Last Updated: March 9, 2026

Welcome to [Block Blast:Crush Game]! [Block Blast:Crush Game] is developed,

operated, and provided to users (hereinafter referred to as "you") by [HEYTAP PTE. LTD.]

(hereinafter referred to as "we," "us," or "our," with its registered address at [138,

MARKET STREET, #15-03, CAPITAGREEN, SINGAPORE]).

In the course of your use of our accounts, websites, mobile applications, or other products

and services, we may collect and use your personal information. "Personal Information"

or "Personal Data" as described in this [Block Blast:Crush Game] Personal Information

Protection Policy (hereinafter referred to as "this Policy") refers to various types of

information that can identify a natural person's identity, either alone or in combination

with other information.

Through this Policy, we will explain how we process your personal information, the

purposes for which we collect, use, and disclose your personal information during your

use of [Block Blast:Crush Game], your rights regarding your personal information, and the

security measures we take to protect it.

Please read this Policy carefully before using [Block Blast:Crush Game] to

understand our practices regarding the collection, use, and protection of your

personal information. By clicking "Agree" to enable [Block Blast:Crush Game], you

signify that you fully and clearly understand the following information collection

and use practices, as well as your rights.

In principle, this Policy applies to all jurisdictions where this application provides services.

However, different jurisdictions may have different personal information protection

requirements. Therefore, in addition to the general terms, we provide disclosures in the

form of jurisdiction-specific appendices based on the special requirements of different

regions. These appendices, together with the main body of this Policy, constitute our

notice of personal information processing activities in specific jurisdictions. If you are

located in a region shown in an appendix, you should read the contents of that appendix

simultaneously. Unless otherwise specified, the general terms of this Policy shall prevail.

In the event of any conflict or inconsistency between the appendix and the main body, the

appendix shall prevail.

Regardless of your location, Part A (General Terms) applies to you; Part B applies to

users in the European Union, Liechtenstein, Norway, Iceland, the United Kingdom, or

Switzerland ("Europe"); Part C applies to users in the United States; Part D applies to

users in India; and Part E applies to users in Brazil.

Table of Contents

A. General Terms

How We Collect and Use Your Personal Information

How We Store and Retain Your Personal Information

How We Share, Transfer, and Disclose Your Personal Information

How We Protect Your Personal Information

How You Can Exercise Your Rights as a Data Subject

Third-Party Service Providers and Their Services

7. How We Protect Children's Personal Information

How This Policy is Updated

B. Europe Region Privacy Policy Appendix (GDPR Specific Terms)

1. Legal Basis for Processing Personal Information

2. Purpose and Scope of Processing

List of Partners

Additional Information on Global Data Transfers

5. Supplementary Information on Personal Information Rights

C. U.S. State-Specific Appendix

Types and Use of Personal Information Processed

Disclosure, Sale, and Sharing of Personal Information

Supplementary Information on Personal Information Rights

Submitting Requests via Authorized Agents

D. India Region Privacy Policy Appendix (DPDPA Specific Terms)

Personal Data Collected and Purposes of Processing

Your Personal Data Rights

Processing of Children's Personal Data

E. Brazil Region Privacy Policy Appendix (LGPD Specific Terms)

Legal Basis for Processing Personal Data

Supplementary Information on Global Data Transfers

Supplementary Information on Cookies and Tracking Technologies

Supplementary Information on Your Personal Data Rights

Contact Details of the Data Protection Officer

Part A: General Terms

1. How We Collect and Use Your Personal Information

The information we collect depends on the specific functions/services you use, the

environment in which you interact with us, and the choices you make, including your

privacy settings and the features/services you utilize. Due to differences in the

country/region of launch, system/application versions, and device installation/download

status, the functions/services provided by this application may vary. Therefore, the

functions/services actually provided, as well as the corresponding personal information

processing activities and permission request status, shall be subject to the final actual

product.

Please note that you are not required to provide personal information to us. However, if

the personal information you choose not to provide is necessary for this application to

provide relevant services, we may be unable to provide those services to you, nor will we

be able to respond to or resolve the issues you encounter. We collect personal information

to operate more efficiently and provide you with the best user experience. We have

detailed below the types of personal information we collect, as well as the reasons and

purposes for our collection and use of such information.

Our channels for collecting personal information include:

⚫

Personal information you provide directly to us;

⚫

Information we obtain during your use of this application; and/or

⚫

Personal information about you obtained from third parties.

For the avoidance of doubt and to inform you transparently about the processing of

personal information, please note that if the following content explicitly states that certain

personal information is "stored locally only," it means such information will only be

collected and processed locally on your device terminal and will not be uploaded to our

servers, and is therefore not subject to the constraints of this Policy.

Please be advised that if you provide the personal information of others, you must ensure

that you have obtained the necessary authorization from the relevant personal

information subjects.

1.1 Personal Information Obtained Directly

To provide you with core game save and experience optimization functions, we need

to collect your game business data (including level progress, scores, props, diamonds,

skins, etc.) and personalized setting information (such as sound effects, graphics, and

operational preferences), which are stored locally on your device. This allows for the real-

time saving and restoration of game progress and the dynamic optimization of level

difficulty.

Simultaneously, to provide you with application operation guarantee and

performance enhancement functions, we need to collect your device logs and basic

information (including crash logs, error messages, device model, system version, and

other non-sensitive personal information). This is used to achieve rapid troubleshooting

of application failures and to continuously improve the stability of the product.

