Preamble
Steffen Knoedler, Rorthschildallee 41 - 60389 Frankfurt am Main - Germany, („Provider“) respects and protects your personal data.
The following Privacy Policy is intended to provide you with more detailed information about the collection, processing and use of data in connection with our games offered as mobile applications.
The Provider collects, processes and uses personal data exclusively in accordance with the applicable legal regulations. Therefore, the high data protection level of the General Data Protection Regulation ("GDPR") applies.
1. Scope of Application
1.1 This Privacy Policy is intended for all users of the Mobile Apps ("Users"). If certain services or individual apps of Provider have a different data protection declaration, such declaration shall apply.
1.2 The scope of this Privacy Policy does not include services and offers of third parties that may be referred to in the mobile app by so-called links. Provider neither assumes responsibility for their content nor for compliance with data protection regulations by these third parties, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links via which social networks such as Facebook or chat apps such as WhatsApp can be accessed, and to links in advertisements that are used. For information on the handling of the User's personal data and their respective protection on these platforms, please refer to the privacy statement on the respective platform.
2. Downloading and installing the mobile app apps
When you download and install our mobile apps, the operator of the platform through which you obtain the respective app (for example Apple, Inc. for the AppStore and Google Ireland Limited for the Google PlayStore) collects personal data required for the download. These data include in particular your name, your e-mail address and your postal code, time of download, the IP address and the individual device identification number of your device (so-called IMEI), as well as your payment information, if applicable. This collection and processing of your personal data is, however, basically carried out solely by the respective platform operator without our participation in the data processing or our ability to influence it. In this respect, the data protection provisions of the platform operator apply, which can be viewed on the platform in question. the Provider only receives and processes personal data collected by the platform operator to the extent necessary for the download and provision of the mobile app. If the Provider processes personal data as part of the installation, this is done on the basis of the contract on the subscription and use of the mobile app that you concluded with us when downloading and installing the app, in accordance with Article 6 (1) sentence 1 lit. b) GDPR.
3. Collection, processing and use of data when using the mobile apps
3.1 When you start and use Provider's mobile apps, depending on the mobile app, a connection may be automatically established to the servers used by us in order to retrieve current content. Information that your device transmits to us is logged in the process. This includes the IP address of the device you are using, data on the operating system used as well as the installed mobile app and its version, date and time (including time zone) of the respective access to the contents of the mobile app as well as the information on which specific contents have been requested for the respective mobile app. In addition, the Provider may collect and process personal data in order to fulfil its contractual obligations with the User, e.g. to create the User's user profile. Depending on the respective mobile app, this data includes name and IP address and data identifying the User's device.
3.2 Provider collects and processes these data in order to provide the mobile app and the respective current content of the mobile app. The provision of this data is not required by law, but is necessary for the conclusion of the user contract for the respective mobile app and the associated service by Provider. The User may voluntarily provide Provider with further data with respect to the offer. The basis of this data processing for the fulfillment of contractual obligations is Article 6 (1) sentence 1 lit. b) GDPR.
4. In-app payments
4.1 In some mobile apps, the Provider may offer certain additional versions and content for purchase, e.g. the use of an ad-free version of the app. In order to conclude the corresponding contract and the associated payment processing, it is necessary to enter bank details or other payment-related data (e.g. credit card). For payment processing, the Provider uses the services provided by the respective operator of the platform through which you have obtained the mobile app (for example, Apple, Inc. for the AppStore and Google Ireland Limited for the Google PlayStore). The aforementioned information will be processed accordingly together with the necessary usage data by the operator of the respective platform, insofar as this is necessary to process the payment. Details on the handling of your personal data in connection with the payment processing can be found in the privacy statement of the respective platform operator which can be viewed on the corresponding platform.
4.2 The use of these payment services is mandatorily required by the platform operator in order for us to be allowed to offer the app on the respective platform and also serves to provide you with an easy and smooth payment process in the app.
4.3 This data processing in connection with the purchase of additional content in the respective mobile app, including payment processing, is carried out for the conclusion and processing of the contract regarding this content and thus on the basis of Article 6 (1) sentence 1 lit. b) GDPR.
