Last updated: 07.05.2025 

Version: 1.01

 

This Privacy Notice (“Notice”) describes how we collect and process your data through https://www.taitiko.com/ website and Telegram Mini App available at https://t.me/TaitikoArena_bot (together, the “Site(s)”). The terms “we”, “us”, “our” and “ourselves” refer to BEHUB LTD, a legal person registered under the laws of Cyprus. The term “Game” means Taitiko Arena game.

We are committed to safeguarding the privacy of our users. We are not going to misuse your data.

Controller details:

BEHUB LTD

Registration number: 457703

Registered address: Efesou, 9, Paralimni, 5280, Famagusta, Cyprus

Contact email address: legal@taitiko.com  

Table of contents:

1. Information we collect from you
2. Sources of personal data
3. Retention of your information
4. Third-party access to information
5. Your rights
6. Security of information
7. Changes to this Notice

Information we collect from you

Account set up and provision of services

To access the services and start using our product, you will be required to create an account on our Site through Telegram login and provide us with your Telegram username. We process your Telegram username to identify and interact with you within the Game. This data is used for login purposes and to maintain secure access to your account. The legal basis for processing your Telegram username is the performance of a contract between you and us (Art. 6.1(b) GDPR) and our legitimate interests to ensure compliance with our terms and conditions (Art. 6.1(f) GDPR).

 

Name and surname

We may process your name and surname for account management, communication, and personalisation of services. This data is also used for login purposes and to ensure the integrity of the Game, helping us detect any violations or unfair gameplay. The legal basis for processing this data is the performance of a contract (Art. 6.1(b) GDPR) for managing your account and providing services, as well as legitimate interests (Art. 6.1(f) GDPR) for detecting and preventing violations, fraud, or abuse.

 

Email address

If you subscribe to our newsletter, we will process your email address to send marketing emails, newsletters, and promotions related to the Game. With your explicit consent, we use this data to keep you informed about new features, events, and updates within the Game. We may also use your email address to communicate essential information, including important updates regarding your account or technical issues related to the gameplay. The legal basis for processing your email address for marketing purposes is your consent (Art. 6.1(a) GDPR). For essential communications, the legal basis is the performance of a contract (Art. 6.1(b) GDPR) or legitimate interests (Art. 6.1(f) GDPR), such as keeping you informed about the critical Game updates.

 

Google Analytics data

We process data collected via Google Analytics, including the Sites usage patterns, browsing behavior, and interactions. This data is used for the Sites improvement purposes, as it helps us analyse user behavior, enhance the Game features, and optimise the user experience. Google Analytics data is also used to monitor performance and ensure that users enjoy the best possible gameplay experience. The legal basis for processing this data is legitimate interests (Art. 6.1(f) GDPR) in improving our Sites, optimising the Game performance, and enhancing the overall user experience.

 

In-game data

We process in-game data, which may include level progress, digital assets (i.e. virtual items like characters, backgrounds, reactions, in-game currencies (e.g. Honor), skins, background, characters reactions, etc.), the Game scores, and other Game-related metrics. This data is used to process in-game transactions, track user progress, and ensure smooth gameplay. We also use in-game data to enforce the Game’s terms and conditions, including detecting and addressing violations such as unfair gameplay or cheating. Additionally, this data helps us with the Sites improvement purposes by analysing how users interact with the Game and identifying areas for optimisation. In the event of technical issues, in-game data is processed to provide feedback and resolve any problems. The legal basis for processing in-game data is the performance of a contract (Art. 6.1(b) GDPR), as it is necessary to provide the Game and track user activity, as well as legitimate interests (Art. 6.1(f) GDPR) for improving the Sites, preventing fraud, and ensuring compliance with our terms and conditions.

 

Transaction data

We process transaction data, which may include the amount of purchase, date of transaction, payment method used, and digital in-game currencies, such as Telegram Stars and Toncoin (TON). This data is necessary to process in-game transactions, update user balances, and manage the Game’s economy. It is also used for enforcing our terms and conditions by detecting violations, fraud, or unfair gameplay practices. Additionally, transaction data is processed to address customer support inquiries and resolve any issues related to payments or in-game purchases. This data helps us improve the Game by providing insights into player spending patterns. The legal basis for processing transaction data is the performance of a contract (Art. 6.1(b) GDPR), as it is required to complete transactions and fulfill contractual obligations, as well as legitimate interests (Art. 6.1(f) GDPR) to prevent fraud and ensure a fair gaming environment.

 

Promotional event data

We may process data related to users’ participation in promotional events, such as special in-game tournaments, events sponsored by influencers, and other promotional activities. This data includes user registrations for events, participation details, and results. We use this data to organise, manage, and monitor the events, ensuring smooth operation and fair play. Additionally, we may process this data to send invitations, updates, and communications about upcoming events, as well as to follow up on post-event feedback and provide rewards or prizes. This data may also be used to offer personalised event recommendations or promotions. The legal basis for processing promotional event data is the performance of a contract (Art. 6.1(b) GDPR), as it is required to organize and manage the events, and legitimate interests (Art. 6.1(f) GDPR) to promote the Game, engage users, and enhance the gaming experience.

