PRIVACY POLICY

Effective Date: 5 November 2025

1. General Provisions

1.1. This Privacy Policy (the “Policy”) explains how Itemsism OÜ (the “Company”, “we”, “us”, or “our”), a company duly incorporated under the laws of the Republic of Estonia, registration number 17363244, whose registered office is at Harju maakond, Tallinn, Lasnamäe linnaosa, Tuulemäe tn 5, 11411, Estonia, collects, uses, processes, stores, discloses, and protects personal data of individuals who access or use the website http://joyskils.com/ and any related digital services, applications, games, features, mobile applications, and content made available by Itemsism OÜ (collectively, the “Service”)

(collectively, the “Service”).

1.2. For the purposes of applicable data protection law, Itemsism OÜ acts as the data controller and is responsible for determining the purposes and means of processing personal data in relation to personal data processed in connection with the Service.

1.3. This Policy applies to personal data collected from:
(a) visitors to the Service;
(b) registered users of the Service;
(c) individuals who contact the Company; and
(d) other individuals whose personal data is processed in connection with the operation of the Service.

1.4. This Policy should be read together with Itemsism OÜ’s Terms and Conditions, Cookie Policy, and any other policies or notices or notice made available through the Service.

1.5. By accessing or using the Service, the User acknowledges that they have read and understood this Policy. Where consent is required by law for specific processing activities, such consent will be obtained separately and may be withdrawn at any time.

2. Categories of Personal Data We Collect

Depending on how the Service is used, Itemsism OÜ may collect and process the following categories of personal data:

2.1. Identification and Account Data

This may include:

  • full name or display name;
  • username;
  • email address;
  • login credentials or authentication-related information;
  • account identifier;
  • country or region;
  • age confirmation or date of birth where required for eligibility or compliance purposes.

2.2. Profile and User Preference Data

This may include:

  • language preferences;
  • account settings;
  • gameplay preferences;
  • saved progress;
  • user-selected options and preferences.

2.3. Service Usage and Gameplay Data

This may include:

  • interactions with games, exercises, and features;
  • scores, progress history, results, performance indicators, and usage patterns;
  • session duration;
  • features accessed;
  • user activity logs;
  • time and date of access.

2.4. Technical and Device Data

This may include:

  • IP address;
  • browser type and version;
  • operating system;
  • device type;
  • device identifiers;
  • application version;
  • approximate location derived from IP address;
  • referring URLs;
  • log files and diagnostic information.

2.5. Communications Data

This may include:

  • correspondence with customer support;
  • complaints;
  • inquiries;
  • feedback;
  • survey responses;
  • other communications submitted to the Company.

2.6. Transaction and Payment-Related Data

Where paid features or purchases are offered, this may include:

  • billing information;
  • transaction identifiers;
  • purchase records;
  • subscription status;
  • payment status;
  • refund or chargeback records.

Itemsism OÜ does not store full payment card details where such data is processed directly by independent third-party payment service providers where such details are processed directly by independent third-party payment service providers.

2.7. Marketing and Consent Data

This may include:

  • marketing preferences;
  • records of consent;
  • records of cookie preferences;
  • subscription or opt-out status.

2.8. Compliance and Security Data

This may include:

  • fraud prevention records;
  • suspicious activity flags;
  • abuse reports;
  • security incident information;
  • records required for legal compliance, dispute handling, or enforcement.

3. Sources of Personal Data

The Company may collect personal data:

  • directly from the User;
  • automatically through the User’s interaction with the Service;
  • from cookies and similar technologies, subject to applicable law and the Cookie Policy;
  • from payment service providers, to the extent necessary to confirm payment, subscription, refund, fraud screening, or billing status;
  • from analytics, hosting, security, and infrastructure providers engaged by Itemsism OÜ to support the operation of the Service;
  • from public authorities, legal advisors, or other parties where required for compliance, dispute resolution, or law enforcement purposes.

4. Purposes of Processing

Itemsism OÜ processes personal data for the following purposes:

4.1. to provide, operate, maintain, and improve the Service;

4.2. to create and manage user accounts;

4.3. to authenticate users and maintain account security;

4.4. to deliver games, exercises, progress tracking, and related functionality;

4.5. to personalize user experience and remember preferences;

4.6. to process purchases, subscriptions, renewals, refunds, and related administrative matters;

4.7. to communicate with users regarding the Service, including technical notices, updates, confirmations, security alerts, and support responses;

4.8. to monitor, analyze, test, and improve the performance, usability, and effectiveness of the Service;

4.9. to detect, prevent, investigate, and address fraud, abuse, unauthorized access, security incidents, and other harmful or unlawful conduct;

4.10. to enforce the Terms and Conditions and other Company policies;

4.11. to comply with legal, regulatory, accounting, tax, audit, and reporting obligations;

4.12. to establish, exercise, or defend legal claims;

4.13. to send marketing or promotional communications where permitted by law or where the User has given consent;

4.14. to maintain records of consent choices and privacy-related requests;

4.15. to protect the rights, property, systems, business, and legitimate interests of the Company, its users, and third parties.

