Table of contents
- 1. Contact
- 2. Legal basis
- 3. Storage period
- 4. Categories of recipients of the data
- 5. Data transfer to third countries
- 6. Processing within the exercise of your rights 7. Your rights
- 8. Right to object
- 9. Data protection officer
- 1. Processing of server log files
- 2. Cookies
- 3. Consent management tool
- 4. Contact options and inquiries
- 5. Processing of personal data when using our “Shakes & Fidget” game
- 6. Login through third-party providers
- 7. Additional content
- 8. Tube
- 9. Newsletter
- 10. Analysis, tracking, & retargeting
- a. Facebook Pixel
- 11. TikTok Custom Audiences
- 12. Cloudflare for content integration
- 13. Google Fonts for content integration
- 1. Visiting a social media page
- a. Facebook and Instagram page
- b. LinkedIn company page
- c. TikTok
- d. Xing
- e. Twitch
- f. YouTube
- 2. Comments and direct messages
- 1. Download of the app
- 2. Automatic processing of personal data when using the app
- 3. Permissions on the end device when using the app
- 4. Login through third-party providers
- 5. Push notifications
- 6. Game Analytics
- 7. AppsFlyer
- 1. Contact via email
- 2. Use of the email address for marketing purposes
- 3. Sweepstakes
- 4. Applications
I. General information
If you have any questions or suggestions about this information or would like to contact us regarding the assertion of your rights, please send your request to
Playa Games GmbH
Alstertor 9, 20095 Hamburg – Germany
Email : [email protected] (no game support)
2. Legal basis
Under data protection law, the term “personal data” refers to all information that is related to an identified or identifiable person. We process personal data in accordance with the relevant data protection regulations, particularly the GDPR and BDSG. We only process data on the basis of legal consent. We process personal data only with your consent (Section 15 (3) German Telemedia Act (TMG) or Article 6 (1) (a) GDPR) to fulfill a contract to which you are a party, or upon your request for the execution of pre-contractual measures (Article 6 (1) (b) GDPR), to fulfill a legal obligation (Article 6 (1) (c) GDPR) or if the processing is required to safeguard our legitimate interests or those of a third party, provided that this is not outweighed by your interests or fundamental rights and freedoms which require the protection of personal data (Article 6 (1) (f) GDPR).
If you are applying for a vacant position at our company, we also process your personal data to decide whether to establish an employment relationship (Section 26 (1) (1) BDSG).
3. Storage period
Unless stated otherwise in the following information, we only store the data as long as required to achieve the purpose of the processing or to fulfill our contractual or legal obligations. These legal retention periods may arise in particular due to commercial or tax law provisions. Starting at the end of the calendar year in which the data was collected, we will store any personal data contained in our accounting records for ten years and personal data contained in commercial letters and contracts for six years. Apart from that, we will store data in connection with consent requiring proof, as well as data related to complaints and payment claims, for the duration of the legal limitation period. We will delete data stored for advertising purposes if you object to its processing for this purpose.
Any data the app stored on your mobile device can remain there until you remove the app.
4. Categories of recipients of the data
We use order processors in the scope of processing your data. The processing operations performed by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures, or the destruction of files and data carriers. An order processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the data controller. Order processors do not use the data for their own purposes; instead, they perform the data processing exclusively for the data controller and are contractually obligated to take appropriate technical and organizational measures to ensure data protection. Aside from that, we may transfer your personal data to bodies such as postal and delivery services, principal banks, tax consultants/public accountants, or the tax authorities. The following information may indicate additional recipients.
5. Data transfer to third countries
Visiting our website may be accompanied by the transfer of certain personal data to third countries, i.e., countries in which the GDPR is not applicable law. This kind of transfer is permissible if the European Commission has determined that an appropriate level of data protection is provided in such a third country. If no such adequacy decision is available from the European Commission, the personal data is only transferred to a third country if appropriate safeguards in accordance with Article 46 GDPR are in place, or if one of the conditions of Article 49 GDPR is met.
Unless stated otherwise below, we use the standard EU contractual clauses for the transfer of personal data to order processors in third countries: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.
