Privacy Policy
This document explains how RANDM.GAMES LTD (“RANDM.GAMES”, “we”, “our” or “us”) deals with personal information when people use our mobile games and related software (referred to in this Policy as “our applications” or “our products”).
RANDM.GAMES LTD acts as the Data Controller for the personal data processed under this Policy, as we determine the purposes and means of that processing in accordance with the GDPR and other applicable laws.
Our products are available free of charge, and some features may be purchased within the game. To keep everything running smoothly, develop new functionality and ensure a consistent user experience, we may handle certain data linked to the use of our products. This may include processing for performance monitoring, feature improvements and other operational needs on our side. We may amend this Policy from time to time. When that happens, we update the “Last updated” date above. If the revisions are significant or if the law requires it, we will provide a separate notice or request your confirmation before the changes take effect.
Information We Collect Automatically
When you use our applications, certain data is gathered without requiring you to submit it directly. This may include technical details, gameplay activity and device-related identifiers. In particular, we may process the following categories of information:
Access and activity data: We register events related to how our products are used. This can include your IP address, the time and date of access, the functions or screens you interact with, and the hardware or operating system involved.
Device characteristics: We may record information about the device used to run our applications, such as the model and manufacturer, operating system version, system language, and configured time zone.
Unique device references: To support features like analytics, advertising or user account functionality, we may rely on identifiers associated with your device or platform account. Examples include IDFA, Google Advertising ID, Google Device ID, Game Center identifiers, or Google Play account identifiers.
Gameplay and interaction data: Progress within the game, levels completed, achievements, scores, and how you engage with in-game features or other players may be collected and processed.
Purchase and consumption details: We may record what types of items you obtain in the game, whether through virtual currencies or real-money transactions, as well as the receipt and use of virtual goods.
Information Obtained from External Sources
If you choose to access our products through an account provided by a third-party platform (for example, Facebook, Apple Game Center or Google Sign-In), we may receive certain details from that service. This can include your display name, basic profile data, and friends or contacts lists, but only to the extent permitted under that platform’s authorization settings and subject to any consent you have granted there. For information on how those third parties handle personal data, you should refer to their respective privacy documentation:
Facebook: https://www.facebook.com/about/privacy/
Apple Game Center: https://www.apple.com/legal/internet-services/itunes/gamecenter/
Google Play Games: https://policies.google.com/privacy
By connecting through a third-party service, you confirm that:
Your use of that login method in connection with our products complies with the relevant terms and policies of that platform; and
You meet the minimum age requirements established by the platform and by applicable law in your jurisdiction.
How We Use the Information and Legal Grounds
We handle different categories of data for specific purposes, and each type of processing is based on an appropriate legal basis under the GDPR.
1. Log data, device data, usage information, consumption details and device identifiers These types of information may be processed in order to:
make the features, services and content you request available and provide you with related information where this has been requested or agreed;
ensure the proper functioning, stability and availability of our applications and overall gameplay experience;
deliver technical messages such as product updates, service alerts, maintenance notices and customer support communication.
Legal basis: This processing is required to fulfill our obligations under a contract with you, including operating the application, delivering requested features and ensuring updates and maintenance. (GDPR Article 6(1)(b))
Additionally, this data may be used:
to share announcements and information about our products that we believe may be relevant to you;
to adapt and refine the user experience, including the presentation of custom content;
to review user behavior, track patterns and understand how the product is accessed and used.
Legal basis: We rely on our legitimate interest in improving user engagement, optimizing our services and offering relevant content. (GDPR Article 6(1)(f))
In cases where you have permitted us to use your advertising identifier, we may also:
provide that identifier to advertising partners so they can display personalized ads within our products.
Legal basis: The act of showing you personalized content is based on our legitimate interest (GDPR Article 6(1)(f)), while the sharing of your advertising identifier with third parties for behavioral advertising relies on your prior consent. (GDPR Article 6(1)(a))
2. Information obtained from external sources If we receive personal data from third-party platforms, we may process it to:
ensure delivery of the services and features you have requested and send you relevant information.
Legal basis: This is necessary for fulfilling a contract with you, such as enabling core functionality tied to those external platforms. (GDPR Article 6(1)(b))
We may also use such information in order to:
combine it with data we already hold to gain a better understanding of user needs and enhance overall service quality;
send relevant updates or information about our applications that we believe may interest you.
Legal basis: This processing is supported by our legitimate interests in improving service quality and offering relevant communications. (GDPR Article 6(1)(f))
We only process personal data to the extent needed to carry out the purposes for which it was originally collected.
Data Retention
We do not keep personal data longer than necessary for the purposes described in this Privacy Policy. The exact retention period depends on how and why the data is used. In general, we store information only:
while you actively use our products,
for a reasonable period afterward to maintain functionality, comply with legal obligations, prevent fraud, resolve disputes or enforce our rights.
