Client Area

Privacy Policy

General Information

At Tornado Games Malta Ltd (hereinafter referred to as “Tornado Games”, “the Company”, “We”, “Us”), we are committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, process, store, and safeguard your personal data (“Personal Data”), whether you are engaging with us as a customer, user, or simply browsing our website (“You”, “User”, “Customer”, or “Visitor”).

We process your Personal Data in accordance with the applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act (Chapter 586 of the Laws of Malta).

By accessing and using our website, http://www.tornado-games.com, and/or any of our services, you acknowledge that you have read, understood, and agreed to the terms set out in this Privacy Notice.

Definitions

  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data.
  • Controller: An entity that determines the purposes and means of the processing of personal data.
  • GDPR: Regulation (EU) 2016/679 protecting individuals with regard to the processing of personal data and on the free movement of such data.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, whether automated or not.
  • Processor: A party processing personal data on behalf of a controller.
  • Recipient: A party to whom personal data is disclosed, excluding the data subject, controller, or processor.
  • Services: The functionality of the website allowing visitors to submit applications or inquiries.
  • Third Party: Any person or entity other than the data subject, controller, or processor.
  • Website: The suite of websites operated by Tornado Games, available at https://www.tornado-games.com
  • Visitor: Any individual accessing or browsing the Website.

Data Controller

The entity responsible for the processing of your Personal Data is Tornado Games Malta Ltd, a company incorporated under the laws of Malta, bearing company registration number C 91088, with its registered office located at Forth Business Centre, Level 01, Suite 3, Testaferrata Street, Ta’ Xbiex, Malta.

Data Protection Officer

Should you have any questions, concerns, or requests relating to the processing of your personal data or wish to exercise any of your rights under the applicable data protection legislation, you are encouraged to contact our appointed Data Protection Officer (DPO) at: dpo@themultiple.com. The DPO serves as your primary point of contact for all data privacy matters and will ensure your query is handled promptly, transparently, and in full compliance with the GDPR and relevant Maltese laws.

All formal communications addressed to Tornado Games concerning data privacy matters should be submitted either by registered mail or by email. For legal and procedural purposes, any correspondence sent by email shall be deemed received on the next business day following the date of transmission, unless an automated error or delivery failure is reported.

Principles of Data Processing

Tornado Games is firmly committed to safeguarding the fundamental rights and freedoms of individuals, particularly the right to privacy, and to upholding the highest standards of data protection and regulatory compliance. In line with the EU General Data Protection Regulation (GDPR) and relevant Maltese legislation, we operate under a robust data protection framework guided by the following core principles:

  1. Lawfulness, Fairness, and Transparency – All personal data is processed lawfully, fairly, and in a transparent manner. Individuals are provided with clear, concise, and accessible information about how and why their data is being processed.
  2. Purpose Limitation – Personal data is collected for specified, explicit, and legitimate purposes, and is not further processed in any manner that is incompatible with those initial purposes. Any secondary use is subject to strict assessment and legal justification.
  3. Data Minimisation – Only data that is strictly necessary to achieve the identified purpose is collected and processed. Tornado Games avoids excessive or irrelevant data collection, thereby reducing risk and ensuring compliance.
  4. Accuracy – Every reasonable step is taken to ensure that personal data is accurate, complete, and kept up to date. Inaccurate or outdated information is promptly rectified or erased as required.
  5. Storage Limitation – Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, and in accordance with statutory retention obligations. Data that is no longer required is securely and irreversibly deleted.
  6. Integrity and Confidentiality (Security) – Tornado Games implements appropriate technical and organisational security measures to ensure the confidentiality, integrity, and availability of personal data. These measures are designed to protect against unauthorised or unlawful processing, accidental loss, destruction, or damage.
  7. Accountability – As a data controller, Tornado Games takes full responsibility for its data processing activities and can demonstrate compliance with all applicable data protection obligations. This includes maintaining detailed records, conducting regular audits, and fostering a culture of privacy awareness across the organisation.

 

Through these principles, Tornado Games ensures that personal data is handled with the highest level of care, responsibility, and legal integrity.

Types of Personal Data Collected

  1. Data Collected via Website Access
    When you visit www.tornado-games.com, our systems automatically log technical data including:
  • IP address.
  • Date and time of visit.
  • Browser and operating system information.
  1. Data Provided Through Communication
    If you submit an application via the Website, we collect the following:
  • Full name
  • Email address
  • Mobile number (if provided)
  • Company name (if provided)
  • Any other personal data shared during correspondence

Purpose and Legal Basis of Processing Personal Data

Tornado Games processes Personal Data for specific, legitimate, and well-defined purposes, in full compliance with the General Data Protection Regulation (GDPR) and relevant Maltese data protection laws. All processing activities are limited to what is necessary, proportionate, and relevant in relation to the purposes described below.

Primary Purposes of Processing:

  1. Contractual Performance: We process your Personal Data as necessary to enter into, manage, and fulfil our contractual relationship with you. This includes processing registration details, administering user accounts, providing our Services, and delivering customer support.
  2. Improving User Experience: We use your data to enhance the functionality, usability, and overall quality of our Website and Services. This enables us to offer a more seamless, responsive, and personalised experience based on your preferences and interactions.
  3. Analytics and Research: Your data may be used for internal analytics, research, and statistical purposes. This helps us identify usage patterns, improve operational performance, innovate new features, and support strategic decision-making.
  4. Compliance and Legal Obligations: We may process your Personal Data to meet our obligations under applicable laws and regulations, to respond to lawful requests and legal processes, and to comply with directives issued by competent authorities or regulators.

Legal Grounds for Processing:

Tornado Games only processes Your Personal Data when it is lawful to do so under Article 6 of the GDPR. The primary legal bases for processing include:

  1. Performance of a Contract – We process your Personal Data when it is necessary for the initiation or fulfilment of a contract to which you are a party..
  2. Compliance with Legal Obligations – Processing is carried out where required to satisfy legal obligations to which we are subject, including those imposed by applicable laws, regulatory authorities, or court orders.
  3. Legitimate Interests – We may process your Personal Data where it is necessary for the pursuit of our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. These interests may include, but are not limited to, fraud prevention, ensuring network and information security, internal administrative purposes, and direct marketing.
  4. Consent – In cases where none of the above legal bases apply, we will only process your Personal Data with your explicit, informed, and freely given consent. This legal basis is primarily used for activities such as personalised marketing, promotional communications, participation in surveys, or other similar initiatives.

You have the right to withdraw Your consent at any time by sending an email to legal@themultiple.com. Please note that the withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

Sharing of Personal Data

Tornado Games may disclose Personal Data only under strictly controlled circumstances, ensuring full compliance with applicable data protection laws and upholding the highest standards of confidentiality, security, and data integrity.

  1. Intra-Group Data Sharing: Personal Data will be shared with member companies of the Multiple Group for internal legitimate purposes of administrative coordination, compliance with regulation, and service enhancement. All intra-group transfers are subject to standardized data protection practices to ensure constant security and confidentiality.
  2. Use of Trusted Third-Party Service Providers: Tornado Games engages with third-party service providers on a professional level to aid in key business activities, including IT infrastructure, data analysis, customer service, and marketing services. Third-party service providers are engaged at levels of GDPR-compliant data protection and with commitments of strict confidentiality for all Personal Data.
  3. Disclosure to Public Authorities: Where required by law, Tornado Games may disclose Personal Data to competent regulatory authorities, law enforcement bodies, or judicial entities. Such disclosures are limited to what is legally necessary and are carried out in accordance with applicable legal and regulatory obligations.

International Data Transfers

Transfers of personal data outside the EU/EEA are only conducted where appropriate safeguards are in place such as European Commission-approved Standard Contractual Clauses or equivalent mechanisms to ensure that personal data receives an adequate level of protection consistent with EU data privacy standards. Tornado Games takes all reasonable steps to maintain data security and regulatory compliance across all jurisdictions.

