Privacy Policy

1939 Games ehf. (hereinafter referred to as “1939”, “we,” “our,” “us”) recognizes that you care how your personal data is collected and used. 1939 has created this Privacy Policy to inform you of our practices regarding collection, use, and sharing of personal data. Please read the following carefully to understand our views and practices regarding your personal data and how it will be treated.

The practices described in this Privacy Policy apply to personal data collected through our websites and (each, a “Site”, collectively, the “Sites”) and our game KARDS (the “Game”). Sites and Game are collective referred to as “Services”. Your use of Services can also be subject to any applicable Terms of Service. This privacy policy forms part of our Terms of Service.

For the purpose of any applicable data protection and privacy legislation, the data controller is 1939 Games ehf. of Hólmaslóð 8, 101 Reykjavik, Iceland.

We have appointed a Data Protection Team to oversee compliance with this Privacy Policy. The Data Protection Team may be contacted at

This Privacy Policy will be published in English, but may be translated into additional languages for convenience of the reader. If this Privacy Policy is published in any language other than English, the English language version will be the governing agreement and shall control interpretation of all matters discussed below.

1. What personal data do we collect and why?

We collect personal data from the users of our Services. What personal data is collected about you depends on your use of our Services.


When you use our Sites, we gather information about your computer, including the following information:

  • IP address;

  • operating system; and

  • browser type.

We also collect information regarding customer traffic patterns and Site usage, which may be stored with an IP address, including details of:

  • transactions you carry out through our Sites;

  • fulfillment of your orders;

  • your visits to our Sites, such as location data, traffic, weblogs, referring web addresses and resources you access, including pages visited and search terms entered.

Account and purchasing

When you create an account or otherwise purchase Services from 1939 or our business partners, you are required to submit the following information:

  • name;

  • age;

  • valid email address; and

  • other contact information.

If you do not provide this data, we may not be able to provide you with the requested products or services. We may also ask you for information when you enter a competition or promotion sponsored by us, or our business partners, or when you report a problem with our Services.


When using a Game, we collect the following personal data relating to your player account:

  • first and last name, profile name or other identification;

  • email address

  • age and date of birth;

  • country of residence;

  • preferences and settings, including communication or content restrictions and parental control settings;

  • language selection;

  • transactions carried through using stored tokens;

  • friends and block lists, where applicable; and

  • any other information you voluntarily provide in relation to your player’s account.

We also collect your gameplay information, meaning any information relating to your play or use of a Game, including your:

  • gameplay statistics;

  • preferred strategies;

  • in-Game transaction history and trends;

  • history of technical issues and support usage; and

  • history of contributed and received user content, such as messages in chat rooms, on bulletin boards and other user-to-user areas.

We may monitor your Game hardware solely for the purpose of establishing whether in playing the Game you are using software created or approved by 1939, or whether you are using unauthorized software created by you or a third party in contravention of the applicable Terms of Service, including your:

  • IP address;

  • operating system;

  • browser type;

  • CPU/processor;

  • memory;

  • graphics card;

  • network adapter;

  • locale/regional settings; and

  • hard drive information.

As a general rule we collect personal data directly from you or indirectly, such as from your activity on our Sites and Games. We may however collect information about you from third parties through Web Analytics.

2. How do we use your data and on what ground?

To contact you

We may use your personal data to contact you. For example, we may send you e-mail messages under the following circumstances:

  • to respond to an inquiry or request for information;

  • to thank you for contacting us;

  • to welcome you to our Services;

  • to communicate with you regarding your use of the Services;

  • to notify you about changes to our Service;

It may be necessary for us to contact you for the performance of our Service, but also for the purposes of our legitimate interests of maintaining our business relationship.

To provide services

When you create an account or otherwise purchase Services from 1939 we use the personal data provided to verify your identity and age and to provide services and carry out our obligations arising from any contract between you and 1939. The same applies to the personal data provided in relation to your player account.

The processing of players’ gameplay information is necessary for us to perform our contract with players of the respective Games. The information may also be necessary for maintaining, operating, administrating and supporting our Services, for example through Customer Support and Quality Assurance.

Moreover, the processing of gameplay information furthers 1939’s legitimate interests of reviewing, researching and developing our Services.

The monitoring of your Game hardware furthers 1939’s legitimate interest of monitoring whether you are using unauthorized software in contravention of the applicable Terms of Service.

For marketing purposes

We may use your personal data for marketing purposes, based on our legitimate interest. For example, we may use your e-mail address to send you messages about new offerings and features of 1939 and to market and offer 1939’s products and services which we think you might be interested in.

We may also ask for your consent to send you marketing for the products and services of our business partners. When the collection and processing of your personal data is based on your consent, you can always withdraw the consent. All communications relating to such withdrawal shall be directed to our Data Protection Team.