If the data is no longer required for operational, legal, security or accounting reasons, it is either deleted or irreversibly anonymized. Where applicable law requires a specific timeframe (e.g., tax or bookkeeping rules), we will retain data only for that period. We do not rely on a fixed three-year rule. Instead, retention is determined by the nature of the information, the purposes of processing and the relevant legal requirements.
Data Sharing and Disclosure
We may share personal data with third parties under the legal bases established by applicable data protection laws, including GDPR Articles 6(1)(b), 6(1)(c), 6(1)(f) and, when applicable, Article 6(1)(a). Where relevant under U.S. law (e.g., CCPA), such sharing may also qualify as a “sale” or “sharing” of personal information, subject to opt-out rights. We may disclose information to the following categories of recipients:
Social platforms and connected services: If you use features involving third-party accounts (e.g., leaderboards, friends, logins), certain data may be shared with those platforms in line with your settings and consents.
Legal, regulatory and transactional purposes: We may disclose information:
to comply with a court order, applicable law or regulatory request,
in connection with due diligence or negotiations relating to a merger, acquisition, financing or transfer of assets,
to protect our rights, enforce agreements or investigate potential misconduct.
Authorities and enforcement bodies: If we reasonably believe that user actions violate our terms, policy or legal requirements, or pose risk to others, we may share data with the appropriate entities.
Other users (where applicable): Certain in-app features may display select user information to other players (e.g., multiplayer rankings), especially when you log in through a third-party service.
Advertising and profiling (based on consent): If you have given us permission to use advertising identifiers, we may share them with advertising networks to personalize ads displayed within our products. This applies only after you have granted consent (or not opted out, where allowed).
Examples of advertising partners may include, but are not limited to: Meta (Facebook), Google / AdMob, Unity Ads, AppLovin, ironSource, Vungle, MoPub and its integrated partners, TikTok / ByteDance, Amazon Ads, Snap Inc., Fyber, TapJoy, Tencent Holdings.
Each of these companies processes the information under its own privacy policy. If you want to know how a specific partner uses your data, you should review their respective notice.
Service providers (acting as processors): We also work with companies that provide hosting, analytics, fraud prevention, login services and technical infrastructure. They process data solely under our instructions and cannot use it for their own purposes.
Examples include: Tenjin, Inc., Firebase (Google LLC), Meta Analytics, Appfigures, Other cloud, support or analytics services we may engage from time to time.
All such processors are bound by data protection agreements requiring them to implement appropriate safeguards.
Social Features and Sharing
Our products may include social components or integrations with third-party platforms (for example, share buttons, invites, reactions or similar interactive elements). These tools may allow you to publish certain in-app actions or profile elements to external services or make them visible to friends or the broader public, depending on your individual privacy settings with those platforms. Access to social functionality is only permitted if you meet the minimum age required by the laws applicable in your place of residence. Any information shared through these features is handled in accordance with the privacy practices of the third-party service you use.
Age Restrictions
Our applications are not intended for children below the minimum age defined by data protection and child privacy laws.
In most countries, use is limited to individuals 13 years of age or older.
In the European Economic Area (EEA), users must generally be at least 16 years old, unless local rules set a different age of digital consent.
By accessing or using our products, you confirm that you meet the applicable minimum age requirement. If you are a parent or guardian and believe that a child has accessed our products in violation of these age limits, you may contact us to request removal of the related data. For questions specifically concerning children’s data, you may reach us at info@randm.games.
International Data Transfers
We may transfer personal data to countries outside your own jurisdiction, including territories outside the European Economic Area (EEA) or the United Kingdom, where data protection laws may differ. Any such transfers are carried out only where appropriate safeguards are in place to ensure a level of protection essentially equivalent to that within the EEA/UK. These safeguards may include:
Standard Contractual Clauses (SCCs) approved by the European Commission and, where relevant, the UK International Data Transfer Addendum;
Appropriate contractual, technical and organizational measures imposed on the recipient;
Other lawful transfer mechanisms recognized under applicable laws.
The former EU–US Privacy Shield Framework is no longer relied upon as a valid transfer basis. Where data is sent to the United States or other third countries, we ensure that SCCs or an equivalent legally recognized framework is used.
Security of Your Information
We apply administrative, technical and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration or destruction. While no security system can guarantee absolute protection, we take reasonable steps appropriate to the nature of the data and the risks involved to help keep your information secure.
Push Notifications
If you have allowed notifications on your device, we may send in-app alerts, gameplay reminders, updates, promotional messages or similar communications. You can disable or modify these notifications at any time through your device settings. We do not send push notifications without your permission where such consent is required by law.
“Sale” of Personal Data (CCPA/CPRA Clarification)
We do not exchange your personal data for money, and we do not sell personal data in the conventional sense. However, in some jurisdictions—particularly under the California Consumer Privacy Act (CCPA/CPRA)—certain types of data sharing with third parties for advertising, personalization or analytics purposes may be treated as a “sale” or “sharing” even if no payment occurs. As described earlier under Data Sharing and Disclosure, we may provide certain information (such as advertising identifiers or usage data) to third-party partners for business purposes, including analytics and personalized advertising. If you are a California resident and wish to opt out of this type of data sharing, you may contact us at info@randm.games.
