The confidentiality of personal data and the protection of customer privacy are important, basic values in all of our operations. We observe legislation, authority guidelines and good data processing practice when dealing with the data of our users, employees and partners.
At Sulake, we maintain an extremely high level of data protection. We process your personal data only for appropriate purposes defined in advance, and only when it is necessary.
We protect our Service with technically appropriate measures and we train our personnel regularly in areas related to data processing.
We regularly check that these pages are up to date and we update them when needed.
Confidentiality and Data Protection
We respect your privacy and we are committed to safeguarding the privacy of those persons ("user(s)" or "you") who access and use our games, apps, websites and related services, e.g. Habbo and Hotel Hideaway (the “Services”, the “Service”).
In all of our operations, we protect data at the highest levels and process it in a confidential manner. To ensure this confidentiality, we use appropriate technology and data security solutions in conjunction with specific administrative measures.
Your rights regarding the processing of your data
You have the right to influence the processing of your own data.
Right of access and Right to data portability
You can check your own data or receive the data you have provided yourself while using our Services in machine-readable form. Do this by accessing Settings or by contacting our customer service desk.
Right to rectification
If you notice incorrect or expired data in the personal data we process, we ask you to correct the data via our customer service desk. We need the correct personal information from you in order to provide the best possible service.
Right to erasure
You have the right to request the deletion of data that are no longer needed. We do our best to remove such data automatically, but if, for one reason or another, you detect unnecessary information in our system, you can contact our customer service desk.
Right to restriction of processing
What data do we collect?
Why do we collect your personal data?
In order to provide our Services, we require sufficient personal information. We need your contact information in order to communicate with you, e.g. to allow you to reset your password if you forget it.
In addition, our Services require different kinds of data so that we can identify you individually and then tailor the service to you.
In some cases, such as where online purchases or payments are concerned, we have a legal obligation to collect sufficient data about you in order to provide the Service.
Due to the nature of our products, the processing of personal data is an essential and inseparable part of our Services, even though in the Service itself we do not process your name or any other information that directly identifies you as a person.
Personal data to be processed
We only process personal data where it is appropriate and necessary to do so. The type of data we collect and store varies depending on the game you are playing and your activity within it. Broadly, the data we collect about you relates to the type of device you are using, how you play the game (such as levels attempted and purchases made) and may include information you submit during registration (see below) or information which you allow us to access after you connect your social network accounts through our Services.
Examples of personal data processed in our Services:
- Contact information, such as e-mail address and social media contact information.
- Device information, such as device model and operating system version.
- Payment transaction information.
- Customer history. For example, if you contact us through our customer service desk we may keep a record of that correspondence.
- Chat logs. We may keep chat log records for safety and moderation purposes.
- Data generated from the use of the Services, such as the technical data generated when playing our games or visiting our websites.
- Information about cookies and third-party cookies as well as corresponding web analytics data.
- Advertising identifiers.
- You may have the ability to register or login to the Service via third-party sign-in service or login (for example Facebook or Game Center on Apple devices). If this is the case, we collect the identifier number of the third-party service profile.
Data generated from using the Services
We collect data about your interactions with our Services and with other users inside the Service. For example, this could be chat logs, purchase and transaction information, usage behaviour, preference settings, access logs, and moderation actions. Some of this information is personal data, meaning that it may be connected with your account, and some may only be collected and used in aggregate form (as a statistical measure that wouldn’t identify you or your account). We may use this information for a number of things, generally related to enhancing, improving, protecting and developing the Service. We also use the information to help keep our users and community safe.
When you visit our website, the following data may be collected automatically: IP addresses, unique identifiers, operating system, access times, browser and device type and data, language and referring website addresses. We use this information to monitor, develop and analyse your use of the Service.
Essential cookies: Some cookies are essential for us to use in order to provide you with the Service. These cookies will be used to manage the delivery of the Service, and if you do not accept these cookies you will not be able to access it. These cookies do not gather personal information that could be used for marketing purposes.
Analytics cookies: These cookies collect information that is used in aggregate form to help us understand how the Service is being used and where users are originating from.
Local storage cookies: Local storage cookies are ‘persistent’. They remain on your device for a period of time (set individually for each cookie). We use these cookies to record how many times you use the Service, to confirm you are a registered user, to save your login details when accessing the Service and to collect statistics on the use of the Service.
How and why are we using your data?
Grounds for data processing
The following personal data is processed based on performance of a contract:
- Contact information for delivering the Services and for customer service.
- Payment information for online and in-app purchases.
- Online identifiers and customer profile information used for the smooth running of our Services.
The following personal data is processed based on our legitimate interest:
- Contact and payment information for fraud prevention.
- Customer profile information for content moderation and targeted in-game offers.
- Device information for customer service, advertising and analytics.
- Online identifiers for analytics.
