Privacy

Mahjong Logic LTD Privacy Policy

 

Effective as from: 26th of February 2019

 

  • Introduction
    • We are committed to safeguarding the privacy of individuals (“you”, “your”) whose personal data we collect and use. In this Privacy Policy, we explain how we handle your personal data. For example, what personal data we collect and how, what we do with it and who we share it with. It also describes your privacy rights and controls such as your choices regarding use, access and correction of your personal data.
    • Our Privacy Policy is part of, and is subject to, our Cookies Policy http://www.mahjonglogic.com and our Website Terms http://www.mahjonglogic.com. By accessing or using http://www.mahjonglogic.com (“Website”), you confirm that you accept the terms of our Privacy Policy.
  • About Mahjong Logic LTD
    • Our Website is owned and operated by Mahjong Logic (“Mahjong”, “we”, “us” or “our”).
    • We are a company registered in the Isle of Man under registration number 004277V. Our registered office is at Second Floor, Atlantic House, Circular Road, Douglas, IM11AG, Isle of Man.
    • For general enquiries you can contact us by (a) post, at Second Floor, Atlantic House, Circular Road, Douglas, IM11AG, Isle of Man, (b) telephone, on +44 01624682119 (c) email (info@mahjonglogic.com).
  • Data Protection Officer
    • You can contact our Data Protection Officer in writing using the following contact details: support@mahjonglogic.com. The tasks of our Data Protection Officer include (for example) monitoring our compliance with applicable data protection laws and acting as contact for individuals whose data is processed by us.
    • If you have any questions about anything to do with this Privacy Policy, our data processes and practices or simply to exercise your privacy rights, please contact our Data Protection Officer using the contact details above.
  • Your privacy rights
    • We have summarized below your privacy rights. Some of these rights are complex, and not all of the details have been included in our summaries below. For this reason, you should read the applicable data protection laws and guidance from the Isle of Man Information Commissioner for a fuller explanation of these rights. You can do so by using this link https://www.inforights.im/information-centre/data-protection-law-2018/rights/.
    • You may exercise any of your rights below in relation to your personal data by contacting our Data Protection Officer in writing using the following contact details: support@mahjonglogic.com.
    • Your principal rights under the applicable data protection laws are:
      • the right to access;
      • the right to rectification;
      • the right to erasure;
      • the right to restrict processing;
      • the right to object to processing;
      • the right to data portability;
      • the right to complain to the Isle of Man Information Commissioner; and
      • the right to withdraw consent.
    • Right to access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
    • Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. You can ask us to make any necessary changes to ensure that your personal data is accurate and kept up to date.
    • Right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary for: exercising the right of freedom of expression and information; compliance with a legal obligation; for the establishment, exercise or defence of legal claims.
    • Right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another individual or legal person; or for reasons of important public interest.
    • Right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
    • Right to object to processing (direct marketing): You have the right to object to the processing of your personal data for direct marketing purposes (including, for example, profiling for direct marketing purposes). Examples of direct marketing include newsletters, text messages etc. At this point in time, we do not do any direct marketing. If and when we do direct marketing, you object to the processing of your personal data for direct marketing purposes, we will cease to process your personal data for this purpose. We will also provide you with a way to exercise this right at any time and this will include contacting our Data Protection Officer in writing using the following contact details: support@mahjonglogic.com.
    • Right to object to processing (scientific, historical research or statistics): You have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
    • Right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
    • Right to complain to the Isle of Man Information Commissioner: If you consider that our processing of your personal data infringes the applicable data protection laws, you have a legal right to lodge a complaint with the Isle of Man Information Commissioner (https://www.inforights.im/) which is the Isle of Man data protection regulatory body. You can find out how to do so by clicking on this link: https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/.
    • Right to withdraw consent: To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
  • Changes to the Mahjong Privacy Policy
    • We may update the Mahjong Privacy Policy from time to time by publishing a new version on our Website. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our Website and update the “Effective Date” date at the top of this Privacy Policy, i.e. this date will be the date upon which the updated Privacy Policy will be legally binding on you.
    • If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email. If you disagree with the changes to the Privacy Policy, you should contact our Data Protection Officer in writing requesting the erasure of your personal data and, if at that time we do direct marketing, then unsubscribe from our direct marketing communications such as newsletters etc.
    • If you continue accessing and/or using of our Website, receiving our communications, contacting us etc. this will constitute acceptance of the revised Privacy Policy.
  • What personal data we collect
    • We use many different kinds of personal data. They are grouped together as in the table below. The groups are all listed here so that you can see what we may know about you. We don’t use all this personal data in the same way.
Data Types Description
Website data This is data on how you use our Website and may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and Website navigation paths, as well as information about the timing, frequency and pattern of your use of our Website.
Communications (non-marketing) This may include personal data contained in or relating to any communication that you send to us or that we use to communicate with you. Such communications can include communications through via our social media channels website, phone, email, post and can be on any subject matter, including but not limited to enquiries about our platform, job applications, CVs etc.
Marketing data This may include personal data that we obtain about you from social media (e.g. Twitter), advertising or data we obtain from you at events we attend, e.g. your business card.
Cookies & similar technologies data This includes personal data that we obtain about you through cookies and similar technologies. For more information, see our Cookies Policy http://www.mahjonglogic.com
Profile data This may include your name and contact details and some of the other personal data set out in this table e.g. Website data, Marketing data.
Third party data This may include your name and contact details we obtain from third parties such as social media etc.
Other data This is personal data other than the ones set out in the table above.

