Privacy Policy for online services

Valid as of August 22, 2018. – Previous version

The use of this website may involve the processing of personal information. Our intention is for the following information to provide you with an overview of these processes so that you can understand them. In order to ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

Goodgame Studios (Altigi GmbH), Theodorstrasse 42-90, Haus 9, 22761 Hamburg (hereinafter referred to as “we” or “us”) is responsible for the data processing.

Table of Contents:

  1. Contact Us
  2. General Information on the Processing of Personal Data
  3. Duration of Storage
  4. Transmission of data
  5. Contact Form
  6. Registration and Login
  7. Facebook Connect
  8. Data Processing in our Games
  9. Payments made on our Website
  10. Community (Forum)
  11. Publisher Backend
  12. Job Applications
  13. Newsletter
  14. Surveys
  15. Processing Server Log Files
  16. Combating Fraud
  17. Cookies
  18. Facebook (Visitor Action Pixel)
  19. Google Analytics
  20. Google Marketing Services
  21. Microsoft Bing Ads
  22. Twitter Conversion Tracking
  23. Taboola
  24. Integrated Services and Third Party Content
  25. Your Rights
  26. The Right to Object
  27. Minor’s privacy
  28. Data Protection Officer
  29. Complaints to Government Authorities

 

1.      Contact Us

If you have any questions or suggestions about this information or would like to contact us to exercise your rights, please contact us via: https://support.goodgamestudios.com/

2.      General Information on the Processing of Personal Data

The use of the products and services we offer may result in the processing of personal data. The term “personal data” under data protection law refers to all information relating to a specific or identifiable person. An IP address can also be considered personal data. An IP address is assigned to each device connected to the internet by the internet service provider, so that it can send and receive data. When you use the website, we collect data that you provide yourself. In addition, when you use the website, we automatically collect certain information about your use of it.

We process personal data in compliance with the relevant data protection regulations of the GDPR and the German BDSG. We will only process data where we are legally permitted to do so. When you use this website, we will process personal data only with your consent (Art. 6 paragraph 1 sentence 1 letter a GDPR), for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Art. 6 paragraph 1 sentence 1 letter b GDPR), for compliance with a legal obligation (Art. 6 paragraph 1 sentence 1 letter c GDPR) or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 paragraph 1 sentence 1 letter f GDPR).

3.      Duration of Storage

Unless otherwise stated in the following sections, we will store the data only as long as necessary to achieve the purpose of processing or to fulfill our contractual or statutory obligations.

4.      Transmission of data

Unless otherwise stated in the following sections, data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers will only process the data after having received express instructions and they are contractually obliged to guarantee adequate technical and organizational measures for data protection.

Insofar as we refer to integrated services of other providers in this Data Protection Declaration, it can be assumed that personal data will be transmitted to the specified headquarters of these providers. These providers may be based in a so-called third country outside the European Union or the European Economic Area. Further information can be found in the sections describing each service.

5.      Contact Form

Our website contains a contact form with which you can send us messages. The transfer of your data is encrypted.

The legal basis for processing this data is Art. 6 paragraph 1 sentence 1 letter b GDPR. All data fields marked as mandatory are required for processing your request. If they are not provided, your request cannot be carried out. The provision of any additional data is voluntary. Alternatively, you can also send us a message to the contact e-mail address.

6.      Registration and Login

In order to use certain functions within the app, registration via the website is required. The information required can be seen on the registration screen. It is absolutely essential to provide the information marked as mandatory in order for you to complete the registration process. The data provided will be processed for the purpose of providing the service. The legal basis of this processing is Art. 6 paragraph 1 sentence 1 letter b GDPR. We store your data for as long as you are registered with us, unless you delete it beforehand.

7.      Facebook Connect

We also offer you the option of easier registration for our games and services through Facebook. You can use your existing Facebook user account for this purpose. By clicking the “Log in with Facebook” link, you can use this registration method via our online portal. To do this, you need to already have a Facebook account or have access to Facebook.

If you would like to register for one of our services using your Facebook account, the first step in the registration process will immediately redirect you to Facebook. Facebook will then ask you to log in or to register. Under no circumstances will we receive your personal access data (user name and password).