If you consent to the transfer of personal data to third countries, the transfer is performed on the legal basis of Article 49 (1) (a) GDPR.
6. Processing within the exercise of your rights
If you exercise your rights in accordance with Articles 15 to 22 GDPR, we will process the personal data transferred to us for the purpose of implementing these rights and to be able to furnish proof thereof. Data which we store for the purpose of preparing and providing information will only be processed by us for this purpose as well as for purposes of data protection control; apart from that, we will restrict processing in accordance with Article 18 GDPR.
This processing is performed on the legal basis of Article 6 (1) (c) GDPR in conjunction with Article 15 to 22 GDPR and Section 34 (2) BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
· In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information about whether and, if applicable, to what extent we process personal data in relation to you.
· You have the right to demand that we correct your data in accordance with Article 16 GDPR.
· You have the right to demand that we delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
· You have the right to demand the restriction of the processing of your personal data in accordance with Article 18 GDPR.
· In accordance with Article 20 GDPR, you have the right to obtain the personal data concerning you, which you made available to us, in a structured, common and machine-readable format and to transmit this data to another responsible person.
· If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Article 7 (3) GDPR. This will not affect the lawfulness of any processing performed on the basis of the consent that is carried out previous to such a revocation.
· According to Article 77 GDPR, if you believe that the processing of data relating to you violates the regulations of the GDPR, you have the right to lodge a complaint with a supervisory authority.
You can also use our support tool to exercise your rights.
8. Right to object
According to Article 21 (1) GDPR, you have the right to object to data processing performed on the legal basis of Article 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Article 21 (2) and (3) GDPR.
You can also use our support tool to exercise your right to object.
9. Data protection officer
You can reach our data protection officer with the following contact information:
DPO: Deloitte AB
Rehnsgatan 11, 113 79 Stockholm – Sweden
Email: [email protected]
II. Data processing on our websites and when using our “Shakes & Fidget” game
When you use our websites or our “Shakes & Fidget” game, we collect information which you provide to us. During your visit to the website, we also automatically collect certain information about your use of the website. In the Data Protection Act, the IP address is also fundamentally considered to be personal data. An IP address is assigned by the Internet provider to any device connected to the Internet in order for it to send and receive data.
1. Processing of server log files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (meaning, not via a registration). By default, this includes: Browser type/version, operating system, accessed page, previously visited page (referrer URL), IP address, date and time of the server access, and HTTP status code. The processing is performed to protect our legitimate interests and is carried out on the legal basis of Article 6 (1) (f) GDPR. This processing is for the purpose of the technical management and security of the website. The stored data is deleted at regular intervals unless there is a justified suspicion of unlawful use based on specific indications, which would make further examination and processing of the information necessary for this reason. We are unable to identify you as the data subject on the basis of the stored information. Articles 15 to 22 GDPR therefore are not applicable pursuant to Article 11 (2) GDPR unless, in order to exercise your rights stated in these articles, you provide additional information that enables your identification.
3. Consent management tool
Our websites use a consent management banner to control cookies. The consent banner enables users of our website to consent to certain data processing operations or revoke previously given consent. By confirming the “I accept” button or by saving individual cookie settings, you consent to the use of the associated cookies. Your consent is the legal basis under data protection regulations in line with Article 6 (1) (a) GDPR.
The banner also helps us to provide evidence of a declaration of consent. For this purpose, we process information about the declaration of consent and additional log data on this declaration. Cookies are also used to collect this data.
Processing this data is necessary so that the giving of consent can be proven. The legal basis arises from our legal obligation to document your consent (Article 6 (1) (c) in conjunction with Article 7 (1) GDPR).
4. Contact options and inquiries
Our websites and apps include contact forms which you can use to send us messages. In this process, the transfer of your data is encrypted (this can be recognized by the “https” in your browser’s address bar). All data fields marked as mandatory are required to process your request. If these fields are not provided, we will not be able to work on your request. The provision of additional data is voluntary. Alternatively, you can send us a message to the contact email address. We will process the data for the purpose of answering your inquiry. If your inquiry concerns the conclusion or performance of a contract with us, Article 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we will process the data on the basis of our legitimate interest in establishing contact with inquiring persons. In that case, the legal basis for the data processing is Article 6 (1) (f) GDPR.
5. Processing of personal data when using our “Shakes & Fidget” game
When you create a user account for our Games, we assign it a unique number. We store the username and password you chose as well as the email address you entered, unless you sign in via Facebook login (for third-party logins, see section 3 for more information). The provision of this data is a prerequisite for concluding a contract. We use a double opt-in procedure to verify whether the email address you provide really belongs to you.
Participation is not a prerequisite for using our games. However, we recommend it because we can only use validated email addresses to send you important messages such as login confirmations, password changes, or occasional information about the games you play. The legal basis for the latter direct advertising is Article 6 (f) GDPR. We may also use your hashed email address to advertise our games via social networks so long as the hash method used does not allow for retroactive decryption.
We store the originating IP address and the time at which the registration is made. We also store the originating IP address and the time when you validate your email address. This is to comply with our burden of proof, to ward off attacks against our system, and to ensure compliance with the rules of the game.
When you use our games, your device communicates with our servers. In that context, we record signing in and signing out times of your user account, as well as any relevant IP addresses. This can be the IP address of your telecommunications connection or of your mobile device. We process this data in order to handle violations of our T&Cs and playing rules, and to comply with the requirements of law enforcement authorities.
You can also communicate with other users in our games and may divulge personal information. In regards to this, we advise that you exercise caution. If you receive messages from other users, they will be saved to your user account. This allows you to view all the messages you have received in the game. Deleting messages in the game will also delete them from your user account.
Apart from this, the processing of personal data during the registration and use of our “Shakes & Fidget” game is performed to fulfill our contract and is carried out on the legal basis of Article 6 (1) (b) GDPR.
6. Login through third-party providers
When creating a user account for our games, you can either enter your information manually or use data already provided to a third party.
If you are using Facebook Login, Facebook (Facebook, Inc.) will send the information from your public Facebook profile and your email address to us once you have consented to this data transfer. The public information transferred in such a manner consists of your ID, name, first_name, last_name, link, gender, locale, time zone, updated_time, and verified. This transmitted information will be used to create a new user account in the playing environment you select. The data is transferred to us once. Of the transferred data, we save only the Facebook Token and the Facebook ID, since these are required for logging in to one of our games. We do not obtain knowledge of your Facebook password. However, Facebook may save data about your use of our games.
You can also create a user account for our games on Steam (Steam is a product owned by Valve Corporation; for more information, please visit http://store.steampowered.com/subscriber_agreement/). In this case, we do not receive any personal data.
The processing of personal data is performed to fulfill our contract and is carried out on the legal basis of Article 6 (1) (b) GDPR.
7. Additional content
Goodgame Studios is responsible for the technical side of processing the payment. In this event, we may transfer data to other service providers to the extent necessary to determine the price, for billing, and for payment collection. Specifically, this data includes your alias, the game world on which you created your user account, the language settings, and your pre-selection (if any). Any personal data that you provide to the service provider, in particular your name, address, and payment information, will not be forwarded to us.
After payment has been processed, we receive and store an acknowledgement from the respective service provider. This acknowledgement contains information that allows us to verify the status of the respective transaction. This is necessary in order to provide the agreed and paid for service and, if necessary, provide customer service.
The processing of personal data is performed to fulfill our contract and is carried out on the legal basis of Article 6 (1) (b) GDPR.
Our “Tube” allows players to watch commercials. This feature will show videos from changing third-party providers, in particular those of Fyber N.V., Wallstraße 9–13, 10179 Berlin, Germany. By default, the Tube is deactivated and no data is transferred to third parties. A transfer will only occur after consent in accordance with Article 6 (1) (a) GDPR. If players decide to watch a commercial, we will send the player's IP address and an advertising ID to the third-party provider. Once a video has been watched, the provider sends us a confirmation so that we can credit the player the respective in-game bonus (“Lucky Coins” for the Wheel of Fortune). For more information on how Fyber protects your data, please visit https://www.fyber.com/legal/gdpr-faqs/). You can deactivate the Tube in the in-game settings, thereby revoking your consent.