 

Customer support and communication data

We process data provided through online forms, support ticket systems on Telegram, feedback submitted via official Telegram chats, support emails, and any other communications between you and us, such as inquiries about our services or requests for assistance. This data is used to resolve user inquiries, address technical issues, and offer support related to gameplay, account concerns, or any other service-related matters. Additionally, it helps us improve the Sites and the Game by identifying areas for enhancement based on user feedback and to evaluate the effectiveness of our support efforts. The data may also be used to monitor and improve communication processes, ensuring we provide a smooth and efficient support experience. The legal basis for processing this data is the performance of a contract (Art. 6.1(b) GDPR), as it is necessary to provide support and resolve issues, as well as legitimate interests (Art. 6.1(f) GDPR) to improve the Sites and the overall user experience.

Sources of personal data

We obtain personal data from such sources:

• directly from the data subjects: 

• players of the Game;
• users/visitors of our Sites;

• partners: platform providers/digital content distribution platforms;
• public blockchain.

Retention of your information

We will store information about registered users, such as name and email address, for 2 years after the user’s inactivity, and the other data for as long as your account is active, unless you explicitly ask us to delete the information earlier. If your last activity on the Sites was more than 2 years ago, your account will be considered expired. In this case, we undertake to remove your personal data from our active systems and servers within 90 days or earlier and delete or anonymise it.

Analytics data (e.g., IP address, activity logs) of users/visitors on the Sites is retained as per Google Analytics default settings.

Email addresses of the mailing list subscribers are retained as long as the user remains subscribed. Unsubscribed users’ data is deleted within 30 days of unsubscribing.

However, we may need to retain some of your personal data for longer if there is a need for it, for example, in order to comply with our tax, accounting and legal requirements. In this case, the applied legal basis for the processing of your information will be the necessity to comply with a legal obligation.

Please note that certain personal data cannot be removed or deleted at all because of the nature of the blockchain. The blockchain technology used in the provision of our services operates on a decentralised network, where transactions are recorded in an immutable and transparent manner. This characteristic ensures the integrity and security of the data stored on the blockchain. However, it also means that once data is added to the blockchain, it becomes virtually impossible to remove or delete it.

Third-party access to information

Your personal information may be shared with the following categories of third parties:

• platform providers/digital content distribution platforms; 
• cloud storage providers;
• hosting service providers;
• analytics service providers;
• blockchain infrastructure service providers.

The providers listed above process your information based on our instructions only. In case your personal data is provided to third parties outside the EEA, we will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses as adopted by the European Commission. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you for the following purposes:

• law enforcement, legal process and compliance: if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights, or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our services and any facilities or equipment used to make our services available; or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others;
• change of ownership or other business needs: (i) in case we sell, licence or otherwise assign our company, corporate rights, the Sites or their separate parts or features to third parties; (ii) as part of a transaction, financing, or for other business needs (e.g., if we need to disclose your personal data to the prospective lender or bank, investor or prospective investor, and/or their professional advisers as part of certain due diligence processes, as the case may be); (iii) we may also disclose and otherwise transfer your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the information commits to a privacy policy that has terms substantially consistent with this Notice.

Your rights

Depending on your country of residence or in some regions, such as the European Economic Area (EEA), you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

In the EU/EEA, you have certain rights under applicable data protection laws, such as the Regulation (EU) 2016/679 General Data Protection Regulation (the “GDPR”). 

You may exercise GDPR rights regarding your personal data. In particular, you have the right to:

• The right to access your information

You have the right to know what personal data we process. As such you can obtain the disclosure of the personal data involved in the processing and you can obtain a copy of the information undergoing processing.

• The right to verify your information and seek its rectification

If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;

• The right to have your personal data deleted

If we are not under the obligation to keep your personal data for legal compliance and it is not needed in the scope of an active contract or claim, we will remove your information upon your request.

• The right to restrict the processing of your information

When you contest the accuracy of your information, believe we process it unlawfully or want to object to the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your personal data (other than storing it) until we are able to provide you with evidence of its lawful processing.

• The right to have your personal data transferred to another organisation

Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your personal data available to you or to an organisation of your choosing. 

• The right to object against the processing of your information

If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object to it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you. 

You can formulate such requests or channel further questions on data protection by contacting us directly at legal@taitiko.com.

If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.

Security of information

We will take all necessary measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, and distribution, as well as from other illegal actions of third parties. As we use the services of third-party software providers across several countries outside of the European Union, we may transfer the collected information to those countries for further processing. In such cases, we will make sure that relevant safeguards are in place. More information on such safeguards can be provided upon request.

We also make sure that access to your information stored in our database is only possible via a secure and closed VPN connection. Additionally, all communications exposed to the internet are TLS encrypted to provide the highest level of communications security.

 

Children’s privacy

Our product does not address anyone under the age of 18. We do not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from our servers.

Changes to this Notice 

We may update this Notice from time to time by posting a new version on our Sites. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.