In a second step, you will connect your Facebook profile with the service for which you would like to register. At this point, you will be told what data from your Facebook profile will be transmitted to us. This information is usually your “public information” on Facebook and information which you have made available to the public or authorized for the application in question. Information of this type generally includes your name, profile picture and cover photo, your gender, your networks, your username (Facebook URL), and your user ID number (Facebook ID). We will also use the email address you have saved with Facebook in order to contact you outside of Facebook. You can see an overview of information in your profile that is available to the public via the General Account Settings menu of your Facebook profile (https://www.facebook.com/settings?tab=applications).

The legal basis for data collection and storage is your consent, within the meaning of Art. 6 paragraph 1 sentence 1 letter a GDPR. If you would like to remove the connection between Facebook Connect and our service, please log in to Facebook and make the required changes to your profile. We will then no longer have the right to use information from your Facebook profile.

8.      Data Processing in our Games

In our games we are able to track and evaluate various actions at the player level. This especially includes contact data provided during registration and your actions during the games. For this purpose, we collect your connection data, such as your IP address. We need to be able to process this information to execute gaming operations. It is, therefore, processed on the basis of Art. 6 paragraph 1 sentence 1 letter b GDPR

9.      Payments made on our Website

In principle, you can enjoy our games without having to provide personal contact data. If you pay for chargeable activities in our games, your personal data will be collected by the corresponding payment service providers listed.

All payment-relevant data, such as your contact and payment data, are initially collected and processed by the corresponding payment provider. The legal basis for this data processing is Art. 6 paragraph 1 sentence 1 letter b GDPR.

For payments, we collect the geolocation of your IP address, which allows us to determine in which country you are located. The legal basis for this data collection is Art. 6 paragraph 1 sentence 1 letter c GDPR, as the processing is necessary for compliance with a legal obligation. The legal obligation arises from Directive 2006/112/EC (MOSS Directive).

We also receive information from payment providers related to payment fraud prevention. The legal basis for this data collection is Art. 6 paragraph 1 sentence 1 letter f GDPR, as the processing serves the legitimate interests of our company.

10. Community (Forum)

To use our forums, you must provide personal registration data, such as your user name and e-mail address. The e-mail address is not visible to other users. Registration is necessary to be able to punish possible infringements of our Community guidelines by excluding those responsible from the forum. The legal basis for the storage of this data is Art. 6 paragraph 1 sentence 1 letter b GDPR.

Our forum is monitored by moderators. In order to prevent and punish serious violations, we monitor your IP address. The collection of this information to combat fraud is based on our legitimate interests in accordance with Art. 6 paragraph 1 sentence 1 letter f GDPR, and serves to protect our forum. We expressly reserve the right to delete your comments if they are objected to as unlawful by third parties. You can object to this storage of the aforementioned data at any time.

11. Publisher Backend

Our company operates what is referred to as a “Publisher Backend”, in which companies and private individuals can register to participate in our Publisher Program. For this purpose, we collect and process your contact and payment data, which we require in accordance with Art. 6 paragraph 1 sentence 1 letter b GDPR for the performance of the respective contractual relationship.

12. Job Applications

You can apply for a job with us through our website in the “career” section. To this end, we collect personal contact data from you, which specifically includes your name, your CV, your cover letter and other content provided by you.

Your personal application data will only be collected, stored, processed and used for purposes in connection with your interest in current or future employment with us and the actual processing of your application. Your online application will only be processed and handled by the relevant contact people in our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.

We use Lever Inc:’s software for application processing (989 Market Street, #500, San Francisco, CA 94103, “Lever”). We ensure the adequacy of data transfer to the USA, a third country, by agreeing standardized EU contractual clauses with Lever.

The legal basis for this data collection is Section 26 BDSG 2018.

13. Newsletter

In the following section, we will inform you about our newsletter as well as other types of business emails and electronic communications and your right to object. By subscribing to our newsletter, you agree to receive it and you agree to the processes described below. The legal basis is your consent pursuant to Art. 6 paragraph 1 sentence 1 letter a GDPR and Section 7 paragraph 2 no. 3 of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG).

We do not include the following information under the term “advertising communication”: Information about technical and organizational processes and information relating to the provision of services to our users.

To subscribe to our newsletter, use the double opt-in procedure, which serves to confirm your e-mail address. This confirmation is required so that no one can register with an e-mail address that does not belong to them. Subscriptions to the newsletter are logged in order to be able to provide evidence of the registration process in accordance with statutory requirements. This includes the storage of the login itself, the time of confirmation, as well as the IP address. Any changes to your data stored with the service provider that sends the newsletters are also logged. Newsletters are sent with the help of an EU-based external service provider, whom we have engaged to process orders in accordance with statutory requirements.

The newsletters contain cookies that are retrieved by the server of the service provider that sends the newsletter, as soon as the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for technical improvement or to analyze the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or access times. The statistical data collection also includes determining if and when the newsletters are opened and which links are clicked and when they are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. These analyses are primarily intended to help us to identify the reading habits of our users and to adapt our content to them or to send different content based on user interests. The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR.

You can stop receiving our newsletter at any time in the future just by letting us know that you wish to cancel. You can do so easily by using the link at the bottom of each of our communications or by using our support form. Unfortunately, you cannot request separate cancellations for the service provider that sends the newsletter or for the statistical analysis. If you wish to cancel, you must cancel the entire subscription.

14. Surveys

We conduct occasional customer satisfaction surveys for our games. For this purpose, we collect and process your contact data as provided in the surveys.

The legal basis for the use of this information is your consent in accordance with Art. 6 paragraph 1 sentence 1 letter a GDPR. Your participation in the survey is voluntary. Your consent to its use may be revoked at any time.

We use the services of SurveyMonkey Inc (San Mateo, One Curiosity Way, San Mateo, California 94403, “SurveyMonkey”) to conduct the surveys. SurveyMonkey collects additional information from participants in the form of cookies, which are only intended to ensure that the survey service is fully usable and that the surveys run as intended.

The legal basis for processing this additional information is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not participate in our survey, no personal information will be collected.

SurveyMonkey is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation

https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

15. Processing Server Log Files

When using our website for informational purposes only, general data is initially stored automatically (i.e. not via registration) and transmitted to our server by your browser. By default, these include: The browser type/version, the operating system used, the page accessed, the page previously visited (referrer URL), the IP address, the date and time of the server request and the HTTP status code.

The processing is carried out for the purposes of our legitimate interests, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter f GDPR. This processing is used for technical administration and website security.

16. Combating Fraud

We process pseudonymous information, such as the IP address or device ID, for the analysis of signals in order to identify fraud by third parties in the context of customer acquisition. To accomplish this, we are supported by external service providers whom we have ensured are committed to the same statutory requirements.

The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR. This processing contributes to the organizational security of the website.

17. Cookies

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. Insofar as this use of cookies results in the processing of personal data, the legal basis for this is Art. 6 paragraph 1 sentence 1 letter f GDPR. This manner of processing serves our legitimate interest in making our website more user-friendly, effective and secure.

Most of the cookies we use are known as “session cookies”. They are deleted after the end of you visit. Other cookies (“persistent cookies”) are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. You can object in principle to the use of cookies through your browser settings.

18. Facebook (Visitor Action Pixel)

We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

19. Google Analytics

We use the Google Analytics service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) to analyze our website visitors. Google uses cookies. The information generated by the cookie about the use of the online product or service by users is generally transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link:  http://tools.google.com/dlpage/gaoptout?hl=en.

If you visit our website using a mobile device, you can deactivate Google Analytics by clicking on the following link: Click here.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

20. Google Marketing Services

On our website we use the marketing and remarketing services of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). These services allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through remarketing ads and products are displayed to users relating to an interest established by activity on other websites within the Google Network. For these purposes, a code is used by Google when our website is accessed and what are referred to as (re)marketing tags are incorporated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring websites, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.

All user data will only be processed as pseudonymous data. Google does not store any names or e-mail addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.

One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner websites to place ads based on users’ visits to this website or other websites on the Internet.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page:  https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google:  http://www.google.com/ads/preferences.

 

Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

21. Microsoft Bing Ads

We use the conversion and tracking tool Bing Ads from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, “Microsoft”) as part of our website. Microsoft stores a cookie on the user’s computer to enable an analysis of the use of our online services. The prerequisite for this is that the user has accessed our website through an ad from Microsoft Bing Ads. This enables Microsoft and us to know that someone has clicked on an ad, has been redirected to our online services and has reached a predetermined target page. We only see the total number of users who clicked on a Bing ad and were then forwarded to the target page (conversions). No IP addresses are stored. No other personal information about the identity of the user will be disclosed.

