GDPR Policy

Last Updated: January 15, 2026

This GDPR Policy explains your rights under the General Data Protection Regulation (GDPR) and how vortexuf.com processes your personal data. This policy applies to users in the European Economic Area (EEA) and the United Kingdom, as well as users in other jurisdictions with similar data protection laws.

1. Data Controller Information

The data controller responsible for your personal data is:

2. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

2.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data. If we do, you can request:

• A copy of your personal data
• Information about the purposes of processing
• The categories of personal data we hold
• The recipients or categories of recipients of your data
• The retention period or criteria used to determine it
• Information about your other rights
• The source of the data (if not collected from you)
• Information about automated decision-making, if applicable

2.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected without undue delay. You can also request that incomplete data be completed, including by providing a supplementary statement.

2.3 Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation
• The data was collected in relation to offering information society services to a child

We may refuse erasure if processing is necessary for exercising freedom of expression, compliance with legal obligations, public health purposes, archiving, or legal claims.

2.4 Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data when:

• You contest the accuracy of the data (during verification)
• Processing is unlawful and you prefer restriction over erasure
• We no longer need the data but you require it for legal claims
• You have objected to processing (pending verification of legitimate grounds)

When processing is restricted, we will only store the data and process it with your consent, for legal claims, to protect another person's rights, or for important public interest reasons.

2.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transmit this data directly to another controller, where technically feasible. This right applies when:

• Processing is based on consent or a contract
• Processing is carried out by automated means

2.6 Right to Object (Article 21)

You have the right to object to processing of your personal data at any time when processing is based on:

• Legitimate interests (including profiling)
• Performance of a task in the public interest
• Direct marketing purposes (including profiling related to direct marketing)

When you object to direct marketing, we will stop processing your data for that purpose immediately. For other objections, we must stop processing unless we demonstrate compelling legitimate grounds that override your interests.

2.7 Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. Exceptions apply when the decision:

• Is necessary for a contract with you
• Is authorized by law
• Is based on your explicit consent

In these cases, you have the right to obtain human intervention, express your point of view, and contest the decision.

3. How to Exercise Your Rights

To exercise any of your GDPR rights, contact us using one of the following methods:

When submitting a request, please provide:

• Your full name and contact information
• A clear description of the right you wish to exercise
• Any information that helps us identify your data (such as email address used)
• Proof of identity (we may request this to verify your identity)

We will respond to your request within 30 days. If your request is complex or we receive many requests, we may extend this period by up to 60 days. We will inform you of any extension and the reasons for it.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you have given clear consent for us to process your data for a specific purpose, such as marketing communications or analytics cookies.
• Contract (Article 6(1)(b)): When processing is necessary to perform a contract with you or take steps at your request before entering a contract, such as providing game services.
• Legal Obligation (Article 6(1)(c)): When processing is necessary to comply with a legal obligation, such as tax or accounting requirements.
• Legitimate Interests (Article 6(1)(f)): When processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. Examples include fraud prevention, security, and service improvement.

5. Consent Management

When we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

5.1 How to Withdraw Consent

You can withdraw consent by:

• Clicking "unsubscribe" in marketing emails
• Adjusting cookie preferences through our cookie banner
• Contacting us at support@vortexuf.com
• Changing app permissions in your device settings

5.2 Managing Cookies

You can manage cookie preferences at any time by:

• Using our cookie consent banner (click "Customize" to adjust settings)
• Adjusting your browser settings to block or delete cookies
• Using browser extensions that manage cookies

Note that blocking essential cookies may affect website functionality.

6. Data Processing Activities

We process personal data for the following purposes:

6.1 Game Services

• Purpose: Provide and maintain game functionality
• Data: Device ID, game progress, preferences
• Legal Basis: Contract performance
• Retention: Duration of account plus 3 years

6.2 Customer Support

• Purpose: Respond to inquiries and resolve issues
• Data: Name, email, message content
• Legal Basis: Contract performance, legitimate interests
• Retention: 2 years from last contact

6.3 Analytics

• Purpose: Understand usage and improve services
• Data: Usage data, device information
• Legal Basis: Consent, legitimate interests
• Retention: 26 months

6.4 Marketing

• Purpose: Send promotional communications
• Data: Email address, preferences
• Legal Basis: Consent
• Retention: Until consent is withdrawn

7. International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate protection as determined by the European Commission
• Standard Contractual Clauses: EU-approved contractual terms that provide appropriate safeguards
• Binding Corporate Rules: Internal rules approved by data protection authorities

You can request information about specific safeguards by contacting us.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Secure data storage with access controls
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Notify you directly if the breach is likely to result in a high risk to your rights and freedoms
• Document all breaches, including their effects and remedial actions taken

10. Children's Data

Ninja Hands is rated for ages 9 and up. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@vortexuf.com.

11. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. You can file a complaint with:

• The supervisory authority in your country of residence
• The supervisory authority in the country where you work
• The supervisory authority in the country where the alleged infringement occurred

Before filing a complaint, we encourage you to contact us first so we can try to resolve your concerns directly.

12. Changes to This Policy

We may update this GDPR Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date. For material changes, we may also provide additional notice, such as an email notification.

13. Contact Us

For any questions about this GDPR Policy or to exercise your rights, contact us:

For more information about our general data practices, please see our Privacy Policy.