Privacy Policy

Introduction

At Maloomat, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or engage with our Android game development services.Your privacy is our priority. This policy applies to all users of our website (https://maloomat.site), clients who engage our game development services, and anyone who interacts with Maloomat in any capacity.By using our website or services, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Types of Information Collected

Personal Information We may collect the following personal information when you:

  • Contact us through our website or email
  • Schedule consultations or phone calls
  • Submit project inquiries or proposals
  • Engage our services for game development

Personal Information Includes:

  • Name and contact details (full name, email address, phone number)
  • Company information (company name, position, business address)
  • Location data (country, city, time zone)
  • Project details (budget, timeline, requirements)
  • Payment information (billing address, payment method details)

Technical Information We automatically collect certain technical information when you visit our website:

  • Browser information (type, version, language settings)
  • Device information (device type, operating system, screen resolution)
  • Website usage data (pages visited, time spent, referral sources)
  • IP address and location (for security and analytics purposes)
  • Cookies and tracking data (as described in our Cookie Policy)

Analytics Information We use analytics tools to understand how our website is used:

  • Page views and user interactions
  • Session duration and bounce rates
  • Search queries and navigation patterns
  • Mobile vs desktop usage statistics

How We Use Your Information

Service Delivery

Game Development Services

  • Project management and communication
  • Technical development and implementation
  • Progress updates and milestone reporting
  • Asset creation and customization based on your requirements
  • Launch support and post-deployment services

Communication

  • Responding to inquiries and support requests
  • Scheduling consultations and meetings
  • Project updates and status reports
  • Marketing communications (with your consent)
  • Newsletter and industry updates (optional subscription)

Business Operations

Financial Management

  • Processing payments and managing invoices
  • Financial reporting and accounting
  • Fraud prevention and security measures
  • Contract management and legal compliance

Service Improvement

  • Analyzing website usage to improve user experience
  • Gathering feedback to enhance our services
  • Personalizing content and recommendations
  • Technical optimization and performance monitoring

Legal Compliance

Security and Legal Requirements

  • Protecting against fraud and unauthorized access
  • Complying with legal obligations and regulations
  • Maintaining business records as required by law
  • Investigating security incidents or policy violations

Information Sharing and Disclosure

We Do Not Sell Your Information

Maloomat does not sell, trade, or rent your personal information to third parties. We only share your information in the following limited circumstances:Service Providers We may share information with trusted third-party service providers who assist us in:

  • Cloud hosting and data storage (AWS, Google Cloud)
  • Email communications (professional email services)
  • Payment processing (secure payment gateways)
  • Analytics and reporting (Google Analytics, with anonymized data)
  • Technical support and maintenance services

Legal Requirements We may disclose your information when required by law:

  • Court orders or legal proceedings
  • Government investigations or regulatory compliance
  • Protecting rights and safety of Maloomat, our clients, or others
  • Enforcing our terms of service or other agreements

Business Transfers In the event of a merger, acquisition, or sale of assets:

  • Information may be transferred to the acquiring entity
  • Users will be notified of any ownership changes
  • Privacy protections will be maintained during transition

Cookies and Tracking Technologies

How We Use Cookies

Essential Cookies

  • Authentication and session management
  • Website functionality and user preferences
  • Security features and fraud prevention
  • Form data and user input retention

Analytics Cookies

  • Google Analytics for website performance analysis
  • User behavior tracking to improve user experience
  • Device and browser compatibility testing
  • Performance monitoring and optimization

Marketing Cookies (Optional)

  • Email campaign effectiveness tracking
  • Social media integration and sharing features
  • Targeted content delivery (with consent)
  • Conversion tracking for business metrics

Cookie Management

You can control cookies through:

  • Browser settings – disable or delete cookies
  • Privacy preferences – opt-out of non-essential cookies
  • Contact us – request cookie information or removal
  • Third-party tools – use privacy-focused browser extensions

Data Security and Protection

Security Measures

Technical Safeguards

  • SSL/TLS encryption for all data transmission
  • Firewall protection and intrusion detection
  • Secure data storage with encryption at rest
  • Access controls and authentication systems
  • Regular security audits and vulnerability assessments

