Hard Rock Gaming Privacy Policy:
Your privacy Rights
Social and Mobile Gaming
Who We Are
HRD Games, LLC, a Delaware limited liability company, its service providers, and its affiliates (collectively referred to in this Policy as “HRG”, “we”, “us”, “our” and other similar pronouns) know that your privacy is important to you. This Privacy Policy (“Policy”) explains the types of information we collect through Hard Rock or affiliated company branded free-to-play games, any related websites and social media platforms (each, a “Site”), as well as the Hard Rock or affiliated company branded free-to-play mobile applications (each, an “App”), referred to collectively in this Policy as the “Service(s)”).
Our Age Policy
Our Services aren’t directed at children under 13 years old. If you believe we have any personal information of a person under 13 years old let us know by using the details in the Contact Us section below.
The Personal Information We Collect
“Personal Information” is any information that can be used to identify you as an individual. We collect Personal Information in different ways including:
You providing it to us (“User-Provided Information”)
Your use of our Services (“Service Use Information”)
From publicly available sources such as the internet and social media platforms.
sales, identifying the Personal Information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
We need some of your Personal Information to make our Services work, and we need some to comply with laws and regulations. You’re not legally required to provide all information described in this policy, but if you choose not to provide it we may not be able to provide you with some or all of our Services. Examples of information that affects our ability to provide Services are payment card information and geographic location.
User-Provided Information includes:
Biographical information (e.g. your name, age, date of birth, gender, demographics)
Contact information (e.g. email, telephone numbers, postal address)
Financial information (e.g. payment information)
Account Information (e.g. activity, communications through our system, transaction history)
Personal Interests (e.g. hobbies, browsing history, favorite games)
Device Information (e.g. geographical location)
We also collect information we need to meet our legal and regulatory requirements.
Service Use Information
Service Use Information includes:
Connection Information (e.g. IP address, your domain name, your internet provider, referral link)
Device Information (e.g. Device ID, telephone number, browser, operating system, system settings, mobile network, mobile apps installed or running on the device, the geographic location of your device, Personal Information associated with files on the device)
Interaction Information (e.g. content you use and how long you use it, ads you see and which you click on, downloads, search terms you use on our Services or any referral website, the website you go to after you leave our Services)
One of the reasons we process Service Use Information is to measure how engaging our Services are, to show you things we think will interest you, and also to protect you by detecting and preventing fraud. We mainly collect this information in two ways:
Cookies
Cookies are small files stored on your device when you use our Services. These files help us to recognize you as the same person or device that used our Services in the past so that we can identify you and link your Personal Information together correctly. One of the great things about Cookies is that we can use them to make your experience better, for example by remembering your preferences and username so you can log in easily and stay logged in as you use different Services.
You can set your browser to notify you when our Services place a cookie, so you can decide if you want to accept it or not. If you choose not to accept cookies it can prevent parts, or all, of our Services from working.
Web Beacons
Web beacons (also known as pixel tags, clear gifs and single-pixel gifs) are tiny images on our Services and in our emails to help us understand if our products, services, offers, and content are interesting and effective. Web beacons are used for a lot of things, for example:
Telling us if you’ve visited our site or opened an email we sent to you
Telling us how many people have visited our website, or looked at particular content
Letting us know of some technical problems with our Services that might be affecting your enjoyment
Analytics
Service Use Information helps us to understand how our Services are used, how well they are performing, and how we can improve them. Analytics is very complicated and we use other companies to help us with it, one of the companies we use is Google Analytics. Our use of Google Analytics meets all legal requirements including asking for your explicit consent when needed.
Do-Not-Track Disclosures
Our Services don’t recognize Do-Not-Track requests from web browsers and we don’t ask our third parties to do so.
Social Media
One of the ways we communicate to you is with social media and some of those sites are run by other companies like Facebook, Instagram, Twitter, TikTok and Snapchat. We are not responsible for how those companies process your personal information, they have their own privacy policies and we encourage you to read them.
Some of our Services allow you to share Personal Information with us that you’ve already given to a third-party social media site. For example, you can use your Facebook or Google account to create an account and log-in to some of our Services. We also have a feature where you can share and/or publicly post content from our Services to third-party social media sites.
We encourage you to read the third-party’s privacy policy before using these features.
Refer a Friend
In some locations we have a way for you to recommend us to your friends. If you use these tools we’ll ask you for some contact information of the other person, for example their name and email address, and we’ll manage that information as we describe in this Policy.
How We Use Your Personal Information
We use the Personal Information we collect from and about you for the purposes below. We may also process your Personal Information for other reasons, but if that happens, we’ll inform you and ask for any required consent.
