We at Sulake Oy (“Sulake”, “we”, “us” or “our”) respect your privacy and recognise the importance of providing a secure environment for your personal data. Therefore, we are committed to being transparent about how we collect and process your personal data.
The purpose of this privacy notice (“Privacy Notice”) is to inform you as a user about why and how we process your personal data (that is any information that can be linked or attributed to you, “Personal Data”) when you play our games that are part of our gaming platform. This includes information regarding with whom we will share your Personal Data, how long we will retain it, and which rights you have in relation to the processing.
This Privacy Notice applies whenever you play Hotel Hideaway, use our services within the Hotel Hideaway app or visit our website https://www.hotelhideawaythegame.com/ (“Service Website”), all of which together we refer to as “Services”.
In this Privacy Notice, we will give you general information about how we process your Personal Data. We will furthermore give you more detailed information on the specific processes within our Services.
In this part of our Privacy Notice, you will find general information about how we process your Personal Data when you use our Services. For specific information with more details about our processing activities, please see the specific information below.
Who is responsible for the processing of your Personal Data?
Sulake Oy, Kaarlenkatu 11, 00530 Helsinki, Finland is responsible (the data controller) for the processing of your Personal Data in Hotel Hideaway.
What types of Personal Data do we process and how do we collect it?
When you use our Services, we may collect, use, store and transfer different kinds of Personal Data. As a general principle, we do not collect and do not ask you to provide any “special categories of Personal Data”, which is any particularly protected information such as data concerning health, religion, political opinions or philosophical beliefs, sexual preferences or orientation.
The information we collect depends on which of our Services you use and how you use them. We may process the following types of your Personal Data:
Personal Data provided by you
When you use our Services, you may provide or be asked to give us certain information, including:
- Your account information: In order to play Hotel Hideaway, you need to create an account. This will also allow you to play Hotel Hideaway on different devices. When you create your account, we collect your log-in data (your nickname/avatar name and/or your email address and password) and may collect additional profile information provided by you to personalize your profile (such as your first name and last name, your birth date, your gender, and your avatar). This information will be combined with your account ID.
- Data provided in relation to our customer service: When you contact support, we collect information about your request (subject and content of your request), your contact details and your name (optional).
Personal Data we receive or generate from your use of our Services
When you use our Services, we may also process device-related information and information about how you interact with our Services, including:
- Technical information: We collect information about your device/device settings you use for the purposes described below. The information we obtain from your device(s) includes the type of your device, online identifiers (your IP address), device IDs, game/site ID, geolocation data (based on your IP address), browser settings, screen resolution, battery status, free storage, and other technical information.
- Your usage: We collect information about how you use our Services. This information includes the actions you take within the game (e.g. your achievements (such as the level reached), the items purchased and the amount you spent in the game), the time and duration of your activity, and your interaction with advertisements (clicks, installs and creative views). Furthermore, we collect information about the websites that led you to our Service. Part of this information will be stored in your account (such as your in-game progress).
Personal Data we collect from third parties
In certain scenarios, we will also obtain your Personal Data from third parties, in strict compliance with applicable data protection laws and regulations. Your Personal Data may be provided by the following third parties:
- Payment Providers: If you make an in-app or website payment, the transaction will be processed by a third-party payment provider and will be subject to third-party payment providers’ privacy policies. For these transactions, we do not receive any specific financial information (such as the payment method or your credit card information) but may receive information which is related to your transaction, for example the payment status and payment date.
- Social Networks and connected third-party platforms: If you enter our Services from a third-party platform (Facebook, Google or Apple), and you have created an account on the third-party platform, the authentication token is shared with us.
- User acquisition companies: If you click on our advertisements shown to you in a third-party network, we will receive campaign information (the campaign ID, clicks on our ads, creative views), information about installs of our Services, your country and language, and technical identifiers (Advertisement Device ID) from our user acquisition partners.
- Other third parties: We may also receive information about your approximate geolocation (the country you are located in) from third parties (e.g. Google). We use this information to comply with our legal obligations applying to the processing of your Personal Data, customize certain services to your location, and for fraud or abuse prevention purposes.
To learn more about which data is processed when you use our Services, please see the section with service specific information below.
For what purpose do we process your Personal Data?