Administrative Safeguards

  • Employee training on privacy and security
  • Access restrictions based on job requirements
  • Confidentiality agreements for all team members
  • Background checks for personnel handling sensitive data
  • Regular policy reviews and updates

Physical Safeguards

  • Secure office premises with controlled access
  • Device security and mobile device management
  • Secure disposal of hardware and storage media
  • Environmental controls for server equipment

Data Breach Response

In the unlikely event of a data breach:

  • Immediate containment and investigation
  • Prompt notification to affected users
  • Regulatory reporting as required by law
  • Remedial actions to prevent future incidents
  • Transparent communication about the incident and response

International Data Transfers

Cross-Border Data Processing

Data Location

  • Primary servers located in Pakistan
  • Cloud services may process data globally
  • Adequate protections for international transfers
  • Compliance with applicable data protection laws

Transfer Safeguards

  • Standard contractual clauses with service providers
  • Encryption during data transmission
  • Legal compliance in destination countries
  • Regular monitoring of international processing

Your Privacy Rights

Your Rights and Choices

Access and Portability

  • Request access to your personal information
  • Obtain copies of data we hold about you
  • Data portability in machine-readable format
  • Regular updates on how your data is used

Correction and Updates

  • Correct inaccurate or incomplete information
  • Update your preferences and contact details
  • Modify consent for marketing communications
  • Change privacy settings and preferences

Deletion and Restriction

  • Request deletion of your personal information
  • Restrict processing under certain circumstances
  • Opt-out of marketing communications
  • Account deactivation and data removal

How to Exercise Your Rights Contact us at support@maloomat.site with:

  • Your full name and contact information
  • Specific request and reason for the request
  • Identity verification (for security purposes)
  • Reasonable timeframe for complex requests

Children’s Privacy

Protection of Minors

Age Restrictions

  • 18+ only – Our services are intended for adults
  • No intentional collection of children’s information
  • Age verification during service engagement
  • Parental notification if minor’s data is discovered

If We Discover Minor’s Information

  • Immediate deletion of collected data
  • Parent/guardian notification when possible
  • Enhanced security measures for protection
  • Compliance with children’s privacy laws

Data Retention

How Long We Keep Your Information

Client Data

  • Active projects – Duration of engagement plus 3 years
  • Financial records – 7 years for accounting purposes
  • Communication records – 5 years for business continuity
  • Game assets and code – As specified in service agreements

Website Data

  • Analytics data – 26 months (Google Analytics default)
  • Cookie data – As specified in cookie settings
  • Contact inquiries – 2 years for follow-up purposes
  • Newsletter subscriptions – Until unsubscribed

Secure Deletion

  • Secure wiping of digital storage
  • Physical destruction of paper records
  • Certification of data destruction when required
  • Verification of complete data removal

Contact Information

Privacy Questions and Concerns

Data Protection Officer Email: privacy@maloomat.site Response Time: Within 48 hoursGeneral Privacy Inquiries Email: support@maloomat.site Response Time: Within 24 hoursMailing Address Maloomat Game Development Studio A-Block, Johar Town Lahore, Punjab 54000 PakistanBusiness Hours Monday – Friday: 9:00 AM – 6:00 PM (PKT) Saturday: 10:00 AM – 4:00 PM (PKT)

Policy Updates

Changes to This Privacy Policy

Regular Reviews

  • Annual policy review and updates
  • Legal compliance monitoring
  • Security enhancement integration
  • Best practice implementation

Notification of Changes

  • Email notification to active clients
  • Website announcement of policy updates
  • 30-day notice for significant changes
  • Change summary and effective date

Version History

  • Version 1.0 – January 15, 2025 (Current)
  • Future updates will be documented here
  • Change tracking for transparency
  • Legal compliance verification

Legal Basis for Processing

Lawful Processing Under GDPR

Legitimate Interests

  • Service delivery and client communication
  • Business operations and improvement
  • Security and fraud prevention
  • Marketing to existing clients (with opt-out)

Contractual Necessity

  • Service agreements and project delivery
  • Payment processing and financial management
  • Communication related to services
  • Technical support and maintenance

Legal Compliance

  • Regulatory requirements and reporting
  • Law enforcement requests
  • Tax and accounting obligations
  • Security incident response

Consent

  • Marketing communications (optional)
  • Non-essential cookies and tracking
  • Analytics beyond basic functionality
  • Third-party integrations (social media, etc.)

