Updated: 2022-05-19

This privacy policy (hereinafter referred to as “the Privacy Policy“) sets out the terms and conditions for the processing of personal data (hereinafter referred to as “data” or “personal data”) within the mobile application Undead & Beyond Zombie Games (hereinafter referred to as “the Application”).

This Privacy Policy allows users (hereinafter referred to as “the Users“) to understand how their sensitive data (including personal and device data) is treated. The Privacy Policy informs Users how the Application collects, uses and shares your data and with whom it is being shared.

The obligation to provide information contained in the Privacy Policy arises from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “the General Data Protection Regulation” or in short “GDPR”)

Data Administrator

The Administrator of the personal data is ULTIMATE GAMES MOBILE SPÓŁKA AKCYJNA with its registered office in Warsaw (00-683), ul. Marszałkowska 87/102, Poland, entered in the Register of Entrepreneurs of the National Court Register, under KRS: 0000900202, NIP: 7011034331, REGON: 388969631, fully paid-up share capital of 112.500 PLN (hereinafter referred to as “the Administrator“).

You may contact the Administrator in writing (by post), writing to the address indicated above, or by e-mail, writing to contact@ulgmobile.com.

Access to data linked to you and to your personal data

When you use our Application, we automatically obtain information such as:

  • the mobile device on which you run our Application,
  • the coarse location based on the IP address of the end device,
  • the date and time you accessed the Application, including time spent on using the Application,
  • the version of the Application used,
  • the diagnostics data concerning the Application,
  • the User’s individual device identification number.

All the permissions that Users grant to the Application are visible in the settings panel of their mobile device. These settings can be changed anytime in the settings panel. The Application’s permissions can be revoked by changing the settings on the mobile device or by uninstalling the Application.

The Application’s access to collection, use and sharing of personal and confidential data is limited to purposes directly related to the use and improvement of the Application’s features and to solve problems that the Users face when using the Application.

The Administrator does not sell Users’ personal or confidential data.

Processing purposes and processes

If you are a User of our Application and we gain access to your personal data then, we process this data for the following purposes, scope and for the period indicated:

Purpose of personal data processingBasis for processing and duration of storage
Actions aimed at concluding and performing a contract with the User for the provision of electronic services.Personal data will be processed for the purpose of entering into a contract (Article 6(1)(b) of the GDPR). The personal data will be processed for the period of performance of the contract and a period of 7 years calculated from the date of termination of the contract with effect at the end of the calendar year. If the User is under 16 years of age, consent to the processing of his/her personal data must be given or approved by the party having parental authority or custody of the child (Article 6(1)(a) of the GDPR in conjunction with Article 8(1) of the GDPR).  
Communication with the Administrator via the Application.Personal data will be processed for the purpose of the legitimate interest of the administrator (Article 6(1)(f) of the GDPR), which shall be understood to mean the conduct of correspondence by the Administrator in relation to messages sent by you and other persons or entities in paper or electronic form, as well as answering questions sent via the Application.
Complaint handling.Personal data will be processed for the purpose of receiving, processing and fulfilling complaints (Article 6(1)(b) of the GDPR and Article 6(1)(c) of the GDPR).  Personal data will be processed for the period of limitation of claims and until the expiry of the obligation to store data resulting from legal regulations, in particular the obligation to store accounting documents.
Determination, investigation and legal protection of claims.Personal data shall be processed in order to determine, seek and defend against claims (Article 6(1)(f) of the GDPR). Data for this purpose will be processed until the expiration of possible legal claims, i.e. for a period of 7 years from the day of termination of the contract with effect at the end of the calendar year.
Undertake marketing activities using electronic communication means.Personal data are processed in order to undertake and carry out marketing activities (Art. 6(1)(f) of the GPRD), however in connection with applicable regulations: Telecommunications Law and the Act on Provision of Electronic Services, these activities are conducted only on the basis of the consents held for the communication channels. Data for this purpose will be processed until the consent is withdrawn or an objection is made to the processing of personal data for this purpose.

Downloading Applications from shop operators

During the download of the Application, the operators of the respective application shops automatically process data, in particular data such as:

  • your name in the application shop,
    • your email address as stored in the application shop,
    • the customer number from your account with the application shop,
    • date and time of download,
    • payment information,
    • the User’s individual device identification number.

The Administrator has no control over the processing of this data and is not responsible for it.

Recipients of personal data

Personal data can only be accessed by IT, accounting and hosting service providers, as well as those responsible for web traffic analysis, including Google and Apple. You can read about the data protection of these entities by clicking here or here if relevant.

