Privacy and Cookie Policy
Privacy Policy - Gameflix | Version 1.0 – Nov 2024
1. Gameflix
Gameflix Inc. offers its customers the Gameflix GameStream services and Gameflix websites. We are a US company that is globally active.
We process your personal data when you use our services and when you visit our websites. In this Privacy Policy we summarize when and how we collect, use and secure your personal data, as well as your rights to your data under U.S. and International Law, including but not limited to the EU Directive 2002/58/EC and the EU General Data Protection Regulation (“GDPR”), the U.S. Children’s Online Privacy Protection Act (“COPPA”), and the California Consumer Privacy Act (“CCPA”), and the choices you have associated with that data. This Privacy Policy applies to our services and websites (including without limitation enhancements thereto and its content, patches, or updates thereto). Services will be collectively referred to as the "Service" and websites as the “Website”.
This Privacy Policy describes:
- The information we may collect, how we may collect such information and the purposes of our collection;
- How we may use and with whom we may share such information;
- How you can access and update your information; and
- How we protect the information we may store about
Disclosure to California Residents: In our efforts to comply with applicable regulation, we ask and advise that California residents review the CCPA Disclosure section at the end of this Privacy Policy. Although we do not, nor do we intend to, sell end user data, we will provide notice if at any time those circumstances change.
2.General
We may change provisions of this Privacy Policy from time to time. If we do that, we will inform you of the changes. However, we also advise you to check for yourself from time to time whether the Privacy Policy has been changed.
3.Which personal data do we collect and for which purposes?
There are a number of ways in which we can collect your personal data if you use our Services or visit our Websites. Below we explain which personal data we may collect from you. The personal data is processed according to your role and to the different processing purposes. The data retention period also differs depending on the processing goal. Note that should there be any legal changes to the possible data retention periods, these legal changes will take precedence over the periods mentioned in this Privacy Policy.
Visiting our Websites
- Handling questions, feedback and requests regarding our Services
To be able to respond to questions, feedback and requests, we process the personal data mentioned below. Our processing ground is our legitimate interest to be able to reply to questions, feedback and requests. The personal data will be stored up to 3 years after the question, feedback and/or request has been dealt with. The data is received from you when you contact us. Your support requests may be anonymized to allow us to improve our support services.
- contact details;
- content of the questions, feedback and/or requests;
- your support related preferences (such as language use).
- Analytics
To be able to improve our Websites, we process the personal data mentioned below. Our processing ground is our legitimate interest to be able to improve our Websites and solve reported errors. The personal data will be pseudonymized directly after collecting the personal data and we only have access to anonymized statistics. The data is collected by our analytics cookies, Google Analytics. We will ask you permission before placing the cookies. The data is stored withGoogle Analytics and GCP in the United States and will be kept for 12 months after it has been collected. We have concluded standard contractual clauses with these parties.
- information related to your use of the Websites;
- browser used;
- type of device used (type of laptop, tablet, smartphone);
- IP address and location based on IP-address;
- click and surf
- Newsletter
If you sign up for your newsletter, we process your e-mail address to be able to send you the newsletter until you opt-out of the newsletter. You can opt-out by using the unsubscribe button included at the bottom of each newsletter. We have received your e-mail address from you during your registration.
Using our Services
- Provision of the Services
To be able to provide you the Services and the intended experience as well as to be able to bill you accordingly, we process the personal data mentioned below. Our processing ground is the performance of a contract with you. The personal data will be stored until 1 years after your subscription ends. The personal data may be gathered via or used on our website, for example when registering on our website or logging in on Gameflix.TV. If you sign in via a SSO provider, e.g. Facebook, we’ll receive some information from the SSO provider, e.g. Facebook instead. The data is stored with GCP in the United States. We have concluded standard contractual clauses with GCP.
- name;
- address;
- email;
- date of birth;
- account-ID
- username;
- password;
- games played;
- time spent playing;
- country of residence (based on IP address or your own selection).
Sharing your name is optional and therefore our processing ground for processing your name is your permission when you provide your name to us. You can withdraw your permission and delete your name at any given time in your account settings.
- Improving our Services
To be able to improve our Services, we process the personal data mentioned below. Our processing ground is our legitimate interest to be able to improve our Services and solve reported errors. The personal data will be pseudonymized directly after collecting the personal data. The data is collected by our analytics software. The data is stored with GCP in the United States. We have concluded standard contractual clauses with GCP.