We may process parts of your personal data based on the consent that you have provided. You can withdraw this consent at any time.
In addition, we process personal data in order to comply with a legal obligation, such as the prevention of crime or fraud, or to maintain records related to purchases.
We want to customise and develop our Services so they are more relevant to you. We use anonymised in-game behavioural data to deliver content that is more relevant to you and at better prices. This data can also be used to guide and support content and feature production, allowing us to provide more interesting and relevant content in the future. Personal data is processed in a secure and confidential manner.
The retention period for personal data
We only retain your personal data for as long as it takes to fulfill the purpose for which it was collected, and for a reasonable time thereafter. We do this as it is required by law in order for us to be able to comply with our legal obligations, to resolve any potential disputes and to enforce our agreements. The retention period for your personal data varies depending on the service and the nature of the data.
When the retention period for the data has ended, we dispose of the personal data either by removing them or making them anonymous (i.e. anonymisation of the data in question). We process some of your personal data - such as contact information - for the entire duration of our relationship with you as the customer. Conversely, the retention period of data collected in connection to actually producing and running the Services (for example, server logs) may be relatively short.
We may use personal information we collect to target you with marketing communications about our Services based on your interests. For example, we may send push notifications, email messages, serve ads inside our Services or place ads on third party websites and apps.
We may send you push notifications via our mobile app if you have given us permission to send them on our Service. You may at any time change the settings of your push notifications. We may send you marketing emails, but only if you opt-in to receive them. You may opt-out of receiving email marketing communications at any time by following the instructions contained in our promotional emails. If you opt-out, we may still send you non-promotional emails such as emails relating to your account.
Our Services may include ads for third-party products and services. To show you relevant and interesting third-party ads, we and our advertising partners will use information about you. An example of this sort of information could be when you bought a product from a certain website or entered a specific term into a search engine. You can opt-out of interest-based ads, however this does not mean that you will no longer receive ads, only that the ads you receive will be less relevant to your interests.
Withdrawing your consent
If we process your data based exclusively on the consent you have given, you have the opportunity to withdraw it if you change your mind. This can be done easily within your user preferences in the Service. Please note, however, that this does not affect data processing that is carried out before the withdrawal of consent.
Disclosing personal data
When we provide services, we may also disclose your personal data to our subcontractors or partner operators who may need to use your data. This includes hosting providers such as Amazon Web Services and payment processors such as Adyen.
On our websites, we use tools such as cookies and web beacons. These are also used by our cooperation partners for analysis and marketing purposes. In connection with this, we may disclose personal data to the service provider, such as your IP address and cookie information. In these cases, we do not disclose personal data that directly identifies you.
Third parties that act as data controllers process your data in accordance with their own privacy policies. For example, payment processors may process your personal data as part of their own fraud prevention measures. Before disclosing personal data to any third parties, we ensure that the disclosure is in full compliance with the law.
At the bottom of this page, you are able to download a document named ¨Controller privacy policies¨. In this document, we have listed the third parties who process personal data through our Service and then use this data in accordance with their own policies.
Your personal data may be disclosed to third parties if required under any applicable law or regulation or order by competent authorities or in order to enforce the Terms of Service and to investigate possible infringing use of the Services, as well as to guarantee the safety of the Services.
Subcontractors and processing data outside EU/EEA
We use subcontractors such as Amazon Web Services to process and store your personal data outside the European Economic Area (EEA). When your personal data is processed outside the EEA, we will ensure that appropriate safeguards are in place. These safeguards include using Privacy Shield certified subcontractors and contractual means, such as EU Model Clauses and Data Protection Agreements.
We ensure data security when processing your personal data. We always use appropriate protective measures, such as access control based on passwords and other protective methods as well as technical encryption of the data. Our operating environment has been secured with firewalls and appropriate anti-virus software.
We primarily process your data in a form where an outsider cannot identify you as a person. We do not ask for or store your real name or identity and our systems use a numeric identifier to identify you both internally and across systems as opposed to something like your email address. With these measures, we protect the confidentiality of your communication and prevent irrelevant connections to your identity.
Everyone is responsible for looking after data security. In order to ensure the protection of your data, we ask you to pay attention to the data security of your own devices.
Our contact information
Sulake Corporation Oy
00530 Helsinki, Finland
Tel. +358 10 656 7000
Fax: +358 10 656 7010
Hotel Hideaway customer service: https://hideaway.helpshift.com/a/hotel-hideaway/
Habbo customer service: https://help.habbo.com/
Privacy contact: [email protected]
Right to Appeal
Please contact us if you wish to make an appeal or present development suggestions about our processing of personal data. You can find the contact information on this page in the contact information section. You can make an appeal concerning privacy or processing of personal data to a supervising authority, such as the Finnish Communications Regulatory Authority in matters related to communication or to the Data Protection Officer in matters concerning other personal data.