GDPR Policy

Last updated: January 1, 2025

1. Introduction

The General Data Protection Regulation (GDPR) grants European Union residents specific rights regarding their personal data. At IMAGINEER INVESTMENTS CAPITAL LLC, we respect these rights and are committed to protecting your privacy in compliance with GDPR requirements.

This policy explains your rights under GDPR and how to exercise them when using Angela World: Avatar Life. Our full Privacy Policy provides additional details about our data practices.

2. Data Controller Information

Data Controller: IMAGINEER INVESTMENTS CAPITAL LLC

Address:

3847 Ocean View Drive
Miami, FL 33139
United States

Contact Information:

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation that we process your personal data and receive a copy of that data. This includes:

  • What personal data we collect about you
  • Why we process your data
  • Who has access to your data
  • How long we keep your data
  • Your rights regarding the data
  • Information about automated decision-making

How to exercise: Contact us at support@trusthoplay.com with a data access request. We will respond within 30 days and provide the information in a commonly used electronic format.

3.2 Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

  • Update your account information directly in your profile
  • Request correction of data you cannot change yourself
  • Provide additional information to complete your record

How to exercise: Log into your account to update most information directly, or contact support for assistance with data you cannot modify yourself.

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Deletion is required for compliance with legal obligations

Limitations: We may retain data when needed for legal compliance, freedom of expression, public interest, or establishment of legal claims.

How to exercise: Use the account deletion feature in your settings, or contact support@trusthoplay.com to request specific data deletion.

3.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we process your data in certain situations:

  • You contest the accuracy of data (during verification period)
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification of our legitimate grounds)

How to exercise: Contact support@trusthoplay.com with details about which processing activities you want restricted and why.

3.5 Right to Data Portability (Article 20)

You can receive your personal data in a structured, machine-readable format and transmit it to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means
  • It is technically feasible

Data portability includes your account information, game progress, and preferences but excludes anonymized or aggregated data.

How to exercise: Request a data export by contacting support@trusthoplay.com. We will provide data in JSON or CSV format within 30 days.

3.6 Right to Object (Article 21)

You can object to processing of your personal data in certain circumstances:

General Right to Object

  • Processing based on legitimate interests
  • Processing for public task or official authority
  • Direct marketing communications
  • Profiling for direct marketing

Absolute Right to Object

  • Direct marketing (we must stop immediately)
  • Profiling related to direct marketing

How to exercise: Use unsubscribe links in marketing emails, adjust your notification preferences, or contact support@trusthoplay.com.

3.7 Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making, including profiling, that produces legal effects or similarly significant effects. You can:

  • Request human review of automated decisions
  • Express your point of view
  • Contest the decision
  • Request explanation of the logic involved

We currently do not use automated decision-making that produces legal or similarly significant effects. If this changes, we will update our policies and obtain appropriate consent.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

4.1 Consent (Article 6(1)(a))

  • Marketing communications
  • Optional data collection
  • Cookies (except essential ones)
  • Special categories of data (if applicable)

4.2 Contract Performance (Article 6(1)(b))

  • Account creation and management
  • Game service delivery
  • Processing payments
  • Customer support

4.3 Legitimate Interests (Article 6(1)(f))

  • Service improvement and analytics
  • Security and fraud prevention
  • Technical troubleshooting
  • Business operations

4.4 Legal Obligations (Article 6(1)(c))

  • Tax and accounting requirements
  • Law enforcement requests
  • Regulatory compliance
  • Child safety protections

5. Data Transfers Outside the EU

As a US-based company, we may transfer your personal data outside the European Union. We ensure appropriate safeguards are in place:

5.1 Adequacy Decisions

We rely on European Commission adequacy decisions where available, recognizing countries with equivalent data protection standards.

5.2 Standard Contractual Clauses (SCCs)

We use European Commission-approved Standard Contractual Clauses with data processors and third parties to ensure your data receives adequate protection.

