Effective Date: 30th August, 2021 Thank you for playing our games! This Privacy Policy describes how we (Time Plus Q Technologies OU, hereinafter Time Plus Q) collect, process, use and share information about you, why we do so, and how you can ensure your privacy is protected at all times. Our goal is to be a reliable partner that treats your personal data in a respectful manner, in compliance with all applicable regulations, and leads the way when it comes to transparency and fairness. 1. DEFINITIONS 1.1 Data Subject is a natural person about whom Time Plus Q has got information or data enabling to identify the natural person. Data Subjects are, for example, the Clients, Visitors and cooperation partners, as well as the employees who are natural persons and whose personal data are held by Time Plus Q. 1.2 Privacy Policy is this text which sets out the principles for Personal Data Processing by Time Plus Q. 1.3 Personal Data is any information concerning an identified or identifiable natural person. 1.4 Personal Data Processing is any operation or set of operations which is performed on the Personal Data of a Data Subject, such as collection, recording, organisation, structuring, storage, alteration and disclosure, enabling an access to, retrieval, consultation, use, transmission, cross-checks, alignment or combination, restriction, erasure or destruction of Personal Data, irrespective of the manner of performing these operations or the means exploited. 1.5 Client is any natural or legal person that uses or has expressed a desire to use the Services of Time Plus Q. 1.6 Agreement is the Service Agreement or any other agreement entered into between Time Plus Q and the Client. 1.8 Website means the websites of Time Plus Q. 1.9 Visitor is any person using the Services or Website of Time Plus Q. 1.10 Child's Consent Age in the context of Personal Data Processing is at least 16 years in relation to the offer of information society services directly to a child. 1.11 Services are any services and products offered by Time Plus Q, including the information society services in the Product Portfolio of Time Plus Q. 1.12 Cookies are the data files of the Website sometimes recorded in the device of a Visitor. 1.13 Data Protection Officer of Time Plus Q is the person who monitors the implementation of the Personal Data Processing principles at Time Plus Q and who can be contacted by the Data Subject in case of a complaint. 1.14 Product Portfolio means the business entities, various products and Services of Time Plus Q, the list whereof is available in Time Plus Q Product Portfolio (such as games, Websites). 2. GENERAL PROVISIONS 2.1 Time Plus Q is the legal person Time Plus Q Technologies OU, registry code 12434979, registered address Harju county, Tallinn, J. Vilmsi tn 11-6, 10126. 2.2 Time Plus Q resolves all issues in relation to the protection of Personal Data in Estonia in conjunction and cooperation with the Estonian Data Protection Agency. 2.3 Time Plus Q may process Personal Data as: (1) a controller, while determining the purposes and means of processing; (2) a processor in accordance with the instructions from the controller; and (3) a recipient to the extent to whom the Personal Data are transferred. 2.4 This Privacy Policy of Time Plus Q constitutes an inseparable part of the Agreement entered into between Time Plus Q and the Client. 2.5 The Privacy Policy shall apply to the Data Subjects, and the rights and obligations set out in the Privacy Policy shall be followed by all the employees and cooperation partners of Time Plus Q who come into contact with the Personal Data that are in the possession of Time Plus Q. 3. PRINCIPLES 3.1 The objective of Time Plus Q is to Process Personal Data responsibly, based on the best practice, with the aim of always being prepared to demonstrate the conformity of Personal Data Processing to the established purposes, and Time Plus Q shall always take into account the interests, rights and freedoms of Data Subjects. 3.2 All the processes, guidelines, operations and activities of Time Plus Q that are related to Personal Data Processing are based on the following principles: (1) Lawfulness. There is always a legal basis for the Processing of Personal Data, i.e. consent; (2) Fairness. Personal Data Processing shall be fair, while providing a Data Subject with sufficient information and communication on how the Personal Data are Processed; (3) Transparency. Personal Data Processing shall be transparent for the Data Subject, including via this Privacy Policy, which explains why, how and when the Personal Data are processed; (4) Purposefulness. Personal Data shall be collected for legitimate purposes which have been established precisely, clearly and shall not later be processed in any manner which is in conflict with these purposes; (5) Minimisation. Personal Data shall be adequate, relevant and limited to what is necessary for the purpose of Processing the given Personal Data. Time Plus Q shall be guided by the principle of minimal Processing in Personal Data Processing, and as soon as the Personal Data are no longer necessary or needed for the purposes for which it was collected, the Personal Data shall be deleted; (6) Accuracy. Personal Data shall be correct and shall be updated as necessary, and all reasonable measures shall be taken to ensure that Personal Data which are incorrect in the light of the purpose of Personal Data Processing shall be deleted or corrected without delay; (7) Accuracy. Personal Data shall be correct and shall be updated whenever necessary. All reasonable measures will be taken in order to ensure that Personal Data, which in light of the purpose for Personal Data Processing is found to be incorrect, shall be deleted or corrected without delay; (8) Limit of storage. Personal Data shall be stored in the format enabling the identification of Data Subjects only as long as it is necessary to achieve the purpose for which the Personal Data are processed. It means that in case Time Plus Q wishes to store the Personal Data for a longer period of time than necessary for the purpose of collecting the data, Time Plus Q shall anonymise the data in such manner that the Data Subject shall no longer be identifiable. Time Plus Q shall store the data that has been received by Time Plus Q via a Client relationship or any other similar relationship, in accordance with the best practice. Data processed on the basis of consent will generally be stored until the given consent is withdrawn. Storage may also be based on other legal grounds for procession, e.g. legitimate interest or fulfilling a legal obligation of Time Plus Q. The information which may contain Personal Data (i.e. in forum posts or group discussions) shared by the Data Subject with Visitors, Clients shall remain public even after account is deactivated; (9) Reliability and confidentiality. Personal Data Processing shall be carried out in the manner ensuring the adequate security of Personal Data, including their protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, by taking reasonable technical or organisational measures. Time Plus Q has internal guidelines, rules for the employees, and separate agreements with every processor, stipulating the best practices, on-going risk assessment and adequate technical and organisational measures for Personal Data Processing; (10) Data protection by design and by default. Time Plus Q shall ensure that all the systems used shall meet the required technical criteria. The suitable data protection measures have been planned upon the renewal or design of every information or data system (e.g. the information systems and business processes are constructed using pseudonymisation and encryption). 3.3 Upon Personal Data Processing, Time Plus Q shall act with the purpose of always being capable of evidencing the conformity to the previously mentioned principles and additional information regarding the conformity to these principles can also be requested from the Data Protection Officer. 4. COMPOSITION OF PERSONAL DATA 4.1 Time Plus Q collects the following types of Personal Data: (1) the Personal Data disclosed to Time Plus Q by the Data Subject e.g.: a) contact information such as nickname and e-mail address; in some cases postal address, telephone number; b) information on job applicant such as resume, name, e-mail address, telephone number; c) information provided as an answer to a survey; d) information provided when creating an account, such as e-mail, nickname, country, age, gender; e) information provided when inviting others to use Time Plus Q Services; f) content of the messages sent through Time Plus Q chat channel or messaging system. (2) the Personal Data generated as a result of the day-to-day communication between the Data Subject and Time Plus Q; (3) the Personal Data manifestly made public by the Data Subject e.g.: a) Personal Data received from Facebook. If Data Subject logs in the game using its Facebook account, then Time Plus Q may receive Personal Data from Data Subject's Facebook account such as username, user ID. The content of the Personal Data depends on the Data Subject's Facebook privacy settings. If a Data Subject's Facebook is public, then Time Plus Q will receive such data as username, email address, age range, gender, selected language, country, names and avatars of the Data Subject's Facebook friends who are already playing Time Plus Q games. Data Subject can limit the Personal Data exposed to Time Plus Q. You can find Facebook's Privacy Policy in their website. b) Personal Data received from Google. If Data Subject logs in a Time Plus Q game using its Google account, then Time Plus Q may receive Personal Data from Data Subject's Google account username, user ID. The content of the Personal Data depends on the Data Subject's Google privacy settings. Time Plus Q may receive such data as name, email address and profile picture and also when there is Data Subjects consent the contact list of the Data