 

Users can find further information on data protection and the cookies used at Microsoft Bing ads in Microsoft’s data protection declaration: https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not wish to participate in the Bing Ads tracking process, you can communicate your objection to Microsoft here: http://choice.microsoft.com/de-DE/opt-out.

Microsoft is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation
(https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

22. Twitter Conversion Tracking

On our website, we use the Conversion Tracking Service of Twitter Inc. (1355 Market Street #900, San Francisco, California 94103, “Twitter”). Twitter stores a cookie on the user’s computer to enable an analysis of the use of our online products and services. Twitter Conversion Tracking tracks the actions of users after they have viewed ads or interacted with ads on Twitter. Twitter’s Conversion Tracking allows you to assign conversions such as link clicks, retweets or “like” data.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to tracking, you can do so using the Digital Advertising Alliance tool at optout.aboutads.info.

Twitter is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation: (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)

23. Taboola

Use of technologies belonging to Taboola Inc. (Taboola Inc., Atrium Tower, 2 Jabotinsky St., 32nd fl., Ramat Gan 5250501 Tel Aviv) allows us to utilize user-specific advertising based on surfing behavior and customer interests. Taboola uses cookies (or similar technologies) to determine which websites you visit frequently and record your movements on our website. Taboola gathers device-related data and protocol data and creates usage profiles using pseudonyms. The usage profiles are not merged with the data about the bearer of the pseudonym and do not allow conclusions to be drawn on personal data. To do this, we communicate your IP address to Taboola. This processing is carried on the legal basis of our legitimate economic interest (Art. 6 paragraph 1 letter f GDPR.) You can object to inclusion in the tracking via the following link: https://www.taboola.com/privacy-policy#user-choices-and-optout. Once you have successfully opted out, you will no longer see personalized content/adverts.

24. Integrated Services and Third Party Content

We use services and content provided by third parties on our website (hereinafter collectively referred to as “content”). For this kind of integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider.

In each case, this data processing is carried out to safeguard our legitimate interests in the optimization and the commercial operations of our website, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter f GDPR.

The Java programming language is regularly used to integrate content. Therefore, you can object to data processing by deactivating Java operations in your browser.

We have integrated contents from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) into our website:

  • “Google Maps” for displaying maps;
  • “Google Web Fonts” for using Google’s fonts;
  • “YouTube” for displaying videos.

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

25. Your Rights

As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not, and to what extent, we process personal data about you.
  • You have the right to have us correct your data in accordance with Article 16 GDPR.
  • You have the right to have us delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Article 18 GDPR.
  • You have the right, in accordance with Article 20 GDPR, to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
  • You can exercise your rights by contacting us via our support form.

26. The Right to Object

In accordance with Article 21 GDPR, you have the right to object to any processing operations executed that use Art. 6 paragraph 1 sentence 1 letter e and letter f GDPR as their legal basis.

27. Minor’s privacy

The Service is not targeted towards, nor intended for use by anyone under the age of 16. We do not collect personal data from any person we actually know is under the age of 16.

28. Data Protection Officer

You can reach our data protection officer at:

Altigi GmbH/Goodgame Studios

c/o Data Protection Officer / Confidential

Theodorstrasse 42-90, Haus 9

22761 Hamburg

29. Complaints to Government Authorities

If you believe that the processing of your personal data constitutes an infringement of the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.

 

Version: 08/2018

Privacy Policy for mobile applications (apps)

Valid as of August 22, 2018. – Previous version

The following information applies to all our mobile applications (apps) for smartphones and tablet PCs. The use of these apps may involve the processing of personal information. Our intention is for the following information to provide you with an overview of these processes so that you can understand them. In order to ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

Goodgame Studios (Altigi GmbH), Theodorstrasse 42-90, Haus 9, 22761 Hamburg (hereinafter referred to as “we” or “us”) is responsible for the data processing.

