About MTG
Our Business
Investors
News
  • en
  • sv
    • MenuClose

    MTG Corporate Website Privacy Policy

    Welcome to our Privacy Policy which contains information on how we process personal data when you visit our website, communicate, or otherwise interact with us in the cases described below. If you have any questions regarding our use of your personal data, please feel free to contact us over the channels provided below.

    When we refer to “you” in this Privacy Policy, we refer to you as data subject (see Section II. below for more details on what this means). If you are interacting with us on behalf of others, please make sure all affected people receive the information stated in this Privacy Policy.

    I. Who Are We?

    If we speak of “MTG”, “we” or “us” in this Privacy Policy, we refer to ourselves as controller as defined below. Our contact details are:

    Modern Times Group MTG AB
    Skeppsbron 18, Box 2094,
    111 30 Stockholm, Sweden
    Tel: +46 8 562 000 50

    If you have any questions regarding this Privacy Policy, data protection or if you want to exercise your rights mentioned in Section IV., you can at any time contact our Data Protection Officer. Her contact details are:

    Colette Yates
    c/o Modern Times Group MTG AB
    Skeppsbron 18, Box 2094,
    111 30 Stockholm, Sweden
    E-Mail: privacy@mtg.com

    II. Meaning of Terms

    The meaning of certain terms we use in this Privacy Policy is defined by the General Data Protection Regulation (“GDPR”). When we refer to the GDPR we are referring to the General Data Protection Regulation of the UK as well, unless we otherwise specify that we are referring to only one of them.

    All definitions set out in Art. 4 of the GDPR apply to this Privacy Policy. We’d like to explicitly mention the meanings of the following terms to make transparent what the often-used terms personal data, data subject, processing, controller and processor mean according to the GDPR:

    • ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    • ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
    • ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
    • ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    III. Legal Basis

    As a controller we need a legal basis to process your data lawfully, according to Art. 6 para. 1 GDPR. If

    • you have given your consent to the processing of your personal data for one or more specific purposes, this forms a legal basis according to Art. 6(1)(a) of the GDPR;
    • the processing is necessary for the performance of a contract between you and us or in order to take steps at your request prior to entering into a contract, the legal basis for this is Art. 6(1)(b) of the GDPR;
    • the processing is necessary for compliance with a legal obligation that applies to us, the legal basis for this is Art. 6(1)(c) of the GDPR;
    • the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and such legitimate interests are not outweighed by your interests or fundamental rights and freedoms, the legal basis for this is Art. 6(1)(f) of the GDPR.
    IV. Your Rights

    Under the GDPR you have certain rights regarding our processing of your personal data. According to the GDPR you have the following rights:

    • Right of information: You have the right to be provided information regarding our processing of your personal, in accordance with Art. 13 and 14 of the GDPR.
    • Right of access: You have the right to obtain confirmation as to whether we are processing your personal data and, if this should be the case, access to the personal data, in accordance with Art. 15 of the GDPR.
    • Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data about you, in accordance with Art. 16 of the GDPR.
    • Right to erasure (“right to be forgotten”): Under certain circumstances you have the right to obtain the erasure of your personal data, in accordance with Art. 17 of the GDPR.
    • Right to restriction: Under certain circumstances you have the right to obtain a restriction to the processing of your personal data, in accordance with Art. 18 of the GDPR.
    • Right to data portability: Under certain circumstances you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller, in accordance with Art. 20 of the GDPR.
    • Right to object: Under certain circumstances you have the right to object to the processing of your personal data, in accordance with Art. 21 of the GDPR. This includes, but is not limited to, the right to object in cases where we process your personal data under the legal basis of Art. 6(1)(f) of the GDPR.
    • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the EU of your habitual residence, place of work or the place of the alleged infringement, if you believe that the processing of your personal data infringes upon your rights under the GDPR, as set out in Art. 77 of the GDPR.

    The supervisory authority primarily responsible for handling complaints regarding our data processing activities is Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden, imy@imy.se.

