TOO "Dynamic Technologies"  
Company number: 190640015412  
Address: 070004, EAST KAZAKHSTAN REGION, UST-KAMENOGORSK, POBEDY  
AVE., 9, N.P. 34  
E-mail: [email protected]  
PRIVACY POLICY  
As amended on July 1, 2025  
1.  
General Provisions  
1.1. This Privacy Policy (hereinafter referred to as the “Policy”) defines the  
procedure for processing and protecting the personal data of users of the Game  
and the Website owned by LLP “Dynamic Technologies” (registration number:  
190640015412, address: Republic of Kazakhstan, Ust-Kamenogorsk, Pobedy Ave., 9,  
N.P. 34) (hereinafter referred to as the “Administration”).  
1.2. The Privacy Policy may be amended by the Administration. The new version of  
the Policy comes into force upon its publication and public availability.  
1.3. The processing of information is carried out by the Administration in  
accordance with this Policy, the internal regulations of the Administration, the  
General Data Protection Regulation (GDPR), and the legislation of the Republic of  
Kazakhstan.  
2.  
Terms and Definitions  
2.1. Personal Data – any information relating to an identified or identifiable natural  
person (data subject), either directly or indirectly.  
2.2. Data Subject – any natural person.  
2.3. Controller (Operator)1 – any natural or legal person, public authority, agency, or  
other body which, alone or jointly with others, determines the purposes and  
means of the processing of personal data.  
2.4. Processor2 – any natural or legal person, public authority, agency, or other  
body which processes personal data on behalf of and under instructions from the  
controller (operator). The Administration acts as the controller (operator) of  
personal data.  
2.5. Processing of Personal Data – any operation or set of operations which is  
performed on personal data, whether or not by automated means.  
3.  
Data Sources  
In the Game:  
3.1. From the User’s personal device (including device ID, IP address);  
1 The term is used depending on the applicable legislation.  
2 The term is used depending on the applicable legislation.  
3.2. From linked social media accounts, in case the User authorizes access to the  
Game through their existing accounts on other platforms (Discord, VKontakte,  
Apple);  
3.3. From the User’s account in the Game (including information about behavioral  
characteristics and purchase history).  
On the Website:  
3.4. Data provided directly by the User through communication with the  
Administration via email and through forms completed by the User on the  
Website;  
3.5. From cookies stored in the User’s browser.  
4.  
Purposes of Personal Data Processing  
In the Game:  
4.1. Purpose: Identification of the User for the purpose of fulfilling the  
obligations of the Administration as provided in the User Agreement.  
List of data that contains or may contain personal data: login, information about  
linked accounts (if linked), device ID, IP address, character’s first and last name  
(nickname), purchase history.  
Categories of data subjects: Users who have registered in the Game.  
Legal basis: Processing is carried out with the consent of the personal data  
subject.  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (access, provision),  
blocking, deletion, destruction of personal data.  
Processing method: automated.  
Processing period: until the User’s account is deleted or the consent to personal  
data processing is withdrawn.  
4.2. Purpose: collection of analytics.  
List of data that contains or may contain personal data: User’s behavioral  
characteristics in the Game.  
Categories of data subjects: Game Users.  
Legal basis: processing is carried out with the consent of the data subject and  
based on the legitimate interest of the Administration.  
Processing method: automated.  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: until the account is deleted or consent to personal data  
processing is withdrawn.  
4.3. Purpose: handling and responding to requests and complaints, and  
providing technical support.  
List of data that contains or may contain personal data: character’s first and last  
name (nickname) (when interacting with the Administration through the  
in-game menu).  
Categories of data subjects: Game Users.  
Legal basis: processing is carried out with the data subject’s consent to the  
processing of their personal data.  
Processing method: both automated and non-automated (mixed).  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: for three (3) years from the date the request, complaint, or  
claim is received.  
4.4. Purpose: sending Users information about changes in the Game, promo  
codes, promotions, and other marketing activities.  
List of data that contains or may contain personal data: character’s first and last  
name (nickname), email address, full name (if provided during registration).  
Categories of data subjects: Game Users.  
Legal basis: processing is carried out with the data subject’s consent to the  
processing of their personal data.  
Processing method: both automated and non-automated (mixed).  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: until the account is deleted, the User unsubscribes from  
informational and marketing communications, or consent to personal data  
processing is withdrawn.  
4.5. Purpose: improving the Game’s interface and features, informing users,  
and enabling technical capabilities to increase device usage time.  
List of data that contains or may contain personal data: device ID, IP address.  
Categories of data subjects: Game Users.  