5. Support requests and contact via the mobile app
5.1 If you notify our customer support or otherwise contact us (e.g. with a contact form in the mobile app), the information you provide in the contact, including the contact details given there, will be processed for the purpose of handling your enquiry and processing it, including investigating and rectifying any problems in the mobile app and in the event of follow-up questions. In the event of a request to our customer support via the mobile app, information on the mobile app, your mobile app progress, Player-ID and, if applicable, the problematic part of the mobile app as well as technical data on your device will also be processed automatically.
5.2 The Provider processes this data in accordance with Article 6 (1) sentence 1 lit. b) GDPR, as far as you contact us within the framework of an existing contract for the use of the mobile app or for the purpose of initiating such a contractual relationship. Otherwise, the storage and use of the data takes place on the basis of Article 6 (1) sentence 1 lit. f) GDPR, whereby our legitimate interest is the careful processing of your respective request and the solution of any technical problems.
6. Error reporting and usage analysis via Firebase
6.1 The mobile app implements functions of the Firebase service which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
6.2 Data on the general use of the app are collected and evaluated via the Firebase service (so-called Google Analytics for Firebase). At the same time, reports on errors and crashes that occur in the app are generated to analyze and resolve these errors and crashes. For these purposes, information on whether and how you use certain parts of the mobile app is collected together with the IP address and other technical data on your device and the configurations assigned to it (hereinafter "Device-Related Data"), such as the manufacturer and model of the device, the language setting and the advertising ID as well as the country from which you use the app. In order to generate error reports, details about the error that occurred, information about the affected mobile app and, if necessary, game-relevant data will be collected and processed additionally, but only if such an error occurs while you are using the app. Google evaluates such data on our behalf and compiles aggregated reports for us. The Provider uses these reports to gain insight into the general use of the mobile app as well as into the errors that have occurred, in order to use this information to improve the content and functions of the app and, in particular, to eliminate existing errors and problems. In addition to this the Provider also gets access to the in-game activity of individual users through Google, based on an anonymized user-id. Nevertheless it is not relevant for the Provider which User used the respective app and to what extent. It is therefore not a matter of creating user profiles for Provider but rather of providing functional mobile apps through the analysis of aggregated reports from Google. Google may also transfer these data to servers operated by Google LLC in the USA and analyze them there. However, in member states of the European Union or in other states that are party to the Agreement on the European Economic Area your IP address will be shortened and thus made anonymous before it is transmitted to a Google server in the USA.
6.3 Google also processes the aforementioned data collected via the Firebase service to the extent covered by its own privacy policy which you can find at https://policies.google.com/privacy. There you will also find additional information on Google's handling of personal data.
6.4 the Provider would like to point out that the transmission of data to servers in the USA used by Google LLC may involve additional risks, for instance the enforcement of your rights to these data may be more difficult. In order to counter these risks, the Provider have concluded the standard data protection clauses by the EU Commission with Google LLC for this data transfer and also stipulated appropriate protective measures therein, which, depending on the need for protection of the data, also include data encryption and can be improved in accordance with the legal and technical conditions for appropriate protection of the data. If data is transferred to Google LLC in the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
6.5 The Provider only uses Firebase for the data analyzing purposes described above, if you consent to it. In these cases, the legal basis for the processing of your data is Article 6 (1) sentence 1 lit. a) GDPR. You may revoke an already granted consent for data processing at any time with effect for the future. the Provider have further concluded a data processing agreement with Google in accordance with Article 28 GDPR on data processing in the context of error analysis. Accordingly, Google will only process the data collected in this context in accordance with our instructions for this purpose. This forwarding of data to Google is therefore based on Article 28 GDPR.
7. Partner services for advertising in the mobile apps
We integrate services of advertising networks in the mobile apps with which the Provider cooperates in order to be able to display third-party advertising to you while you are using the mobile apps.
In this context the Provider uses services of different advertising networks, whereby the personal data concerning you may be sent to several of the integrated advertising networks. By integrating different advertising networks, the Provider ensures that only advertisements are displayed that are approved and specifically available by the advertiser for the respective country from which you have installed and use the relevant mobile app. The Provider generally makes our mobile apps available worldwide which is why the advertisements shown in them are subject to different legal requirements depending on the User's country. The advertisement networks each work with different advertisers who may target their ads to only certain countries and adapt them solely to the legal requirements applicable there. In addition, advertisers have also set certain restrictions, such as a general maximum number of advertisements to be displayed per user or certain media in which the advertisements are to be displayed. However, the Provider can only view individual advertisers and advertising campaigns relevant to our mobile app Apps in very limited cases in advance and therefore cannot evaluate them more precisely. To ensure that the Provider is nevertheless always able to display advertising that has been approved by the advertiser for the User's region and may be specifically played, the Provider uses different advertising networks. Since the Provider can only provide the free mobile apps by financing it through advertising, the Provider has a legitimate interest in generally displaying advertising to the individual User in our mobile apps in order to generate revenue and to be able to continue to offer the apps free of charge, if possible worldwide.
However, personalisation of displayed advertising is only activated to the extent permitted by law. In particular, the Provider only uses data of a User who resides in the EU to display personalized advertising to this User if the respective User has consented to this in advance. In these cases, the legal basis for the processing of your data in connection with personalized advertising is your consent pursuant to Article 6 (1) sentence 1 lit. a) GDPR. You may, of course, revoke an already granted consent for data processing for personalized advertising at any time with effect for the future. Please note that the Provider also displays advertising to finance the free mobile apps if you have not consented to personalized advertising or have revoked such consent. In that case the advertising displayed will not be personalized, i.e. not adapted to your personal interests and usage habits. Only general information will be taken into account, for example the respective mobile app and the country from which the app was installed and launched. More details on the display of these non-personalised advertisements and their legal basis are explained below for the individual advertising services.
For some games the Provider may also offer you the option of purchasing a paid, ad-free version. In ad-free versions, of course, no advertising services are implemented and accordingly no data processing takes place for the purpose of displaying advertising in the app.
7.1 Google AdMob
8.1.1 The advertising network AdMob which is operated by Google is also used in our mobile apps to integrate third-party advertising. In this context, Google receives information about the respective mobile app App (name, category and language of the mobile app App), Device-Related Data of your device as well as the IP address of your device, which is, however, shortened and only used in an abbreviated form, and information about some of your interactions in the app. The aforementioned data may also be transmitted to Google LLC servers in the USA for the AdMob service. Google processes this data in order to select specific advertisements without giving us the opportunity to exert any further influence, and to limit the display of an advertisement, especially in the case of multiple displays to a specific User. The Provider has no insight into the selection of specific advertisements and the related data processing, nor do the Provider have any more precise setting options to be able to influence this. Google uses the collected data in accordance with Google's privacy policy.
7.1.2 Google also records whether and if so, how you interact with the advertisement, the IP address and individual Device-Related Data of your device as well as, if applicable, your further usage behavior following a click on the advertisement, in order to evaluate the success of the respective advertisement together with the aforementioned data and to properly invoice us and the advertiser accordingly. Based on their evaluations, Google also creates aggregated reports for us on the scope and results of the advertising. However, this only gives us access to aggregated data on the results of the advertising which Provider cannot trace back to individual persons.
7.1.3 Further details on the processing of data by Google can be found in Google's privacy policy (https://policies.google.com/privacy) and in the information on the use of data from integrated Google services (https://policies.google.com/technologies/partner-sites?hl=de).
7.1.4 The basis for data processing as part of the AdMob service is our legitimate interest pursuant to Article 6 (1) sentence 1 lit. f) GDPR. It is our legitimate interest to play advertising to Users in order to finance the creation and further development of the free mobile apps. Financing through advertising allows us to generally offer mobile apps worldwide. It is also in our legitimate interest to use the AdMob network which is specifically tailoured to advertising for apps, to display advertising that fits as coherently as possible into the format of the mobile apps and is not perceived by Users as annoying or inappropriate. As the mobile apps are available free of charge and are solely for your entertainment purposes, it is not apparent that your interests are overriding in this respect. For certain mobile apps the Provider also offers you the option to use a paid, ad-free version of the mobile app Apps.
