Privacy Policy

We collect personal information about you from the following sources:

(a) Directly From You. We may collect personal information during your access or use of the Properties and Services and through other online and offline interactions, such as when you create an account, download, sign up for and/or play the Game, sign up for marketing, make purchases, contact us for customer service or other assistance, attend or participate in any of our events or activities, and participate in promotions.

(b) From Your Friends. If you consent, your friends and contacts may provide personal information about you in connection with a “friend” referral program and for other purposes. You should only provide us with information about another person if you have the right to provide that person’s information.

(c) Cookies and Tracking Technologies. When you access or use the Properties or Services, we may collect data about your device, internet usage, location, website activity, and other details about your use of the Properties through cookies and other tracking technologies. For further information on these practices, see Section 6 – “Cookies and Other Tracking Technologies.”

(d) Service Providers. We may collect personal information from service providers who are assisting us in the supply of our products or services and carrying out our business, such as to provide a platform to sell third party products and services, and provide customer assistance.

(e) Other Third Parties and Publicly Available Information. We may collect personal information from other third parties that provide information to us, such as Business Partners, advertising networks, data brokers, government and other public sources, and social media platforms and networks where relevant to your interactions with us or to our business or relationship with you. “Business Partners” are third parties with whom we share personal information for their (or their service providers’) own purposes, such as for marketing purposes, and from whom we may receive personal information. For more information about Business Partners, see Section 4(f), below.

We may combine information that we receive from the various sources described in this Privacy Policy, including third-party sources, and use or disclose it for the purposes identified below.

We may collect, hold and use your personal information for the following purposes:

(a) To enable you to access and use our Properties and Services, including for account creation and management.

(b) To provide you with products and services, such as to respond to your inquiries, process transactions and payments, fulfill your order, communicate with you, authenticate users, verify your eligibility for certain programs or benefits, and otherwise facilitate your relationship with us.

(c) For marketing, such as to market Candy Digital goods and services or goods and services of those of our affiliates, Business Partners, and other third parties. You can always unsubscribe to Candy Digital email marketing via a link in the email. We may make additional methods available to you from time to time for you to unsubscribe from marketing. In addition, if you have provided us with a mobile phone number and we have separately obtained your consent to participate in our SMS marketing campaigns on behalf of ourselves or our affiliated entities, we may use such information in accordance with that separately obtained consent.

(d) For insights, such as to identify trends and make inferences about you and your interactions with us or our affiliates and Business Partners, such as to analyze your behavior and preferences, and to evaluate and improve the products and services of our affiliates and Business Partners.

(e) To comply with legal obligations, including keeping records required by law or to evidence our compliance with laws (including anti-money laundering laws and know-your-customer requirements) or to provide information to law enforcement or other governmental authorities upon request, such as respond to subpoenas and other official inquiries.

(f) For internal business and operational purposes, such as: (i) for our internal business administration, such as to manage customer accounts, including keeping general records of customers, sales, customer care, and other interactions; (ii) auditing related to our interactions with you; (iii) for security purposes, such as to protect genuine customers and our business from fraud, to minimize the risk of false details being used, and to avoid abuse by fraudsters; (iv) to manage competitions or other promotions that you have chosen to participate in; (v) to comply with contractual obligations; (vi) to improve or develop our products and services (including our marketing activity more generally), including operating our Properties and Services, providing customer support and improving or personalizing your experience (such as building profiles about you or how you interact with us); and (vi) for internal research and quality assurance.

(g) If you are playing the Game, to enable you to communicate with other users, including through group gameplay, conversations and by creating a friend list.

(h) Automated Processing and Profiling. We may use automated processing, analytics tools, artificial intelligence, machine learning, or other similar technologies to analyze user activity, preferences, and engagement patterns in order to personalize content and services, recommend collectibles or content, detect fraud, improve our Services, and support targeted advertising and marketing activities.

We may use de-identified, anonymized, or aggregated versions of your personal information for any purpose. If you are a resident in the EEA/UK, please refer to Section 21, which details the legal basis we rely on for our use and processing activities.

