Website Policies

INFLEXION STUDIOS INC. WEBSITE PRIVACY POLICY

Last updated: April 2024

Introduction – What is this notice for?

This privacy notice (this “notice”) is about how we use personal information when you access our websites, including https://www.inflexion.io/ and https://playnightingale.com.

It also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section.

Who are we?

We are Inflexion Studios Inc. (o/a Inflexion Games) (“Inflexion”, “we” or “us” in the rest of this notice). We are located at Suite 300, 10190 104 St NW, Edmonton, Alberta, Canada T5J 1A7, and you can contact us at privacy@inflexion.io.

We make decisions about how and why we use your personal data when you access our website. This means we’re what’s called a “data controller” of this personal data.

What is personal data and why is it important?

Personal data is any information which identifies you (like your name and email address). It is also information which can be pieced together with other information to identify you like your age or the technical IDs given to your phone/laptop (these IDs are sometimes known as “online identifiers”).

It’s important to know what we do with your personal data, because you should be able to control what happens to it. By reading and understanding this notice, you will know how we collect, use, share, and protect your personal data, and how you can ask us to use it differently.

How do we collect your personal data?

Sometimes you give us your personal data directly - for example, when you are filling in application forms on our jobs board section of our website, taking any surveys on our websites or contacting our customer support teams. The information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you at the point we request it. Providing us with this information is voluntary, but if you choose not to provide it you may not be able to access certain aspects of our website.

Sometimes we also collect information about you automatically when you use our websites. Where this information can be linked back to you, it will be personal data. This information includes information such as IP address and other operating and browser information.

When are we allowed to use your personal data?

We are only legally allowed to use your personal data where a legal basis allows us to do so. These are the legal bases which could apply:

‍

Legal Basis

When does this Legal Basis apply?

“Contract”

We need to carry out or sign up to a contract

When it’s necessary to use your personal data to perform a contract with you, or because you have asked us to do something before signing a contract with you that requires the processing of your personal data.

In these cases, if you don’t provide your personal data, then we won’t be able to perform the contract or do what you have asked us to do before signing the contract.

“Legitimate Interest”

It’s in our or someone else’s “legitimate interests”

“Legitimate interests” is a legal phrase. It usually means a commercial or business interest that is important to us or another company, and which we’ve balanced against your right to privacy.

We will always let you know what the interest is, and you can object to us using your personal data for these via email (privacy@inflexion.io).

“Consent”

You have given us your consent

Sometimes we will ask for your (or we might need to ask for your parent’s) consent to use your personal data. This consent will always be clear and separated out from other information.

You can always withdraw your consent via email at (privacy@inflexion.io).

“Legal obligation”

We need to do something a legal obligation tells us to

When it’s necessary to use your personal data so that we can perform our legal and regulatory obligations – so that we don’t break the law.

What personal data about you do we use, and why?

This table lists the types of personal data we use about you, and our reason for this:

Information you provide to us (either directly or through a third party):

The types of your personal data we use	Why we use this personal data	Legal basis
Contact information: Name, email address, customer support message	We use this information to enable us to provide you with responses to any queries or concerns you reach out to us with.	Contract and legitimate interest (to ensure we can provide any necessary support or responses to your queries).
Opt-in marketing communication: email	We use this information when you voluntarily share this with us for the purposes of providing you with update and promotional emails.	Consent
Creator account information: email, discord ID, what platforms you create content for, social platform URLs	We use this information if you choose to provide it to us to enable you to sign up to the creator programme	Legitimate interest (to enable us to administer the creator programme).
Job board information: Resume/CV information, name, pronouns, email, phone number, address/location, current company, social platform URLs, work eligibility confirmation, any additional information you provide as a cover letter	We use this information where you apply for a job with us to progress your application and keep in touch with you.	Legitimate interest (to enable us to manage job applications and get in touch with you). In some cases, we may need to process data to ensure that we are complying with our legal obligations. For example checking eligibility to work in the Canada.
Data subject request information: email, proof of user's identity.	If a data subject request is submitted, we use this information to confirm the requestor’s identity, your rights and to process the request.	Legal obligation - our obligations under data protection laws.
Sending legal reports/responding to court orders – online identifiers, information requested by law enforcement bodies.	We may be required by law to disclose this information to law enforcement bodies.	Legal obligation – our obligations under intelligence and security laws