Subject. Data Subject can limit the Personal Data exposed to Time Plus Q about how do to do that you can read more from Google's website. You can find Google's Privacy Policy in their website. (4) the Personal Data generated upon consumption of Services and visiting, using the Website e.g.: a) username, password; b) profile information such as gender, photo, age, date of birth; c) links to Data Subject's profiles on social networks; d) mobile device identifiers such as unique mobile device ID, hardware type, media access control (“MAC”) address, international mobile equipment identity (“IMEI”), name of the device; e) general information about Data Subjects location, as well as accurate information about the geographical position of the device (only when there is consent); f) game data such as interactions with the game itself and with other users in the game through server log files; g) player ID; h) the time spent on the Website and on the consumption of Services; IP address; the operating system of a device, browser type, language info, access times, addresses of the websites from which Data Subject transferred to Time Plus Q's Website; i) information about interaction with our Services such as when and how games are played, details about the game activity. (5) information collected using cookies or other similar technologies; (6) the Personal Data received from third persons e.g.: a) Data Subject's characteristics and interests; b) information about other games and services used. (7) the Personal Data created and combined by Time Plus Q: a) electronic correspondence; b) information about Data Subject's interactions with Time Plus Q on social media networks. 5. COMPOSITION, PURPOSES AND BASES FOR PROCESSING OF PERSONAL DATA 5.1 Time Plus Q shall Process Personal Data only on the basis of consent or on any other legal basis. Legal bases for Processing of Personal Data include, but are not limited to, legitimate interests or an Agreement between the Data Subject and Time Plus Q 5.2 Time Plus Q shall Process Personal Data on the basis of consent precisely within the limits, to the extent and for the purposes determined by the Data Subject. As for consents, Time Plus Q shall follow the principle that every consent shall be clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language. Consent may be given in writing or by electronic means or as an oral statement. A Data Subject shall give the consent freely, specifically, informedly and unambiguously, for example by ticking a box or by clicking a button. 5.3 Upon entry into and performance of an Agreement, Personal Data Processing may be additionally provided for in the specific Agreement, but Time Plus Q may Process Personal Data for the following Purposes: (1) in order to take steps at the request of the Data Subject prior to entering into the Agreement; (2) to identify the Client to the extent required by due diligence, this might include identification for account recovery; (3) to perform the obligations to the Client regarding the provision of its Services this includes providing appropriate device versions of Time Plus Q's Services, creating game accounts and providing Data Subjects with the opportunity to play Time Plus Q's games which includes storing Data Subject's game data ; delivering Services upon Data Subject's request; (4) to communicate with the Client this includes sending confirmations, invoices, technical notifications, updates, security alters, support and administrative messages; (5) to ensure the performance of the payment obligation of the Client; (6) to submit, realise and defend claims. 5.4 For the entry into an employment agreement, the Processing of the Personal Data of a job applicant by Time Plus Q based on the entry into the agreement and legitimate interest shall include: (1) Processing of the data submitted by the job applicant to Time Plus Q for the purpose of entering into an employment agreement; (2) Processing of the Personal Data received from the person indicated as the referee by the job applicant; (3) Processing of the Personal Data collected from state databases and registers and public (social) media. In case a job applicant is not selected, Time Plus Q shall store the Personal Data collected for the entry into an employment contract for one year in order to make a job offer to the job applicant in case a suitable position becomes vacant. When a year has passed after the submission of a job application, the Personal Data of the job applicant, who was not selected, shall be deleted. 