5.3 Additional Safeguards

  • Data encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Binding corporate rules where applicable
  • Certification schemes and codes of conduct

6. Cookie Management and Consent

We use cookies and similar technologies in compliance with GDPR requirements:

6.1 Cookie Categories

  • Essential Cookies: Required for website functionality (no consent needed)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our website
  • Marketing Cookies: Used for targeted advertising and personalization

6.2 Managing Cookie Consent

You can manage your cookie preferences through:

  • Our cookie consent banner (appears on first visit)
  • Cookie preference center in your account settings
  • Browser settings to block or delete cookies
  • Third-party opt-out tools for advertising cookies

6.3 Withdrawing Cookie Consent

You can withdraw cookie consent at any time by:

  • Updating your cookie preferences in your account
  • Clearing cookies from your browser
  • Contacting us to reset your cookie preferences

7. Data Protection by Design and Default

We implement data protection principles throughout our service design:

7.1 Privacy by Design

  • Privacy considerations integrated into system design
  • Data minimization - we only collect necessary data
  • Purpose limitation - data used only for stated purposes
  • Storage limitation - data retained only as long as needed

7.2 Privacy by Default

  • Strongest privacy settings applied by default
  • Minimal data processing unless you choose otherwise
  • Granular privacy controls available to users
  • Clear information about privacy implications

8. Data Breach Notification

In the event of a data breach affecting your personal data:

8.1 Our Response

  • We will assess the breach within 72 hours
  • Report to supervisory authorities if required
  • Notify affected users if there is high risk to their rights
  • Take immediate steps to contain and remediate the breach

8.2 User Notification

If a breach poses high risk to your rights and freedoms, we will notify you:

  • Without undue delay after discovering the breach
  • Via email or prominent website notice
  • With clear information about the nature of the breach
  • Including recommended actions to protect yourself

9. Data Protection Officer (DPO)

Our Data Protection Officer oversees GDPR compliance and serves as your primary contact for privacy matters:

Contact Information:

  • Email: support@trusthoplay.com
  • Subject Line: "GDPR Request - [Your Request Type]"
  • Response Time: Within 30 days (may be extended to 60 days for complex requests)

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the EU if you believe we have violated GDPR. You can contact:

  • The supervisory authority in your country of residence
  • The supervisory authority in your place of work
  • The supervisory authority where the alleged violation occurred

This right exists alongside your right to seek judicial remedy and does not preclude other forms of administrative or judicial relief.

11. Children's Data (Under 16)

GDPR provides special protection for children's data:

11.1 Age Verification

  • We verify age during account registration
  • Users under 16 require parental consent
  • We provide age-appropriate privacy notices
  • Parents can review and manage their child's data

11.2 Parental Rights

Parents or guardians of users under 16 can:

  • Access their child's personal data
  • Request correction or deletion of data
  • Withdraw consent for data processing
  • Object to certain types of processing
  • Request data portability

12. How to Exercise Your Rights

12.1 Identity Verification

To protect your privacy, we must verify your identity before processing GDPR requests. We may ask for:

  • Account credentials or associated email address
  • Additional identifying information
  • Proof of relationship for parental requests

12.2 Request Process

  1. Submit your request via email to support@trusthoplay.com
  2. Include "GDPR Request" in the subject line
  3. Specify which right you want to exercise
  4. Provide necessary identifying information
  5. We will acknowledge receipt within 3 business days
  6. We will respond to your request within 30 days

12.3 No Fee Required

We do not charge fees for exercising your GDPR rights unless:

  • Requests are manifestly unfounded or excessive
  • You make repetitive requests for the same information
  • Requests require disproportionate administrative effort

13. Data Retention Periods

We retain personal data only as long as necessary for the purposes for which it was collected:

13.1 Account Data

  • Active accounts: While account remains active
  • Inactive accounts: 3 years after last activity
  • Deleted accounts: 30 days (for recovery), then permanent deletion

13.2 Communications

  • Support tickets: 2 years after resolution
  • Marketing emails: Until unsubscribe or account deletion
  • Transaction records: 7 years for tax compliance

13.3 Technical Data

  • Server logs: 6 months
  • Analytics data: 26 months (anonymized)
  • Security logs: 1 year

14. Updates to This Policy

We may update this GDPR policy to reflect changes in:

  • Legal requirements or regulatory guidance
  • Our data processing activities
  • Technical capabilities or security measures
  • Industry best practices

When we make material changes, we will:

  • Update the "Last updated" date
  • Notify affected users via email or website notice
  • Provide reasonable time to review changes
  • Obtain new consent where required

15. Contact Us

For any questions about this GDPR policy or to exercise your rights, please contact us:

Data Protection Officer

Email: support@trusthoplay.com

Subject Line: GDPR Request - [Specify your request type]

General Privacy Inquiries

Email: contact@trusthoplay.com

Postal Address

IMAGINEER INVESTMENTS CAPITAL LLC
Data Protection Officer
3847 Ocean View Drive
Miami, FL 33139
United States

Response Time: We respond to all GDPR requests within 30 days. Complex requests may take up to 60 days, and we will inform you of any delays.