BULL HIT – PRIVACY POLICY

    Effective Date: April 24, 2025

    INTRODUCTION AND GENERAL TERMS

    Introduction

    This Privacy Policy applies to the use of the virtual reality game Bull Hit (the “Game”), including its multiplayer features and other related online services (collectively, the “Online Services”), developed and/or published by Odders Lab, S.L. (“Odders,” “we,” “us”).

    Odders Lab, S.L. is a company incorporated under the laws of Spain, with registered offices at Avenida Santa Clara de Cuba, 4, Nave 18, Seville, Spain, registered with the Commercial Registry of Seville as of 05/03/2019, under volume 6,686, Book 0, page 29, section 8, and sheet SE-121020, and holder of Spanish tax identification number (N.I.F.) B-90.422.262.

    Who does this Privacy Policy apply to?

    This Privacy Policy applies to all users of Bull Hit and its Online Services, including minors using the Game with parental consent, as detailed below.

    Who is responsible for personal data processed under this Privacy Policy?

    Odders is the “controller” of personal data under the General Data Protection Regulation (GDPR) 2016/679 and the Spanish Data Protection and Guarantee of Digital Rights Act 3/2018, 5th December. This Privacy Policy outlines how we collect, use, protect, and share your personal data, including the rights you have regarding your data.

    For questions, concerns, or to exercise your data protection rights, contact us at info@odderslab.com. This Privacy Policy should be read alongside our Terms of Use, available via the Online Services.

    Third-Party Services

    The Online Services may include links to third-party services (e.g., gaming platforms or stores like Steam or Oculus). These services have their own privacy policies, which you should review. We are not responsible for the privacy practices of third-party services.

    Updates to this Privacy Policy

    We may update this Privacy Policy to reflect changes in the Game, regulatory requirements, or user feedback. Updates will be posted on this page and, where significant, we will notify you via email, in-game notices, or other means. For changes affecting minors that require parental consent, we will obtain such consent through our parental consent management provider. Please review this page regularly.

    INFORMATION WE MAY COLLECT ABOUT YOU

    We collect and process the following personal data when you use our Online Services (collectively, “Online Services Information”):

    Submitted Information

    • Profile Information: Username.
    • Multiplayer Information: Voice data (for voice chat in multiplayer modes, not voiceprints), hand and head movement data (for gameplay tracking).
    • Parental Consent Information (for minors): Parent or legal guardian’s email address for consent verification.

    Contact Information

    • Your name and email address when you contact us for support.

    Analytics

    We collect technical information about your use of the Online Services via tracking technologies and analytics, including:

    • Device and Network Data: IP address, device country, language, device type, platform ID, platform username, platform user image.
    • Gameplay Data: Session start, duration, and end times; profile progression (points, level, medals, goals, streaks); workout-related history and statistics (e.g., estimated calorie burn, not collected via medical devices); in-game events (e.g., tutorial completion, workout level/type, menu/navigation usage, accuracy).
    • Multiplayer Data: Matchmaking data, in-game purchases, and interactions with other players (e.g., joining public or private lobbies).

    Children’s Data

    For users under 16 (or the applicable age of consent in their jurisdiction), we collect limited data and impose restrictions to ensure privacy and safety, as outlined in the “Children” section below.

    WHY WE COLLECT INFORMATION ABOUT YOU

    We collect personal data to provide, improve, and personalize the Online Services, particularly for multiplayer features and to ensure a safe experience for all users, including minors. Specific purposes include:

    To Provide Online Services

    • Deliver the Game and its multiplayer features (e.g., matchmaking, voice chat, leaderboards) under our Terms of Use.

    • Record progress, status, and in-game purchases.

    • Ensure proper functionality, including tracking hand and head movements for VR gameplay.

      Legal Basis: Performance of a contract (Terms of Use) and legitimate interests (providing enhanced services).

    To Support Multiplayer Features

    • Enable real-time multiplayer interactions, including voice chat and matchmaking.

    • Facilitate private lobbies and public server access (with restrictions for minors).

      Legal Basis: Performance of a contract and legitimate interests (enhancing multiplayer functionality).

    To Respond to Enquiries and Support Requests

    • Process Contact Information and other data to address your support queries.

      Legal Basis: Performance of a contract and legitimate interests (user support).

    To Engage Users

    • Notify users of new features, workout recommendations, virtual items, or promotions (with consent where required).

    • Encourage engagement through leaderboards and multiplayer events.

      Legal Basis: Consent (for marketing) and legitimate interests (user engagement).

    To Ensure Safety and Prevent Illegal Activity

    • Monitor multiplayer interactions to prevent fraud, harassment, or violations of our Terms of Use.

    • Protect the safety of minors by restricting certain features (e.g., voice chat, private lobbies).

      Legal Basis: Legitimate interests (ensuring safety and compliance) and legal obligations.

    To Improve and Analyze the Online Services

    • Analyze gameplay and multiplayer data to fix bugs, enhance features, and develop new services.

    • Compile statistical reports on user activity and progression.

      Legal Basis: Legitimate interests (improving services and understanding usage).

    To Comply with Legal Obligations

    • Process data as required by law, including for fraud detection or to protect minors.

      Legal Basis: Legal obligation.

    ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

    • Contractual Necessity: To provide the Online Services and multiplayer features (e.g., username, platform ID, movement data).
    • Legitimate Interests: To improve services, ensure safety, and engage users, balanced against your rights, especially for minors.
    • Consent: For non-essential cookies, marketing, and certain multiplayer features (e.g., voice chat). You may withdraw consent at any time.
    • Legal Obligation: To comply with laws, including child protection regulations like COPPA.