Table of Contents

  1. Contact Us
  2. General Information on the Processing of Personal Data
  3. Duration of Storage
  4. Transmission of Data
  5. Data Collection during Downloading
  6. Access Rights of this App
  7. Contact Form
  8. Registration and Login
  9. Facebook Connect
  10. Data Processing in our Games
  11. Payments made through our App
  12. Newsletter
  13. Surveys
  14. Processing App Log Files
  15. Combating Fraud
  16. Facebook SDK
  17. Google Marketing Services
  18. Google SDK (Firebase Analytics)
  19. AppsFlyer SDK
  20. Microsoft Bing Ads
  21. Taboola
  22. Pinterest
  23. The Right to Object
  24. Your Additional Rights
  25. Minor’s privacy
  26. Data Protection Officer
  27. Complaints to Government Authorities

 

 

1.      Contact Us

If you have any questions or suggestions about this information or would like to contact us to exercise your rights, please contact us via: https://support.goodgamestudios.com/

2.      General Information on the Processing of Personal Data

The use of the products and services we offer may result in the processing of personal data. The term “personal data” under data protection law refers to all information relating to a specific or identifiable person. An IP address can also be considered personal data. An IP address is assigned to each device connected to the internet by the internet service provider, so that it can send and receive data. When you use the apps, we collect data that you provide yourself. In addition, when you use the app, we automatically collect certain information about your use of it.

We process personal data in compliance with the relevant data protection regulations of the GDPR and the German BDSG. We will only process data where we are legally permitted to do so. When you use these apps, we will process personal data only with your consent (Art. 6 paragraph 1 sentence 1 letter a GDPR), for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Art. 6 paragraph 1 sentence 1 letter b GDPR), for compliance with a legal obligation (Art. 6 paragraph 1 sentence 1 letter a GDPR) or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 paragraph 1 sentence 1 letter f GDPR).

3.      Duration of Storage

Unless otherwise stated in the following sections, we will store the data only as long as necessary to achieve the purpose of processing or to fulfill our contractual or statutory obligations.

4.      Transmission of Data

Unless otherwise stated in the following sections, data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers will only process the data after having received express instructions and they are contractually obliged to guarantee adequate technical and organizational measures for data protection.

Insofar as we refer to integrated services of other providers in this Data Protection Declaration, it can be assumed that personal data will be transmitted to the specified headquarters of these providers. These providers may be based in a so-called third country outside the European Union or the European Economic Area. Further information can be found in the sections describing each service.

5.      Data Collection during Downloading

When downloading the app, no information is actively transferred by us to the app store involved (Apple App Store, Google Play, Amazon App Store, Samsung App Store, etc.). If you want to know what data is collected and processed by a given app store during the downloading process, please consult their privacy policy. We have no control over any data collection by app stores. They are solely responsible for the processing of any of your personal data within the meaning of Article 7(4) GDPR.

6.      Access Rights of this App

This app requires various access permissions from your device. These are required to maintain certain functionality of our apps. For example, if you only want to download updates using a wireless connection, the app needs access to your wireless connection. If you would like to purchase additional content via the app, we may need access to the interface required for your app store. Another example is what is referred to as “push notifications”, in which we can use an interface to display a message directly on your device. The access permissions on your mobile device are dependent on the operating system (e.g. Android, iOS, etc.) and the store where the app was purchased (e.g. Google Play Store, Apple App Store, Amazon, etc.). As a rule, you will receive information prior to the installation as to which access permissions are required by our app.

The legal basis for the processing of technically necessary access permissions is Art. 6 paragraph 1 sentence 1 letter b GDPR. All further access permissions are based on Art. 6 paragraph 1 sentence 1 letter f GDPR.

Under “Settings” in Apple iOS, you can get an overview at any time of the content that our apps can access. You can restrict these access permissions at a later point in time.

In Android, various access permissions are also needed on your mobile device. Under “Settings/Apps” you can subsequently check the access rights of our apps.

7.      Contact Form

Our app contains a contact form with which you can send us messages. The transfer of your data is encrypted.

The legal basis for processing this data is Art. 6 paragraph 1 sentence 1 letter b GDPR. All data fields marked as mandatory are required for the execution of the contract. If they are not provided, the contractual services cannot be carried out. The provision of any additional data is voluntary. Alternatively, you can also send us a message to the contact e-mail address.

8.      Registration and Login

In order to use certain functions of the app, registration within the app is required. Upon completion of the registration process, a contract of use is entered into.

In the context of this use, only the information you provide is processed. This information can be seen on the registration screen. The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b GDPR. It is absolutely essential to provide the information marked as mandatory in order to establish the user relationship. The data provided will only be processed for the purposes stated in the terms of use and they will only be stored for the duration of use. You may terminate your use at any time by deactivating your user account.

9.      Facebook Connect

We also offer you the option of easier registration for our games and services through Facebook. You can use your existing Facebook user account for this purpose. By clicking the “Log in with Facebook” link, you can use this registration method via our online portal. To do this, you need to already have a Facebook account or have access to Facebook.

If you would like to register for one of our services using your Facebook account, the first step in the registration process will immediately redirect you to Facebook. Facebook will then ask you to log in or to register. Under no circumstances will we receive your personal access data (user name and password).

In a second step, you will connect your Facebook profile with the service for which you would like to register. At this point, you will be told which data from your Facebook profile will be transmitted to us. This information is usually your “public information” on Facebook and information which you have made available to the public or authorized for the application in question. Information of this type generally includes your name, profile picture and cover photo, your gender, your networks, your username (Facebook URL), and your user ID number (Facebook ID). We will also use the email address you have saved with Facebook in order to contact you outside of Facebook. You can see an overview of information in your profile that is available to the public via the General Account Settings menu of your Facebook profile (https://www.facebook.com/settings?tab=applications).

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

The legal basis for data collection and storage is your consent, within the meaning of Art. 6 paragraph 1 sentence 1 letter a GDPR. If you would like to remove the connection between Facebook Connect and our service, please log in to Facebook and make the required changes to your profile. We will then no longer have the right to use information from your Facebook profile.

10. Data Processing in our Games

In our games we are able to track and evaluate various actions at the player level. This especially includes contact data provided during registration and your actions during the games. For this purpose, we collect your connection data, such as your IP address. We need to be able to process this information to execute gaming operations. It is, therefore, processed on the basis of Art. 6 paragraph 1 sentence 1 letter b GDPR.

11. Payments made through our App

In principle, you can enjoy our games without having to provide personal contact data. If you pay for chargeable activities in our games, your personal data will be collected by the corresponding payment service providers listed.

All payment-relevant data, such as your contact and payment data, are initially collected and processed by the corresponding payment provider. The legal basis for this data processing is Article 6(1)(b) GDPR.

For payments, we collect the geolocation of your IP address, which allows us to determine in which country you are located. The legal basis for this data collection is Art. 6 paragraph 1 sentence 1 letter c GDPR, as the processing is necessary for compliance with a legal obligation. The legal obligation arises from Directive 2006/112/EC (MOSS Directive).

We also receive information from payment providers related to payment fraud prevention. The legal basis for this data collection is Art. 6 paragraph 1 sentence 1 letter c GDPR, as the processing is necessary for compliance with a legal obligation.

12. Newsletter

In the following section, we will inform you about our newsletter as well as other types of business emails and electronic communications and your right to object. By subscribing to our newsletter, you agree to receive it and you agree to the processes described below. The legal basis is your consent pursuant to Art. 6 paragraph 1 sentence 1 letter a GDPR and Section 7 paragraph 2 no.3 of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG).

We do not include the following information under the term “advertising communication”: Information about technical and organizational processes and information relating to the provision of services to our users.

To subscribe to our newsletter, use the double opt-in procedure, which serves to confirm your e-mail address. This confirmation is required so that no one can register with an e-mail address that does not belong to them. Subscriptions to the newsletter are logged in order to be able to provide evidence of the registration process in accordance with statutory requirements. This includes the storage of the time of registration itself and the time of confirmation, as well as the IP address. Any changes to your data stored with the service provider that sends the newsletters are also logged. Newsletters are sent with the help of an EU-based external service provider, whom we have engaged to process orders in accordance with statutory requirements.

The newsletters contain cookies that are retrieved by the server of the service provider that sends the newsletter, as soon as the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for technical improvement or to analyze the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or access times. The statistical data collection also includes determining if and when the newsletters are opened and which links are clicked when they are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. These analyses are primarily intended to help us to identify the reading habits of our users and to adapt our content to them or to send different content based on user interests. The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR.

You can stop receiving our newsletter at any time in the future just by letting us know that you wish to cancel. You can do so easily by using the link at the bottom of each of our communications or by using our support form. Unfortunately, you cannot request separate cancellations for the service provider that sends the newsletter or for the statistical analysis. If you wish to cancel, you must cancel the entire subscription.

13. Surveys

We conduct occasional customer satisfaction surveys for our games. For this purpose, we collect and process your contact data as provided in the surveys.

The legal basis for the use of this information is your consent in accordance with Art. 6 paragraph 1 sentence 1 letter a GDPR. Your participation in the survey is voluntary. Your consent to its use may be revoked at any time.

We use the services of SurveyMonkey Inc (San Mateo, One Curiosity Way, San Mateo, California 94403, “SurveyMonkey”) to conduct the surveys. SurveyMonkey collects additional information from participants in the form of cookies, which are only intended to ensure that the survey service is fully usable and that the surveys run as intended.

The legal basis for processing this additional information is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not participate in our survey, no personal information will be collected.

SurveyMonkey is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation

https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

14. Processing App Log Files

If you use our services, general information (that is not used on a individual basis) is initially stored automatically, i.e. not through registration. For example, our web servers normally store the following information: IP, Device ID, Device Type, OS, time of the server request.

The processing is carried out for the purposes of our legitimate interests, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter f GDPR. This processing is used for technical administration and the security within the app.

15. Combating Fraud

We process pseudonymous information, such as the IP address or device ID, for the analysis of signals in order to identify fraud by third parties in the context of customer acquisition. To accomplish this, we are supported by external service providers whom we have ensured are committed to the same statutory requirements. The legal basis of Art. 6, paragraph 1, sentence 1, letter f GDPR. This processing helps the organizational security of the app.

16. Facebook SDK

We use Facebook’s Software Development Kit (SDK) within our app. The Facebook SDK is issued and administered by Facebook. By means of this integration, we can link various Facebook services with our app. For example, this enables users to be able to use the Facebook SDK to share content from our apps within their Facebook timeline or to send messages to other Facebook users. Further information about the Facebook SDK within iOS can be found here: https://developers.facebook.com/docs/ios. For Android, please refer to: https://developers.facebook.com/docs/android.

The legal basis for the storage of this data is Art. 6 paragraph 1 sentence 1 letter b GDPR.

Facebook App Events: We use the Facebook App Events service though the Facebook SDK to track the reach of our advertising campaigns and the use of the Facebook SDK. Facebook merely provides us with an aggregated analysis of user behavior with our app. We have no influence beyond that on the information that will be processed through App Events by Facebook.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter f GDPR. In our app settings, you can opt out of using App Events for these purposes.

17. Google Marketing Services

On our app we use the marketing and re-marketing services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). These services allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through remarketing ads and products are displayed to users relating to an interest established by activity on other apps within the Google Network. For these purposes, a code is used by Google when our app is accessed and what are referred to as (re)marketing tags are incorporated into the app. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring apps, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.

All user data will only be processed as pseudonymous data. Google does not store any names or e-mail addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.

One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner apps to place ads based on users’ visits to this app or other apps on the Internet.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page:  https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy

The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google:  http://www.google.com/ads/preferences.

 

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18. Google SDK (Firebase Analytics)

We use the developer platform called “Google Firebase” as well as the associated functions and services of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google Firebase is a platform for developing apps for mobile devices and websites. Google Firebase offers a variety of features, which are can be found on the following summary page: https://firebase.google.com/products/

The functions include the storage of apps, including users’ personal data, such as content they have created or information regarding their interaction with the apps. Google Firebase also offers interfaces that allow interaction between the users of the app and other services.

The analysis of user interactions is carried out using the analysis service of Firebase Analytics. This service helps us to record our users’ interactions. Events such as the first time an app is opened, the uninstalling of an app, updates, crashes or the frequency of use of the app are recorded. Certain user interests are also recorded and evaluated.

The information processed by Google Firebase may be used with other Google services, such as Google Analytics and Google marketing services. In this case, only pseudonymous information, such as the Android Advertising ID or the Advertising Identifier for iOS, will be processed to identify users’ mobile devices. Additional information on the use of data for marketing purposes by Google can be found on the summary page:  https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at  https://www.google.com/policies/privacy.