On our website we offer the option of subscribing to our newsletter. After you subscribe, we will regularly inform you about the latest news regarding our offers. A valid email address is required to subscribe to the newsletter. To verify the email address, you will first receive a registration email with a link for your confirmation (double opt-in). If you subscribe to the newsletter on our website, we will process personal data such as your email address and name on the basis of the consent you have given us. The processing is carried out on the legal basis of Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future, for example, through the “Unsubscribe” link in the newsletter or by contacting us via the above-mentioned channels. The legality of the already performed data processing operations remains unaffected by the revocation. When you subscribe to the newsletter, we also store the IP address, date, and time of registration. Processing this data is necessary so that the giving of consent can be proven. The legal basis arises from our legal obligation to document your consent (Article 6 (1) (c) in conjunction with Article 7 (1) GDPR).
We also analyze the reading behavior and opening rates pertaining to our newsletter. For this purpose, we collect and process pseudonymous usage data, which we do not amalgamate with your email address or IP address. The legal basis for the analysis of our newsletter is Article 6 (1) (f) GDPR and the processing serves our legitimate interest in optimizing our newsletter. You may object to this at any time via one of the contact channels mentioned above.
10. Analysis, tracking, & retargeting
a. Facebook Pixel
- Information on the actions and activities of the visitors to our website, such as searching for and viewing a product or buying a product;
- Specific Pixel information such as the Pixel ID and Facebook cookie;
- Information on buttons that were clicked by the website visitors;
- Information contained in the HTTP header, such as IP addresses, information about the web browser, the page location, and referrer;
- Information on the status of disabling/limiting ad tracking.
Some of this event data is information stored in the end device you use. Additionally, Facebook Pixel sets cookies in which information is stored on your end device. This storage of information by Facebook Pixel or access to information already stored in your end device only occurs with your consent.
Tracked conversions appear in the dashboard of our Facebook Ad Manager and Facebook Analytics. There we can use the tracked conversions to measure the effectiveness of our ads, to set custom audiences for ad targeting, for dynamic ad campaigns and to analyze the effectiveness of the conversion funnels of our website. The features we use via Facebook Pixel are described in more detail below.
Processing of event data for advertising purposes
The event data collected via Facebook Pixel is used for the targeting of our ads and improvement of the ad delivery, for the personalization of features and content, and for the improvement and security of the Facebook products.
For this purpose, event data is collected on our website via Facebook Pixel and transmitted to Facebook Ireland. This is only carried out if you have previously given your consent to this. For that reason, the legal basis for the collection and transmission of personal data by us to Facebook Ireland is Article 6 (1) (a) GDPR.
We and Facebook Ireland perform the collection and transmission of the event data as joint controllers. As joint controllers, we have entered into a data processing agreement with Facebook Ireland which defines the allocation of the data protection obligations between us and Facebook Ireland. Among other things, we and Facebook Ireland have agreed
- that we are responsible for providing you with all information about the joint processing of personal data in accordance with Article 13, 14 GDPR;
- that Facebook Ireland is responsible for enabling the rights of data subjects in accordance with Articles 15 to 20 GDPR with respect to the personal data stored by Facebook Ireland after the joint processing.
You can access the agreement that we concluded with Facebook Ireland at https://www.facebook.com/legal/controller_addendum.
Facebook Ireland is solely responsible for the processing of the transmitted event data following the transmission. You can find further information on how Facebook Ireland processes personal data, including the legal basis relied on by Facebook Ireland and the options to exercise your rights against Facebook Ireland in the data policy of Facebook Ireland under https://www.facebook.com/about/privacy.
Processing of event data for analysis purposes
We also commissioned Facebook Ireland to prepare reports about the effect of our ad campaigns and other online content based on the event data collected by Facebook Pixel (campaign reports) and to provide analyses and insights about users and their use of our website, products, and services (analyses). For this purpose, we transmit personal data contained in the event data to Facebook Ireland. As our order processor, Facebook Ireland processes the transmitted personal data to prepare the campaign reports and analyses for us.