You may also control the use of your advertising identifiers for personalized advertising through your device settings (e.g., 'Limit Ad Tracking' on iOS or 'Opt-out of Ads Personalization' on Android).
We will respect your choice to withdraw consent or object to the use of personal data for such purposes, in accordance with applicable law.
Your Rights
Depending on where you live, you may have specific rights regarding your personal data. We respond to all valid requests in accordance with applicable laws, including the GDPR (EEA/UK) and CCPA/CPRA (California).
Rights of EEA and UK Residents (GDPR) If you are located in the European Economic Area or the United Kingdom, you may exercise the following rights:
Right of access (Art. 15 GDPR): Request confirmation whether we process your personal data and receive a copy, along with information about the purpose of processing, categories of data, recipients, retention periods.
Right to rectification (Art. 16 GDPR): Ask us to correct inaccurate or incomplete personal data.
Right to erasure / “right to be forgotten” (Art. 17 GDPR): Request deletion of your personal data when it is no longer needed or if processing was based on consent you have withdrawn.
Right to restrict processing (Art. 18 GDPR): Request that we limit how your data is processed in certain situations (e.g. during accuracy disputes or legal claims).
Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests (we will stop unless we have overriding grounds), and to direct marketing at any time (we will stop immediately).
Right to data portability (Art. 20 GDPR): Receive personal data you provided in a machine-readable format, or request its transfer to another controller when processing is based on consent or contract.
Right to withdraw consent (Art. 7 GDPR): If processing relies on your consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.
Response time: We normally respond within one month. If the request is complex, this may be extended to up to three months, as permitted by Article 12 GDPR.
Rights of California Residents (CCPA/CPRA) If you reside in California, you may exercise the rights below in relation to personal information collected in the preceding 12 months:
Right to know / disclosure: Request that we disclose categories of personal information collected, sources, purposes of use, categories of third parties, and specific pieces of personal information. You may request this up to twice per year, free of charge.
Right to deletion: Request that we delete your personal information, unless we need it for providing services, legal compliance, detecting or preventing fraud or security incidents, internal use aligned with expectations, or exercising or defending rights.
Right to opt out of sale/sharing: You may direct us not to “sell” or “share” your personal information, as defined under the CCPA/CPRA. This includes certain types of advertising or analytics partnerships.
Right to non-discrimination: You will not receive different pricing, access, features, or quality for exercising any of your CCPA rights.
Response times: We aim to respond within 45 days. If more time is required (up to 90 days), we will notify you and explain the reason.
How to Exercise Your Rights You may contact us at info@randm.games. When you submit a request, we may need to verify your identity to prevent unauthorized access or deletion. Since our apps typically do not use user accounts and data is often collected automatically, we may rely on matching device identifiers or other technical references to verify your request. If we cannot verify your identity with reasonable effort, we may decline the request as allowed by law.
Contact:
RANDM.GAMES LTD
Address: 11, Stratigou Papagou str., 3091 Limassol, Cyprus
Email: info@randm.games
Privacy Policy
This document explains how RANDM.GAMES LTD (“RANDM.GAMES”, “we”, “our” or “us”) deals with personal information when people use our mobile games and related software (referred to in this Policy as “our applications” or “our products”).
RANDM.GAMES LTD acts as the Data Controller for the personal data processed under this Policy, as we determine the purposes and means of that processing in accordance with the GDPR and other applicable laws.
Our products are available free of charge, and some features may be purchased within the game. To keep everything running smoothly, develop new functionality and ensure a consistent user experience, we may handle certain data linked to the use of our products. This may include processing for performance monitoring, feature improvements and other operational needs on our side. We may amend this Policy from time to time. When that happens, we update the “Last updated” date above. If the revisions are significant or if the law requires it, we will provide a separate notice or request your confirmation before the changes take effect.
Information We Collect Automatically
When you use our applications, certain data is gathered without requiring you to submit it directly. This may include technical details, gameplay activity and device-related identifiers. In particular, we may process the following categories of information:
Access and activity data: We register events related to how our products are used. This can include your IP address, the time and date of access, the functions or screens you interact with, and the hardware or operating system involved.
Device characteristics: We may record information about the device used to run our applications, such as the model and manufacturer, operating system version, system language, and configured time zone.
Unique device references: To support features like analytics, advertising or user account functionality, we may rely on identifiers associated with your device or platform account. Examples include IDFA, Google Advertising ID, Google Device ID, Game Center identifiers, or Google Play account identifiers.
Gameplay and interaction data: Progress within the game, levels completed, achievements, scores, and how you engage with in-game features or other players may be collected and processed.
