Privacy Policy

HAMI IT CONSULTING LTD (referred to as "HAMI", "Company", "we", "us", or "our") is the owner and operator of the Services. We are fully committed to transparency and the protection of your personal data in all our operations.

The Services consist of our website located at Crazy Coffee House.net (the "Website"), together with our mobile application titled "Crazy Coffee House" (the "App"), distributed via Google Play Store and Apple App Store. Collectively, the Website and the App are referred to as the "Services".

This Privacy Policy describes the categories of personal data we process, the purposes of processing, your rights, and the security measures we apply. We have written this document in clear, professional language to ensure full understanding.

This Privacy Policy is an integral part of our Terms of Service. Please read both documents carefully. If you have any questions or wish to exercise your legal rights, contact us at: crazycoffee416@proton.me

1. Defining Personal Data

Personal data means any information relating to an identified or identifiable individual. This includes obvious identifiers (name, email, location) as well as technical identifiers such as IP address, MAC address, IMEI, UDID, IDFA, browser type, operating system, and device attributes.

For California residents, personal data also includes any information that identifies, relates to, or could reasonably be linked (directly or indirectly) with a particular consumer or household. Under the CCPA, “sell” means transferring personal data to another business or third party for monetary or other valuable consideration.

Sensitive personal data covers racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used for identification, health information, sexual orientation, and criminal records. For Indian residents, sensitive data additionally includes passwords and financial account details. We do not intentionally collect or process any sensitive personal data.

All other capitalized terms have the meanings given in our Terms of Service or the GDPR (Regulation (EU) 2016/679). HAMI acts as the data controller for all personal data collected via the Services.

2. Data We Collect

Depending on your interaction with the Services, we may collect the following categories. We never purposely collect sensitive information.

a. Website Information

2.1. Inquiries and Support Messages
When you send a request to our email address displayed on the Website, we collect the data you voluntarily provide (e.g., name, surname, email address). Please avoid sharing excessive or third‑party data.

2.2. Newsletter Subscriptions
If you subscribe, we collect your email address and username. Every email contains an “Unsubscribe” link; you may opt out at any time. We send only relevant updates.

2.3. Automated Collection (Cookies & Similar Tech)
We use cookies to improve functionality and user experience. With your consent, we may also use analytics and personalisation cookies. Refer to our Cookies Policy for details.

b. 'Crazy Coffee House' App Data

2.4. Account Credentials
No registration is required to use the App. You receive a guest account automatically. However, you may sign in via Google Play Games, Gamekit, Google, Apple, or Facebook. By doing so, you allow us to access your first name, last name, and email address from that third‑party service. This is optional; you can remain a guest.

2.5. Customer Support Communications
When you contact us through the App, we collect the information you choose to share (name, email, etc.). Please refrain from sending unnecessary third‑party data.

2.6. Newsletter Subscriptions via App
Same as the Website – we collect email and username, with easy unsubscribe options.

2.7. Technical Data Automatically Collected
We receive device information such as IP address, unique identifiers, OS version, and browser type. This helps us optimise performance and troubleshoot issues.

2.8. Financial Information
We do not collect or store any payment credentials (credit card numbers, bank details). Payments are processed by authorised third‑party providers (Google, Apple, etc.). We only receive transaction IDs and receipts to verify purchases.

3. Lawful Bases & Purposes of Processing

a. Legal Grounds

We process personal data only on valid legal bases:

• Contract performance: Most processing (account management, support) is necessary to fulfil our Terms of Service.
• Consent: For newsletters, optional third‑party login, and non‑essential cookies, we rely on your explicit consent.
• Legitimate interests: We may send marketing communications about similar products based on business development interests. We also retain backup copies for up to 3 days after deletion to prevent accidental data loss.
• Legal obligation: We may verify age to comply with child protection laws.