The processing of personal data for the preparation of analyses and campaign reports is carried out only if you have previously given your consent to this. For this reason, the legal basis for this processing of personal data is Article 6 (1) (a) GDPR.
A transmission of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transmission is provided by the standard contractual clauses for the transmission of personal data to order processors in third countries. In this regard, please note the information in the section “Data transfer to third countries”.
11. TikTok Custom Audiences
We use the TikTok product Custom Audiences (customer file) of the two providers
· TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
· TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (hereinafter both are collectively referred to as “TikTok”).
The product TikTok Custom Audiences (customer file) enables us to transmit contact information about the users of one of our games to TikTok. TikTok will check this contact information on our behalf against data about users who are already using TikTok services, such as the video portal with the same name, to create so-called Custom Audiences for the purpose of displaying targeted advertisements. A Custom Audience is a particular target group which is shown additional ads on TikTok’s services on the basis of existing interest in our offers and products.
The contact information we transmit to TikTok in order to create Custom Audiences consists only of the device ID of an end device used while accessing our games. Here, we use only the device ID of end devices that use the Android operating system. The device ID is pseudonymized locally on our system via a so-called hash function before being transmitted to TikTok for the creation of the Custom Audiences. TikTok uses this data for us as an order processor. As an order processor, TikTok does not use the data for its own purposes; instead, it performs the data processing exclusively for us and is contractually obligated to take appropriate technical and organizational measures to ensure data protection.
The device ID is information stored in the end device that you use. The device ID that is already stored in your end device is only accessed, and this information is only used further, if you have not objected to this. The processing serves our legitimate interest in displaying targeted advertising for our products. For that reason, the required legal basis for the collection and transmission of the device ID by us to TikTok and its use to create Custom Audiences is Article 6 (1) (f) GDPR.
When the TikTok product Custom Audiences (customer file) is used, a transmission of data to a TikTok entity in a third country in which European data protection law is not applicable cannot be ruled out. The legal basis for this transmission is provided by the standard contractual clauses for the transmission of personal data to order processors in third countries, which you can access at the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087
Find further information on how TikTok uses personal data can be found in TikTok’s data policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE .
12. Cloudflare for content integration
We use the Cloudflare service from Cloudflare Inc. (USA) on our website to display content. This integration technically requires the processing of your IP address so that content can be sent to your browser. For this reason, your IP address is transmitted to Cloudflare. This data processing is performed to protect our legitimate interests in the optimization and economical operation of our website and is carried out on the legal basis of Article 6 (1) (f) GDPR. You can object to this data processing at any time via the settings in your browser or certain browser extensions. One of these extensions, for example, is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may lead to functional limitations on the website.
In this regard, please note the information in the section “Data transfer to third countries”. Additional information on data protection at Cloudflare can be found in Cloudflare’s privacy statement: https://www.cloudflare.com/privacypolicy/.
13. Google Fonts for content integration
On our website we use Google Web Fonts from Google Ireland Limited (Ireland/EU) to display fonts. This integration technically requires the processing of your IP address so that content can be sent to your browser. For this reason, your IP address is transmitted to Google. This data processing is performed to protect our legitimate interests in the optimization and economical operation of our website and is carried out on the legal basis of Article 6 (1) (f) GDPR. You can object to this data processing at any time via the settings in your browser or certain browser extensions. One of these extensions, for example, is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may lead to functional limitations on the website.
When using Google services, a transmission of data to Google Inc. in the USA cannot be ruled out. Additional information on data protection at Google can be found in Google’s privacy statement: https://www.google.com/policies/privacy .
III. Data processing on our social media pages
We are represented by company pages on several social media platforms. We use these to offer additional opportunities to get and exchange information about our company. Our company has company pages on the following social media platforms:
When you visit a profile on a social media platform or interact with it, personal data about you may be processed. The information associated with the social media profile you use also regularly consists of personal data. This also captures news and statements made while using the profile. Additionally, certain information is often automatically collected about your visit to a social media profile whenever you use it, which may also constitute personal data.
