Second Dinner

Privacy Notice for Marvel Snap

Date of update: January 31, 2023

This privacy notice (the “Privacy Notice”) is designed to provide users (“you”) of Marvel Snap (the “Game”) with clear information relating to how Second Dinner Studios, Inc., (“Second Dinner” or “we”), as the developer of the Game, processes your personal data or personal information (“Personal Information”) for our own purposes. From a general perspective, Second Dinner is committed to protecting your privacy.

In this Privacy Notice, you will find the following information:

1. Who are we?

2. What Personal Information do we collect?

3. Why and how do we use your Personal Information?

4. Who do we share your Personal Information with?

5. How long do we retain your Personal Information?

6. European / UK Specific Information

7. California Privacy Rights

8. Do we process Personal Information from children?

9. What is the process of modification of the Privacy Notice?

10. Who can you contact if you have queries?

1. Who are we?

Second Dinner is a Delaware (US) corporation, with its principal place of business at 2875 Michelle Drive, Suite 200, Irvine, CA 92606, USA.

The identity and contact details of our European Economic Area (EEA) and United Kingdom (UK) representatives are specified at the end of this Privacy Notice.

2. What Personal Information do we collect?

We collect and process the Personal Information generated when you use the Game, namely character appearance (i.e., face, body, and equipment), attributes (i.e., level, experience points, and skills), item inventory, purchases and statistical data which are all linked to your account.

The Game is distributed by our partner Nuverse (Hong Kong) Limited (“Nuverse”) and we collect Personal Information about you from Nuverse, namely: email address, account information, name, opt-in contact information, compliance-related information (e.g., age gate and self-reported geolocation and unique ID).

Please note that Nuverse also independently processes your Personal Information for its own purposes. Nuverse has a separate privacy notice that you are invited to read carefully at [Nuverse privacy notice].

3. Why and how do we use your Personal Information?

We use your Personal Information only for the purposes outlined below:

● Provide the Game: We process your Personal information in order to provide you with the Game, ensure the continuation of the services and communicate with you.

● Marketing communications: We process your Personal Information in order to send you marketing communications about our services and products, or those of our partners.

● Migrating your environment: We may process your Personal Information to migrate your environment, including your Personal Information, to another legal entity if we change our distributing partner.

● Legal Reasons: We may process your Personal Information to comply with applicable law and the legal obligations to which we are subject (e.g., to detect abuse, fraud and illegal activity), respond to requests from, and other communications with, competent public, governmental, judicial or other regulatory authorities, respond to valid legal process, investigate or participate in civil discovery, litigation, or other legal proceedings, or protect or defend your rights, property or security or ours, including by investigating potential violations of or enforcing our Terms of Service.

4. Who do we share your Personal Information with?

For the purposes referred to under this Privacy Notice, we share certain Personal Information with certain recipients. Such recipients will either act as another controller or as data processor acting on behalf and upon our instructions.

We may share your Personal Information with our third party services providers (i.e., cloud service and data storage providers, analytics providers or ad networks), acting as data processors.

In addition, we may communicate your Personal Information to separate controllers, i.e.,:

● our partner distributing the Game (i.e., Nuverse as at the date of this Privacy Notice);

● any person or authority when disclosure is required by law, regulations or a judicial decision;

● any person or authority if such disclosure is necessary to protect or defend your rights, property or security or ours;

● any other person subject to your prior consent.

We do not sell your Personal Information to third parties.

5. European/UK Specific Information

Data Subject Rights

When the General Data Protection Regulation (“GDPR”) or the UK General Data Protection Regulation (“UK GDPR”) applies, you have various rights in relation to the processing of your Personal Information, depending on the relevant situation:

In order to exercise any of your rights, or if you have any other questions about our use of your Personal Information, please send a request using the contact details specified at the end of this Privacy Notice. Please note that we may request you to provide us with additional information in order to confirm your identity.
In any case, you also have the right to lodge a complaint with the competent data protection authority, in particular in the country of your habitual residence, place of work or place of an alleged infringement if you consider that the processing of your Personal Information carried out by us infringes the GDPR or the UK GDPR.
Legal Bases for Processing

When the GDPR or the UK GDPR applies, we rely on the following legal bases when we process your Personal Information:

Is any of your Personal Information transferred internationally?
As we are located in the United States, your Personal Information needs to be transferred to the United States for the purposes referred to under this Privacy Notice.

Considering that our partner Nuverse is located in Hong Kong, a country whose legislation has not been recognized by the European Commission or the UK Secretary of State as having an adequate level of protection, we ensure that the transfer is governed by the European Commission’s standard contractual clauses (as amended by the UK Addendum issued by the UK Information Commissioner, where relevant). You are entitled to request details of the transfer and the applicable safeguards by sending a request using the contact details specified at the end of this Privacy Notice.

6. How long do we retain your Personal Information?

We shall retain your Personal Information for no longer than necessary for the purposes identified under this Privacy Notice.
With respect to the services provided to you, we will keep your Personal Information during the period of our contractual relationship, extended by the applicable statute limitation period.
With respect to the processing carried out in order to protect or defend your rights, property or security or ours, we will keep your Personal Information for the time of the relevant dispute or statute limitation period.
As to the processing carried out in order to comply with a legal obligation, we will keep your Personal Information for the duration of such obligation.
Upon expiry of the applicable data retention period, we will erase or anonymize the relevant Personal Information.

7. California Specific Information

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”) provides California residents the right to request:

As required by the CCPA and CPRA, we will not discriminate against you for exercising any of these rights.
You may exercise your rights by sending a request to dpo@seconddinner.com. We will acknowledge receipt of your request within 10 business days, and provide a substantive response or notify you of the reason and extension period within 45 days. Under the CCPA/CPRA, only you or an authorized agent may make a request related to your Personal Information. We must verify your identity to respond to certain requests. We may do so by requiring you to log into the Game, provide information that matches information we’ve already collected about you (e.g., purchases, game statistics), or give a declaration as to your identity under penalty of perjury.
California’s Shine the Light Law
California Civil Code Section 1798.83, also known as “Shine The Light” law, permits California residents to annually request, free of charge, information about the disclosure of their Personal Information (if any) to third parties for the third parties’ direct marketing purposes in the preceding calendar year. We do not share Personal Information with third parties for such purposes.
Retention period
We shall retain your Personal Information for no longer than necessary for the purposes identified under this Privacy Notice, unless a longer retention period is permitted or required by applicable law.

We use the following criteria to determine our retention periods:

8. Do we process Personal Information from children?

The Game is not intended for children under the age of 13 (under the age of 16 if you are in the EEA or in the UK) and we do not knowingly collect or solicit personal information or personal data from children under 13 (under 16 if you are in the EEA or in the UK).
If you believe that we have personal information or personal data about or collected from a child under the relevant age, please contact us using the contact details specified at the end of this Privacy Notice and we will ensure that it is deleted.

9. What is the process of modification of the Privacy Notice?

We reserve the right to change this Privacy Notice at any time. In case there is a substantial change, we will notify you in this respect. If such change to the Privacy Notice requires your consent, you will have the choice to consent as to whether or not we may use your Personal Information in a different manner.

10. Who can you contact if you have queries?

If you have any query, you may contact our Data Protection Officer by email at the following address: dpo@seconddinner.com.
If you are in the EEA, you may address privacy-related inquiries to our representative pursuant to Article 27 of the GDPR: EU-REP.Global GmbH, Attn: Seconddinner, Hopfenstr. 1d, 24114 Kiel, Germany; seconddinner@eu-rep.global.
If you are in the UK, you may address privacy-related inquiries to our representative pursuant to Article 27 of the UK GDPR: DP Data Protection Services UK Ltd., Attn: Seconddinner, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom; seconddinner@eu-rep.global.