Depending on which Service you are using and which privacy settings you have selected, we may process your Personal Data for the following purposes:
Provision and improvement of our Services
- to allow you to use our Services
- to facilitate in-game communication via chat
- to create and manage your account
- to restore your account if you ever lose access
- to communicate with you in context of account activation and password management, to simplify the registration process
- to facilitate your purchase, to verify and confirm your payment
- to provide technical support and respond to your requests
- to identify and correct any bugs/errors
- to indicate the popularity of our Services
- to assess the quality of our Services
- to understand and improve your online experience
- to pay our business partners for the promotion of our Services
Personalization of your game experience
- to remember your preferred game settings
- to personalize advertising for you
- to remember you next time you visit one of our Services
Marketing and analytics
- to deliver (targeted and non-targeted) advertising in our Services
- to show you advertisements for our Services on other websites or apps
- to measure the effectiveness of advertising
- to send you marketing communications, including newsletters and push notifications, informing you about new content and in-game offers
- to acquire new users on social media platforms
Prevention of fraud and illegal activity
- to investigate fraud and illegal behaviour in our Services
Compliance with our legal or regulatory obligations
- to respond to your requests related to your data subject rights
- to comply with our legal obligations (e.g. tax and accounting obligations)
- to inform you about any changes to this Privacy Notice
Please see the section with service specific information below for a more detailed description of the purposes for which we process your Personal Data within our Services.
Do we engage in profiling activities?
We may use tracking mechanisms to track your Personal Data for profiling purposes. This helps us to find new users for our Services, based on the information we have about you, and to target users who were already interested in our Services on the website(s) or in apps of our business partners. You have the right to object to this type of processing. You can also go to your in-game settings to review and amend your privacy choices related to this type of processing at any time.
On which legal basis do we process your Personal Data?
- Your consent: We process your Personal Data if you have provided your consent for a specific purpose. For example, when you access the Hotel Hideaway application for the first time, we ask for your consent for the data processing in the context of personalized advertising, remarketing and profiling. We may also show you just-in-time contextual notifications and consent pop-ups to obtain your consent for further processing activities. You have the right to withdraw your consent at any time, for example by changing your privacy settings. Please note that this will not affect any processing carried out before you withdraw your consent.
- Performance of a contract: We process your Personal Data for the performance of a contract to which you are party, for example, where it is necessary for the creation and administration of your account, to process your in-game purchase and the associated payment, to support the operation of the game or facilitate the delivery of requested services.
- Compliance with legal obligations to which we are subject: We process your Personal Data to comply with legal obligations. This might include, but is not limited to, the processing of your Personal Data for tax and accounting purposes.
- Legitimate interests: We may also process your Personal Data to the extent that the processing is necessary for our legitimate interests or those of third parties while applying appropriate safeguards that protect your privacy. For example, we process your Personal Data for improvement of the Service provided to you, or to provide you with a better user experience.
Please see for additional information the section with service specific information below.
With whom do we share your Personal Data?
We will not disclose your Personal Data to any party who is not authorised to process them. To manage our Services, we will share your Personal Data internally with members of our responsible departments and technical support involved in the gaming process and in each case only if access to your Personal Data is necessary for the performance of their roles.
Moreover, and only when necessary to fulfil the purposes mentioned above, we may disclose your Personal Data to the following recipients or categories of recipients or allow the following third parties to collect your Personal Data in connection with your use of our Services:
- External service providers: We may share your Personal Data with external service providers who perform services on our behalf, like customer support services, IT services, hosting and content delivery services, web/social analytics services, data management services, user notification and marketing services, and forum hosting services. Where we share your Personal Data with external service providers, we have appropriate agreements in place to ensure that your Personal Data is processed in compliance with applicable data protection laws.
- Payment providers: If you make in-app purchases, the transaction will be processed by a third-party payment provider and will be subject to the third-party payment providers’ privacy policies.
- External advertising companies: With your consent, we may share your Personal Data with third-party advertising companies or allow third-party advertising companies to collect your Personal Data when you use our Services. If you choose not to receive personalised ads at all, we will still show you ads, but they may not reflect your interests as those ads will be content specific and not user specific. Please note that by clicking on a third-party advertisement, you may be redirected to the third-party advertiser’s environment over which we have no control.
- Social networks and connected third-party platforms: Furthermore, your Facebook ID and/or the advertisement ID may be shared with Facebook Inc. (Facebook) or Snap Inc. (Snapchat) in connection with Facebook’s and Snapchat’s “Lookalike Audience” and “Custom Audience” features which we may use for our Services. Learn more about our marketing activities in the service specific section below.
- User acquisition companies: We provide advertisements for our Services to user acquisition companies which show these advertisements on their websites or in their networks. If you click on advertisements shown to you on a third-party website or in a third-party network, you will be redirected to the app store where you can install Hotel Hideaway. The information about the installs of Hotel Hideaway, your country and language, the campaign ID, your user ID, and post install events (such as session time, reached level), including any purchase events and the purchase segment, may be shared with the user acquisition company.
