Przejdź do treści

Privacy policy

Hello and Welcome to „Digitalsoft.pl” games Privacy Policy!

We are committed to making our games both fun and safe to use. In general, our approach is to only collect anonymous data wherever possible and use as little personal data as is necessary to provide the best games and services. We don’t gather or use anonymous data or any personal information to sell these to third parties for commercial purposes; we only want to make our games more awesomer.

Please take a moment and read this Privacy Policy. It will help you understand how we process your personal data. Depending on the specific case it is possible that other privacy policies of ours may apply additionally, in which case we will inform you about this additional application (e.g., by referring to them). If you have any questions regarding our use of your personal data, please feel free to contact us over the channels provided below.

When you or your children or wards use Digitalsoft games and services, our Terms of Service and the terms of this Privacy Policy apply. You or your children or wards should not use any our games or services unless you agree to this.

The descriptions of how we process your personal data, your rights, and limitations to processing your personal data that are mentioned in this privacy policy apply to you when you use our services. They are based on the rules of the General Data Protection Regulation (“GDPR”) in the UK and European Union.

If you do not reside in the UK or EU and use our services, the descriptions of this privacy policy may not fully apply to you and other data protection laws might be applicable. If you are a resident of the State of California, please see Section X below for detailed information according to the California Consumer Privacy Act (“CCPA”).

When we refer to “you” in this Privacy Policy, we refer to you as data subject (see Sect. III below for more details on what this means). If you are interacting with us on behalf of others, please make sure all affected people receive the information stated in this Privacy Policy.

I. Who Are We?

If we speak of “we” or “us” in this Privacy Policy, we refer to ourselves as controller as defined below. Our contact details are:

PPHU Digitalsoft Andrzej Kaczyński
ul. Zeusa 79
80-299 Gdańsk
Polska

You can reach out to us regarding any data protection matters by sending an email to privacy@digitalsoft.pl.

II. Meaning of Terms

We’d like to explicitly mention the meanings of the following terms in simple words since they are used quite often throughout this Privacy Policy.

personal data’ means any information relating to a person that can be identified or could be identified through an identifier (‘data subject’); ‘processing’ means using your personal data (e.g., collecting, storing, sharing or deleting it);
controller’ means the person, company or other body that decides if and how your personal data is being processed;
processor’ means a person, company or other body that processes personal data on behalf of the controller according to the controller’s instructions.

III. Legal Basis

As a controller we need a legal basis to be allowed to process your personal data. If:

you have given us your consent to process your personal data;
you have given us your consent to process special categories of personal data (e.g. data concerning health) for one or more specified purposes, and such consent is possible according to applicable law;
processing your personal data is necessary for the performance of a contract between you and us or in order to take steps at your request prior to entering into a contract;
processing your personal data is necessary for compliance with a legal obligation to which we are subject;
processing your personal data is necessary because we or a third party have a legitimate interest to do so and such legitimate interests are not outweighed by your interests or fundamental rights and freedoms.

IV. Your Rights

Under the GDPR you have the following rights when we process your personal data:

Right of information: You can ask us to let you know what we are doing with your data, e.g., why we collect it, or for how long we keep it.
Right of access: You can at any time ask us to confirm as to whether or not we are processing your personal data and, if this should be the case, access to the personal data.
Right to rectification: If you find that personal data that we process about you is inaccurate, you can ask us to correct it.
Right to erasure (“right to be forgotten”): Under certain circumstances, e.g., if you have objected to us using your data or if you have withdrawn your consent, you can ask us to delete your personal data. There are certain exceptions to this, e.g., if this would contradict other people’s free speech or if we have a legal obligation for which we need the data.
Right to restriction: Under certain circumstances, e.g., if your personal data we store isn’t accurate or you have objected to us using your personal data, you have the right to request that we restrict the processing of your personal data until a solution has been found.
Right to data portability: Under certain circumstances you can receive your personal data you have provided us in a structured, commonly used and machine-readable format and you can transfer this data to another controller.
Right to object: Under certain circumstances, e.g., if we base the use of your personal data on a legitimate interest, you have the right to object to us using your data. If we don’t have an overriding interest to keep using your data, we will stop using it.
Right to lodge a complaint: You can always send a complaint regarding our processing of your personal data to a data protection supervisory authority. -Right to withdraw consent: If you have granted us your consent for us to process your personal data, you have the right to withdraw your consent at any time with effect for the future.
Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing which produces legal effects for you or similarly significantly affects you. We do not make automated decisions by processing your personal data (e.g., profiling you).