7.1.5 The transfer to servers of Google LLC in the USA is based on Article 46 (2) lit. c) GDPR. For this transfer the Provider has agreed the standard data protection clauses of the EU Commission with Google LLC. Together with these clauses, the Provider and Google LLC have also defined and implemented appropriate protection measures that take into account the need for protection of the data in each specific case and include encryption of the data. These measures are also continuously adapted in accordance with the legal and technical conditions for effective protection of the data in order to provide continuous assurance of an adequate level of protection.
8. Apple Sign In
8.1 In some mobile apps that require you to register with a user profile, you may also create your user profile by signing in to your Apple services profile (called an Apple ID account) if you express your consent to do so by clicking on the appropriate Apple connection button. The function required for this ("Apple Sign in") is provided by Apple Distribution International Ltd Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple"). The necessary feature (called "Apple Sign In") is provided by Apple Distribution International Ltd. Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple"). the Provider does not have access to the login details of your Apple profile. After verification of your login data, the Provider will only be informed about the following data from your Apple profile: the registered name, your Apple ID, your language setting, and the country from where you are playing.
8.2 Data processing for Apple Sign in is legally based on your consent (Article 6 (1) sentence 1 lit. a) GDPR) which you give when calling up Apple Sign in and subsequently entering your login data to your Apple ID account. You may revoke your consent at any time with effect for the future.
8.3 By using Apple Sign in, Apple may receive the information that you have created a user profile for the relevant mobile app. Information on how Apple handles your personal data can be found in Apple's privacy statement at: www.apple.com/de/privacy.
8.4 In the event that the Apple Sign in feature transfers personal data concerning you to Apple, Inc. in the USA, Apple has ensured prior to the transfer that this transfer is covered by the EU Commission's standard data protection clauses pursuant to Article 46 (2) (c) of the GDPR. Apple and the Provider also take additional technical security measures to protect your data, including appropriate encryption, pseudonymisation and reducing data processing as far as possible
9. Inviting users using links
9.1 In certain mobile apps, you may also be able to create an invitation to a shared gaming session with a direct link to the specific gaming session in order to send this invitation to a contact via a messenger app or by other means (e.g. e-mail). When the invitation to a mobile app is created, a specific link is generated in the mobile app that leads directly to the gaming session in the mobile app.
9.2 To generate the direct link to the gaming session and to match the relevant Users in the same gaming session, the Provider uses the Firebase Dynamic Links service provided by Google. When the recipient clicks on an accordingly generated link to a gaming session, Google collects the recipient's IP address as well as information about the respective mobile app and Device-Related Data about the used device. Google uses these data on our behalf to direct the recipient to the correct mobile app in the mobile app. For this purpose, the App must determine whether it was your contact who has clicked on the link and for which gaming session you have invited the recipient.
9.3 The data processing in connection with the direct link to the gaming session is carried out for the purpose of giving users an easy and direct way to start a gaming session with others and is therefore legally based on Article 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest is to make it as easy and convenient as possible for our Users to start a mobile app together and thus to provide Users with a special gaming experience. This is also in the interest of our Users, both the sender and the recipient of invitations to play a game. A possible conflicting interest of a recipient to the effect that their data is not transferred to Google is allowed for by the fact that such a data transfer only takes place if the recipient voluntarily clicks on the sent invitation link and thereby expresses that he or she accepts the mobile app invitation. From this point on, it can no longer be assumed that the recipient has a conflicting interest regarding the processing of his or her personal data through our mobile app.
9.4 From the aforementioned data, Google also compiles reports on the use of links to mobile apps which the Provider evaluates. These reports provide us with information about the use of the generated links, the functioning of the link and any subsequent app openings or installations of the relevant mobile app. However, the Provider does not receive any information about the user navigation following the click on the link. All these reports only contain aggregated data and do not allow us to draw any conclusions about individual Users; data about individual Users are not visible to us. The data processing described above is necessary to protect our legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR), whereby our legitimate interest is to be able to provide users with the best possible functionalities in our mobile app Apps in order to offer users an optimal gaming experience. For this purpose, the Provider needs insights from the Users' interactions with the provided links and their functionalities.