5. Legal Bases for Processing

Itemsism OÜ processes personal data only where a valid lawful basis exists under applicable data protection law. Depending on the circumstances, processing may be based on one or more of the following legal grounds:

5.1. Performance of a Contract

Processing may be necessary to:

  • create and administer user accounts;
  • provide access to the Service and its features;
  • process purchases and subscriptions;
  • deliver customer support;
  • enforce contractual terms.

5.2. Compliance with Legal Obligations

Processing may be necessary to comply with obligations under applicable law, including obligations relating to:

  • consumer protection;
  • accounting and taxation;
  • fraud prevention;
  • responses to lawful requests from competent authorities;
  • legal recordkeeping and dispute handling.

5.3. Legitimate Interests

Processing may be necessary for the legitimate interests of the Company or a third party, provided that such interests are not overridden by the fundamental rights and freedoms of the User.

 These interests may include:

  • operating and improving the Service;
  • ensuring network and information security;
  • preventing fraud and misuse;
  • defending legal claims;
  • managing internal administration and business operations;
  • maintaining evidence of compliance;
  • analyzing service usage to improve design, reliability, and performance.

5.4. Consent

Where required by law, the Company will rely on the User’s consent, including for:

  • non-essential cookies and similar technologies;
  • certain analytics activities;
  • direct marketing communications where consent is required;
  • other optional processing activities clearly presented to the User at the relevant time.

Where processing is based on consent, consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

6. Health, Cognitive, and Special Category Data

6.1. The Service offers games and features related to cognitive training, mental stimulation, and user performance. The Service is intended for educational, lifestyle, and entertainment purposes and is not a medical, psychiatric, or diagnostic service.

6.2. The Company does not intentionally seek to collect or process special categories of personal data, including health data, unless such processing is explicitly disclosed and a valid legal basis is established in accordance with applicable law.

6.3. Users should not submit medical records, diagnostic information, or other sensitive health data to the Service unless the Company expressly requests such information and provides an appropriate legal notice.

6.4. Where a User voluntarily discloses special category data in support communications or otherwise, the Company may process that information only to the extent necessary to handle the request, comply with legal obligations, protect legal rights, or as otherwise permitted by law.

6.5. Itemsism OÜ makes no representations or warranties that gameplay scores, performance metrics, or user activity within the Service constitute medical findings or clinical assessments.

Cognitive Training Disclaimer

The Service provides games, exercises, and educational content intended solely for cognitive stimulation, learning, and entertainment purposes. The Service is not a medical, psychological, or healthcare service and is not intended to diagnose, treat, cure, prevent, or monitor any medical or mental condition.

Any scores, results, performance metrics, or progress indicators generated through the Service are informational only and do not constitute medical advice, clinical evaluation, or professional assessment.

Itemsism OÜ makes no guarantees, representations, or warranties regarding any improvement in memory, intelligence, cognitive ability, or mental health. Users should consult a qualified healthcare professional for any medical or psychological concerns.

7. Cookies and Similar Technologies

7.1. Itemsism OÜ uses cookies and similar technologies across its Service for functionality, security, analytics, preference management, and, where permitted, marketing purposes.

7.2. Strictly necessary cookies may be used without consent where required for the operation and security of the Service.

7.3. Non-essential cookies, including analytics and marketing cookies, will be used only in accordance with applicable law and the User’s choices made through the cookie consent interface.

7.4. Further information is available in the Company’s Cookie Policy.

8. Disclosure of Personal Data

Itemsism OÜ may disclose personal data to third parties where necessary for the purposes described in this Policy, including to:

8.1. hosting providers, cloud service providers, and technical infrastructure providers;

8.2. payment service providers, billing processors, subscription platforms, and fraud screening providers;

8.3. analytics, diagnostics, crash reporting, and performance monitoring providers;

8.4. customer support, communication, and ticketing providers;

8.5. legal, tax, audit, compliance, and professional advisory service providers;

8.6. insurers, financial institutions, or transaction counterparties where reasonably necessary;

8.7. law enforcement agencies, courts, regulators, supervisory authorities, or other public authorities where disclosure is required or permitted by law;

8.8. purchasers, investors, successors, or counterparties involved in a merger, acquisition, restructuring, financing, or sale of assets, subject to appropriate confidentiality safeguards;

8.9. other parties where the User has instructed the Company to share information or has otherwise consented.

Itemsism OÜ does not sell personal data to data brokers or third parties for independent commercial use for unrelated commercial exploitation.

9. International Data Transfers

9.1. Personal data processed by Itemsism OÜ may be transferred to and processed in countries within and outside the European Economic Area, including by service providers or partners located in jurisdictions where data protection laws may differ from those of the User’s country.

9.2. Where personal data is transferred outside the European Economic Area and an adequacy decision is not available, the Company will seek to ensure that appropriate safeguards are implemented in accordance with applicable law. Such safeguards may include:

  • Standard Contractual Clauses approved by the European Commission;
  • transfers to recipients subject to an adequacy decision;
  • other legally recognized transfer mechanisms.

9.3. Users may contact the Company for further information regarding applicable transfer safeguards, subject to legal and confidentiality limitations. EU law recognizes safeguards for transfers to third countries, including adequacy decisions and Standard Contractual Clauses.