    • Right to withdraw consent: If the processing of your personal data is based on your consent, as set out in Art. 6(1)(a) of the GDPR or Art. 9(2)(a) of the GDPR, you have the right to withdraw your consent at any time, in accordance with Art. 7(3) of the GDPR. Such withdrawal does not affect the lawfulness of any processing based on consent prior to its withdrawal.
    • Right not to be subject to a decision based solely on automated processing: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects that impact you or similarly significantly affects you, as set out in Art. 22(1) of the GDPR.
    V. Recipients / Categories of Recipients

    The personal data we process can also be processed by other parties on our behalf, and according to our instructions, or shared with and processed by other controllers. When data is processed according to this Privacy Policy, it is principally done so by our employees, and freelancers commissioned by us, who are responsible for that specific processing activity.

    The following list gives you an overview of the main providers of tools and services we use who might be recipients of your data:

    Providers of office tools

    Microsoft Enterprise Service Privacy
    Microsoft Corporation
    One Microsoft Way
    Redmond, Washington 98052 USA

    and

    Microsoft Ireland Operations, Ltd.
    One Microsoft Place
    South County Business Park
    Leopardstown
    Dublin 18, D18 P521, Ireland (both together “Microsoft”)

    and

    Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105
    USA (“Slack”)

    Data protection management tool

    OneTrust Technology Limited
    82 St. John Street
    Farringdon, London EC1M 4JN United Kingdom (“OneTrust”)

    Press release tool

    Cision Sverige AB
    Box 24194, 104 51, Stockholm
    Sweden
    (“Cision”)

    Provider of data management systems and IT services

    EVRY Sweden AB
    Ekensbergsvägen 113
    171 41 Solna Sweden
    (“Tietoevry”)

    Provider of Supplier Invoice Management

    Fast Four BV
    Evert van de Beekstraat 1
    1118 CL Schiphol
    Netherlands
    (“FastFour”)

    and

    Oracle Netsuit
    Oracle Corporation UK Limited
    Oracle Parkway
    Thames Valley Park
    Reading RG6 1RA
    United Kingdom
    (”Netsuit”)

    Providers of streaming services

    Svenska Financial Hearings AB
    Brunnsgatan 21b, 111 56 Stockholm
    Sweden
    > Privacy Policy
    (Financial Hearings”)

    and

    Vimeo.com, Inc.
    Attention: Data Protection Officer
    330 West 34th Street, 5th Floor
    New York, New York 10001
    > Privacy Policy
    (“Vimeo”)

    Some of these recipients are established outside of the European Union. Principally there are two possible safeguards we rely on when these recipients receive your personal data to ensure an adequate level of data protection is provided:

    • If a recipient is located in a country the European Commission has found provides an adequate level of data protection, we rely on such adequacy decision by the EU Commission.
    • If a recipient is not located in a country with an adequate level of data protection according to the European Commission, we either concluded a contract with this recipient in which we agree to rules that ensure the adequate care of your personal data (EU Standard Contractual Clauses developed by the European Commission), or we rely on the binding corporate rules of a group of undertakings or enterprises that were approved by a supervisory authority.

    Apart from the main possible recipients mentioned above, the following categories of recipients can receive personal data from us only when necessary in a specific case: financial and IT services; host providers; providers of data rooms for M&A transactions; potential buyers or sellers of an M&A transaction; external financial and legal advisors and auditors; courts or governmental authorities that legally legitimately oblige us (e.g., through subpoenas, court orders, governmental requests or search warrants) to disclose data; and providers for streaming live events.

    You can find details on which recipients and categories of recipients are involved in the processing of personal data under Section VI.

    VI. General Data Processing

    Below you will find information about how we process your personal data. These are the general processing activities that may apply when you interact with us. Every processing activity is broken down into 5 parts:

    (a.) What: What data is processed?
    (b.) Why: For what purpose is the data processed?
    (c.) Who: With whom do we share the data?
    (d.) Legal Basis: What law allows us to process the data?
    (e.) How Long: How long do we keep the data?