9.5 Google also processes the aforementioned data collected via the Firebase service to the extent covered by its own privacy policy which you can find at https://policies.google.com/privacy. There you will also find additional information on Google's handling of personal data.
9.6 The Provider would like to point out that the transmission of data to servers in the USA used by Google LLC may involve additional risks, for instance the enforcement of your rights to these data may be more difficult. In order to counter these risks, the Provider have concluded the standard data protection clauses by the EU Commission with Google LLC for this data transfer and also stipulated appropriate protective measures therein, which, depending on the need for protection of the data, also include data encryption and can be improved in accordance with the legal and technical conditions for appropriate protection of the data. If data is transferred to Google LLC in the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
10. Storage, storage period and deletion of data
10.1 The Provider will process your personal data for as long as is necessary to achieve the purposes of the processing, is required by law to retain the data or is necessary for other reasons. Subsequently, the data will be deleted in accordance with the statutory provisions.
10.2 However, the Provider retains data that the Provider stores for legal reasons for as long as this is legally required. After expiry of a statutory retention period, the data are deleted immediately, unless there are other reasons preventing deletion in terms of Article 17 (3) GDPR.
11. data security
Provider has taken appropriate technical and organizational measures to protect personal data against accidental loss, damage, unauthorized access and unauthorized alteration. In particular, Provider's data are only transferred in encrypted form. Provider however clarifies that data protection and data security cannot be guaranteed for transfers outside Provider's sphere of influence.
12. Disclosure of personal data to third parties
12.1 Personal data will only be transferred to third parties without the User's explicit consent if this is necessary for the provision of Provider's services (e.g. for the technical provision of the offer), unless stated otherwise at another point in this Privacy Policy. Accordingly, a transfer of data to such service Providers (such as technical service Providers) takes place in order to protect our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR, namely in order to be able to provide our mobile apps for retrieval at all. Of course, Provider will ensure that the respective service Provider has taken appropriate technical and organizational measures to guarantee the security of the data before forwarding the User's personal data.
12.2 The Provider stores the data which the Provider collects when the mobile apps are used with the help of third-party services. The Provider uses the Google Cloud and Google Firebase services, both of which are provided by Google. These services may also collect and possibly store the IP address of your device when you use the mobile apps, but for a maximum of 30 days. However, Provider does not receive the IP addresses directly and only views IP addresses collected by these services in exceptional cases and only if a legal basis exists, in particular insofar as this is necessary to protect Provider's legitimate interests (e.g. during maintenance work or in the event of the investigation of technical problems). Google also transfers the collected data to their servers in the USA. The Provider uses these services to provide the aforementioned data for playing the mobile app efficiently and with the lowest possible error rate to thereby ensure a smooth use of the mobile app features. The legal basis for the associated data processing is Article 6 (1) sentence 1 lit. f) GDPR, whereby our legitimate interest is an optimal, technically sound provision of the mobile app. As the Provider has already explained several times above, the Provider has concluded the standard data protection clauses adopted by the EU Commission with Google to safeguard the transfer of data to the USA. The Provider has also concluded a data processing agreement with Google. The forwarding of personal data to Google in connection with the aforementioned services is therefore based on Article 46 (2) lit. c) and 28 GDPR.
12.3 Otherwise Provider will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) sentence 1 lit. a) GDPR) and Provider is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Provider will transfer the data in order to fulfill a legal obligation according to Article 6 (1) sentence 1 lit. c) GDPR.
13. Changes to this Privacy Policy
Provider reserves the right to change this Privacy Policy at any time, and Provider will always comply with the legal requirements of data protection. Therefore, Provider recommends that Users regularly take note of the most up-to-date Privacy Policy. The Provider will inform Users in advance on further use of data, for example by messages in this respect, in the mobile app or by so-called push notifications, insofar as you have allowed such push notifications.
Frankfurt am Main, 25.07.2022
Steffen Knoedler