Privacy Policy - Megabit

1. INTRODUCTION
Who are we?	We are Aonic AB (Publ), a public limited liability company incorporated in Sweden with its registered office at Västra Trädgårdsgatan 15 111 53 Stockholm, Sweden and registration number 559335-7527 (“Megabit”, “we” or “us”), and we are a video games publisher. Where we decide the means or purpose of processing your personal data, we are the data controller.
What’s this notice about?	This notice explains how we process your personal data as a data controller when you visit, use and/or engage with our website (https://megabit-publishing.com), and any of its respective subdomains, and any other website or app of ours that links to this privacy policy (together, the “Services”). We update this notice from time to time so please check back in. Other apps and websites provided by third parties but linked to within our Services will have a separate notice provided by the relevant third party.
How do you contact us? (if you have questions about this notice or to exercise your rights)	Write to us at: dataprotection@megabit-publishing.com If we can’t resolve your issue, and you: are based in the UK, you can also get in touch with the Information Commissioner’s Office: https://ico.org.uk/concerns; are based in Sweden, you can also get in touch with the Swedish Authority for Privacy Protection: imy@imy.se; or if you live in a European country other than Sweden, you can submit a complaint to the supervisory authority in your country.
What are your rights?	You have the following rights, although these rights may be limited in some circumstances: Ask us to send a copy of your data to you or someone else Ask us to restrict, stop processing, or delete your data Object to our processing of your data Object to use of your personal data for direct marketing (to the extent it is used for direct marketing) Ask us to correct inaccuracies If we rely on consent to process data, or send direct marketing, you can withdraw consent by email to the address above. You may enjoy additional rights depending on where you are based. For reference, you are based in: Canada, please see section 5 of this notice; and California (US), please see section 6 of this notice.
What information do we not knowingly collect or process?	We do not knowingly collect or otherwise process “special category data”, or data from children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services.

2. YOUR PERSONAL DATA AND HOW WE USE IT
Your data		How we use it		Sources and recipients	Retention Rules
Enquiry Data Name Email address Details of your enquiry		We process this information to respond to your support requests, your requests to “Publish With Us”, your requests to obtain game keys, and other enquiries. Legal basis We use this data to pursue our legitimate interests, including: (a) our interest in responding to enquiries to ensure smooth operation of our business and Services; (b) review the pitch you submit to us in order to evaluate it, and decide whether to progress the conversation with you in relation to the publishing of your proposed game; (c) review your request to decide whether to provide with a game key; and (d) to understand our customers and improve our Services, by taking on-board your feedback. More information You are under no obligation to provide us with this information, but if you do not, we may not be able to respond to your enquiry or support request.		Sources We collect this data directly from you. Recipients We use Craft CMS in order to receive, log and respond to your enquiries.	We hold this Enquiry Data for as long as necessary for the purposes described in this section, and until it is no longer useful.
Analytics & Security IP address Name Pages of our Service that you visit, time and date of your visit, the location from which you visit those pages, and the time spent on those pages Unique device identifiers Session and user identifiers (ID) cookies as described further in section 3 ‘Cookie, Analytics and Similar Technologies’ of this policy Error messages and crash reports Spam/Fraud/DDOS reports Where you access the Service using a mobile device, in addition to the above: Type of mobile Mobile device unique ID Mobile operating system Mobile internet browser		We may use software to collect usage data to understand from where and how people use and interact with our Services, to help improve and maintain our Services, and Legal basis We process this data if you have given your consent. We may also use session and user ID cookies as described further in section 3 ‘Cookie, Analytics and Similar Technologies’ of this policy, in pursuit of our (and your) legitimate interests in ensuring our Services and your data are secure.		Sources We collect this data using tracking technologies. For more information on how we use tracking technologies to collect this data, please see section 3 ‘Cookie, Analytics and Similar Technologies’ below. Recipients We use Google Analytics and Meta Pixel to collect usage data and provide us with analytics.	We hold this Usage Data for 26 months from the day in which it is collected.
Newsletter Data Email address upon signup to Megabit’s newsletter		We process this information to send you updates on our Services and business if you are subscribed to the Megabit newsletter. Legal basis We process this data if you have given your consent.		Sources We collect this information when you subscribe to the Megabit newsletter through third party services, such as Mailchimp. Recipients Newsletter platforms, such as Mailchimp.	We hold this Newsletter Data for as long as necessary for the purposes described in this section, or until the day in which you unsubscribe from the Megabit newsletter.
Where explicit retention periods are not described above, we hold data for as long as necessary bearing in mind the purpose for which it was collected. To determine the appropriate period, we consider the amount, nature, and sensitivity of the data, the potential risk of unauthorised access, and legal requirements.