V. Recipients / Categories of Recipients

The personal data we process can also be either processed by other parties on our behalf and according to our instructions by processors or shared with and processed by other controllers. When data is processed according to this Privacy Policy, it is principally done so by employees and freelancers of ours that are responsible for the specific matter the data is required for.

The following list gives you an overview of the main providers of tools and services we use and who might be recipients of your data:

  • Office tools, advertising and analytics tools
  • Social media platforms and direct messaging:
    – Facebook Ireland Limited, Ireland (“Facebook”)
    – Twitter International Company, D02 AX07 Ireland (“Twitter”)
    – Discord, CA 94107 United States (“Discord”)
  • Host providers like Amazon Web Services, OVH
  • Video and photo platforms like Google Ireland (YouTube)
  • Login Providers like Google, Apple, Facebook

Some of these recipients are established outside of the European Union. Principally, there are two possible safeguards we rely on when we share your personal data with these recipients:

If a recipient is located in a country for which the European Commission (“EU Commission”) has found it ok to send personal data to, since that country provides an adequate level of data protection, we rely on this so-called adequacy decision by the EU Commission.
If a recipient is not located in a country with an adequate level of data protection according to the EU Commission, we have concluded a special contract with this recipient in which we agree on rules to make sure the recipient takes adequate care of your personal data. This contract is called the EU Standard Contractual Clauses and was developed by the EU Commission.

Apart from this, the following categories of recipients process data either on our behalf or with us as joint controllers or as individual controllers: financial and IT services; media; social media platforms; website analytics providers; messaging systems; gameplay analytics.

You can find further information on which recipients and categories of recipients are involved in the processing of personal data under Section VI.

VI. General Data Processing

In the following we’d like to inform you about how we process your personal data. These are the general processing activities that can apply when you interact with us. Every processing activity is broken down into 5 parts:

(a.) What: What data is processed?
(b.) Who: Who receives the data?
(c.) Why: For what purpose is the data processed?
(d.) Legal Basis: What law allows us to process the data?
(e.) How Long: How long do we keep the data?

  1. Communicating With You

a. What

  • If we communicate with you via email, mail, or telephone, we process all personal data you disclose to us during our conversation (e.g., you name, email address, the reason why you are contacting us etc.).
  • Apart from this, it is also possible that we use other online messaging systems to communicate with you, if you wish to contact us over these channels. Please note that if you wish to contact us via such messaging systems, it is possible that the respective companies that offer these communication services may also process your personal data and that regarding this their privacy policies apply. We have no influence over such data processing by third parties. For further information on how these services process your personal data, please view their privacy policies.

b. Who

  • Recipients of the processed personal data are the respective internal employees and freelancers of ours that are responsible for pursuing our purposes for the processing (e.g., someone from a department that you are contacting with a request). Possible further recipients: the providers of the respective messaging systems; Facebook, Twitter, Discord, Zendesk
  • Depending on the specific topic of the conversation as well as the circumstances (e.g., a certain game you’re playing) it is possible that our Subsidiary jointly processes personal data with us according to Sect.II.

c. Why

  • Depending on the specific conversation with you, the personal data can either be processed in order to take steps at your request prior to entering into a contract with us or to perform a contract you have concluded with us. Also, the processing can be necessary for us to comply with legal documentation obligations. Also, the processing can be necessary for the purposes of our legitimate interest to respond to mails and calls of yours when you contact us and are not our contractual partner as well as to have proof regarding substantial content of our conversation, including but not limited to cases of potential legal claims on our or your side.