Purchase and consumption details: We may record what types of items you obtain in the game, whether through virtual currencies or real-money transactions, as well as the receipt and use of virtual goods.
Information Obtained from External Sources
If you choose to access our products through an account provided by a third-party platform (for example, Facebook, Apple Game Center or Google Sign-In), we may receive certain details from that service. This can include your display name, basic profile data, and friends or contacts lists, but only to the extent permitted under that platform’s authorization settings and subject to any consent you have granted there. For information on how those third parties handle personal data, you should refer to their respective privacy documentation:
Facebook: https://www.facebook.com/about/privacy/
Apple Game Center: https://www.apple.com/legal/internet-services/itunes/gamecenter/
Google Play Games: https://policies.google.com/privacy
By connecting through a third-party service, you confirm that:
Your use of that login method in connection with our products complies with the relevant terms and policies of that platform; and
You meet the minimum age requirements established by the platform and by applicable law in your jurisdiction.
How We Use the Information and Legal Grounds
We handle different categories of data for specific purposes, and each type of processing is based on an appropriate legal basis under the GDPR.
1. Log data, device data, usage information, consumption details and device identifiers These types of information may be processed in order to:
make the features, services and content you request available and provide you with related information where this has been requested or agreed;
ensure the proper functioning, stability and availability of our applications and overall gameplay experience;
deliver technical messages such as product updates, service alerts, maintenance notices and customer support communication.
Legal basis: This processing is required to fulfill our obligations under a contract with you, including operating the application, delivering requested features and ensuring updates and maintenance. (GDPR Article 6(1)(b))
Additionally, this data may be used:
to share announcements and information about our products that we believe may be relevant to you;
to adapt and refine the user experience, including the presentation of custom content;
to review user behavior, track patterns and understand how the product is accessed and used.
Legal basis: We rely on our legitimate interest in improving user engagement, optimizing our services and offering relevant content. (GDPR Article 6(1)(f))
In cases where you have permitted us to use your advertising identifier, we may also:
provide that identifier to advertising partners so they can display personalized ads within our products.
Legal basis: The act of showing you personalized content is based on our legitimate interest (GDPR Article 6(1)(f)), while the sharing of your advertising identifier with third parties for behavioral advertising relies on your prior consent. (GDPR Article 6(1)(a))
2. Information obtained from external sources If we receive personal data from third-party platforms, we may process it to:
ensure delivery of the services and features you have requested and send you relevant information.
Legal basis: This is necessary for fulfilling a contract with you, such as enabling core functionality tied to those external platforms. (GDPR Article 6(1)(b))
We may also use such information in order to:
combine it with data we already hold to gain a better understanding of user needs and enhance overall service quality;
send relevant updates or information about our applications that we believe may interest you.
Legal basis: This processing is supported by our legitimate interests in improving service quality and offering relevant communications. (GDPR Article 6(1)(f))
We only process personal data to the extent needed to carry out the purposes for which it was originally collected.
Data Retention
We do not keep personal data longer than necessary for the purposes described in this Privacy Policy. The exact retention period depends on how and why the data is used. In general, we store information only:
while you actively use our products,
for a reasonable period afterward to maintain functionality, comply with legal obligations, prevent fraud, resolve disputes or enforce our rights.
If the data is no longer required for operational, legal, security or accounting reasons, it is either deleted or irreversibly anonymized. Where applicable law requires a specific timeframe (e.g., tax or bookkeeping rules), we will retain data only for that period. We do not rely on a fixed three-year rule. Instead, retention is determined by the nature of the information, the purposes of processing and the relevant legal requirements.
Data Sharing and Disclosure
We may share personal data with third parties under the legal bases established by applicable data protection laws, including GDPR Articles 6(1)(b), 6(1)(c), 6(1)(f) and, when applicable, Article 6(1)(a). Where relevant under U.S. law (e.g., CCPA), such sharing may also qualify as a “sale” or “sharing” of personal information, subject to opt-out rights. We may disclose information to the following categories of recipients:
Social platforms and connected services: If you use features involving third-party accounts (e.g., leaderboards, friends, logins), certain data may be shared with those platforms in line with your settings and consents.
Legal, regulatory and transactional purposes: We may disclose information:
to comply with a court order, applicable law or regulatory request,
in connection with due diligence or negotiations relating to a merger, acquisition, financing or transfer of assets,
to protect our rights, enforce agreements or investigate potential misconduct.
Authorities and enforcement bodies: If we reasonably believe that user actions violate our terms, policy or legal requirements, or pose risk to others, we may share data with the appropriate entities.
Other users (where applicable): Certain in-app features may display select user information to other players (e.g., multiplayer rankings), especially when you log in through a third-party service.
Advertising and profiling (based on consent): If you have given us permission to use advertising identifiers, we may share them with advertising networks to personalize ads displayed within our products. This applies only after you have granted consent (or not opted out, where allowed).
