• Introduction

As Ratic, Inc. (hereinafter referred to as “Ratic”, the “Company“, “we”, and through similar words such as “us”, “our”, etc.), we respect your privacy and are committed to providing a safe and online experience through our Software Developer Kit(the “SDK”) adhering to a global privacy perspective.

This Privacy Policy (“the Policy”) describes our practices and policies with regards to use and process of personal information while operating the SDK and providing the services thereunder (the “Services”). In this regard, this Policy describes the types of personal information we collect through SDK and our Services, how we use that information, our legal basis for doing so, with whom we share it, your rights and choices in this regard, how you can contact us about our privacy practices as well as your ability to control certain uses of such personal information. This Policy does not apply to third-party sites, products, or services, even if they link to our Services or the Ratic SDK, and you should consider the privacy practices of those third parties carefully.

• Ratic SDK

Ratic SDK is a Software Development Kit that provides Game Studios to easily integrate some live-ops features into their games. By using the SDK; Game Studios can integrate and manage features like tournaments, leaderboards, in-app currencies, virtual items and their purchase systems, special offers through the dashboard we provide.

Through the SDK, Ratic provides an online gaming ecosystem for users and easy integration and management systems for Game Studios (depending on the case “Game Studio”, “you” or “your”) and benefit from the services offered thereon (hereinafter referred to as the “Service”).

The SDK (including its all subdomains, other media and their respective features and content) is a service made available by Ratic.

• Acknowledgement of the Policy

By acknowledging this Policy, you are accepting that you have familiarized yourself with the practices described in this Policy, and the Terms of Service (the “Terms”), which governs this Policy and contains all disclaimers of warranties and limitation of liabilities. If you do not agree to the processing activities stipulated in this Policy, please do not further access or use the SDK or any Services and/or delete your account immediately.

• Definitions

Capitalized words not defined under this Policy shall be understood as described under our Terms. It is of utmost importance to read the Policy provided herein in tandem with the Terms to better grasp the key concepts provided and explained therein. 

Within the scope of this Policy, the following terms shall have the meanings ascribed to them below. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. 

• Applicability of the Policy

Since our operations are a based in different parts of the World but have numerous Users from different countries, we intend to reflect our compliance with various legislations about privacy and data protection from a global perspective. For this reason, we show considerable effort to act in accordance with the PDPL, GDPR and CCPA. 

• Personal Information Collected by Ratic

We collect personal information concerning you from certain sources to provide the Services and to manage the SDK. We also obtain information from you and from Third Parties as detailed below. 

Please note that if you decline to provide any of the required information requested by Ratic, you may not be able to take full advantage of the Services and their features or make a purchase from us. 

We may collect, use, store and transfer different kinds of personal information about you which we collect from various sources as described below:

1. Personal Information We Collect Directly from You 

We collect information from and about you and your transactions and other interactions with us. This may include, but is not limited to, when you download the SDK to your Device, sign-up an account, connect your Games to Ratic SDK account, integrate Games, allow tournaments, and purchase in the Marketplace or use the Services, in general.

Personal information you may provide includes,

Registration and Account Information

If you desire to have access to the SDK you are required to become a registered Game Studio, and to submit the following types of personal information to Ratic: Identifiers and contact information such as your name and surname(firm name for legal persons), email address, phone number, address, VAT number, application store URLs, username, account password, your preferences such as language, time zone; the types of communications you would like to receive from us, and image/avatar (if you choose to provide this), and any other information you would like to share to faster account verification.

In-App Purchases and Commercial Information

Another important aspect of Ratic’s data processing activities is the management of in-app purchases made by you. Through the Marketplace, you can purchase additional In-App Coins using a variety of payment methods. Ratic must collect and process your username, region and profile picture, In-App Coin Balance to validate, manage and verify your identity and transactions. 

Other

You may also opt-in to submitting information through other methods, including: 

• By providing your email and other contact information; information on how you engage with our emails such as email open and click rates, whether a link is clicked, which web pages are visited after opening the email, the type of browser and email clients you use, and general location (i.e. country and region) information,
• Your messages, posts and other interactions with our brand and social media accounts,
• Teleconference, videoconference, and other meetings; your preferences, feedback, opinions, and business needs; and recordings of these sessions if you provide your consent,
• In connection with a real or potential business relationship with us.

• Personal Information Collected from Third Parties

Game Interactions

Ratic’s data processing activities encompass a range of tasks involved in managing and utilizing your information collected through the Ratic SDK. One of the primary functions of this system is to track User progress and rewards within Games, allowing Users to access In-app Coins that can be used for a variety of purposes within the App. To accomplish this, Ratic collects and stores information from Game Studios regarding User profile picture, region, In-app Coin balances, and usernames. 

It is important to note that while Ratic may collect certain information from Game Studios in order to provide Users with access to their in-app rewards through the App, the Game Studios themselves are the Data Controllers of the information collected within their Games. Users should be aware that they may be providing personal information to Game Studios when they download, access, or play Games and are encouraged to carefully review the terms and privacy policies of these Game Studios before doing so. Ratic does not have control over the data processing activities of Game Studios outside of the information shared for the specific purpose of in-app rewards tracking and cannot be held responsible for the privacy practices of these Game Studios.

General Security Principles

In order to prevent fraudulent activity within the App, Ratic utilizes a validator machine to ensure that User Accounts are real and not bots. This is a critical aspect of maintaining the integrity of the in-app rewards system, as it helps to ensure that only legitimate users are able to earn and collect rewards. The validator machine operates by analyzing user activity within the Games, looking for patterns or behaviors that may indicate bot activity or other forms of cheating. If suspicious activity is detected, the User account may be flagged or even suspended to prevent further misuse of the App.

Third-Party Services

We use Third-Party Service Providers to provide certain Services on our behalf when the information is necessary for them to perform their duties. 

The Third-Party Service Providers (our Sub-processors) help us better operate our Website and Platform and for services such as hosting, maintenance, error monitoring, debugging performance monitoring, customer service, database storage and management, SEO services, user onboarding, email automation, product and User tracking, heat-map, and live chat tracking. In some cases, these Service Providers may process or store personal information while providing services. When those Service Providers receive access to personal information, they undergo a security and privacy review to ensure they meet the necessary safeguards and implement ‘the best practice’ in their data processing activities. We are also committed to providing that they are contractually bound by a data protection/processing agreement that requires them to comply with applicable regulations, including having the appropriate access controls in place to protect your data.

• Automatic Collection Methods

We may also collect information about your online activities on the SDK and connected Devices over time and across Third-Party websites, Devices, apps, and other online features and services. For example, when you use automated chat functionality (chatbots) to make an inquiry, provide feedback, or make another request, we may collect information about you such as your username and email address, your specific feedback or request, and information related to your use of our Services.

This collection includes automatically collected information, and generally does not include personal information unless you provide it through the SDK, or you choose to share it with us by other means. Methods we use are described below:  

• Web beacons or tags (small images embedded into websites or emails that send information about your Device when you visit our Application, or open an email we send to you);
• SDK log files (which we tend to create automatically in connection with your access to and use of our SDK).

These technologies record information about your usage of our SDK and Services, including:

• Browser and Device Data, IP address, Device type, internet browser type, screen resolution, operating system’s name and version, Device manufacturer and model, language, plug-ins, add-ons, brand, model, technical specification, UUID (Unique Device ID) and operating system information of the Device used, and the language version of the SDK you are visiting.
• Preference information, marketing and communication preferences, your account settings including any default preferences, any preferences you have indicated, the types of services/offers that interest you, the areas of our Services that you have visited or ways that you interact with our Services.
• Logs and Usage Data, such as time spent on the SDK, pages visited, links clicked, bounce rate, roll percentage, language preferences, views, payment amount, payment channels, frequency of login, and the different types of activity undertaken by users such as frequently accessed areas of the Services, approaches to in-app notifications, segments, Device ID.
• General Location Information (region, city), such as IP address and the region in which you are located when you are logging in and using the Services, in accordance with the settings on your Device.

1. How Ratic Uses Personal Information

We rely upon several legal grounds to ensure that our use of your personal information is compliant with the applicable laws. Most commonly we will use your personal information in the following circumstances:

• Where it is necessary for the performance of a contract with you or to take steps to enter into a contract with you (e.g., terms of service).
• Where you have given your consent to the processing of your personal data for a particular purpose (e.g., when you give consent to promotional communications for email marketing purposes).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. (e.g., when there is a fraudulent activity regarding your transactions)
• Where we need to comply with a legal or regulatory obligation (e.g., when we are legally obliged to disclose your personal information).

