GDPR Compliance Statement

Last updated: 29/07/2025
Effective date: 29/07/2025

1. Introduction

Sunny Power Game ("we," "our," or "us") is committed to protecting the privacy and personal data of all our users, including those located in the European Union (EU) and European Economic Area (EEA). This GDPR Compliance Statement outlines how we comply with the General Data Protection Regulation (GDPR) when processing personal data of EU/EEA residents.

While we are based in Australia, we recognize the importance of GDPR compliance for our international users and have implemented appropriate measures to ensure the protection of personal data in accordance with GDPR requirements.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you explicitly agree to the processing of your personal data
  • Contract Performance: To provide our gaming services and fulfill our contractual obligations
  • Legitimate Interest: To improve our services, ensure security, and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

3. Your GDPR Rights

As an EU/EEA resident, you have the following rights under GDPR:

Right to Access

You can request a copy of your personal data and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

Right to Portability

You can request a copy of your data in a structured, machine-readable format.

Right to Object

You can object to processing of your personal data in certain circumstances.

Right to Restriction

You can request restriction of processing in certain situations.

4. How to Exercise Your Rights

To exercise your GDPR rights, please contact us using one of the following methods:

Primary Contact

Email: gdpr@sunnypowergame.com

Subject Line: "GDPR Rights Request"

Alternative Contact

Email: privacy@sunnypowergame.com

Response Time: Within 30 days

5. Data Processing Details

5.1 Categories of Personal Data

  • Identity data (name, email address, date of birth)
  • Technical data (IP address, device information, browser type)
  • Usage data (gameplay statistics, preferences, interactions)
  • Marketing data (communication preferences, consent records)

5.2 Data Retention Periods

  • Account Data: Retained for the duration of your account plus 3 years
  • Gameplay Data: Retained for 2 years after account deletion
  • Technical Logs: Retained for 12 months
  • Marketing Data: Retained until consent withdrawal or 2 years

5.3 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EU/EEA, including Australia. We ensure appropriate safeguards are in place through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Other appropriate safeguards as required by GDPR

6. Data Protection Measures

We implement comprehensive data protection measures to ensure the security of your personal data:

Technical Measures

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Regular security assessments
  • Access controls and authentication
  • Intrusion detection systems

Organizational Measures

  • Data protection training for staff
  • Data minimization practices
  • Regular privacy impact assessments
  • Incident response procedures
  • Vendor security assessments

7. Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Document all breaches and remedial actions taken
  • Implement measures to prevent future breaches

8. Third-Party Processors

We may use third-party service providers to process your personal data. All processors are carefully selected and bound by data processing agreements that ensure GDPR compliance.

Current Processors:

  • • Cloud hosting providers (with EU data centers)
  • • Analytics services (with data anonymization)
  • • Customer support platforms
  • • Payment processors (if applicable)

9. Cookies and Consent

We use cookies and similar technologies in compliance with GDPR requirements:

  • Essential Cookies: No consent required (necessary for service operation)
  • Analytics Cookies: Consent required (can be withdrawn anytime)
  • Marketing Cookies: Explicit consent required
  • Preference Cookies: Consent required

You can manage your cookie preferences through our cookie consent banner or browser settings.

10. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.

EU Supervisory Authorities:

11. Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated statement on our website
  • Sending email notifications to registered users
  • Updating the "Last updated" date

12. Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us:

Data Protection Officer

Email: dpo@sunnypowergame.com

Response Time: Within 30 days

General Inquiries

Email: privacy@sunnypowergame.com

Website: sunnypowergame.com

13. Additional Resources

For more information about GDPR and your rights, please visit: