INTRODUCTION TO PRIVACY NOTICE

This Privacy Notice (referred to as the “Notice”) outlines how Insta-Games (referred to as “IG”, “we” or “us” in this Notice) collects, uses, stores, and processes the personal data of users of IG’s services (referred to as “you” or “data subject” in this Notice), and explains your rights regarding your personal data in compliance with the General Data Protection Regulation (GDPR).

The processing of personal data, such as the name, address, email address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and in accordance with the country-specific data protection regulations applicable to IG. Utilizing this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed through this data protection declaration of the rights to which they are entitled.

As the controller, IG has implemented numerous technical and organizational measures to ensure the complete protection of personal data processed through IG’s services. However, Internet-based data transmissions may, in principle, have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g., by email.

SERVICES/APPLICATIONS COVERED

This Notice applies to all games and applications developed and made available by IG on iOS and Android platforms through the App Store and Play Store, respectively.

The Services is a non-exhaustive list that encompasses existing titles such as Flappy Flamingo as well as any future games and applications developed and released by IG on iOS and Android platforms through the respective app stores.

By using any of the games or applications made available by IG, regardless of whether it is specifically mentioned in the above list, you agree to the terms outlined in this Notice.

SOURCE OF DATA PROCESSED

The personal data processed by us may be obtained from various sources, including but not limited to:

• Data Subject. Information provided directly by the data subject, for example, through interactions, inquiries, or the use of our services.
• Contractual Partners. Details obtained from contractual partners, such as collaborators, clients, or service providers, as necessary for the performance of contracts or agreements.
• Publicly Available Sources. Information obtained from publicly accessible sources, where permissible under applicable laws and regulations.
• Automated Processes. Data generated or collected through automated processes, including application interactions, cookies, and similar technologies, in accordance with our privacy and cookie policies.
• Legal Obligations. Data is collected to fulfill legal obligations, such as tax regulations or other statutory requirements.

When applicable and required by law, we will inform data subjects about the specific sources from which their personal data is collected. If you have questions or concerns regarding the source of your personal data, please contact us for further information.

DATA SUBJECT RIGHTS UNDER APPLICABLE LAWS

Under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), data subjects have specific rights regarding their personal information. Here is a summary of your rights under each regulation:

Rights Of Data Subjects Under GDPR

• • Right to Access. Data subjects have the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed, and, if so, access to that personal data.
  • Right to Rectification. Data subjects have the right to request the correction of inaccurate personal data concerning them and the completion of incomplete personal data.
  • Right to Erasure (Right to be Forgotten). Data subjects have the right to request the erasure of personal data concerning them under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed.
  • Right to Restriction of Processing. Data subjects have the right to request the restriction of processing of their personal data under certain circumstances, such as when the accuracy of the data is contested, or the processing is unlawful.
  • Right to Data Portability. Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance.
  • Right to Object to Processing. Data subjects have the right to object to the processing of their personal data under certain circumstances, such as processing based on legitimate interests or direct marketing purposes.
  • Right to Withdraw Consent. If the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint. Data subjects have the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data infringes GDPR.

Rights Of Data Subjects Under CCPA

• • Right to Know. Data subjects have the right to know what personal information is being collected about them, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting or selling personal information, and the categories of third parties with whom the information is shared.
  • Right to Delete. Data subjects have the right to request the deletion of their personal information collected by a business or service provider, subject to certain exceptions.
  • Right to Opt-Out of Sale. Data subjects have the right to opt out of the sale of their personal information to third parties.
  • Right to Non-Discrimination. Data subjects have the right not to be discriminated against for exercising their rights under CCPA, such as by denying goods or services, charging different prices or rates, or providing a different level or quality of goods or services.
  • Right to Opt-In (for Minors). Minors under the age of 16 have the right to opt-in to the sale of their personal information.
  • Right to Access (for Minors). Minors under the age of 13 have the right to access and request deletion of personal information collected about them, subject to certain exceptions. For more information please check Clause 13 of this Notice.

APP PRIVACY REPORT

• iOS provides a feature called App Privacy Report, which allows you to see how often IG accesses certain types of personal information, such as your location, photos, camera, microphone, and contacts. At IG, we are committed to transparency and only access the personal information necessary for our app’s functionality.
• In compliance with Children’s Online Privacy Protection Act (COPPA), we do not collect, use, or store personal information from children under 13 without verifiable parental consent. For all data subjects, we access personal information only when it is essential for the app’s features. For example:

1. 1. If IG includes location-based games, we may access your location to provide relevant features;
   2. If IG includes games that use the camera or microphone, we may access these features to enable gameplay;
   3. If IG allows you to save or share images, we may access your photos with your permission.

DATA TRANSFER INFORMATION

In the course of our business operations, IG may share personal data with third parties, such as legal representatives, contractors, marketing and sales departments, accounts departments, analytics tools, advertising networks, and third-party SDKs, solely for purposes outlined in our Privacy Notice. Any third party with whom we share data, including those located internationally, is required to provide the same or equal protection of user data as stated in our Privacy Notice and as required by Apple’s App Review Guidelines. This includes ensuring compliance with applicable privacy laws and implementing appropriate security measures to safeguard user data. This section provides details on such transfers.