Purposes for which we will use your personal information;

The purposes for which we will process your personal information and the lawful basis of processing on which we rely are described below:

Pre-contractual, contractual, and post-contractual business relationships. We process personal information to enter a legal relationship with prospective Game Studios, and to perform the contractual obligations under the Terms. Activities that we conduct in this context include:

• To provide you with Services, such as to,

• register you to our SDK and create your account so that you may access our Services,
• enable you to integrate your Games on the Application Stores to manage your Live-Ops,
• to administer and support the Services you have requested including to send service notifications, manage and support the provision of our services, to manage payments and to exercise our legal rights,
• to manage our relationship with you which will include: (a) notifying you about changes to our Terms or Privacy Policy (b) asking you to update your information (c) dealing with any issues or feedback you may have,
• Process, maintain, and service your account(s),
• Validate, confirm, verify, deliver, install, and track for our Services.

• To respond or communicate with you such as when you;

• Sign-up an account,
• Make a request or inquiry through contact form/ticket or any other channel dedicated for such use,
• Committed fraudulent activity,
• Share a comment/review or concern regarding our SDK or any of our Services.

Legal and regulatory compliance. We use personal information to verify the identity of our Users in order to comply with applicable laws. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to Third Parties and to submit to Third-Party verification audits. Examples of how we use information within this condition include:

• Accounting, auditing, and billing activities;
• Respond to court orders, lawsuits, subpoenas, and government requests; address legal and regulatory compliance; and
• Communications regarding payments, and related pre-sale and post-sale communications as required by the applicable law.

Legitimate business interests. We rely on our legitimate business interests to process certain personal information concerning you. The following list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we balanced our interests against the legitimate interests and rights of the individuals whose personal information we process. Examples of how we use information within this condition include:

• Mitigating financial loss, claims, liabilities, or other harm to Game Studios and the Company;
• Protecting the security or integrity of Ratic SDK and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims and other liabilities, and managing risk exposure, including by identifying potential hackers and other unauthorized users;
• Responding to inquiries, sending service notices, and providing customer support;
• Personalizing your experience with us, including to remember your interests and preferences (i.e., mostly-played Games), we share with you; tracking and categorizing your gaming activity and interests on Ratic SDK,
• Promoting, analyzing, modifying, and improving our systems, and tools, and developing new services;
• Managing, operating, and improving the performance of Ratic SDK and the Services by understanding their effectiveness, measure the engagement levels of the Games and optimizing our SDK;
• Improving Ratic SDK and Services;
• Conducting aggregate analysis and developing business intelligence that enables us to operate, protect, make informed decisions, and report on the performance of our business;
• Ensuring network and information security throughout Ratic SDK and our Services (including troubleshooting, business operational analysis, testing, system maintenance, support, reporting and hosting of data);
• Protecting the security or integrity of our Services and business, such as by protecting against and preventing fraud, unauthorized transactions, claims and other liabilities, and managing risk exposure, including by identifying potential hackers and other unauthorized users.

Based on Your Prior Explicit Consent. We rely on your prior explicit consent to process your personal information for the purposes below:

• to send you marketing and commercial emails,
• to include you to our newsletter,
• for interest-based advertising activities.
• for location-based advertising activities.

Personal Data Manifestly Made Public by our Users. Game Studio’s name and logo (if there any) along with references are being manifestly public by such Game Studio to be published on the Ratic SDK References to the extent permissible by the Terms.

Marketing and Advertising Activities

We may send you marketing and advertising communications about Ratic, the SDK, the Services, and upcoming Games that are compatible with the SDK; invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes; and to customize the marketing and advertising that we provide to you upon your prior explicit consent.

In order to provide you with all of the benefits of our Service, we ask for your permission to send you information about the latest news, special events, offers, promotions and other benefits. We also ask for your permission to send you, our newsletter. Upon your consent, we will use your email address to contact you with this information. 

When we collect your business, contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and Services, and upon your explicit consent, include you on our marketing information campaigns. 

If you decide at any time that you no longer wish to receive such marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. You may also opt-out from receiving commercial emails from us by sending your request to us by email at support@ratic.io.

To update your preferences, ask us to remove your information from our mailing lists, delete your account or submit a request to exercise your rights under applicable law, please contact us at support@ratic.io.