We, our affiliates, and Business Partners may share your information with each other. We may also share your personal information with third parties in the ways that are described in this Privacy Policy.

(a) Employees and Affiliates: We may share your personal information with our employees, contractors and affiliates, parents, and/or subsidiaries (i.e., our family of companies that are related by common ownership or control).

(b) With our Service Providers: We may permit our vendors and subcontractors to access your personal information in connection with performing services for us. For example, in order to process your transactions, we may share your personal information with certain third parties, such as your credit card issuer, a third-party credit verification company, the product handler, the delivery service, and vendors who may ship product to you directly from their warehouse (called drop-ship vendors). Other service provider examples include IT providers, internet service providers, and data analytics providers. We also use service providers to help us anticipate, prevent, and detect fraud. Before personal information is disclosed to such a party, we endeavor to require the party to agree to protect the privacy and confidentiality of your personal information.

(c) With Third Parties to Provide You with Services or Communications: We may disclose your information to third parties to provide you with services or benefits. For example, if you participate in our auction programs, we may share your personal information with Business Partners and other third parties to operate the program, or to sponsors or promoters of any promotions or competitions we run.

(d) With others for Legal, Security, or Safety Purposes: We may share your personal information: (i) as required by law or legal process; (ii) to prevent or investigate suspected or possible fraud, harassment, or other violations of any law, rule, or regulation; and (iii) to prevent or investigate suspected or possible violations of any terms or policies applicable to the Properties or the services provided by us or our third party providers or affiliates, including to debt collection agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you.

(e) In Connection with a Corporate Transaction: We also may transfer your personal information in connection with a sale, merger, change of control, bankruptcy, or similar transaction.

(f) With Business Partners for their Own Purposes: We may share your personal information with Business Partners with whom we jointly offer Services or with whom we offer licensed products and services. In many cases, such sharing is related to our operation of the Properties, such as sharing your personal information with a Business Partner (or their service providers), when you purchase that Business Partner’s products or services (e.g., a brand, sports league, team or university/college/athletic department). Other examples of Business Partners that might receive your information include social networks, partners who work with us on promotional or sponsorship opportunities available on our properties, data analytics companies and other companies that may use the data to help us drive advertising-related revenue (including those who may have registered in California as a “data broker”), and partners who advertise on our sites to measure advertising effectiveness. We do not control how Business Partners use and share your information once they receive it. You will need to contact such Business Partners directly for information about their privacy practices or to exercise rights you may have (including if you would like to opt-out of receiving future emails from a Business Partner).

(g) With other third parties with your consent: We may share your personal information with other third parties with your consent, or with other people at your request. For example, this may include other services, wallets, platforms, apps or websites with an API or service with which we integrate, or to and from sellers or recipients of digital assets to identify you as the sender and/or recipient of such assets.

Like many other websites and applications, we may automatically collect certain information regarding our Properties’ and Services’ users. Such information may include, without limitation, the Internet Protocol (“IP”) address (which may be used to determine your geographic location) of your computer/internet service provider, your device ID, your zip code, the date and time you access the Properties, the Internet address of a referring website, the operating system you are using, the sections or pages of the Properties that you visit, and the images and content viewed. Some of the ways in which we or the Properties may collect and use such information are further described below.

(a) Clickstream Data. As you use the Internet, a trail of electronic information is left at each website you visit. This information, sometimes referred to as “clickstream data,” can be collected and stored by a website’s server. For example, clickstream data can tell the type of computer and browsing software you use and the address of the website from which you linked to the Properties. The Properties may collect and use clickstream data for the purposes described in this Privacy Policy and also as a form of aggregate information to anonymously determine how much time visitors spend on each page of our Properties, how visitors navigate throughout the Properties, and how we may tailor our Properties to better meet the needs of visitors. This information often will be used to improve our Properties and our services.

