Privacy Policy

Last Updated: October 2025

 

1. General

JollyMax, operated by Cybershell Technology Limited (“JollyMax”, “we”, “us” and “our”) attaches great importance to your privacy. This Privacy Policy describes how we collect, use, store and disclose personal information, as well as how you can exercise your rights regarding your personal information when we provide you with our services (the “Service”).

We process your personal information to enable you use our Service or purchase of any gift codes, app/game credits, or vouchers (“Digital Product”) through https://www.jollymax.com (the “Site”) and other methods which is related to our Service. Please read this Privacy Policy in combination with our Terms of Use carefully. By accessing and using the Service, you acknowledge that you have read and understood the terms of this Privacy Policy, and consent to our processing of your personal information for the purposes described within and in accordance with this Privacy Policy.

We may amend this Privacy Policy at any time by posting an updated version on the Site to reflect any changes to the way we process your personal information or following the developing legal requirements. The most current version of this Privacy Policy will govern our use of your information. By agreeing to and continuing to use the Service, you agree to the contents of this Privacy Policy as it is at the date you use the Service.

In order to facilitate your understanding of our Service and this Privacy Policy, we highlight the following key points for you:

a) As to how to exercise your rights regarding personal information, subject to applicable laws and regulations, we provide you with methods to exercise your rights to access, correct or modifyyour personal information and exercise any other rights provided by applicable laws and regulations. We will respond to your request timely to ensure that you have control over your personal information.

b) Please note that we only provide the Service to those who are at or above the age of majority. You are not allowed to use the Service if you are a minor in your location. JollyMax also does not market to, or knowingly collect personal information from, minors under the age of majorityon any sites of the company. If we become aware that we have collected personal information from a minor under the legal age limit, we will promptly delete such Should you suspect that a user below the required age has provided us with his or her personal information, please contact us using the information provided below.

c) Please note that this Privacy Policy does not apply to information collection activities by third parties (including but not limited to payment service providers). You should refer to the privacy policies of those third parties for further information. We are not responsible for the data privacy or security practices of such third parties with whom you choose to share your personal information directly.

 

2. Sources of personal information we collect

We collect personal information from a variety of sources, including (i) from you directly, (ii) from third-party sources, including commercially available sources such as public databases, and third-party service providers, (iii) automatically through your device, and/or (iv) from such other sources where you have given your consent for the disclosure of information relating to you.  

 

3. When Can We Collect Your Personal Information?

We may collect personal information directly from you when you:

a) visit or browse our websites including the Site;

b) register and/or use our Services;

c) link your other external accounts to register an account with us;

d) communicate with us (including but not limited to attending to you through our online customer service chats, letters, calls (which may be recorded), emails);

e) register or subscribe for a specific Digital Product on the Site and/or Service;

f) participate in any of our surveys;

g) enter into or participate in any competitions, contests run/organized by JollyMax;

h) respond to any marketing materials we send out;

i) lodge a complaint with us;

j) provide feedback to us in any way; and/or

k) submit your personal information to us for any reason.

 

4. What Personal Information Will We Collect?

When we provide the Service and interact with you or when you access our website, to the extent legally required, the personal information we receive, collect and process, either by ourselves or through third parties, may include (i) if you are an individual, your name, email, phone number, billing address, bank account information, transaction IP address, device used to process transaction, proof of identity and proof of address; and (ii) if you are the representative of an enterprise, your name, contact information (such as phone number or email), business registration information, identity information of your business owner and beneficiary which is legally required for registration with JollyMax More specifically:

a) The account/character information you want to transact for.You need to provide information about your account/character which you want to transact for, such as your account number, your character id and so on. The specific type of information you need to provide is subject to the content actually displayed on the corresponding webpage.

b) Contact information.You need to provide your e-mail address to us in order to receive our feedback. When you contact us, if necessary, you may need to provide corresponding information as evidence to prove the problem you encountered and we will also collect chatting records between you and us.

