Privacy Policy

HAVFUN GAMES

This Privacy Notice (“Notice”) sets out the privacy practices of HavFun Inc., Suite 2300, 10900 N.E. 4th ST., Bellevue, WA 98004, United States (“HFG”, “we”, “our”, “us”) concerning personal information collected in connection with the services we offer to our customers. (the “Services”).

This Notice provides information about the personal information collected through the Services.

1. Our Relationship with You

Certain data protection and privacy regulations, such as those in the European Economic Area ("EEA"), the United Kingdom ("UK"), and California under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), distinguish between entities that act as "controllers" or "businesses" and those that act as "processors" or "service providers" of personal information.

This Notice applies to the processing of personal information by HFG in its capacity as a “controller” (or any similar role as defined under applicable laws). When we refer to HFG as a “controller,” we mean that HFG determines the purposes for which and the means by which your personal information is processed.

This Notice outlines HFG’s data handling practices in its role as a controller with respect to the categories of personal information described in Section 2.

While you are not obligated to provide personal information to us, failure to do so may limit our ability to offer you certain Services.

2. Personal information we process

This section outlines the types of personal information HFG may collect and process, either as a controller or a processor. We may collect personal information directly from you or from authorized third-party data sources.

To deliver our Services, HFG may verify or process government-issued identification or other official documents submitted by you. Information collected may include, but is not limited to:

  • Personal identifiers (e.g., name, mailing address, email address, phone number);
  • Identification document images (e.g., photos and related details such as demographic and physical characteristics);
  • Government-issued identifiers (e.g., driver’s license or passport numbers)—note that HFG redacts certain elements in accordance with applicable national laws;
  • Visual or audio media (e.g., photographs, recordings);
  • Biometric information (see subsection below).

HFG may collect biometric data in jurisdictions where such data is regulated. This includes facial recognition data captured from selfies, video recordings (with or without audio), and images on identification documents you submit.

Such biometric information may be collected, reprocessed, stored, and utilized to:

Deliver and enhance the Services; and

Retain long-term verification evidence of submitted identification.

HFG will permanently delete biometric data within three (3) years from the date it was first provided or in accordance with specific customer instructions, whichever occurs first, provided that HFG’s legal obligations do not require further retention.

Automatically collected and processed information

HFG will process certain personal information about you that HFG collects from you directly, or other third parties, such as consumer reporting agencies and fraud prevention service providers. The categories of personal information that HFG may process varies depending on the Service and are described below.

When you interact with our Services, we may automatically collect additional data to maintain and improve system functionality. This may include:

  1. Online identifiers (e.g., IP addresses);
  2. Device and network activity (e.g., operating system, browser type/settings, country/language preferences, website or app usage patterns);
  3. Geolocation data (e.g., device location).

We also use cookies and similar tracking technologies to support these functions. For more information, refer to our Cookie Notice.

Information collected from third-party sources

Where permitted by applicable law, HFG may supplement your personal information with data from trusted third-party sources (e.g., fraud prevention services, consumer reporting agencies, data brokers, government registries, and analytics providers) for the purpose of risk mitigation and enhanced service delivery.

3. How we use your personal information

HFG processes the personal information described in Section 2 for the following purposes:

  • Service delivery, including:
    • Identity verification;
    • Comparing newly submitted identification against previously collected records;
    • Detecting fraudulent documents;
    • Enhancing Service efficiency and accuracy;
  • Product improvement and research, including using artificial intelligence to analyze and enhance Services or to develop new offerings;
  • Security management to safeguard systems and data;
  • Data anonymization to generate aggregated insights and statistics.

We may also use personal information to:

  • Enforce or defend legal rights;
  • Detect, investigate, or prevent fraud, misuse, or other illegal activities;
  • Support corporate transactions such as mergers, asset sales, or restructurings;
  • Comply with legal obligations or respond to lawful requests by public authorities.

4. How do we share personal information

We may share your personal information with:

  • HFG corporate affiliates, only to the extent necessary to fulfill the purposes outlined in this Notice;
  • Our third-party service providers, who we engage to enable us to support our Services and product development and improvement activities, such as data storage and hosting providers, and outsourcing partners;
  • Trusted third-party data providers, including governmental sources, fraud prevention networks, and analytics firms;
  • Customers who engage HFG for identity verification or related Services;
  • Government authorities, regulators, courts, or legal advisors, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • Other individuals or entities, when you have provided explicit consent;
  • Auditors, legal counsel, and consultants, as required for audits, legal compliance, or other business purposes;
  • Successors or acquirers, in the event of a corporate reorganization, merger, or sale involving HFG assets.

Information for California residents. HFG does not sell or share your personal information, as defined under the California Consumer Privacy Act (the “CCPA”) and the California Privacy Rights Act (“CPRA”), without your explicit consent.

5. Data retention and international data transfers

Retention

Unless otherwise stated in this Notice, HFG retains personal information for the following durations:

  • For as long as necessary to fulfill the purposes outlined in Section 3, particularly those related to fraud detection and prevention;
  • For as long as required to comply with applicable legal obligations; and
  • Until any potential legal claims related to the personal information are no longer legally actionable.

We implement appropriate technical and organizational safeguards designed to protect the personal information we collect and process. These safeguards are tailored to the level of risk associated with processing your personal information. Where feasible, we employ techniques such as pseudonymization, de-identification, and aggregation to enhance privacy protection and mitigate security risks.

International Transfers

HFG is headquartered in Bellevue, Washington, United States, and intend to rely on trusted third-party hosting services (e.g., Amazon Web Services). Accordingly, your personal information may be processed and stored in countries outside your country of residence. These jurisdictions may have data protection laws that differ from, and may be less protective than, those of your home country

Personal information referenced in this Notice may be transferred to and processed in the United States or other jurisdictions for the purposes outlined in Section 3. Certain thirdparty recipients described in Section 4 may also be located in or process personal information in countries other than your own. The data protection laws in these countries may be different from, or less stringent than, those in your country of residence.

To safeguard personal information transferred from the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, we implement adequate protection mechanisms, which may include:

  • Relying on adequacy decisions by the European Commission or UK government;
  • Incorporating Standard Contractual Clauses (SCCs) issued by the European Commission or UK Information Commissioner’s Office into our agreements with recipients.

6. Security

HFG uses commercially reasonable administrative, physical, and technical safeguards to protect personal information from loss, unauthorized access, misuse, alteration, or destruction. While we are committed to protecting your personal data, no method of transmission or storage is completely secure. Therefore, we cannot guarantee absolute security.

7. Your privacy rights

Depending on your location and the applicable data protection laws, you may have certain rights regarding your personal information. You may exercise these rights by contacting us at: privacy@havfun.com. For your protection, we may require verification of your identity before processing your request.

Subject to local legal requirements, your rights may include the ability to:

  • Request confirmation of whether we are processing your personal information;
  • Access a copy of your personal information and understand how it is used;
  • Receive a structured, commonly used, and machine-readable copy of your personal information, or request that it be transferred to another organization (when technically feasible);
  • Request the deletion of your personal information, subject to legal exceptions;
  • Object to or request restrictions on certain types of processing;
  • Request the correction of inaccurate, incomplete, or improperly processed information;
  • File a complaint with the appropriate data protection authority.

If we rely on your consent to process your personal information, you may withdraw that consent at any time. Your withdrawal will not affect the lawfulness of processing that occurred prior to withdrawal. HFG will not discriminate against you for exercising any of your data protection rights.

8. Your consent

By using our Services, you consent to HFG collecting, using, and sharing your personal information for the purposes outlined in this Notice, including your consent to:

  • HFG using its proprietary technologies, including facial recognition algorithms, to verify your identity and match your facial image to the image on your identification document. This may involve the processing of sensitive personal information in certain jurisdictions;
  • HFG sharing your personal information with the customer in connection with the transaction for which the Services are being used;
  • HFG retaining your personal information, as described in Section 2, to provide our Services and to identify potential fraud or suspicious activity related to know-yourcustomer (KYC) compliance.

You may withdraw your consent at any time by contacting us. However, the withdrawal of consent will not affect the lawfulness of any prior processing. HFG may continue to retain your personal information to the extent necessary to comply with legal obligations, establish or defend legal claims, or support anti-fraud and KYC objectives.

9. Other important information

Children’s privacy

Our Services are not intended for use by children under the age of 13. HFG does not knowingly collect personal information from individuals under 13 years of age. If we become aware that we have inadvertently collected personal information from a child under 13, we will take appropriate steps to delete such data promptly.

We recommend that individuals aged 13 to 18 obtain permission from a parent or legal guardian before using our Services or submitting any personal information online.

Automated decision making

“Automated decision-making” refers to decisions made solely through automated means (e.g., algorithms or machine learning), without human intervention, that produce legal or similarly significant effects on individuals.

HFG uses a combination of automated and human-in-the-loop processes to ensure the integrity and quality of the data used in our Services. While certain aspects of our processing are automated, they do not result in decisions that produce legal or similarly significant effects for users.

Examples of criteria used in automated or semi-automated processing include:

  • Verification of the integrity and quality of uploaded photographs;
  • Document recognition and validation checks;
  • Extraction and analysis of text, layout, and visual elements on documents and identification media;
  • Matching of facial images in selfies or videos to those on official identification documents;
  • Analysis of multiple variables to generate confidence scores;
  • Screening against databases of known fraudulent activity or imagery.

In all cases, HFG applies oversight mechanisms such as manual review by trained verification specialists and the use of explainable AI tools to ensure accuracy and fairness. HFG does not use automated decision making that would produce legal effects for you, or that would similarly significantly affect you.

Legal basis for processing

If you are a resident of the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), HFG processes your personal information in accordance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the UK GDPR. The legal bases we rely upon include:

  • Consent, where you have explicitly agreed to our use of your personal information for one or more specific purposes;
  • Legitimate interests, including our interest in delivering secure and efficient identity verification, and the broader public interest in preventing identity theft or fraudulent activity;
  • Compliance with legal obligations, where processing is necessary for HFG to fulfill regulatory or statutory requirements; and
  • Establishment, exercise, or defense of legal claims.

Additional rights for U.S. residents/p>

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). Please refer to our California Privacy Notice for further details.

If you are a resident of the United States, you may have specific rights relating to the collection and use of “Consumer Health Data” as defined by applicable U.S. state privacy laws. Please refer to our U.S. Consumer Health Data Privacy Policy for more information.

If you are a resident of Washington State and your personal information qualifies as “Consumer Health Data” under the My Health, My Data Act, please review our Washington State Consumer Health Privacy Notice for specific information regarding our data collection and handling practices.

10. Updates to this notice

We may revise this Notice from time to time to reflect changes in legal requirements, regulatory guidance, technological advancements, or our business practices. When we make material changes, we will update the “Last Updated” date at the bottom of this Notice. We encourage you to review this Notice periodically to stay informed about how we protect your personal information.

11. How to contact us

If you have any questions, concerns, or comments regarding this Notice or our data protection practices, you may contact us using the details below:

Email:
privacy@havfun.com

Mailing Address:

HavFun Inc.
Attn: Privacy
Suite 2300, 10900 N.E. 4th Street
Bellevue, WA 98004
United States

[Last Updated: September 10, 2025]