Immutable Privacy Policy

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including when preparing to provide or providing our platforms to you, including Gods Unchained, our collectible digital card trading game that operates on the Ethereum blockchain, Guild of Guardians, our free to play mobile RPG, ImmutableX, our marketplace that allows buyers and sellers to trade digital assets, our other downloadable applications and mobile applications, and our websites (Services). In this Privacy Policy we, us or our means Immutable Pty Ltd (ABN 89 626 193 351) and all group companies of Immutable Pty Ltd, including without limitation Gods Unchained Pty Limited (ABN 30 644 717 813), Immutable X Pty Ltd (ABN 36 644 717 840) and Leonis Pty Ltd (ABN 55 639 363 447).


This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles. In addition to the Australian laws, individuals located in the European Union (EU) may also have rights under the General Data Protection Regulation 2016/679 (GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU as well as information on how we process the personal information of individuals located in the EU.


"Personal information" as used in this Privacy Policy means information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable, and includes anything defined as personal information, personal data, personally identifiable information or similar terms under applicable law.


How we collect personal information

We collect personal information in a variety of ways, including:

  • Directly: We collect personal information which you directly provide to us, including when you sign up to Gods Unchained or Guild of Guardians, or register for ImmutableX, through the ‘contact us’ form on our websites or when you request our assistance via email, our online chat or over the telephone, or when you attend or participate in any of our sessions, functions, events or activities.
  • Indirectly: We may collect personal information which you indirectly provide to us while interacting with us such as when you use any of our websites (including Gods Unchained, Guild of Guardians and ImmutableX), in emails, over the telephone and in your online enquiries.
  • From Third Parties: We collect personal information from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
  • From Publicly Available Sources of Information: We may also collect personal information from publicly available sources, such as information from social media accounts and profiles, where relevant to your interactions with us, or to our business or relationship with you.


Personal information

The types of personal information we may collect about you include:

  • your name;
  • your contact details, including email address and name;
  • your Ethereum (and/or other public blockchain) address and wallet, and public blockchain data such as your nominated public key for a digital asset wallet;
  • your credit card or payment details (through our third party payment processor);
  • your preferences and/or opinions;
  • information you provide to us through customer surveys;
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you, including any support requests and any bug reports;
  • where you play Gods Unchained or Guild of Guardians, game progression data, such as your game saves and your achievements in the game, and for Guild of Guardians, your age;
  • where you participate in ImmutableX, your trading data;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, your IP address, and demographic information;
  • your connections with others whose personal information we may collect or hold;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, by submitting forms or through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; 
  • publicly available information from social media accounts, posts and profiles, where relevant to your interactions with us, or to our business or relationship with you; 
  • device information, such as mobile device type, mobile number, unauthorised third party applications (which allows us to identify whether our users are gaining an unfair advantage or cheating when using our games), and device specifications; and
  • any other personal information requested by us and/or provided by you or a third party.


We may collect these types of personal information directly from you or from third parties.


Collection and use of personal information

We may collect, hold, use and disclose personal information for the following purposes:

  • to enable you to access and use our Services, associated applications (such as the Gods Unchained application, Guild of Guardians application, and ImmutableX platform) and associated social media platforms, and to personalise and customise your experiences using our Services;
  • to enable you to perform transactions on the Services;
  • where you are playing Gods Unchained or Guild of Guardians, to enable you to communicate with other Services users, including through group conversations and by creating a friend list;
  • to contact and communicate with you about our Services;
  • for internal record keeping, administrative purposes, invoicing and billing purposes;
  • to compare information for accuracy and verification purposes, including (where relevant to our Services) verifying your identity based on information you have provided to us;
  • to carry out appropriate administration in relation to our investors, including communicating with corporate regulators;
  • for analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms;
  • to run promotions, competitions and/or offer additional benefits to you, and to measure the effectiveness of those activities;
  • for advertising and marketing, including to send you promotional information about our group’s products and services and information about third parties that we consider may be of interest to you;
  • if you are a contractor, supplier or service provider to us, to enable us to conduct or administer our relationship with you or your employer, including when you are carrying out activities in connection with our operations or your supply of goods or services to us;
  • to investigate, review, mitigate risks associated with, and inform you or appropriate authorities of, any data or other security breach involving your personal information;
  • to comply with our legal obligations and resolve any disputes that we may have;
  • to identify, prevent and respond to fraud and abuse, and otherwise protect our users, our property and our rights;
  • telephone calls to us may be recorded for training and quality assurance purposes;
  • if you have applied for employment with us, to consider your employment application; 
  • if otherwise notified to you at the time of collection, or in accordance with any agreement you enter into with us; and
  • if otherwise required or authorised by law.


We may aggregate personal information for reporting, statistical and analysis purposes, and for business, product and service improvement purposes. This allows us to better inform ourselves and anticipate our users' preferences and requirements, and to monitor and improve the effectiveness of our business, products and services. We may also de-identify information for inclusion in such aggregated databases or reports. 