Information collected automatically or generated as part of our service to you:

The types of personal data we use	Why we use this personal data	Legal Basis
Troubleshooting, bug reporting, and customer support: technical or other details about any device which you use to access our websites, including IP address, Unique Device Identifier (UDID) or equivalent, operating system, browser type, engine type, and/or other hardware or software, details of your use of our websites including, but not limited to: navigation data, metrics information about when and how you use the website.	We use this information to manage and improve the websites and troubleshoot problems.	Legitimate interest (to protect and improve the running of our websites).

Who do we share your personal data with?

Sometimes we share your personal data with other companies and organisations.

The types of companies and organisations we share your personal data with are as follows:

Other companies who provide us with services – We need separate companies to provide us with services we use to support the running of our website (for example, website hosting providers, job application service providers, communication providers). We share your personal data specified above with those companies so they can provide us with those services.
Regulators, official authorities, and other third parties in relation to legal compliance – For example, the police or the government might legally require use to give them personal data to help them with an investigation, or we might be required to give these companies personal data to enforce our terms, address security and fraud, and to protect you.
A third party that acquires all or part of our business – we might disclose your personal data to another company which buys or undertakes another type of corporate transaction in respect of our shares or buys all or part of our assets.

Does your personal data ever go to other countries?

Yes, sometimes your personal data goes to other countries as part of using your personal data in the ways we listed above, including in the European Economic Area (“EEA”). If you are in the UK, the EEA, or Switzerland and your personal data goes outside of these countries, the law requires us to take extra steps to make sure your personal data is protected in the place it is going to.

We transfer your personal data to third parties that host or access personal data outside of these jurisdictions, including Canada and the United States.

Where the country outside the UK, EEA or Switzerland is a country which is subject to an adequacy decision by the European Commission or the Information Commissioner’s Office in the UK, we rely on that adequacy decision of the transfer – for example, for Canada and the United States (when recipients are certified under the EU-US Data Protection Framework).

If we send your personal data to a company (either in our “group” of companies or a separate company) which is in a jurisdiction not subject to an adequacy decision, we will rely on EU/UK standard contractual clauses, which require that company to protect your personal data. To the extent required or permitted by data protection law, we may alternatively rely on an appropriate Data Protection Framework certification, a vendor’s processor binding corporate rules and/or other data transfer mechanisms available under EU/UK data protection law.

We might take similar steps where you are in another country with similar legal requirements, as well. If you want to find out more information about international transfers, you can contact us via email (privacy@inflexion.io).

How long do we keep your personal data for?

We only keep your personal data for as long as is necessary to fulfil the purpose for which it was collected. As soon as your data is no longer required for the aforementioned purposes it will be deleted.

We might need to keep your personal data for longer if a law requires us to (for example, laws about record-keeping and tax). Normally this is about six to ten years. If we are keeping your personal data for longer in this way, we will make sure it is secure and you can still change what we do with it (see below).

Your choices and rights

Because your personal data is about you, you should be able to control what happens to it.

We provide different ways you can do this. The easiest way is to write us an email (privacy@inflexion.io) requesting one or more of the following, to the extent these rights are applicable to you:

“Right to Object ” – you can object to how we are using your personal data if we are using it based on legitimate interests (see above) in certain situations;
“Right to Portability” – you can request a downloadable copy of your personal data and for us to transfer it to another party. If you wish for us to transfer such personal information to a third party, please ensure you detail that party in your request. Note that we can only do so where it is technically feasible;
“Right to Access” – you can request to access to the personal data we use about you, and information about how we use it and who we share it with;
“Right to Deletion” – you can request that specific personal data we store about you is deleted in certain circumstances;
“Right to Correct” – you can request that information about you that is wrong or outdated is corrected.
“Right to Restrict” - you can request to restrict the use your personal data, for example to storage purposes only;
“Right to Withdraw Consent” – you can withdraw your consent if our reason for using your personal data is consent (see above). We will then stop using your personal data in this way (though this doesn’t affect the lawfulness of the processing until you withdraw).

You can also submit requests to exercise these rights by contacting us at (privacy@inflexion.io).

We’re sometimes not able to do the things you tell us to, for example because of the particular legal basis we have been relying on to process your personal data, or because it would interfere with another person’s own privacy rights. If this happens, we’ll explain to you why we aren’t able to do what you tell us to with that piece of personal data.

We may also be required to keep certain personal data to satisfy legal requirements or for security purposes, or if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Updates to this policy

We may make updates to this policy from time to time (for example because our services have changed or because of changes in laws). We will appropriately notify you of this. The date this notice was last updated can be found at the top.

How can you ask questions or make a complaint about your privacy?

If you have any questions about what we have said in this notice or how your personal data is used, you can contact us about it.

Our contact details are:

E-mail: privacy@inflexion.io

Address: Suite 300, 10190 104 St NW, Edmonton, Alberta, Canada T5J 1A7

If you are located in the EEA or the United Kingdom and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at:

Jurisdiction	Name	Address	Contact details
EU	Bird & Bird GDPR Representative Ireland	Deloitte House, 29 Earlsfort Terrace, Dublin 2, D02 AY28	EUrepresentative.Inflexion@twobirds.com Key contact: Vincent Rezzouk-Hammachi
UK	Bird & Bird GDPR Representative Services UK	12 New Fetter Lane, London, EC4A 1JP United Kingdom	UKrepresentative.Inflexion@twobirds.com Key contact: Vincent Rezzouk-Hammachi

Jurisdiction

Name

Address

Contact details

Bird & Bird GDPR Representative Ireland

Deloitte House, 29 Earlsfort Terrace, Dublin 2, D02 AY28

EUrepresentative.Inflexion@twobirds.com

Key contact: Vincent Rezzouk-Hammachi

Bird & Bird GDPR Representative Services UK

12 New Fetter Lane, London, EC4A 1JP United Kingdom

UKrepresentative.Inflexion@twobirds.com

Key contact: Vincent Rezzouk-Hammachi

You can also contact the official organisation which regulates personal data in your country (the “regulator”) to lodge a complaint, if you think we are not using your personal data correctly. Please see the Annex to this notice which lists the contact details of the different regulators.

Thank you!

Annex – List of regulators you can contact

You can contact the regulator on this list which is in the country you are located in:

You can find a list of EU data protection regulators here.
In the UK, the regulator is the Information Commissioner’s Office which you can contact here.

INFLEXION STUDIOS INC. COOKIE POLICY

Last Revised: April 2024

Inflexion uses cookies on its websites. Cookies are small text files that are stored on your computer or mobile device. We use cookies to collect information that helps us to remember your preferences, improve your user experience and to tailor the adverts you see to those that are most relevant to you.

We also use other forms of technology which serve a similar purpose to cookies and which allow us to monitor and improve our sites and online services. We use these in connection with cookies to help operate our websites and emails and collect information about online activity. When we talk about cookies in this Policy, this term includes these similar technologies.

This policy explains the different types of cookies we use and how you can control them.

If you have any further queries, please contact us at privacy@inflexion.io. Please see our Privacy Policy for more information about how we use your personal data and to exercise your rights in relation to your personal data.

WHAT COOKIES DO WE USE AND WHY?

We use different categories of cookies. Please visit our Cookie List for more information about the cookies we use.

Your use of our website may result in some cookies being stored that are not controlled by us. This may occur when the part of our website makes use of a third party analytics or marketing automation/management tool or includes content displayed from a third party website, for example, YouTube or Facebook. You should review the privacy and cookie policies of these services to find out how these third parties use cookies and whether your cookie data will be transferred to a third country.

HOW DO I CONTROL COOKIES?

If you are using our content via a web browser, you can change your cookie preferences for all but strictly necessary cookies and withdraw your consent at any time using our Cookie Settings.

You may also set your browser to block all cookies or to indicate when a cookie is being set, although our services may not function properly if cookies are disabled. Further information about the procedure to follow in order to disable cookies can be found on your browser provider’s website, or you may wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on commonly used browsers. Please be aware that if cookies are disabled, not all features of the services may operate as intended.

CHANGES TO THIS COOKIE POLICY

We may change this Cookie Policy at any time, please take a look at the “Last Revised” date at the top of this policy to see when it was last revised.

‍