- Law enforcement, government authorities or courts: We may disclose your Personal Data in response to lawful requests to public authorities, including law enforcement, government authorities, or courts.
- Other third parties: We may also disclose your Personal Data in the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in any insolvency or similar proceedings).
Please see the section with service specific information below for more information about the third parties we may share your data with. Furthermore, you can find the third parties your Personal Data may be shared with by clicking here.
Where will my Personal Data be processed?
In general, your Personal Data is stored on servers within the European Union (EU)/the European Economic Area (EEA). However, your Personal Data may also be shared outside the EU/EEA. We have implemented appropriate safeguards to protect your Personal Data when it is transferred outside the EU/EEA, including the execution of the European Commission’s standard data protection clauses (also known as Model Clauses) to provide safeguards for your Personal Data. Where the recipient is a U.S. based company certified under the EU-U.S. Privacy Shield, the data transfer may also be based on the EU-U.S. Privacy Shield.
How do we protect your Personal Data?
We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We update and test our security standards on an ongoing basis. In addition, we take reasonable steps to assure that third parties to whom we transfer your Personal Data provide sufficient protection of Personal Data.
How long do we store your Personal Data?
We will not retain your Personal Data longer than necessary to fulfil the purposes for which the data was collected or to fulfil our legal obligations. Afterwards, we will delete or anonymize your Personal Data. Please see below for service specific information about how long we will retain your Personal Data. Additional information on how long your Personal Data is stored by our service partners can be found in the respective third-party list available here.
What are your rights in respect of your Personal Data?
To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your Personal Data:
- Access the Personal Data we hold about you, including information such as, for example, the source and the categories of the data, the purposes of the processing, the recipients (or categories thereof) and the respective retention period.
- Request the update or correction of your Personal Data so that it is always accurate.
- Receive your Personal Data in a structured, commonly used and machine-readable format, including the right to transmit your Personal Data to another controller.
- Request the deletion of your Personal Data if you think that it is no longer needed for the purposes indicated above. If you have created a Service account, you can delete your account at any time by using the “Delete Account” option in your profile or by submitting a deletion request. To submit this request, contact our support team at https://hideaway.helpshift.com/a/hotel-hideaway/ or our Data Protection Officer.
- Restrict the processing of your Personal Data in certain circumstances, for example, where you have contested the accuracy of your Personal Data, for the period enabling us to verify its accuracy.
- Withdraw your consent at any time if your Personal Data is processed with your consent. Please note that this will not affect the processing based on consent before its withdrawal.
Right to object
In the event and to the extent that we process your Personal Data based on our legitimate interests, you have the right to object to the processing on specific grounds relating to your particular situation. In such case we will no longer process your Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
You also have the right to object where we are processing your Personal Data for direct marketing purposes (including profiling). In such a case, we will stop processing your Personal Data for marketing purposes.
You can exercise these rights by sending a request to the contact details set out below, providing your name, your email address as well as a description of your request.
If you believe we have not complied with our obligations under applicable data protection laws and regulations, you can lodge a complaint with a competent data protection authority, for example the Autoriteit Persoonsgegevens in the Netherlands.
How can you contact us?
If you have any queries about this Privacy Notice or how we use your Personal Data, please contact our Data Protection Officer:
How often do we update this Privacy Notice?
We regularly review this Privacy Notice. When there is an important change that will have a relevant impact on the processing of your Personal Data, we will inform you by email if we have your email address. If we do not have your email address, for example because you did not create an account, we will inform you with a banner on our Service Website.
This Privacy Notice was last updated on:
SERVICE SPECIFIC INFORMATION
In this part of our Privacy Notice, you will find specific information on how your Personal Data is processed. For general information about data processes that apply, please see above.
Hosting and content delivery:
Hotel Hideaway is hosted by external companies providing web servers and web content delivery. Every time you make a request, for example by clicking on a link on our platform, the information allowing this request (e.g. device information and information on requested content) as well as online identifiers (your IP address) will be sent to the external servers. This data is used to show you the content you requested in a faster way. We process this data on the basis of our legitimate interest, to provide and improve our service and ensure its functionality.
Creation/administration of your account:
In order to play Hotel Hideaway, you have to create an account. We store your account data (your log-in credentials, your account ID, your avatar and avatar name) to allow you to log in on different devices and to enable socializing and communication with the other players, based on the performance of a contract. Furthermore, we will store your avatar’s in-game progress, your virtual assets (rooms, clothes, furniture), and your friends list in your account in order to make the multiplayer/online game work.
