The Mathalaxie E-learning Kft. (hereinafter referred to Mastory) as a Data Controller is committed to the protection of your personal data and respects your privacy on all for the Application (hereinafter referred to: „Application”) available under the mastory.io domain.
In certain cases, though, your personal data may be required for the provision of an e-service. When personal data is required for that purpose, you can find more detailed information on that in a specific privacy statement linked to the website. You will find which service you should contact in that specific privacy statement.
In this respect:
an operational controller ensures conformity with the specific privacy statement in place for each e-service
the Data Protection Officer ensures in an independent manner the internal application of the Regulation in the Commission, and advises operational controllers on their data protection obligations
the European Data Protection Supervisor acts as an independent supervisory authority.
Mastory respects the privacy of its online visitors and customers of its products and services and complies with applicable laws for the protection of your privacy, including, without limitation, the the European Union General Data Protection Regulation (hereinafter referred to: „GDPR”) and the regarding Hungarian laws such as Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to: „Infotv”).
Mastory is defining itself as a Data Controller.
Data Controller: Mathalaxie E-learning Kft.,
Seat: HU-4026 Debrecen, Kar street 25.,
Data Protection Officer: Felix Schwarz
DPO’s contacts: firstname.lastname@example.org
The GDPR requires that the Data Controller takes appropriate measures to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in a clear and plain language, and to facilitate the exercise of the data subject's rights.
The Data Controller is committed to protecting the personal data of its customers and partners, and attaches the utmost importance to respecting the right to information self-determination of its customers.
Scope of our policy
Except as otherwise noted below, this Policy applies to the personal information that Mastory collects and processes related to:
Our “Services,” which include
our mobile applications, games, websites, and other online services (and any feature thereof), including games published and developed by Mastory
contests, sweepstakes, promotions, events, research, and surveys that we sponsor or conduct,
other content, products and services that we make available to customers, purchasers, subscribers, players, and/or users
Individuals who subscribe to receive news, information, and marketing communications from Mastory.
Individuals who engage with us at conferences, expos, and other events in which we participate.
Users and other individuals who communicate or engage with us related to our Services or our business, communicate with or about us or our content on third-party platforms and social media pages, or otherwise interact with us online or offline.
This Policy does not apply to job applicants and candidates who apply for employment with us, or to employees and non-employee workers in the context of our working relationship with them. This Policy also does not apply to any third-party websites, services, products or mobile applications maintained by other companies, which are linked to from our Services.
Notwithstanding anything else in this Policy, we may collect, use, share, disclose, and otherwise process aggregate, anonymous, and in some cases de-identified information related to our business and the Services for research, marketing, analytics, and other purposes. Where we use, disclose or process de-identified information, we will maintain and use this information in de-identified form and not to attempt to reidentify the information, except in accordance with applicable privacy laws.
Game: It is an interactive educational platform that combines engaging storytelling with problem-solving to facilitate deep conceptual understanding of academic concepts. This approach aims to create an emotionally rich and immersive learning environment that motivates students to actively participate in the learning process. The platform utilizes an innovative teaching method that presents academic material through a series of interconnected stories, with students being encouraged to interact with the characters and help solve the problems they encounter. This approach is designed to enhance students' motivation and engagement, promoting a deeper understanding and retention of the academic material.
Privacy Dashboard: A Privacy Dashboard is a feature within a user account that provides users with control over their personal data and privacy settings. It allows users to view their personal data collected by the platform, such as their name, email address, and account activity. Users can access the Privacy Dashboard from their user account to review and modify their privacy settings, including opting in or out of certain data collection and processing activities.
UserID: A User ID is a unique identification number assigned to an individual or supervisor of underaged individual or supervisor of a group of individuals in the Mastory Application. This ID is used to keep track of the user's progress and data within the platform, which is stored separately from their personal information for privacy and security purposes. The User ID is created once the user's data is connected to the "auth0" account, and it serves as a secure identifier for the user's account.
User Account: A User Account is a personalized profile created by an individual or a supervisor of an underaged individual or a group of individuals in the Mastory application that enables them to access and engage with the educational content or supervise the progress of one or multiple individuals with the educational content. The User Account includes personal information, such as the individual's name and email address, and is secured with a password or the Single Sign-On (SSO) system to ensure account security. Once logged in, the user can track their progress through the educational material, save their progress, and resume from where they left off. Users must maintain the confidentiality of their account information and comply with the platform's terms and conditions while using the User Account.