1.1.2 Optimization and Safety (Tracking Data)

To provide you with core game save and experience optimization functions, we need

to collect your game business data (including level progress, scores, props, diamonds,

skins, etc.) and personalized settings information (such as sound effects, graphics, and

operational preferences) and store them locally on your device. This is to achieve real-

time saving and restoration of game progress and to dynamically optimize level difficulty.

Meanwhile, to provide you with application operation guarantee and performance

enhancement functions, we need to collect your device logs and basic information

(including crash logs, error information, device model, system version, and other non-

sensitive personal information) to enable rapid troubleshooting of application failures

and continuously improve product stability.

1.1.3 Personalized Services

With regard to the personalized services we provide, these services are only available in

certain countries/regions. In these locations, to provide you with personalized

recommendation services and to present content with higher relevance, we analyze your

device identifier, device information (device model, system version, network status),

application usage information (such as duration and frequency of use), IP address,

system region, list of installed applications, usage information on the device, and

behavioral information (including browsing and click data). This information is used to

generate your personalized profile so that we can recommend content that may be of

greater interest to you.

1.1.4 Personalized Advertising

We collect device identifiers (e.g., GAID) and record anonymous ad behavior (impressions,

clicks) to evaluate advertising effectiveness and anti-fraud analysis.

1.2 Cookies and Similar Technologies

(1) Definition of Cookies: Cookies are small files or mechanisms that a website server

stores on your computer, mobile phone, or other local terminal devices to collect, identify,

and store information about your visit and use of the product. They usually contain

identifiers, site names, and numbers/characters. We and our partners may also use pixel

tags and web beacons.

(2) How We Use Cookies: When you use [Rescue the King - Tile Match], we may obtain

your device model, operating system, device identifiers, and login IP address

information, as well as cache your browsing and click information via Cookies or

similar technologies to assess your network environment.

Through Cookies and other similar technologies, this application can recognize whether

you are one of our users each time you use the application, eliminating the need to re-

friendliness of the website and make adjustments according to your needs to provide a

better service experience. Please also be advised that Cookies may store user preferences

and other information. If you choose to disable Cookies or similar technologies, it may

affect your use of some website functions, but it will not affect your use of basic functions

and other features.

(3) How to Manage Cookies: You can manage or delete Cookies via your browser settings

(e.g., "Do Not Track" requests). Please note that disabling Cookies may affect your use of

certain features, though basic functions will remain available. Refer to

www.allaboutcookies.org for more information.

1.3 Information from Third Parties

We may obtain personal data about you from third parties. For example, where permitted

by law, we may obtain data about you from public or commercial sources, including your

activities on the social networks you use, and may combine it with other information we

receive from you or related to you.

⚫

1.3.1 Ad & Measurement Partners:Advertisers, measurement, and other partners

share information with us regarding you and the actions you take outside of the

platform—such as your activities on other websites, applications, or in stores, including

products or services you purchase online or in person. These partners also share

information with us, such as mobile identifiers used for advertising, hashed email

addresses and phone numbers, and cookie identifiers. We use this information to help

match your behavior outside the platform with your account. Some of our advertisers and

other partners operate by integrating our advertiser tools. These partners must possess

the necessary rights and permissions before sharing your information with us. We process

certain information received from these partners acting as a joint controller.

⚫

1.3.2 Third-Party Platforms: When you choose to use the login functions provided

by a third party to register for or log in to the platform, the third-party platform will

provide us with information (such as your email address, authentication ID, and public

profile).

When you or other users synchronize contact information with our platform, we may also

receive contact information held by you or others about you. When you interact with

third-party services integrated with any third-party service (such as third-party

applications, websites, or products), we will receive the information necessary to provide

you with functions such as service authentication or cross-posting. We may also receive

information from third-party providers that we use for security purposes, including

protecting users on the platform and content moderation.

⚫

1.3.3 Other Sources: We may collect or receive information about you from

organizations, businesses, individuals, and other parties. This includes, for example,

public sources, government agencies, professional organizations, and charitable groups.

We also collect information about you if you are included or mentioned in complaints,

appeals, requests, or feedback submitted by users or third parties, or if a user provides us

with your contact information.

1.4 Third-Party Services

Third-party partners providing services through software stores (ads, rewards, game top-

ups) may collect your data directly. Please refer to the Partner List and their respective

privacy policies.

1.5 Locally Processed Data Types

For the avoidance of doubt, please note that the data listed in this section will only be

collected and processed locally on your device and will not be uploaded to our servers.

Consequently, we do not access, collect, or otherwise process such data, nor do we disclose

this information to any third party or use it for any other purpose.

This also means that such data processing is conducted solely by you and is therefore not

subject to this Privacy Policy. If you wish to exercise rights related to such data, or if you

want to modify or delete it, we will be unable to provide direct support; however, we can

provide guidance on how you may handle the data yourself.

2. How We Store and Retain Your Personal Information

2.1 Storage Duration

We will retain your personal information only for the minimum period necessary to

provide our products or services, as required by laws and regulations. Upon the expiration

of any storage period or when other conditions for deletion are met, we will delete or

anonymize your personal information, unless otherwise provided by laws and regulations.

In the event that we cease operations of some or all of our products or services due to

special reasons, we will notify you in a timely manner and stop the collection and

processing of personal information related to those products or services. Simultaneously,

we will delete or anonymize the personal information we hold related to said products or

services, unless otherwise prescribed by laws and regulations.

2.2 Storage Location

As a company with global operations, we provide products and services through resources

and servers located worldwide. To ensure service performance (such as processing speed)

and provided it does not violate local data protection laws, we store user personal data

based on the region where the mobile phone was sold or configured. Our data centers are

distributed across France, the United States, Singapore, India, and Indonesia. This

means your personal information may be transferred to, or accessed from, jurisdictions

outside the country or region where you use our products or services.

You acknowledge that risks vary under different data protection laws. In such cases, we

will take measures to ensure that the data we collect is processed in accordance with this

Policy and applicable legal requirements, ensuring your personal information receives a

level of protection equivalent to that in the country or region where you use the products

or services. For instance, we may request your consent for the cross-border transfer of

personal information, or implement security measures such as encryption, de-

identification, and signing necessary data transfer/sharing agreements with data

recipients prior to the transfer.

3. How We Share, Transfer, and Disclose Your Personal

Information

In accordance with legal requirements, your personal information may be shared from

time to time with the following companies or organizations (such as our affiliates and

strategic partners, to jointly provide products or services). We will require these third

parties, through agreements or other appropriate measures, to adopt equivalent

confidentiality and security measures when processing personal information.

(1) Affiliates: To facilitate the provision of services to you, your personal information

may be shared with our affiliates. We will only share necessary personal information. If

we or our affiliates change the purpose of using or processing personal information, we

will seek your authorized consent again.

(2) Authorized Partners: Certain services will be provided by authorized partners

solely to achieve the purposes stated in this Personal Information Protection Policy. We

may share certain personal information with partners to provide services and enhance

your user experience. For details, please refer to the “List of Partners” at the end of this

document.

(3) Other Organizations Involved in Mergers, Acquisitions, or Bankruptcy

Liquidation: In the event of a merger, acquisition, or bankruptcy liquidation involving the

transfer of personal information, we will require the new company or organization

holding your personal information to continue to be bound by this Privacy Policy;

otherwise, we will require that company or organization to seek your authorized consent

again. If no transfer of personal information is involved, we will fully inform you and delete

or anonymize all personal information under our control.

(4) Any Entity for Which You Have Authorized Disclosure.

(5) Any Entity Required by Law: For example, we may disclose your personal

information when required to respond to subpoenas or other legal processes, litigation,

or mandatory requirements from government authorities, if we believe such disclosure is

necessary to protect our rights, ensure your safety or the safety of others, investigate fraud,

or respond to government requests.

4. How We Protect Your Personal Information

The security of your personal information is of paramount importance to us. We

implement appropriate technical, administrative, and physical security measures

designed to protect your personal information from unauthorized access, theft, leakage,

modification, or loss. We regularly review our security measures to consider available new

technologies and methodologies.

5. How You Exercise Your Rights as a Personal Information Subject

We respect your rights regarding your personal information and are fully committed to

protecting your control over it. To this end, we provide various methods to help you

manage your privacy settings and personal information more securely and conveniently.

Please note that operational settings may vary between different models, operating

systems, and software versions; furthermore, we may adjust these settings to optimize

your user experience. Therefore, the management paths listed below are for reference

only. If you have any questions regarding the methods or channels for exercising your

rights, you may contact us using the information provided in the "Contact Us" section of

this Policy. Your rights regarding your personal information are as follows:

5.1 Right to be Informed

We inform you of how we process and protect your personal information by publishing

this Policy. We are committed to ensuring transparency in how your information is used.

You can stay informed about the collection and use of your personal information by

periodically reviewing this Policy, receiving update notification emails or SMS messages

regarding the Personal Information Protection Policy, or contacting us through the

methods disclosed herein. You may view the policy on your mobile device via "Settings >

About > [Block Blast:Crush Game] Personal Information Protection Policy."

5.2 Right of Access

You may directly query or access your personal information within our product or service

interfaces to understand how your data is being collected and used.

5.3 Right to Rectification

If you find that the personal information we process about you is inaccurate or incomplete,

you have the right to request that we make corrections or supplement the information.

For certain types of personal information, you can perform corrections and modifications

directly on the relevant functional pages of the product or service.

5.4 Right to Erasure (Right to Deletion)

You may choose to delete certain personal information you have provided to us. You can

clear the application data and cache stored locally on your device by navigating to System

Settings > App Management and selecting [Block Blast:Crush Game].

5.5 Right to Change the Scope of Authorization or Withdraw Consent

Each business function requires certain basic personal information to be completed (see

the "How We Collect and Use Your Personal Information" section of this Policy). You may

change the scope of your authorization for us to continue collecting personal information,

or withdraw your authorization entirely, by deleting information, turning off device

permission settings, changing settings on relevant product or feature pages, or canceling

your account.

5.6 Right to Obtain a Copy of Personal Information

You have the right to request a copy of the personal information you have provided to us,

or to request that we transfer said copy to a third party designated by you. You may contact

us via the contact information listed in the "Contact Us" section of this Policy. Provided

that the request complies with relevant laws and regulations, we will provide it in a timely

manner.

5.7 Right to Complain

You have the right to contact us and lodge a complaint through the methods disclosed in

the "Contact Us" section.

You also have the right to lodge a complaint with the competent regulatory authorities

regarding personal information protection issues at any time, or to file a lawsuit in a court

with jurisdiction. However, we appreciate the opportunity to address your concerns and

issues before you approach the authorities, so please contact us directly in the first

instance.

6. Third-Party Service Providers and Their Services

Some of our features or services may contain links to third-party websites, products, and

services. This Policy does not apply to websites, products, and services provided by such

third parties—for example, when you click on a card within this application to redirect to

a third-party app or website.

Please note that before you access the features or services of these third-party website

operators or service providers via our redirection functions, you should carefully read

their separate personal information protection policies and related terms.

7. How We Protect Children’s Personal Information

We take our obligations and responsibilities regarding the protection of children’s

personal information very seriously, striving to create a healthy online environment and

providing special protection for children. We consider anyone under 18 years of age (or

the equivalent minimum age for full legal capacity in the relevant jurisdiction) to be a child.

Most features and services provided by this application are primarily intended for adults;

they are not targeted at children, and we do not provide services directly to children.

Please be aware that due to technical limitations and other objective constraints, this

application may not be able to proactively identify the age of users.

In accordance with applicable laws and regulations, if you are a child, you must obtain the

consent of your parents or other guardians before using this application, and you must

read this Policy carefully with them. If you are a child’s guardian, you must carefully read

the Children’s Privacy Statement (if any) and this Policy before helping the child use this

application. Children may not use this application without the consent of their parents or

other guardians.

We do not proactively collect, store, use, transfer, or disclose children's personal

information, nor do we use children's personal information for marketing purposes. If you

are a child, a parent, or another guardian of a child, or if you discover through other means

that the information we process may include a child's personal information, please

relevant data as quickly as possible.

8. How This Personal Information Protection Policy is Updated

We reserve the right to update or modify this Privacy Policy from time to time. For material

changes to the Personal Information Protection Policy, we will send you a notification

through appropriate channels and indicate the most recent update date at the top of this

Policy.

The latest version of this Personal Information Protection Policy applies to our processing

activities of your personal information and shall take effect from the date of the update.

9. Contact Us

If you have any questions, suggestions, or complaints regarding this Policy or matters

related to personal information protection, you may contact us or our Data Protection

Officer (DPO) through the following methods. We will complete identity verification and

process your request within the timeframe required by local laws and regulations. Please

note that this period may be extended when necessary, taking into account the complexity

and volume of individual requests, as well as technical feasibility.

If you have any questions or concerns regarding our personal information protection

policy or practices, please contact us via:

https://brand.heytap.com/en/privacy-feedback.html

Personal Information Subject Rights Exercise Platform:

https://brand.heytap.com/en/privacy/contact-person.html

Alternatively, please refer to to check if there is a local Data Protection Officer,

representative, or contact person in your country/region.

B. Europe Region (GDPR Specific Terms)

This section applies exclusively to users located in the European Union, Liechtenstein,

Norway, Iceland, the United Kingdom, or Switzerland ("Europe").

The GDPR distinguishes between the roles of Data Controller and Data Processor. A

Data Controller refers to a natural or legal person, public authority, agency, or other body

which, alone or jointly with others, determines the purposes and means of the processing

of personal data. A Data Processor refers to a natural or legal person, public authority,

agency, or other body which processes personal data on behalf of the controller. When you

are a user in Europe, HEYTAP PTE. LTD. acts as the "Data Controller" as defined under

the General Data Protection Regulation (GDPR), determining the purposes for collecting

and processing your personal information, complying with relevant GDPR provisions, and

processing your personal information in accordance with this Policy.

In this section, your personal information is referred to as "Personal Data," which means

any information relating to an identified or identifiable natural person. Your sensitive

personal information is referred to as "Special Categories of Personal Data," which

refers to personal data revealing racial or ethnic origin, political opinions, religious or

philosophical beliefs, or trade union membership, as well as the processing of genetic data,

biometric data for the purpose of uniquely identifying a natural person, data concerning

health, or data concerning a natural person's sex life or sexual orientation.

1. Legal Basis for Processing Personal Information

The processing of your personal information as described in the section "How We Collect

and Use Your Personal Information" is based on the following legal grounds:

⚫

(1) Consent: We have obtained your prior explicit consent, which you may withdraw

at any time.

⚫

(2) Contractual Necessity: Processing is necessary to enter into or perform a

contract with you regarding our products and/or services.

⚫

(3) Legal Obligation: Processing is necessary for compliance with our legal

obligations.

⚫

(4) Legitimate Interests: We may disclose your personal information for the

purposes of our legitimate interests or those of a third party. When we process your

personal information based on this legal ground, we will only do so after balancing these

interests against your privacy rights.

2. Purpose and Scope of Processing Personal Information

In the European region, we provide the following functions: Game Functions and User

Information.

When you use [Block Blast:Crush Game], we collect, use, and disclose your personal

information for the following purposes:

Function & Processing

Purpose

Personal Information

Fields Collected

Legal Basis

Provides core gameplay

experience, saves level

progress, and allows local

recording of high scores.

Device unique identifier

(IDFV/IDFA), game save

data, in-app settings (such

as sound effects on/off).

Necessary for fulfilling the

contract (Art. 6(1)(b))

Game data analysis:

statistics on level retention,

analysis of crash logs,

optimization of game UI

and difficulty balance.

In-game behavior (such as

clicks, completion time),

device model, operating

system version,

country/region code.

Legitimate interests (Art.

6(1)(f))

Maintaining the game's

free operation through

display advertising

(typically using AdMob or

Unity Ads).

Ad ID (GAID), IP address,

device model, system

language, application

package name.

Legitimate basis: Consent

(Art. 6(1)(a))

3. List of Partners

Please refer to the "List of Partners."

4. Additional Information on How Your Personal Information is

Transferred Globally

We will confirm your location based on the country/region you select under "Settings >

Permissions & Privacy > Location Information."

In principle, personal information generated and collected within Europe will be stored

within the European region. In cases where your personal information is transferred

outside of Europe, we ensure that the following security measures are implemented, such

as:

⚫

(1) Adequacy Decisions: The recipient of the personal information is located in a

country recognized by the European Commission as providing an "adequate" level of

protection.

