Privacy & Cookie Policy

Effective Date: January 22, 2025

FROSTZONE ENTERTAINMENT AS

1. PRIVACY POLICY AND NOTICE AT COLLECTION

Frostzone Entertainment AS, a Norwegian private limited company (“Frostzone”, “Frostzone Entertainment”, the “Company”, “we”, “us” and their derivatives) makes this Privacy Policy and Notice at Collection (this “Policy”) available to users of our websites (collectively, the “Websites”), our games, software, or other products or services we may provide (collectively, the “Services”).

2. Changes to this Policy

We reserve the right to change this Policy from time to time consistent with applicable law. We also reserve the right to make minor changes to this Policy in our sole discretion (e.g, typos or re-wording, etc). We will notify you of any change by revising the date at the top of this Policy. For major changes, we will do our best to provide you with additional notice such as in-game notice, banner on the Websites, or email notification. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

3. What does this Policy cover?

This Policy sets forth how we collect, use, protect, store, disclose, and otherwise process your Personal Data (defined below). This Policy does NOT apply to information you provide to any third party or is collected by any third party.

This Privacy Policy forms a part of and should be read in conjunction with our Terms of Use for our services and any end user licence agreements for our services.

By using the Services, you are confirming that you understand English well enough to understand this Policy. Should you have questions about this Policy, please contact us by emailing us at contact@frostzone.net, so we can clarify and address your questions.

4. How do we process Children’s Personal Data?

A “Child” is a person under the age needed to consent to the processing of Personal Data in their country of residence (for example, 13 years old in the United States and between 13 and 16 years old in the European Union).

We do not knowingly collect Personal Data from a Child. If you are a Child, do not submit any Personal Data to us. If we discover that a child has provided us with Personal Data, we will immediately delete it. If you become aware that a Child has provided us with Personal Data, please contact us at contact@frostzone.net so we may delete that Personal Data.

5. Information we may collect about you

We may collect different types of information from you depending on how you use the Services, including Personal Data. “Personal Data” means information that relates to an identified or identifiable natural person.

We do not knowingly or intentionally process any sensitive Personal Data.

We may also collect information that does not generally identify you but may become associated with your profile. We may use information that does not identify you for any permissible business or operational purpose under applicable law.

Games or other services

When you play our Games, or use our services, we may process your:

• Username (or gamertag);

• Mobile device’s unique device ID;

• Console’s unique device ID;

• Platform player ID, as may be allocated to you by third party platforms such as PlayStation, Steam or Xbox;

• Third party platform profile display names;

• User preferences, including your language and country;

• Core milestones related to your gameplay, such as your overall progression to a particular level or stage, or the completion of certain activities during your gameplay (for example, completing a tutorial or passing a level);

• Steam ID for Valve players (but we do not store it);

• Debug logs, which are records of technical information relating to software operation and errors that may have occurred during that operation; and

• Internet or other similar gameplay network activity.

Websites

If you browse the Websites, we may process your:

• Internet Protocol address; and

• Interactions with the Websites, including the number of page visits, duration, and type of browser.

Correspondence

We may ask you for, or you may submit, certain information to us whenever you contact us for support or other concerns.

This may include:

• Your name;

• Your email;

• Location data specifying the city in which you are located;

• The type of device you’re using to play a Game;

• Your platform player ID, as may be allocated to you by third party platforms such as PlayStation or Steam; and

• Debug logs, which are records of technical information relating to software operation and errors that may have occurred during that operation.

Information collected for the purposes of providing analytics (“Analytics”)

We may collect technical information about your use of the Services through the use of tracking technologies and analytics.

Personal data we may collect includes the following:

• how many times you visit the Website;

• which pages you go to;

• traffic data;

• your IP and MAC address;

• your internet service provider;

• your Device ID;

• your Console ID;

• your user ID (which is generated by us and allocated to you when you first play our Games);

• your device operating system & version;

• your device make and model;

• game play attempts, progression and results;

• session game time start, end and duration;

• the country of your device; and

• identification of crashes and defects.

Our third party analytics providers for our services include Google Analytics, Unity, Squarespace, as well as data provided by third party platforms such as PlayStation and Steam.

Google, Unity, Squarespace and Steam may collect analytics data on our behalf and in accordance with our instructions, and their applicable privacy notice. If you would like to find out more about the way these third parties collect and process this information this is likely to be set out in their privacy policies and/or terms and conditions.

We may also obtain data in respect of software crashes. This includes technical information about your device, the software and applications running on your device and your user ID.

