Games News Contact Press

GDPR Compliance Statement

The General Data Protection Regulation (GDPR) is effective from 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.

FRVR understands the importance of customer data and welcomes the arrival of the GDPR. At FRVR Limited, we believe that customers are the most important part of our business and the success of our company builds on the trust that our customers, employees and other stakeholders have in our ability to deliver premier quality including the protection of personal information.

FRVR Limited services complies with all applicable parts of the GDPR.

The following are key aspects of the GDPR, and how it relates to FRVR Limited.

What is the GDPR

The GDPR is the General Data Protection Regulation established by the European Union.

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

Follows EU Data Protection Directive (Directive 95/46/EC). For more information, please see

Key Aspects of GDPR

There are 4 aspects to the GDPR that FRVR Limited has considered as part of our GDPR compliance:

The right to data portability

Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilities reuse.

The right to be forgotten

This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. FRVR Limited does not store any personal data, only authentication tokens to Facebook. Those tokens can be invalidated by removing the game app according to these instructions by Facebook.

Since we currently do not store any PII directly, and the only way to link game state and analytics data collected with a particular user is via their Facebook Access Token, simply removing the FRVR game app from the users’ Facebook profile will anonymize any information we hold. This will happen instantly, the moment the user removes our app.

Privacy by Design

This helps to facilitate the inclusions of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data.

Data Breach Notifications

Controllers must report personal data breaches to the relevant supervisory authority within 72 hours after having become aware of it. If there is an high risk to the rights and freedoms of data subjects, they must also notify the data subjects.

FRVR Limited has an escalated process in order to ensure the security of user data. Information about whether or not user data has been part of a breach is available upon request.

GDPR Compliance for FRVR

To Understand the position of FRVR in the compliance of GDPR, it is important to understand the actors. These actors are:

Data Controller
is the individual or the legal person who controls and is responsible for the keeping and use of personal information on a computer or in structured manual files.
Data Processor
in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. “processing”, in relation to information or data means. obtaining, recording or holding the information or data.
Data Subject
means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about.

GDPR and FRVR Limited

The following are key elements of our GDPR Compliance:

We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, FRVR is not able to monitor the processing of Customer Personal Data in our customer’s systems.

What personal data do we collect/store?

At FRVR we collect two types of data on our users; passive and active. Passive collection is the data that is collected when users play games, whether on their mobile device or the web. This data is collected using Google Analytics or similar and contains the following information:

This data does not contain any personally identifying information. Our active data collection is currently limited to high scores and game information, such as coins collected. We allow users to log in using their Facebook account, and from their Facebook account we store the following:

As such we don't store any data that can be used to identify and track an individual. The user access token can be invalidated at any time by removing our app from the users Facebook profile.

How does FRVR Address GDPR

Data Access Control
The controller shall implement appropriate technical and organizational measures for ensuring that by default, only personal data which are necessary for each specific purpose of the processing are processed.
Monitoring of Access Activities
Each controller and where applicable, the controllers representative, shall maintain a record of processing activities under its responsibilities
Data Encryption
Organizations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data
Strong Compliance Framework
Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services


Any FRVR Limited GDPR related questions and any data subject requests can be addressed to:


What are the requirements under GDPR for FRVR?
  • Privacy measures should be implemented in the design phase
  • Right to be forgotten
  • Data portability
What information is covered by GDPR?
  • Any information relating to an identified or identifiable natural person
  • Any healthcare and sensitive data
When does GDPR come into effect?
  • May 25, 2018
Which customers are affected by the GDPR?
  • Applies to controllers and processors who are established in the European Union or those who offer goods and services to data subjects in the EU
  • Entities that monitor behavior of data subjects in the EU
What type of actor is FRVR?
  • For information collected under this Privacy Policy, the data controller is FRVR Limited. Our Data Protection Officer can be contacted here: