Privacy Policy
ELSEDER LIMITED (referred to as "Company", "we", "us", or "our") is the data controller of the Services. We are fully committed to transparency and to protecting your personal data in accordance with applicable privacy laws.
The Services consist of our website located at Maze Escape.com (the "Website"), together with our mobile application titled "Maze Escape" (the "App"), distributed via Google Play Store and Apple App Store. Collectively, the Website and the App are referred to as the "Services".
This Privacy Policy explains the types of personal data we process, the purposes and legal bases for processing, your rights, and the security measures we implement. It is drafted in strict compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant frameworks.
This Privacy Policy is an integral part of our Terms of Service. Please read both documents carefully. If you have any questions or wish to exercise your legal rights, contact us at: ratrace154174@outlook.com
📌 Legal notice: The Services are provided for entertainment only. No real-money gambling, no opportunity to win real money or prizes. No purchase is required to access core gameplay. Your privacy rights are fully respected.
1. Definition of Personal Data
Personal data means any information relating to an identified or identifiable natural person. This includes, but is not limited to, your name, email address, location data, and technical identifiers such as IP address (static or dynamic), MAC address, IMEI, UDID, IDFA, browser type, operating system, and device characteristics.
For California residents, personal data also includes information that identifies, relates to, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Under the CCPA, “sell”, “selling”, “sale”, or “sold” means transferring personal data to another business or third party for monetary or other valuable consideration.
Sensitive personal data encompasses racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed for identification, health information, sexual orientation, and criminal records. For residents of India, sensitive data also includes passwords and financial account details. We do not knowingly collect or process sensitive personal data.
All capitalized terms used but not defined herein have the meanings ascribed to them in our Terms of Service or the GDPR. The Company acts as the data controller for all personal data collected via the Services.
2. Categories of Personal Data Collected
We collect only the data necessary to provide and improve the Services. We do not intentionally collect sensitive information.
a. Website Data
2.1. User Inquiries and Support Messages
When you send a message or request to our designated email address displayed on the Website, we collect the information you voluntarily provide (e.g., name, surname, email address). We ask that you refrain from providing excessive personal data, third-party information, or sensitive details.
2.2. Newsletter Subscriptions
If you subscribe to our newsletters, we collect your email address and username. You may unsubscribe at any time via the link in every email. We will not send you excessive communications.
2.3. Automated Collection (Cookies and Similar Technologies)
We use cookies and similar tracking technologies to enhance functionality and user experience. With your consent, we may also use analytics and personalisation cookies. Please refer to our separate Cookies Policy for detailed information.
b. 'Maze Escape' App Data
2.4. Account Credentials
No registration is required to use the App. You automatically receive a guest account. However, you may sign in via Google Play Games, Gamekit, Google, Apple, or Facebook. By doing so, you grant us permission to access your first name, last name, and email address from that third‑party service. Providing this information is optional; you may continue as a guest.
2.5. Customer Support Communications
When you contact us through the App (e.g., technical support or inquiries), we collect the information you choose to provide (name, email, etc.). Please avoid sending unnecessary third‑party data.
2.6. Newsletter Subscriptions via App
Same as the Website – we collect email and username, with easy unsubscribe options.
2.7. Technical Data Automatically Collected
We automatically collect certain technical information from your device, including IP address, unique device identifiers, operating system version, and browser type. This helps us optimise performance, troubleshoot issues, and improve the App.
2.8. Financial Information
We do not directly collect or store any payment credentials (e.g., bank account numbers, credit/debit card details). All payments are processed by authorized third‑party payment providers (Google, Apple, etc.). We receive only transaction IDs and receipts to verify that a purchase relates to your account.
3. Legal Bases and Purposes of Processing
a. Lawful Bases
We process personal data only when a valid legal basis exists under applicable data protection laws:
- Performance of a contract: Most data processing (account management, user support) is necessary to fulfill our obligations under the Terms of Service.
- Consent: For newsletters, optional third‑party login, and non‑essential cookies, we rely on your explicit consent.
- Legitimate interests: We may send marketing communications about similar products based on our legitimate interest in business development. We also retain backup copies for up to 3 days after deletion to prevent accidental data loss.
- Legal obligation: We may verify your age to comply with child protection laws.
You may opt out of marketing emails at any time using the “Unsubscribe” link provided in each message.
b. Purposes of Processing
We process your personal data for the following specific purposes:
- Create and maintain accounts (where applicable), authenticate users, enable access to the Services, and respond to requests.
- Synchronize in‑game progress and achievements across devices for guest users, preventing data loss upon reinstallation.
- Answer inquiries, resolve technical issues, and improve customer satisfaction.
- Send newsletters about updates, new features, and improvements.
- Analyse usage via automated collection (see Cookies Policy).
We may also process data to comply with legal obligations, protect vital interests, or prevent fraud. If we change the purpose, we will notify you and, where required, obtain fresh consent.
We do not sell your personal data, nor do we engage in automated decision‑making that produces legal or similarly significant effects.
4. Data Retention Periods
a. General Retention
- Account data: While your account is active, plus up to 2 years after the last activity.
- Newsletter data: Until you unsubscribe.
- Request data: During our communication plus 6 months afterwards.
- Automatically collected data: As described in the Cookies Policy.
b. Backups
We create encrypted backups periodically. These may contain personal data and are stored for a maximum of 3 days, used solely for restoration purposes based on our legitimate interest in service continuity.
c. Statistical Processing
Anonymized or aggregated data may be retained longer for statistical analysis (e.g., market trends, performance). Such data is no longer considered personal and is not subject to data protection laws.
5. Disclosure to Third Parties
We never sell or rent your personal data. To provide and maintain the Services, we may engage trusted employees, independent contractors, or service providers. They are bound by strict confidentiality and data processing agreements, providing at least the same level of protection as stated in this Privacy Policy.
6. Your Data Protection Rights
You may exercise the following rights by sending a written request to ratrace154174@outlook.com. We will verify your identity and respond within one month, as required by law.
- Know the sources, location, purposes, and controller of your personal data.
- Obtain information about third parties with whom your data is shared.
- Receive a portable copy of your data (structured, machine‑readable) where processing is based on consent or contract and carried out automatically.
- Access your data and obtain confirmation of processing.
- Object to processing based on legitimate interests; if we cannot demonstrate compelling grounds, we will cease processing.
- Request rectification or erasure of inaccurate or unlawfully processed data.
- Lodge a complaint with a supervisory authority or court.
- Restrict processing while you contest accuracy or lawfulness.
- Withdraw consent at any time without affecting previous lawful processing.
- Be informed about automated decision‑making (we do not currently use such systems).
Additional rights for California residents (CCPA):
- Right to know categories of personal data collected, sold, shared, or disclosed for business purposes, and the categories of third parties involved.
- Right to opt out of the “sale” of your data (we do not sell, but you may opt out of personalised ads by contacting us).
- Right to non‑discrimination for exercising your rights – we will not deny services, charge different prices, or provide lower quality.
7. Age Restrictions & Children’s Privacy
You may consent to data processing only if you meet the minimum age in your jurisdiction:
- EU member states: between 13 and 16 years (depending on country)
- United States: 13 years
- Australia: 15 years
- India / Philippines: 18 years
- Other countries: age of legal majority
Our Services are not directed at children below these ages. We do not knowingly collect personal data from minors. If we become aware that a child has provided us with personal information, we will delete it immediately. Parents or guardians who believe their child has submitted data should contact us promptly.
8. Location of Personal Data Storage
The Company does not maintain physical storage of most personal data. All data is hosted on secure servers operated by Amazon Web Services EMEA SARL in Frankfurt, Germany. Backups are also stored in Frankfurt. Databases are continuously backed up to enable point‑in‑time recovery within the retention period.
9. Security Measures
We implement industry‑standard security measures to protect your personal data against accidental loss, unauthorized access, and unlawful processing:
- Confidentiality: All personnel and contractors sign confidentiality agreements. Access to personal data is logged and monitored.
- Isolation: Default zero‑privilege policy; access is granted only on a need‑to‑know basis.
- Authentication: We employ password hashing and two‑factor authentication for systems that process personal data.
- Monitoring: Security reports, access logs, and internal/external performance monitoring help us detect and mitigate threats.
- Internal policies: Our internal security policy addresses organizational, physical, and technical safeguards, taking into account the nature and risks of processing.
While no transmission over the Internet or electronic storage is 100% secure, we take all reasonable precautions. In the event of a data breach that poses a high risk to your rights, we will notify you and the relevant supervisory authorities without undue delay. For residents of the Philippines, we provide indemnification for damages caused by inaccurate, incomplete, or unauthorized use of personal data as required by law.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. If we make material changes that significantly affect your rights or legitimate interests, we will notify you by email (if you have provided one) or through a prominent notice within the App when you first launch it after the update. The “Last modified” date at the top of this Privacy Policy will be revised accordingly.
11. Contact Information
ELSEDER LIMITED
Email: ratrace154174@outlook.com