    CHILDREN

    We are committed to protecting the privacy of children. For Bull Hit, a “Child” is a user under 16 (or the applicable age of consent in their jurisdiction).

    Age Restrictions

    • Bull Hit is available to users aged 10 and above with parental consent via a Parent-Managed Account (e.g., through Meta or other platforms).
    • Users under 10 are not permitted to access the Game.
    • We use platform APIs (e.g., Meta’s Get Age Category API) to determine a user’s age group and apply restrictions for minors.

    Parental Consent

    • For users under 16, we require verified parental consent through our third-party provider, Kidentify Pte. Ltd. (“k-ID”), a member of the ESRB Privacy Certified Program.
    • k-ID collects the parent’s email address and may request additional verification data (e.g., payment or ID information), which we do not access.
    • Parents can review, correct, or delete their child’s data, revoke consent, or request account deletion by contacting us at info@odderslab.com or k-ID at contact@k-id.com.

    Restrictions for Child Users

    If a user is identified as a Child:

    • Restricted Features: Voice chat is disabled (replaced with preset sounds or gestures); private lobbies require parental permission; in-game purchases are prohibited without parental consent.
    • Randomized Identifiers: Username and badges are randomly generated to avoid disclosing personal information.
    • Limited Data Collection: We collect only the minimum data necessary (e.g., platform ID, gameplay data) to provide the Game.

    Data Sharing and Safety

    We do not share Child users’ personal data except:

    • To comply with legal obligations (e.g., reporting to law enforcement for safety).
    • To protect the Game’s integrity and safety (e.g., enforcing bans).
    • With k-ID for parental consent management.

    If we learn that a Child under 16 has provided personal data without parental consent, we will delete it promptly. To report such cases, contact info@odderslab.com.

    DATA RETENTION

    We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy, or as required by law. For example:

    • Gameplay and multiplayer data are retained while you maintain an active account.
    • Child data is deleted upon parental request or if an account is inactive for 12 months.
    • Data required for legal compliance (e.g., fraud prevention) may be retained longer.

    Once no longer needed, data is securely deleted.

    DATA SHARING

    We share personal data only as described below and never sell it. Recipients include:

    • Group Members, Personnel, Suppliers, Subcontractors: For service provision (e.g., cloud hosting, analytics), subject to confidentiality agreements.
    • Multiplayer Service Providers: Third parties like Photon for real-time matchmaking and voice chat (data is pseudonymized and temporarily stored).
    • Parental Consent Provider: k-ID for managing parental consent for Child users.
    • Digital Content Stores: Platforms like Steam or Oculus for in-game purchases.
    • Legal Requirements: To comply with laws, court orders, or to protect safety (e.g., reporting to authorities).
    • Merger or Acquisition: In case of a business transfer, with notice to users.
    • Enforcement: To gaming platforms or networks to enforce Terms of Use or investigate breaches.

    AUTOMATED DECISION-MAKING

    We may use automated decision-making for matchmaking, moderation (e.g., detecting inappropriate behavior), or feature restrictions for Child users. These processes are designed to ensure fairness and safety and comply with applicable laws.

    CONSUMER CONTROL AND OPT-OUT OPTIONS

    • Marketing: You can opt out of marketing communications by emailing info@odderslab.com or using opt-out options in forms/check-boxes.
    • Cookies: You can refuse non-essential cookies via browser settings or our cookie consent tool. Note that disabling cookies may affect functionality.
    • Multiplayer Features: You can disable voice chat or other optional features in the Game settings.

    YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

    You have the following rights under GDPR and applicable laws:

    • Access: Request a copy of your personal data.
    • Rectification: Correct inaccurate data.
    • Erasure: Request deletion of your data (subject to legal exceptions).
    • Restriction: Restrict processing in certain cases.
    • Objection: Object to processing based on legitimate interests.
    • Data Portability: Obtain a machine-readable copy of your data (e.g., in CSV format).
    • Withdraw Consent: Revoke consent at any time.
    • Lodge a Complaint: Contact a Data Protection Supervisory Authority.

    To exercise these rights, email info@odderslab.com. We will respond within one month, subject to extensions for complex requests. Parents can exercise these rights on behalf of Child users.

    SECURITY

    We implement appropriate technical and organizational measures to protect your data, including:

    • Encryption for data transmission and storage.
    • Access controls to limit data exposure.
    • Regular security reviews to address new risks.

    However, no system is completely secure. Data transmission over the internet is at your own risk, and we encourage you to:

    • Use strong, unique passwords.
    • Avoid sharing personal information in public lobbies or chats.
    • Report suspicious activity to info@odderslab.com.

    In case of a data breach, we will notify authorities and affected users within 72 hours, as required by law.

    INTERNATIONAL DATA TRANSFERS

    The data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff that operate outside the EEA and work for us or our suppliers. These staff may be engaged in the fulfilment of your orders, the processing of your payment details, the maintenance of the Online Service, and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

    Where your personal data is transferred outside of the EEA to a territory not subject to an adequacy decision by the European Commission, we have agreements in place with the relevant parties which include either (i) standard data protection clauses adopted by the relevant data protection regulator and approved by the European Commission or (ii) standard data protection clauses adopted by the European Commission, to ensure that appropriate safeguards are used to protect your personal data. Alternatively, we may put in place other appropriate safeguards. If you require more information about these safeguards, you can contact us at info@odderslab.com.

    For details on transfer mechanisms, contact info@odderslab.com.

    CONTACT INFORMATION

    For questions, comments, or to exercise your rights, contact:

    We aim to respond within a reasonable timeframe.