d. Legal Basis

  • The legal basis for processing the personal data in order to take steps at your request prior to entering into a contract with us or to perform a contract you have concluded with us is Art. 6 para. 1 let. b) GDPR. The legal basis for processing the data for compliance with our legal obligations is Art. 6 para. 1 let. c) GDPR. The legal basis for processing the data due to our legitimate interest is Art. 6 para. 1 let. f) GDPR.

e. How long

  • The data is stored at least for the time until our contract with you is fully performed. If the data has been stored in order to take steps at your request prior to entering into a contract with us, we will store the data for as long as reasons objectively exist to believe that the respective conversation will be continued within the foreseeable future. Any other data will be retained for a period of five years starting with the end of the year in which we received the communications.
  • Chat data is deleted automatically four weeks after being sent.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.
  1. Visiting our Websites

a. What

  • When you visit our website, we process personal data of yours, such as your IP-address, the time of your visit, what browser type you use, country of origin, if applicable, also the website from where you were referred to our website.

b. Who

  • Recipients of the processed personal data are the respective internal employees and freelancers of ours that are responsible for pursuing our purposes for the processing. Possible further recipients: IT service providers and host providers, especially Amazon Web Services and CloudFlare.

c. Why

  • We process this data to display the website correctly in your browser, so you are able to make use of the full functionality of the services and the website content. We also process the data for troubleshooting, should the website not work correctly as well as for security purposes (e.g. to prevent malicious attacks on our website). These are legitimate interests of ours.

d. Legal Basis

  • The legal basis for processing the data is Art. 6 para. 1 let. f) GDPR.

e. How long

  • The data is stored for as long as our legitimate interest is given. For this, the data is stored for the time that we reasonably need to ensure our systems have not been subject to malicious use and to be able to effectively respond to any potential bugs or other malfunctions of the website.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

3. Website Registration

a. What

  • Registration for our websites is exclusively for the website and does not apply to mobile games or forums, which are separate registrations. Registration asks for username, email, and password or for 3rd party login via Facebook or Google. Players under the age of 16 are directed specifically to use parent or guardian emails.
  • Your website profile will have multiple stats stored on our servers which are based on your web game performance and actions. For example, profile level, coins earned, clan chosen, etc.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for processing the data. Possible further recipients: IT service providers and host providers.

c. Why

  • While you do not need to register to play many of the games on digitalsoft.pl, several games or game features will not work without a successfully registered account, since they are online multiplayer or online coop games with the key feature of playing with or against other players. Also, we cannot provide effective customer support for game progress in such games without a successfully registered account.
  • We might email all registered players in the case of legal notices or major company news.

d. Legal Basis

  • The legal basis for processing the data is to enter into or perform a contract we concluded with you is Art. 6 para. 1 let. b) GDPR.

e. How long

  • Your account data is stored for as long as you maintain your account which can be closed anytime at your request, or it will be deleted automatically after 5 years of inactivity. If possible, we will notify you one week before we delete your inactive account to give you the possibility to keep your account if you wish.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

4. Account Registration

a. What

  • When you register account, this account can be used across most our games. You may provide us with an email that we use as a unique identifier for your account or choose a 3rd party login like Facebook, Apple, Google, Steam, Twitch, or Gamecenter.
  • If you are under the age of 16 you are allowed to register for our accounts, but you cannot supply any personally identifiable information (e.g., no email address or name) and are instead generated: A random non-editable player name, a randomly assigned unique long and short code, and a randomly assigned unique recovery code.
  • Please note that for some games, your leaderboard scores and player name may be publicly available to other players.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for processing the data. Possible further recipients: IT service providers and host providers.

c. Why

  • The registration data is required so you can play the game as intended to allow you to contact support@digitalsoft.pl from that email, so that customer support can immediately validate the account ownership and offer assistance more quickly.
  • If you are considered a minor, the randomly assigned nickname is required to identify you as a player for other players in the game, the short and long randomly assigned unique codes are required so we can make the game work and the randomly assigned recovery code can be used by you to get support from us.
  • We might email all registered players in the case of legal notices or major company news, provided we have their email address.

d. Legal Basis

  • The legal basis for processing the data to enter into or perform a contract we concluded with you is Art. 6 para. 1 let. b) GDPR as well as Art. 6 para. 1 let. f) GDPR since it’s a legitimate interest of ours to provide you a game that works properly.