c) Social Media Login Data. If you choose to register or use our Service by using a third-party social network account (e.g., Facebook, Google), you mayprovide us with your possible information related to such account. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform. If you are using the Service only as a visitor, you are not required to provide the information described in this paragraph.

d) Transaction information.We will collect transaction information, such as order number, purchase amount, purchase history, date of purchase, the content of the goods and/or services that you are purchasing and so on, in order to pursue our legitimate interests and to abide by our contractual obligation to help you use the Service.

e) Payment Informationthat we obtain through payment service providers. In facilitating your payment, we may authorize third-party payment service providers to collect information on behalf of us to collect payment information of the transaction from you depending on the payment method you choose to make or receive a payment, including (i) bank card information such as name on the card, card type, card number, card verification value (when required in certain jurisdiction), expiration date or information about the account you open with your payment service providers; (ii) identification information including, if applicable, your identity number or tax number, user identity generated by Publishers to verify and process the transactions, or to meet anti money laundering, counter-terrorism funding reporting requirements and/or fraud prevention checks; or (iii) transaction information such as amount and time of transaction, currency and language which is used.

f) Information that we obtain fromother third-party sources. We may also collect and use your personal information from your organizations, public channels, or other third-party sources as necessary for provision of Service. For example, we may obtain certain personal information about you from third parties including government agencies, information service providers, fraud monitoring and prevention service providers, or from publicly available records to carry out due diligence and other legally required compliance checks, such as know-your-customer (“KYC”) process, anti-money laundering (“AML”) checks and Specially Designated Lists (“SDN List”). SDN List refer to sanctions lists published by government authorities (such as the U.S. Treasury’s Office of Foreign Assets Control) that name individuals, companies, or organizations that are subject to trade restrictions or asset freezes.

g) Information collected automatically through your device. We will collect the following personal information from your device when you use Service to carry out data analysis and to protect you from fraud, phishing or other misconduct, including your IP address, app version, system version and type, device model, device manufacturer, device type, system language, network type, carrier, device identity, browser setting, and browser type. We may also collect certain information through the use of cookies. Please refer to the “Cookies and Similar Technologies” section for more information.  

Please do not send to us or disclose any sensitive personal information (“Sensitive Personal Information”), unless such information is necessarily required by the Service or for legal compliance checks (e.g. KYC/AML requirements). Sensitive Personal Information, depending on the specific provisions under applicable data protection laws, includes information related to your e-wallet password, credit or debit card password, racial or ethnic origin, political opinions, religion or other beliefs, health, sexual orientation, criminal background or membership in past organizations including trade union memberships.

Please note that if you have provided us with personal information about third-party individuals, you are required to obtain the individual's prior consent and you represent and warrant that you had or have their consent or are otherwise entitled to provide their personal information to us. By providing us with personal information about third-party individual(s), you also warrant that the individual(s) is informed of and consents to the terms of this Privacy Policy.

 

5. How we use your personal information

We may use your personal information for the following purposes:

a) Identification and authentication.We use your personal information to verify your identity, create a profile for you when you register, access and use our Service, identification, due diligence or known your customer purposes.

b) Contractual obligations.We use your personal information to meet our contractual obligations to you under our Terms of Use or to take steps at your request prior to entering into such contract.

c) Service operations.We process your personal information to provide the Service (Including our marketing activities) that you request, such as process and verify your online transactions and payments on JollyMax.

d) Service improvements.We analyse usage information, including site analytics (including but not limited to data analytics, surveys, products and service development and/or profiling), to analyze how you use our Services, to recommend products and/or services relevant to your interest, to continually improve the user experience; to carry out data analysis for advertising, and to protect you from fraud, phishing or other misconduct.

e) Communications may include providing information about changes to the terms and conditions, updates regarding our Service, or responses to questions you pose.