If you choose not to provide your Personal Information to us it may mean that we are unable to provide you with our products and services.
What we do: Create and manage your account and profile so you can use our products and services. Process any payments that you make.
Our legal basis: Necessary for the performance of a contract
What we do: Providing you with access to play our products and services, both directly and through our affiliations with other providers
Our legal basis: Necessary for the performance of a contract
What we do: Analyse and profile your information to understand what you like, enjoy, and respond to
Our legitimate interest to understand our customers and have good products
What we do: Decide if you might enjoy any of our offers, products, or services and let you know about them
Our legal basis: Our legitimate interests to let you know about other products you might enjoy. You can update your marketing preferences and opt-out at any time. It is not necessary to make a purchase before you may receive these messages.
What we do: Assess how effective our marketing is
Our legal basis: Our legitimate interests to have effective marketing
What we do: Provide product features such as leaderboards and competitions
Our legal basis: Our legitimate interests to have an engaging product, and your consent wherever needed
What we do: Ensure that we meet all legal, regulatory, and contractual obligations
Our legal basis: We’re legally obliged to do this
What we do: Provide customer support and handle complaints for our website or mobile application
Our legal basis: Our legitimate interest to provide a fun, efficient, and functional service
What we do: Record and listen to telephone calls to and from our Customer Services department
Our legal basis: Our legitimate interest to train staff, ensure quality, and investigate issues
What we do: Send service messages to you like changes to our Services, Terms, or this privacy notice
Our legal basis: Necessary for the performance of a contract and legally required
What we do: Provide you with a personalised use of our Services
Our legal basis: Our legitimate interests to give each customer a quality tailored experience
What we do: Test, maintain, improve, and update existing products and services. Develop and test new products and services
Our legal basis: Our legitimate interests in developing and improving our products and services
What we do: Monitor and maintain the security and functionality of our technical systems
Our legal basis: Our legitimate interests to protect our systems, and your Personal Information
What we do: Detect and prevent crime
Our legal basis: Necessary to comply with a legal obligation, also in our legitimate interests to protect customers and ourselves
from the impacts of crime
What we do: Detect and prevent improper use
Our legal basis: Our legitimate interests to ensure quality of service and provide an enjoyable experience for all players
What we do: Collecting and analysing data collected by ‘cookies’ and similar technology.
Our legal basis: Some cookies are strictly required for our products and services, others we collect on use based on your consent. You can control your cookie options through the account or application settings
What we do: If you download our mobile application you will be provided the option to receive notifications and ‘push messages’
Our legal basis: Your consent. You can change your preferences at any time on your device
What we do: Confirm your physical location
Our legal basis: Our legitimate interests to comply with local laws, and the spirit of those laws, prohibiting certain types of activity or application. For some processing we match Personal Information collected from different places and different times. The information we match includes User Provided Information, Service Use Information, and information from other sources (e.g. data aggregators, sales lead generators, social media, and publicly available information). Where appropriate we use non-personally identifiable information like statistics to ensure we don’t process your Personal Information when we don’t need to.
Who We Share Your Personal Information With
We share your Personal Information with others for a range of reasons. Some of the sharing you’ll expect, like sharing content you post in public areas of our Services with other users, but we wanted to let you know about other types of organisations we share your personal information with:
our corporate parents, and within the Hard Rock group
service providers
identity verification agencies
payment management or debt collection companies
affiliates and partners
marketing and market access partners
co-sponsor(s) of events or sweepstakes
governmental agencies, regulatory authority, and licensing bodies
law enforcement agencies
fraud prevention agencies
sports governing bodies
organizations that introduce you to us
Third parties involved in a business transfer, sale, change, or dissolution
third parties you permit us to share your data with
We also share non-personally identifiable Service Use Information (e.g. statistics or summaries) in a form that does not include your name or contact information.
Third Party Ad Servers and Networks
We use third party companies to serve ads when you visit our Services. These companies use cookies, web beacons, and other tracking technologies to show you relevant ads. For information about third party advertisers and how to stop them using your information visit Aboutads.info at www.aboutads.info/choices/ or Your Online Choices at www.youronlinechoices.eu.
Your Rights
The rights you have over your personal information and personal data can depend on where you are. We’ve provided some details below, for more information or to use any of your rights please reach out to us using the details in the Contact Us section.