Third-Party Services

External Service Providers

Analytics Services

  • Google Analytics – Website traffic and user behavior analysis
  • Anonymized data collection and reporting
  • Performance metrics and optimization insights
  • User privacy controls available through Google

Cloud Services

  • Amazon Web Services (AWS) – Secure data hosting and storage
  • Google Cloud Platform – Backup and redundancy services
  • Microsoft Azure – Additional cloud infrastructure
  • Industry-standard security and compliance certifications

Payment Processing

  • Stripe – Secure payment processing and billing
  • PayPal – Alternative payment method support
  • Bank transfers – Direct financial institution transfers
  • PCI DSS compliance for all payment processors

Communication Tools

  • Google Workspace – Professional email and collaboration
  • Zoom – Video conferencing and client meetings
  • Slack – Internal team communication
  • WhatsApp Business – Client communication (with consent)

Data Subject Rights Under GDPR

European Union Residents

If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR):Right to Information

  • Clear information about data processing purposes
  • Details about data retention periods
  • Information about your rights and how to exercise them
  • Contact details for our Data Protection Officer

Right of Access

  • Request confirmation of data processing
  • Obtain a copy of your personal data
  • Information about processing purposes and recipients
  • Details about automated decision-making (if applicable)

Right to Rectification

  • Correct inaccurate personal data
  • Complete incomplete personal data
  • Update outdated information
  • Modify incorrect contact details

Right to Erasure (Right to be Forgotten)

  • Request deletion of personal data when no longer necessary
  • Withdraw consent for processing based on consent
  • Object to processing for legitimate interests
  • Request erasure of unlawfully processed data

Right to Restrict Processing

  • Limit processing while verifying accuracy of data
  • Restrict processing of unlawfully processed data
  • Maintain data when needed for legal claims
  • Object to processing based on legitimate interests

Right to Data Portability

  • Receive personal data in structured, machine-readable format
  • Transmit data to another controller where technically feasible
  • Direct transmission between controllers when possible
  • Applies to data processed based on consent or contract

Right to Object

  • Object to processing based on legitimate interests
  • Object to direct marketing at any time
  • Object to processing for scientific or historical research
  • Object to automated decision-making and profiling

California Consumer Privacy Act (CCPA)

California Residents’ Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act:Right to Know

  • Categories of personal information collected
  • Specific pieces of personal information collected
  • Categories of sources of personal information
  • Business or commercial purposes for collecting personal information
  • Categories of third parties with whom we share personal information

Right to Delete

  • Request deletion of personal information collected from you
  • Exceptions for certain legal obligations and legitimate business purposes
  • Verification process to confirm identity before deletion
  • Notice of deletion to service providers and third parties

Right to Opt-Out

  • Opt-out of the sale of personal information (we do not sell personal information)
  • Direct third parties not to sell your personal information
  • Clear and conspicuous “Do Not Sell My Personal Information” links

Right to Non-Discrimination

  • No denial of goods or services for exercising CCPA rights
  • No charging different prices or rates
  • No providing different quality of goods or services
  • Incentive programs must be reasonably related to value of data

International Compliance

Global Privacy Standards

Canada – PIPEDA Compliance

  • Consent requirements for personal information collection
  • Purpose limitation and data minimization principles
  • Accuracy and security safeguards
  • Individual access and correction rights

Australia – Privacy Act Compliance

  • Australian Privacy Principles (APPs) adherence
  • Notification requirements for data breaches
  • Cross-border data transfer restrictions
  • Individual rights and complaint mechanisms

United Kingdom – UK GDPR

  • Post-Brexit data protection requirements
  • Lawful basis for processing personal data
  • Data subject rights and controller obligations
  • International transfer mechanisms