    1. Communicating With You
    1. What
      If we communicate with you via email or mail, we process all personal data you disclose to us during our conversation (e.g., you name, email address, the reason why you are contacting us etc.).

      Apart from this, it is also possible that we use other online messaging systems to communicate with you, if you choose to contact us over these channels. Please note that, if you wish to contact us via such alternative messaging systems, it is possible that the companies offering these services will also process your personal data, and that their privacy policies also apply. We have no influence over such data processing by third parties. For further information about how these companies process your personal data, please refer to their privacy policies.

    2. Why
      Depending on the circumstances, your personal data may be processed at your request prior to entering into a contract with us or to enable us to perform a contract you have concluded with us. Additionally, some processing activities are required for compliance with legal obligations. Apart from this, processing activities may occur based on our legitimate interest to respond to you when you contact us, and to maintain proof of the content of our conversations, including but not limited to those related to potential legal claims.
    3. Who
      Depending on the specific case, recipients of the processed personal data may be the providers of our office tools.
    4. Legal Basis
      The legal basis for processing your personal data prior to entering into a contract with us or to perform a contract you have concluded with us is Art. 6(1)(b) of the GDPR.

      The legal basis for processing your personal data in compliance with our legal obligations is Art. 6(1)(c) of the GDPR.

      The legal basis for processing your personal data under our legitimate interest is Art. 6(1)(f) of the GDPR.

    5. How long
      Your personal data is, at minimum, stored until the conclusion of the contract with you. If your data was collected at your request prior to entering into a contract with us, we will store that data for as long as objectively reasonable to fully conclude our conversations with you. Apart from this, your data will be stored according to statutory storage periods, should such laws apply, as well as any applicable statutory limitation periods, so that we may sufficiently defend ourselves against potential legal claims.
    2. Visiting Our Website
    1. What
      When you visit our website, we process your IP-address.
    2. Why
      We process this data to display the website correctly in your browser. This is a legitimate interest of ours.
    3. Who
      Recipients of the processed personal data can be our IT service providers and host providers.
    4. Legal Basis
      The legal basis for processing the data is Art. 6(1)(f) of the GDPR.
    5. How long
      The data is only processed during your visit to our website and is not stored in log files.
    3. Press Release Subscription
    1. What
      You can choose to receive our news and company information via email. To send you the press releases and reports, we process your email address and the selection of content you elected to receive, as well as data regarding whether you opened the email and the time it was opened.
    2. Why
      The purpose of processing the personal data is to keep you updated on our business developments, products, and services via email as per your request and according to your preferences, and to better understand what material you found most relevant.
    3. Who
      The recipient of the personal data is the provider of our press release tool.
    4. Legal Basis
      The legal basis for processing your personal data is your declaration of consent, in accordance with Art. 6(1)(a) of the GDPR.
    5. How long
      Your personal data will be stored for as long as you do not withdraw your consent. You can at any time withdraw your consent with future effect by using the unsubscribe link at the bottom of the email you received from us, or by contacting communications@mtg.com.
    4. Data Subject Requests
    1. What
      When you contact us to make use of your data subject rights (see above), we process your name, email address and any additional information you provide us in your request, as well as personal data provided to verify your identity as legitimate data subject if needed.

      We might also process your personal data when you contact another company of the MTG group which is an affiliate company of ours (“MTG Company”) with such a request if the company reaches out to us for legal advice regarding the matter.

    2. Why
      The personal data provided in your request is processed for the purpose of answering you, as well as ensuring our compliance with the GDPR by helping you as data subject exercise your rights as set out in the GDPR. This is also a legitimate interest of ours.

      If we process additional data of yours to verify your identity, this is done to prevent cases of fraud, which is a legitimate interest of ours.

      If we receive your personal data from an MTG Company in connection with a request for legal advice, we process your personal data to ensure that the advice provided is accurate and complete. As a parent company, we work closely together with all MTG Companies, and support them to ensure our group-wide compliance with applicable laws. This is a legitimate interest of ours and all MTG Companies.

    3. Who
      Depending on the specific case, recipients of the personal data could be the provider of our data protection management tool, our office tools providers or external legal advisors.
    4. Legal Basis
      The legal basis for processing the data in your request is Art. 6(1)(c) in connection with Art. 12 of the GDPR, as well as Art. 6(1)(f) of the GDPR.

      The legal basis for verifying your identity is Art. 6(1)(f) of the GDPR.

      If we receive your personal data from an MTG Company, the legal basis for receiving and processing that data is Art. 6(1)(f) of the GDPR.

    5. How long
      The data is stored for three years, starting at the end of the year in which you made your request, so we and/or the respective MTG Company may prove our compliance and defend ourselves against any potential legal claims made within the general statute of limitations period in Sweden for consumer claims.
    5. Legal Work
    1. What
      We work together with MTG Companies and external advisors to assess and manage legal matters. If a matter or dispute between you and us, or between you and an MTG Company (see definition in Section VI.4.a), requires relevant legal review, we and, if necessary, the relevant MTG Company, process the relevant data. This may include your name, e-mail address and contact details.

      It is possible that MTG Companies seek legal support from us as their mother company. In such cases, we may receive your personal data from the aforementioned MTG Company, and process your personal data as required to grant them legal support.

      If we receive a legitimate and legally binding request to disclose data (e.g., through subpoenas, court orders, governmental requests or search warrants) from authorized courts or governmental authorities, we will comply with such request.

    2. Why
      The purpose of processing this data is to enable the effective and uniform handling of legal matters within the MTG Companies. This is a legitimate interest of ours. In addition, the data processing may be used to execute, perform and conclude contracts with you.

      As a parent company, we also have a legitimate interest in supporting MTG Companies with legal matters to safeguard our business interests, the respective MTG Company and the entire MTG Group.

      We also have a legal obligation to comply with any legitimate and legally binding requests from authorized courts or governmental authorities.

    3. Who
      Recipients of the personal data may be the providers of our office tools or external legal advisors and auditors. Additionally, if we receive your personal data from an MTG Company seeking our support, the same potential recipients apply.

      In the case of legitimate and legally binding obligations by authorized courts or governmental authorities, such courts or authorities would be the recipients of the data.

    4. Legal Basis
      If the data processing is conducted in relation to the conclusion or performance of a contract with you, the legal basis of the data processing is Art. 6(1)(b) of the GDPR.

      If the data processing is based on a legitimate interest, the legal basis is Art. 6(1) let. f) GDPR.

      In case of legally legitimate and binding obligations by authorized courts or governmental authorities the legal basis for disclosing data would be Art. 6 para. 1 let. c) GDPR in connection with the respective laws that state the legal binding effect of the obligation.

    5. How long
      The storage period for data processed for the purpose of handling legal matters, disputes or complying with legal obligations is governed by the relevant limitation period, so that we can sufficiently defend ourselves against claims, or by the relevant legal obligations to retain documents.
    6. Due Diligence
    1. What
      We gather information on different companies to assess whether they are suitable for MTG’s merger and acquisition strategy and portfolio. Occasionally we will also employ external consultants to assist in the assessment process of a particular company.
    2. Why
      The purpose of the processing of the data by us and – if applicable – any engaged external consultants, is that it enables us to conduct due diligence prior to making decisions regarding the merger and acquisition of new companies. The data we collect may further be used for comparison purposes in subsequent acquisitions processes if the company was not fully acquired initially. This is a legitimate interest of ours.
    3. Who
      Recipients of the processed personal data can be our executive, board of directors, external agencies and legal teams. We can receive your personal data from the companies, directly from you, from data brokers or from external consultants.
    4. Legal Basis
      The data processing is based on a legitimate interest, the legal basis is Art. 6(1)(f) of the GDPR.
    5. How long
      The storage period for data processed for this processing activity is until due diligence is completed or 10 years, depending on the circumstances.
    7. Job Applications
    1. What
      We process your personal data when you apply for a job or a freelancer position (e.g., your name, date of birth, address, data included in your cover letter or CV, etc.).
    2. Why
      The data is processed to decide if a contract with you will be executed, or, if you already have a contract with us, to perform our obligations under the contract or terminate the contract.