United States: California
You have the following rights under the California Consumer Privacy Act (CCPA). For more information on your CCPA rights visit https://www.hardrockgames.com/privacy-policy/ccpa/
- Know the categories of Personal Information collected, disclosed or sold
- Access to your Personal Data that we hold or process
- Erasure, or deletion, of your Personal Information
- Rectification or completion of inaccurate or incomplete data
- Opt-Out and Opt-In Rights over the sale or sharing of your Personal Information
- No retaliation or discrimination following Opt Out or exercise of rights
You can also opt-out of us sharing your information with third parties for their direct marketing purposes (California’s “Shine the Light” law). To find out more about how to opt-out see the “Keeping You Up To Date” section.
United States: Virginia
- Residents of the Commonwealth of Virginia have the following rights under the Virginia Consumer Data Protection Act (VCDPA).
- Confirm whether we are processing your Personal Information
- Know the categories of Personal Information collected, disclosed or sold
- Access to your Personal Data that we hold or process
- Erasure, or deletion, of your Personal Information
- Rectification or completion of inaccurate or incomplete data
- Opt-Out and Opt-In Rights over the sale or sharing of your Personal Information
- Opt-Out and Opt-In Rights over the use of your Personal Information for targeted advertising or profiling
- No retaliation or discrimination following Opt Out or exercise of rights
Canada
You have the right to be informed about information sharing with third parties who engage in direct marketing activities, and to opt-out of that sharing. To find out more about how to opt-out see the “Keeping You Up To Date” section in this Policy.
European Union (EU) and United Kingdom (UK)
- Withdraw your consent
- Lodge a complaint with any relevant Data Protection Authority and UK Information Commissioner’s Office (ICO)
- Confirm whether or not we are processing your Personal Information
- Access to your Personal Data that we hold or process
- Correction of any inaccurate or out of date Personal Data
- Erasure, or deletion, of your Personal Information
- Restrict our processing of your Personal Data in certain circumstances
- Portability of your Personal Data, including providing it to a third party
- Object to any processing we carry out in our legitimate interests
- Challenge any significant decision made entirely by automated processing
- We do not make any legal, or similarly significant, decisions about you with entirely automated decision making.
Brazil
- Confirm if we are processing your Personal Information
- Access to your Personal Data that we hold or process
- Anonymize, block, or delete unnecessary, excessive, or unlawfully processed information
- Portability of your Personal Data, including providing it to a third party
- Delete personal data previously processed based on your consent
- Be informed about any personal data sharing
- Be informed about the possibility to refuse consent and any consequences of that
- Withdraw consent
Exercising Your Personal Information Rights
To exercise any of your personal information rights please submit a verifiable consumer request to us by using [email protected].
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information.
The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include:
Name
Account Information
Mailing Address
Email Address
Telephone Number
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password-protected account (if applicable) sufficiently verified when the request relates to Personal Information associated with that specific account.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Appealing Our Decision Regarding Your Personal Information Rights
Residents of the Commonwealth of Virgina have a right to appeal any decision we make regarding provision of their personal information rights.
To exercise this appeal please email [email protected] within a reasonable period of time following your receipt of Our decision to decline your request. You must include any internal reference you have been provided with relating to your request and/or our decision to decline, along with the reasons for your appeal.
Please note, this is an appeals process and emails shall not receive any response if the standard process has not been used first, or the required information is not included.
Data Deletion Requests
How to Delete Your Account and Data
If you wish to delete your account and associated data, you can do so easily through the app settings. Please follow these general steps:
- Open the app and navigate to the settings menu.
- Look for the “Delete Account” option. This option may be found directly within the settings menu or under the “Account” section within the settings.
- Follow the prompts to confirm the deletion of your account.
Additionally, users can request to delete their accounts and associated data by contacting our support team via the in-game support chat or by emailing us at [email protected]. Our support team will guide you through the process and ensure your data is deleted as requested.
Once you confirm the deletion, we will permanently remove your account and any associated personal data from our systems in a manner that complies with relevant laws and the requirements of any platform on which we operate. Please note that this action is irreversible. All deletion requests will be processed within 30 days.
Keeping You Up to Date
When you download our app or use any of our Services we believe you’ve shown a real interest in our products. Thank you. We don’t want you to miss out on any other products, promotions, and services we think you’d enjoy, so we’ll send you information about them too.
If you’d rather not receive this information it’s as easy as changing your account preferences, or contacting us using the details in the Contact Us section. You can also opt-out of future promotional emails by clicking the opt-out link in an email you’ve received. It may take us a few days to fully opt you out, and while we do that you might still receive some messages.
If you’d like us to stop sharing your personal information with third parties for their advertising and other purposes just let us know through the details in the Contact Us section below. To opt-out with third parties who already have your information please contact them directly.
If choose not to receive marketing we will still contact you with information about your account, balance, etc.