- account-ID;
- age category;
- games played;
- time spent playing;
- other information related to your use of the Services;
- browser used;
- type of device used (type of laptop, tablet, smartphone);
- IP address;
- click and surf
- Securing our Services
To be able to secure our Services, we process the personal data mentioned below. Our processing ground is our legitimate interest to be able to secure our Services. The personal data will be stored up to 1 years after collecting the personal data. The data is gathered by our servers and systems. The data is stored with GCP in the United States. We have concluded standard contractual clauses with GCP. Your IP-address will also be processed by Cloudfare to protect us from DDoS-attacks. Cloudflare is located in the United States, but we have concluded standard contractual clauses with them.
- browser used;
- type of device used (type of laptop, tablet, smartphone);
- IP
- Polls
To be able to improve our Services, we process the personal data mentioned below. Our processing ground is your permission when you partake in a poll. The data is collected by our analytics tool and will be stored with GCP in the United States. The personal data will be processed for up to 12 months after it has been collected, after which the results will be anonymized. We have concluded standard contractual clauses with these parties.
- contact information;
- answers to the poll;
- IP
- Handling questions, feedback and requests regarding our Services
To be able to respond to questions, feedback and requests, we process the personal data mentioned below. Our processing ground is our legitimate interest to be able to reply to questions, feedback and requests. The personal data will be stored up to 5 years after the question, feedback and/or request has been dealt with. The data is received from you when you contact us.
- contact details;
- content of the questions, feedback and/or
- Optimizing and personalizing your experience
To be able to optimize and personalize your experience of our Services, we process the personal data mentioned below. Our processing ground is our legitimate interest to provide you with the best experience possible. The personal data will be stored for this purpose as long as you have an account with Gameflix. The data is gathered by our services and systems when you use our Services. The data is stored with GCP in the United States. We have concluded standard contractual clauses with GCP.
- account-ID;
- date of birth;
- gender;
- games played;
- time spent playing;
- other information related to your use of the Services;
- type of device used (type of laptop, tablet, smartphone);
- IP address;
- click and surf
4.Providing data to third parties and processors
Gameflix may provide your personal data to the parties providing the games via our platform. We will do so when this is necessary for providing the requested game(s) to you. If you use our Services on hardware of third parties, those third parties may collect personal data about you and we will share personal information with them and receive personal information from them only to the extent insofar it is necessary to be able to provide you with the Services on the intended hardware.
We will only reveal your username to other users, when this is necessary for functionality within the requested game, e.g. leaderboards and multiplayer.
We may also share personal data with third parties if this is:
- necessary to comply with our legal obligations;
- necessary to comply with legal requests from authorities;
- is required to respond to any legal claims;
- necessary to protect the rights, property or safety of us, our users, our employees or the public;
- is required to protect ourselves or our users against fraudulent, abusive, inappropriate or unlawful use of our services.
We will immediately notify you if a government agency makes a request that relates to your personal data, unless we are not allowed to do so on the grounds of the law.
It may happen that we disclose, share or transfer your personal data when we transfer part of our business. Examples include (negotiations about) a merger, sale of parts of the company or obtaining loans. We will of course try to limit the impact for you as far as possible by transferring personal data only when necessary and anonymizing where possible.
In return for some of the premium features of Gameflix free GameStream Service, you may choose to be a peer on the Bright Data network. By doing so you agree to have read and accepted the Terms of Service of the Bright SDK EULA: https://bright-sdk.com/eula and Bright Data’s Privacy Policy https://bright-sdk.com/privacy-policy.
You may opt out of the Bright Data network by clicking opt-out from the app setting.
Gameflix may also provide personal data to data processors, who may process your personal data on our behalf. We will conclude data processing agreements with these processors, to assure they only process your personal data on our instruction. We use the following types of processors:
- hosting providers;
- mailproviders
- other IT service providers when necessary for providing Gameflix’s services;
- providers of analytical
These partners may be based outside the US. If personal data is transferred outside the US, the privacy law requirements for doing so have been fulfilled. For example, because we have concluded US standard contractual clauses to agree with these parties on how they deal with personal data.
5.Protection of personal data
We take security measures to reduce misuse of and unauthorized access to personal data. We take the following measures in particular:
- access to personal data requires the use of a username and password;
- we make use of secure connections (TLS) to encrypt all information between you and our website when entering your personal data;
- use of backups;
- use of encryption;
- use of automated security monitoring systems;
- we keep logs of all requests for personal
If you have questions regarding any of the security measures that have been adopted and implemented by Gameflix, please feel free to contact us at [email protected].
6.Links to third party sites
Our Services and Websites may contain links to other websites and services. These third party websites and services can collect and retain information about you. If you provide your personal data to third parties, then we are not involved. We have no control over these sites or the activities of the third
parties. In that case, the privacy policy of the third party applies. We are not responsible for the content of the privacy policy of these parties and the way in which these parties deal with personal data. We encourage
you to review their privacy and security practices and policies before you provide personal information to them.