f) Advertising and marketing.We may use your personal information to build a profile about you, to understand your preferences, and to help determine which marketing materials (for example, region- or sector-focused) would be of interest to you. Where required by law, we will obtain your consent before sending such marketing materials.

g) Exercising our rights. We may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent, and respond to intellectual property infringement claims or violations of law.

h) Complying with our obligations. We may process your personal information to carry out fraud prevention checks or respond to legal processes or to comply with or as required by any applicable laws, governmental or regulatory requirements of any relevant jurisdiction, or where we have good faith to believe that such disclosure is necessary under any applicable law. This includes but not limited to in response to subpoenas and other legal demands, and where we believe that disclosing this information is necessary to identify, contact or bring legal action against individuals who may be endangering public safety or interfering with JollyMax services, or with our customers’ or others’ use of them.

i) Keep security.We may use your personal information for risk management and operation detection purposes, so as to ensure the security of your use of the Service.

j) Any other purposeswhich we notify you of at the time of obtaining your consent.

At any point of time, should you feel the need to opt-out future communications with JollyMax, options are given within to exclude those communicated messages to you.

 

6. Legal justification for our processing of your personal information

Subject to applicable data protection laws that provide other legal grounds besides consent, we may process your personal information in connection with any of the purposes set out above on one or more of the following legal grounds:

a) to perform our obligations under a contract with you or your organization;

b) to comply with our legal obligations, as well as to keep records of our compliance processes or tax records;

c) to pursue our legitimate interestsor those of a third-party recipient of your personal information, provided that those interests are not overridden by your interests or fundamental rights and freedoms. Specifically, we have legitimate interest in (i) promoting and marketing our Services to existing and potential users/publishers; (ii) maintaining user accounts for efficient operation of our business; (iii) keeping our information, trade secrets and confidential data safe and secure; and (iv) handling complaints and claims to protect our business, etc. 

d) based on your consent to process your personal information in that manner; or

e) other available legal justification as applicable under applicable data protection laws.

 

7. Cookiesand similar technologies

This section explains how we use cookies and similar technologies (“Cookies” or “Cookie”) to recognize you when you use our Service. It explains what these technologies are and why we use them, as well as your rights to control them.

Cookies are small amounts of data that your browser receives and stores on the local drive of your computer or mobile device, which enable your device to be recognized when you visit a website or application. We make use of Cookies to provide you with a better, faster and safer user experience. Some Cookies are strictly necessary to make our Service work and to ensure data and IT security and prevent fraudulent activities, which are referred to as “Operationally Necessary Cookies”. Other Cookies may enable us to tailor our website to our users’ preference and to monitor the malfunctioning of our website, which are referred to as “Preference Cookies” and “Analytical Cookies”.

Operationally Necessary Cookies are strictly necessary to enable you to access and use of our Service and you cannot disable them. You have the right to decide whether to accept, reject or customize Preference Cookies or Analytical Cookies by selecting the appropriate settings on your browser or change your Cookies preferences. If you disable non-operationally necessary Cookies, you can still use our Service although your use of certain features and access to certain functions of our Service may be limited.

 

8. Information we share (If needed)

We will only share your personal information with third parties in the following circumstances:

a) Our Affiliatesin different jurisdictions, your payment service provider and other service providers: We may share (or provide access to) your personal information with our affiliates in various countries or regions, your payment service provider or other service providers to enable us to provide you with the Service or certain functions or features of the Service. For example:

   1) we may provide your personal information to financial institutions, credit reference agencies, regulatory bodies or other third-party institutions for the purpose of AML/KYC checks, credit risk reduction and fraud and crime prevention;

   2) we may also engage other third-party service providers (e.g. cloud storage providers) who will process personal information for any of the purposes listed above on our behalf and following our instructions only.

b) Publishers. When you make a purchase or transaction with a Publisher, we will make certain personal information about you available to the Publisher you purchase from or transact with to facilitate the transaction

c) Courts, law enforcement authorities, regulators, government officials or other competent authoritieswhere it is reasonably necessary:

   1) to comply with applicable law or regulations;

   2) to exercise, establish or defend our legal rights;

   3) to protect your vital interests or those of any other person;

   4) to detect, prevent or otherwise address security, fraud or technical issues;

   5) to protect the rights, property or safety of us, our users, third parties or the public as required or permitted by applicable laws.

