personal data for a specific purpose
• Contract: Processing is necessary for the performance of a contract with you
• Legal Obligation: Processing is necessary for compliance with a legal obligation
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, unless your rights override those interests

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• As long as you maintain an active account with us
• As required by law or for legal proceedings
• To resolve disputes or enforce our agreements

When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including Israel and the United States. We ensure that:

• We use services that comply with GDPR standards
• Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
• Your data receives an adequate level of protection

Third-Party Processors

We use the following third-party service providers who may process your data:

• Firebase/Google Cloud Platform: Cloud hosting and backend services
• Analytics Providers: App analytics and performance monitoring
• Payment Processors: In-app purchase processing

All third-party processors are required to maintain GDPR compliance and protect your data.

How We Protect Your Data

We implement appropriate technical and organizational measures to ensure data security:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication systems
• Employee training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you without undue delay.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR.

You can find your local supervisory authority at: European Data Protection Board - Members

Contact Our Data Protection Officer

If you have questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer:

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Last Updated" date at the top of this page.