Ensuring GDPR Compliance in Studio Operations: User Sign-Up, Privacy Policies, and Form Design
Last updated
If your business is based in the European Union (EU), or if you process the personal data of individuals in the EU, the General Data Protection Regulation (GDPR) applies to you.
Under GDPR, when relying on consent as your legal basis, the consent you obtain must be freely given, specific, informed, and unambiguous. Furthermore, you must clearly explain how you plan to use the users' personal data.
When launching your marketing campaign with Studio (Branded Mini-Games DIY Studio), our tools include game customization, sign-up/sign-in tools, social sharing integration, leaderboards, analytics integration, and other sub-processor integrations such as Mailchimp. You may want to award prizes to top-ranked individuals on a leaderboard or randomly select winners. Even the simple use of a leaderboard requires users to sign up with their personal information. Thus, you are required to obtain consent from users for the personal information they provide for such events. You need to offer your own GDPR-compliant privacy policy and include the following text, mentioning Branded Mini-Games (Emoji Games) as the data processor in the Privacy Policy section:
(Quick Example) "We use Branded Mini-Games as our game marketing automation platform. By playing the game, you acknowledge that the information you provide will be transferred to Branded Mini-Games for processing in accordance with their Privacy Policy."
We take customer privacy and security very seriously, which is why we offer a data processing agreement (DPA) for EU/EEA and Swiss customers, or non-EU/EEA and Swiss customers processing data on behalf of EU/EEA and Swiss individuals, in addition to our publicly posted Privacy Policy. You have agreed to this DPA when you signed up with our Branded Mini-Games Terms of Use. Branded Mini-Game acts as your Data Processor, and you act as the Data Controller, who publishes your branded mini-game campaign targeting your audience playing games powered by Branded Mini-Game services. Please review this DPA carefully to understand your liabilities under the GDPR.
Note: Branded Mini-Games provides tools and information as a resource, but we do not offer legal advice. We recommend you contact your legal counsel to determine how the GDPR affects you.
As you prepare the Privacy Policy for your campaign using the Studio, please include the following text at the bottom of your Privacy Policy:
We use Branded Mini-Games as our game marketing automation platform. By playing the game, you acknowledge that the information you provide will be transferred to Branded Mini-Games for processing in accordance with their Privacy Policy.
When collecting personal data from your audience through Branded Mini-Games for ranking, competition, or lucky draw promotional events to award prizes, you must ensure users' consent to your organization's privacy policy as a Data Controller before gathering any user information.
If your campaign targets EU/EEA individuals, please choose the GDPR-friendly form.
If your campaign targets non-EU individuals, please choose the standard form.
Branded Mini-Games provides a GDPR-friendly form to help you create your campaign easily. However, as a Data Controller, you are ultimately responsible for complying with this law. Branded Mini-Game acts as a Data Processor for your campaign. This is why a Data Processing Agreement, which you agreed to through the Terms of Use when you signed up, is in place between you and Branded Mini-Games.
So, what is the difference between the standard and GDPR-friendly forms?
The Terms and Privacy Policy agreement checkbox is pre-checked.
The agreement text reads, "I agree to the Terms and the Privacy Policy."
The Terms and Privacy Policy agreement checkbox is NOT pre-checked.
The agreement text reads, "I confirm I am 16 years or older and have read and agreed to the Terms and the Privacy Policy."
Branded Mini-Games only processes personal data on behalf of you, the customer or advertiser who owns and runs the campaign. You will have access to the data, and it is your responsibility to manage and control it in accordance with your privacy policy, ensuring compliance with the GDPR.
We store personal data processed by us and our approved sub-processors on highly secure servers. We have also separated the location of the EU user database on a secured server from the non-EU database server. Branded Mini-Games utilizes Amazon's cloud-based secure server located in Ireland, and all EU/EEA personal data processed by Branded Mini-Games are stored in Ireland.
