Overview

Rummy City takes data protection seriously and respects your privacy. In this data protection declaration we inform you about what data we collect within the scope of our online offer and how we process this data. With regard to the terminology used (e.g., "personal data" or "processing"), we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Name and address of the Controller

The Controller within the meaning of the GDPR and other national data protection laws is:

Rummy City
DSO IFZA, IFZA Property FZCO
Dubai Silicon Oasis, Dubai
United Arab Emirates

Email: privacy@rummycity.com

general Information Regarding Data Processing

What information do we collect?

Usage data (websites visited, interest in content, and access times)

Meta / Communication data (IP address)

No special categories of data are processed (GDPR Article 9 paragraph 1).

Categories of data involved:

Visitors of the website

In the following, we refer to subjects as "users"

What do we use your data for?

Responding to inquiries and communicating with users

To prevent fraud and misuse

For security purposes

How do we protect your data?

In accordance with GDPR Article 32, we take appropriate technical measures that take technical standards, implementation costs, and the nature, scope, circumstance, and purpose of processing as well as the likelihood and severity of the risk to your rights and freedoms into consideration. Technical and organisational measures are used to ensure a level of appropriate protection to avoid any possible risks. Measures include ensuring confidentiality, integrity, and availability of data by controlling physical access to the data, as well as its access, input, disclosure, the securing of availability, and its separation. We have also set up procedures to ensure data subject rights, data deletion, and data vulnerability. In accordance with GDPR Article 25, the protection of personal data is already considered from the development phase (while selecting hardware, software, and others) on.

Your data is protected electronically, technically, contractually, and administratively against misuse and loss through various measures. We use security techniques (including SSL encryption, cryptography) to protect your data against access by unauthorized third parties.

Will your data be shared with third parties?

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission, e.g. if you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

In order to be able to offer you our service optimally, we use, among others, service providers who work on our behalf. If this is the case, corresponding agreements on commissioned processing pursuant to GDPR Article 28 have been concluded with the service providers.

Transfers to third countries

If we process any data in a third country (outside of the European Union (EU) or the European Economic Area (EEA)), or this happens in the context of third party services, or the procurement or transmission of data to third parties, then this will only be done if it is necessary to fulfil our (pre-) contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process data in a third country if certain conditions of GDPR Article 44 are met. This means that processing will be done only when certain requirements, such as meeting officially recognised EU level standards of data protection or observing officially recognised special contractual obligations (so-called "standard contractual clauses") are fulfilled.

What are your rights?

You have a right to freely access your stored data as well as the right to correct, delete, or block any data. You can also object to the transference of this data at any time. Please contact us for further information or to withdraw your consent: privacy@rummycity.com. You also have the right of appeal to a regulatory body.

When will your data be deleted?

We store your data only as long as it is necessary to fulfill the aforementioned purposes or until you object to the data processing. Thereafter, the data is deleted or blocked if the deletion is not contrary to legal regulations or legislated interests. There is a well-founded interest, for example, in asserting, exercising, or defending legal claims or in avoiding fraud cases, i.e. for your protection.

The data is used in anonymous form for evaluations and statistics.

Communication

When contacting us, e.g. via e-mail or through the contact form, your details are used to process your enquiry in accordance with GDPR Article 6 paragraph 1 lit. b), or with consent granted by the user in accordance with GDPR Article 6 paragraph 1 lit. a). This information may be stored in our systems.

We delete the data if it is no longer required. We review the necessity to keep the information every two years. We store user requests from users with permanent accounts and refer to the above for deletion under the "Provision of contractual services". In the case of legal archiving obligations, the deletion takes place after expiration of the respective legally prescribed periods (after 6 years in the case of commercial law and after 10 years in the case of tax law).

Collection of access data and log files

On the basis of our legitimate interests within GDPR Article 6 paragraph 1 lit. f), we collect data each time the server is accessed through which this service is provided (so-called server log files). The access data includes the date and time of retrieval, page accessed, browser type and version, the user's operating system, possible error details, referrer URL (the previously visited page), and the requesting provider.

For security purposes (e.g. to verify and eradicate errors or to prevent misuse or fraud), log file information is stored for as long as it is required to fulfil its purpose and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Use of Matomo

We use the open-source web analytics service “Matomo” to analyze how visitors use the website in order to optimize our website. If you have consented, cookies have been enabled for this purpose and contain usage information and your anonymized IP address. This information is not passed on to third parties.

Processing is carried out based on your explicit consent pursuant to GDPR Article 6 paragraph 1 lit. a). Information on how to amend or revoke your consent/cookie settings is located below „Use of Cookies“ and can be changed at any time.

Use of cookies

Cookies are small text files that are transferred from our web server or third-party web servers to a user’s web browser and are stored there for subsequent retrieval.

In our case these cookies are persistent cookies which remain on your device for a set period of time, even after you close your browser. Persistent cookies remember your data and your usage behaviour on our website and help us to provide you with information which may be relevant or important to you. The information gathered can be used to track your usage behaviour over multiple browser sessions.

We use the following types of cookies:

Necessary cookies enable basic website functions, such as website navigation and saving your cookie preferences. They are required for the website’s operation and cannot be disabled.

The legal basis for the processing of personal data using necessary cookies is the fulfilment of our contract made with you pursuant to GDPR Article 6 paragraph 1 lit. b).

Tracking cookies are used for to analyse how the website is used. This allows us to continuously optimise our offer for you. These cookies are only enabled if you allow them. Alternatively, you can select to “Accept all cookies”.

The processing of personal data using tracking cookies takes place only if there is corresponding consent pursuant to GDPR Article 6 paragraph 1 lit. a) as a legal basis.

You can change your cookie banner preferences at any time by clicking here.

Protection of minors

This offer is exclusively intended for adult use. We do not have any content aimed at children. Therefore, we do not knowingly collect age information, nor do we knowingly collect any personal data from children under the age of 16. We advise all visitors to our website under the age of 16 not to disclose or provide any personal data to our service.

Changes and updates to the Privacy Policy

We reserve the right to change, update, or amend this privacy policy at any time. Any revised privacy policy applies only to personal data collected or amended after the effective date of the revised privacy policy.

Contact

If you have any further questions, please do not hesitate to contact us. Please send an e-mail to privacy@rummycity.com.

How do we use your data?

• Provide the online service and its features
• Administer contracts and player accounts
• Create pseudonymized user profiles for analytics and product improvement (unless you object)
• Fraud and misuse detection
• Customer support and communication
• Payment processing and financial transactions
• Game matching and tournament organization
• Personalized user experience and recommendations

Security measures

We take appropriate technical and organizational measures in accordance with GDPR Article 32. We apply security techniques (e.g., SSL encryption) and policies designed to protect personal data against unauthorized access and loss. Our security measures include:

• 256-bit SSL encryption for all data transmissions
• Regular security audits and penetration testing
• Access controls and authentication systems
• Secure data storage and backup procedures
• Employee training on data protection

Will your data be shared with third parties?

We may disclose data to processors and third parties only when necessary and under legal bases such as contract performance, consent, legal obligations, or legitimate interests. We require contractual safeguards (GDPR Art. 28) from our processors.

Payment Processors

We work with trusted payment processors to handle financial transactions. Your payment information is encrypted and processed in accordance with PCI DSS standards.

Analytics Providers

We use analytics services to understand user behavior and improve our platform. All data shared with analytics providers is pseudonymized and aggregated.

Legal Authorities

We may disclose your data to law enforcement or regulatory authorities when required by law or to protect our rights and safety.

Transfers to third countries

If data is processed outside the EU/EEA, we ensure appropriate safeguards (e.g., standard contractual clauses) or rely on another lawful transfer mechanism.

Your rights

You have the right to request access to, correction or deletion of your personal data, to object to processing, and to request data portability where applicable. To exercise these rights, contact: privacy@rummycity.com.

Specific Rights

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain types of processing

Retention

We retain your data only as long as necessary to provide the services or to comply with legal obligations. We review retention periodically and delete data when no longer needed.

Contact

If you have questions about this policy or our data practices, please contact us at Email: privacy@rummycity.com