You may opt out of marketing emails at any time via the “Unsubscribe” link.

b. Purposes

We process your data for the following purposes:

• Create and maintain accounts (where applicable), authenticate users, enable service access, and respond to requests.
• Synchronise game progress across devices for guest users and prevent data loss upon reinstallation.
• Answer inquiries, resolve technical issues, and improve customer satisfaction.
• Send newsletters about updates, features, and improvements.
• Analyse usage via automated collection (see Cookies Policy).

We may also process data to comply with legal obligations, protect vital interests, or prevent fraud. If we change the purpose, we will notify you and, if required, obtain fresh consent.

We do not sell your personal data, nor do we engage in automated decision‑making with legal or significant effects.

4. Data Retention Periods

a. Standard Retention

• Account data: While your account is active, plus up to 2 years after last activity.
• Newsletter data: Until you unsubscribe.
• Request data: During our communication plus 6 months afterwards.
• Automated collection data: As described in the Cookies Policy.

b. Backups

We create encrypted backups every few days. These may contain personal data and are stored for a maximum of 3 days, used solely for restoration purposes (legitimate interest).

c. Statistical Processing

Anonymised or aggregated data may be retained longer for statistical analysis (e.g., market trends, performance). Such data is no longer personal.

5. Sharing With Third Parties

We never sell your data. To operate the Services, we may engage trusted employees, independent contractors, or service providers. They are bound by strict confidentiality and data processing agreements, providing at least the same level of protection as stated in this Privacy Policy.

6. Your Rights as a Data Subject

You can exercise the following rights by contacting crazycoffee416@proton.me. We will respond within one month after identity verification.

1. Know the sources, location, purposes, and controller of your data.
2. Obtain information about third parties with whom your data is shared.
3. Receive a portable copy of your data (structured, machine‑readable) where processing is based on consent or contract and carried out automatically.
4. Access your data and obtain confirmation of processing.
5. Object to processing based on legitimate interests; if we cannot demonstrate compelling grounds, we will stop.
6. Request rectification or erasure of inaccurate or unlawfully processed data.
7. Lodge a complaint with a supervisory authority or court.
8. Restrict processing while you contest accuracy or lawfulness.
9. Withdraw consent at any time without affecting previous lawful processing.
10. Be informed about automated decision‑making (we do not currently use such systems).

Additional CCPA rights for California residents:

11. Right to know categories of personal data collected, sold, shared, or disclosed for business purposes, and the categories of third parties involved.
12. Right to opt out of the “sale” of your data (we do not sell, but you may opt out of personalised ads by contacting us).
13. Right to non‑discrimination for exercising your rights – we will not deny services, charge different prices, or provide lower quality.

7. Age Restrictions & Children’s Privacy

You may consent to data processing only if you meet the minimum age in your jurisdiction:

• EU member states: 13–16 years (depending on country)
• USA: 13 years
• Australia: 15 years
• India / Philippines: 18 years
• Other countries: age of legal majority

Our Services are not directed at children below these ages. If we discover that a child has provided personal data, we will delete it immediately. Parents or guardians may contact us to report such cases.

8. Where Your Data Is Stored

Most personal data is stored on secure servers provided by Amazon Web Services EMEA SARL in Frankfurt, Germany. Backups are also located in Frankfurt. Databases are continuously backed up to enable point‑in‑time recovery.

9. Security Safeguards

We implement industry‑standard security measures:

• Confidentiality: All personnel and contractors sign confidentiality agreements; access is logged.
• Isolation: Zero‑privilege default; access granted on a need‑to‑know basis.
• Authentication: Password hashing and two‑factor authentication.
• Monitoring: Security reports, access logs, and internal/external monitoring.
• Internal policies: Comprehensive security policy covering organisational, physical, and technical measures.

While no internet transmission is 100% secure, we take all reasonable precautions. In the event of a data breach posing a high risk to your rights, we will notify you and the relevant authorities without undue delay. For Philippine residents, we provide indemnification as required by law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If material changes affect your rights, we will notify you via email or a prominent notice in the App. The “Last modified” date at the top will be updated accordingly.

11. Contact Information