⚫

(2) Standard Contractual Clauses (SCCs): The recipient has signed the "Standard

Contractual Clauses" approved by the European Commission, which require the recipient

to protect your personal information.

⚫

(3) Explicit Consent & Technical Safeguards: In the absence of appropriate

safeguards, we will obtain your explicit consent for the transfer of your personal

information. Simultaneously, we will employ sufficient technical measures, such as

encryption or de-identification, to protect your personal information.

To learn more about the safeguards related to the transfer of personal information outside

of Europe, please contact us and submit your request through the methods provided in

the "Contact Us" section.

5. Supplementary Information on Personal Information Rights

In accordance with the legal requirements of the GDPR, you have the following rights:

5.1 Right of Access

We inform you of how we process your personal information by publishing this Policy and

through specific announcements, SMS, or email notifications as required by laws and

regulations. We are committed to ensuring transparency in the use of your information.

You may view this Policy under "Privacy Policy" to understand how your personal

information is processed.

5.2 Right to Rectification

If you find that the personal data we process concerning you is inaccurate or incomplete,

you have the right to request that we correct it immediately and, where appropriate,

request that your personal data be supplemented.

5.3 Right to Erasure (Right to Deletion)

You may choose to delete certain personal information provided to us. You can clear the

application data and cache stored locally on your device (e.g., level progress, user

information) by navigating to System Settings > App Management and selecting [Block

Blast:Crush Game].

5.4 Right to Restriction of Processing

In certain circumstances, you have the right to request that we temporarily restrict the

processing of your personal data—for example, when you contest the accuracy of the

personal data, we will verify its accuracy. We will retain sufficient data, or process

necessary data, to ensure that we comply with your restriction request in the future.

5.5 Right to Object

You have the right to object at any time, on grounds relating to your particular situation,

to any processing based on legitimate interests. If you decide to object to the processing

of your personal data, we will stop processing it unless we can demonstrate compelling

legitimate grounds for the processing which override your interests, rights, and freedoms,

or for the establishment, exercise, or defense of legal claims. You may object to direct

marketing activities at any time and for any reason.

5.6 Right to Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used,

and machine-readable format, and to transmit that data to another provider, or in certain

cases, have such data transmitted directly to another provider.

5.7 Right to Change Authorization or Withdraw Consent

If we process your personal information based on your consent, you have the right to

withdraw your consent at any time, and we will immediately cease processing your

personal information (e.g., deleting saved user information or level progress). You may

enable or disable permissions for this application by navigating to "Settings > Apps" and

selecting this application.

5.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection authority

regarding the way we process your personal information. You can find information about

your local data protection authority by visiting the following links:

⚫

European Union:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

⚫ United Kingdom: https://ico.org.uk/

⚫ Switzerland: https://www.edoeb.admin.ch/en

We will respond to your requests as quickly as possible. Generally, we will respond within

one month of receiving your request. (If necessary, and where permitted by law, this

period may be extended by an additional two months for complex requests or those

involving a large volume of personal information. We will inform you of the reasons for

any such extension within the initial one-month period). If you are dissatisfied with our

response, you may file a claim with the regulatory authority in your jurisdiction.

6. Contact Us

For users in Europe and the United Kingdom, if you have any questions, suggestions, or

complaints regarding this Policy or matters related to personal information protection,

you may contact us, our representatives, or our Data Protection Officer (DPO) via the

following methods:

⚫

Feedback Email for Europe (non-UK) users: privacy_eu@heytap.com

⚫

Feedback Email for UK users: privacy_uk@heytap.com

For European users, our Data Protection Officer (DPO) in Europe is:

⚫ Entity: Collegium Auditores GmbH

⚫

Email: datenschutz@collegium-auditores.de

⚫

Mailing Address: Haufeld 2a, 53721 Siegburg, Germany

For Europe (non-UK) users, our European Representative is Reflection Investment

B.V.:

⚫

Mailing Address: Hofplein 20, 3032AC Rotterdam, the Netherlands

For UK users, our UK Representative is Unumplus Limited:

⚫

Mailing Address: 7 Albert Buildings, 49 Queen Victoria Street, London, United

Kingdom, EC4N 4SA

C. U.S. State-Specific Appendix

This section applies to users in the United States and is limited specifically to residents of

California, Nevada, Colorado, Connecticut, Virginia, and Utah. This section provides

additional details regarding personal information to satisfy our disclosure requirements

under the laws of these states.

1. Types and Use of Processed Personal Information

In accordance with the laws of the aforementioned states, personal information is broadly

classified into the following categories:

Category

Source

Purpose

Disclosure to

Third Parties

Identifier (Internally

randomly generated

User ID, Device ID)

Your Device

Maintaining game

operation, saving

level progress,

fixing bugs

Identifier (Ad ID

(GAID), IP Address)

Your Device, Ad

Plugin (SDK),

Analytics Tool

(SDK)

Displaying ads and

maintaining free

service

Third-party Ad

Distributors:

Google AdMob,

Meta, AppLovin,

etc.

Identifier (Device

Model, Operating

System)

Your Device

(Inferred from IP

Address)

Optimizing level

balance, improving

user experience

Third-party Ad

Distributors:

Google Analytics

(Firebase), Adjust

2. Disclosure, Sale, and Sharing of Personal Information

Under California law, "Sharing" refers to a business sharing, renting, releasing, disclosing,

disseminating, making available, transferring, or otherwise communicating orally, in

writing, or by electronic or other means, a consumer’s personal information to a third

party for cross-context behavioral advertising, whether or not for monetary or other

valuable consideration.