(b) Cookies, Tracking Pixels, and Similar Technologies. Where required by applicable law, we will obtain your consent prior to placing non-essential cookies or similar tracking technologies on your device. The Properties may use cookies, a type of technology that installs a small amount of information on a user’s computer or other device when they visit a website to store user preferences. Cookies, by themselves, do not gather personal information; however, they permit a website to, for example, recognize future visits using that computer or device. The Properties may use other similar technologies (including, without limitation, tracking pixels, as described further below, and other identifiers) to gather information. The Properties also may use cookies and similar technologies on the Properties to customize your visit, to enable us to enhance our service, or for other purposes. For example, information provided through cookies is used to recognize you as a previous user of the Properties so you do not have to enter your personal information every time and to offer personalized content. We may also use and share such information to personalize marketing (for Candy Digital or for our affiliates, Business Partners, and other third parties, as further described in this policy), including as described in the section below regarding Interest-Based Advertising.

You may choose to decline cookies by adjusting your browser preferences, but doing so may affect your use of the Website and your ability to access certain features of the Properties or engage in transactions through the Properties. If you delete your cookies, change browsers or change devices, cookies that the Properties may use (or an opt-out cookie) may no longer work. Cookies and similar technologies also may be used by our affiliates, a tracking utility company, and other parties to, for example, make it easier for you to navigate our Properties and other purposes, or to serve advertisements. We do not have access to or control over these cookies and technologies and we cannot state whether these parties will comply with this Privacy Policy. For more information, please see our Cookies Policy below.

We may also use Google Analytics, acting on our behalf, to collect and process data to help us offer you an optimized user experience. You can find more information about Google Analytics’ use of your personal data here: www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time. If you do not want your Properties’ visit data reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout.

Additionally, we may employ, either directly or through trusted third parties, tracking pixels (such as clear Gifs, web beacons or web bugs). Tracking pixels are tiny, transparent graphics with a unique identifier, similar in function to cookies, and are used to provide analytical information concerning the user experience as well as to support custom marketing activities for users of the Properties. In contrast to cookies, which are stored on a user’s computer hard drive, tracking pixels are embedded invisibly on web pages. The Properties may use tracking pixels to help us better manage content, such as by improving the user interface or improving our marketing programs or the marketing of our affiliates, Business Partners, and other third parties (including for Interest-Based Advertising as described below). The Properties may use information to create aggregate tracking information reports regarding user demographics, traffic patterns and purchases. We may also link tracking information with personal information.

(c) Location Information; Push Notifications. The Properties may be collecting your location, geo-IP, and other similar data. We use this information to help us maintain and enhance the efficiency and usefulness of the Properties and for other purposes described in this Privacy Policy (such as marketing). Additionally, we may also receive location data from other third parties. The Properties may obtain the user’s precise location for operational purposes such as fraud prevention. We may determine your zip code from the location data received from the mobile device of a Game or App user, and users of the Properties also may elect to provide us with their zip code directly. We also may enable the Game or any other App to offer automatic (or “push”) notifications. We will provide push notifications only to those users who permit such notifications. If you would like to opt out of location-based advertising and push notifications, please see the “Your Choices Regarding Your Personal Information” section below.

(d) Cross Device Matching. We may now or in the future have the ability to match your devices using the data collected, making educated predictions, and, in some cases, using deterministic data (e.g., unique identifiers) or other content across devices. We may then, subject to the limitations otherwise set forth in this Privacy Policy and applicable law, display targeted advertisements to you across your devices unless it is an Opted-Out Device (as defined below) as further described in the “Interest-Based Advertising” section below.

(e) Device fingerprinting. We or our third-party service providers may analyze and combine sets of information elements from your device to identify it as a unique device. Information elements may include IP address, device identifier, browser type, operating system, data regarding network-connected hardware, login method, and information about your use of the Properties. To the extent that we or our third-party service providers combine this information with your personal information, we will treat the combined information as personal information under this Privacy Policy. Certain information elements such as IP address may, by themselves, constitute personal information under applicable law.

(f) Do-Not-Track Signals. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not recognize or respond to browser-initiated DNT signals, as there is currently no common industry-understanding of what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.