If you choose to link your e.g. Facebook, Google, Apple or Huawei account, we will send the information that you wish to log-in in Hotel Hideaway with your credentials to the third-party platform (e.g. Facebook, Google, Apple or Huawei) and will receive an authentication token from them. This information will be stored for your account’s lifetime to ensure that your Hotel Hideaway account is connected with the third-party platform and that you can log-in with your credentials.
Your account data will be collected and stored for as long as your account exists, based on the performance of a contract. You can delete your Hotel Hideaway account at any time, for example by submitting a deletion request to our support team using the “Delete Account” feature within the game, using the contact feature on our Service Website or by contacting our Data Protection Officer.
Third-party advertising within our game:
In Hotel Hideaway, we show advertising from different advertising companies. These advertisements can be personalized or non-personal content related ads. In order to show you personalized ads and only if you have provided your consent, we will use an Ads SDK from Google LLC (Google) inside our game which enables Google and third-party advertising companies to collect your Personal Data. The collected data includes your device information, like IP address and device identifiers, your location data, your in-game activity (such as purchase events and your game play sessions), information regarding the delivery of ads and your interaction with them.
You can adjust your privacy preferences at any time in your game settings. If you choose not to receive personalised ads at all, we will still show you ads, but they may not reflect your interests as those ads will be content specific and not user specific.
For some of the ads shown in Hotel Hideaway, you can earn virtual currency if you watch the ad (“rewarded ad”). In order to credit the virtual currency to your account, we process the following Personal Data: your device type, device language and country.
This process is based on our and third-party advertising companies’ legitimate interests, to encourage you to watch the ad and spend money for the product shown in the ad.
Data Management Platform:
Based on your consent you provided for “Profiling”, we create user segments and use these user segments for new user acquisition purposes. The user segments are created based on your in-game behaviour (such as your in-game purchases, the level you reached within the game) and by determining the spending behaviour for each segment. For this purpose, your Personal Data, including your in-game behaviour, your country, game language, purchase segmentation, the highest price point ever spent in Hotel Hideaway, and the advertisement ID are collected and sent to a data management service provider.
We also process your personal data in order to inform you via push notifications about our in-game offers. Different in-game items will be offered to different user segments. For this purpose, we process the following information: your avatar level, highest bought IAP in last 30 days, your total revenue in the last 30 days, your country, game language setting, information about in-game items you already own, whether you have bought a specific offer before the current offer, whether you have bought a specific IAP, the account age, avatar gender, coin balance, and diamond balance. This information is collected for the purpose of analyzing whether specific in-game offers are particularly relevant for certain user segments and stored for the period of three years. In this context, we only look at data in an aggregated form without reference to you. Based on your information, you may fall into a specific user segment and thereby receive in-game offers that are more relevant to you.
This process is based on our legitimate interests. You can turn off the push notifications in your phone’s settings at any time.
New user acquisition, remarketing and campaign tracking:
- New user acquisition: In order to acquire new users, we create advertisements (banners/videos) for Hotel Hideaway and provide our advertisements to third-party user acquisition companies which show our ads in their apps or on their websites. If you click on the banner/video shown to you in a third-party app or on a third-party website, you will be redirected to the app stores (Google or Apple) where you can install Hotel Hideaway. The information that you have clicked/viewed the advertisement (campaign information) will be sent from the user acquisition companies to an attribution platform provider (Appsflyer) and will then be passed by Appsflyer to the app store. If you install Hotel Hideaway, the campaign information will also be passed from the app store to us and will be processed to measure the effectiveness of our advertisements. When you start playing Hotel Hideaway, we collect and share your device identifier, your IP address and other online identifiers and post install events (such as account registration, login, tutorial completion, level up, in-game purchases) either through the Appsflyer SDK or directly with the user acquisition companies which helps them optimizing their services.
The described data processing activities help us to track and optimize our campaigns and to reward our user acquisition partners and are based on our and the user acquisition companies’ legitimate interests.
Furthermore, we use Snapchat’s “Lookalike Audience” feature to find new users. In order to allow Snapchat to search for a “lookalike audience”, we select the segments created via the data management service and that have a good spending behaviour and give a list of IDFAs of those segmented users to Snapchat. Snapchat processes this information to check the Snapchat profiles of the respective users for common characteristics of these users (for example, hobbies or the user’s location, using data available only to Snapchat and which is not shared with us) and to find similar new users ('lookalikes') which are likely to be interested in our game. These similar users will be shown advertisements (banners/videos) for Hotel Hideaway to encourage them to click the advertisements and install Hotel Hideaway in the app-store.
The data sharing with Snapchat is based on our legitimate interests.
- Remarketing: We use Facebook’s “Customer Audience” feature to retarget our existing users. The custom audiences are created by Facebook based on the app activity criteria we select (e.g. “Users who opened the app in the past 30 days” or “Users who made a purchase in the past 90 days”). In order to find you on Facebook and to show you ads for Hotel Hideaway, based on the defined audience criteria, the following information is sent via Facebook SDK integrated in the Hotel Hideaway app to Facebook: advertising IDs (IDFA/GAAID), your Facebook ID, app install, app launch, loggings (SDK loading, SDK performance), error information, fraud or abuse data.
This process is only possible if you have signed up with your Facebook account and is based on our legitimate interests.
- Campaign tracking and fraud prevention: In order to analyze the effectiveness of our advertisements, we process campaign data we receive from our user acquisition partners in connection with the acquisition of new users and remarketing of the existing users (views, clicks and installs, campaign ID) together with analytics reports relating to the game usage. The campaign data we receive from our acquisition partners is stored in our systems for 3 years. The described data processing activities help us prevent fraud, to track and optimize our campaigns, and to reward our user acquisition partners.
We use internal and external analytics services to understand which features and ads you like in Hotel Hideaway and how you use or interact with them. The analytics data helps us to improve the game for you, to develop new items, to find crashes and issues in the game, and help third-party advertising companies to measure and improve the effectiveness of their campaigns placed in Hotel Hideaway. For this purpose, we process/enable third-party advertising companies to process the following Personal Data: your advertisement device ID (IDFA & GAID), your in-game behaviour (including in-game purchases), in-game user segments, your location data (country and city), your language, the campaign ID, your avatar and account ID, your internal device ID and your IP Address. We store the (personalized) analytics data for three years.
We process this information based on our legitimate interests.
If you contact us for customer support, an external customer service company will process your email address and/or your name (optional), and the content of your request. In order to provide you with support, this information will be processed together with your device information (model, OS, game language, carrier), the user ID, user segment, and the last steps taken within the game. The request history is stored for your account’s lifetime to enable handling of newer requests based on your previous request and to improve our services.
We process this data on the basis of the performance of a contract as far as the information is required to answer your request. The continued storage of your request history is based on our legitimate interest, in order to improve our services.
If you make in-app purchases, you will be redirected to an external payment provider for the transaction of your payment. For this purpose, if you use Google pay, the product ID, a purchase token, and the application name will be sent to Google. If you use Apple pay, a purchase receipt will be sent to Apple. If you use Huawei, the shop name (“Sulake Oy”), product ID, and request ID will be shared with Huawei.
The transactions will be processed by the third-party payment provider. While we do not collect and do not receive any financial data (such as your bank account data), we collect or may receive from third-party payment providers the following information related to your transaction: the purchased amount and item, the currency, your country, your IP address, device information (user agent), time stamp, url visited, payment/transaction id, and the status of your payment. We store this information for at least 7 years or your account’s lifetime in the event that your account continues to exist after the expiration of 7 years.
We process your Personal Data in connection with your payments on the basis of the performance of a contract in order to facilitate your in-game purchase.
If you use the chat feature within our game, your message will be processed, together with your user ID and your avatar, the timestamp, recipients of your message or room ID (if you post your message in a public chat room). Your messages in public chat rooms will be stored for six months whereas your private chat messages will be stored for 60 days (read messages) or for one year (unread messages). This process is based on the performance of a contract.
The content of your messages will also be processed by an external content moderation service in order to detect and filter offensive language or violations of our terms and conditions and to set automatic sanctions (temporary muting) to offenders. This process is based on our legitimate interests.
Please be aware that when you use the chat function, the information you disclose may be read, copied, collected or used by other users. Never share information or personal data that is harmful for yourself or others.
Logging of all in-game activities:
In order to help you with any issues you might have with our game, to understand how our software works, and to investigate fraud and illegal behaviour in our game, we collect and store all the steps you take within Hotel Hideaway, together with the following information: your account ID, your IP address, device information (user agent or mobile device information), IDFA (mobile advertising ID) in our logs which will be deleted after 60 days.
This process is based on our legitimate interests.
If you click here, you will see an overview of the third parties we may share your Personal Data with, or that may share your Personal Data with us.