Legal basis: processing is carried out in accordance with the User Agreement for  
the Game.  
Processing method: automated.  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: until the account is deleted or consent to personal data  
processing is withdrawn.  
As part of fulfilling this purpose, personal data of Users may be transferred to third  
parties with whom the Controller has entered into a civil law contract, based on  
separately obtained consent from the User, specifying the processing and storage  
periods for the personal data to be transferred.  
4.6. The provision of personal data is necessary for the conclusion of the  
agreement under the terms of the User Agreement and for the ability to use  
the Game.  
Possible consequences of failure to provide such data: inability to conclude the  
agreement under the User Agreement with the data subject, inability of the data  
subject to use the Game and receive the full scope of services provided by the  
Game Administration.  
On the Website:  
4.7. Purpose: receiving and responding to User inquiries, complaints, and  
claims.  
List of data that contains or may contain personal data: email address (in case of  
interaction via email), full name, phone number (when contacting the  
Administration through the Website form), postal address (when interacting via  
physical letters).  
Categories of data subjects: Website Users.  
Legal basis: processing is carried out with the consent of the personal data  
subject.  
Processing method: both automated and non-automated (mixed).  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: for three (3) years from the date of receipt of such inquiry,  
complaint, or claim.  
4.8. Purpose: ensuring the proper functioning of the Website, improving its  
quality, and collecting analytics.  
List of data that contains or may contain personal data: cookies.  
Categories of data subjects: Website Users.  
Legal basis: processing is carried out with the consent of the personal data  
subject and based on the legitimate interest of the Administration.  
Processing method: automated.  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: until the consent to personal data processing is withdrawn  
through appropriate browser settings by the User.  
4.9.  
Purpose:  
reviewing  
partnership  
proposals,  
and  
concluding  
and  
performing civil law contracts with counterparties.  
List of data that contains or may contain personal data: full name; place of  
employment; mobile phone number; email address; messenger nickname.  
Categories of data subjects: representatives of counterparties.  
Legal basis: processing is carried out with the consent of the personal data  
subject and based on the legitimate interest of the Administration.  
Processing method: automated.  
List of actions: collection, recording, systematization, accumulation, storage,  
clarification (updating, modification), retrieval, use, transfer (provision, access),  
blocking, deletion, destruction of personal data.  
Processing period: for three (3) years from the date of receipt of such proposal, or  
for three (3) years from the date of fulfillment of the Parties’ obligations under the  
contract.  
5. Automated Decision-Making  
5.1. The Administration does not use automated decision-making. The  
Administration also does not use personal data for automated evaluation of Users’  
personal characteristics (automated profiling or profiling).  
6. Principles of Personal Data Processing  
6.1. The Administration processes personal data based on the following principles:  
Personal data is processed lawfully and fairly;  
The processing of personal data is limited to achieving specific, pre-defined,  
and lawful purposes;  
Processing of personal data that is incompatible with the purposes of data  
collection is not allowed;  
Combining databases containing personal data, the processing of which is  
carried out for incompatible purposes, is not permitted;  
Only personal data relevant to the purposes of processing is subject to  
processing;  
The content and scope of personal data being processed must correspond  
to the stated purposes of processing. Excessive processing of personal data  
in relation to the stated purposes is not permitted;  
Personal data must be accurate, sufficient, and, where necessary, kept up  
to date with respect to the purposes of processing. Necessary measures  
must be taken to delete or clarify incomplete or inaccurate personal data;  
Personal data must be stored in a form that allows identification of the data  
subject for no longer than is necessary for the purposes of processing,  
unless a different storage period is established by law, consent, or a  
contract to which the data subject is a party, beneficiary, or guarantor;  
Processed personal data must be destroyed once the purposes of  
processing have been achieved or when they are no longer needed for  
such purposes, unless otherwise provided by federal law;  
Personal data processing must not be used to cause property and/or moral  
harm to data subjects or to obstruct the realization of their rights and  
freedoms;  
Personal data must be processed in a way that ensures information  
regarding its processing is easily accessible, understandable, and presented  
in plain language. The operator must inform the data subject about the  
processing of their personal data before such processing begins;  
Access to personal data is granted only to Administration employees who  
have received special training in working with personal data and have been  
instructed on personal data handling;  
The Administration must be prepared to confirm the lawfulness of its  
personal data processing activities.  