Recipients of your data will need to comply with this Privacy Policy, applicable law including the GDPR and data protection policies and guidelines provided by Apple and Google.


The Application is free with micro-payments inside the Application.

During the process of payment, the payment service provider may require you to accept its own payment terms and conditions or privacy policy, as well as to provide additional data necessary to carry out the payment or to give the relevant consents for the processing of personal data.

Transfer of personal data to a third country

Personal data is transferred to countries outside the European Economic Area on the basis of standard data protection clauses adopted by the Commission as referred to in Article 46(2)(c) of the GDPR, i.e. Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (Text with EEA relevance) and Commission Implementing Decision (EU) 2021/915 of 4 June 2021 on standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 29(7) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (Text with EEA relevance). For more information on the transfer of personal data, including how to obtain a copy of these safeguards or where to access them, please contact the Administrator.

Users’ rights in relation to personal data

You are entitled to:

  • access your personal data, insofar as it does not violate the attorney-client privilege (Article 15(1) of the GDPR),
    • receive a copy of your personal data insofar as the exercise of this right does not affect the attorney-client privilege (Article 15(3) of the GDPR),
    • rectify or update your personal data (Article 16 of the GDPR),- erasure of personal data – if, in your opinion, there are no grounds for the Administrator to process your data, you may request the Administrator to erase them, with the exception of situations in which the obligation to process personal data results from a provision of law or the processing of data is necessary for the investigation, determination or defence of claims (Article 17 of the GDPR),
    • restrict the processing of personal data, insofar as its implementation does not violate the attorney-client privilege (Article 18 of the GDPR),
    • portability of your personal data, i.e. to receive from the Administration information about the processed personal data, in a structured, commonly used machine-readable format only to the extent that the personal data are processed in order to conclude and perform a contract and are processed by automated means (Article 20 of the GDPR),

You also have the right to file a complaint with the President of the Personal Data Protection Office (2 Stawki Street, 00-193 Warsaw, Poland) if you conclude that the processing of your personal data violates the provisions of the GDPR.

Information about the obligation to provide personal data and the consequences of not providing such data.

Sharing of personal data is necessary for the purposes of creating an account on shop operators’ respective platforms, which is an obligatory step in downloading and using the Application.


For Users who use the Application, personal data will be processed by automated means that involves the use of personal data to evaluate certain personal factors of an individual (profiling).


Cookies are text files that are stored in an electronic terminal device. The Administrator may cooperate with external services that can place cookies on the User’s mobile devices.

External cookies are files placed and read from the User’s mobile device by ICT systems of the Administrator’s partners, service providers or recipients. Among them there are Google Analytics.


We work closely with third-party service providers and we may receive information about you from them. These services collect usage data in compliance with their privacy policies. The purpose of the mentioned processing is to evaluate the use of the Application and to compile reports on the activities performed on it.  The processing is based on the legitimate interest of the Administrator.

The service providers who process your data are described below:

  • Google Analytics is a web analytics service provided by Google Ireland Limited (Google). Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google in Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this application, Google will use this information to evaluate your use of the application, to compile reports on activity and to provide other services related to the traffic and use of the application. The IP address provided by Google Analytics will not be merged with other data held by Google. You can find more information about the protection of personal data processed with Google Analytics, including information about the application of the standard contractual clauses for data transfer, at: https://support.google.com/analytics/answer/9019185?hl=en#zippy=%2Cin-this-article. Google Analytics collects data on IP addresses, network location, date of visit, operating system, device type. You can prevent the storage of cookies by means of an appropriate setting of the Application software, however, please note that if you do so, you may not be able to use all features to the fullest extent possible.
  • Tenjin provides tracking and analysing utilities of certain User actions in the context of mobile marketing. You can learn more about Tenjin’s data collection practices at: https://www.tenjin.com/privacy/.
  • Facebook SDK is an integration of Meta analytics tools that gather data about Users’ interactions and usage of the Application. You can learn more about Meta data collection practices at: https://developers.facebook.com/terms/dfc_platform_terms/.

Information collected by service providers mentioned above is anonymous and collective. In particular, they do not contain the Application’s Users’ data that may be classified as personal data.

Ad serving

We and our partners may use ad serving technology to provide advertisements of interest to you within the Application. In this connection, we and our partners may collect and use information about you, such as your device identifier, coarse geo-location information through your anonymized IP address, and Application session activity and diagnostics data. Please note that our partners operate under their own privacy policies.

For more information, see: