Data Protection Addendum for Mainland China
This Privacy and Data Protection Addendum For Mainland China (“Chinese DPA”) supplements the Terms of Service available at https://gameanalytics.com/terms/, and any other agreements (“Agreement”) as updated from time to time between you, either an individual or a legal entity that you represent as an authorized employee or agent (“Partner”), and GameAnalytics Ltd (“GA”) for GA’s products and services (“Service(s)”). This Chinese DPA is an agreement incorporated into and form part of the Agreement. This Chinese DPA shall be effective since the effective date of the Agreement, and survive termination or expiry of the Agreement. To the extent there are any prior agreements with regard to the subject matter of this Chinese DPA, this Chinese DPA supersedes and replaces such prior agreements. In case of any conflict between a provision of this Chinese DPA and the Agreement, as it relates to Personal Information, the provision of this Chinese DPA shall prevail. Capitalized terms used herein and not defined herein will have the meaning set forth in the Agreement and/or the Data Protection Laws.
This Chinese DPA applies when GA collects or processes Personal Information of Users which is transferred or made available by Partner and which is protected or otherwise regulated by Data Protection Laws. The parties hereby agree to comply with the following provisions.
1.1. “Affiliates” means with respect to a Party, all entities which, directly or indirectly, control, are being controlled by, or are under common control with such Party.
1.2 “Data Protection Rules” means any applicable laws, regulatory policy, national standard, industry standard of the mainland areas of the People’s Republic of China (for the sole purpose of this Chinese DPA, the Hong Kong S.A.R of People’s Republic of China, Macao S.A.R. of People’s Republic of China, and Taiwan areas of People’s Republic of China are not included) and/or any applicable policy of any platform that is engaged in providing service for GA and Partner with respect to the processing of Personal Data which GA or Partner is subject to, including but not limited to any law or regulation, regulatory policy, national standard, industry standard, policy pursuant to the Agreement that is similar, equivalent to, successors to, or that are intended to or implement the laws or regulations.
1.3 Privacy Requirements means any applicable Data Protection Rules, any industry standard, rule or guideline of GA.
1.5 “Personal Data” or “Personal Information’ means information relating to an identified or identifiable Individual, anonymous data is included in the scope of Personal Data.
1.6 “process” or “processing” “process” or “processing” includes collection, storage, use, process, transmit, making available, disclose to the public, erasure, etc.
1.7 “Service(s)” means Services provided by GA and/or its Affiliates to Partner according to the Agreement.
1.8 “User” means end users who visits or uses Partner’s Product (including mobile application).
2. Compliance with Privacy Requirements
Each party confirms that it has complied, and will continue to complied with the obligations related to personal data protection as set out by Privacy Requirements.
3. Processing by Partner
3.2 Partner acknowledges and agrees that GA’s SDK has the function to process Personal Data, and agrees that the processing of Personal Data by GA’s SDK is for the necessity of providing Services.
3.5 Upon request of GA, Partner shall provide GA with all the records of consents of Users. Partner understands and agrees that GA’s requirement for Partner to provide Users’ consents records does not relieve Partner’s legal liability arising out of making available the Personal Data to GA by Partner, nor does it constitute or lead to GA’s legal liability arising out of making available Personal Data to GA by Partner.
3.6 If Partner’s Product target to the Users or some Users who are defined as children (child under the age of 14), GA will not provide Services to such Product and such child User, and in this circumstance, Partner is not allowed to transfer or make available any child User’s Personal Data to GA, unless Partner has complied with the following requirements:
3.7.1 Partner has obtained prior consent of GA;
3.7.2 Partner warrants that it shall comply with any Privacy Requirement related to Personal Data protection of children and minors. If Partner may transfer or make available Personal Data of child User who are under the age of 14 to GA, Partner warrants that is has taken related measures and has obtained valid and explicit consents from its parents or any other authorized guardian (including the ways, manners and procedures shall be legal), and make reasonable effort to confirm that such consents are provided from parents or any other authorized guardian, to the extent for Partner and GA to process the Personal Data of Child User pursuant to this Chinese DPA and the Agreement.
3.7.3 Partner shall comply with any other provision directed by GA.
3.8 Due to the restriction of the current status of technology and the business mode, it is difficult for GA to actively identify child User’s Personal Data. If Partner realizes any processing of child User’s Personal Data by GA without GA’s acknowledgement or without any verifiable consent of parent or guardian, Partner shall notify GA in a timely manner. GA will try its best effort to delete such Personal Data. If GA realizes the above-mentioned situation by itself, GA will also delete the Personal Data in a timely manner, except for any retention as required by laws and regulations.
3.11 Partner shall provide Users with easy-to-operate mechanisms to access, correct, delete their Personal Data, revoke or change their authorization and consent, and cancel their personal accounts, etc., to ensure that Users can realize their personal data rights in accordance with Privacy Requirements.
3.12 Partner guarantees that the retention for the relevant Personal Data and data provided to GA (or allowed to be collected by GA) does not exceed the legally necessary storage period which is necessary for Partner to process such Personal Data and data, nor does it exceed the legally necessary storage period which is necessary for providing related services based on such Personal Data and data. The processing of such Personal Data and data due to the cooperation between Partner and GA has not exceeded the above-mentioned period.
3.13 Partner guarantees that it will not steal or obtain Personal Data in other illegal ways, or illegally sell or illegally provide Personal Data to any third party (including GA). Partner will not disclose, tamper with, or destroy Personal Data it collected.
3.14 GA will from time to time update the SDK due to the upgrade and optimization of the SDK and the Products, improvement of safety performance, legal and regulatory requirement, etc. Different version of SDK may collect different data field. In order to ensure the cooperation between both parties legal and compliance, and to practically fulfill the obligation to protect Users’ Personal Data, Partner shall ensure that it has upgraded the GA SDK to the officially most updated version so as to avoid any illegal issue arising out of using the SDK old version and any risk of being fined by the regulatory authority by Partner or GA. GA will inform Partner in effective ways such as notifications, station letters, announcements, etc., after the GA SDK is upgraded. Partner shall pay close attention to it and update the SDK version as soon as possible.
4. GA’s Processing
5. Limitation of Access
Each party will limit access to Personal Information to those personnel who require such access only as necessary to fulfill such party’s obligation under the Agreement. Each party is responsible to make sure that all relevant personnel of such party adhere to this Chinese DPA.
6. Information Security
Each party will maintain appropriate administrative, physical, organizational and technical safeguards aimed at maintaining an appropriate level of security, confidentiality and integrity of the Personal Information, in accordance with applicable Data Protection Laws, and official guidelines as provided by the competent authorities and good industry practice. Each party undertakes to regularly monitor compliance with these safeguards and will not materially decrease the overall security controls during the term of the Agreement.
The parties shall, on request, provide each other with all reasonable and timely assistance (at their own expense) and co-operation to enable the other party to comply with its obligations under the Data Protection Laws, including in order to enable the other party to respond to: (a) any request from a Data Subject to exercise any of its rights under Data Protection Law; (b) any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the processing of the Personal Information (“Correspondence”). Each party shall make commercially reasonable effort to promptly inform the other if it receives any Correspondence directly from a data subject in relation to the Personal Information.
Partner will make available all information necessary, including records of consents referred to in Section 4 as above under this Chinese DPA, to demonstrate Partner’s compliance with this Chinese DPA and will permit and contribute to any data audits reasonably required by GA upon GA’s prior written request and advanced notice.
The parties will indemnify each other and hold each other harmless from any cost, charge, damages, expense or loss (including but without limitation reasonable attorney fee, arbitration cost or litigation cost, investigation cost) which they cause each other as a result of their breach of any of the provisions of this Chinese DPA. Any limitation of liability specified in the Agreement will not be applicable to this Chinese DPA.
10. Governing Law and Dispute Resolution
The governing law and dispute resolution specified in Article 16.1 of the Terms of Service will also apply to this Chinese DPA.
1. Any alteration or modification of this Chinese DPA is not valid unless made in writing and executed by duly authorized personnel of both parties.
2. Invalidation of one or more of the provisions under this Chinese DPA will not affect the remaining provisions. Invalid provisions will be replaced to the extent possible by those valid provisions which achieve essentially the same objectives.
3. Upon termination or expiry of the Agreement and this Chinese DPA, GA may continue to process the Personal Information provided that such processing complies with the requirements of this Chinese DPA and the Privacy Requirements.
4. Partner acknowledges that GA and/or its Affiliates may disclose this Chinese DPA and any relevant privacy provisions in the Agreement to any supervisory authority, regulator or other competent authority, to the extent required under the applicable law. Such disclosure will not constitute a breach of GA’s confidentiality obligation under the Agreement.