To learn more about managing your privacy and storage settings and opting out from receiving other Third Parties’ cookies, please see our “Exercising of Your GDPR Privacy Rights” and “Exercising of Your California Privacy Rights” sections.

We do not guarantee that all of the Third Parties we work with will honor the elections you make using those options, but we strive to work with Third Parties that do.

Social Networks and Third-Party Integrations

We offer parts of our Service through websites, platforms, apps, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our SDK and Services. Some examples include:

Links

Our SDK includes links that hyperlink to websites, platforms, apps, and other services not operated or controlled by us.

Liking, Sharing, and Logging-In

We may embed a pixel or SDK on our SDK that allows you to “like” or “share” content on, or log-in to your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration. These widgets may collect information such as your IP address and the pages you navigate on the website and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.

Brand Pages and Chatbots

We may offer our content through social media. Any information you provide to us when you engage with our content (such as through our brand page) is treated in accordance with this Policy. Also, if you publicly reference our Service on social media (e.g., by using a hashtag associated with Ratic in a tweet or post), we may use your reference on or in connection with our Services.

Please note that when you interact with other entities, including when you leave our SDK or Service, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies, terms, and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information outside of your residency. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

1. How Ratic Shares Personal Information

Ratic does not rent or sell your information. Information on third parties and/or third-party categories your data is disclosed is always open to you information and examination.

We restrict access to your information to authorized employees and we do not share your information with Third Parties except in the circumstances explained below. 

Employees and Authorized Contractors

Our employees and authorized contractors may need to access information about you when they require this information to perform their job. For example, a customer support representative would need access to your account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent account activity, or other attempts to compromise the Services. All our employees and contractors are required to agree to maintain the confidentiality and protect the privacy of your information.

Service Providers and Business Partners

Without prejudice to the foregoing, we share personal information with a limited number of our Service Providers. We have Service Providers that provide services on our behalf, such as website hosting, data analysis, information technology, and related infrastructure, customer service, email delivery. These Service Providers may need to access personal information to perform their services. We authorize such Service Providers to use or disclose personal information only as necessary to perform services on our behalf or comply with legal requirements. We require such Service Providers to contractually commit to protect the security and confidentiality of personal information they process on our behalf. These Third- Party Service Providers may process or store personal data on servers outside of the EEA, UK, and Switzerland, including in the US. We rely on standard contractual clauses (if sent to the US or onward to other countries) to ensure that information about you is lawfully transferred under EU law. In this case, we have implemented supplementary measures as outlined in the Section “How Ratic Protects Your Personal Information”.

Business Transfers

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal information with Third Parties for the purpose of facilitating and completing the transaction. If we do, we will inform such entities of the requirement to manage your information in accordance with this Privacy Policy or inform you that you are covered by a new privacy policy. You will have the opportunity to opt-out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.

Law Enforcement, Government Agencies, and Professional Advisors

We may need to disclose information about you where we believe that it is reasonably necessary to comply with a law or regulation, or if we are otherwise legally required to do so, such as: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights including our Terms and this Privacy Policy; (iii) to protect the rights, privacy, safety, and property of Ratic, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence. For governmental data access requests concerning you or your organization, we would first attempt to redirect the request to you and/or we would first attempt to notify you unless we are legally prohibited from doing so.

We also use professional advisors, including lawyers and accountants, and may be required to disclose information about you when engaging them for their services and as necessary for audits, financial and other regulatory reviews.

We may disclose information in the aggregate form to Third Parties relating to user behavior in connection with the actual or prospective business relationship with those Third Parties, such as advertisers and content distributors. 

• Your Communication Choices

Legal Communications and Service Announcements

By providing Ratic with your email address and/or using the Website/Platform you affirmatively consent to use of your email address for legal and service notifications or Ratic to send you notifications through pop-ups and etc. regarding important service announcements and other legal and administrative communications related to your use of the SDK. We may send the following to you by email or posting them on the SDK; this Policy, our Terms, including legal disclosures; future changes to this Policy, Terms, and other notices, legal communications or disclosures and information related to the Services. Such communications are part of the Services which you cannot opt out of receiving. However, if you do not wish to receive certain service and other administrative and legal notifications, your only way to opt out of such messages is to stop using the SDK and delete your account.

