BRICKWORKS GAMES LTD – PRIVACY POLICY

I. Glossary – Basic Concepts

Personal Data – all information that relates to an identified or identifiable natural person. For example: first name, last name, e-mail address, IP address, username, platform ID, billing data, country, device identifiers, online identifiers, and in some cases gameplay or behavioral data when linked to an identifiable individual.

Processing – any operation performed on Personal Data, such as collection, recording, storage, use, disclosure, modification, restriction, deletion, or destruction.

Services – services offered by BRICKWORKS GAMES LTD (“Brickworks”), in particular through our websites, game clients, support channels, and any related online features. This includes, for example, account registration, access to digital content, participation in playtests and surveys, use of technical support, participation in contests and promotions, newsletters, and other services we make available.

Products – products developed, published, or otherwise provided by Brickworks, in particular video games (including Sublustrum), downloadable content, and related applications or features. This Privacy Policy also applies to Personal Data processed in connection with your use of our Products.

BRICKWORKS GAMES LTD / Brickworks / we / us / our – the data controller of your Personal Data:

BRICKWORKS GAMES LTD
Registered Address: 28 Oktovriou, 367, Mediterranean Court, 1st floor, Flat/Office A5,
3107, Limassol, Cyprus

In matters related to the processing of your Personal Data you can contact us at:

E-mail: privacy@brickworksgames.com

If and when we appoint a Data Protection Officer under applicable law, we will publish that person’s contact details on our website and/or update this Privacy Policy accordingly.

User / Player / you / your – any natural person who visits our websites, uses our Products or Services, contacts us, or otherwise interacts with us.

Websites – websites owned or operated by Brickworks to which this Privacy Policy applies (including any landing pages or official sites for Sublustrum) and their subpages. The rules for using the Websites may be set out in applicable Terms of Service available on each Website.

Contractor – a natural person running a business, a legal person, or another organizational entity with whom Brickworks establishes business cooperation (e.g., vendors, publishers, platform partners).

Representative – a board member, officer, employee, or attorney of a Contractor who acts on its behalf.

Contact Person – any natural person who contacts Brickworks’ employees or representatives to establish or carry out business cooperation; in particular, an employee of a Contractor or another person designated by the Contractor.

II. Contractors – Representatives and Contact Persons

If you are a Representative or Contact Person of a Contractor with whom we enter into or perform a contract, your Personal Data may be obtained directly from you or from our Contractor.

We may process, in particular:

  • identification data (name, surname, business registration or tax identification numbers, where applicable);
  • place of work, position, department, and professional qualifications;
  • business contact details (e.g. telephone number, e-mail address);
  • other data provided by the Contractor or directly by you in connection with entering into or performing a contract (e.g. role in a project, communication history, signatures on agreements).

Provision of such Personal Data is typically necessary to conclude and perform a contract with Brickworks. If the data is not provided, it may be impossible to enter into or perform that contract.

We may process this Personal Data for the following purposes and on the following legal bases:

  • Entering into and performing a contract with the Contractor (Article 6(1)(b) GDPR, where you are party, or Article 6(1)(f) GDPR – our legitimate interest in performing the contract with the Contractor).
  • Compliance with legal obligations, such as tax, accounting, or corporate obligations (Article 6(1)(c) GDPR).
  • Archiving and evidence purposes, as well as establishing, exercising, or defending legal claims (Article 6(1)(f) GDPR – our legitimate interest).

Where your Personal Data is processed based on our legitimate interests, you have the right to object to such processing (see Section VIII below).

III. When You Contact Us, Visit Our Websites, or Use Our Products and Services

1. Communication

When you communicate with us (for example via e-mail, contact forms, in-game support, social media, platform messaging, or other channels), we may process:

  • identifying information (e.g. e-mail address, platform ID, username, IP address or other identifiers);
  • metadata related to the contact (e.g. date and time of contact, communication channel, duration of conversation);
  • the content of the communication itself (e.g. messages, support tickets, complaints, feedback).

We process this information for the following purposes:

  • responding to your inquiries and communication;
  • maintaining and improving customer support and communication quality;
  • internal training, analytics, and documentation;
  • marketing and promotional communications (where permitted by law and, where required, based on your consent);
  • taking steps prior to entering into a contract or performing a contract.

Legal bases:

  • Our legitimate interests (Article 6(1)(f) GDPR) – in particular, responding to Users, improving our Services and Products, and promoting our business.
  • Performance or preparation of a contract (Article 6(1)(b) GDPR) – where your inquiry leads to or relates to entering into or performing an agreement.
  • Your consent (Article 6(1)(a) GDPR) – for example, for sending specific forms of marketing communication (such as newsletters) via e-mail or other electronic means, where such consent is required.