1. Visiting a social media page
a. Facebook and Instagram page
When you visit our Facebook or Instagram page, which we use to present our company or individual products from our offers, certain information about you is processed. Facebook Ireland Ltd. (Ireland/EU – “Facebook”) is the sole controller of this processing of personal data. You can find more information about the processing of personal data by Facebook at https://www.facebook.com/privacy/explanation . Facebook offers the possibility to opt out of certain data processing; information and opt-out features can be found at https://www.facebook.com/settings?tab=ads .
b. LinkedIn company page
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole controller for processing personal data when visiting our LinkedIn page. You can find more information about the processing of personal data by LinkedIn at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy .
When you visit our LinkedIn company page, follow this page, or interact with this page, LinkedIn processes personal data to provide us with statistics and insights in anonymized form. This helps us gain information about the type of actions carried out by people on our page (so-called page insights). For this purpose, LinkedIn particularly processes data that you have already provided to LinkedIn through the information in your profile, such as data on position, country, industry, years of employment, company size, and employment status. Additionally, LinkedIn processes information about how you interact with our LinkedIn company page, e.g., whether you follow our LinkedIn company page. LinkedIn does not provide us with any personal data about you with the page insights. We can only access the summarized page insights. It is also not possible for us to draw conclusions about individual members from the information in the page insights. This processing of personal data for the page insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions performed on our LinkedIn company page and in improving this company page on the basis of these insights. The legal basis for this processing is Article 6 (1) (f) GDPR. As joint controllers, we have entered into a data processing agreement with LinkedIn which defines the allocation of the data protection obligations between us and LinkedIn. This agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum . Accordingly, the following applies:
· LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority that monitors the processing for the page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.
TikTok Technology Limited (Ireland/EU) is the sole controller for the processing of personal data by TikTok. You can find more information about the processing of personal data by TikTok Technology Limited at https://www.tiktok.com/legal/privacy-policy?lang=de .
New Work SE (Germany/EU) is the sole controller for processing personal data when visiting our Xing profile. You can find more information about the processing of personal data by New Work SE at https://privacy.xing.com/de/datenschutzerklaerung .
Twitch Interactive, Inc. (USA) is the sole controller for processing personal data when visiting our Twitch channel. You can find more information about the processing of personal data by Twitch Interactive, Inc. or Google Ireland Limited at https://www.twitch.tv/p/de-de/legal/privacy-notice/ .
Google Ireland Limited (Ireland/EU) is the sole controller for processing personal data when visiting our YouTube channel. You can find more information about the processing of personal data by YouTube or Google Ireland Limited at https://policies.google.com/privacy .
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. This information might include the username, contact information, or a message to us. We are the sole controllers of these processing operations by us. We process the data on the basis of our legitimate interest in establishing contact with inquiring persons. The legal basis for the data processing is Article 6 (1) (f) GDPR. There may be further data processing if you have consented to this (Article 6 (1) (a) GDPR) or if this is required for the fulfillment of a legal obligation (Article 6 (1) (c) GDPR).
IV. Data processing via our mobile apps
In addition to our other online offers, we also make our “Shakes & Fidget” computer game available as mobile apps that you can download to your mobile end device. Below, we inform you about the additional collection and processing of personal data when using “Shakes & Fidget” on our mobile app.
1. Download of the app
When you download the app, certain required information is transmitted to the app store you select (e.g., Google Play or Apple App Store). In particular, your user name, email address, customer number of your account, time of the download, and individual device number may be processed. The processing of this data is performed exclusively by the provider of the respective app store and is beyond our control.
2. Automatic processing of personal data when using the app
When the mobile app is used, we collect the personal data described below in order to enable the convenient use of the features. If you want to use our mobile app, we collect the following data that is technically necessary for us to offer you the features of our mobile app and safeguard its stability and security.
· IP address
· Date and time of the request
· Time zone difference to Greenwich Mean Time (GMT)
· Content of the request (specific page)
· Access status/HTTP status code
· Amount of data transferred
· Website from which the request originates
· Operating system and interface
· Language and version of the browser software.
The legal basis for the processing of this data is Article 6 (1) (f) GDPR.
