← Back to PacificReelsGame

GDPR Compliance

Last Updated: January 15, 2025

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union, regardless of where the organization is located.

GDPR gives you greater control over your personal data and requires organizations to be transparent about how they collect, use, and protect your information. Even though PacificReelsGame is based in New Zealand, we serve users worldwide and are committed to meeting the highest standards of data protection.

2. Our Role as Data Controller

PacificReelsGame acts as a data controller for the personal information we collect and process. This means we determine the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed lawfully, fairly, and transparently.

2.1 Our Data Protection Principles

We follow the seven key principles of GDPR:

• Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
• Purpose Limitation: We collect data only for specified, legitimate purposes
• Data Minimization: We collect only the data necessary for our purposes
• Accuracy: We keep your data accurate and up-to-date
• Storage Limitation: We retain data only as long as necessary
• Integrity and Confidentiality: We protect your data with appropriate security measures
• Accountability: We can demonstrate compliance with all GDPR requirements

3. Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:

3.1 Consent

We process your data based on your explicit consent for:

• Marketing communications and newsletters
• Non-essential cookies and tracking technologies
• Personalized content and recommendations
• Social media integration features

3.2 Legitimate Interest

We process data based on our legitimate interests for:

• Website security and fraud prevention
• Analytics and service improvement
• Customer support and communication
• Business operations and administration

3.3 Contract Performance

We process data necessary to provide our services, including:

• Account creation and management
• Game progress and statistics tracking
• Leaderboard participation
• Technical support and troubleshooting

4. Your Rights Under GDPR

4.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data. This includes:

• What personal data we hold about you
• Why we are processing it
• Who we share it with
• How long we will keep it
• Your rights regarding the data

4.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your information by:

• Logging into your account and updating your profile
• Contacting our support team
• Using our data request form

4.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when:

• The data is no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis
• The data has been processed unlawfully
• You object to processing and there are no overriding legitimate grounds

4.4 Right to Restrict Processing (Article 18)

You have the right to restrict our processing of your personal data when:

• You contest the accuracy of the data
• The processing is unlawful but you prefer restriction to erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. This includes:

• Your account information and preferences
• Game statistics and progress data
• Communication history
• Any other data you have provided to us

4.6 Right to Object (Article 21)

You have the right to object to processing of your personal data for:

• Direct marketing purposes
• Profiling for marketing purposes
• Processing based on legitimate interests
• Processing for research or statistical purposes

5. Data Processing Activities

Data Category	Purpose	Legal Basis	Retention Period
Account Information	User authentication and account management	Contract Performance	Until account deletion + 1 year
Game Data	Game progress and statistics tracking	Contract Performance	Until account deletion + 2 years
Communication Data	Customer support and inquiries	Legitimate Interest	3 years from last contact
Analytics Data	Website and service improvement	Legitimate Interest	26 months
Marketing Data	Newsletters and promotional communications	Consent	Until consent withdrawn
Technical Data	Security and fraud prevention	Legitimate Interest	1 year

6. Data Transfers and Safeguards

6.1 International Transfers

As a New Zealand-based company serving users worldwide, we may transfer your personal data to countries outside the European Economic Area (EEA). We ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate data protection
• Standard Contractual Clauses: EU-approved contract terms for data transfers
• Binding Corporate Rules: Internal data protection policies
• Certification Schemes: Industry-recognized privacy certifications

6.2 Third-Party Processors

We work with trusted third-party service providers who act as data processors. All processors are:

• Bound by strict data processing agreements
• Required to implement appropriate security measures
• Subject to regular compliance audits
• Limited to processing data only as we instruct

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide clear information about the breach and its consequences
• Explain the measures we are taking to address the breach
• Offer guidance on steps you can take to protect yourself

8. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and serve as your point of contact for data protection matters. Our DPO:

• Monitors our compliance with GDPR requirements
• Provides advice on data protection impact assessments
• Acts as a contact point for supervisory authorities
• Handles your data protection inquiries and requests

9. Exercising Your Rights

To exercise any of your GDPR rights, you can:

• Email: privacy@pacificreelsgame.com
• Online Form: Use our data request form on the website
• Account Settings: Update certain information directly in your account
• Support Team: Contact our customer support team

We will respond to your request within one month of receipt. If we need more time, we will inform you and explain why. We may ask for additional information to verify your identity before processing your request.

10. Supervisory Authority

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your supervisory authority at the European Data Protection Board website.

11. Contact Information

Questions about GDPR Compliance? If you have any questions about our GDPR compliance or your data protection rights, please don't hesitate to contact our Data Protection Officer. We're committed to protecting your privacy and ensuring full compliance with all applicable data protection laws.