3. COOKIES, ANALYTICS AND SIMILAR TECHNOLOGIES
Cookies, pixels and other technologies store and access data on your device to help websites and apps work. This table explains their purpose, how long they last, and who else can access their data. We get your consent to use them unless they’re essential for our sites, apps or services. Settings to disable certain similar technologies: Windows Advertising ID \| iOS and Mac OS Ad Tracking \| Google Analytics \| Your Ad Choices.
Cookie/Similar Technology		Duration	Purpose		Access
reCAPTCHA (rc::a)		Persistent Cookie	Bot detection provided by Google.		Google
__cf_bm		30 minutes	Bot detection provided by Cloudflare.		Cloudflare
_ga_#		2 years	Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions.		Google
_ga		2 years	Measure and analyse activity on the Services, including how users interact with the Services.		Google
aka_debug		1 session	Used to for video functionality on the website and collects statistical information including how many times the video is displayed and what playback’s settings.		Vimeo.com
__cf_bm		30 minutes	Used for mitigating risk associated with spam and bot traffic		Vimeo.com
CraftSessionId		Session Cookie	Used for web functionality, including to maintaining user sessions, store authentication information, among others.		Craft CMS
CRAFT_CSRF_TOKEN		Session Cookie	Used to prevent cross-site request forgery attacks.		Craft CMS
_cfuvid		30 minutes from the last activity by user	Used to distinguish individual users behind shared IP addresses, to prevent accidental sharing of information.		Cloudflare
_fbp, Meta Pixel		180 days	Used to collect usage data, to provide analytics for marketing and advertising purposes.		Meta