e. How long

  • Your account data is stored for as long as you maintain your account which can be closed anytime at your request, or it will be deleted automatically after 5 years of inactivity. If possible, we will notify you one week before we delete your inactive account to give you the possibility to keep your account if you wish.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

5. Game Data

a. What

  • Depending on the specific case/game we can track gameplay information about the way you play our mobile games, which includes game and player progress information that is essential for saving and protecting that progress. Analytics track elements of the game you interact with most and least frequently, where you stop playing or play less, and other aspects of aggregating player progression through the game.
  • For players aged 16, IP address, device type, OS type, time stamp, and other general device level information are accessed and stored on distributed, scalable servers. For players under age 16 no personal data is stored.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for processing the data. Possible further recipients: IT service providers and host providers.

c. Why

  • The data is used to fix bugs and help you out if you contact us to report technical issues as well as for anti-cheat purposes. We also use gameplay information to identify the most engaging components of our game designs, so we can better concentrate our development work where players are having the most fun. These are legitimate interests of ours and our players.

d. Legal Basis

  • The legal basis for processing data based on our legitimate interest is Art. 6 para. let. f) GDPR.

e. How long

  • Your account data is stored for as long as you maintain your account which can be closed anytime at your request, or it will be closed automatically after 5 years of inactivity. If possible, we will notify you one week before we delete your inactive account to give you the possibility to keep your account if you wish. If you delete your account, analytics data will be kept under a random anonymous ID that cannot be linked to you after you have deleted your account.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

6. Advertising

a. What

  • Since some of our games are free to download and play, we display ads in many of these free games. The advertising companies pay us for displaying the ads and this makes it possible for us to offer you the game free of charge. Apart from this, we might also give you the possibility to watch an ad instead of paying for a feature that you otherwise would have to pay for in a game of ours. When displaying ads, we use third-party advertising companies to serve the ads in our games. The third-party advertising companies may collect and use information (but not your name, address, email address, telephone number, or other personal data) about how you play our games.
  • Non-personally identifiable information to manage and measure the delivery of advertising within that game can be collected, including the number of times the same advertisement is served and viewed.
  • For players registered as under age 16 in the EU or under age 13 elsewhere, we use designated non-personal data ad calls that either do not send personal data (usually IP address) or encrypt that personal data so that we have no access to it. Ad companies may use non-personally identifiable information (e.g., click stream information, browser type, time and date, heat maps, player behaviour) when you play our games in order to provide ads about goods and services likely to be of greater interest to you. These companies typically use a cookie or third-party beacon to collect this information. We do not have access to this information or influence over third party ad network policies, barring our ability to discontinue their services.
  • You can choose to agree or disagree with us sharing your personal data for displaying targeted ads depending on which platform you play our games: iOS: Choose from the consent pop-up at the start of the game (if you haven’t already generally disabled tracking in your system settings). Android: Opt out of ad tracking by going to Settings > Ads > Opt out of Ads Personalization Fire OS: Opt out of ad tracking by going to Settings > Security & Privacy > Advertising ID > Interest-Based Ads
  • If you would like more information about advertising practices and to know your choices about not having this information used by these companies, you can visit Google’s Advertising and Privacy page or the Network Advertising Initiative. Please understand that if you disable or block certain ad features, then other aspects of our mobile games may not work correctly.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for pursuing our purposes for the processing. Possible further recipients: Ad networks (like Google AdMob).

c. Why

  • The data is processed by us to provide advertisements about goods and services of interest to you. We offer our mobile games for free, so these ads allow us to continue making and updating top quality free games which is a legitimate interest of ours but also of yours if you want to play games for free. Without displaying personalised ads, we would not make sufficient money to keep offering the games for free to you.

d. Legal Basis

  • The legal basis for processing your personal data for personalised ads on iOS is your consent (Art. 6 para. 1 let. a) GDPR). If you are an Android player, the legal basis is our legitimate interest (Art. 6 para. 1 let. f) GPDR).