5.5 Legitimate interest means the interest of Time Plus Q in the management and direction of its business in order to be able to offer the best possible Services on the market. Time Plus Q shall Process Personal Data on a legal basis only after careful consideration in order to ascertain the legitimate interest of Time Plus Q, based on which the Personal Data Processing is necessary and is in compliance with the interests and rights of a Data Subject (after carrying out the so-called three-step test). In particular, Personal Data Processing may take place on the basis of a legitimate interest for the following purposes: (1) for ensuring a trust-based relationship with a client, for example Personal Data Processing that is strictly necessary to determine the ultimate beneficiaries or to prevent fraud; (2) for the administration and analysing the client base to improve the availability, selection and quality of Services and products, and to make the best and more personalised offers to the Client upon the Client's consent; (3) for the identifiers and Personal Data collected upon the use of websites, mobile applications and other Services. Time Plus Q shall use the collected data for web analysis or for the analysis of mobile and information society services, for ensuring and improving the functioning of the Services, for statistical purposes and for analysing the behaviour and using experience of Visitors and for providing better and more personalised Services; (4) for the organisation of campaigns, including organisation of personalised and targeted campaigns, carrying out Client and Visitor satisfaction surveys, and measuring the effectiveness of the performed marketing activities; (5) for monitoring of the service. Time Plus Q may record the messages and instructions given in its premises as well as by means of communication (e-mail, telephone, etc.), as well as information and other operations carried out by Time Plus Q, and shall use those recordings as needed to evidence instructions or other operations; (6) for ensuring integrity of Time Plus Q's Services; for network, information, and cyber security considerations, for example for fighting against piracy and for ensuring the security of the Websites, as well as for the measures taken for making and storing backup copies; for protecting the safety of the Time Plus Q, its employees and others; (7) for corporate purposes, in particular for the financial management and for the Processing of the Clients' or employees' Personal Data; (8) for receiving feedback; (9) for targeted advertising online (also on third party websites) from which Data Subject can opt out (see section 12: Important Guidelines); (10) for providing Data Subject's with third party online advertising from which Data Subject can opt out (see section 12: Important Guidelines); (11) for the establishment, exercise or defence of legal claims. 5.6 For performing a legal obligation, Time Plus Q shall Process Personal Data to perform the obligations set forth by law or to exercise the uses permitted by law. Legal obligations derive, for example, from adhering to the rules of payment processing and prevention of money laundering. 5.7 In case Personal Data Processing is carried out for a new purpose, different from those for which the Personal Data were originally collected or is not based on the consent given by the Data Subject, Time Plus Q shall carefully assess the permissibility of such new Processing. The respective new purposes of Processing will always be public in the register of processing operations (see section 12: Important Guidelines). In order to determine whether the Processing for the new purpose is in compliance with the purpose for which the Personal Data were originally collected, Time Plus Q shall take into consideration, inter alia, the following: (1) any link between the purposes for which the Personal Data were collected and the intended further purposes Processing; (2) the context of collecting the Personal Data, in particular, regarding the relationship between the Data Subject and Time Plus Q; (3) the nature of the Personal Data, in particular, whether any special categories of Personal Data, or Personal Data related to criminal convictions and offences are processed; (4) possible consequences of the intended further processing for the Data Subjects; (5) existence of appropriate protection measures which may consist in, for example, encryption and pseudonymisation. 6. DISCLOSURE AND/OR TRANSFER OF CLIENT DATA TO THIRD PERSONS 6.1 Time Plus Q cooperates with persons, to whom Time Plus Q may transfer data regarding the Data Subjects, including their Personal Data, in the context and for the purposes of co-operation. 6.2 Such third persons may be the persons within the same group with Time Plus Q, its advertising and marketing partners, companies carrying out client satisfaction surveys, debt collection agencies, credit registers, IT partners, persons, authorities and organisations intermediating or providing (electronic) mail services, provided that: (1) the respective purpose and the Processing are lawful; (2) the Personal Data Processing is carried out in accordance with the guidelines of Time Plus Q and on the basis of a valid agreement; (3) the data regarding the respective processors are disclosed to the Data Subjects (see section 12: Important Guidelines). 