      If we have decided not to hire you or if your employment with us has ended, your data will be stored to enable us to defend ourselves against potential claims based on § 64 Diskrimineringslag in connection with § 10 Lag om medbestämmande i arbetslivet. This is a legitimate interest of ours under Section 6(1)(f) of the GDPR.

    3. Who
      Recipients of the processed personal data can be the providers of our office tools or external HR consultants.
    4. Legal Basis
      The legal basis for processing your personal data when you are applying for a position with us and during your employment is Art. 6(1)(b) of the GDPR.

      The legal basis for processing your personal data if we have decided to not hire you, or if your employment with us has ended, is Art. 6(1)(f) of the GDPR.

    5. How long
      If we work together with you, your data is stored for the applicable statutory storage periods. In general, this is ten years starting at the end of the year in which your contract has ended (criteria derived from the general statute of limitations in Sweden). Should we decide not to hire you, we will delete your application two years after the decision of non-employment, so that we are able to defend ourselves against potential claims based on § 64 Diskrimineringslag in connection with § 10 Lag om medbestämmande i arbetslivet and Article 6(1)(f) of the GDPR.
    8. Cookies, Website Analytics & Consent Management

    We use cookies on our website. To make information about these readily available to you, and allow you to easily grant or withdraw consent or object to cookie-based processing based on a legitimate interest of ours, we have implemented a consent management platform. You can at any time open the consent management platform by clicking the “CUSTOMIZE COOKIES” link at the bottom of our website. In the consent management platform and in our Cookie Policy, you will find information on what data is processed, who the recipient is, the purpose of the processing, our legal basis and the storage period.

    You can contact us at any time via privacy@mtg.com if you want to withdraw or object to the processing of your personal data.

    9. No Automated Decision-Making

    We do not process your data by means of automated decision-making (e.g., profiling).

    10. Cybersecurity & Unsolicited Communications
    1. What
      In certain cases, we process your email address for cybersecurity reasons and/or for blocking unsolicited communications.
    2. Why
      The data is processed to block potentially malicious communications and secure our IT systems when we have reason to believe that communications you send us pose a potential threat to our IT systems, and/or to block unsolicited communications you send us to protect our employees from content that negatively impacts their work and/or well-being.
    3. Who
      Recipients of the processed personal data may be the providers of our office tools or the provider of our data management systems and IT services.
    4. Legal Basis
      The legal basis for processing your personal data for cybersecurity purposes and for blocking unsolicited communications is Art. 6(1)(f) of the GDPR.
    5. How long
      We store your personal data for as long as we objectively have reason to believe that your communications pose a potential threat to our IT systems and/or that you will send us further unsolicited communications.
    11. Livestreams
    1. What
      Public Livestreams: You can sign up to receive an invitation for livestreams we offer, such as MTG’s quarterly results or our Capital Markets events, by signing up to our press release distribution. By signing up, we process obligatory data, such as your email address, name, the name of the company you work for, and possibly other optional data, such as your phone number.

      Internal Livestreams: If you are an employee or freelancer working for MTG or a Group Company, you can join internal livestreams we offer, such as All-Hands, or other global company events. To send you and invite and let you join the livestream we process your name and business email address.

      When you participate in a Public or Internal Livestream, the username you chose may be displayed to other participants, as well as your image and spoken word, depending on your settings. If you choose to ask a question or make a comment during the livestream or in the chat of a livestream, we process any personal data you might disclose by doing this.