Personal Data: mean any information that can either itself identify you as an individual ("Personally Identifying Information") or that can be connected to you indirectly by linking it to Personally Identifying Information. Mastory also processes anonymous data, aggregated or not, to analyze and produce statistics related to the habits, usage patterns, and demographics of customers as a group or as individuals. Such anonymous data does not allow the identification of the customers to which it relates.
Cookies: Cookies are text files placed on your computer, and similar technologies (e.g. web beacons, pixels, ad tags and device identifiers)
Inactivity: Prolonged abstinence or non-acting without any interaction in the context of the Game.
Interaction: Under this term Mastory means any acts or behaviour of the User e.g. login, playing with the Game, stay active due to play, chatting, logout etc.
Why Mastory collects and processes data
Mastory collects and processes Personal Data for the following reasons:
a) where it is necessary for the performance of our agreement with you to provide a full-featured gaming service and deliver associated Content and Services;
b) where it is necessary for compliance with legal obligations that we are subject to (e.g. our obligations to keep certain information under tax laws);
c) where it is necessary for the purposes of the legitimate and legal interests of Mastory or a third party (e.g. the interests of our other customers), except where such interests are overridden by your prevailing legitimate interests and rights; or
d) where you have given consent to it.
Mastory stores the Personal Data in a well-secured server within the European Union.
Mastory provide the security of the data in section 5. in the following way. To ensure the security of the information we collect from our users, we take a number of measures, including:
Encryption: data is encrypted both during transmission (when it is sent over the internet) and at resting status (when it is stored on servers). This makes it difficult for unauthorised persons to access the data, even if they have access to the servers.
Access control: This is achieved by using authentication methods such as usernames and passwords, secure tokens or multifactor authentication.
Firewalls: The implemented multi-level firewalls prevent unauthorized access to servers.
Regular security updates and patches: Regular security updates and patches are applied to servers and the software they run to ensure that known vulnerabilities are patched.
Employee training: employees are trained on security best practices and the importance of protecting user data.
Mastory processes that Personal Data which are listed in the row of Processed data of the table in section 5.
The types and sources of data we collect
When setting up a User Account, Mastory will collect your email address. You are also required to choose a username and a password. The provision of this information is necessary to register a User Account. During setup of your account, the account is automatically assigned a number (the "GameID") that is later used to reference your user account without directly exposing Personally Identifying Information about you.
If the User is a minor and s/he is under thirteen years of age Mastory every time collects the express consent of his/her supervisor or parent in the form described at the section 14.
We do not require you to provide or use your real name for the setup of a User Account.
5.1. Marketing inquiries
Mastory may send you marketing messages about the new episodes, discounts, products and new services that are similar to goods and services you have previously requested from Mastory to your email address or where you have given explicit consent in the form of ticking a regarding ticker box. In such a case we may also use your collected information to customize such marketing messages as well as collect information on whether you opened such messages and which links in their text you followed.
You can opt out or withdraw your consent to receive marketing emails at any time by either withdrawing the consent on the same page where you previously provided it or clicking the "unsubscribe" link provided in every marketing email. Alternatively, you can select what kinds of emails you wish to receive on the email setting page.
5.2. Information required to detect violations
We collect certain data that is required for our detection, investigation and prevention of fraud, cheating and other violations ("Violations"). This data is used only for the purposes of detection, investigation, prevention and, where applicable, acting on of such Violations and stored only for the minimum amount of time needed for this purpose. If the data indicates that a Violation has occurred, we will further store the data for the establishment, exercise or defense of legal claims during the applicable statute of limitations or until a legal case related to it has been resolved. Please note that the specific data stored for this purpose may not be disclosed to you if the disclosure will compromise the mechanism through which we detect, investigate and prevent such Violations.
Transaction and Payment Data
In order to complete a transaction within the Game such as purchasing Subscriptions for Content and Services or Episodes, you may need to provide payment information to Mastory. If you choose pay with debit or credit card, you will need to provide typical debit or credit card details (name, address, debit or credit card number, expiration date and security code) to the Payment Processor. The Application incorporates an embedded page designed to accommodate such transactions, and Mastory represents and warrants that all payment-related responsibilities and liabilities rest solely with the Payment Processor.
Additionally, Mastory will receive information about your payment from the Payment Processor only if the transaction is successful. Please note that Mastory does not process any payment information, as all payment procedures are entirely managed by the Payment Processor.