6.3 Time Plus Q shall transfer Personal Data out of the European Union only if there is sufficient protection in the respective country; if protection measures have been agreed upon (e.g. binding internal rules of the group or standard data protection clauses); the Data Subject has given a clear and informed consent for such transfer; the transfer is clearly required by an agreement entered into with the Data Subject; the transfer is not repeated, it concerns only a limited number of Data Subjects; it is necessary for protecting the legitimate interests of Time Plus Q which are not overridden by the interests, rights or freedoms of the Data Subject, and if all the circumstances related to the transfer have been assessed and suitable protection measures have been established to protect the Personal Data, or if there is some other legal basis therefor. Time Plus Q shall inform the Data Protection Inspectorate of the transfer based on a legitimate interest. 7. SECURITY OF PERSONAL DATA PROCESSING 7.1 Time Plus Q shall store the Personal Data strictly in accordance with the law and only for the minimum period required. The Personal Data with an expired storage period shall be destructed using the best practice and in accordance with the procedure established for this purpose by Time Plus Q. 7.2 Time Plus Q has established guidelines and procedural rules for ensuring the security of Personal Data. Further information on the security measures taken by Time Plus Q can also be obtained from the Data Protection Officer of Time Plus Q. 7.3 In case of an incident related to Personal Data, Time Plus Q shall take all necessary measures to mitigate the consequences and hedge any relevant risks in the future. Inter alia, Time Plus Q shall register all the incidents and shall inform the Data Protection Inspectorate and the Data Subject directly (e.g. by email) or in public (e.g. via the news) in prescribed cases. 7.4 Time Plus Q stores Personal Data via Amazon Web Services, Google Cloud and in servers. 8. PROCESSING OF THE PERSONAL DATA OF CHILDREN 8.1 Time Plus Q does not knowingly collect any information on persons under the age of 16 and in case of any respective informed activity; we shall act based on the requests of a parent or guardian. 8.2 In case Time Plus Q finds out that it has collected Personal Data from a Child under the age of 16 or regarding a Child, Time Plus Q shall use its best efforts to discontinue the Processing of the respective Personal Data. 9. RIGHTS OF DATA SUBJECTS 9.1 Rights related to consent: (1) A Data Subject will always be entitled to inform Time Plus Q about his or her wish to withdraw the consent for the Personal Data Processing. (2) You will be able to change and withdraw your consents given to Time Plus Q by contacting Time Plus Q or in some cases by clicking the unsubscribe button. The contact details are set out in section 13 of this Privacy Policy. 9.2 A Data Subject has also the following rights upon Personal Data Processing: (1) Right to receive information i.e. the right of a Data Subject to receive information regarding the Personal Data collected about him or her. (2) Right of access to data i.e. the right to obtain confirmation as to whether or not Personal Data concerning him or her are being processed. It also includes the right of a Data Subject to a copy of the Processed Personal Data. (3) Right to rectification of inaccurate Personal Data. A Data Subject will be able to request the correction of inaccurate data. (4) Right to erasure of data i.e. in certain cases a Data Subject will be entitled to demand the deletion of Personal Data, for example if the Processing is carried out only on the basis of a consent. In some cases Personal Data displayed during the game, such as user name, avatar, scores and chat messages can be stored on other player's devices, and this data cannot be erased by Time Plus Q e.g. if such device is not connected to the WiFi network. (5) Right to demand restriction of Personal Data Processing. This right is created, inter alia, in case the Personal Data Processing is not permitted under law or if the Data Subject challenges the accuracy of the Personal Data. A Data Subject will be entitled to demand the restriction of the Personal Data Processing for a period enabling the processor to check the accuracy of the Personal Data or if the Personal Data Processing is unlawful but the Data Subject does not request the deletion of the Personal Data. (6) Right to data portability i.e. a Data Subject shall have, in certain cases, the right to receive the Personal Data in a machine-readable format, and to take these data along or transfer them to another controller. (7) Right to object in some cases the Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to Processing of Personal Data concerning him or her. (8) Rights related to automated Processing mean, inter alia, that a Data Subject will have the right to object, on grounds relating to his or her particular situation, at any time to Processing of Personal Data concerning him or her, based on automated decision-making. For