Privacy Policy

Last updated: 5 August 2021

Introduction

This document explains how we collect, store, use and otherwise process information from you and how we will protect your privacy rights. It covers: (1) any of our websites, including https://www.improbable.io/ and any forums and social network or similar accounts that we operate; and (2) any of our products or services (including support services and any other features, apps, technologies, software, products, or services offered by us, including SpatialOS) on any platforms or which may be accessible via a web application, third party platform or social network.

Together, we call these our "Services".

In some circumstances, you have the right to object to our processing of your personal data and can ask us to restrict our use of your personal data and to delete it. Please see under the "Your rights" section for more information. If you have any queries, please email us at privacypolicy@improbable.io Please see our Cookie Policy for information about our use of cookies and similar tracking technologies.

Who are we?

We are Improbable Worlds Limited, a company registered in England and Wales (under company number 08070525) with our registered office at 10 Bishops Square, London, E1 6EG, UK. Our business operates through this company and through related legal entities (which together form the Improbable Group). This Privacy Policy is issued on behalf of the Improbable Group so when we mention “Improbable, “we”, “us” or “our” in this Privacy Policy we mean the whole Improbable Group and/or the relevant company responsible for processing your data.

About this Privacy Policy

We are committed to protecting and respecting your privacy. This Privacy Policy (together with any other applicable legal documents relating to the Services) sets out the basis on which we will process information we collect from you or that you provide to us through your use of our Services or otherwise. This may include: (a) personal data (sometimes referred to as personally identifiable information), meaning information which, on its own or in combination with other information, can be used to identify individual people; and (b) non-personal data (sometimes referred to as non-personally identifiable information), meaning information which cannot be used to identify individual people.

Our Services are not intended for children under the age of 18 and we do not knowingly collect data relating to children.

Information which we collect

The information we collect about you can include the following categories of personal data.

  1. “Account Data”: identity data such as your name and date of birth, your email address, the name of your organisation and any user name (such as a user account or forum user name) used to identify yourself and password (if any) that you voluntarily choose to give us or enter on our websites in any Services.
  2. “Marketing Data”: data such as your Account Data, your Service Usage Data, your name and email address and the existence of any social media accounts.
  3. “Payment Data”: financial/payments data which you provide for the purpose of paying for our Services (this may be stored and used by us or by our payment processors acting on our behalf).
  4. “Service Usage Data”: details of any digital platform accounts used to access our Services (e.g. your SteamID), any other information which you supply to us via the Services (including via any third parties), technical or other details about any device which you use to access the Services, including IP address, MAC address; Unique Device Identifier (UDID) or equivalent, operating system, browser type, engine type, and/or other hardware or software, details of your use of our Services including, but not limited to: navigation data, metrics information about when and how you use the Services, developer and non-developer generated logs, traffic data, and your geographical location data.
  5. “Other Data”: other personal or business information you give us in order to help you with any queries or support matters via our forums, customer support services, or via any other means.

We place cookies and similar technologies on your devices to collect Service Usage Data and other information. Our Cookie Policy has more information about how we use this technology in our online services. If you are using our content via a web browser, you can change your cookie preferences for all but strictly necessary cookies and withdraw your consent at any time using our Cookie Settings.

Purposes for which we use your personal data

We only use your personal data where we are allowed to by law.

We have set out below, in a table format, a description of the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate and set these out in the description of how we use the data. Where relevant, we process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


Type of data

Description of how we use this data

Lawful basis for processing

Account Data

 

To help you access and use the Software and Services and to ensure technical functionality of the above and to prevent any fraudulent use of the Software and/or Services. To notify you about changes to our Services.Performance of a contract

 

Performance of a contract

Account Data

 

To prevent any fraudulent use of the Software and/or Services.

Legitimate interest

 

Payment Data

To process any payments.

Performance of a contract

 

Payment Data

To prevent or detect any fraudulent payment.

Legitimate interest

Service Usage Data

To provide the personalised services we have contractually agreed to provide to you where you are an individual.

Performance of a contract

Service Usage Data

To provide, personalise, and improve your experience with the Software or Service and other services and products provided by Improbable (including for third party products and services).

Legitimate interest

Service Usage Data

To provide, personalise, and improve your experience with the Software or Service and other services and products provided by Improbable (including for third party products and services).

Consent

Marketing communications

To send you marketing communications by email and to check if you have opened these communications. We use a third party, Freshmarketer, to help us check this. If you wish to unsubscribe from these communications, please do so from the applicable emails.

Consent

Marketing communications

To serve adverts to you on social media platforms, where you also have an account with the social media platform. To do this, we share information that allows the social medial platform to identify you.

Legitimate interest

Other Data

To communicate with you as we have agreed to in our contract with you.

Performance of a contract

 

Other Data

To provide customer support to you in relation to the Software or Services.

Legitimate interest

All Data

To meet legal, regulatory, and compliance requirements, in particular to respond to requests for information from government authorities.

Compliance with legal obligations

All Data

To prevent or detect fraud or abuse of our Services to ensure their integrity.

Legitimate interest

 


International data transfers

You acknowledge that personal data we obtain from you and your users may be processed by our service providers and by social media providers who help us with advertising, who may be based in countries outside of the United Kingdom or the EEA, for the purposes of providing you with the Services. Such countries may not have laws offering the same level of protection for personal data as those inside theUnited Kingdom or the EEA. However, where such transfers of data occur we will take steps to prevent the transfer of personal data without adequate safeguards being put in place, such as by entering into standard contractual (or "Model") clauses. We will ensure that your and your users’ personal data collected in the United Kingdom and the EEA and transferred internationally is afforded the same level of protection as it would be inside the United Kingdom or the EEA. For further information on the adequate safeguards adopted by us for the international transfer of personal data, please contact privacypolicy@improbable.io

Security

If you have a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. Please don't share it with anyone.

