GDPR

Legal

Banana Interactive Co., Ltd (VAT 91310115MA1K449E1K) is a Chinese limited liability company located in Shanghai, China.
Banana Interactive Co., Ltd
Building 14, NO.1502
China (Shanghai) Pilot Free Trade Zone

Business ID: MA1K449E1
VAT ID: 91310115MA1K449E1K
For questions, support and legal enquiries please contact: [email protected]

GDPR Compliance Statement

The General Data Protection Regulation (GDPR) is effective from 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.
Banana Interactive Ltd. ( “Banana” or “we”) understands the importance of customer data and welcomes the arrival of the GDPR. At Banana, we believe that customers are the most important part of our business and the success of our company builds on the trust that our customers, employees and other stakeholders have in our ability to deliver premier quality including the protection of personal information.
We can confirm that all Banana services will comply with GDPR when it becomes enforceable in May of 2018.
The following are key aspects of the GDPR, and how it relates to Banana Interactive Ltd..

What is the GDPR

• New European Union Data Protection Regulation
• Regulation vs Directive
• Follows EU Data Protection Directive (Directive 95/46/EC)
• Will come into effect May 25th, 2018

Key Aspects of GDPR

There are 4 aspects to the GDPR that Banana Interactive Ltd. has considered as part of our GDPR compliance:

The right to data portability

Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilities reuse.
• At any time, Banana Interactive Ltd. is willing and able to provide our customers with the data that we receive from our partners.

The right to be forgotten:

This gives individuals the right to have certain personal data deleted so third parties can no longer trace them.
• Data is not stored on any individual in any systems that belong to Banana Interactive Ltd..

Privacy by Design

This helps to facilitate the inclusions of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data.
• This aspect does not apply to Banana Interactive Ltd..

Data Breach Notifications

Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects.
• Banana Interactive Ltd. has an escalated process in order to ensure the security of user data. Information about whether or not user data has been part of a breach is available upon request.

GDPR Compliance for Banana

To understand the position of Banana in the compliance of GDPR, it is important to understand the actors. These actors are:
Data Controller
is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files.
Data Processor
in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. “processing”, in relation to information or data means. obtaining, recording or holding the information or data.
Data Subject
means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about.

GDPR and Banana Interactive Ltd.

The following are key elements of our GDPR Compliance:
We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, Banana is not able to monitor the processing of Customer Personal Data in our customer’s systems.

What personal data do we collect/store?

At Banana we collect two types of data on our users; passive and active. Passive collection is the data that is collected when users play games, whether on their mobile or the web. This data is collected using Google Analytics and it contains the following information:
• IP address
• approximate geographical location
• session duration
• in-game activity
This data does not contain any directly identifying markers such as name, email or similar. Our active data collection is currently limited to our high scores and other scores (such as coins collected). We allow users to log in using their Facebook account, and from their Facebook account we store the following:
• UID (user identification, basically an alphanumeric token that identifies a user in FBs systems) authentication token (so we can log them in again). The passing of this data is performed.
As such we don’t store any data that can be used to identify and track an individual, nor tie any of our data to a person unless you have outside information (ex. Facebook user data).

How does Banana Address GDPR

Data Access Control
The controller shall implement appropriate technical and organizational measures for ensuring that by default, only personal data which are necessary for each specific purpose of the processing are processed.
Monitoring of Access Activities
Each controller and where applicable, the controllers representative, shall maintain a record of processing activities under its responsibilities
Data Encryption
Organizations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the encryption of personal data
Strong Compliance Framework
Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services

Questions?

Any Banana Interactive Ltd. GDPR related questions and any data subject requests can be addressed to Banana’s Data Protection Officer at [email protected]

FAQ

Will Banana services comply with the GDPR?
All Banana services will comply with the GDPR when it becomes enforceable.
What are the requirements under GDPR for Banana?
• Privacy measures should be implemented in the design phase
• Right to be forgotten
• Data portability
What information is covered by GDPR?
• Any information relating to an identified or identifiable natural person
• Any healthcare and sensitive data
When does GDPR come into effect?
May 25, 2018
Which customers are affected by the GDPR?
• Applies to controllers and processors who are established in the European Union or those who offer goods and services to data subjects in the EU
• Entities that monitor behavior of data subjects in the EU
What type of actor is Banana?
Although Banana is a processor of data, it does not process any specific data that identifies a person or persons in any unique way that is contrary to GRPD. Banana processes the following data elements:
• IP address
• approximate geographical location
• session duration
• in-game activity