For example and to the extent applicable, we may provide your company name, contact information and any other transaction information to competent authorities as necessary for us to comply with mandates of Financial Action Task Force (“FATF”) and local Anti-Money Laundering/Countering the Financing of Terrorism (“AML/CFT”) requirements.

d) Actual or proposed sellers or buyers(and their agents and advisers) in connection with any actual or proposed purchase or sale, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy.

If we (i) sell, buy, merge, are acquired by, or partner with other companies or businesses, or go into bankruptcy liquidation; or (ii) sell some or all of our assets, your personal information may be among the transferred assets. In the abovementioned event involving transfer of personal information, the acquiring party must undertake the equivalent obligations as us, protecting and using your personal information in accordance with this Privacy Policy.

You can visit or use other third-party services through our website. Please note that any information you provide directly to third-party providers is not covered by this Privacy Policy. We are not responsible for the privacy or security practices of other third parties with whom you choose to share your personal information directly. We encourage you to review the privacy policies of any third party to whom you choose to share your personal information directly. 

 

9. Where do we keep your personal information

The personal information we collect may be transferred to and stored outside of the country you use our Service for the purposes specified in this Privacy Policy. For example, we store all of our data, including personal information on a server located in Singapore.

Your personal information will be retained only for as long as necessary for purposes for which information was collected, except where (i) necessary to meet applicable regulatory or legal obligations such as licensing requirements, KYC/AML requirements and counter-terrorism funding reporting requirements; (ii) to establish, exercise or defend potential legal claims; or (iii) to pursue our legitimate interests. When the necessary retention period is expired, we will either delete or anonymize the relevant personal information.

Any international transfers of your personal information will be made according to appropriate safeguards under the applicable laws and regulations. If you wish to enquire further about these safeguards used, please contact us using the details set out below of this Privacy Policy.

 

10. Your rights

Depending on the applicable data protection laws, you will have the right to:

a) obtain access to and/or request a copy of your personal information;

b) to have your personal information we hold rectified or deleted;

c) to restrict our processing of that information;

d) to object to our processing of personal information;

e) to have your personal information transferred to you or another organization, where the preconditions to exercise such rights are met under applicable data protection laws; and

f) to lodge a complaint with a relevant data protection authority.

Where you have provided us with consent for the processing, you may be able to withdraw it, provided that such withdrawal will not impact the processing activities that have been carried out with your consent. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, particularly in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

To withdraw your consent or to exercise any of the rights above (as applicable), you should use our contact details set out below. We will respond to all requests we receive from individuals who intend to exercise their rights to personal information according to the applicable data protection laws. To protect the security of your personal information, we may ask you to provide certain additional information for identify verification before we respond to your requests. Under some circumstances, we may refuse to respond to your request as permitted by applicable law. For example, we may refuse to comply with your request if complying with your request is against our obligations under applicable laws or regulations. In the case above, we will explain why we refuse to comply with your request in our response. We may also charge a reasonable fee for complying with your request in accordance with applicable law.

To ensure that the personal information we hold is accurate and up to date, where relevant, please advise us of any changes to your information by emailing us using contact details set out below.

 

11. Security

We care about safeguarding the confidentiality of your personal information. We employ administrative, physical and electronic measures designed to protect your personal information from unauthorized access and use in accordance with applicable data protection laws. Please be aware that no security measures that we take to protect your personal information are absolutely guaranteed to avoid unauthorized access or use of your personal information which is impenetrable.