We do not currently sell or share your personal information with any third party

for commercial purposes (and have not done so within the past 12 months). Should

we decide to sell or share your personal information in the future, we will notify you in

advance via this Appendix and respect your right to restrict or opt-out of such activities.

3. Supplementary Information on Personal Information Rights

You may have the following consumer data privacy rights. Please note, however, that these

rights are not absolute and may be subject to certain conditions or limitations:

⚫ (1) Right to Access and Portability: You have the right to know and access the

categories and specific pieces of personal information we have collected about you, as well

as the sources of such information, the purposes for collection, and the categories of third

parties with whom we share it. Where technically feasible, we will provide this personal

data in a structured, commonly used, and machine-readable format to allow for transfer

to another entity.

⚫

(2) Right to Request Information: You have the right to obtain information

regarding our disclosure of personal information to third parties for business purposes.

⚫

(3) Right to Rectification: You have the right to correct inaccurate personal

information that we may maintain about you.

⚫

(4) Right to Deletion: You have the right to request the deletion of your personal

information, subject to certain legal exceptions.

⚫ (5) Right to Opt-Out: You have the right to opt-out of the "sale" or "sharing" of your

personal information to third parties.

⚫

(6) Right to Limit the Use of Sensitive Personal Information: We do not use or

collect sensitive personal information to infer characteristics about consumers; therefore,

this right is not applicable.

⚫

(7) Right to Non-Discrimination: You have the right not to be discriminated against

for exercising any of the aforementioned rights.

"Shine the Light" Requests

Under the "Shine the Light" Act (California Civil Code Section 1798.83), California

residents who use our services are permitted to request: (1) a list of certain

categories of personal information that we have disclosed to third parties for their

direct marketing purposes during the preceding calendar year; and (2) the

identities of those third parties.

To exercise your Right of Access, Portability, Right to Know, Deletion, or

Rectification, or if you wish to submit a "Shine the Light" request, you may contact

us using the contact information provided in the "Contact Us" section below.

Before processing your request, we must verify your identity and confirm that you

are a resident of California, Nevada, Colorado, Connecticut, Virginia, or Utah.

To verify your identity, we typically require verification of your account or match

the information you provide with the information we maintain in our systems. This

process may require us to request additional personal information from you,

including but not limited to your email address, phone number, and/or the date of

your last transaction on our services.

In certain circumstances, we may deny a request to exercise the aforementioned

rights, particularly if we are unable to verify your identity or locate your

information in our systems. If we are unable to fulfill all or part of your request,

we will explain the reasons for the denial.

Furthermore, as we do not use your personal information for "sale" or "sharing,"

your right to opt-out of the sale or sharing of personal information for targeted

advertising is currently not applicable.

4. Submitting Requests via Authorized Agents

In certain circumstances, you may use an Authorized Agent (as defined by the California

Consumer Privacy Act of 2018) to submit requests on your behalf through the designated

methods set forth in this notice. We must be able to verify the authorized agent’s authority

to act on your behalf.

For requests to know, delete, or correct personal information, we require the following

information for verification:

⚫

(1) A power of attorney that is valid under California law, provided by you or your

authorized agent; or

⚫

(2) Sufficient evidence demonstrating that you have:



Provided the authorized agent with signed permission to act on your behalf; and

 Directly verified your own identity with us according to the methods set forth in

this notice; or directly confirmed with us that you have provided the authorized

agent with permission to submit the request.

For requests to opt-out of the "sale" or "sharing" of personal information, we require a

signed permission form certifying that your authorized agent has been authorized by you

to act on your behalf.

5. Contact Us

If you are located in the United States and have any questions, suggestions, or complaints

regarding this Policy or matters related to personal information protection, you may

⚫

Email: privacy_us@heytap.com

D. India Region (DPDPA Specific Terms)

This Appendix applies exclusively to users located in India.

You acknowledge that this Appendix is formulated in accordance with the Digital

Personal Data Protection Act (DPDPA) of India and other relevant personal data

protection laws. Under the DPDPA, data processing roles are categorized into Data

Fiduciaries and Data Processors. A "Data Fiduciary" refers to an entity that, alone or

in conjunction with others, determines the purpose and means of processing personal

data. A "Data Processor" refers to an entity that processes personal data on behalf of a

Data Fiduciary.

Generally, we process your personal data in the capacity of a Data Fiduciary. However,

during the provision of advertising, data analysis, and gaming services, third parties may

be involved. You acknowledge that, in certain circumstances, these third parties may have

independent purposes and means for processing your personal data; in such cases, these

third parties shall constitute independent Data Fiduciaries and process your personal

data autonomously.

1. Personal Data Collected and Purposes of Processing

In India, we provide the following functions: Core Gameplay Experience, Advertising

Services, and Operational Analytics.

We collect your personal data solely for the purpose of providing services related to

[Block Blast:Crush Game] and implementing relevant features.

However, please note that processing your personal data does not require your consent

in the following circumstances:

⚫

(1) Voluntary Provision for a Specific Purpose: For the processing of personal data

that you voluntarily provide to us for a specified purpose, provided you have not indicated

your non-consent to such processing.

⚫

(2) State Subsidies and Benefits: For the processing of personal data necessary for

the State or any of its instrumentalities to provide or issue subsidies, benefits, services,

certificates, or licenses to you.

⚫

(3) Performance of State Functions: For the performance of functions by the State

or any of its instrumentalities under any law currently in force in India, or in the interest

of the sovereignty and integrity of India or the security of the State.

⚫

(4) Legal Disclosure Obligations: For the fulfillment of any obligation under any law

currently in force in India to disclose any information to the State or any of its

instrumentalities.

⚫ (5) Compliance with Judgments or Orders: To comply with any judgment, decree,

or order issued under any law currently in force in India, or any judgment, decree, or order

relating to claims of a contractual or civil nature under any law currently in force outside

India.

⚫

(6) Public Health Emergencies: For taking measures to provide medical treatment

or health services to any individual during an epidemic, outbreak of disease, or any other

threat to public health.

⚫ (7) Disaster or Public Disorder: For taking measures to ensure the safety of any

individual, or to provide assistance or services, during any disaster or breakdown of

public order.

2. Your Personal Data Rights

In accordance with the DPDPA, you are entitled to the following personal data rights. You

may exercise these rights through the specific methods disclosed under each right or by

submitting a request directly to us via the contact details provided in the "Contact Us"

section.

2.1 Right to Access and Information

You have the right to obtain:

⚫

(1) A summary of the personal data being processed and the processing activities

undertaken by us;

⚫

(2) The identities of all Data Fiduciaries and Data Processors with whom your

personal data has been shared, along with a description of the data shared;

⚫

(3) Any other information required to be disclosed under relevant laws and

regulations.

2.2 Right to Correction and Erasure

You have the right to:

⚫

(1) Correct, complete, or update your personal data; and

⚫

(2) Request the erasure (deletion) of your personal data.

2.3 Right of Grievance Redressal

If you believe there is a deficiency or omission in our fulfillment of personal data

processing obligations, you may contact us to seek redressal. Generally, we will respond

within fifteen (15) working days. If you feel that we have failed to respond adequately

to your request, you may lodge a complaint with the Data Protection Board of India.

2.4 Right to Withdraw Consent

You have the right to withdraw your consent for the processing of your personal data at

any time.

Upon withdrawal, we will cease processing your personal data accordingly. However,

please understand that the withdrawal of consent does not affect the legality or validity of

any processing carried out prior to such withdrawal.

2.5 Right to Nominate

If you are a child or a person with a disability, you have the right to nominate an individual

to exercise your personal data rights on your behalf. In such cases, we will perform

necessary identity verification to confirm the nominee's authority.

3. Processing of Children’s Personal Data

In principle, we do not provide our products or services to children.

Please note that in the region of India, a "child" is defined as an individual who has not

completed 18 years of age.

E. Brazil Region (LGPD Specific Terms)

This Appendix applies exclusively to users located in Brazil.

1. Legal Basis for Processing Personal Data

Our processing of your personal data is based on the following legal grounds:

1.1 Consent

We may process your personal data after obtaining your consent. In particular, we may

request your consent to participate in promotional activities, such as sending you

promotional information or involving you in user experience programs and certain

services, including the collection of location information through these services. You have

the right to choose not to provide consent or to withdraw your consent at any time. The

withdrawal of consent does not affect the lawfulness of our use of your personal data prior

to its withdrawal. If you have authorized us to use your personal data, we will only use

such data for the purposes specified in the consent statement. Please note that if our

processing is based on your consent and you refuse or withdraw that consent, we may be

unable to provide the related services. Furthermore, an initial refusal or withdrawal of

consent will not result in any negative consequences for you unless otherwise notified.

1.2 Performance or Entry into a Contract

We may rely on this legal basis in the following specific circumstances:

⚫

(1) To provide services, process your orders, or fulfill a contract between you and us;

⚫

(2) To activate services you have purchased, warranty services, and specific software

licenses, and to provide notifications for software updates;

⚫ (3) To allow and manage your participation in prize draws, competitions, or similar

promotional activities;

⚫

(4) To diagnose product issues, repair customer devices, and provide other customer

care and support services.

1.3 Compliance with Legal Obligations

We may be obligated to process your personal data to comply with legal obligations, such

as cases where data retention is required under tax laws or for commercial purposes.

1.4 Legitimate Interests

The processing of your personal data may also be necessary for our legitimate interests.

Specifically, such circumstances may include:

⚫

(1) Conducting customer surveys to enhance your user experience;

⚫ (2) Analyzing the customer market based on the countries where you use our

services, including the number of users for product marketing and promotion;

⚫

(3) Analyzing the efficiency of our business operations;

⚫

(4) Analyzing error logs to improve mobile phone quality and application

functionality;

⚫

(5) Providing you with personalized services and recommending and displaying

tailored content and advertisements through our services;

⚫

(6) Communicating with you and responding to comments or feedback submitted via

any channel;

⚫

(7) Ensuring the functionality and security of our services;

⚫

(8) Verifying your identity;

⚫

(9) Conducting internal audits and preventing or investigating fraud, cybersecurity

threats, or other improper use;

⚫

(10) Enhancing and developing our services, including relevant security features, to

improve product experience, user-friendliness, operational performance, functionality,

and design;

⚫ (11) Pursuing or defending legal claims.

We will only process your personal data based on the reasons above after appropriately

evaluating and balancing our interests against your privacy rights. In specific cases, we

may also process your personal data based on other legal grounds provided by applicable

laws.

2. Additional Information on Global Transfers of Personal Data

If your personal data is transferred to a jurisdiction located outside of Brazil, we will

ensure that appropriate safeguards exist and are applied, such as:

⚫ (1) Adequacy Decisions: The recipient of the personal data is located in a country

that has received an "Adequacy" decision from the Brazilian National Data Protection

Authority (ANPD), where applicable.

