Last updated: February 14, 2025
We, Jpoko Games, address this Supplemental EEA+ Privacy Statement to individuals located in the European Economic Area (EEA), United Kingdom (UK) and Switzerland only (collectively, “EEA+”). This document supplements our Jpoko Games Privacy Policy and describes how we process your personal data when you use or interact with our website, online advertisements and mobile games (collectively, our “Services”). If there are any inconsistencies between the Jpoko Games Privacy Policy and this Supplemental EEA+ Privacy Statement, this Statement prevails.
If you are located in the EEA, the EU General Data Protection Regulation applies to our processing of your personal data, as well as local data protection laws, as the case may be. If you are located in the UK, the UK General Data Protection Regulation applies to our processing of your personal data. References to the "GDPR" are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the Swiss Federal Data Protection Act (the "FDPA") applies to our processing of your personal data, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
1. Who is the data controller?
The data controller is:
Jpoko Games
2. How can you contact our data protection officer?
You may contact our Data Protection Officer at privacy@jpoko.com.
3. What types of personal data do we collect and how do we collect it?
Please see Section 2 of the Jpoko Games Privacy Policy. We also use cookies on our website and games as described in our Cookie Policy.
4. For what purposes do we process personal data? What lawful bases of processing do we rely on?
The table further below outlines the purposes for which we process personal data and the lawful bases of processing that correspond with each processing purpose. The lawful bases of processing include the following:
The processing is necessary for us to perform a contract with you or take steps at your request prior to entering into a contract per Article 6(1)(b) GDPR ("Contract Performance Legal Basis");
The processing is necessary for us to comply with an applicable legal obligation per Article 6(1)(c) GDPR ("Legal Obligations Legal Basis");
The processing is necessary for us to realize a legitimate interest based on an assessment of that interest and your privacy and other fundamental interests per Article 6(1)(f) GDPR ("Legitimate Interest Legal Basis"); more information on the balancing test is available upon request; or
The processing is performed according to your consent per Article 6(1)(a) GDPR ("Consent Legal Basis"). In these cases, you can withdraw your consent at any time with future effect by using the consent settings on our website or mobile games, or by emailing us at privacy@jpoko.com with a description of what data processing activities of ours you would like to withdraw your consent from.
5. What legitimate interests are pursued where the processing is based on the Legitimate Interest Legal Basis?
Please see the table further above.
6. What categories of recipients receive personal data from us?
We may disclose personal data to the following types of third parties and in the below-mentioned circumstances.
Other Users in Your Online Community: If you participate in any of our online communities or send a virtual gift of virtual items to other users on our Services, we may disclose your public profile information to other online community members, including your screen name, profile picture or avatar, your in-game level, your in-game scores and achievements, the gifted items, and any other information you choose to provide or make public.
Contests, Sweepstakes, and Survey Providers: We may disclose personal data to third parties who assist us in delivering our contests, sweepstakes, or survey offerings and processing the responses.
Service Providers. We may disclose your personal data to our service providers. The types of service providers (data processors) to whom we entrust personal data include companies that (i) provide us with IT and related services; (ii) assist us with customer service activities; (iii) provide analytics and search engine services that assist us in the improvement and optimization of our Services; and (iv) provide any supporting activities in connection with our Services. We have executed appropriate contracts with the service providers that prohibit them from using or sharing personal data except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
Disclosures to Protect Our Rights, Your Rights or the Rights of Others (e.g., as Required by Law and Similar Disclosures): We may access, preserve, and disclose your personal data to third parties, such as legal advisors and law enforcement authorities, if we believe doing so is required or appropriate: (i) to comply with law enforcement or national security requests and legal processes, such as a court order or subpoena; (ii) to respond to your requests; (iii) to protect your, our or others' rights, property or safety; (iv) to enforce our policies or contracts; (v) to collect amounts owed to us; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; (vii) in connection with the establishment, exercise, or defense of legal claims; or (viii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
Ad Networks and Advertising Partners: We work with the third-party ad networks and advertising technology providers listed here (“Adtech Providers”) to deliver advertising and personalized content on websites and services that we do not operate, and across other devices. If you provide your consent, these parties may collect information directly from you for these purposes, as described in our Cookie Policy.
With Your Consent: We may disclose personal data about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual's consent or direction, we may post their testimonial on our websites or other Services.
Sale of Assets and Change of Control: We may disclose personal data to potential acquirers of our business assets and their representatives for the purposes of evaluating and entering into Business Transactions.
7. Where is your personal data processed and on what basis do we transfer personal data across borders?
We may disclose personal data to our processors and AdTech Providers in locations including but not limited to the United States, Israel, the European Union and the United Kingdom. We take measures to ensure that our processors and AdTech Providers in the United States provide an adequate level of data protection by entering into appropriate data transfer agreements based on Standard Contractual Clauses and performing data transfer arrangements as appropriate. Data transfer agreements are accessible upon request by contacting us at the details shown further above. The UK Government recognizes the EEA as providing an adequate level of protection for personal data, and the EU Commission recognizes the UK GDPR as providing an adequate level of protection for personal data. The UK Government and EU Commission recognize Israel as providing an adequate level of protection for personal data.
8. How long do we process personal data?
We retain your personal data only as necessary for the purposes for which the personal data is processed or for legal requirements. The length of time for which we retain personal data depends on the purposes for which we collect and use it and how long we need to retain it to comply with applicable laws (including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements), to establish, exercise or defend our legal rights, or to make the data available to judges and courts or the competent public authorities. Once the personal data is no longer necessary for the purposes for which we collected it, we will delete it.
9. What data protection rights do you have?
In the EEA, Switzerland and the UK you have the following rights, subject to the conditions under the GDPR and/or local data protection law:
To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of our personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
To obtain from us the rectification of inaccurate personal data concerning you.
To ask us to erase your personal data to the extent it is not required for legally required purposes.
To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
To withdraw your consent at any time. This will not affect the lawfulness of our use of your personal data before your withdrawal.
To lodge a complaint with a supervisory authority (only for EEA and UK).
In some jurisdictions such as France and Portugal, you also have the right to provide us with guidelines as to the processing of your personal data after your death.
You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
EEA: https://edpb.europa.eu/about-edpb/about-edpb/members_en
United Kingdom: https://ico.org.uk/global/contact-us/
Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
To submit a request to exercise your privacy rights, you can contact us by any method described in the Contact Us section below. In your request, please describe what rights you are exercising and how you would like us to assist. We may need to request specific information from you to help us verify your identity and that you have the right to request what you are requesting. These are security measures to ensure that we do not disclose personal data to any person who has no right to receive it, or otherwise process the data in unauthorized ways. We may also contact you to ask for further information about your request to clarify the scope of your request and speed up our response. We will respond to requests to exercise privacy rights according to applicable laws.
10. Are you required to provide us with your personal data?
You are not legally required to provide personal data to us but we cannot provide our Services without receiving some personal data from you.
11. How can you contact us?
If you have any questions about our privacy practices, personal data processing activities, or would like to exercise your rights under privacy laws, you may contact our Data Protection Officer at privacy@jpoko.com.
12. Will we change this Supplemental EEA+ Privacy Statement?
From time to time, we may revise this Supplemental EEA+ Privacy Statement. When we do so, the changes will be posted and the revised document will be available online and the “last updated” date above revised.