Once you have any security information, such as your User ID, password, security device and/or security code, you should be careful to ensure that they are not compromised by making sure that you do not knowingly or accidentally share, provide or facilitate unauthorized use of it. Do not share these details with others or allow access or use of them by others. Both of us play an important role in protecting against online fraud. If you click a link to a third-party site, you will be leaving JollyMax and we don’t control or endorse what is on third-party sites.

 

12. Contacting Us

If you have any questions, complaints or comments about this Privacy Policy or our privacy practices, or to report any violations of this Privacy Policy, please contact us via the following contact information. We will respond within a reasonable timeframe.

Email Address: service@jollymax.com

Address: 8^th Floor, No. 168 Queen’s Road Central, Central, Hong Kong

Among other matters, if you are dissatisfied with our processing of your personal information, you may file a complaint with the data protection authority in your country. Please consult your local data protection authority for more details.

 

13. Supplemental Terms

The following additional or amended terms shall apply to you if you are a user in the relevant jurisdiction specified below.

 

Ⅰ. EUROPEAN ECONOMIC AREA AND UNITED KINGDOM

If the Service is used or accessed from within European Economic Area (“EEA”) and United Kingdom (“UK”), the following supplemental terms shall apply and override any conflicting provisions in this Privacy Policy:

The data controller for your personal information is Cybershell Technology Limited. If you wish to reach us, please contact us at service@jollymax.com.

1. InternationalData Transfers

Transfers of your personal information to a country outside the EEA and/or UK may be legitimized on the basis of an adequacy decision, i.e. a decision in which the European Commission or UK Government states that a certain country offers a level of data protection comparable to the (UK) GDPR. If and insofar as we transfer personal information to parties in countries outside the EEA or UK to which no adequacy decision applies, we would implement appropriate measures (where applicable), i.e., the standard contractual clauses established by the EU Commission for cross-border transfers and the UK International Data Transfer Agreement or Addendum. Upon your request posted to the contact information set out above, you may receive a copy of the applicable safeguards.

2. Your Rights

If you are a resident of the EEA or UK, depending on the circumstances, you may have the following data protection rights and you can exercise such rights by contacting us using the contact details provided above:

a) The right to access your personal information and confirm the existence of processing.

b) The right to correct, update or request anonymization, blocking or deleting your personal information.

c) The right to object to the processing of your personal information when it is based on our legitimate interests, unless we can demonstrate a compelling interest that requires processing.

d) Under certain circumstances, the right to ask us to restrict processing of your personal information or request portability of your personal information.

e) If we have collected and processed your personal information with your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

g) You will not be subject to decisions based solely on automated processing (including profiling) which produces legal effects concerning you or that similarly significantly affects you.

h) The right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you are aware of any changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected.

 

Ⅱ. UNITED STATES (CALIFORNIA RESIDENTS)

The information below concerning the collection and disclosure of California residents’ personal information (as defined under the California Privacy Rights Act (the “CCPA”)) as well as the information in Sections 2 – Section 8 of this Privacy Policy above apply to our collection, use and disclosure of California residents’ personal information during the twelve months preceding the effective date of this Privacy Policy and will apply prospectively.

1. Notice upon Collection and Use of Personal Information

We collect the categories of personal information identified in Section 4 (What Personal Information Will We Collect?) of this Privacy Policy (as supplemented by the paragraph below) for the purposes identified in that Section, and retain personal information for the period described in Section 9 (Where do we keep your personal information) above. We do not and will not sell your personal information or disclose it to third parties for cross-context behavioral advertising (“sharing”). In addition, we have no actual knowledge that we sell or share the personal information of individuals of any age, including the personal information of children under 16. We also do not collect or process Sensitive Personal Information for the purpose of inferring characteristics about you.

2. Additional Information About Disclosures of Personal Information

We may disclose your personal information to third parties for the “business purposes” provided in Section 8 (Information we share (If needed) above as that term is defined in the CCPA.

Additionally, we may disclose your personal information to third parties upon your request, at your direction or with your consent.