Data Retention

We retain your Personal Data for no more than the period required to fulfil the specific purposes it was gathered for, according to applicable legal and regulatory provisions and our internal data retention policies. Once the relevant retention period expires or we no longer require the data, we take reasonable measures to securely and irretrievably erase or anonymize your Personal Data, with industry-appropriate security protocols in effect to prevent any unauthorized use, access, or disclosure.

Security and Confidentiality

Your Personal Data is processed and stored with the most available security solutions, employing industry best practices such as top-grade encryption protocols, stringent access control standards, and comprehensive, ongoing personnel training programs to ensure data protection awareness for all levels. Your Personal Data is only accessible by authorized individuals and trusted third-party contractors who are strictly subject to confidentiality and data protection obligations to ensure that your data is protected against use, disclosure, or breach on unauthorized grounds at all times.

Your Rights

Under the General Data Protection Regulation (GDPR), You are entitled to exercise a comprehensive set of rights concerning Your Personal Data, including but not limited to:

  1. Right of Access: You have the right to obtain confirmation as to whether Your Personal Data is being processed, and to access such data.
  2. Right to Rectification: You may request the correction of any inaccurate or incomplete Personal Data we hold about You.
  3. Right to Erasure (“Right to be Forgotten”): You can request the deletion of Your Personal Data in certain circumstances where its retention is no longer necessary or lawful.
  4. Right to Restriction of Processing: You may ask us to limit the processing of Your Personal Data under specific conditions.
  5. Right to Data Portability: You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.
  6. Right to Object: You can object to the processing of Your Personal Data on grounds relating to Your particular situation, including for direct marketing purposes.
  7. Right to Withdraw Consent: Where processing is based on Your consent, You may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  8. Right to Object to Automated Decision-Making – You have the right not to be subject to decisions based solely on automated processing, including profiling, where such decisions produce legal effects or similarly significant consequences for you.

To exercise any of these rights, please submit a formal written request to legal@themultiple.com and/or dpo@themultiple.com. We are committed to responding promptly and transparently in accordance with applicable data protection laws.

Lodging a Complaint

If You believe that Your data protection rights have been violated or infringed upon in any way, You have the right to lodge a formal complaint with the Information and Data Protection Commissioner (IDPC). The IDPC is the independent supervisory authority responsible for ensuring compliance with data protection laws and safeguarding individuals’ privacy rights. Complaints can be submitted directly through the official online portal at: https://idpc.org.mt/raise-a-concern. We encourage You to first contact us to address any concerns, but You retain the right to escalate the matter to the IDPC at any time.

User Responsibilities

By submitting your Personal Data to us, you expressly confirm that all information provided is true, accurate, complete, and kept up to date. It is your responsibility to promptly inform us of any changes or corrections to ensure the continued accuracy and integrity of your data. Additionally, you affirm that you are at least 18 years of age, as access to our Website and Services is strictly limited to individuals who meet this minimum age requirement in accordance with applicable laws and regulations.

Use of Cookies

Our website does not use cookies or similar tracking technologies for analytics, advertising, or profiling purposes. Your browsing experience is therefore free from cookie-based data collection, and no tracking is performed for behavioural or marketing purposes.

However, certain functional cookies may be used to support specific website features. For example, if you leave a comment, you may choose to save your name, email address, and website in a cookie to streamline future interactions these cookies last for one year. Temporary cookies may also be used to determine whether your browser supports cookies when visiting the login page; these are discarded when the browser is closed.

When you log in, we use cookies to store your login credentials and display preferences. Login cookies typically last two days, while display preferences are retained for one year. If you choose the “Remember Me” option, your login will persist for two weeks. These cookies are removed once you log out. Additionally, if you edit or publish content, a one-day cookie will be set to record the article ID this contains no personal information.

You may manage or delete cookies through your browser settings at any time. However, disabling certain cookies may impact the functionality of parts of the website.

Changes to the Privacy Notice

This Privacy Notice may be updated from time to time. We will clearly communicate any significant changes; however, You are encouraged to review the Notice regularly to stay informed of any updates.

Please confirm you are of legal age to access this site in your country