You may withdraw your consent at any time (for example, by using an “unsubscribe” link in marketing e-mails). This will not affect the lawfulness of processing based on consent before its withdrawal.

2. Websites, Products (Including Sublustrum) and Services

When you use our Websites, Products, or Services, we may process the following categories of data:

  • Account and profile data – e-mail address, username, country, platform IDs (e.g., Steam ID, console account IDs), age range (where applicable), and settings you choose.
  • Gameplay and usage data – information related to your interactions with Sublustrum or other Products, such as session dates and times, gameplay progression, choices and achievements, in-game items, and usage of specific features.
  • Technical data – device and system identifiers (e.g. device ID, hardware model, operating system, language setting), IP address, browser type, game client version, and other technical information.
  • Transaction data – in-game purchases, transaction amounts, platform transaction IDs, currency, and limited billing information if provided directly to us (note: payments are typically handled by third-party stores/platforms, which are separate controllers of your payment card details).
  • Community and user-generated content – posts, messages, screenshots, or other materials you share in forums, feedback channels, or promotional events hosted or moderated by us.

We process this data in particular for the following purposes:

  • providing and operating our Products and Services (e.g. enabling you to download, access, and play Sublustrum);
  • authenticating Users and managing accounts;
  • fulfilling in-game purchases and providing digital goods;
  • providing technical support and resolving issues;
  • personalizing certain features or content where permitted by law and your preferences;
  • performing analytics, statistics, and improving our Products and Services;
  • preventing fraud, abuse, and violations of our Terms of Service or applicable law.

Legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR) – in particular, where processing is necessary to provide you with the game, Services, and related features.
  • Legitimate interests (Article 6(1)(f) GDPR) – for example, performing analytics, improving Products and Services, preventing abuse and fraud, ensuring network and information security, and promoting our business.
  • Compliance with legal obligations (Article 6(1)(c) GDPR) – for example, tax and accounting obligations related to transactions.
  • Consent (Article 6(1)(a) GDPR) – for specific optional features where required by law (e.g. certain categories of cookies/trackers or direct electronic marketing).

Providing your Personal Data is generally voluntary. However, if you do not provide data that is necessary to use a given Service, Website, or Product, we may be unable to provide you with that Service or Product (for example, create an account, unlock content, or respond to a request).

Children’s Privacy

We do not knowingly collect Personal Data from children under the age specified in applicable laws (including, where relevant, under 13 years of age in the United States under COPPA, or under the digital consent age in the EU/EEA). Some of our Products, including Sublustrum, may be intended for adults or older teens and may be age-rated accordingly (e.g., PEGI, ESRB, platform age ratings).

If we become aware that we have collected Personal Data from a child in violation of applicable law, we will take reasonable steps to delete such information. If you believe we might have any Personal Data from or about a child, please contact us using the contact details provided in this Privacy Policy.

Analytics and Marketing

We may process Users’ Personal Data for:

  • statistical and marketing analyses;
  • developing marketing strategies;
  • improving the quality and performance of our Services, Websites, and Products;
  • tailoring promotional content and offers to user segments.

For this purpose, we may use both aggregated/anonymous data and personal data (where allowed), including information you provide in surveys or feedback forms.

The legal basis is our legitimate interests (Article 6(1)(f) GDPR) – in particular, understanding our players and improving and promoting our Products – or your consent where required, especially for certain profiling or third-party marketing cookies/trackers.

3. Defense Against Claims and Security Threats

We may process certain Personal Data to:

  • establish, exercise, or defend legal claims;
  • document transactions, communications, and consent;
  • comply with regulatory and law-enforcement requests;
  • prevent and detect security incidents, fraud, cheating, or other unauthorized or harmful activities.

Legal bases:

  • Legitimate interests (Article 6(1)(f) GDPR) – protecting our rights, property, and interests, as well as those of our users and partners.
  • Compliance with legal obligations (Article 6(1)(c) GDPR) – where applicable.

Our Websites and Products may contain links to third-party websites or services (for example, platform stores, social media, video platforms). We are not responsible for the privacy practices, security, or content of those third-party services. We encourage you to review their privacy policies before providing any Personal Data to them.

4. Testers Base (Playtests, Beta Programs, Surveys)

If you wish to participate in playtests, closed betas, focus tests, or similar programs, we may process the data you provide in your application, such as:

  • name or nickname;
  • contact details (e.g. e-mail address, platform ID, messaging handle);
  • demographic data (e.g. age range, country, gaming platform, preferred genres);
  • information about your gaming experience or hardware;
  • feedback and survey responses during the tests.

By submitting an application, you consent to our processing of your Personal Data for the purposes of organizing and conducting playtests, contacting you, selecting participants, sending invitations and instructions, and analyzing feedback (Article 6(1)(a) GDPR – consent).

You may withdraw your consent at any time. However, withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

We will retain your Personal Data in the testers base:

  • until you withdraw your consent, or
  • until we discontinue such playtest programs or delete the respective testers base,

whichever occurs first, subject to any longer retention required or permitted by law or for the defense of legal claims (see Section V).

5. Crash Logs and Technical Diagnostics

When Sublustrum or other Products crash or encounter errors, we may automatically collect technical data related to the incident (“crash logs” or diagnostic data). This may include:

  • technical information about your device and software (e.g. OS version, hardware profile, game client version);
  • technical logs and stack traces leading to the crash;
  • session identifiers and limited contextual data around the error (e.g. what was happening in-game immediately before the crash).

We use this data solely to:

  • understand and diagnose technical issues;
  • improve stability, performance, and security of our Products;
  • detect and fix bugs.

Legal basis: our legitimate interests (Article 6(1)(f) GDPR) – ensuring the quality, reliability, and security of our Products and Services.

You have the right to object to the processing of your Personal Data for these purposes. If you do so and the game/platform allows it, we will stop collecting crash reports from your device. However, this may limit our ability to diagnose and fix issues you encounter.

Diagnostic data is stored for the time necessary to analyze and resolve the identified issues (typically around 90 days), after which it is deleted or anonymized, unless a longer period is necessary for legal, security, or claims-handling reasons.

IV. “Cookies” and Similar Technologies

We may use cookies and similar technologies (such as pixels/web beacons, SDKs, and local storage) on our Websites and, where applicable, within our Products or related online services.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They allow the website to recognize your device and store information about your preferences or previous actions, such as:

  • domain name of your internet service provider;
  • browser type and operating system;
  • IP address;
  • pages visited and actions taken on the Website;
  • language and region preferences.

Pixels (web beacons) are small snippets of code or tiny images embedded in web pages, e-mails, or ads that send information back to a server, often in combination with cookies.

Information collected through cookies and similar technologies may not always constitute Personal Data by itself. However, if you have previously provided Personal Data (for example, creating an account), cookies and similar technologies may sometimes be associated with you.

Legal Bases

Depending on the type of cookie and applicable law, we may rely on:

  • Your consent (Article 6(1)(a) GDPR) – for non-essential cookies and similar technologies (e.g. certain analytics, advertising, or personalization cookies).
  • Our legitimate interests (Article 6(1)(f) GDPR) – for cookies that are strictly necessary to provide the Service (e.g. maintaining session state, basic site functionality, security).

Purposes

We use cookies and similar technologies to:

  • provide and secure core functionalities of our Websites and Services (necessary cookies);
  • remember your preferences (e.g. language or cookie choices);
  • conduct analytics on the use of our Websites and Services (e.g. aggregated visitor statistics);
  • support marketing activities, including delivering, measuring, and improving our own or third-party advertisements, where permitted.

Managing Cookies

By default, most web browsers accept cookies. You can usually change your browser settings to:

  • block all cookies;
  • block cookies from specific sites;
  • delete existing cookies;
  • receive notifications before cookies are stored.

Please consult your browser’s help documentation for detailed instructions. Disabling or blocking some cookies may affect the functionality or performance of our Websites or Services (for example, certain pages may not display correctly or may load more slowly).

Where required by law, we will provide a cookie banner or similar tool on our Website, allowing you to choose which categories of cookies you accept and to change your preferences at any time.

Third parties (such as analytics or advertising providers) may also set cookies on your device when you visit our Websites or use embedded third-party content. Those third parties are responsible for their own cookie practices. We encourage you to review their privacy and cookie policies.

V. How Long Do We Process Your Personal Data?

We will process your Personal Data only for as long as necessary for the purposes described in this Privacy Policy, including:

  • Communication and customer support – typically for up to 2 years from the last relevant contact, unless a longer retention is needed for legal or claims-related reasons.
  • Marketing – until you object to such processing or withdraw consent (if applicable), or for the period allowed by law.
  • Contract performance (e.g., account, game access) – as long as you maintain an account or use the relevant Product or Service, plus additional time required by tax, accounting, or other legal obligations.
  • Testers base – until you withdraw consent or we discontinue the relevant program; typically not longer than 3 years from your last application, unless required for claims handling or legal obligations.
  • Crash logs and diagnostics – typically around 90 days, unless a longer period is necessary to investigate and address serious issues or legal matters.
  • Legal and claims purposes – for the duration of limitation periods established by law (e.g., civil law or consumer-protection statutes), and for the duration of any dispute, investigation, or legal proceeding, plus a reasonable period thereafter.