e. How long

  • The data is stored for as long as you maintain your account which can be closed anytime at your request, or it will be closed automatically after 5 years of inactivity. If possible, we will notify you one week before we delete your inactive account to give you the possibility to keep your account if you wish. If you delete your account, analytics data will be kept under a random anonymous ID that cannot be linked to you after you have deleted your account.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

7. Facebook, Apple, Google, Game Center, Twitch, Steam and Game Circle Logins

a. What

  • When you register for our games or services using Facebook, Apple, Google, Twitch, Steam, Game Center or Game Circle or share links through these services, we can gain accesses data already provided to those login services. Please check their privacy policies for details on how they share information when you make use of their login services. We are only granted access to that information via the player-approved permissions necessary to use those games or services.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for processing the data. Possible further recipients: the provider of the third-party login platform (Facebook, Twitter, Google (YouTube), etc.).

c. Why

  • We use these services to simplify logins to our mobile and website logins and to connect players to their friends for co-operative and competitive play, and to compare scores and progress. We use the respective platform standard versions of these services and only reference the username/email associated to associate with your saved data, scores, and game progress.

d. Legal Basis

  • The legal basis for processing data based on our legitimate interest is Art. 6 para. 1 let. f) GDPR.

e. How long

  • Any data provided for login services will be retained for as long as the player account is active. Once the player account has been deleted or the retention period of 5 years of inactivity has been reached the data will be deleted along with the player account data.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

8. Social Media Presences

a. What

  • We have presences on social media platforms such as Facebook, Instagram, Twitter, Discord, and Reddit that help us connect with our players.
  • When you interact with a social media presence of ours (e.g. you comment on a post of ours or write on our timeline), we process your name/nickname, profile picture and other personal data that your account may publicly display as well as personal data that you provide e.g. in a comment or post of yours. This Privacy Policy applies only to us. Please be aware that when you use social media platforms the providers of such platforms process your personal data as well and their privacy policy or terms of service of third parties apply. We refer you to the respective terms and privacy policies for details on how they handle your data.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for processing the data. Possible further recipients: the provider of the social media platform.

c. Why

  • Your personal data is processed by us to effectively communicate with you within the social media platform (e.g. respond to posts and comments). If you apply as moderator, we require the data to be able to appropriately identify and assign you as such. These are legitimate interests of ours.

d. Legal Basis

  • The legal basis for processing data based on our legitimate interest is Art. 6 para. 1 let. f) GDPR.

e. How long

  • The data is stored for as long as we maintain the respective social media presence and you do not decide to delete your account or the respective post, comment or other interaction with us on the social media presence. If you are a moderator, the data is stored for as long as you have this role.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

9. Applications

a. What

  • Our company processes the personal data you provide when applying for a job or to work together with it as a freelancer (e.g., your name, date of birth, address, etc.).

b. Who

  • Recipients of the processed personal data are the respective employees of our company that are responsible for pursuing its purposes for the processing (e.g. HR employees, your potential line manager and management). Possible further recipients: Google (Workspace).

c. Why

  • The data is processed to decide if a contract with you will be concluded or, if you already have a contract with our company, to perform our obligations or terminate the contract.

d. Legal Basis

  • The legal basis for processing the personal data is Art. 6 para. 1 let. b) GDPR.

e. How long

  • If we work together with you, your data is stored for the applicable statutory storage periods, at least for six years and one month starting at the end of the year in which your contract has ended.
  • All job application data from applications that have been declined or reserved will be stored for up to six months after your application has been received.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

10. Data Subject Requests

a. What

  • When you contact us to make use of your data subject rights (see above), we process you name, email address and any additional information you provide us in your request.
  • To make sure we can correctly identify you we may ask you to provide a copy of your passport or other identification document (“ID”). When you upload this information, we will process the personal data of yours stated on the ID, namely: your name, birth date, address and validity of the document. Please make any other data on the copy of your ID-document unreadable (e.g. serial number of the document) before the upload and mark the document as copy (e.g. add the imprint “copy” on it).
  • We kindly ask you to only use the portal in which your ticket was created for you after addressing us over privacy@digitlsoft.pl to upload the ID. Documents provided through any other channel are not accepted and will be deleted by us.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for answering your request.
  • Only the designated employees of ours entrusted with privacy matters, and possibly employees that maintain our IT infrastructure, will view your ID.