Examples of advertising partners may include, but are not limited to: Meta (Facebook), Google / AdMob, Unity Ads, AppLovin, ironSource, Vungle, MoPub and its integrated partners, TikTok / ByteDance, Amazon Ads, Snap Inc., Fyber, TapJoy, Tencent Holdings.
Each of these companies processes the information under its own privacy policy. If you want to know how a specific partner uses your data, you should review their respective notice.
Service providers (acting as processors): We also work with companies that provide hosting, analytics, fraud prevention, login services and technical infrastructure. They process data solely under our instructions and cannot use it for their own purposes.
Examples include: Tenjin, Inc., Firebase (Google LLC), Meta Analytics, Appfigures, Other cloud, support or analytics services we may engage from time to time.
All such processors are bound by data protection agreements requiring them to implement appropriate safeguards.
Social Features and Sharing
Our products may include social components or integrations with third-party platforms (for example, share buttons, invites, reactions or similar interactive elements). These tools may allow you to publish certain in-app actions or profile elements to external services or make them visible to friends or the broader public, depending on your individual privacy settings with those platforms. Access to social functionality is only permitted if you meet the minimum age required by the laws applicable in your place of residence. Any information shared through these features is handled in accordance with the privacy practices of the third-party service you use.
Age Restrictions
Our applications are not intended for children below the minimum age defined by data protection and child privacy laws.
In most countries, use is limited to individuals 13 years of age or older.
In the European Economic Area (EEA), users must generally be at least 16 years old, unless local rules set a different age of digital consent.
By accessing or using our products, you confirm that you meet the applicable minimum age requirement. If you are a parent or guardian and believe that a child has accessed our products in violation of these age limits, you may contact us to request removal of the related data. For questions specifically concerning children’s data, you may reach us at info@randm.games.
International Data Transfers
We may transfer personal data to countries outside your own jurisdiction, including territories outside the European Economic Area (EEA) or the United Kingdom, where data protection laws may differ. Any such transfers are carried out only where appropriate safeguards are in place to ensure a level of protection essentially equivalent to that within the EEA/UK. These safeguards may include:
Standard Contractual Clauses (SCCs) approved by the European Commission and, where relevant, the UK International Data Transfer Addendum;
Appropriate contractual, technical and organizational measures imposed on the recipient;
Other lawful transfer mechanisms recognized under applicable laws.
The former EU–US Privacy Shield Framework is no longer relied upon as a valid transfer basis. Where data is sent to the United States or other third countries, we ensure that SCCs or an equivalent legally recognized framework is used.
Security of Your Information
We apply administrative, technical and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration or destruction. While no security system can guarantee absolute protection, we take reasonable steps appropriate to the nature of the data and the risks involved to help keep your information secure.
Push Notifications
If you have allowed notifications on your device, we may send in-app alerts, gameplay reminders, updates, promotional messages or similar communications. You can disable or modify these notifications at any time through your device settings. We do not send push notifications without your permission where such consent is required by law.
“Sale” of Personal Data (CCPA/CPRA Clarification)
We do not exchange your personal data for money, and we do not sell personal data in the conventional sense. However, in some jurisdictions—particularly under the California Consumer Privacy Act (CCPA/CPRA)—certain types of data sharing with third parties for advertising, personalization or analytics purposes may be treated as a “sale” or “sharing” even if no payment occurs. As described earlier under Data Sharing and Disclosure, we may provide certain information (such as advertising identifiers or usage data) to third-party partners for business purposes, including analytics and personalized advertising. If you are a California resident and wish to opt out of this type of data sharing, you may contact us at info@randm.games.
You may also control the use of your advertising identifiers for personalized advertising through your device settings (e.g., 'Limit Ad Tracking' on iOS or 'Opt-out of Ads Personalization' on Android).
We will respect your choice to withdraw consent or object to the use of personal data for such purposes, in accordance with applicable law.
Your Rights
Depending on where you live, you may have specific rights regarding your personal data. We respond to all valid requests in accordance with applicable laws, including the GDPR (EEA/UK) and CCPA/CPRA (California).
Rights of EEA and UK Residents (GDPR) If you are located in the European Economic Area or the United Kingdom, you may exercise the following rights:
Right of access (Art. 15 GDPR): Request confirmation whether we process your personal data and receive a copy, along with information about the purpose of processing, categories of data, recipients, retention periods.
Right to rectification (Art. 16 GDPR): Ask us to correct inaccurate or incomplete personal data.
Right to erasure / “right to be forgotten” (Art. 17 GDPR): Request deletion of your personal data when it is no longer needed or if processing was based on consent you have withdrawn.
Right to restrict processing (Art. 18 GDPR): Request that we limit how your data is processed in certain situations (e.g. during accuracy disputes or legal claims).
Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests (we will stop unless we have overriding grounds), and to direct marketing at any time (we will stop immediately).
Right to data portability (Art. 20 GDPR): Receive personal data you provided in a machine-readable format, or request its transfer to another controller when processing is based on consent or contract.
Right to withdraw consent (Art. 7 GDPR): If processing relies on your consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.
Response time: We normally respond within one month. If the request is complex, this may be extended to up to three months, as permitted by Article 12 GDPR.
Rights of California Residents (CCPA/CPRA) If you reside in California, you may exercise the rights below in relation to personal information collected in the preceding 12 months:
Right to know / disclosure: Request that we disclose categories of personal information collected, sources, purposes of use, categories of third parties, and specific pieces of personal information. You may request this up to twice per year, free of charge.
Right to deletion: Request that we delete your personal information, unless we need it for providing services, legal compliance, detecting or preventing fraud or security incidents, internal use aligned with expectations, or exercising or defending rights.
Right to opt out of sale/sharing: You may direct us not to “sell” or “share” your personal information, as defined under the CCPA/CPRA. This includes certain types of advertising or analytics partnerships.
Right to non-discrimination: You will not receive different pricing, access, features, or quality for exercising any of your CCPA rights.
Response times: We aim to respond within 45 days. If more time is required (up to 90 days), we will notify you and explain the reason.
How to Exercise Your Rights You may contact us at info@randm.games. When you submit a request, we may need to verify your identity to prevent unauthorized access or deletion. Since our apps typically do not use user accounts and data is often collected automatically, we may rely on matching device identifiers or other technical references to verify your request. If we cannot verify your identity with reasonable effort, we may decline the request as allowed by law.
Contact:
RANDM.GAMES LTD
Address: 11, Stratigou Papagou str., 3091 Limassol, Cyprus
Email: info@randm.games
Privacy Policy
This document explains how RANDM.GAMES LTD (“RANDM.GAMES”, “we”, “our” or “us”) deals with personal information when people use our mobile games and related software (referred to in this Policy as “our applications” or “our products”).
RANDM.GAMES LTD acts as the Data Controller for the personal data processed under this Policy, as we determine the purposes and means of that processing in accordance with the GDPR and other applicable laws.
Our products are available free of charge, and some features may be purchased within the game. To keep everything running smoothly, develop new functionality and ensure a consistent user experience, we may handle certain data linked to the use of our products. This may include processing for performance monitoring, feature improvements and other operational needs on our side. We may amend this Policy from time to time. When that happens, we update the “Last updated” date above. If the revisions are significant or if the law requires it, we will provide a separate notice or request your confirmation before the changes take effect.
Information We Collect Automatically
When you use our applications, certain data is gathered without requiring you to submit it directly. This may include technical details, gameplay activity and device-related identifiers. In particular, we may process the following categories of information:
Access and activity data: We register events related to how our products are used. This can include your IP address, the time and date of access, the functions or screens you interact with, and the hardware or operating system involved.
Device characteristics: We may record information about the device used to run our applications, such as the model and manufacturer, operating system version, system language, and configured time zone.
Unique device references: To support features like analytics, advertising or user account functionality, we may rely on identifiers associated with your device or platform account. Examples include IDFA, Google Advertising ID, Google Device ID, Game Center identifiers, or Google Play account identifiers.
Gameplay and interaction data: Progress within the game, levels completed, achievements, scores, and how you engage with in-game features or other players may be collected and processed.
Purchase and consumption details: We may record what types of items you obtain in the game, whether through virtual currencies or real-money transactions, as well as the receipt and use of virtual goods.
Information Obtained from External Sources
If you choose to access our products through an account provided by a third-party platform (for example, Facebook, Apple Game Center or Google Sign-In), we may receive certain details from that service. This can include your display name, basic profile data, and friends or contacts lists, but only to the extent permitted under that platform’s authorization settings and subject to any consent you have granted there. For information on how those third parties handle personal data, you should refer to their respective privacy documentation:
Facebook: https://www.facebook.com/about/privacy/
Apple Game Center: https://www.apple.com/legal/internet-services/itunes/gamecenter/
Google Play Games: https://policies.google.com/privacy
By connecting through a third-party service, you confirm that:
Your use of that login method in connection with our products complies with the relevant terms and policies of that platform; and
You meet the minimum age requirements established by the platform and by applicable law in your jurisdiction.
How We Use the Information and Legal Grounds
We handle different categories of data for specific purposes, and each type of processing is based on an appropriate legal basis under the GDPR.
1. Log data, device data, usage information, consumption details and device identifiers These types of information may be processed in order to:
make the features, services and content you request available and provide you with related information where this has been requested or agreed;
ensure the proper functioning, stability and availability of our applications and overall gameplay experience;
deliver technical messages such as product updates, service alerts, maintenance notices and customer support communication.
Legal basis: This processing is required to fulfill our obligations under a contract with you, including operating the application, delivering requested features and ensuring updates and maintenance. (GDPR Article 6(1)(b))
Additionally, this data may be used:
to share announcements and information about our products that we believe may be relevant to you;
to adapt and refine the user experience, including the presentation of custom content;
to review user behavior, track patterns and understand how the product is accessed and used.
Legal basis: We rely on our legitimate interest in improving user engagement, optimizing our services and offering relevant content. (GDPR Article 6(1)(f))
In cases where you have permitted us to use your advertising identifier, we may also:
provide that identifier to advertising partners so they can display personalized ads within our products.
Legal basis: The act of showing you personalized content is based on our legitimate interest (GDPR Article 6(1)(f)), while the sharing of your advertising identifier with third parties for behavioral advertising relies on your prior consent. (GDPR Article 6(1)(a))
2. Information obtained from external sources If we receive personal data from third-party platforms, we may process it to:
ensure delivery of the services and features you have requested and send you relevant information.
Legal basis: This is necessary for fulfilling a contract with you, such as enabling core functionality tied to those external platforms. (GDPR Article 6(1)(b))
We may also use such information in order to:
combine it with data we already hold to gain a better understanding of user needs and enhance overall service quality;
send relevant updates or information about our applications that we believe may interest you.
Legal basis: This processing is supported by our legitimate interests in improving service quality and offering relevant communications. (GDPR Article 6(1)(f))
We only process personal data to the extent needed to carry out the purposes for which it was originally collected.
Data Retention
We do not keep personal data longer than necessary for the purposes described in this Privacy Policy. The exact retention period depends on how and why the data is used. In general, we store information only:
while you actively use our products,
for a reasonable period afterward to maintain functionality, comply with legal obligations, prevent fraud, resolve disputes or enforce our rights.
If the data is no longer required for operational, legal, security or accounting reasons, it is either deleted or irreversibly anonymized. Where applicable law requires a specific timeframe (e.g., tax or bookkeeping rules), we will retain data only for that period. We do not rely on a fixed three-year rule. Instead, retention is determined by the nature of the information, the purposes of processing and the relevant legal requirements.
Data Sharing and Disclosure
We may share personal data with third parties under the legal bases established by applicable data protection laws, including GDPR Articles 6(1)(b), 6(1)(c), 6(1)(f) and, when applicable, Article 6(1)(a). Where relevant under U.S. law (e.g., CCPA), such sharing may also qualify as a “sale” or “sharing” of personal information, subject to opt-out rights. We may disclose information to the following categories of recipients:
Social platforms and connected services: If you use features involving third-party accounts (e.g., leaderboards, friends, logins), certain data may be shared with those platforms in line with your settings and consents.
Legal, regulatory and transactional purposes: We may disclose information:
to comply with a court order, applicable law or regulatory request,
in connection with due diligence or negotiations relating to a merger, acquisition, financing or transfer of assets,
to protect our rights, enforce agreements or investigate potential misconduct.
Authorities and enforcement bodies: If we reasonably believe that user actions violate our terms, policy or legal requirements, or pose risk to others, we may share data with the appropriate entities.
Other users (where applicable): Certain in-app features may display select user information to other players (e.g., multiplayer rankings), especially when you log in through a third-party service.
Advertising and profiling (based on consent): If you have given us permission to use advertising identifiers, we may share them with advertising networks to personalize ads displayed within our products. This applies only after you have granted consent (or not opted out, where allowed).
Examples of advertising partners may include, but are not limited to: Meta (Facebook), Google / AdMob, Unity Ads, AppLovin, ironSource, Vungle, MoPub and its integrated partners, TikTok / ByteDance, Amazon Ads, Snap Inc., Fyber, TapJoy, Tencent Holdings.
Each of these companies processes the information under its own privacy policy. If you want to know how a specific partner uses your data, you should review their respective notice.
Service providers (acting as processors): We also work with companies that provide hosting, analytics, fraud prevention, login services and technical infrastructure. They process data solely under our instructions and cannot use it for their own purposes.
Examples include: Tenjin, Inc., Firebase (Google LLC), Meta Analytics, Appfigures, Other cloud, support or analytics services we may engage from time to time.
All such processors are bound by data protection agreements requiring them to implement appropriate safeguards.
Social Features and Sharing
Our products may include social components or integrations with third-party platforms (for example, share buttons, invites, reactions or similar interactive elements). These tools may allow you to publish certain in-app actions or profile elements to external services or make them visible to friends or the broader public, depending on your individual privacy settings with those platforms. Access to social functionality is only permitted if you meet the minimum age required by the laws applicable in your place of residence. Any information shared through these features is handled in accordance with the privacy practices of the third-party service you use.
Age Restrictions
Our applications are not intended for children below the minimum age defined by data protection and child privacy laws.
In most countries, use is limited to individuals 13 years of age or older.
In the European Economic Area (EEA), users must generally be at least 16 years old, unless local rules set a different age of digital consent.
By accessing or using our products, you confirm that you meet the applicable minimum age requirement. If you are a parent or guardian and believe that a child has accessed our products in violation of these age limits, you may contact us to request removal of the related data. For questions specifically concerning children’s data, you may reach us at info@randm.games.
International Data Transfers
We may transfer personal data to countries outside your own jurisdiction, including territories outside the European Economic Area (EEA) or the United Kingdom, where data protection laws may differ. Any such transfers are carried out only where appropriate safeguards are in place to ensure a level of protection essentially equivalent to that within the EEA/UK. These safeguards may include:
Standard Contractual Clauses (SCCs) approved by the European Commission and, where relevant, the UK International Data Transfer Addendum;
Appropriate contractual, technical and organizational measures imposed on the recipient;
Other lawful transfer mechanisms recognized under applicable laws.
The former EU–US Privacy Shield Framework is no longer relied upon as a valid transfer basis. Where data is sent to the United States or other third countries, we ensure that SCCs or an equivalent legally recognized framework is used.
Security of Your Information
We apply administrative, technical and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration or destruction. While no security system can guarantee absolute protection, we take reasonable steps appropriate to the nature of the data and the risks involved to help keep your information secure.
Push Notifications
If you have allowed notifications on your device, we may send in-app alerts, gameplay reminders, updates, promotional messages or similar communications. You can disable or modify these notifications at any time through your device settings. We do not send push notifications without your permission where such consent is required by law.
“Sale” of Personal Data (CCPA/CPRA Clarification)
We do not exchange your personal data for money, and we do not sell personal data in the conventional sense. However, in some jurisdictions—particularly under the California Consumer Privacy Act (CCPA/CPRA)—certain types of data sharing with third parties for advertising, personalization or analytics purposes may be treated as a “sale” or “sharing” even if no payment occurs. As described earlier under Data Sharing and Disclosure, we may provide certain information (such as advertising identifiers or usage data) to third-party partners for business purposes, including analytics and personalized advertising. If you are a California resident and wish to opt out of this type of data sharing, you may contact us at info@randm.games.
You may also control the use of your advertising identifiers for personalized advertising through your device settings (e.g., 'Limit Ad Tracking' on iOS or 'Opt-out of Ads Personalization' on Android).
We will respect your choice to withdraw consent or object to the use of personal data for such purposes, in accordance with applicable law.
Your Rights
Depending on where you live, you may have specific rights regarding your personal data. We respond to all valid requests in accordance with applicable laws, including the GDPR (EEA/UK) and CCPA/CPRA (California).
Rights of EEA and UK Residents (GDPR) If you are located in the European Economic Area or the United Kingdom, you may exercise the following rights:
Right of access (Art. 15 GDPR): Request confirmation whether we process your personal data and receive a copy, along with information about the purpose of processing, categories of data, recipients, retention periods.
Right to rectification (Art. 16 GDPR): Ask us to correct inaccurate or incomplete personal data.
Right to erasure / “right to be forgotten” (Art. 17 GDPR): Request deletion of your personal data when it is no longer needed or if processing was based on consent you have withdrawn.
Right to restrict processing (Art. 18 GDPR): Request that we limit how your data is processed in certain situations (e.g. during accuracy disputes or legal claims).
Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests (we will stop unless we have overriding grounds), and to direct marketing at any time (we will stop immediately).
Right to data portability (Art. 20 GDPR): Receive personal data you provided in a machine-readable format, or request its transfer to another controller when processing is based on consent or contract.
Right to withdraw consent (Art. 7 GDPR): If processing relies on your consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.
Response time: We normally respond within one month. If the request is complex, this may be extended to up to three months, as permitted by Article 12 GDPR.
Rights of California Residents (CCPA/CPRA) If you reside in California, you may exercise the rights below in relation to personal information collected in the preceding 12 months:
Right to know / disclosure: Request that we disclose categories of personal information collected, sources, purposes of use, categories of third parties, and specific pieces of personal information. You may request this up to twice per year, free of charge.
Right to deletion: Request that we delete your personal information, unless we need it for providing services, legal compliance, detecting or preventing fraud or security incidents, internal use aligned with expectations, or exercising or defending rights.
Right to opt out of sale/sharing: You may direct us not to “sell” or “share” your personal information, as defined under the CCPA/CPRA. This includes certain types of advertising or analytics partnerships.
Right to non-discrimination: You will not receive different pricing, access, features, or quality for exercising any of your CCPA rights.
Response times: We aim to respond within 45 days. If more time is required (up to 90 days), we will notify you and explain the reason.
How to Exercise Your Rights You may contact us at info@randm.games. When you submit a request, we may need to verify your identity to prevent unauthorized access or deletion. Since our apps typically do not use user accounts and data is often collected automatically, we may rely on matching device identifiers or other technical references to verify your request. If we cannot verify your identity with reasonable effort, we may decline the request as allowed by law.
Contact:
RANDM.GAMES LTD
Address: 11, Stratigou Papagou str., 3091 Limassol, Cyprus
Email: info@randm.games