3. Permissions on the end device when using the app
Use of the app may require access to certain functions of the end device in use. For this purpose, the app requires the following permissions:
Internet access: This is required so the app can access the game server.
4. Login through third-party providers
5. Push notifications
We store Push Tokens in order to be able to send Push Messages to your Android or Apple device. We may also use this technology for other platforms in the future. You can manage Push Messages under “Options” or “Settings” in the mobile app or in your device settings.
The legal basis for the processing of this data is Article 6 (1) (f) GDPR.
6. Game Analytics
We use the tracking tool “Game Analytics” from GameAnalytics ApS, Vesterbrogade 34, 4th Floor, DK-1620 Copenhagen V, Denmark, in some of our apps to continuously improve them.
Game Analytics collects the IP address, UDI (Unique Device Identifier), platform (iOS or Android), the device and its operating system, as well as the time of the first app use.
The processing is performed to serve our legitimate interests in the analysis of our game use and is carried out on the legal basis of Article 6 (1) (f) GDPR.
We use the AppsFlyer analytical service by AppsFlyer Ltd. (Israel). We use the AppsFlyer service to measure the success of our campaigns. We receive the information from AppsFlyer in aggregate form. To track the use of a mobile app, we transmit AppsFlyer information regarding downloads and installations as well as regarding “in-app events”, such as in-app purchases. You can opt out of the data compilation and storage by AppsFlyer at any time with effect for the future by following the instructions at https://www.appsflyer.com/optout.
AppsFlyer receives information from the data transmitted by SDKs (Software Development Kits) in a mobile end-user application to servers. The data collected by the SDK includes information such as IP addresses (anonymized), browser, platform, SDK version, anonymized user ID, time key, developer key, application version and device identifiers (such as Identifier For Advertisers), Google advertising ID, device model, device manufacturer, operating system version, in-app events, and network status (WLAN/3G). We consider the end user data collected by the AppsFlyer platform representative for the analysis of our applications.
This processing is performed to serve our legitimate interests in the marketing of our apps and is carried out on the legal basis of Article 6 (1) (f) GDPR.
V. Other data processing
1. Contact via email
When you send us a message via the provided contact email, we will process the transmitted data for the purpose of answering your inquiry. We process the data on the basis of our legitimate interest in establishing contact with inquiring persons. The legal basis for the data processing is Article 6 (1) (f) GDPR.
2. Use of the email address for marketing purposes
We may use the email address that you entered during the registration or order placement in order to inform you about similar products and services offered by us. The legal basis for this is Article 6 (1) (f) GDPR in conjunction with Section 7 Article 3 of the German Act Against Unfair Practices (UWG). You have the right to object to this at any time without incurring any costs other than the transmission costs in accordance with basic rates. To do this, you can unsubscribe by clicking on the link provided in every email.
If you participate in sweepstakes, we will process your personal data to execute and process the sweepstakes. This includes particularly the selection of the winners, the notification of winning a prize, and the delivery of the prize. If the delivery or provision of certain prizes is carried out via another company (such as a subsidiary or other cooperative partner), we will transmit the required extent of the winner’s data to this company. After the sweepstakes have been completed, we will delete the data, unless there are legal retention periods that prevent the immediate deletion. The legal basis for the processing is Article 6 (1) (b) GDPR.
If you apply for a job at our company, we will process your application data exclusively for purposes related to your interest in current or future employment at our company and the processing of your application. Only the relevant representatives at our company will process and take notice of your application. All employees who are entrusted with data processing are bound to maintain the confidentiality of your data. If we are unable to offer you employment, we will store the data you transmitted to us for up to six months following the potential rejection. We do this for the purpose of answering questions related to your application and rejection. This does not apply if a deletion is prevented by legal provisions, if further storage is necessary for the purpose of furnishing proof, or if you expressly consented to a longer storage period. The legal basis for the data processing is Section 26 (1) sentence 1 BDSG. If we store your application data for more than six months and you expressly consented to this, we hereby point out that this consent can be freely revoked at any time in accordance with Article 7 (3) GDPR. This will not affect the lawfulness of any processing performed on the basis of the consent that is carried out previous to such a revocation.
Current as of: June 2021