3. How Long We Keep Information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including satisfying any accounting, reporting requirements or legal requirements and consistent with applicable privacy, data protection and data retention laws. To determine the appropriate retention period for personal information, we may consider (i) the amount, nature and sensitivity of personal information; (ii) the potential risk of harm from unauthorized use or disclosure of your personal information; (iii) the purposes for which we process your personal information; (iv) whether we can achieve those purposes through other means; and (v) the applicable legal requirements.

4. Our Collection, Use, Disclosure, Sale and Sharing of Personal Information and Sensitive Personal Information

Depending on how you interact with us, in the preceding twelve (12) months we may have collected the categories of personal information listed above. We may collect personal information from all or some of the categories of sources listed. We may collect all or a few of the categories of personal information for the business or commercial purposes identified.

5. California Resident’s Rights

The CCPA provides consumers with specific rights regarding their personal information, subject to applicable exemptions and limitations. Specifically, consumers may have the right to:

a) At or before the point of collection, be informed of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.

b) Not be discriminated against because you exercise any of your rights under the CCPA.

c) Subject to certain exceptions, request that we delete any personal information about you that we collected or maintained (“Request to Delete”).

d) Opt-out of the “sale” (as that term is defined in the CCPA) of your personal information if a business sells your personal information.

e) Opt-out of the “sharing” (as that term is defined in the CCPA) of your personal information if a business shares your personal information with third parties.

f) Limit the use and disclosure of Sensitive Personal Information (“Right to Limit”). Please note that we are not using your Sensitive Personal Information for purposes that would require us to provide you with a Right to Limit.

g) Correct inaccurate personal information (“Right to Correct”).

h) Request that we, as a business that collects, discloses, sells or shares your personal information, provide you with certain information about such activities (“Request to Know”).

6. How to Exercise Your Rights

We describe below the different ways in which you can submit requests to exercise your rights under the CCPA.

7. Requests to Know, Requests to Delete and Right to Correct

If your personal information is subject to the CCPA, you may submit Requests to Know, Requests to Correct and Requests to Delete (“Consumer Rights Request”) through the contact details provided under Section 12 (Contacting Us) above.

We are required to provide certain information, delete personal information or to correct inaccurate personal information only in response to verifiable requests made by a California resident or their legally authorized agent. When you submit a Consumer Rights Request, we may ask that you provide clarifying or identifying information to verify your request. Depending on the sensitivity of the information you are requesting and the type of request you make, such information may include, at a minimum level, your name and email address. Any information gathered as part of the verification process will be used for verification purposes only.  

You are permitted to designate an authorized agent to submit a Consumer Rights Request on your behalf and have that authorized agent submit the request through the aforementioned methods. In order to be able to act, authorized agents have to submit written proof that they are authorized to act on your behalf or have the power of attorney. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on your behalf. We may also require that you directly verify your own identity with us and directly confirm with us that you provided the authorized agent with permission to submit the request.

8. Other California Privacy Rights

a) California Shine the Light Law. California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to request information, free of charge, about what personal information is disclosed to third parties (including affiliates) for direct marketing purposes annually. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. To make such a request, please use the contact details provided under Section 12 (Contacting Us) above.

b) Do Not Track. When you use our Service, we and our service providers may track your online activities over time and across websites oronline services as described in Section 7 (Cookies and Similar Technologies) above. Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our Service is not designed to respond to “Do Not Track” signals received from browsers. If you would like to find out more about Do Not Track signals, you may find the following link useful: http://www.allaboutdnt.com/.

 

Ⅲ. SOUTH KOREA

If the Service are used or accessed from within South Korea, the following supplemental terms shall apply and override any conflicting provisions in this Privacy Policy:

When destroying your personal information, we will take reasonable and technically feasible measures to make the personal information irrecoverable. For example, electronic files that contain personal information will be permanently deleted using a technical method that makes the files irrecoverable, and any records, printouts, documents or any other recording media will be shredded or incinerated.