The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our servers via any of our Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Improbable takes cyber security seriously. We are committed to safeguarding our information and that which is entrusted to us by our partners. Our commitment is demonstrated through our award of a Cyber Essentials Plus badge.

How long will you use my personal data for?

We retain your personal data for as long as necessary to fulfil the purpose we collected it for. When we think about how long might be relevant, we’ll consider the amount, nature and sensitivity of your personal data as well as the potential risk of any unauthorised use or disclosure.

By law, we can keep different personal data for different periods of time. For example:

  • we can keep certain basic information for six years after you stop being a customer for tax purposes;

  • we can keep certain security information for seven years for security purposes; and

  • we can keep certain SpatialOS logs and metrics information for thirty days following your use of that service for logging and metrics purposes.


Sharing your information with third parties

We may share your information with third party partners who work with us to provide the Services to you in order to support, improve or amend any Services. We may also share your information with partner data analysis and advertising services, our third party cloud service providers (such as Google Cloud or AWS), our professional advisers and HM Revenue and Customs.

Except with your consent, we do not disclose personal information about identifiable individuals to advertisers. We may provide them with aggregate and/or anonymised information about our users to help advertisers reach the kind of audience they want to target. We may make use of the information we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.

Please remember that any communications you have via our Services (or products using our Services), such as in forums, may reveal your screen name, other details about you and the content of any communications by you to other users. We are not responsible for the activities of other users or other third parties whom you choose to provide your information to or otherwise interact with (whether via our Services or otherwise).

Other ways in which we may share your information

We may disclose your personal information to any member of the Improbable Group. We may disclose your personal information to third parties if we sell or buy businesses or assets, in which case we may disclose your personal information to the prospective or actual seller or buyer of such business or assets. If we or substantially all of our assets are merged with or acquired by a third party, personal information held by us about our customers will be one of the transferred assets. We may share or disclose your personal information with third parties: (a) if we are under a legal duty to do so; (b) to enforce any terms and conditions applying to any of the Services; or (c) to protect our rights and property or the safety of our customers or others. We may also share or disclose your personal information with government authorities, regulatory agencies and law enforcement officials, if required for the purposes specified above, if mandated by law, or if required for the legal protection of our legitimate interests in complying with applicable laws.

Our Services may, from time to time, contain links to and from the websites or services of partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites or services may have their own privacy policies and we do not accept any responsibility or liability for these policies, nor do we endorse such websites or services. We advise that you check any relevant terms before you submit any personal information to these third parties.

Social media data 

If you visit our pages on social media sites, like Facebook, the social media provider will share statistical information with us about the way our site is being used. This is aggregate information and cannot be used to identify you. For example, the statistics may tell us the age ranges of our visitors and whether they are male or female.

Your rights

We are the data controller responsible for your data. You have the following rights:

  • Right of Access - the right to be informed of and request access to the personal data we process about you.

  • Right to Rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete.

  • Right to Erasure - the right to request that we delete your personal data.

  • Right to Restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data.

  • Right to Object -

    • where we rely on legitimate interests to process your personal data, the right, at any time, to object to us processing your personal data on grounds relating to your particular situation and
    • the right to object to your personal data being processed for direct marketing purposes (you can also unsubscribe from direct marketing emails by using the relevant button in the email).
    • Right to Data Portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.
    • Right to withdraw consent to the processing of your personal data where this is our lawful basis.
    • You can also request more information regarding our legitimate interest balancing test where this is our lawful basis.

Please email us at privacypolicy@improbable.io if you wish to exercise any of these rights. We will aim to respond to all legitimate requests as soon as we reasonably can and in any event within 30 days. If we think that it will take us longer than 30 days, we’ll let you know why and keep you updated. Where you make any requests, we might ask for specific information to confirm your identity as a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. This might include asking for further information in relation to your request to be able to speed up our response. Usually, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Changes to our Privacy Policy

We are constantly improving our product and services and as a result, we may change this Privacy Policy at any time. If we provide you with products or services, we will email you to let you know when we make any material changes. Please take a look at the “LAST UPDATED” date at the top of this page to see when this Privacy Policy was last revised. If you object to any updates, you should stop using our Services.

It is important that the personal data we hold about you is accurate. Please let us know if your personal data changes.

Contacting us and complaints

If you have any questions about how we use your personal data or if you have a concern about how your personal data is used, please contact our Data Protection Officer by email at DPO@improbable.io or by writing to us at:

Improbable Worlds Limited 10 Bishops Square London E1 6EG UK

To comply with the General Data Protection Regulation (2016/679) we have appointed a European representative. If you wish to contact them, their details are as follows:

Bird & Bird GDPR Representative Services Ireland Deloitte House 29 Earlsfort Terrace Dublin 2 D02 AY28

EUrepresentative.Improbable@twobirds.com

Key Contact: Vincent Rezzouk-Hammachi

We always appreciate the chance to answer any of your queries first but we should remind you that if you have a concern about the way we handle your personal data you have the right to make a complaint at any time to the data protection authority in the country where you live, work or where you consider a breach has occurred. In the UK, the data protection authority is the Information Commissioner’s Office (ICO).