Disclosure of personal information to third parties

We may disclose personal information to:

  • third party service providers for the purpose of enabling them to provide their services to us, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our employees, contractors and/or related entities (this includes sharing personal information between companies within our group for use and disclosure as described in this Privacy Policy in relation to any Services they may provide to you);
  • government agencies or identity verification service providers, who in turn may access third party databases, document issuers, official record holders, DVS and other sources in order to perform identity verification services;
  • merchants and the recipients of digital assets to identify you as the sender of the assets and to a party who sends you digital assets in connection with a transfer to you of digital assets;
  • our existing or potential agents or business partners;
  • sponsors or promoters of any promotions or competition we run;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • debt collection agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia;
  • third parties to collect and process data to provide services to us, such as Google Analytics (see the "Cookies" section below for more information about Google's use of such data) or other relevant businesses. This may include parties that store data outside of Australia; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.


Overseas disclosure: Where we disclose your personal information to third parties listed above, or where their or our computer systems including IT servers and website hosts are located overseas, your personal information may be stored, transferred or accessed by those parties or by us outside of Australia, including but not limited to, United States of America, United Kingdom, Singapore, European Union (including Ireland, Greece and Italy), New Zealand, Canada, Indonesia and Brazil.


We will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles or we will take such steps as are reasonable in the circumstances to protect your personal information in accordance with the Australian Privacy Principles.


How we treat personal information that is also sensitive information

Sensitive information is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.


Provided you consent, your sensitive information may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected.


Sensitive information may also be used or disclosed if required or authorised by law


Your rights and controlling your personal information

Your Choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our  ability to  provide  our Services  to  you and/or your use of our Services.


Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.


Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.


Restrict and unsubscribe: We may communicate with you by phone, email, SMS or push notifications, including to inform you about existing and new products and services that may be of interest to you. To object to processing for direct marketing/unsubscribe from our marketing database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication. You may decline marketing messages sent by push notifications by refusing the relevant permission in your device settings, however this setting will prevent you from receiving other messages from us via push notification.


Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information.


Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, irrelevant or out of date. Please note, in some situations, we may be legally permitted to not correct your personal information.


Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. You also have the right to contact the relevant privacy authority.


Storage and security

We will take reasonable steps to ensure that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.


While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be accessed or disclosed in a manner that is inconsistent with this Privacy Policy.


Cookies

We may use cookies on our online Services from time to time. Cookies are  text  files  placed  in  your  computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online Services and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online Services with personal information, this information may be linked to the data stored in the cookie and that information could potentially be used to identify you. It may be possible for us to identify you from information collected automatically from your visit(s) to our Services, for example, we will be able to identify you through your user name and password when you log into our Services. Further, if you access our Services via links in an email we have sent you, we will be able to identify you.


You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our online Services.


We may use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.


We may use Google Analytics to collect and process data. To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time. If you do not want your Site visit data reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout


Links to other websites

Our Services may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.


Amendments

We may, at any time and at our discretion, vary this Privacy Policy. We will notify you if we amend this Privacy Policy, by contacting you through our Services or the contact details you have provided to us. Any amended Privacy Policy is effective once we notify you of the change.

For any questions or notices, please contact us at:

Immuable Pty Ltd (ABN 89 626 193 351)

privacy@immutable.com

https://support.immutable.com/hc/en-us 

Appendix 1 - Additional Rights for Individuals Located in the EU

Under the GDPR individuals located in the EU have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is  defined  as  information  relating  to  an identified or identifiable natural person (individual). This Appendix sets out the additional rights we give to individuals located in the EU, including how we process personal information lawfully, transparently and fairly. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

What personal information is relevant?

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any sensitive information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

Our commitment to you

Your personal information will:

  • be processed lawfully, fairly and in a transparent manner by us;
  • only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
  • be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
  • be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
  • be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal information was collected; and
  • be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.

How we process personal information

We will process your personal information for our legitimate interest to allow you to access and use our website, to send you marketing content we think may be of interest to you, to contact you if you leave your contact details with us or if you otherwise initiate contact with us.

We will rely on performing a contract to process your personal information where we are preparing to enter into a contract with you or we are carrying out our obligations under a contract with you, such as to set up an account for you and delivering our game to you.

We will rely on a legal obligation to process your personal information where we are subject to a legal obligation. If we need to rely on consent, we will ask for consent to process any of your personal information for that specific purpose before we process your personal information for that reason. If you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

Upon written request, we may provide you with a list of the third parties we use to process your personal information.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see ‘access, erasure and data portability’ below for further information.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for analytics, research or statistical purposes in which case we may use this anonymised information indefinitely without further notice to you.

Data Transfers

The countries to which we send data for the purposes listed above may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of the GDPR; and (ii) we will

protect the transferred personal information in accordance with the Privacy Policy, as supplemented by this Appendix.

Extra rights for EU individuals

Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, in order to proceed with the processing of your personal information.

Restricting processing: You have the right to request that we restrict the processing of your personal information, if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information

has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Access, erasure and data portability: You may have the right to request details of the personal information we hold about you, or to request that we erase the personal information we hold about you, or that we transfer this information to a third party.

Rectification: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, misleading or out of date.