Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how Masters Games (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit joyflux.cyou (the “Website”), use our educational pages, browse course information, and take our board-game quiz.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR, the data controller is:

• Legal entity: Masters Games Ltd
• Registered address: 227b Hatfield Road, St Albans, Hertfordshire AL1 4TB, United Kingdom
• Contact email: [email protected]

We do not appoint a dedicated Data Protection Officer (DPO) because our processing does not typically involve large-scale monitoring or large-scale processing of special-category data. If you have questions about this Privacy Policy, you can contact us using the details in Section 18.

Effective Date: March 12, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you use the Website. We aim to collect only what is necessary for a clear educational experience, basic site security, and (where you choose) analytics and advertising measurement.

We may collect:

• Identity and contact data: such as your name and email address when you register or submit a form.
• Form content: any information you choose to include in messages, requests, or course-related questions.
• Account and authentication data: such as a password you provide during registration. We do not ask for a phone number for registration on the Website.
• Technical data: IP address, browser type and version, device type, operating system, language preferences, and approximate location inferred from IP (city/region level).
• Usage data: pages viewed, time spent on pages, referral source, and interaction events (for example, clicks on navigation or course cards).
• Cookies and identifiers: identifiers stored in cookies or similar technologies, as described in Section 4 and our Cookie Policy.
• Conversion events: such as whether a form submission succeeded, and which page you were on when you completed it.

We do not intentionally collect special-category personal data (for example, health data, religious beliefs, political opinions), financial account details, or government identification numbers through normal site use. Please do not include that kind of information in free-text form fields.

3. Why We Process Personal Data & Legal Bases

We process personal data only when we have a lawful basis. Depending on the context, we rely on one or more of the following GDPR/UK GDPR bases under Article 6:

• Contact and registration forms: to respond to your request and/or to take steps at your request prior to entering a contract (Article 6(1)(b)), and where required for cookies or specific communications, consent (Article 6(1)(a)).
• Analytics: to understand how the Website is used and improve lessons and navigation (Article 6(1)(a) consent where required).
• Marketing and remarketing: to measure advertising performance and show relevant course advertisements (Article 6(1)(a) consent where required).
• Security and fraud prevention: to protect the Website and prevent abuse, including suspicious traffic and malicious submissions (Article 6(1)(f) legitimate interests).
• Legal compliance: to meet legal obligations (Article 6(1)(c)).

Automated decision-making (Article 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Any quiz result is a lightweight educational suggestion and is not used to make decisions about your rights or eligibility.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event signals. Our cookie categories match the choices shown in our cookie banner and preferences panel.

Essential (always active)

Essential cookies are required for the Website to function. They help maintain basic session continuity and store your cookie choices. These cookies do not require consent in many jurisdictions because they are strictly necessary.

• Examples: _site_session, cookie_consent.
• Retention: session to 12 months (depending on the cookie).

Analytics (consent)

Analytics cookies help us measure traffic and understand how people navigate course pages and the quiz. Where required, we only activate analytics after you give consent in the cookie banner or preferences panel.

• Provider: Google Analytics 4 (GA4), with IP anonymization.
• Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Data retention: 14 months (configuration level).

Marketing (consent)

Marketing cookies support advertising measurement and help show relevant course-related ads. They can also be used to build audiences (for example, remarketing lists or lookalike audiences) based on interactions with the Website. Where required, we only activate these tools after you provide consent.

• Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when a click identifier is present).
• Uses: conversion attribution, frequency measurement, and audience creation.

Beyond cookies, we may use pixel tags (for example, through Google or Meta) and may use server-side transmission methods (such as Meta Conversion API or server-side tag management) for event measurement. When server-side signals are used, they typically rely on technical identifiers such as IP address and User-Agent, and may use hashed contact details where supported.

5. Consent (EEA and UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). We store your choice in the cookie_consent browser cookie for up to 12 months.

You can withdraw or change your consent at any time using the “Manage cookie preferences” link in the footer. You can also clear cookies through your browser settings. Withdrawing consent does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising & Service Partners

We may share limited personal data with service providers and advertising partners to operate the Website and measure advertising effectiveness. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Privacy information: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, audience membership signals, and identifiers (including hashed identifiers where applicable). Privacy information: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance routing. Privacy information: https://www.cloudflare.com/privacypolicy/

These providers act as processors or independent controllers depending on the specific product and configuration. We configure services to limit data where practical and to apply consent controls where required. We do not permit providers to use site data for their own independent commercial purposes beyond providing their services and improving security and integrity.

7. International Transfers

Some of our service providers may process data outside the EEA/UK, including in the United States. Where this occurs, we rely on appropriate transfer mechanisms, which may include:

• EU-US Data Privacy Framework (DPF) (primary, where applicable since July 2023)
• UK Extension to the EU-US DPF (where applicable)
• Swiss-US DPF (where applicable)
• Standard Contractual Clauses (EU 2021/914) as a fallback
• UK International Data Transfer Agreement (IDTA) as a fallback

We take reasonable steps to ensure that transfers are protected by contractual and technical safeguards.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required by law. Typical retention periods include:

• Contact and registration submissions: up to 2 years from last interaction.
• Analytics: 14 months (configuration level) where enabled.
• Marketing cookies: per cookie lifetime (for example, 90 days for certain identifiers) where enabled.
• Email correspondence: for the duration of the relationship, plus 1 year.
• Server and security logs: typically 90 days.
• Cookie consent record: up to 3 years for audit purposes.
• Legal/tax obligations: where applicable, records may be retained for 6–10 years.

If you request deletion, we will delete or anonymize data unless we need to keep it for legal compliance, security, or dispute handling.

9. Your Rights (GDPR and UK GDPR)

If you are in the EEA or UK, you may have the following rights, subject to applicable exemptions:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restrict processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise these rights, email [email protected]. We generally respond within 30 days. This period may be extended by up to 60 additional days for complex requests.

Supervisory authority information:

• EU guidance: https://edpb.europa.eu
• UK (ICO): https://ico.org.uk
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track Signals

This Website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT-related handling and opt-out mechanisms.

12. Data Deletion Requests

To request deletion, email [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable information to verify your identity and locate the data connected to your request. We aim to complete verified deletion requests within 30 days, except where retention is required by law.

13. Business Transfers

If Masters Games Ltd is involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar event, personal data may be transferred to a successor entity. If a transfer materially changes how personal data is used, we will provide notice on the Website.

14. California Privacy Notice (CCPA/CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act, as amended by the CPRA (“CCPA”), applies to our processing.

Categories of personal information disclosed in the past 12 months may include:

• Identifiers: name, email address, IP address, cookie identifiers.
• Internet/network activity: browsing interactions with our Website.
• Inferences: interests or preferences inferred from site usage for advertising relevance.

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising (for example, where marketing cookies are enabled). California residents may opt out by using our cookie preferences panel (see “Manage cookie preferences” in the footer).

California rights may include: the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents may submit requests with written proof of authorization.

15. Virginia Privacy Notice (VCDPA)

If the Virginia Consumer Data Protection Act (“VCDPA”) applies, Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If you wish to appeal a refusal, use the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. Unresolved concerns may be directed to the Virginia Attorney General.

16. Nevada Notice

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will post a notice on the homepage at least 14 days before the change takes effect where practicable. The “Last Updated” date at the top of this page reflects the current version.

18. Contact

For privacy questions, requests, or concerns, contact:

• Masters Games Ltd
• 227b Hatfield Road, St Albans, Hertfordshire AL1 4TB, United Kingdom
• Email: [email protected]
• Telephone: +44 1727 856321

If your question relates to cookies specifically, you can also review our Cookie Policy.