7. Rights of Data Subjects  
7.1. Data subjects have the right to access the following information:  
(a) the purposes of processing;  
(b) the categories of personal data concerned;  
(c) the recipients or categories of recipients to whom the personal data has been  
or will be disclosed, in particular recipients in third countries or international  
organizations;  
(d) where possible, the intended period for which the personal data will be stored,  
or, if not possible, the criteria used to determine that period;  
(e) the existence of the right to request from the controller the rectification or  
erasure of personal data or restriction of processing, or to object to such  
processing;  
(f) the right to lodge a complaint with a supervisory authority;  
(g) where the personal data is not collected from the data subject, any available  
information as to its source;  
(h) the existence of automated decision-making, including profiling, and, at least  
in those cases, meaningful information about the logic involved, as well as the  
significance and the envisaged consequences of such processing for the data  
subject.  
7.2. The data subject has the right to obtain from the Administration without  
undue delay the rectification of inaccurate personal data concerning them.  
Taking into account the purposes of the processing, the data subject has the right  
to have incomplete personal data completed, including by providing a  
supplementary statement.  
7.3. The data subject has the right to request from the Administration the erasure  
of personal data concerning them without undue delay, and the Administration is  
obligated to erase such personal data without undue delay where one of the  
following grounds applies:  
(a) the personal data is no longer necessary in relation to the purposes for which it  
was collected or otherwise processed;  
(b) the data subject withdraws consent on which the processing is based, and  
there is no other legal ground for the processing;  
(c) the data subject objects to the processing and there are no overriding  
legitimate grounds for the processing, or the data subject objects to the  
processing;  
(d) the personal data has been unlawfully processed;  
(e) the personal data must be erased to comply with a legal obligation under  
applicable law;  
(f) the personal data has been collected in relation to the offer of information  
society services.  
7.4. The data subject has the right to request the restriction of processing from  
the Administration where one of the following applies:  
(a) the accuracy of the personal data is contested by the data subject, for a period  
enabling the controller to verify the accuracy of the personal data;  
(b) the processing is unlawful and the data subject opposes the erasure of the  
personal data and requests the restriction of its use instead;  
(c) the controller no longer needs the personal data for the purposes of the  
processing, but it is required by the data subject for the establishment, exercise,  
or defense of legal claims;  
(d) the data subject has objected to processing pending the verification of  
whether the legitimate grounds of the controller override those of the data  
subject.  
7.5. The data subject has the right to object at any time, on grounds relating to  
their particular situation, to the processing of their personal data, including  
profiling based on those provisions. The Administration shall no longer process  
the personal data unless it demonstrates compelling legitimate grounds for the  
processing that override the interests, rights, and freedoms of the data subject, or  
for the establishment, exercise, or defense of legal claims.  
7.6. The data subject has the right to receive the personal data concerning them,  
which they have provided to the Administration, in a structured, commonly used,  
and machine-readable format and has the right to transmit those data to another  
controller without hindrance from the controller to which the personal data has  
been provided, where:  
(a) the processing is based on consent or on a contract; and  
(b) the processing is carried out by automated means.  
7.7. Where the processing is based on consent, the data subject has the right to  
withdraw their consent at any time, without affecting the lawfulness of  
processing based on consent before its withdrawal.  
7.8. The data subject has the right to lodge a complaint with a supervisory  
authority.  
8. Cross-Border Transfer of Personal Data  
8.1. The Administration may carry out cross-border transfers of personal data in  
compliance with legal requirements.  
8.2. The transfer of personal data to a third country or an international  
organization may take place when the Administration has determined that the  
third country, a territory within that country, one or more specific sectors within  
that country, or the international organization ensures an adequate level of data  
protection.  
9. Measures to Ensure the Security of Personal Data  
9.1. The Administration takes all necessary organizational and technical measures  
to protect the personal data of data subjects from unlawful or accidental access,  
destruction, alteration, blocking, dissemination, as well as from other unlawful  
actions involving such data.  
9.2. The Administration’s personal data security measures include, but are not  
limited to, the following:  
Keeping records of the categories and list of personal data being  
processed, categories of data subjects whose personal data is processed,  
data retention periods, and procedures for the destruction of such data;  
Describing the nature of personal data processing at the design stage of  
any process or system, including processing purposes, legal grounds,  
categories and number of data subjects, list of personal data, actions  
performed on personal data, procedures for data transfer, including  
cross-border transfers, and information about third parties to whom the  
data is transferred;  
Keeping records of data storage media and information systems used for  
processing personal data;  
Determining the required level of security for personal data processed in  
information systems;  
Identifying threats to personal data security during processing in  
information systems;  
Determining and implementing technical and organizational protection  
measures prior to the launch of new personal data processing procedures  
and new information systems;  
Assessing and documenting potential harm that could be caused to data  
subjects and evaluating the adequacy of the protective measures  
implemented by the Administration in relation to that harm;  
Establishing access rules to personal data processed in information  
systems and ensuring the registration and logging of actions performed  
with personal data in such systems;  
Applying information protection tools that have successfully passed  
conformity assessment procedures;  
Detecting unauthorized access to personal data and other incidents, and  
taking measures to eliminate and mitigate their consequences;  
Restoring personal data that has been modified or destroyed due to  
unauthorized access;  
Accounting for the job positions of employees whose access to personal  
data (processed both manually and automatically) is necessary for the  
performance of their duties;  
Ensuring that Administration employees directly involved in the processing  
of personal data are familiar with personal data legislation, confirmed by  
signature, and providing appropriate training;  
Monitoring and assessing the effectiveness of personal data security  
measures before launching the relevant information system into operation;  
Conducting regular internal audits to assess compliance with applicable  
data protection laws and regulations regarding personal data processing  
and security;  
Appointing a person responsible for organizing the processing of personal  
data.  
10. Use of analytics services, cookies  
10.1. Data collected in Game may also be received and processed by third party  
providers. Analytics services in Game:  
Google Analytics  
Google Firbase  
Adjust  
More  
More  
More  
USA  
USA  
Germany  
10.2. Cookies are small files that are created and stored on the device when  
visiting the Website. Cookies are stored on the device for no longer than one year  
and are used to adapt the Website’s functionality and ensure its most efficient  
operation on the User’s device.  
10.3. Visiting and using the Website by default involves the generation and storage  
of cookies. However, the User may delete cookies from their device at any time  
through the settings of their browser. The User may also refuse to accept cookies,  
but in that case, the functionality of the Website may not be fully guaranteed.  
10.4. The following types of cookies are used on the Website:  
Technical and  
functional  
cookies  
These files, generated by the engines, are used to ensure  
smooth operation and also to remember the settings  
selected by the user.  
10.5. The following analytics services are used on the Web-site:  
Yandex.Metrica  
More  
USA  
11. Contact Information for Personal Data Processing Inquiries  
11.1. If you have any questions or requests related to the processing of personal  
data, including withdrawal of consent to the processing of personal data, you may  
contact us via email at [email protected] or send a written request to the following  
address:  
070004, Republic of Kazakhstan, Ust-Kamenogorsk, Pobedy Ave., 9, N.P. 34.  
11.2. The Controller ensures the rights of data subjects in accordance with Section 7  
of this Policy and fulfills its obligations in accordance with applicable law.  
11.3. Information regarding the processing of a data subject’s personal data is  
provided to the data subject or their authorized representative upon request  
within the time limits established by applicable law. If no time frame is specified  
by law, the information shall be provided within 10 (ten) business days.  
11.4. The request must include: the number of the primary identification document  
of the data subject or their representative, the date of issuance and the issuing  
authority, information confirming the data subject’s relationship with the  
Controller (e.g., contract number, date of conclusion, reference term and/or other  
details), or other information confirming the fact of personal data processing by  
the Controller, and the signature of the data subject or their representative.  
11.5. The Controller undertakes to provide the data subject or their representative  
with free access to the personal data related to that data subject. Within no more  
than 7 (seven) business days from the date the data subject or their representative  
submits documentation confirming that the personal data is incomplete,  
inaccurate, or outdated, the Controller shall make the necessary corrections.  
Within no more than 7 (seven) business days from the date the data subject or  
their representative submits documentation confirming that the personal data  
was obtained unlawfully or is not necessary for the declared purpose of  
processing, the Controller shall delete such data. The Controller shall notify the  
data subject or their representative of the changes made and the actions taken,  
and shall take reasonable steps to inform any third parties to whom the personal  
data was disclosed.  
12. Procedure for the Destruction of Personal Data  
12.1. Upon the achievement of the purposes of processing, or in the event that such  
purposes are no longer necessary - unless otherwise required by law or separately  
agreed upon by the parties - the personal data being processed must be  
destroyed.  
12.2. Personal data stored on electronic media shall be destroyed using certified  
data destruction software. Personal data on paper shall be destroyed using  
technical means to ensure complete destruction. Personal data stored in  
information systems shall be destroyed by deleting the relevant entries from the  
databases.  
12.3. During the destruction of personal data, the Controller shall prepare a formal  
destruction certificate (act of destruction).  
13. Final Provisions  
13.1. The requirements of this Policy apply to all data subjects regardless of their  
citizenship or location.  
13.2. This Policy may be updated periodically in accordance with the requirements  
of applicable law.