Promotional Communications

You may receive marketing and advertising communications (e.g., sending your blog posts, informing you of Service features, letting you know of new features or developments, letting you know of upcoming Games or add-ons, offering you promo codes or coupons) pursuant to your prior explicit consent. To receive marketing and advertising communications from Ratic, you can subscribe to our newsletter, contact us via email, or give your explicit consent in the applicable areas. Due to our global privacy practices, we provide our Users with the opportunity to “opt-in” and “opt out” of receiving marketing and advertising communications other than those for purposes directly related to your transactions with us and in general legal and administrative communications regarding your account.

If you prefer to opt-in to Promotional Communications, you may receive periodic promotions and other offers or materials that we believe might be of interest to you until you unsubscribe or opt-out. 

Withdrawing Your Consent

If you later decide that you do not want to receive future Promotional Communications electronically, you may withdraw your consent. You can opt-out Promotional Communications at any time (i) by following the instructions described in this Policy; or (ii) following the unsubscribe instructions contained in each message; or (iii) changing the communication preferences in your account. In all cases you may email us at support@ratic.io. Your withdrawal of consent shall be effective within a reasonable time (and within 3 days at the latest) after we receive your withdrawal notice described above. 

Updating Your Information

If you have signed-up for an online account, you may access and update certain personal information that you provided to us by logging into your online account and using the features and functionalities available therein. Once logged in, you can view or update your name, telephone number, password, or email address. 

• European Union and UK Privacy Information 

Your Rights and Choices Under the UK & EU GDPR

Ratic undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.

You have the right under this Privacy Policy, and by law if you are within the UK or EU, to: 

• Right to Access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information’s source, purpose and period of processing, and the persons to whom the information is shared.
• Right to Rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
• Right to Erasure (“Right to be Forgotten”): In certain cases, you have the right to request from us the erasure of your Personal Data such as when you want to delete your account. For the avoidance of any doubt, we may not be able to grant this right to you in certain cases, due to our obligations to fulfill certain legal requirements.
• Right to Restriction of Processing: You have the right to request from us restriction of processing, for a certain period and/or for certain situations.
• Right to Data Portability: You have the right to transfer your information to a third party in a structured, commonly used, and machine-readable format, in circumstances where the information is processed with your consent or by automated means. You have the right to receive your Personal Data from us in a structured format and you have the right to (let) transmit such Personal Data to another controller.
• Right to Object: In certain cases, you have the right to object to the processing of your Personal Data, including with regards to profiling or direct marketing. 
• Right to be Not Subject to Automated Individual Decision-Making: You have the right to not be subject to a decision based solely on automated processing.
• Right to Filing Complaint: You have the right to lodge a complaint with the Irish Data Protection commissioner, the UK Information Commissioners Office, or other data protection supervisory authority applicable to you if you are unhappy with the way we are managing your personal data.
• Right to Compensation of Damages: In case we breach applicable legislation on the processing of your Personal Data, You have the right to claim damages from us for any damages such breach may cause to you.

Exercising of Your UK & EU GDPR Privacy Rights

You may exercise your rights of access, rectification, cancellation, and opposition by simply contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. If You are a resident of United Kingdom, You may complain to Information Commissioner’s Office (ICO) regarding your data protection rights. If you are a resident in the European Economic Area (EEA), please contact your local data protection authority in the EEA. 

• California Privacy Information

If you are a Consumer as defined in the California Consumer Privacy Act (CCPA) and as amended by the California Privacy Rights Act (CPRA) (collectively, “California Privacy Laws”), the following provisions apply to you.

Do Not Sell My Personal Information

“Sale” means renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration. We do not provide personal information about you to Third Parties in exchange for money. We do share personal information with Third Parties that we work with, including to help us market or advertise our products and Services to you and mostly with regard to your prior consent. When this information is in a format that directly identifies you by name, it is not shared with any Third Parties for Third-Party marketing or advertising purposes. You can find more detail about our practices in our Policy, set forth under “Interest-based Advertising” section. 

Even though we do not provide personal information to these Third Parties in exchange for money, the CCPA may characterize our providing the following categories of information we share with Third Parties that provide services to you or to us, such as personalizing your experience with us or helping us to market or advertise our products and Services to you, as “sales” of personal information; (i) Device and browsing information and other internet activity information; (ii) purchase or other commercial information; and (iii) identifiers (e.g., ad ID).

The Service Providers we partner with (for example, our advertising partners) may use technology on the Service that “sells” personal information as defined by the CCPA. If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA, you may do so by following the instructions below;

Mobile Devices and Tablets

Your mobile device and tablet may give you the ability to opt-out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:

• “Opt-out of Interest-Based Ads” or “Opt-out of Ads Personalization” on Android devices
• “Limit Ad Tracking” on iOS devices

You can also stop the collection of location information from your mobile device by changing the preferences on your mobile device.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Some internet browsers have enabled ‘Do Not Track’ (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you do not wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted.

We do not knowingly process personal information of California residents under the age of 18. If you have reason to believe that anyone under the age of 18 has provided us with any personal information, please contact us at support@ratic.io.

Be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Your Rights and Choices Under California Privacy Laws

Under this Privacy Policy, and by law if you are a resident of California, you have the following rights:

• Right to Notice: You must be properly notified which categories of Personal Data are being collected and the purposes for which the personal information is being used. In the 12 months prior to the last update of this Policy, 

• we have collected the categories of personal information through various sources as stated Section 6 “Personal Information Collected by Ratic”, 
• used that personal information for the purposes as stated Section 7 “How Ratic Uses Personal Information” and 
• shared that personal information with the potential recipients as stated Section 8 “How Ratic Shares Personal Information”.

• The Right to Access / The Right to Request: The CCPA permits you to request and obtain from Ratic information regarding the disclosure of your personal information that has been collected in the past 12 months by Ratic or its subsidiaries to a third-party for the third party’s direct marketing purposes. For more information about the potential recipients of your personal information please view Section 8 “How Ratic Shares Personal Information”.
• The Right to Say No to the Sale of Personal Data (Do not Sell, DNT): You have the right to ask Ratic not to sell your personal information to third parties. You can submit such a request by contacting through the channels, features, and functions, abilities provided on the SDK and this Policy.
• The Right to Know about Your Personal Data: You have the right to request and obtain from Ratic information regarding the disclosure of the following: (i) the categories of personas information collected, (ii) the sources from which the personal information was collected, (iii) the business or commercial purpose for collecting or selling the personas information, (iv) categories of third parties with whom Ratic shares personal information, and (v) the specific pieces of personal information we collected about you. For more information on information we collect, including the sources we receive information from, please review the “Personal Information Collected by Ratic”, “How Ratic Uses Personal Information”, “How Ratic Shares Personal Information”.
• The Right to Delete Personal Data: You also have the right to request the deletion of your personal information that have been collected in the past 12 months. You may request that we delete the personal information that we have collected directly from you and are maintaining. However, we may have a basis for the retention of your personal information under the CCPA. Our retention rights include (i) to complete transactions and services you have requested or that are reasonably anticipated; (ii) for security purposes; and (iii) for legitimate internal business purposes, including to maintain business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your personal information that we did not collect directly from you (e.g., through Game Studios). However, we may still reset your In-App Coin balance.
• The right not to be discriminated against: You have the right not to be discriminated against for exercising any of your rights as a Consumer, including the following:

• Denying providing products or Services to you
• Charging different prices or rates for products or Services, including the use of discounts or other benefits or imposing penalties
• Providing a different level or quality of products or Services to you
• Suggesting that you will receive a different price or rate for products or Services or a different level or quality of products or Services.

Exercising Your California Privacy Rights

In order to exercise any of your rights under the CCPA, as a California resident, you can contact us through channels, features, and functionalities (i.e., email address, tickets) provided on the SDK.

Once we receive your request, we will validate the information that you provide and send a message to the email address you provide in the request, asking you to verify that it is your email address. Please follow the instructions in that email to verify your email address. We will begin processing your request once the verification is completed.

Ratic will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Please note that if you do not include necessary information concerning you in your requests, we may ask you to verify your identity before responding to such requests.

• How Ratic Protects Your Personal Information

We are making reasonable efforts to provide you with an appropriate level of security at the risk associated with the processing of your personal information. We employ organizational, technical, and administrative measures designed to appropriately protect your personal information against unauthorized access, destruction, accidental loss, unauthorized alteration, or abuse. Your personal information may only be accessed by a limited number of personnel who need access to such information in order to perform their duties. Please be aware that no security measures are perfect or impenetrable. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If You have a reason to believe that your interaction with us is no longer secure (for example, if You think your account is compromised), please contact us immediately.

We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal information to you via email or conspicuous posting on our SDK in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system, and any other disclosures that may be required under applicable law. We also take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations. 

We encrypt data in transit and at rest, where appropriate, to ensure that your information is kept private. We undertake service provider security and privacy reviews to ensure that Service Providers follow our stringent requirements to safeguard your information, and we also enter into data protection agreements with our service providers. All payment information is fully encrypted and managed only by PCI certified organizations.

• Retention

Your personal information may be retained for as long as is reasonably necessary to perform the purposes listed under “How Ratic Use Personal Information” section. For example, if you register an account, we will store any personal information associated with your account for as long as you remain registered or we believe we may be in a position to provide Services to you. 

If you purchase a certain amount of In-app Coins, we will store any personal information associated with that purchase as long as required to fulfill the obligations arising from the process, process any claims, provide customer service and support an enhanced gaming experience, remember your preferences for future interactions, or be able to provide you with offers or Services as well as to be able to fulfill our legal obligations. 

We may retain personal information after we cease providing Services to you, even if you close your account, to the extent necessary to comply with our legal and regulatory obligations. We also retain personal information to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data due to our contractual commitments to our financial and business partners, and where data retention is mandated by the applicable laws. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

The servers and databases in which information may be stored may be located outside the country from which you accessed our Services and, in a country, where the data protection and other laws may differ from your country of residence. Your personal information may be disclosed in response to inquiries or requests from government authorities or to respond to judicial process in the countries in which we operate.

1. International Data Transfer

Your personal information will be processed by us in the European Economic Area (EEA). In specific, our servers are located in AWS in, Frankfurt, Germany.

Some of your personal data may be transferred, stored and/or processed outside of the EEA and UK as our Sub-processors sometimes operate from outside of these jurisdictions. In some cases, in particular when Ratic uses the Sub-processors who support Ratic in its business activities, the personal data may also be accessed or processed outside the EEA and UK. When personal information we collect is processed outside the EEA or UK we have obligations to ensure that personal information is only processed outside the EEA or UK where the European Commission has decided that the territory in question ensures an adequate level of protection (known as a ‘whitelisted’ territory) or, in the absence of a decision by the European Commission, there are appropriate safeguards in place to protect your personal data.

For example, if your personal data is accessed or processed from a territory outside the EEA which is not whitelisted, the appropriate safeguards may be provided by standard data protection clauses adopted by the European Commission (known as ‘standard contractual clauses).

We will only transfer your data outside of the UK and the EEA in compliance with data protection laws and provided appropriate or suitable safeguards are in place to protect your data, Standard Contractual Clauses. 

Personal information may be stored and processed in any country where we have operations or where we engage service providers. We may transfer personal information that we maintain about you to recipients in countries other than the country in which the personal information was originally collected, including to the United States. Those countries may have data protection rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your personal information remains protected to the standards described in this Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal information.

• Use by Minors

The Services are not directed to individuals under the age of eighteen (18), and they shall not provide personal information through the Services. If you have reason to believe that anyone under the age of 18 has provided us with any personal information, please contact us. 

1. Updates to this Policy and Notifications

We may change this Policy from time to time to in response to changing legal, technical, or business developments. Any changes are effective when we post the revised Policy on the SDK. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

• Links to Other Websites

The Services or our SDK may provide the ability to connect to other sites. These sites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website, or the privacy practices of the operator of the website.

As a safety measure, we recommend that you not share any personal information with these third parties unless you have checked their privacy policies and assured yourself of their privacy practices.

• Jurisdiction

Ratic focuses on multinational compliance regulations including but not limited to the United States federal and state data privacy laws, General Data Protection Regulation brought by the European Union (“GDPR”), United Kingdom General Data Protection Regulation (“UK GDPR”), California Privacy Laws, Turkish Personal Data Protection Law No: 6698 and other jurisdictions with data protection legislation to make sure privacy is a “go-to” rather than a thing to be worried. You have the right to request further information on our personal data processing activities based on your country’s laws. 

•   Contact Ratic

We welcome you to reach out if you have any questions or concerns regarding our privacy practices or to request a copy of this Policy in another format. Please feel free to contact us via support@ratic.io as it is provided to you on the Ratic SDK and under this Policy.