How We Use Cookies and Other Information. Information collected by cookies and other tracking technologies may be collected and shared for the purposes described in this Privacy Policy, such as for system administration purposes, analytics, and to improve the Properties and our marketing efforts. We may also use the data to build a better picture of the type of offers and products that you might be interested in, for “Interest-Based Advertising” (described below) and push notifications. We also may use general location data, preferences, or other information received from the Properties, including through your mobile device such as through the App, to send you tailored marketing messages, including making product recommendations. Additionally, we may use information to engage in interactive, real-time discussions with users, which we or the users may initiate. We may also anonymize or aggregate any information collected using cookies and other tracking technologies and may use and share such data for any lawful purpose.

If you use and/or transact in Candy Digital Collectibles and other NFT products, some information is publicly available information and may be seen by other users of the blockchain(s) on which the NFTs are minted. Publicly available information includes your blockchain address(es), the time and date your transactions are finalized on the relevant blockchain, the amounts and currency denominations of the transactions, and the other blockchain address(es) that are parties to any transactions you have made on the blockchain.

Additionally, any content submitted by you through public forums, including questions or comments on our social media platforms, may be viewable by the public, including any personal data included in such user-generated content.

Because blockchain transactions are immutable and cannot be altered or deleted, certain information recorded on a public blockchain (including wallet addresses and transaction metadata) may remain publicly accessible indefinitely. Candy Digital does not control and cannot erase or modify information recorded on public blockchains.

We may use information we collect (alone or in combination with information provided by third parties and service providers) to deliver targeted advertising (about Candy Digital or other third party products and services) to you when you visit our Properties or other websites and/or use our Services. Information about you (such as email address) as well as cookies and other tracking technologies (described above) may be used in this process. For example, if you are searching for information on a particular product, we may use that information to cause an advertisement to appear on other websites you view with information on that product. We may, now or in the future, have the ability to engage in “cross-device matching” to display targeted advertisements to you across browsers and devices (as described in Section 6 above).

To further clarify, we partner with third parties that collect information across various channels, including offline and online, for purposes of delivering more relevant advertising to you or your business. Our partners may place or recognize a cookie on your computer, device, or directly in our emails/communications, and we may share personal information with them if you have submitted such information to us, such as your name, postal address, email address, or device ID. Our partners use this information to recognize you across different channels and platforms, including but not limited to, computers, mobile devices, and Smart TVs, over time for advertising, analytics, attribution, and reporting purposes.

If you would like to opt-out of these interest-based advertisements or “cross-device matching,” please see the Opt-Out Process/Options and Additional Terms below in Section 12.

(a) Third-Party Websites. The Properties may contain links to other websites or Internet resources. When you click on one of those links, you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or resources or their collection, use and disclosure of your information. We suggest that you read the privacy policy and terms of use of each such website. Any links to third-party websites are for your convenience and do not signify our endorsement of such third parties or their product, content or websites.

(b) Social Media, Widgets and Open Forums. Our Properties and/or Services may allow you to engage with social media services, such as Facebook, Twitter, Pinterest and Instagram (“Social Networks”), and widgets such as the “Share this” button, or interactive mini-programs that run on our Properties or which link from Social Networks to our Properties (“Social Functions”). These Social Functions may access, collect, and integrate with your Social Network accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our Properties, or set a cookie. Social Functions may also be used to register you as a Properties user. For example, if you are not currently registered as a Website user and you use certain Social Functions, you will be asked to enter your Social Network credentials and then be given the option to register and join the Website. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos, or favorite teams. This sharing is subject to each Social Network’s own privacy policy and terms of use. We do not control those Social Networks or your profiles on those services. Nor do we modify your privacy settings on those services or establish rules about how your personal information on those services will be used. Social Functions are either hosted by a third party or hosted directly on our Properties. Your interactions with them are governed by the privacy policy of the company providing them. Please refer to the privacy settings in the relevant Social Network account to manage the data that is shared with us through your account. Information you include and transmit online in a publicly accessible blog, chat room, or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We do not control such uses of your personal information, and by using such services you assume the risk and acknowledge that the personal information provided by you may be viewed and used by us and/or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Policy do not apply to such services.

We strive to give you choices about how your personal information is used and shared. There are several ways in which you may opt out of the various programs and Services we provide. Some of the ways in which you may opt out are described below.

(a) Opting Out of Our Services. If you receive a marketing email from us, you may unsubscribe from future marketing emails in accordance with our standard unsubscribe process. You may also unsubscribe from SMS messages by communicating with us through SMS. On most devices, Game and App users may opt out of mobile communications from us via their device settings (mobile browser cookies require a separate opt-out, as explained below).

(b) Interest-Based Advertising Opt-Out and Do Not Track Signals. With respect to “do not track” (a/k/a “DNT”) signals or similar mechanisms transmitted by web browsers, the Properties do not respond to or honor such signals or mechanisms. This means that third parties, such as ad networks, web analytics companies, and social networking platforms (some of whom are discussed elsewhere in this Privacy Policy), may collect information about your online activities over time and across our Properties and other third-party online properties or services. These companies may use information about your visits to our Properties and other sites, and general geographic information derived from your IP address, in order to provide advertisements about goods and services of interest to you. For more information about third-party advertisers and how to prevent them from using your information, please visit http://www.networkadvertising.org/choices/. This is a site offered by the Network Advertising Initiative (“NAI”) that includes information on how consumers can opt-out from receiving interest-based advertising from some or all of NAI’s members. You can also visit http://www.aboutads.info/choices, which is a site offered by the Digital Advertising Alliance (“DAA”) that includes information on how consumers can opt-out from receiving internet-based advertising from some or all of DAA’s participating companies. Opting out of interest-based advertising does not mean that you will no longer see any advertisements; rather, you will still see advertisements that are general and not tailored to your specific interests and activities. Further, cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your computer browser, that opt-out will not necessarily be effective on your mobile device. In the event we are performing cross-device matching (as described above), once you have opted out on one device (“Opted-Out Device”), we will not use any new data from the Opted-Out Device to identify you on another device for interest-based advertising purposes and we will not use data from another device for interest-based advertising purposes on the Opted-Out Device.

(c) Mobile Application-Based Opt-Outs. If you are a user of the Game, or to the extent we have launched any other App, cookie-based opt-outs are not effective on mobile applications. You may opt out of certain advertisements on mobile applications or reset advertising identifiers via their device settings. To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links: iOS · Android

(d) Location Data Opt-Out. In some cases, such as when using the Game or an App, you may also adjust the settings on your mobile device to allow or restrict the sharing of location information. For example, the “location” permissions on your mobile device may allow you to elect whether to never share location information with us, to share location information only while you are using the Properties or always share location information even if you are not using the Properties. If you elect to not share your location information, you may be unable to access some features of our services that are designed for mobile devices. Also, in the event that you prevent the sharing of location information, we may still estimate your general location based on the IP address you use to access our services.

We are committed to the preservation of online privacy for all of our visitors, including children. Our Properties, Services, Collectibles and other products are intended for purchase and use by adults (i.e., those age 18 or older). In addition, we do not knowingly collect personal information from children under the age of 13 or knowingly allow such individuals to create accounts, and our Services are not directed to children under the age of 13. If we become aware that we have collected personal information from a child under the age of 13 without verifiable parental consent, we will take steps to delete such information as required by applicable law.

If you make a purchase on our Properties, you are representing that you are an adult. We will not knowingly collect any personal information from children under the age of 18 without the consent of that child’s parent or guardian. If you are a child under the age of 18, you are not authorized to use the Properties or Services without consent from your parent or legal guardian. If we become aware that personal information from a child under 18 has been collected without such child’s parent or guardian’s consent, we will use all reasonable efforts to delete such information from our database. If any parent, guardian or other responsible adult becomes aware that we have collected personal information from a child under the age of 18, please contact us at fan-help@candy.io.

If you have any questions about this Privacy Policy, you may contact us via email at: fan-help@candy.io.

To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to lodge a complaint with a supervisory authority. You may contact the US Federal Trade Commission regarding your concerns.

