Penlington Games takes steps to ensure it is not storing personal data without reason, and will review and remove any data that it is not necessary to adequately provide its services.
Profiling and automated decision making
Penlington Games does not engage in any profiling or machine decision making practices. Any decisions made regarding users’ personal data will involve human contact and decision making.
We collect personal data which can identify you as an individual only as and when it is necessary in order to provide our services.
We may occasionally collect non-personal information from users, which is not tied specifically you as an individual. For example this could be in the form of analytical data regarding the use of our apps or website, or aggregate data detailing the number or types of devices used to do so.
How we use information
Penlington Games may gather personal data for some of the following purposes:
Customer services - To respond to user queries, feedback or issues
Penlington Games website, forums and Penlington Games Nexus accounts - To enable users to engage with our products online
Aggregated analytics - To allow us to develop and improve our products
Newsletters - To send periodic emails, such as updates on new products release dates
What information do we collect?
The following types of personal data may be collected:
Name (if you give it to us)
Email address (if you send us an email)
IP address (if you use our website)
Location (If you want us to ship you physical goods)
Correspondence (if you contact us)
Online pseudonyms/identifiers (if you make an account with us)
Expiration of personal information
For customer services, Names and IP addresses will be removed after three months to minimise the amount of data we hold.
For other services, personal information is stored unless you decide to close your user accounts.
We do not automatically remove/expire data in other instances so we can respond better to user feedback and issues. We perform annual data reviews to ensure we are not holding data without good reason.
How we handle requests for data access, rectification, erasure, and data portability
Anyone who has personal data held by Ndemic Creations is entitled to:
Ask what information the company holds about them and why, request access to it and/or remove it, via
We will respond promptly. We will always need to verify the identity of anyone making an access request before handing over any information.
Penlington Games actively ensures that any personal data gathered is done so with clear and actioned consent of the individual that the data pertains to.
Penlington Games also logs and stores records of this consent as required by law.
Where applicable, data will not be collected or stored pertaining to individuals under the age of 16 without consent from a parent or guardian.
Compliance with children's online privacy protection act
None of our products are aimed at anyone aged under 9 years of age. In order to protect the privacy of the young, we never collect or maintain information from those we know are under 9.
Sharing your data
We do not sell, trade, or rent your personal identification information to others. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Where appropriate Penlington Games uses certain trusted sub-processors in order to better understand, gather and organise the data collected, and to help us improve our products or respond to your feedback. We always make sure that only information needed to deliver our services are collected via these sub-processors.
Physical goods services:
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored by our services. In the event of data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify all parties involved as well as any supervisory authorities within a reasonable timeframe. We have procedures in place to effectively detect, report and investigate these personal data breaches.
Last updated: March 2020