The Payment Processor:
Name:STRIPE TECHNOLOGY EUROPE, LIMITED - IrelandSeat: 3 DUBLIN LANDINGS, NORTH WALL QUAY, D01C4E0 DUBLIN 1, IrelandEUID:IECRO.599050Registration number:599050
Other data you explicitly submit
We will collect and process Personal Data whenever you explicitly provide it to us or send it as part of communication with others on the Game, e.g. in Community Forums, chats, or when you provide feedback or other user generated content. This data includes:
Information that you post, comment or follow in any of our Content and Services
Information sent through chat
Information you provide when you request information or support from us or purchase Content and Services from us, including information necessary to process your orders with the relevant payment merchant or, in case of physical goods, shipping providers
Information you provide to us when participating in competitions, contests and tournaments or responding to surveys, e.g. your contact details.
Who has access to data – Data Processors
Mastory does not sell Personal Data. However, we may share or provide access to each of the categories of Personal Data we collect as necessary for the following business purposes to the Data Processors listed below.
Data Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller (Article 4. section (8) of the GDPR). The use of a data processor does not require the prior consent of the data subject, but the data subject must be informed. Accordingly, the following information is provided.
Mastory relies to the following data processors in its operations:
Google Analytics (Google Ireland Limited)
Seat: Gordon House, Barrow Street, Dublin 4, Írország.
Registration number: 368047
Seat: Keizersgracht 277, 1016ED Amsterdam, The Netherlands (EMEA Headquarters, one of its European offices)
Contacts: email@example.com, firstname.lastname@example.org
Okta Inc. (Auth0, EU Cloud Server)
Seat: Strawinskylaan 4117, 3rd Floor, 1077 ZX Amsterdam, The Netherlands (one of its European offices)
Contacts: email@example.com; +31 800 0224 471
Trampoline Software SRL (Formspark)
Seat: Rue de Marsannay-la-Côte, Mazy 16, 5032 Gembloux; Gembloux; Gembloux, Belgium
Registration number: 0799.398.081
8.1. Mastory may share your Personal Data and use it to the degree necessary to achieve the purposes listed in section 4. above. In the event of a reorganization, sale or merger we may transfer Personal Data to the relevant third party subject to applicable laws.
8.3. In accordance with internet standards, we may also share certain information (including your IP address and the identification of Game content you wish to access) with our third-party network providers that provide content delivery network services and game server services. Our content delivery network providers enable the delivery of digital content you have requested, e.g. when using the Game, by using a system of distributed servers that deliver the content to you, based on your geographic location.
8.4. We make certain data related to your User Account available to other players and our partners through the Mastory API. This information can be accessed by the Users by querying your GameID on the User Account. At a minimum, the public personal name you have chosen to represent you on Game and your Avatar picture are accessible this way. The accessibility of any additional info about you can be controlled through your profile page; data publicly available on your profile page can be accessed automatically through the Mastory API. In addition to the publicly available information, game developers and publishers have access to certain information from the Mastory API directly relating to the users of the games they operate. This information includes as a minimum your ownership of the game in question. Depending on which services are implemented in the game it may also include leaderboard information, your progress in the game, achievements you have completed, your multiplayer game matchmaking information, in-game items and other information needed to operate the game and provide support for it.
While we do not knowingly share Personally Identifying Information about you through the Mastory API such as your real name or your email address, any information you share about yourself on your public GameProfile can be accessed through the Mastory API, including information that may make you identifiable.
8.5. The Gamecommunity includes message boards, forums and/or chat areas, where users can exchange ideas and communicate with each other. When posting a message to a board, forum or chat area, please be aware that the information is being made publicly available online; therefore, you are doing so at your own risk. If your Personal Data is posted on one of our community forums against your will, please use the reporting function and the Gamehelp site to request its removal.
8.7. Mastory may release Personal Data to comply with court orders or laws and regulations that require us to disclose such information.
On this website, IP anonymization has been activated. The IP addresses of users be shortened. We do not transfer any of your information to a Google server in the United States. On behalf of the website operator, Google will use this information for the purpose of evaluating the website for its users, in order to compile reports on website activity, and to provide other services relating to website activity and internet usage for website operators.
Furthermore, you can prevent Google's collection and processing of data about your use of the website, by downloading and installing the browser plug-in through the following link: http://tools.google.com/dlpage/gaoptout?hl=en .
Your use of games and other subscription
In order to provide you with services, we need to collect, store and use various information about your activity on the Mastory platform.
This includes your GameID, as well as what is usually referred to as „game statistics”. By game statistics we mean information primarily every interaction, secondly about your games' preferences, progress in the games, playtime, failure, achievements, ratings, grades, or unsuccessfulness well as information about the device you are using, including what operating system you are using, device settings, unique device identifiers, and crash data. These data are evaluating and shared with Users and with their supervisors, if the User is a minor.
We also track and interpret your mathematical performance and the choices you make within the game. We track achievements, mistakes, and behavioral characteristics throughout the course of use, and we derive an overall characterization of your profile as a math learner, the results of which we make transparent to you on your "profile page" within the app. We also send some derived, purely performance-based feedback to your supervisor (if you have one) and point out topics that our system identifies as 'critical for you to address in order to succeed in learning algebra'.
Tracking Data and Cookies
You can manage the use of optional cookies by clicking on the "Cookies setting" page accessible via the cookie banner displayed when you first visit our website and at any time through the Cookie Settings page available here.
When you visit any of our services, our servers log your IP address, which is a number that is automatically assigned to the network your computer is part of.
Visitor data management on Mastory's website: (Cookies)
Cookies are short data files placed on the user's computer by the website visited. The purpose of the cookie is to make the given infocommunication, Internet service easier and more convenient. There are several types, but they generally fall into two broad categories. One is the temporary cookie, which is placed on the user's device by the website only during a particular session (e.g. during the security identification of an online banking transaction), and the other is the persistent cookie (e.g. a website's language setting), which remains on the computer until the user deletes it. According to the European Commission's guidelines, cookies (unless strictly necessary for the use of the service) can only be placed on the user's device with the user's permission.
In the case of cookies that do not require the user's consent, information should be provided during the first visit to the website. It is not necessary for the full text of the cookie notice to appear on the website, but it is sufficient for website operators to briefly summarize the substance of the notice and provide a link to the full notice.
The data processed include: date, time, IP address, the address of the page visited, the address of the page previously visited and other data commonly accepted in internet usage to measure the data on visits.
No codes of external service providers are placed on the website. Mastory does not link the data obtained from the analysis of log files with other information and does not seek to identify the user.
Mastory’s website records and processes the following data about the visitor and the device used for browsing when using the website:
- the IP address used by the visitor,
- the type of browser,
- the operating system of the device used for browsing (language set),
- time of the visit
- the (sub)page, function or service visited.
- demographic date (gender, age, country and city of the User)
To find out about cookie settings for the most popular browsers, see the links below:
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
- Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
- Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
- Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
- Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
- Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
- Safari: https://support.apple.com/hu-hu/HT201265
However, please note that some website features or services may not function properly without cookies.
The cookies used on this website are not in themselves capable of identifying the user.
Cookies used on Mastory’s website:
a.). Technically necessary session cookies
These cookies are necessary to enable visitors to browse the website, to use its functions smoothly and fully, to use the services available through the website, including, in particular, to note the actions performed by the visitor on the pages concerned during a visit. The duration of the processing of these cookies is limited to the current visit of the visitor, and this type of cookie is automatically deleted from his/her computer at the end of the session or when the browser is closed.
The processed data in connection with cookies are the following:
The legal basis for this data processing is the Article 6. section (1) paragraph b) of the GDPR.
Purpose of data processing: to ensure the proper functioning of the website.
b.). Cookies requiring contribution:
These allow Mastory to remember the user's choices about the website. The visitor can opt-out of this processing at any time before and during the use of the service. These data cannot be linked to the user's identification data and cannot be transferred to third parties without the user's consent.
b.)/1. Cookies to facilitate use:
The legal basis for processing is the consent of the visitor.
The purpose of the processing is to increase the efficiency of the service, to improve the user experience and to make the use of the website more convenient.
To improve the user experience, to increase the user experience and to improve the user experience.
b.)/.2. Performance cookies:
Google Analytics cookies - you can find out more here:
How long we store data
We will only store your information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. After that your Personal Data will be deleted, blocked or anonymized, as provided by applicable law.
If you terminate your User Account, your Personal Data will be marked for deletion except to the degree legal requirements or other prevailing legitimate purposes dictate a longer storage.
Please note that Mastory is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years.
If you withdraw your consent on which a processing of your Personal Data or of the Personal Data of your child is based, we will delete your Personal Data or respectively the Personal Data of your child without undue delay to the extent that the collection and processing of the Personal Data was based on the withdrawn consent.
If you exercise a right to object to the processing of your Personal Data, we will review your objection and delete your Personal Data that we processed for the purpose to which you objected without undue delay, unless another legal basis for processing and retaining this data exists or unless applicable law requires us to retain the data.
Your rights and control mechanisms
The data protection laws of the European Union grant their residents certain rights in relation to their Personal Data. While other jurisdictions may provide fewer statutory rights, we make the tools designed to exercise such rights available to our customers worldwide.
To allow you to exercise your data protection rights in a simple way we are providing a dedicated section on the page of the UserAccount. This gives you access to your Personal Data, allows you to rectify and delete it where necessary and to object to its use where you feel necessary. To access it, log into your UserAccount. To delete your personal data, you should use the implemented function detailed as following. To use this function, it is available as a mailto: firstname.lastname@example.org with the pre-filled text "Please delete my personal data". You just must click the send button and we'll get an email with the delete request. In most cases, you can access, manage, or delete Personal Data in the Privacy Dashboard, but you may also contact Mastory with questions or requests via the contact processes described in sections 15. below.
As a visitor to the Website without being logged in, you can control Cookies through the process described in section 11. above. You can also contact Mastory or its European representative through the contact info provided in section 15. below to exercise your rights or use this web form.
As a resident of the European Union, you have the following rights in relation to your Personal Data:
13.1. Right of Access.
You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge
information whether your Personal Data is retained,
access to and/or
duplicates of the Personal Data retained.
You can use the right to access to your Personal Data through the UserAccount. To access your personal data, you should use the implemented function detailed as following. To use this function, it is available as a mailto:email@example.com to our email with the pre-filled text "Please provide me an access about my personal data". You just have to click the send button and we'll get an email with the access request. If the request affects the rights and freedoms of others or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.
13.2 Right to Rectification
If we process your Personal Data, we shall endeavor to ensure by implementing suitable measures that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided via the firstname.lastname@example.org
13.3. Right to Cancellation
You have the right to obtain deletion of Personal Data concerning you if the reason why we could collect it (see section 2. above) does not exist anymore or if there is another legal ground for its deletion. For individual items of Personal Data please edit them through the Privacy Dashboard or request the deletion via the Gamesupport page. You can also request the cancellation of your User Account via email@example.com email address.
As a result of deleting your User Account, you will lose access to Gameservices, including the User Account, Subscriptions and game-related information linked to the User Account and the possibility to access other services you are using the User Account for.
We allow you to restore your User Account during a grace period of 30 (thirty) days from the moment you request deletion of your User Account. This functionality allows you not to lose your account by mistake, because of your loss of your account credentials or due to hacking. During the suspension period, we will be able to finalize financial and other activities that you may have initiated before sending the User Account deletion request. After the grace period, Personal Data associated with your account will be deleted subject to section 4. above.
In some cases, deletion of your User Account, and therefore Personal Data deletion, is complicated. Namely, if your account has a business relationship with Mastory, such as due to your work for a game developer, you will only be able to delete your User Account after you have transferred this role to another user or have dissolved the business relationship. In some cases, considering the complexity and number of the requests, the period for Personal Data erasure may be extended, but for no longer than two further months.
13.4 Right to Objection
13.5 Right to restriction of processing of your Personal Data
You have the right to obtain restriction of processing of your Personal Data under the conditions set out in article 18 of the GDPR.
13.6 Right to Personal Data portability
You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller under the conditions set out in article 20 of the GDPR. Mastory makes your Personal Data available in structured HTML format through the Privacy Dashboard as described above.
The minimum age to create a User Account is 13 years. Mastory will not knowingly collect Personal Data from children under this age. Where certain countries apply a higher age of consent for the collection of Personal Data, Mastory requires parental consent before a User Account can be created and Personal Data associated with it collected. Mastory encourages parents to instruct their children to never give out personal information online.
We ensure that we comply the age limitation according to the GDPR Article 8 by the following process.
Before starting the registration, you will be taken to the login page where a checkbox must be ticked, explicitly stating that you are over 13. If the User is not over 13 years, there is a redirection link to collect their parents’ consent before the registration. By using this method Mastory can ensure to comply with the data-protection requirements.
While we review any request sent by mail, please be aware that to combat fraud, harassment and identity theft, the only way to access, rectify or delete your data is through logging in with your User Account at https://app.mastory.io.
If you wish to exercise your rights detailed in section 13. due to you consider that the Data Controller has infringed the following provisions in the processing of his or her personal data on the applicable data protection requirements, they may
- lodge a complaint with the hungarian National Authority for Data Protection and Freedom of Information (NAIH),
Address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9.
E-mail: firstname.lastname@example.org, website: www.naih.hu, or
- you have the possibility to lodge a complaint with the court, which will decide on the case the court of first instance. In this case, you are free to choose whether you want to be informed at your place of residence (permanent address) or the place of residence (temporary address) or the place where Mastory is established the place of the seat. The court of the place of residence or domicile you can find the court of your place of residence or domicile at http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso where you can find your place of residence or domicile. The Debrecen Regional Court is the competent court for the place where Mastory is located with jurisdiction.
This Policy’s Revision Date: 04.24.2023.
This Policy’s version number: Nr. 1