⚫

(2) Standard Contractual Clauses (SCCs): The recipient has entered into a contract

based on the "Standard Contractual Clauses" approved by the Brazilian National Data

Protection Authority (ANPD), where applicable, which requires them to protect your

personal data.

⚫

(3) Explicit Consent & Other Measures: In the absence of the aforementioned

appropriate safeguards, we will request your explicit consent for the cross-border transfer

of your personal data or implement any other recognized measures to ensure that your

personal data receives adequate protection.

For more information regarding the safeguards for transferring personal data outside of

Brazil, please submit a request through our Data Subject Rights Platform:

https://brand.heytap.com/en/privacy-feedback.html

3. Additional Information on Cookies and Other Tracking

Technologies

For detailed information regarding the use of cookies and other tracking technologies,

please read our Cookie Statement.

4. Supplementary Information on Your Personal Data Rights

In accordance with the legal requirements of the LGPD, you are entitled to the following

rights:

⚫

(1) Right of Access: You may request access to the personal data we hold about you.

⚫

(2) Right to Rectification: If you find that the personal data we process concerning

you is inaccurate or incomplete, you have the right to request timely correction and, where

appropriate, request that your personal data be supplemented.

⚫

(3) Right to Erasure (Deletion): You may submit a request for the deletion of your

personal data. In certain cases, we are obligated to delete such data without delay—for

instance, if we no longer have a legal basis to continue processing the data under

applicable laws and regulations. Please note that deleting data from your device does not

necessarily mean all data we have collected and processed has been deleted. Therefore,

we encourage you to contact us (see the "Contact Us" section) to request the formal

deletion of your personal data.

⚫ (4) Right to Restriction of Processing: In certain circumstances, you have the right

to request that we temporarily restrict the processing of your personal data—for example,

when you contest the accuracy of the data, we will verify its accuracy. During this period,

we will only retain necessary data or process data required to comply with your

restriction request in the future.

⚫

(5) Right to Object: You have the right to object at any time, on grounds relating to

your particular situation, to any processing based on legitimate interests. If you object, we

will stop processing your personal data unless we can demonstrate compelling legitimate

grounds that override your interests, rights, and freedoms, or for the establishment,

exercise, or defense of legal claims. You may object to direct marketing activities at any

time for any reason.

⚫

(6) Right to Data Portability: You have the right to obtain a copy of your personal

data in a structured, commonly used, and machine-readable format, and in certain cases,

have such data transmitted to other providers.

⚫

(7) Right to Withdraw Consent: If you previously authorized us to process your data

and later change your mind, you have the right to withdraw that consent at any time.

Withdrawal does not affect the lawfulness of our processing prior to the withdrawal. You

may unsubscribe from promotional messages using the methods described in each

message. If you withdraw consent, we may be unable to continue providing relevant

services.

⚫ (8) Right to Lodge a Complaint: You have the right to complain to relevant

authorities regarding our processing of your data or to initiate legal proceedings. You can

obtain information from your local supervisory data protection authority.

⚫ (9) Right to Request Anonymization: In certain circumstances, you have the right

to request the anonymization of your personal data, meaning your data will be

transformed to prevent identification. This right is designed to enhance your privacy

protection.

⚫ (10) Right to Information on Entities with Whom Data is Shared: You have the

right to be informed about which companies and third parties have received your personal

data. This ensures transparency regarding how your data is shared and used.

⚫

(11) Right to be Informed about the Possibility of Denying Consent and the

Potential Consequences: You have the right to be informed about the implications of

withholding or withdrawing consent, including information on how it may impact your

access to certain services or features.

5. Contact Information for the Data Protection Officer (DPO)

You may submit a request through our Data Subject Rights Platform or contact our Data

Protection Officer (DPO):

Information for the Brazilian Data Protection Officer (DPO):

⚫

Name: JULIANA MANTUANO DE MENESES

⚫

Contact Method: https://brand.heytap.com/en/privacy-feedback.html

Appendix: List of Partners

(1)

⚫ Partner Category: Attribution and Monitoring

⚫ Partner Name: Adjust

⚫ Function Provided: Trace promotion channel sources and user installation

behavior, analyze advertising effectiveness.

⚫ Personal Information Shared with Partner: Advertising ID (GAID), device

model, IP address, installation source, and in-app behavioral events.

⚫ Partner's Personal Information Protection Policy Address:

https://www.adjust.com/terms/privacy-policy/

(2)

⚫ Partner Category: Data Analysis and Statistics

⚫ Partner Name: Firebase

⚫ Function Provided: Collect app performance data and crash logs, and track

user retention and activity.

⚫ Personal Information Shared with Partner: Unique device identifier,

operating system version, crash stack information, and in-game click events.

⚫ Partner's Personal Information Protection Policy Address:

https://firebase.google.com/support/privacy

(3)

⚫ Partner Category: Ad Mediation Management

⚫ Partner Name: TopOn

⚫ Function Provided: Manage and optimize requests from multiple advertising

sources to improve ad fill rates.

⚫ Personal Information Shared with Partner: Device ID (OAID/GAID), IP

address, coarse location information, and ad interaction data.

⚫ Partner's Personal Information Protection Policy Address:

https://www.toponad.com/privacy-policy

(4)

⚫ Partner Category: Advertising Services

⚫ Partner Name: AdMob

⚫ Function Provided: Display personalized or non-personalized

advertisements within the game to maintain free service operations.

⚫ Personal Information Shared with Partner: Advertising ID (GAID), IP

address, application package name, and ad viewing and click data.

⚫ Partner's Personal Information Protection Policy Address:

https://policies.google.com/technologies/ads