Legal Basis for International Transfers

The legal basis for the transfer of personal data internationally is based on the necessity of processing for the performance of a contract, compliance with legal obligations, the protection of vital interests, consent, the performance of a task carried out in the public interest or the exercise of official authority, and legitimate interests pursued by IG or a third party.

International Recipients

Recipients of personal data may include:

• Legal Representatives. Personal data may be shared with legal representatives for legal and contractual purposes.
• Contractors. External contractors engaged by IG may receive personal data for the provision of services and support.
• Marketing and Sales Departments. Personal data may be shared with international marketing and sales departments for promotional activities and customer communication.
• Accounts Departments. International accounts departments may receive personal data for financial and accounting purposes.

Safeguards for International Transfers

To ensure the security and confidentiality of personal data transferred internationally, we implement appropriate safeguards, which may include:

• Standard Contractual Clauses. Contracts with international recipients may include standard contractual clauses.
• Data Protection Impact Assessments. Assessments are conducted to identify and minimize risks associated with international transfers.
• Data Minimization. Only necessary personal data is transferred to international recipients.

DATA RETENTION INFORMATION

Minimal Personal data will be collected and retained only for as long as necessary for the purposes outlined in this Notice or as required by applicable laws. Upon the expiration of the applicable retention periods, personal data is securely disposed of to prevent unauthorized access or disclosure.

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. If the data subject requests for termination or terminates their IG Account, the personal data shall be retained for a period of 1 year from the date of termination or as statutorily obligated.

It is important to note that the obligation to provide personal data is communicated transparently to individuals before or at the time of data collection. If there are uncertainties about the specific obligations related to the provision of personal data, the data subjects, their guardians, or users are encouraged to contact us for clarification.

ROUTINE DATA ERASURE AND BLOCKING INFORMATION

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the relevant legislator, laws, or regulations to which the controller is subject.
If the storage purpose of data is not applicable, expires, or is not mentioned herein in this Notice, the personal data are routinely blocked or erased as per legal requirements.

IMPLEMENTATION OF CHILDREN’S PRIVACY PROTECTION

IG is committed to complying with Apple’s App Tracking Transparency (ATT) Framework and the Children’s Online Privacy Protection Act (COPPA) to protect the privacy of children under the age of 13. We do not knowingly track or collect personal information from children under 13 without verifiable parental consent.

If you are under the age of 13, please do not provide any personal information on IG’s services, applications, or through any of its features. If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will take prompt steps to delete that information from our records.

• Parental Consent. As required by COPPA, if we track or collect personal information from a child under 13, we will seek verifiable parental consent before collecting, using, or disclosing that information. Verifiable parental consent may be obtained through various methods, including but not limited to, a signed consent form, a toll-free telephone number, or an email accompanied by a digital signature.
• Parental Rights. Parents have the right to review the personal information collected from their child under 13, request deletion of the information, and refuse further collection or use of their child’s information. If you choose to ask IG not to track or collect personal information, you will still have full access to all features and functionality. Your decision will not affect your ability to use IG. To exercise these rights, please contact us using the information provided below.
• Contact Information. If you have any questions or concerns about our privacy practices, or if you believe your child under 13 has provided personal information to us without verifiable parental consent, please contact us at ask@insta-games.com with the following subject line – Requesting Assistance under COPPA.

DATA CONTROLLER INFORMATION

IG is the data controller responsible for determining how and why personal data is processed. The registered address is 1085 SS Erin Rd Debe Trinidad West Indies.

For inquiries related to this Notice or to exercise your rights under GDPR, you can reach us via email at ask@insta-games.com.

GDPR REPRESENTATIVES INFORMATION

In accordance with GDPR, we provide the following information regarding our representatives:

EU Representative:

Email: eurep@insta-games.com

UK Representative:

Email: ukrep@insta-games.com

For any inquiries or communication related to data protection matters, you may contact the appropriate representative based on your location. We are dedicated to facilitating communication and ensuring compliance with data protection requirements.

DATA PROTECTION OFFICER INFORMATION

The Data Protection Officer (DPO) is responsible for ensuring IG’s compliance with data protection regulations. You can contact our DPO, at the following details for any clarifications:

• Name: Ravil Sookhoo
• Email: dpo@insta-games.com
• Address: 1085 SS Erin Rd Debe Trinidad West Indies

If you have any questions, concerns, or requests related to the processing of your personal data or data protection matters, feel free to reach out to our DPO. We are committed to addressing your inquiries promptly and ensuring the protection of your privacy rights.

SUPERVISORY AUTHORITY INFORMATION

Data subjects have the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates data protection regulations.

If you wish to exercise this right, you can find contact information for supervisory authorities worldwide through the following links:

UK: https://ico.org.uk/

EU: https://edpb.europa.eu/about-edpb/about-edpb/members_en

CHANGES TO THIS PRIVACY NOTICE

We may update this Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes to this Notice, and where required by law, seek your consent for such changes.

Thank you for reading our Privacy Notice. If you have any questions or concerns, please contact us at ask@insta-games.com.