c. Why

  • The personal data of your request is processed for the purpose of answering your request – if necessary also with the help of other our companies or to answer such request for other our companies should it be directed at it – as well as the purpose of proving our compliance with the GDPR by helping you as data subject exercise your rights set out in the GDPR. This is also a legitimate interest of ours.
  • We process the ID data to verify your identity. This is required to prevent cases of fraud committed by using false identities. We have a legitimate interest in this purpose that outweighs a potential contrary interest of yours to not disclose this information, since we have a responsibility in protecting our players’ and partners’ personal data and since we will delete your ID promptly after we have verified your identity. The ID will not be used for any other purposes.

d. Legal Basis

  • The legal basis for processing the data of your request and – if necessary – sharing this information with our Subsidiary is Art. 6 para. 1 let. c) in connection with Art. 12 GDPR as well as Art. 6 para let. f) GDPR.
  • The legal basis for ID verifications is Art. 6 para. 1 let. f) GDPR.

e. How long

  • The data of your request is stored for 5 years and one month starting with the end of the year in which you made your request.
  • The uploaded ID will be deleted promptly after we have verified your identity.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

11. B2B Partnerships

a. What

  • When we communicate and conclude contracts with you as a business partner (B2B only), we store certain personal data of yours in our B2B data base, such as your business email address and other business information related to our (potential) partnership.

b. Who

  • Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for pursuing our purposes for the processing. Possible further recipients: Google (Workspace);

c. Why

  • The data is processed to decide if a contract with you will be concluded or, if you already have a contract with us, to perform our obligations or terminate the contract.
  • We also have a legitimate interest in processing this data of yours to be able to remain in contact with you for business purposes. We have a legitimate interest in processing the information of B2B contacts with whom we have a contractual relationship or objectively likely will have a contractual relationship with in the future. Since this is not only necessary to properly perform the contract between us and them, but also to facilitate communication with them concerning their cooperation with us. We also have a legitimate interest in processing the personal data of the B2B contacts who are currently not commissioned by us and not have been commissioned in the past, since it facilitates getting in touch with them for future projects.

d. Legal Basis

  • The legal basis for processing the personal data to enter into or perform a contract with you is Art. 6 para. 1 let. b) GDPR. The legal basis for processing the personal data based on our legitimate interest is Art. 6 para. 1 let. f) GDPR.

e. How long

  • Documentation regarding B2B contacts that we have concluded a contract with will be stored for as long as the contract remains active or for up to 5 years and one month after that contract has ended in case we want to contact you in the future.
  • Personal data of B2B contacts with whom we have no contract and have no objective reasons to believe we will be concluding a contract with in the near future, will be deleted from our database after 3 years of inactivity.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

12. Legal Work

a. What

  • We work together with our company and external consultants to assess and manage legal matters. If a matter or dispute between you and us or between you and our Subsidiary requires relevant legal review, we and, if necessary, the relevant subsidiary process the data relevant to the matter or dispute. In particular, this may include your name, e-mail address and contact details.

b. Why

  • The purpose of the processing of the data by us is the effective and uniform handling of legal matters. This is a legitimate interest of ours. In addition, the data processing may serve to conclude and perform contracts with you.

c. Who

  • The recipients of the personal data processed are our respective employees and freelancers responsible for processing the matter. Possible further recipients: Google (Workspace); External Legal Consultant.

d. Legal Basis

  • As far as the data processing concerns the conclusion or performance of a contract with you, the legal basis of the data processing is Art. 6 para. 1 let. b) GDPR.
  • If the data processing is based on a legitimate interest, the legal basis is Art. 6 para. 1 let. f) GDPR.

e. How Long

  • The storage period for data processed for the purpose of handling legal matters or disputes is governed by the relevant limitation period, so that we can sufficiently defend ourselves against claims, or by the relevant legal obligations to retain documents.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