Specific Processing Activities

Detailed Processing Information

Website Analytics

  • Purpose: Understanding website performance and user behavior
  • Legal Basis: Legitimate interests (improving user experience)
  • Data Types: IP address, browser information, page views, session data
  • Retention: 26 months (Google Analytics standard)
  • Third Parties: Google Analytics

Client Communication

  • Purpose: Responding to inquiries and providing customer support
  • Legal Basis: Legitimate interests and contractual necessity
  • Data Types: Name, email, phone number, inquiry details
  • Retention: 2 years for prospects, 5 years for clients
  • Third Parties: Email service providers

Project Development

  • Purpose: Delivering game development services
  • Legal Basis: Contractual necessity
  • Data Types: Project requirements, technical specifications, feedback
  • Retention: Duration of project plus 3 years
  • Third Parties: Development tools and platforms

Payment Processing

  • Purpose: Processing payments for services
  • Legal Basis: Contractual necessity
  • Data Types: Billing information, payment method details
  • Retention: 7 years for accounting purposes
  • Third Parties: Payment processors (Stripe, PayPal)

Marketing Communications

  • Purpose: Sending newsletters and promotional materials
  • Legal Basis: Consent
  • Data Types: Email address, communication preferences
  • Retention: Until consent is withdrawn
  • Third Parties: Email marketing platforms

Data Protection Impact Assessments

High-Risk Processing Activities

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may result in high risk to individual rights and freedoms:Systematic Monitoring

  • Website analytics and user behavior tracking
  • Client communication monitoring for quality assurance
  • Security monitoring and threat detection
  • Performance analytics for service improvement

Large-Scale Processing

  • Client database management across multiple projects
  • Marketing communications to large subscriber lists
  • Analytics data collection from website visitors
  • Financial records processing for accounting purposes

Special Categories of Data

  • We do not intentionally process special categories of personal data
  • If such data is inadvertently collected, it is immediately deleted
  • Enhanced security measures for any sensitive information
  • Regular training for staff on handling sensitive data

Automated Decision-Making

Algorithmic Processing

No Significant Automated Decision-Making

  • We do not use automated decision-making that significantly affects individuals
  • All client decisions are made by human reviewers
  • Project assessments involve human evaluation and expertise
  • No profiling that produces legal or similarly significant effects

Limited Automated Processing

  • Spam filtering for email communications
  • Security monitoring for fraud detection
  • Website analytics for performance optimization
  • Technical monitoring for system maintenance

Human Oversight

  • All automated systems have human oversight and intervention capabilities
  • Regular review of automated processing outcomes
  • Ability to challenge or request review of automated decisions
  • Transparency in automated processing purposes and logic

Breach Notification Procedures

Data Breach Response Plan

Detection and Assessment

  • Continuous monitoring systems for security incidents
  • Staff training on identifying potential breaches
  • Immediate escalation procedures for suspected breaches
  • Risk assessment and impact evaluation protocols

Containment and Investigation

  • Immediate containment measures to prevent further data loss
  • Forensic investigation to determine scope and cause
  • Documentation of breach details and response actions
  • Coordination with law enforcement if criminal activity suspected

Notification Requirements

  • Supervisory Authority Notification: Within 72 hours of awareness
  • Individual Notification: Without undue delay if high risk to rights
  • Client Notification: Immediate notification for client data breaches
  • Public Disclosure: If required by law or in public interest

Remediation and Prevention

  • Immediate remedial actions to address vulnerabilities
  • Enhanced security measures to prevent similar incidents
  • Regular security audits and penetration testing
  • Staff retraining on security procedures and protocols

Jurisdiction and Applicable Law

This Privacy Policy is governed by the laws of Pakistan and any disputes will be resolved in the courts of Lahore, Pakistan. However, we strive to comply with international privacy standards including GDPRCCPAPIPEDA, and other applicable regulations where our services are used.For international clients, we recognize that additional privacy laws may apply and we work to ensure compliance with applicable regulations in your jurisdiction.

Your trust is essential to our business. If you have any questions about this Privacy Policy or how we handle your information, please don’t hesitate to contact us at support@maloomat.site.Effective Date: January 15, 2025Maloomat Game Development Studio – https://maloomat.site