7.Children’s Privacy
We take children’s privacy very seriously, and we do not directly or knowingly collect any personal data from end users deemed to be children under their respective national lGCP through our Services and/or Websites. We strive to comply with the Children’s Online Privacy Protection Act of 1998, the U.S. law that protects the privacy and information of children. We strongly encourage parents and guardians to learn more about this important regulation. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
If you are under the age of 13 and using our Services and/or Websites, please have a parent or guardian nearby to provide any information we may request, including an e-mail address or platform specific username, as applicable.
8.Cookies
Cookies are small information files that can be automatically stored on, or read out from the device (including a PC, tablet or smartphone) of the website visitor, while visiting a website. This is done through the web browser on the device. The information that can be transmitted by a cookie, over the use of our website, can be transferred to the own secured servers of Gameflix or to the servers of a third party.
Our website uses cookies. Cookies are placed by us, but also placed via third parties we engage for these purposes. We use cookies on our website for the following purposes:
- to enable the functionality of our website (technical and functional cookies);
- to generate overall statistics and gain insight into the use of our website by the public in order to optimise our website and services (analytics cookies);
- to make the internet offer more interesting for you by displaying advertisements that fit your interests and to personalise the ads and content on our website and in our newsletters based on your interests and click and surf behaviour (targeting/advertisement cookies);
- to offer you the possibility to share information on our webpages via the different Social Media channels (Social Media cookies).
- to enable the testing of multiple versions (A/B testing) for potential improvements of our
For the above-mentioned purposes, we use the following cookies. Some of the relevant parties are located in the United States of America (USA). In such case, EU Model Contract Clauses will be concluded with the relevant party. In this manner, the transfer of personal data outside the EU is allowed.
Name cookie |
Purpose of cookie |
Country |
EU Model Contract Clauses |
Google Adwords Conversion |
Advertising |
USA |
Yes |
Facebook Custom Audience |
Advertising |
USA |
Yes |
Google Dynamic Remarketing |
Advertising |
USA |
Yes |
Google Adwords User Lists |
Advertising |
USA |
Yes |
Google Tag Manager |
Advertising |
USA |
Yes |
GA Audiences |
Advertising |
USA |
Yes |
Facebook Connect |
Social media |
USA |
Yes |
Facebook Social Plugins |
Social media |
USA |
Yes |
Google Analytics |
Analytics |
USA |
Yes |
Visual Website Optimizer |
Analytics |
USA |
Yes |
Steam Social Plugins |
Social media |
USA |
Yes |
We have no control over how the above parties use the cookies, and information and personal data collected via the cookies, themselves. For more information about these parties and how they use cookies, we recommend that you read their privacy policies (please be aware that such policies may be revised regularly).
You can prevent the placement of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling some functionality and certain features of this website. Therefore, it is recommended not to disable cookies.
Most cookies have an expiration date. This means, that they will automatically expire after a certain period and no longer register any data concerning your visit of the website. Another option is to remove the cookies manually before the expiration date. In order to do this, consult the instruction manual of your browser.
9.Your rights
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
You may update, correct, or provide additional information to your personal data by resubmitting your information or contacting us directly. If you are correcting information provided to a third party please correct your information via the methods and direction provided by the applicable third party.
If you wish to be informed what personal data we may hold about you and if you want it to be removed from our systems, please contact us via the contact email listed below.
You have the right:
- To know what personal information we maintain about you;
- To receive a copy of your personal information in a structured, commonly used and machine-readable or commonly used electronic format on request;
- To update and modify personal information is incorrect or incomplete;
- To object to our processing of your personal information when collection is based on a legitimate interest; and
- To delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to our Services and/or Websites.
Please note that we may ask you to verify your identity before responding to such requests.
GDPR
Under the GDPR, individuals residing in the EU and other territories that have adopted GDPR compliance or comparable regulation have certain rights with regard to their personal data. The rights that we describe below are not absolute rights. We will always consider whether we can reasonably meet your request. If we cannot meet your request, or if it would be at the expense of the privacy of others, we can refuse your request. If we refuse a request, we will let you know and explain our reasons.
Right of access
You have the right to request which personal data we process about you. You can also ask us to provide insight into the processing grounds, relevant categories of personal data, the (categories of) recipients of personal data, the retention period, the source of the data and whether or not we use automated decision making.
You may also request a copy of your personal data that we process. Do you want additional copies? Then we can charge a reasonable fee for this.
Right to rectification
If the personal data processed by us about you is incorrect or incomplete, you can request us to adjust or supplement the personal data.
If we grant your request, we will, to the extent reasonably possible, inform the parties to whom we provide information.