      Public and Internal Livestreams can be recorded and uploaded to a video streaming platform to make the video available for people who weren’t able to attend the livestream.

    2. Why
      When you sign up to attend one of our live streams, we need to process the personal data to send you details on how to join the stream, to adequately prepare for the stream, and to, if needed, internally debrief regarding the success of the stream, e.g., which topics were of interest to which viewers and how we can improve our livestreams in the future.

      Data that is visible to other participants (username) or that you disclose during a livestream is processed by us to offer a functioning livestream and participation features.

      As a participant of a livestream, you can choose whether you want to have your image and spoken word displayed in the livestream. Please note that livestreams can be recorded and uploaded to video streaming platforms for people that aren’t able to attend the livestream. If you do not wish to be recorded, please let us know beforehand. In such case you will unfortunately not be able to join the livestream since we do not have a technical solution to exclude individual attendees from the recording.

    3. Who
      The Recipients of the processed personal data vary from event to event. While we usually use our provider of office tools for group-internal livestreams (Microsoft), this can also be the case for public livestreams. Depending on the type of livestream, we may choose to use a different company for streaming the event.

      Internal Livestreams that are recorded can be stored on Microsoft Teams or Vimeo.

      Public Livestreams that are recorded can be stored on Vimeo or Financial Hearings.

    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(f) of the GDPR.
    5. How long
      Participant lists for our Capital Markets event are stored for a maximum period of one year.

      If a livestream is streamed and recorded via Financial Hearings, the video is stored and accessible for 3 years.

      Livestreams recorded via Microsoft Teams are deleted within a week after the stream has taken place.

      Internal Livestreams recorded and made accessible via Vimeo will be deleted 3 months after having been made accessible.

    Should we use a different company for streaming an event, we will ensure that the data used to participate in the livestream is not stored by that provider for longer than necessary.

    VII. Group Cooperations – General Information

    Together with our gaming studios we form a group of undertakings. We cooperate closely with the gaming studios of the group (each a “Group Company”) to learn from one another, help each other and improve how the group makes games. We like to see ourselves as a small gaming village in which we strive together to make great games.

    The following Group Companies are part of our gaming village:

    Hutch Games Ltd

    2nd Floor Scrutton Street,
    London, England, EC2A 4HH
    UK

    Privacy Policy

    InnoGames GmbH

    Friesenstraße 13
    20097 Hamburg
    Germany

    Privacy Policy

    Ninja Kiwi Limited

    17 Shamrock Drive,
    Kumeu, 0810
    New Zealand

    Privacy Policy

    Ninja Kiwi Europe Limited

    Unit 13, Vision Building, 20 Greenmarket, Dundee
    DD1 4QB
    United Kingdom

    Privacy Policy

    Ninja Kiwi Americas

    140 Divisadero St Apt. 6
    San Francisco, CA
    94117-3238
    United States

    Privacy Policy

    PlaySimple Games Private Limited India

    Second Floor, Anjaneya Techno Park No. 147,
    Kodihalli, HAL Old Airport Rd,
    Bangalore – 560008
    India

    Privacy Policy

    Playsimple Games Pte Ltd

    30 Cecile Street
    #19-08, Prudential Tower
    Singapore, 049712

    Privacy Policy

    Snowprint Studios AB

    Maria Bangata 2C
    11863 Stockholm
    Sweden

    Privacy Policy

    Snowprint Studios Germany GmbH

    Kopernikusstr. 35
    10243 Berlin
    Germany

    Privacy Policy

    VIII. Group Cooperations – Joint Controllerships

    What does joint controllership mean?

    When we cooperate with a Group Company we may sometimes jointly determine if and how certain personal data of yours is processed. In such a case the involved companies are each controllers of your data when doing so and the working relationship is called a joint controllership. We have concluded an agreement with all Group Companies in which the rules for our joint controllership are set out and which includes standard contractual clauses that ensure that personal data of people located in the European Union (or European Economic Area) is adequately safeguarded when transferred between us and a Group Company that is not established in the European Union or a country considered to have the same level of data protection as the European Union.