The legal basis for use is Art. 6 paragraph 1 sentence 1 letter f GDPR. If users wish to object to interest-based advertising through Google marketing services, they can use the settings and opt-out options provided by Google:  http://www.google.com/ads/preferences.

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

19. AppsFlyer SDK

Our app is analyzed with technologies from AppsFlyer Inc. (111 New Montgomery Street, San Francisco, California 94105). Various session and interaction data are collected from you and stored for this purpose. We need this information to improve the content and usability of our games and to optimize the user experience for you. The session and interaction data are at no time processed in personalized form, but under a pseudonym. For more information on data processing by AppsFlyer, please refer to the privacy policy of the provider: https://www.appsflyer.com/privacy-policy/.

The legal basis for use is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not wish to be tracked by AppsFlyer in the future, you can opt out at any time here: https://www.appsflyer.com/optout

AppsFlyer is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation
https://www.privacyshield.gov/participant?id=a2zt0000000GnUZAA0&status=Active

20. Microsoft Bing Ads

We use the conversion and tracking tool Bing Ads from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, “Microsoft”) as part of our app. Microsoft stores a cookie on the user’s device to enable an analysis of the use of our online services. The prerequisite for this is that the user has accessed our app through an ad from Microsoft Bing Ads. This enables Microsoft and us to know that someone has clicked on an ad, has been redirected to our online services and has reached a predetermined target page. We only see the total number of users who clicked on a Bing ad and were then forwarded to the target page (conversions). No IP addresses are stored. No other personal information about the identity of the user is disclosed.

Users can find further information on data protection and the cookies used at Microsoft Bing ads in Microsoft’s privacy statement: https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not wish to participate in the Bing Ads tracking process, you can communicate your objection to Microsoft here: http://choice.microsoft.com/de-DE/opt-out.

Microsoft is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation
(https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

21. Taboola

Use of technologies belonging to Taboola Inc. (Taboola Inc., Atrium Tower, 2 Jabotinsky St., 32nd fl., Ramat Gan 5250501 Tel Aviv) allows us to utilize user-specific advertising based on surfing behavior and customer interests. Taboola uses cookies (or similar technologies) to determine which websites you visit frequently and record your movements on our website. Taboola gathers device-related data and protocol data and creates usage profiles using pseudonyms. The usage profiles are not merged with the data about the bearer of the pseudonym and do not allow conclusions to be drawn on personal data. To do this, we communicate your IP address to Taboola. This processing is carried on the legal basis of our legitimate economic interest (Art. 6 paragraph 1 letter f GDPR.) You can object to inclusion in the tracking via the following link: https://www.taboola.com/privacy-policy#user-choices-and-optout. Once you have successfully opted out, you will no longer see personalized content/adverts.

22. Pinterest

We use advertising services provided by the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. We use the site to book advertising space on pins within Pinterest.  If you land on one of our offers via a pin we have booked, this information will be processed by Pinterest and communicated to us as statistics (conversion). This allows us to find out, for instance, how many users have clicked on our pins. We obtain no information that allows users to be personally identified. Furthermore, we analyze whether a user then goes on to download our app. Insofar as personal data is processed, this is carried out on the legal basis of article 6 paragraph 1 letter f GDPR. You can object to inclusion in the tracking via the following link: https://help.pinterest.com/de/articles/personalization-and-data

23. The Right to Object

In accordance with Art. 21 GDPR, you have the right to object to any processing operations executed that use Art. 6 paragraph 1 sentence 1 letter e or letter f of GDPR as their legal basis.

24. Your Additional Rights

As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not, and to what extent, we process personal data about you.
  • You have the right to have us correct your data in accordance with Article 16 GDPR.
  • You have the right to have us delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Article 18 GDPR.
  • You have the right, in accordance with Article 20 GDPR, to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
  • You can exercise your rights by contacting us via our support form.

25. Minor’s privacy

The Service is not targeted towards, nor intended for use by anyone under the age of 16. We do not collect personal data from any person we actually know is under the age of 16.

26. Data Protection Officer

You can reach our data protection officer at:

Altigi GmbH/Goodgame Studios

c/o Data Protection Officer/ confidential

Theodorstrasse 42-90, Haus 9

22761 Hamburg

27. Complaints to Government Authorities

If you believe that the processing of your personal data constitutes an infringement of the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.

 

Version: 08/2018