 

  • How we collect your personal data

We collect your personal data from various sources. These are as follows:

  • Personal data you provide us about you: We collect your personal data that you provide us when you do things such as the following:
    • get in touch with us by email, telephone, post, and/or some other means; and/or
    • provide us with your name and contact details e.g. you give us your business card at an event we are attending.

 

  • Data we collect about you automatically: We collect your personal data when you contact us or automatically when you access and/or use our Website and through the use of cookies (see our Cookies Policy http://www.mahjonglogic.com. The types of personal data we will collect include, for example:
    • name and address;
    • demographic data;
    • the originating IP address;
    • the site that you visited immediately prior to visiting our Website;
    • the type of browser and operating system used (if provided by the browser);
    • the type of device model and version, device identifier;
    • URL of the referring page (if provided by the browser);
    • the specific actions that you take on our Website, including, for example, the pages that you visit; and
    • the time, frequency and duration of your visits to our Website.

 

  • Data we collect about you from others: We also collect personal data about you from others such as (for example) online through social media we use and the internet in general.

 

  • How we use your personal data
    • Below, you will find a list of the ways that we may use your data and which of the legal reasons we rely on to do so.
Processing Type Processing Purpose

 

Legal Reason
 

Website

 

to analyse your use of our Website as well as to develop, operate, improve, protect, personalise, customise and optimise our Website as well as to present it to you in the most effective manner for you and your device.

 

 

The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business and/or to comply with a legal obligation.

 

 

Communications (Non-Marketing)

 

 

to communicate with you (e.g. by email, by phone etc.) as well as to process the communications you send to us.

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

 

Operations

 

to perform general administrative and operational activities.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

 

Marketing

 

to conduct and analyse the effectiveness of our marketing.

 

 

The legal reason for this processing is our legitimate interest of the promotion, monitoring, and operation of our business.

 

 

Profiling

 

 

to create a profile of you by combining data you provided to us by you or we got from other sources such as social media, the internet in order to update, expand and analyse our data records.

 

 

The legal reason for this is our legitimate interest of the proper administration and/or operation of our business.

 

 

Security, Risk & Crime

 

to protect our Website and business, prevent fraud, spam, abuse, security incidents, harmful and/or illegal activity, conduct security investigations and risk assessments, and/or to verify or authenticate information.

 

 

The legal reasons for this processing are our legitimate interest of protecting our Website and business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

Research and Analysis

 

to carry out research (e.g. market research), business and statistical analysis.

 

The legal reason for this processing is our legitimate interest of the proper administration, monitoring and/or operation of our business.