    In the following cases we and Group Companies are joint controllers of your personal data:

    1. Mergers & Acquisitions
    1. What
      We can support each other when buying or selling a company. In such cases a strictly limited number of personnel involved in such a transaction can receive access to personal data (e.g., names, email addresses, unique identifiers) included in relevant documentation shared by a potential seller or determine which personal data is shared with a potential buyer and how this shall be done. Principally, personal data is anonymized before it is disclosed and, should it be necessary to disclose personal data, such disclosure of personal data will be kept to a minimum.
    2. Why
      The purpose of such a cooperation is to review relevant material shared with us by a potential seller, so we and/or the involved Group Companies can make good business decisions, or to enable a potential buyer to do so when sharing such data with it. This is a legitimate interest of ours, the involved Group Companies, and the potential sellers or buyers.
    3. Who
      Recipients of the processed personal data can be our providers of office tools, providers of data rooms as well as external financial and legal advisors, involved Group Companies, and the potential buyer. We can receive your personal data from a Group Company, or a potential seller in which case the same recipients can apply.
    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(f) of the GDPR.
    5. How long
      The storage period for data processed for the purpose of handling legal matters or disputes is governed by the relevant statute of limitations period, so that we can sufficiently defend ourselves against claims, and by relevant legal obligations to retain documents. If a transaction has been successful, we might be obliged to store the respective personal data according to the applicable statutory provisions, in which case we will store the documents according to the retention periods stated in such provisions. Personal data that is no longer relevant to a transaction that has not been successfully made, and that is not relevant for another purpose under this Privacy Policy, will be deleted.
    2. Business Intelligence
    1. What
      We process a limited amount of pseudonymous data Group Companies share with us to get a better understanding of how you play our games and what you like about them so we can help our Group Companies improve them. This includes a group-internal unique identifier, game title, time of install, platform, country code per install, marketing channel/category and marketing campaign, browser information, engagement with the game (log-in sessions), amount of money spent in the game, and the effectiveness of a marketing campaign.
    2. Why
      A better understanding of how you play games of Group Companies and what you like about them helps us and the Group Companies improve them and our marketing stratagies. As parent company, it is essential for us that we can understand how games of the Group Companies are played and how effective the marketing efforts are to ensure that enough players enjoy our group’s games, enabling us to keep making them. This interest is shared by the Group Company whose game you are playing as well as the other Group Companies since they are part of our gaming village.
    3. Who
      Recipients of the data are Tietoevry and Microsoft who help us administer and manage the data. We receive the data from the Group Company whose game you are playing and do not share the data with other Group Companies.
    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(f) of the GDPR.
    5. How long
      The data is stored for as long as you are an active player of the game of our Group Company. Your data will be deleted or anonymized once you have either deleted your data (e.g., account) by requesting deletion from the relevant Group Company (e.g., in the game) or potentially after a certain time of inactivity from playing the game. Please check out the privacy policy of the Group Company whose game you are playing for details on the qualification of and retention period for data of inactive players.
    3. Data Protection Compliance Work
    1. What
      We support the Group Companies with their data protection compliance work. Together with them, we can jointly process personal data of yours required to ensure compliance with data protection laws, e.g., names, email addresses, usernames, unique identifiers (e.g., game-ID players). E.g., this can be the case when you reach out to a Group Company with a data protection request, and the Group Company seeks our support to respond adequately and in time.
    2. Why
      We want to be able to offer you a high level of data protection when you play our group’s games. To ensure that Group Companies comply with relevant data protection laws we offer them our support. This is a legitimate interest of ours, yours, and all Group Companies.
    3. Who
      Recipients of the processed personal data can be the providers of our office tools and OneTrust.
    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(c) of the GDPR in connection with Art. 12, 30, and 35 of the GDPR and Art. 6(1)(f) of the GDPR.
    5. How long
      The data will be stored for the time needed for the Group Company you are contacting to be able to prove that it is complying with data protection laws. During this time, we will only access your request if we need to support the Group Company in handling your request or if we need to provide proof of our compliance work (e.g., to a data protection authority). Please check out the privacy policy of the Group Company whose game you are playing for details on the retention period for data protection requests.

    Who can you contact?

    When we process your personal data, you have certain rights under the GDPR, which you can find in Section IV. of this Privacy Policy. If you have questions regarding the joint controllerships or want to make use of your data protection rights, you can contact us anytime by using the contact address mentioned in Section I. of this Privacy Policy.

    How is your data secured?

    We have implemented technical and organizational measures to ensure a level of security appropriate to the risk presented by the processing in accordance with Art. 24 and 32 of the GDPR.

    What happens in a case of a personal data breach?

    In case of a personal data breach under the GDPR that is likely to result in a risk to your rights and freedoms, we will, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the competent supervisory authority.

    Should such breach likely result in a high risk for your rights and freedoms, or where required by Article 34 of the GDPR, we, or the respective Group Company, will inform you of the personal data breach without undue delay.

    IX. Group Cooperations – Independent Controllerships

    Apart from cases in which we jointly process personal data, we cooperate with other Group Companies as independent controllers of your personal data in the following cases:

    1. Developing or Distributing Games
    1. What
      We can support Group Companies when they are developing or distributing their games (e.g., consultations regarding game features or functionalities). In this process it is possible that certain personal data of players of the games might be disclosed to us, such as names, email addresses, usernames, or unique identifiers. Such personal data will not be actively stored or used by us for such support.
    2. Why
      Since we and the Group Companies are part of the same group and we are their parent company, we share the legitimate interest of developing and distributing great games. To be able to do this we work closely together.
    3. Who
      Recipients of the processed personal data may be the providers of our office tools.
    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(f) of the GDPR.
    5. How long
      The personal data is stored by the Group Company whose game you are playing according to its applicable retention periods (e.g., the retention period for your account data). Please check out the privacy policy of the Group Company whose game you are playing for details.
    2. Legal Support
    1. What
      We can support Group Companies with legal guidance regarding legal complaints, claims, court proceedings or other legal matters they might be facing. In such cases we might receive personal data (e.g., names and contact details of plaintiffs or complainants) of persons involved in such legal matters from the Group Company we are supporting.
    2. Why
      Since we and the Group Companies are part of the same group and we are their parent company, we share the legitimate interest of effectively handling legal complaints, claims, court proceedings or other legal matters we might be facing. To be able to do this, we have to work closely together.
    3. Who
      Recipients of the processed personal data can be the providers of our office tools.
    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(f) of the GDPR.
    5. How long
      The data will be retained according to the relevant legal obligations (e.g., employment laws) or our legitimate interest of defending ourselves or the respective Group Company against legal claims.
    3. Freelancer & Outsourcing
    1. What
      If you are a freelancer providing services to a Group Company, the Group Company may share your personal data with us, e.g., names and contact details.
    2. Why
      Since we are all part of the same group and we are their parent company, we share the legitimate interest of effectively handling budgets and ensuring effective project management, which can necessitate the sharing of information about freelancers between us and the Group Company with whom they work.
    3. Who
      Recipients of the processed personal data can be the providers of our office tools.
    4. Legal Basis
      The legal basis for processing your personal data is Art. 6(1)(f) of the GDPR.
    5. How long
      Your personal data will be stored for the term of the contract you have with the Group Company and, if required by bookkeeping laws, for as long as it is necessary to retain documentation on financial transactions connected to your work.

    Last Updated: September 2, 2024

    Sounds good? Let’s talk!

    About MTG
    Our Business
    Investors
    News
    Contact

    Pressroom
    Subscribe

    LINKEDIN

  • English
  • Svenska

    • Cookie Policy

    Privacy Policy
    COPYRIGHT MODERN TIMES GROUP 2020 | Privacy Settings