6. Cookies

We may collect your Personal Data automatically through “cookies” and “web beacons” as you use the Services. Cookies are small files placed on the hard drive of your computer through your web browser that enable us to recognize your browser and capture and remember certain information. Web beacons (also referred to as “clear gifs”, “pixel tags”, and “single-pixel gifs”) are small electronic files that enable us, for example, to count users who have visited our pages and for other related website statistics.

Cookies, web beacons, and other automatic data collection technologies on the Services may come from third parties such as Google Analytics, Unity or Squarespace. You can set your browser to refuse all or some browser cookies. You can also choose to accept all or refuse some of the cookies on our websites. Please note that, if you disable or refuse cookies or other automatic data collection technologies such as web beacons, some aspects of the Services may be inaccessible or not function properly.

Our Websites should display a notice alerting you to our use of cookies and requesting your acceptance. If you accept, you will be accepting our use of cookies or similar technologies for the purposes described in this privacy policy.

7. Third Parties

We may receive your Personal Information from or through third parties that help us provide or facilitate your access to the Services, including those listed below.

• Digital content stores and game platforms such as those operated by Valve Corp. and Microsoft Corp. Examples below.

  • If you play the Game using Steam, we may receive your Steam ID (but we do not store it).

  • If you play the Game using a mobile application, we may receive your phone model and certain gameplay information from Microsoft.

We abide by this Policy when we use Personal Data provided to us by third parties. However, we may not control the Personal Data that third parties collect or how they use that Personal Data. You should review the third parties’ privacy policies for more information about how they collect, use, and share the Personal Data they obtain and use—for example:

• Google LLC;

• Microsoft Corp.;

• Apple Inc.;

• Unity Software Inc.;

• Squarespace, Inc.;

• itch corp.;

• Valve Corp.; and

• Sony Interactive Entertainment LLC.

8. Why we collect information about you

We may collect your Personal Data for the below purposes.

• To provide or improve the Services: We may use your Personal Data to process your requests to access the Services and certain of their features and to generally present and improve the Services.

• To administer the Services: We may use your Personal Data for any lawful business or operational purpose in connection with administering the Services. For example, if you reach out to us, we may use your Personal Data to respond to you or to troubleshoot a problem you reported having with the Services.

• To market the Services: We may use your Personal Data to market the Services to you. For example, with your prior consent, we may send you news and updates about our products and the Services via email.

• In furtherance of legal and safety objectives: We may access, use, and share with others your Personal Data for purposes of safety and other matters in the public interest. We may also provide access to your Personal Data to cooperate with official investigations or legal proceedings (e.g., in response to subpoenas, search warrants, court orders, or other legal processes). We may also provide access to your Personal Data to protect our rights and property and those of our agents, users, and others, including to enforce our agreements, policies, and our Terms of Use.

• In connection with a sale or other transfer of our business: In the event all or some of our assets are sold, assigned, or transferred to or acquired by another company due to a sale, merger, divestiture, restructuring, reorganization, dissolution, financing, bankruptcy, or otherwise, your Personal Data may be among the transferred assets.

• As we may describe to you when collecting your Personal Data: There may be other situations when we collect your Personal Data and simultaneously describe the purpose for that collection.

Lawful Basis

We only collect, use, or store your Personal Data for a lawful basis such as:

• you voluntarily provide it to us with your specific, informed, and unambiguous consent (for example, when you sign up for our newsletter);

• it is necessary to provide you with a Service that you have requested;

• we have a legitimate business interest that is not outweighed by your privacy rights (for example, to respond to your inquiries); or

• it is necessary to protect your vital interests or the vital interests of others (for example, where necessary to protect the safety of one of our users or someone else).

9. In what situations do we disclose your Personal Data?

We may disclose your Personal Data to a third party, such as a service provider or contractor for a business or operational purpose, or with your consent. When we disclose Personal Data for a business or operational purpose, we enter into a contract with the service provider or contractor that describes the purpose and requires the service provider or contractor to both keep that Personal Data confidential and not use it for any purpose except performing the contract.

We may also disclose your Personal Data:

• to our subsidiaries and affiliates;

• to our lawyers, consultants, accountants, business advisors, and similar third parties who owe us duties of confidentiality;

• to a buyer or other successor in the event of a sale, merger, divestiture, restructuring, reorganization, dissolution, or other transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data retained by us pertaining to the users of the Services is among the assets transferred;

• to comply with any court order, law, or legal process, such as responding to a government or regulatory request;

• to enforce any contract we may have in effect with you;

• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our users, or others; and

• if you have consented to such a disclosure.

We do not sell, rent, or share your Personal Data for cross contextual behavioral or targeted advertising, automated decision-making, or profiling purposes.

10. How is my Personal Data protected?

Our Retention, Purpose Limitation, and Security Policies

We protect your Personal Data through a combination of collection, security, and retention policies.

• Limited retention: We retain each category of Personal Data only for as long as necessary to fulfill the purposes for which the Personal Data was provided to us or, if longer, to comply with any legal obligations, to resolve disputes, and to enforce contracts. For example, we may retain Personal Data collected about you to prevent repeated violations or suspected violations of our Terms of Use if your profile has been banned or your access to the Services has been disabled for any reason. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, subject to the foregoing considerations, it is our policy to delete your Personal Data if we stop operating our Game or the feature through which the Personal Data was acquired.

• Purpose limitation: We will use your Personal Data only for the Services you choose to access and for the purposes notified to you, unless we otherwise obtain your consent. We limit the collection of Personal Data to what is adequate, relevant, and reasonably necessary for those purposes.

• Security measures: We use reasonable security measures to ensure a level of security appropriate to the volume and nature of Personal Data processed and risk involved, considering the size, scope, and type of our business, and have implemented contractual, technical, administrative, and physical security measures designed to protect your Personal Data from unauthorized access, disclosure, use, and modification. For example, we use a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted. Such information is only accessible by those authorized with special access rights to such systems and that are required to keep the information confidential, subject to any additional requirements imposed by our contract with them and applicable law. As part of our privacy compliance processes, we review these security procedures on an ongoing basis to consider new technology and methods as necessary. However, please understand that our implementation of security measures as described in this Policy does not guarantee the security of your Personal Data. In the event of a security breach, we will notify the proper regulatory authorities and any affected users of the breach within 72 hours after we become aware of the breach to the extent required by applicable law.

Your Practices and Activities

Your practices and activities are likewise very important for the protection of your Personal Data. You should take certain steps to help protect your Personal Data, such as being mindful of what you share publicly on the Services, including the below.

• Do not use your real name when selecting a username.

• Do not post your real name or anything private about yourself or anyone else in public-facing areas of the Services.

• Do not pick a password that is easy to guess, and do not share your password.

Please remember that we have no control over what other users do with the content of your communications and no responsibility or obligation regarding other users.

11. How do we treat Personal Data transferred to Norway?

Place of Business

We may store or process your Personal Data outside of the country where we collect the information or the country in which you reside. Our primary place of business is in Norway. You should understand that we may transfer some or all of your Personal Data to Norway to carry out certain operational and processing needs as described in this Policy.

Transfer Mechanisms

When transferring Personal Data out of foreign countries, we implement technical, organizational, and physical safeguards to protect your Personal Data. We use European Commission approved standard contractual clauses and implement related measures where required by applicable law.

12. What rights do you have to your Personal Data?

Right to Access, Correct, Delete, or Restrict Processing

Subject to any limitations and exceptions under applicable law, you have the right to request access to your Personal Data and exercise the below rights.

• You have the right to correct or update certain types of Personal Data. In many cases, you can review or update your profile information by accessing your profile online.

• You have the right to request deletion of your Personal Data. If you choose to have your Personal Data removed from the Services, we will carry out your request within 30 days of verification, subject to extension, and we will only retain minimal Personal Data to document your request and the actions we took to carry out your request.

• You have the right to restrict certain processing of your Personal Data and the right to object to some types of processing of your Personal Data.

• You have the right to withdraw your consent at any time.

• You have the right to lodge a complaint regarding our collection, storage, or processing of your Personal Data with a data protection supervisory authority in the country where you live or work.

We will comply with your requests in accordance with, and subject to, applicable law. For example, we are not required to delete your Personal Data if we have an overriding legitimate ground for retaining that information, such as to prevent fraud. Please note that we are legally prohibited from carrying out requested actions in some instances, including (1) when we are unable to confirm your identity or (2) where doing so would adversely affect the rights or freedoms of others. Further, we are not required to carry out a requested action in some instances, including where the request is considered excessive.

We are Here to Help

Please email us at contact@frostzone.net with the subject line “Privacy Request”, if you would like to exercise any of the rights described above or if you have questions regarding your rights.

13. International data transfers

It is possible that your personal information may be transferred outside of the EEA by third parties. We recommend that you refer to the privacy policies and/or terms and conditions of these third parties if you are concerned about your data being transferred outside the EEA.

Our websites and their servers are hosted by Squarespace.

Contact information

If you have questions, you may email us at contact@frostzone.net.

If you are a law enforcement agency, please email us with your request for Personal Data with the subject line “Law Enforcement Request.”