Right to erasure
Do you no longer want us to process certain personal data about you? Then you can request us to delete certain (or all) personal data about you. Whether we will delete data depends on the processing ground. We only delete data that we process on the basis of a legal obligation or for the performance of the agreement if the personal data is no longer necessary. If we process data based on our legitimate interest, we will only delete data if your interest outweighs ours. We will make this assessment. If we process the data on the basis of consent, we will only delete the data if you withdraw your consent. Have we accidentally processed data or does a specific law require that we delete data? Then we will delete the data. If the data is necessary for the settlement of a legal proceeding or a (legal) dispute, we will only delete the personal data after the end of the proceedings or the dispute.
If we grant your request, we will, to the extent reasonably possible, inform the parties to whom we provide information.
Restriction of processing
If you dispute the accuracy of personal data processed by us, if you believe that we have processed your personal data unlawfully, if we no longer need the data or if you have objected to the processing, you can also request us to restrict the processing of that personal data. For example, during the time that we need to assess your dispute or objection, or if it is already clear that there is no longer any legal ground for further processing of those personal data, but you still have an interest in us not deleting the personal data. If we limit the processing of your personal data at your request, we may still use that data for the settlement of legal proceedings or a (legal) dispute.
Right to data portability
At your request, we may transfer the data that we automatically process to execute the agreement or based on your consent, to you or another party designated by you. You can make such a request at reasonable intervals.
Automated individual decision making
We do not take decisions based solely on automated processing.
Right of restriction of processing and withdrawal of permission
If we process data on the grounds of a legitimate interest, you may object to the processing. If we process data on the basis of your consent, you may withdraw that consent. For more information, please refer to the relevant processing purposes above.
Exercising your rights
You can send a request for access, correction, deletion, data transfer of your personal data or request for withdrawal of your consent or objection to the processing of your personal data to [email protected].
To prevent abuse, we may ask you to identify yourself adequately in the case of a written request for access, rectification or erasure.
We strive to process your request, complaint or objection within a month. If it is not possible to make a decision within a month, we will inform you of the reasons for the delay and the time when the decision is expected to be made (no longer than 3 months after receipt).
9. Contact
If you have questions, concerns or comments about this Privacy Policy or our data processing, please contact us via E-mail: [email protected]
California Consumer Data Rights
Gameflix ,Inc. complies with the California Consumer Privacy Act of 2018 (CCPA) as amended, that secures specific privacy rights for California consumers.
Categories of Data We Collect and Their Uses
In addition to the details provided in our Privacy Policy, we may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:
Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
No |
N/A |
N/A |
Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
No |
N/A |
N/A |
Internet or other similar network activity. |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
Yes |
Inferences may be drawn from telemetry data solely with regard to the use of our Services. This data is used to improve the Services. |
No |
Geolocation data. |
Physical location or movements. |
Yes |
Inferences may be drawn from telemetry data solely with regard to the use of our Services. This data is used to improve the Services. |
No |
Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
No |
N/A |
N/A |
Professional or employment-related information. |
Current or past job history or performance evaluations. |
No |
N/A |
N/A |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
No |
N/A |
N/A |
Inferences drawn from other personal information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
Yes |
Inferences may be drawn from telemetry data solely with regard to the use of our Services. This data is used to improve the Services. |
No |
Personal Information does not include:
- Publicly available information from government
- De-identified or aggregated consumer
- Information excluded from the CCPA's scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy lGCP, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of
We may obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from our end For example, from end users who provide feedback to us, or in the event that you contact us with questions regarding this Privacy Policy.
- Indirectly from our end For example, through information we collect in the event that you contact us with questions regarding this Privacy Policy.
- Directly and indirectly from activity through the use of our Services and Websites. For example, from APIs, and other information related to improving our Services and
- From third parties that interact with us in connection with the Services we
All such Personal Information is used as otherwise described above in our Privacy Policy.
Sharing Personal Information
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose;
All personal data is stored on Amazon Web Services. Gender, age and contact information are also shared with Squeezely for sending e-mail. Your contact information and the content of communication is shared with Mailjet, our e-mailprovider. Your age, gender and preferences are shared with Recombee to provide service recommendations. Your age, gender and preferences are also shared with Google Looker Studio to create reports. We also share identifiers, internet or other similar network activity and Inferences drawn from other personal information with Hotjar and Google Analytics. We concluded agreements with these parties that state they are not allowed to further process the personal data for their own purposes. We also share payment information with our payment providers Recurly and Pay.nl.
Your Rights and Choices
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- Our business or commercial purpose for collecting that Personal Information;
- The categories of third parties with whom we share that Personal Information; and
- The specific pieces of Personal Information we collected about you (also called a “data portability” request).
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete any transaction for which we collected the Personal Information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products, including our Services and Websites, to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy lGCP, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at [email protected].
Requests must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any
disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.