This section describes the additional rights granted to residents of California, as well as to residents of other US jurisdictions such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, Indiana, Illinois and other states as and when those jurisdictions enact applicable privacy legislation from time to time.

We collect information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The California Consumer Privacy Act (“CCPA”) refers to such information as “personal information.” If you are a California consumer, as defined by the CCPA, the CCPA provides you with specific rights regarding your personal information.

For the purposes of this section, personal information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA or the applicable state legislation. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA or applicable state legislation.

This section describes the additional rights granted to residents of California, as well as to residents of other U.S. jurisdictions such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, Indiana, Illinois and other states that have enacted or may enact applicable privacy legislation from time to time.

Information We Collect; How We Collect It; How We Use It

We may have collected the following types of personal information in the preceding 12 months: (a) identifiers, (b) personal information subject to the California Customer Records Act, (c) characteristics of protected classifications under California or federal law, (d) internet and other electronic network activity information, (e) geolocation data, (f) commercial information, (g) audio, electronic, visual, thermal, olfactory or similar information, (h) biometric information, (i) professional and employment-related information, (j) inferences, and (k) sensitive personal information.

We collect your personal information from the categories of sources set forth in Section 1 above.

We collect personal information for the following business and/or commercial purposes: (a) to provide you with products and services, (b) for marketing, (c) for insights, (d) to comply with legal obligations and defend ourselves and others, (e) for internal business and operational purposes; (f) in connection with a corporate transaction; and (g) for any other purpose for which you provide consent.

We use and disclose Sensitive Personal Information only for (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) short-term, transient use, including nonpersonalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) purposes that do not infer characteristics about you.

Information about our data collection during the prior 12 months is described in the chart below. In some circumstances, you may access, delete, and control certain uses of your information as set forth in the section “Rights to Your Information” below.

In addition to the purposes set forth above and elsewhere in this Privacy Policy, each of these categories of personal information may be collected and used: (i) to fulfill or meet the reason you provided the information; (ii) to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; (iii) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including our Terms of Use), such as for billing and fulfillment; (iv) as described to you when collecting your personal information or as otherwise set forth in the CCPA or other applicable legislation; (v) to help maintain the safety, security, and integrity of our Website, Properties, Services, databases and other technology assets, and business; (vi) for internal research for technological development and demonstration and to improve, upgrade, or enhance our Website and Services; (vii) for detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; (viii) in emergency situations to protect the personal safety of us, our users, or the public; and (ix) to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Candy Digital’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Candy Digital about our Website and Service users is among the assets transferred.

Sharing of Personal Information

Candy Digital may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt out of those sales (see Personal Information Sales Opt-Out and Opt-In Rights, below). The chart found above under Information We Collect; How We Collect It; How We Use It lists the categories of third parties with which we may share your personal information.

Rights to Your Information

• Right to Know About Personal Information Collected, Disclosed or Sold

  You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • the categories of and specific pieces of personal information we collected, sold or shared about you;
  • the categories of sources from which the personal information is collected;
  • our business or commercial purpose for collecting or selling that personal information;
  • the categories of third parties with whom we share that personal information; and
  • the categories of personal information we disclosed about you for a business purpose.

• Right to Correct

  You have a right to request that we correct inaccurate personal information maintained about you.

• Right to Delete

  You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies or except to the extent we are required by law from deleting certain information. We also may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under the CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

• Right to Opt Out

  You have the right to opt out from the “sale”/“sharing” of your personal information, including the processing of your personal information for purposes of targeted advertising (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 16 and less than 16 years of age, or the parent or guardian of a consumer less than 16 years of age. To our knowledge, we do not sell the personal information of minors under 16 years of age. Please see “Exercising Opt-Out and Opt-In Rights” below for instructions on how to exercise this right.

• Right to Non-Discrimination

  We will not discriminate against you for exercising any of these rights, including but not limited to, by: (i) denying you goods or services; (ii) charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) providing you a different level or quality of goods or services; or (iv) suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a request to us by emailing us at fan-help@candy.io. Only you, or a person or business entity that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person. You may only submit a request to know twice within a 12-month period. For more information about verification, see “Response Timing and Format” below.