 

Data Retention

 

to retain, store, archive and/or destroy the data.

 

 

The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

Sharing

(Service Providers)

 

to disclose your personal data to third party service providers we use.

 

 

The legal reasons for this processing is our legitimate interest of administering, operating and/or managing our business.

 

 

 

Sharing (Consent)

 

 

to share your data (including personal information) where you have provided consent, for the purpose(s) described at the time we ask you for your consent.

 

 

The legal reason for this processing is consent.

 

Sharing (Corporate Affiliates)

 

to share your data (including personal information) with our corporate affiliate companies from time to time, such as (for example) ITILES Limited.

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.
 

Sharing (Sale/Investment)

 

 

If there is (a) a sale or an asset transfer to a third party of, and/or (b) an investment in Mahjong, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

Sharing

(Internal re-organisation & Insolvency)

 

to pass on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

Sharing

(Insurers & Professional Advisers)

 

to disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.

 

 

The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

Sharing

(Legal Disclosures)

 

to disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

The legal reasons for this processing are to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

  • Providing your personal data to others
    • Third party service providers: We may disclose your personal data such as your name and contact details to our third party service providers to help us administer, operate and manage our business provide services related to us and/or our Website. Service providers may be located inside or outside of the EEA. For example, a service provider hosts our Website (i.e. Domicilium IOM Limited), provide our business software such as email hosting providers. These service providers have limited access to your personal data to perform these tasks on our behalf and are contractually obligated to use it consistent with this Privacy Policy.
    • Sale/Investment: If there is (a) a sale or an asset transfer to a third party of, and/or (b) an investment in Mahjong, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment. However, use of your personal data will remain subject to this Privacy Policy.
    • Insolvency: Your personal data may be passed on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration. In the case of an insolvency event, our customer database may be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too.
    • Our insurers & professional advisers: We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.
    • Legal compliance: In addition to the specific disclosures of personal data set out in this Section 8, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.
  • Direct Marketing
    • At the moment we do not conduct any direct marketing such as newsletters targeting EEA individuals.
  • How do you make use of social media?

We use social media accounts and pages in different ways.  In our case, we use social media to promote, and market our brand and business. We may also use social media to communicate with you.

  • International transfers of your personal data
    • Our Website is hosted in the Isle of Man. We may transfer your personal data to other countries outside the EEA. This may happen as follows:
      • The business software we use may be hosted outside the EEA. If that is the case, we rely on the adequate safeguards they have put in place to keep this personal data safe and secure.

These legal safeguards vary depending on which country the data is transferred to. For example, if the personal data is transferred outside the EEA, then they could, for example, be (a) part of the E.U.-U.S. Privacy Shield (www.privacyshield.gov) for data transfers to the US, or

(b) using what is called ‘Standard Contractual Clauses’ put in place by the EU, or

(c) the EU has decided that a particular non-EEA country provides the same/equivalent level of data protection as in the EU. The Isle of Man is on the list of non-EEA countries that provide the same/equivalent level of data protection in the EU. Click on this link for more information: https://www.inforights.im/legislation/data-protection-act-2002/data-protection-principles/eighth-principle-transfer-of-data-abroad/.

  • You acknowledge and agree that if you submit personal data for publication through our Website or social media accounts, this data may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
  • Security of personal data
    • We maintain administrative, technical and physical safeguards designed to protect your personal data provided to us. While no system or process is full-proof (e.g. hacking), we believe the measures implemented reduce our vulnerability to security problems to a level appropriate to the type of personal data involved and the current state of technology.
  • Retaining and deleting personal data
    • We have a data retention policy and procedure in place which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. In the case of: Personal details and transactional data for 7 years.
    • In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria: the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements e.g. whether (and for how long) we are required by law to retain your personal data.
    • However, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.
  • Third party websites
    • Our Website may contain links to third party websites. Please note that if you follow a link to any such website, we do not accept any liability and/or responsibility, because these websites have their own Terms & Conditions and Privacy Policies.