the avoidance of doubt – Time Plus Q may Process Personal Data for automated decision-making promoting its business (i.e. for segmentation of Visitors in marketing context, and for sending them personalised messages, in the context of commencement of an employment relationship, and in order to ensure that our employees shall adhere to our internal security regulations). Automated Processing may also include data collected from public sources. You have the right to avoid any decisions based on automated Personal Data Processing, if they can be classified as profiling. This includes the right to refuse from targeted advertising (see section 12: Important Guidelines); (9) Right to the assessment of a supervisory authority on whether the Processing of the Personal Data of the Data Subject is lawful; (10) Compensation for damage when there has been a violation of Data Subject's rights for which Time Plus Q is liable. 10. EXERCISING OF RIGHTS AND FILING OF COMPLAINTS 10.1 Exercising of rights. A Data Subject will be entitled to address Time Plus Q or the Data Protection Officer of Time Plus Q using the contact details set out in section 13 in case of any question, request or complaint related to Personal Data Processing. 10.2 Filing of complaints. A Data Subject will be entitled to file a complaint to Time Plus Q and the Data Protection Officer of Time Plus Q, to the Data Protection Inspectorate or a claim to a court if the Data Subject is of the opinion that his or her rights have been infringed in Personal Data Processing. The contact details of the Estonian Data Protection Inspectorate are available on the website of the Data Protection Inspectorate: http://www.aki.ee/. 11. COOKIES AND OTHER WEB TECHNOLOGIES 11.1 Time Plus Q may collect data regarding the Visitors of the Websites and other information society services by using Cookies for this purpose (i.e. small pieces of information stored by the Visitor's browser on the hard disk of the computer of any other device of the Visitor) or other similar technologies (e.g. IP address, equipment information, location information, AD identifiers) and process these data. 11.2 Time Plus Q uses the collected data to enable the provision of the Service in accordance with the habits of a Visitor or Client; to ensure the best Service quality; to inform the Visitor and Client about the contents and give recommendations; to update advertisements and make marketing efforts more efficient; and to facilitate logging in and protection of data. The collected data shall also be used for counting the Visitors and recording their using habits. 11.3 Time Plus Q uses session Cookies, persistent Cookies and advertising Cookies. A session Cookie is deleted automatically after every visit; persistent Cookies shall remain upon repeated use of the Website, advertising Cookies and third party Cookies are used by the Websites of the partners of Time Plus Q which are connected with the Website of Time Plus Q. Time Plus Q does not control the generation of those Cookies (or other third party tracking), therefore information on these Cookies can be obtained from third persons. Further information on Cookies is available in the explanatory materials (see section 12: Important Guidelines). 11.4 As to the Cookies, Visitors agree with the use of Cookies on the Website, in information society service devices or the web browser. 11.5 Most of the web browsers allow Cookies. Without fully allowing Cookies, the functions of the Website are not available to a Visitor. The allowing or prohibiting Cookies and other similar technologies shall be under the control of a Visitor via the settings of the Visitor's own web browser, settings of the information society service and platforms for making such privacy more efficient (see section 12: Important Guidelines). 12. IMPORTANT GUIDELINES 12.1 The Privacy Policy of Time Plus Q shall be implemented on the basis of the following documents, guidelines and procedures: (1) All About Cookies: Descriptions of cookies and other web technologies used by Time Plus Q; (2) Your Online Choices; About Ads; Network Advertising: the platform of controlling and monitoring of cookies and other web technologies, where Data Subjects themselves can change and control how their Personal Data are used and collected. (3) Data regarding processors can be found here. 13. CONTACT DETAILS AND INFORMATION 13.1 The contact details of Time Plus Q that are important for a Data Subject: (1) Regarding Personal Data issues, Time Plus Q can be contacted by e-mail reachus@timeplusq.com. (2) The Data Protection Officer of Time Plus Q is Sri Prasanth Sridar who can be contacted by e-mail sriprasanth@timeplusq.com. 14. OTHER TERMS AND CONDITIONS 14.1 Time Plus Q will be entitled to unilaterally amend this Privacy Policy. Time Plus Q shall inform Data Subjects about amendments on the website of Time Plus Q, by e-mail or by other means. 14.2 The latest amendments and entry into force of the Privacy Policy: 30 August 2021