Your privacy and data protection are our priority
Effective Date: July 15, 2025
This Privacy Policy applies to all of our games, websites and related services, collectively referred here as our Services. Your continued use of the Services after the effective date will be subject to new Privacy Policy. Your use of our Services, and any dispute over privacy, is subject to this Privacy Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes.
Please read the following to learn more about how we use your personal data.
For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the "GDPR"), Table Tank Games Limited (referred to as "Table Tank", "we", "us", or "our") will be the data controller responsible for any personal data we process.
If you have any questions or concerns about this Privacy Policy, including those related to exercise any of your rights, please contact us through the game's Help & Support so we can reply to you more quickly.
The data controller: Table Tank Games Limited
Email: privacy@tabletank.com
Address: Unit 02, 9/F., The Broadway, No. 54-62 Lockhart Road, Wanchai, Hong Kong
We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting your personal data.
In each of the sections listed below, we describe how we obtain your personal data and how we treat it.
We collect personal data related to current, prospective, and former customers ("users") of our Services.
We may obtain your personal data from the following sources:
We may collect the following categories of personal data relating to our users:
Individual Customers
| We may use your personal data to: | Our lawful basis for doing so is: |
|---|---|
| Provide you with our products or services (for example, play one of our online games and make online purchases) | Contract |
| We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
|---|---|---|
| Establish and manage our relationship (including maintaining or servicing accounts, providing customer service, and making your experience with us personalised) | Legitimate Interest |
• Account Management • Management Reporting (including at an intra-group level) • Exercise or defend legal claims |
| Learn about how our products and services are or may be used to verify or maintain the quality of, and improve, our products and services (for example, when we ask you to fill out surveys about the experience you had with us) |
• Understand the market in which we operate • Management Reporting (including at an intra-group level) |
|
| Security (ensuring confidentiality of personal data, preventing unauthorised access and modifications to our systems and otherwise maintaining the security of personal data) |
• Managing security, risk and fraud prevention • Management Reporting (including at an intra-group level) |
|
| Perform advertising or marketing services, including letting you know about our products, services and events that may be of interest to you by email or other forms of electronic communication |
• Promote our goods and services • Management Reporting (including at an intra-group level) |
| We may use your personal data to: | Our lawful basis for doing so is: |
|---|---|
| Send you marketing communications via email | Consent |
If you object to us using your personal data for the above purposes, including direct marketing, please let us know using the email address provided in section 1.
Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.
Children's Privacy: We do not knowingly collect or solicit personal data about or direct or target interest-based advertising to anyone under the age of 16 or knowingly allow such persons to use our Services. If you are under 16, please do not send any data about yourself to us, including your name, address, telephone number, or email address. No one under the age of 16 may provide any personal data. If we learn that we have collected personal data about a child under age 16, we will delete that data as quickly as possible. If you believe that we might have any data from or about a child under the age of 16, please contact us.
We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
We may collect personal data related to employees, directors, authorised signatories, or other individuals associated with Table Tank's existing or prospective corporate customers, business partners, and vendors.
We may obtain your personal data from the following sources:
We may collect the following categories of personal data relating to our existing or prospective customers', business partners', and vendors' employees, officers, authorised signatories, and other associated individuals:
| We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
|---|---|---|
| Provide you with our products or services or receive products or services from you | Legitimate Interest |
• Efficiently fulfil our contractual and legal obligations • Management Reporting (including at an intra-group level) |
| Establish and manage our relationship |
• Efficiently fulfil our contractual and legal obligations • Account Management • Understand the market in which we operate • Management Reporting (including at an intra-group level) • Exercise or defend legal claims |
|
| Learn about how our products and services are or may be used |
• Understand the market in which we operate • Management Reporting (including at an intra-group level) |
|
| Security |
• Managing security, risk and fraud prevention • Management Reporting (including at an intra-group level) |
|
| Let you know about our products, services and events that may be of interest to you by email or other forms of electronic communication |
• Promote our goods and services • Management Reporting (including at an intra-group level) |
If you object to us using your personal data for these purposes, including direct marketing, please let us know using game's Help & Support tool or via the email provided in section 1 above.
Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.
We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your business relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
If you contact us, we may keep a record of that correspondence.
| We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
|---|---|---|
| Provide our website services to you | Legitimate Interest |
• Website Management • Promote our goods and services • Account Management |
| Establish and manage our relationship |
• Understand the market in which we operate • Management Reporting (including at an intra-group level) • Account Management |
|
| Learn about our website(s) visitors' browsing patterns and the performance of our website(s), including to verify or maintain the quality of, and improve, our website, products and services | • Website Management | |
| Security (including ensuring confidentiality of personal data, preventing unauthorised access and modifications to our systems and otherwise maintaining the security of personal data) |
• Managing security, risk and crime prevention • Management Reporting (including at an intra-group level) |
|
| Perform advertising or marketing services, including letting you know about our products, services and events that may be of interest to you by email or other forms of electronic communication |
• Promote our goods and services • Management Reporting (including at an intra-group level) |
|
| Learn about how our products or services may be used, including to verify or maintain the quality of, and improve, our products and services |
• Understand the market in which we operate • Management Reporting (including at an intra-group level) |
If you object to us using your personal data for the above purposes, including direct marketing, please contact us using the email address in section 1.
Where we use cookies or similar technologies we will seek your prior consent where required to do so by law.
Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.
We will keep your personal data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.
We may obtain your personal data from you directly and from our records in our operating systems and platforms.
Visitors to our Premises
| We may use your personal data to: | Our lawful basis for doing so is: | Our legitimate interests in doing so are: |
|---|---|---|
| Security | Legitimate Interest | Managing security, risk and crime prevention |
| Maintain records of visitors to our premises | Legitimate Interest | Management Reporting |
If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.
We keep your personal data for as long as necessary to ensure security of visitors to our premises and as soon as it is no longer necessary, usually after 90 days, we delete it.
We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the GDPR and other relevant data protection laws.
We may share your information with the following types of service providers:
We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.
We share your personal data with our affiliates and partners in the EU/EEA and outside the EU/EEA. Where a data transfer outside the EU/EEA is not covered by an EU Commission adequacy decision, we rely on lawful safeguards referred to in Article 46 GDPR. This mainly includes EU Commission-approved Standard Contractual Clauses which we enhanced by supplementary security measures such as ancillary individual risk-assessments, additional contractual safeguards and technical safeguards including additional encryption or pseudonymisation, to enable International transfers with Table Tank affiliates and partners outside the EU/EEA. You will find the full text of the EU Commission-approved Standard Contractual Clauses through this link. Please feel free to contact us at privacy@tabletank.com for additional information on third country data transfers as well as our safeguards and supplementary security measures.
We share personal data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the EU, we ensure that they are contractually obligated to comply with the EU data protection rules. We also ensure in our contracts with these organisations that they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted to them.
We may also disclose personal data to our advisers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals. All these recipients are themselves responsible to comply with the EU data protection rules.
Some of the vendors that we engage to are located outside the European Economic Area. Where the EU Commission did not recognise them as locations providing adequate protection for personal data, we rely on lawful safeguards as described above.
You may request a copy of these agreements by contacting us at privacy@tabletank.com or write to us at the address set forth in the Who is Responsible for Processing Your Data and How to Contact Us section above.
You are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems. You can also limit, restrict or object to the processing of your data.
We do not carry out any decision-making based solely on automated processing, including profiling.
If you gave us your consent to use your data, e.g. so that we can send you marketing emails or display personalised ads, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.
You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections 'Why do we collect your personal data and what are our lawful bases for it?' above.
If you would like to exercise any of your above rights, you may contact us at privacy@tabletank.com or write to us at the address set forth in the Who is Responsible for Processing Your Data and How to Contact Us section above.
These additional provisions apply to individual residents of those U.S. States that have enacted comprehensive consumer privacy laws, including the California Consumer Privacy Act of 2018 and the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, the Utah Consumer Privacy Act, and each of their associated regulations, as well as amendments to those laws or additional consumer privacy laws that may be enacted in the future.
This section addresses the specific disclosure requirements under those laws and provides additional information about how we collect, use, share, and otherwise process personal information, the rights of covered consumers in relation to that personal information, and the ways to exercise those rights.
To the extent permitted under applicable law, you may be able to exercise the following rights in relation to the personal information that we may have collected about you, subject to certain limitations and requirements, including the verification of your identity and our right to retain information to comply with our legal obligations, among other circumstances.
| Privacy Right | Brief Details |
|---|---|
| Know and Access your Personal Information | You may request, up to two times in a 12-month period, that we disclose to you the categories and specific pieces of personal information that we have collected about you, the categories of sources from which your personal information has been collected, the business or commercial purpose for collecting your personal information, the categories of personal information that we disclosed for a business purpose, any categories of personal information about you that we sold or shared, the categories of third-parties with whom we have shared your personal information, and the business or commercial purpose for selling your personal information, if applicable, among other information required by applicable laws. |
| Request Deletion of your Personal Information | You have the right to request that we delete certain personal information that we may have collected from you. |
| Opt-Out of the "Sale" or "Sharing" of your Personal Information* | We do not sell your personal information in exchange for money or any other form of payment, nor have we done so in the last 12 months. We may "share" personal information about you for purposes of serving you with personalized ads or content, otherwise known as "interest-based advertising," "targeted advertising," or "cross-context behavioral advertising." You have the right to opt-out of any future "sales" or "sharing" of your personal information as defined by applicable laws (and as explained below). |
| Non-Discrimination | You have the right to exercise the rights conferred on you by applicable laws without discrimination. |
| Data Portability | You have the right to request that we transmit certain personal information that we may have collected from you (or about you) to other entities, unless transmitting the information would not be technically feasible. |
| Correct Inaccurate Information | You have the right to request that we correct errors or inaccurate information in the personal information that we may have collected from you. |
| Limit the Use or Disclosure of Sensitive Personal Information | In certain circumstances, you have the right to limit the use of any sensitive categories of personal information. As noted above, we do not collect or seek to elicit sensitive categories of personal information. |
| Opt-Out of the Use of Automated Decision Making | In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your personal information. |
We do not "sell" information about our users as most people would commonly understand that term or in the way that certain laws primarily define the term "sale." We do not disclose your personal information in direct exchange for money or some other form of payment.
However, consistent with common practice among companies that operate online, we do "sell" or "share" information in the sense that we allow certain third-party advertising networks and other third-party businesses to collect and disclose your personal information directly from your browser or device through cookies or tracking technologies when you visit or interact with our websites, use our apps, or otherwise engage with us. These third parties use your personal information for purposes of analyzing and optimizing our Service and advertisements on our websites, on other websites or mobile apps, or on other devices you may use, to personalize content or to serve ads that may be more relevant to your interests, and to perform other advertising-related services such as reporting, attribution, analytics, and market research.
If you wish to exercise any of these rights or any other rights that you may have under applicable law, please contact us at privacy@tabletank.com or write to us at the address set forth in the Who is Responsible for Processing Your Data and How to Contact Us section above.
As described above, we will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. In certain circumstances, you may also appoint an authorized agent to exercise any rights that you may have on your behalf. If you choose to exercise any rights through an authorized agent, you will need to verify your identity directly with us before we can process any requests. In addition, we will need written documentation demonstrating the authorized agent's authority to act on your behalf.
We aim to respond to a consumer request within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing. In certain circumstances, we may decline a request, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
The chart in the "Sharing of Your Information" Section above summarizes the categories of personal information we collect, the sources of personal information collection, the business purposes for our collection, and the categories of third parties with whom we "disclose," "sell," or "share" personal information. The chart describes our practices, both current and during the last 12 months.
Please see our Privacy Policy for additional details. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.
| Category of Personal Information Collected | Source(s) of Personal Information | Business Purpose(s) for Collection | Categories of Third Parties to Whom We Disclose the PI for a Business Purpose |
|---|---|---|---|
| Identifiers, such as name, username, email address and other contact information, IP address, and online identifiers (like advertising IDs and cookies) | • You or your device(s) • Advertising partners • Affiliates |
• Service delivery • Delivery of advertisements • Technical support • Customer support • Processing payments • Analytics • Business research & development • Marketing & promotions • Platform protection & fraud prevention • Compliance with legal obligations |
• Service providers • Affiliates • Your specified recipient(s) • Government entities/law enforcement • Advertising partners shared* for interest based advertising |
| Additional California Customer Records, such as address book information | • You or your device(s) | • Service delivery • Analytics • Business research & development • Marketing & advertising |
• Affiliates • Your specified recipients |
| Sensitive Personal Information, such as social security numbers, precise geolocation, or genetic and biometric data | • We do not intentionally collect or seek to elicit "sensitive personal information" as defined under applicable laws | N/A | N/A |
| Commercial Information, such as purchase history, in-app purchases, or other purchasing or consuming histories or tendencies | • You or your device(s) | • Service delivery • Delivery of advertisements • Analytics • Business research & development • Platform protection & fraud prevention • Compliance with legal obligations |
• Service providers • Affiliates • Your specified recipients • Payment processors • Advertising partners shared* for interest-based advertising |
| Internet or Network Information, such as information regarding interactions with a website, application, or advertisement | • You or your device(s) | • Service delivery • Delivery of advertisements • Analytics • Business research & development • Platform protection & fraud prevention • Compliance with legal obligations |
• Service providers • Affiliates • Your specified recipients • Government entities/law enforcement • Advertising partners shared* for interest-based advertising |
| Geolocation Data, such as city or county-level geolocation information | • You or your device(s) | • Service delivery • Delivery of advertisements • Analytics • Business research & development • Platform protection & fraud prevention • Compliance with legal obligations |
• Service providers • Affiliates • Your specified recipients • Government entities/law enforcement • Advertising partners shared* for interest-based advertising |
| Inferences, such as the derivation of information, data, or assumptions from the categories of personal information included above | • You or your device(s) | • Service delivery • Delivery of advertisements • Analytics • Business research & development • Platform protection & fraud prevention • Compliance with legal obligations |
• Service providers Affiliates • Advertising partners shared* for interest-based advertising |
* As further described above, we "share" this information with advertising partners for interest-based advertising.