Exercising Opt-Out and Opt-In Rights

To exercise the right to opt out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page: “Do Not Sell My Personal Information”. Alternatively, you may submit an opt-out request by emailing us at fan-help@candy.io. You may change your mind and opt back in to personal information sales at any time by visiting the following Internet Web page: OPT-IN INSTRUCTIONS.

If you are a Nevada resident, you have the right to request that we do not sell your covered information (as those terms are defined in N.R.S. 603A) that we have collected, or may collect, from you. We do not sell your covered information, however, if you would like to make such a request you may do so by contacting us at fan-help@candy.io.

Response Timing and Format

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, in whole or in part, the response we provide will also explain the reasons we cannot comply.

California “Shine the Light”

Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address and mailing address and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. If you are a California resident: (i) to request the above information, or (ii) if you do not want your personal information shared with any third party who may use such information for direct marketing purposes and wish to opt out of such disclosures, please contact us by email at fan-help@candy.io with “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one Shine the Light request per consumer each year, and we are not required to respond to requests made by means other than through the e-mail address or mailing address provided in this Privacy Policy.

Please note that under Shine the Light, we are not responsible for removing your personal information from the lists of any third party who has previously been provided with your information, and any elections or privacy choices you may make with respect to receipt of certain types of e-mails or marketing communications from us will not apply to any such third parties. You should directly contact any third parties that send you communications regarding choices that they may make available to you concerning such communications.

If you are situated in the European Economic Area, Switzerland, or the United Kingdom, this section applies to our collection, use, and disclosure of your personal data and additional rights you have under applicable law.

Legal Basis

We will only use your personal data, as that term is defined under the General Data Protection Regulation (“GDPR”), when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• where we need to perform the contract we are about to enter into or have entered into with you;
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
• where you have consented to a certain use of your personal data; and
• where we need to comply with a legal or regulatory obligation. To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary.

Data Controller

Candy Digital is the data controller of all personal data collected through our Services. We operate and process data in the United States. We may also transfer data to countries other than the one where our users live or use our Services. To contact us, please see the section above titled “Contact”.

Data Transfer

We may transfer personal data from the EEA, Switzerland, or the UK to the USA and other countries, some of which have not been determined by the European Commission or UK data protection authorities to have an adequate level of data protection. We will provide appropriate safeguards for such transfers and only transfer such personal data under a legally valid transfer mechanism, which may include, where relevant, entering into the EU Standard Contractual Clauses and/or the UK International Data Transfer Agreement / Addendum with the recipient outside the EEA / UK, or such other specific contracts approved by the European Commission or UK data protection authorities which give personal data the same protection it has in the EEA, Switzerland, or the UK. For more information about how we transfer your data, please contact us at fan-help@candy.io.

Provision of personal data and failure to provide personal data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail or refuse to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, please be aware that we may not be able to provide certain services to you.

Collection of personal data from third party sources

We may obtain personal data and other information about you, some of which may include personal data collected from public sources, through our third-party partners who help us provide our products and services to you, as described in this Privacy Policy. We will obtain cookie data about you from Google Analytics.

Withdrawing your consent

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us at fan-help@candy.io.

Use of your personal data for marketing purposes

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes. You may opt out of receiving any, or all of these communications from us by following the unsubscribe instructions provided in any email we send, or you can contact us using the contact details provided in the “Contact” section above. You may still continue to receive service-related messages concerning products and services you have purchased (unless we have indicated otherwise).

Your Rights as a Data Subject

If you are situated in the EEA, Switzerland, or the UK, as a data subject, you have the right to:

• request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
• request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
• request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
• request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
• request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
• withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise your rights set out above under the GDPR, please contact us at fan-help@candy.io. Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

In addition, you also have the right to file any complaints regarding our privacy practices to the Information Commissioner’s Office (“ICO”) or your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or your supervisory authority, so please contact us in the first instance. If you have a complaint, please contact our privacy manager here: fan-help@candy.io.