Where required by law, we may retain certain data for longer periods (for example, for tax or accounting purposes). When Personal Data is no longer needed for the purposes for which it was collected, we will delete it or anonymize it in a secure manner.

VI. Who Has Access to Your Personal Data?

Access to your Personal Data is limited to those who need it for the purposes described in this Privacy Policy.

We may share your Personal Data with:

1. Authorized personnel at Brickworks – employees and contractors who have a need to know the data for their duties and who are bound by confidentiality obligations or statutory duties of confidentiality.

2. Affiliates and group companies – entities under common control with Brickworks that support us in developing, publishing, or operating our Products and Services, subject to appropriate data-processing agreements and safeguards.

3. Service providers (processors) – third-party companies that process Personal Data on our behalf, including:

  • IT, hosting, and cloud-infrastructure providers;
  • analytics and crash reporting providers;
  • customer support tools and helpdesk systems;
  • e-mail and communication tools;
  • marketing and advertising partners (including providers of online advertising and campaign-measurement tools);
  • payment processors and platform operators (to the extent they act as our processors, noting that many act as independent controllers);
  • legal, accounting, audit, and consulting providers.

These entities will process Personal Data only on our instructions and under appropriate contractual safeguards, including data protection agreements where required by law.

4. Public authorities and third parties – where required or permitted by applicable law, we may disclose Personal Data to:

  • law-enforcement agencies, courts, regulators, or other public authorities;
  • third parties if required to establish, exercise, or defend legal claims (e.g. outside counsel, experts).

5. Business transfers – in connection with a potential or actual merger, acquisition, restructuring, or sale of all or part of our business or assets, we may disclose Personal Data to the involved entities, subject to appropriate confidentiality and data protection obligations.

We do not share your login credentials or payment card numbers with unrelated third parties for their own direct marketing purposes.

When you are redirected to third-party websites or platforms (for example, when purchasing the game or interacting with social media plugins), we generally do not provide your Personal Data to those third parties, unless otherwise stated. Your interactions with those third-party services are governed by their own terms and privacy policies.

VII. International Transfers of Personal Data

Because we operate globally and use international service providers and platforms, your Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA) and your country of residence, including the United States and other jurisdictions that may have different data-protection laws.

Where such transfers involve countries that are not subject to an adequacy decision by the European Commission or equivalent authority, we will implement appropriate safeguards, such as:

  • standard contractual clauses (SCCs) adopted or approved by the European Commission or other relevant authorities;
  • other appropriate contractual and technical safeguards as required by applicable law.

You may obtain more information about the safeguards we use and request a copy of relevant contractual protections by contacting us using the details provided in this Privacy Policy (subject to redactions where appropriate, for example for commercial confidentiality).

VIII. Your Rights (EEA/UK and Similar Jurisdictions)

Under the GDPR and other applicable data-protection laws, you may have the following rights with respect to your Personal Data:

1. Right of access – to obtain confirmation whether we process your Personal Data, and to receive information about the processing, including categories of data, purposes, recipients, retention periods, and a copy of the Personal Data we process (subject to certain limitations).

2. Right to rectification – to request correction of inaccurate Personal Data or completion of incomplete data.

3. Right to withdraw consent – where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

4. Right to erasure (“right to be forgotten”) – to request deletion of your Personal Data in certain circumstances, for example where:

  • the data is no longer necessary for the purposes for which it was collected;
  • you withdraw consent and there is no other legal basis for processing;
  • you have objected to processing and there are no overriding legitimate grounds;
  • the data has been processed unlawfully; or
  • deletion is required by law.

5. Right to restriction of processing – to request that we limit processing of your Personal Data (other than storage) in certain cases, e.g. when:

  • you contest the accuracy of the data (for a period allowing us to verify it);
  • processing is unlawful but you oppose deletion;
  • we no longer need the data for our purposes, but you need it for establishment, exercise, or defense of legal claims; or
  • you have objected to processing pending verification of whether our legitimate grounds override yours.

6. Right to data portability – where processing is based on consent or a contract and is carried out by automated means, you may request to receive the Personal Data you provided to us in a structured, commonly used, machine-readable format and to have that data transmitted to another controller, where technically feasible.

7. Right to object – to object, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling based on such interests. We will stop processing your Personal Data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or the processing is necessary for legal claims.