4. TRANSFERS AND DISCLOSURE
Transfers		Where we use data processors outside the UK and European Economic Area, and (or otherwise) transfer personal data to a country which does not provide an adequate level of protection, we use contracts approved by the European Commission or UK authorities which give personal data the same protection it has in Europe / the UK. For more information drop us a line using the contact details at the start of this notice.
Disclosure		Other than as set out above, we may disclose your personal data: Where required by law, government, competent authorities or the courts or to establish, exercise or defend our legal rights, and for the purposes of preventing crime and fraud (for example, we may share personal data with our professional advisors, investigators, or credit reference agencies). Legal basis: our legal basis for this processing is likely to be: compliance with legal obligation or legitimate interests in: (i) obtaining advice in relation to legal and similar proceedings, (ii) communicating with relevant third parties in relation to legal and similar proceedings; and/or (iii) protecting and defending ourselves from legal and similar proceedings. With members of our corporate group, suppliers and subcontractors, as necessary for the purposes (and on the legal basis) set out in this notice. If involved in an investment, merger, acquisition, or sale of our organisation or assets, personal data we hold may be shared on the basis of the legitimate interests of us, our shareholders, customers and other parties to a transaction, unless those interests are outweighed by prejudicial impacts upon you. Legal basis: our legal basis for this processing is likely to be: our legitimate interests pursued would typically include our interest (and that of our shareholders) in negotiating and concluding the relevant transaction, and our interest (and that of our users) in financing the business and ensuring the development and continuity of the Services.
5. IF YOU ARE BASED IN CANADA
If you are based in Canada, the following section applies to you: We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time by writing to us at: dataprotection@megabit-publishing.com. In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example: If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way; For investigations and fraud detection and prevention; For business transactions provided certain conditions are met; If it is contained in witness statement and the collection is necessary to assess, process, or settle an insurance claim; For identifying injured, ill, or deceased persons and communicating with next of kin; If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse; If it is reasonable to expect collection and use with consent would compromise the availability or accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada province; If disclosure is required to comply with subpoena, warrant, court order, or rules of the court relating to the production of records; If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced; If the collection is solely for journalistic, artistic, or literary purposes; and If the information is publicly available and is specified by the regulations.
6. IF YOU ARE A RESIDENT OF CALIFORNIA, US (CCPA)
A. What categories of personal information do we collect? We have collected the following categories of personal information in the past twelve (12) months:
Category		Examples			Collected
Identifiers		Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name.			YES
Personal information defined in the California Customer Records statute		Name, contact information, education, employment, employment history, and financial information.			YES
Protected classification characteristics under state or federal law		Gender and date of birth.			NO
Commercial information		Transaction information, purchase history, financial details, and payment information.			NO
Biometric Information		Fingerprints and voiceprints.			NO
Internet or other similar network activity		Browsing history, search history, online behaviour, interest data, and interactions with our and other websites, applications, systems, and advertisements.			YES
Geolocation Data		Device Location.			YES
Audio, electronic, visual, thermal, olfactory, or similar information		Images and audio, video, or call recordings created in connection with our business activities.			NO
Professional or employment-related information		Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us.			NO
Education Information		Student records and directory information.			NO
Inferences drawn from collected personal information		Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.			NO
Sensitive personal information					NO
Please note that we may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of providing our Services (for example, personal information you include in the enquiries you submit to us). B. How do we use and share your personal information? Will your information be shared with anyone else? For more information on what personal information we collect, where we collect it from, how we use it and the business purpose for any such use, the retention periods that apply, and who we share your personal information with, please refer to section 4 and to section 2 of this notice as set out above (including the section titled “YOUR PERSONAL DATA AND HOW WE USE IT”). C. Will your information be shared with anyone else? We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information. We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
California Civil Code Section 1798.83 & Under Minors
California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request inwriting to us using the contact information provided below. If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).
CCPA Privacy Notice
This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below. The California Code of Regulations defines a “resident” as: every individual who is in the State of California for other thana temporary or transitory purpose and every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose. All other individuals are defined as "non-residents." If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information. Your rights with respect to your personal data A. Right to request deletion of the data — Request to delete You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities. B. Right to be informed — Request to know Depending on the circumstances, you have a right to know: whether we collect and use your personal information; the categories of personal information that we collect; the purposes for which the collected personal information is used; whether we sell or share personal information to third parties; the categories of personal information that we sold, shared, or disclosed for a business purpose; the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose; the business or commercial purpose for collecting, selling, or sharing personal information; and the specific pieces of personal information we collected about you. In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response toa consumer request or to re-identify individual data to verify a consumer request. C. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights We will not discriminate against you if you exercise your privacy rights. D. Right to Limit Use and Disclosure of Sensitive Personal Information We do not process consumer's sensitive personal information. Verification process Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the informational ready maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you. Other privacy rights You may object to the processing of your personal information. You may request correction of your personal data if it is incorrect or no longer relevant or ask to restrict the processing of the information. You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA. You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission. To exercise these rights, you can contact us by email at dataprotection@megabit-publishing.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

Your data

How we use it

Sources and recipients

Retention Rules

Cookie/Similar Technology

Duration

Purpose

Access

Stay ahead of the game

Subscribe
to our
newsletter
to stay in
touch.

Your data

How we use it

Sources and recipients

Retention Rules

Cookie/Similar Technology

Duration

Purpose

Access

Stay ahead of the game

Subscribeto ournewsletterto stay intouch.

Subscribe
to our
newsletter
to stay in
touch.