10. Data Retention

10.1. Itemsism OÜ retains personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting, reporting, security, and dispute-resolution requirements.

10.2. Retention periods may vary depending on the nature of the data, the purpose of processing, the sensitivity of the information, and legal requirements.

10.3. By way of general practice:

  • account and profile data may be retained for as long as the account remains active and for a reasonable period thereafter;
  • transaction and billing records may be retained for the period required by applicable financial, tax, and accounting laws;
  • support communications may be retained for as long as reasonably necessary to manage the request, improve support quality, and resolve disputes;
  • technical logs, security records, and fraud-prevention data may be retained for as long as reasonably necessary for security, auditing, and legal defense purposes;
  • consent records may be retained as necessary to demonstrate compliance.

10.4. When personal data is no longer required, the Company may delete, anonymize, or securely archive it, unless continued retention is required or permitted by law.

The EDPB has emphasized that controllers should clearly specify retention periods and any legal obligations justifying retention.

11. Data Security

11.1. Itemsism OÜ implements and maintains appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful forms of processing.

11.2. Such measures may include, where appropriate:

  • encryption in transit;
  • access controls and authentication safeguards;
  • logging and monitoring;
  • environment segregation;
  • regular testing, maintenance, and review of security measures;
  • role-based access restrictions;
  • backup and recovery procedures.

11.3. No transmission over the internet or electronic storage system can be guaranteed to be completely secure. Accordingly, while the Company takes reasonable steps to protect personal data, absolute security cannot be guaranteed.

12. Automated Processing and Decision-Making

12.1. The Company may use automated tools to support:

  • fraud detection;
  • abuse prevention;
  • account security;
  • service analytics;
  • performance optimization.

12.2. Itemsism OÜ does not engage in decision-making based solely on automated processing based solely on automated processing that produce legal effects or similarly significant effects, except where such processing is authorized by law, necessary for a contract, or based on explicit consent, and subject to applicable safeguards.

13. Marketing Communications

13.1. Where permitted by law, Itemsism OÜ may send Users service-related communications without separate marketing consent where such communications are necessary for the administration of the Service.

13.2. Where required by law, marketing communications will be sent only with the User’s consent or another valid legal basis.

13.3. Users may opt out of marketing communications at any time by using the unsubscribe mechanism provided in the communication or by contacting the Company.

14. Children and Minors

14.1. The Service is not intended for individuals who do not meet the minimum age required under applicable law to use the Service or provide valid consent where consent is relied upon.

14.2. Itemsism OÜ does not knowingly collect or process personal data from children in violation of applicable law.

14.3. If the Company becomes aware that personal data has been collected from a child contrary to applicable requirements, the Company may delete the data, suspend the relevant account, and take any other appropriate compliance measures.

14.4. Parents or guardians who believe that a child has provided personal data unlawfully may contact the Company using the details set out below.

15. User Rights

Subject to applicable law, Users may have the following rights in relation to their personal data:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to withdraw consent where processing is based on consent;
  • rights relating to automated decision-making where applicable.

15.2. These rights are not absolute and may be subject to conditions, exceptions, limitations, and verification requirements under applicable law.

15.3. To exercise a privacy right, the User may contact the Company using the contact details below. The Company may request information necessary to verify identity before responding.

15.4. The Company will respond to valid requests in accordance with applicable law.

16. Complaints

16.1. Users have the right to lodge a complaint with a competent supervisory authority with a competent supervisory authority if they believe that the processing of their personal data infringes applicable law.

16.2. For matters falling under Estonian supervision, the competent authority is the Data Protection Inspectorate (Andmekaitse Inspektsioon), whose website provides contact information and complaint-related guidance.

17. Third-Party Websites and Services

17.1. The Service may contain links to third-party websites, tools, plug-ins, or services.

17.2. The Company is not responsible for the privacy practices, security standards, content, or policies of third-party services that are not controlled by the Company.

17.3. Users should review the privacy notices of third-party services before providing personal data to them.

18. Changes to This Policy

18.1. Itemsism OÜ reserves the right to amend, revise, supplement, or replace this Policy from time to time to reflect changes in law, regulatory expectations, operational practices, technology, or the Service.

18.2. Updated versions will be published on the Service together with the revised effective date.

18.3. Where required by law, the Company will provide additional notice or seek renewed consent in relation to material changes.

19. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, you may contact the Company at:

Itemsism OÜ
Harju maakond, Tallinn
Lasnamäe linnaosa, Tuulemäe tn 5
11411, Estonia

Website: http://joyskils.com/

Email: info@joyskils.com

Registration number: 17363244

Start Your Free Trial with 10 Free Coins

Jump in and explore your cognitive strengths with fun, targeted brain games.

Start test

Company name: Itemsism OÜ

Address: Harju maakond, Tallinn
Lasnamäe linnaosa, Tuulemäe tn 5
11411, Estonia

© 2025 Itemsism OÜ. All rights reserved. 

Payment & Refund policy

Terms & Conditions

Privacy Policy

© 2026 Itemsism OÜ. All rights reserved.