Security
HRG, our partners, and our affiliates all take reasonable physical, technical and process steps to protect your personal information. However, we can never promise that your personal information will be absolutely safe.
If we need to let you know about a security incident we normally use email so we can let you know quickly. If you’d prefer us to use the U.S. Postal Service rather than an email just let us know using the details in the Contact Us section below. You can also ask us to send you a free copy of any email alert we’ve sent to you.
How Long We Keep Your Personal Information
We keep your personal information for as long as it takes to achieve the purposes explained in this policy and to follow laws and regulations like accounting, insurance, and regulatory reporting. How long we keep any piece of information is different because of the different laws and processing purposes. For more information reach out to us using the details in the Contact Us section below.
“Linked-To” Web Sites
Our Services contain links, banners, widgets or advertisements that lead to other websites that we do not own or control. We’re not responsible for these other Web sites, each of them will have their own privacy policy and we encourage you to read them. HRG are not responsible for how these other companies process your Personal Information.
International Privacy Practices
When you use our Services you’re connected to a system in the US and all processing is taking place in the US. This is the only way to use our Services, if you don’t want your personal information to be processed in the US do not use our Services.
We believe our Services protect your personal information to the level your country needs, and we do this by:
- Using Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) which are approved by your Data Protection regulator
- For the EU these are available on the European Commission’s website: https://ec.europa.eu
- The UK IDTA is available on the Information Commissioner’s website: https://ico.org.uk
- Processing no more information than we need, and for no longer than we need to
- Doing regular risk assessments, and
- Adding any extra protection we think we need because of those assessments
Some country regulators are concerned that in the US our law enforcement can access your personal data in a way that reduces your protection and data rights. To make sure we are protecting your information we did a detailed risk assessment for that. We found no reason to believe US law enforcement has ever used these powers in our entire industry, and we have no reason to believe they will do so in future.
EU-U.S. DATA PRIVACY FRAMEWORK (DPF) AND THE UK EXTENSION OF THE EU-US DPF COMPLIANCE
HRG participates in and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension of the EU-US DPF as approved by the European Commission in its adequacy decision issued on July 10, 2023.
We comply with the EU-U.S. Data Privacy Framework and the UK Extension of the EU-US DPF Principles, that were developed by the U.S. Department of Commerce in consultation with the European Commission in order to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the EU while ensuring that EU data subjects and the UK data subjects continue to benefit from effective safeguards and protection as required by European legislation with respect to the processing of their personal data when they have been transferred to non-EU countries.
To learn more about the EU-U.S DPF and the UK Extension of the EU-US DPF and view our certification, please visit the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/participant-search
If there is any conflict between the policies in this privacy policy and the EU-U.S. DPF and the UK Extension of the EU-US DPF Principles, the EU-U.S DPF and the UK Extension of the EU-US DPF Principles shall govern.
We commit to cooperate with the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and comply with the advice given by such authorities with regard to human resources. The Federal Trade Commission has jurisdiction over Hard Rock’s compliance with the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF.
If Hard Rock transfers your Personal Information to a third party, we will ensure the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy, to apply the same level of protection to that data as the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF Principles, and notify us if it makes a determination that it can no longer meet this obligation. Upon notice, Hard Rock will take reasonable and appropriate steps to stop and remediate unauthorized processing. In cases of onward transfer to third parties of Personal Information received pursuant to the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF, Hard Rock is potentially liable.
When other dispute resolution avenues are exhausted, you may invoke the binding arbitration. We have provided a private sector independent recourse mechanism (located in the United States) to investigate and expeditiously resolve individual complaints and disputes. This dispute mechanism will cover all Personal Information except for human resource data. For more information, visit the website for ICDR®/AAA®EU-U.S. DPF and the UK Extension of the EU-U.S. DPF: International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA) at https://go.adr.org/dpf_irm.html.
The services of ICDR/AAA are provided at no cost to you.
If you have any question or complaint regarding our participation in the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF or the processing of your Personal Information you may contact us as indicated below in the section of this Privacy Policy “Contact Information”
Changes to this Privacy Policy
This privacy policy will change from time to time. If the change is important we’ll actively inform you of the changes and ask for your consent where we need it. If the change isn’t significant then we’ll let you know by posting the changed Policy on this page with a new “Effective Date”. Please check back often to ensure you have the most recent information.
Contact Us
If you have any questions or comments regarding our privacy practices, you can reach us using the details below:
Phone: (305) 504-6802
Website: hardrockgames.com
Email: [email protected]
Postal Address: 5701 Stirling Road, Davie, FL 33314
Our DPO can be contacted directly at: [email protected]
Effective Date: July 16, 2024