  • Direct marketing: Where your Personal Data is processed for direct marketing, you have the right to object at any time. If you do so, we will no longer process your data for such purposes.

8. Right to lodge a complaint with a supervisory authority – if you believe that our processing of your Personal Data violates applicable data-protection laws, you have the right to lodge a complaint with your local supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection. You may also lodge a complaint with the supervisory authority of your habitual residence or place of work.

To exercise your rights, please contact us at [insert dedicated privacy or support email here]. We may need to verify your identity before responding to your request to protect your privacy and security.

IX. California Residents – Additional Information

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (together, “California Privacy Laws”), may provide you with specific rights regarding your Personal Information.

1. Categories of Personal Information Collected, Used, and Disclosed

In the 12 months preceding the effective date of this Privacy Policy, depending on how you interact with our Websites, Products, and Services, we may have collected the following categories of Personal Information (as defined under California Privacy Laws):

  • Identifiers – such as name, username, online identifier, IP address, e-mail address, or similar identifiers.
  • Commercial information – such as records of Products or Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies related to our Products (e.g., in-game purchases).
  • Internet or other electronic network activity information – such as browsing history, search history, and information regarding interaction with our Websites, Products, or advertisements.
  • Geolocation data – approximate location derived from IP address or device settings, where enabled.
  • Inferences – drawn from any of the above to create a profile about a consumer reflecting preferences, characteristics, or behavior, to the extent allowed by law.

We collect these categories of Personal Information for the purposes described in Sections II and III of this Privacy Policy, including providing and improving our Products and Services, communicating with you, ensuring security, and carrying out marketing and analytics where allowed.

We may share these categories of Personal Information with the categories of third parties described in Section VI.

2. California Privacy Rights

Subject to certain exceptions, California residents may have the following rights:

  • Right to Know – to request that we disclose what Personal Information we collect, use, disclose, sell, or share, including specific pieces of Personal Information collected.
  • Right to Delete – to request deletion of Personal Information that we have collected, subject to certain exceptions (for example, when retention is necessary to complete transactions, provide requested services, detect security incidents, comply with legal obligations, or for other internal and lawful uses).
  • Right to Correct – to request that we correct inaccurate Personal Information we maintain about you.
  • Right to Data Portability – in certain circumstances, to receive your Personal Information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity.
  • Right to Opt Out of Sale or Sharing – you have the right to direct us not to sell or share your Personal Information (as those terms are defined under California Privacy Laws). We do not sell your Personal Information for monetary compensation, but we may use cookies and similar technologies that may be considered a “sale” or “sharing” for cross-context behavioral advertising under California law. You can manage such technologies via browser settings and, where available, our cookie tools.
  • Right to Limit Use and Disclosure of Sensitive Personal Information – to the extent we collect sensitive personal information and use it for purposes not permitted under California Privacy Laws, you might have the right to limit such use. At this time, we do not use sensitive personal information to infer characteristics about you.
  • Right to Non-Discrimination – we will not discriminate against you for exercising any of your privacy rights under California Privacy Laws (for example, by denying Services or providing a different level or quality of Service, except to the extent permitted by law).

As of the date of this Privacy Policy, we do not engage in automated decision-making that produces legal or similarly significant effects on you based solely on automated processing in a manner that would grant you additional rights under California Privacy Laws.

3. Exercising California Privacy Rights

To exercise your rights under California Privacy Laws, you may contact us at:

  • E-mail: privacy@brickworksgames.com

Please clearly describe your request and specify that you are making a request under California Privacy Laws. We may need to verify your identity before we can process your request (for example, by matching identifying information provided in your request with information we already have on file). Any Personal Information provided in connection with identity verification will be used solely for that purpose.

If you submit a request through an authorized agent, we may require written authorization from you and may need to verify your identity directly, as permitted by law.

X. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, Products, applicable laws, or regulatory guidance.

When we make material changes, we will take appropriate steps to inform you, which may include:

  • updating the “Last update” date at the top of this Privacy Policy;
  • posting a notice on our Website or in our Products;
  • sending you a notice via e-mail or other communication channels, where appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we process your Personal Data.

XI. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data-processing practices, you can contact us at:

BRICKWORKS GAMES LTD
28 Oktovriou, 367, Mediterranean Court, 1st floor, Flat/Office A5 3107, Limassol, Cyprus
E-mail: privacy@brickworksgames.com

Please specify the nature of your inquiry (for example, “GDPR request,” “California privacy request,” or “general privacy question”) to help us process it efficiently.



Last Privacy Policy update: 20.11.2025