3. To whom is your personal data disclosed?

  • Disclosure to third parties

1939 may disclose your personal data to third party contractors, consultants and suppliers in relation to their work for us. Personal data may for example be disclosed to external parties which provide us with IT services. We may also transfer your contact data to third party social media platforms, who provide us with marketing services.

1939 may disclose your personal data to law enforcement or other government officials, as 1939, in its sole discretion, deems necessary or appropriate to investigate or resolve possible crimes or to respond to judicial, regulatory, agency or similar inquiries. Disclosure may also be necessary in emergency situations and to ensure the rights and safety of customers, 1939 staff or third parties.

If the ownership or control of all or part of our Services changes, we may transfer your personal data to the new owner.

  • Aggregated information

We may collect aggregated demographic information about our users, such as age, interests, etc. We may share certain aggregated demographic information with our business partners regarding the users of the Services. The aggregated information that we provide is not directly linked to you or any other identifiable person.

  • International transfer of data

The data we collect from you may be transferred to, stored and processed by 1939 companies at one or more destinations both inside and outside the European Economic Area (“EEA”), including the United States of America and the People’s Republic of China for any purposes set out in this Privacy Policy.

Our contractors, consultants and suppliers may also be located outside the EEA.

However, we only transfer your personal data to countries outside the EEA if such transfer is permitted under the applicable privacy legislation.

4. How long do we keep your data?

Except as otherwise permitted or required by applicable law or regulatory requirements, we are committed to retaining your personal data only for as long as it is necessary to fulfill the purposes for which the personal data was collected.

We will however delete all data that is no longer necessary after a reasonable period. We will also delete your data upon your request. We may keep your information for longer for research or statistical purposes. If we do, we will make sure your information is anonymised and non-traceable to you as a person. We will also keep it for longer if we may not delete it for legal or regulatory reasons.

5. How is your data protected?

We take precautions to protect your personal data from loss, unauthorized access, copying, use, modification or disclosure.

1939’s security measures include industry-standard technology and equipment to help protect your personal data, and we maintain security measures to allow only the appropriate personnel and third parties access to your personal data.

Where we have given you (or where you have chosen) a password that enables you use/access the Services, you are solely responsible for keeping this password confidential. We ask that you not share your password with anyone.

6. How can you exercise your rights provided under data protection legislation?

1939 is committed to ensuring your rights under the European Data Protection Legislation.

You can view and rectify some elements of your personal data on your online account system, or request that our Data Protection Team rectify your data.

You have the right to access the personal data 1939 has collected about you and to be informed about the purpose of its collection. You may also be entitled to a copy of the personal data undergoing processing. Furthermore, you may under certain circumstances and where technically feasible, have the right to request us to transfer your personal data to a third party.

You may also have the right to request us to restrict the processing of your personal data, for example if you object to its processing, but prefer the data not to be erased.

If the processing of your personal data is based on 1939 legitimate interests, you have the right to object to the processing, following which we must stop the processing unless we demonstrate a compelling legitimate ground for the processing which override your interests.

In certain instances, you have the right to have your personal data erased, such as where the data is no longer necessary in relation to the purpose for which they were collected or otherwise processed, or if you withdraw your consent.

Your rights to access, erasure, restriction and portability of data are however not absolute. In those instances where we cannot accept your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Please refer all requests concerning your rights to our Data Protection Team, contactable via

7. Revisions to this Privacy Policy

1939 may make changes to this Privacy Policy to reflect changes to our legal or regulatory obligations or to the manner in which we process your personal data.

Any changes to this Privacy Policy will be effective from the time they are posted on the Sites or under our Terms of Services, as applicable.

8. Change of Control

If 1939 experiences a “Change of Control” (defined below), then we may amend our information practices as described in this Privacy Policy. We will disclose your personally identifiable information to the company or other legal entity that succeeds our operation of the Services. The privacy policy of the succeeding legal entity will then govern the personal data that we have collected from you under this Privacy Policy. However, if applicable law prohibits the succeeding legal entity’s privacy policy from governing your personal data, then this Privacy Policy shall continue to govern. “Change of Control” means any of the following events:

  • a reorganization, merger, consolidation, acquisition or other restructuring involving all or substantially all of our voting securities and/or assets, by operation of law or otherwise;

  • insolvency;

  • a general assignment for the benefit of creditors;

  • appointment of a receiver for our business or assets;

  • we become subject to any bankruptcy or insolvency proceedings, whether domestic or foreign; or

  • our liquidation, voluntarily or otherwise.

9. Links to other websites

The Sites may contain links to other websites. We are not responsible for and shall not have any liability arising from the privacy practices or the content of other websites.

10. Questions about our Privacy Policy

If you have any questions about this Privacy Policy or how we manage your personal data, please contact our Data Protection Team at

If you are unsatisfied with our response, you are entitled to make a written submission to the respective data protection authorities, including the Icelandic Data Protection Authority (