Data Protection Policy
Last Updated: December 2024
This Data Protection Policy outlines TOUKA GAMES PTE. LTD.'s commitment to protecting personal data and ensuring compliance with applicable data protection laws and regulations in the operation of our mobile games and services.
1. Our Commitment
TOUKA GAMES PTE. LTD. is committed to protecting the privacy and security of personal data. We recognize the importance of data protection and have implemented policies and procedures to ensure compliance with applicable data protection laws, including but not limited to:
- General Data Protection Regulation (GDPR) - European Union
- California Consumer Privacy Act (CCPA) - United States
- Personal Data Protection Act (PDPA) - Singapore
- Other applicable regional data protection laws
2. Data Protection Principles
We adhere to the following data protection principles:
- Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently
- Purpose Limitation: We collect personal data only for specified, explicit, and legitimate purposes
- Data Minimization: We collect only the personal data that is necessary for our purposes
- Accuracy: We keep personal data accurate and up to date
- Storage Limitation: We retain personal data only for as long as necessary
- Integrity and Confidentiality: We implement appropriate security measures to protect personal data
- Accountability: We are responsible for demonstrating compliance with data protection principles
3. Data Processing Activities
In the context of our mobile games, we process personal data for the following activities:
3.1 Game Operation and Services
- User account management and authentication
- Game progress and achievement tracking
- In-app purchase processing
- Customer support and communication
3.2 Analytics and Improvement
- Game performance analysis
- User behavior and engagement metrics
- Feature usage statistics
- Technical error monitoring and debugging
3.3 Advertising and Monetization
- Ad delivery and personalization
- Ad performance measurement
- Fraud prevention
4. Data Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:
4.1 Technical Measures
- Encryption: Data encryption in transit (TLS/SSL) and at rest
- Access Controls: Role-based access controls and authentication mechanisms
- Network Security: Firewalls, intrusion detection, and monitoring systems
- Secure Development: Secure coding practices and regular security assessments
4.2 Organizational Measures
- Data protection training for employees
- Confidentiality agreements with personnel
- Regular security audits and assessments
- Incident response procedures
5. Data Storage and Location
Personal data collected through our games may be stored and processed in various locations, including:
- Singapore (primary operations)
- United States (cloud services and data centers)
- Other countries where our service providers operate
We ensure that appropriate safeguards are in place when transferring data across borders, including standard contractual clauses and other mechanisms as required by applicable law.
6. Third-Party Data Processors
We work with third-party service providers who process personal data on our behalf. These include:
- Cloud hosting and infrastructure providers
- Advertising networks and platforms
- Analytics and measurement services
- Payment processors
- Customer support platforms
We enter into data processing agreements with all third-party processors to ensure they:
- Process data only in accordance with our instructions
- Implement appropriate security measures
- Comply with applicable data protection laws
- Notify us of any data breaches
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Our retention periods are based on:
- The nature of the data and the purpose for which it was collected
- Legal and regulatory requirements
- Business needs and operational requirements
When personal data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.
8. Data Breach Notification
In the event of a personal data breach that may result in a risk to individuals' rights and freedoms, we have procedures in place to:
- Detect and assess the breach promptly
- Contain and mitigate the impact
- Notify relevant supervisory authorities within 72 hours (where required by law)
- Notify affected individuals without undue delay when the breach poses a high risk
- Document all breaches and remedial actions taken
If you become aware of a potential data breach, please contact us immediately at dev@toukagame.com.
9. User Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
- Right of Access: Request access to your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to certain types of data processing
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
To exercise these rights, please contact us at dev@toukagame.com. We will respond to your request within 30 days, or as required by applicable law.
10. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to individuals' rights and freedoms. This includes:
- Systematic and extensive evaluation of personal aspects
- Large-scale processing of sensitive data
- Systematic monitoring of publicly accessible areas
11. Compliance and Oversight
We regularly review and update our data protection policies and procedures to ensure ongoing compliance with applicable laws and regulations. This includes:
- Regular audits of data processing activities
- Training and awareness programs for staff
- Review of third-party data processing agreements
- Monitoring of regulatory developments
12. Contact Information
For questions, concerns, or requests regarding data protection, please contact us:
TOUKA GAMES PTE. LTD.
Company Type: Exempt Private Company Limited by Shares
Incorporation Date: September 16, 2020
Registered Office Address: 6 Raffles Quay, #14-06, Singapore 048580
Data Protection Contact: dev@toukagame.com
Subject Line: Data Protection Inquiry
We are committed to addressing your data protection concerns promptly and transparently.