14. Raffles and Give Aways

a. What

  • Visitors to our social media profiles have the opportunity to win prizes by interacting with certain posts. In this case winners are contacted through their social media account and asked to send us directly their details, such as name, e-mail address and address so that we can award their prize.

b. Why

  • The personal data is processed so that the raffle or give away can be concluded and a prize sent to the winner.

c. Who

  • The recipients of the personal data are our respective employees.

d. Legal Basis

  • The legal basis for the processing of data for this is Art. 6 para 1 let b) GDPR.

e. How Long

  • The data will be stored until we receive confirmation that the prize has been received or up to six months following shipping.
  • If the data is also processed for another purpose set out in this Privacy Policy, the storage period regarding that purpose applies as well.

VII. Privacy Information for California Residents

If you are a consumer residing in California, the California Consumer Privacy Act (“CCPA”) applies when you use our Services. The CCPA defines personal information and sensitive information as follows:

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household

“Sensitive personal information” is personal information that reveals:

  • A consumer’s social security, driver’s licence, state identification card, or passport number.
  • A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • A consumer’s precise geolocation.
  • A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
  • The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
  • A consumer’s genetic data.

Sensitive personal information can also mean:

  • The processing of biometric information for the purpose of uniquely identifying a consumer.
  • Personal information collected and analysed concerning a consumer’s health.
  • Personal information collected and analysed concerning a consumer’s sex life or sexual orientation.
  • The information we provide in Sections VII, VIII and IX of this Privacy Policy regarding which personal data we process, and for which purposes we process it, apply correspondingly to cases in which we process personal information of yours as resident of California.

Please view the following chart for information on what personal information of yours we share to which recipients and for how long we intend to store it.

Under the CCPA “sharing” principally means making a consumer’s personal information available to a third party for cross-context behavioural advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioural advertising for the benefit of a business in which no money is exchanged.

Category of Personal InformationThird Parties With Whom We Have Shared This InformationRetention Period
Identifiers such as a alias, unique personal identifier, online identifier, Internet Protocol address, or other similar identifiers.Advertising companies that provide ads in our games (e.g. ad networks, mediation platforms)We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Advertising companies that provide ads in our games (e.g. ad networks, mediation platforms)We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.Advertising companies that provide ads in our games (e.g. ad networks, mediation platforms)We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive.
Geolocation data.Advertising companies that provide ads in our games (e.g. ad networks, mediation platforms)We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive.

Please view the following chart for information on what personal information of yours we disclose for a business purpose to which recipients and for how long we intend to store it.

According to the CCPA, “business purposes” are:

  • Auditing: Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Security and Integrity: Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes.
  • Debugging: Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use: This includes, but is not limited to, nonpersonalized advertising shown as part of your current interaction with us, provided that your personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us.
  • Performing services on behalf of the business: this includes maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us.
  • Advertising and marketing services: Providing advertising and marketing services, except for cross-context behavioral advertising, to you provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine your personal information if you have opted-out that the service provider or contractor receives from, or on behalf of, us with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with you.
  • Internal Research: Undertaking internal research for technological development and demonstration.
  • Quality or safety of a service or device: Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
Category of Personal InformationThird Parties With Whom We Have Shared This InformationRetention Period
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.Service providers of office tools, social media platforms, customer support tools, host providers, shop tools and login providers.We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive
Any personal information described n subdivision (e) of Section 1798.80Service providers of office tools, social media platforms, customer support tools, host providers, shop tools and login providers.We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Service providers of office tools, social media platforms, customer support tools, host providers, shop tools and login providers.We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.Service providers of office tools, social media platforms, customer support tools, host providers, shop tools and login providers.We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive
Geolocation data.Service providers of office tools, social media platforms, customer support tools, host providers, shop tools and login providers.We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive

Please view the following chart for information on what sensitive personal information of yours we collect and use, for which purpose we do this, and for how long we intend to store it. We do not share or sell your sensitive personal information.

Category of Sensitive Personal InformationPurpose of Collection or UseRetention Period
A consumer’s account log-in, in combination with any required security or access code, password, or credentials allowing access to an account.We use a consumer’s account log in details to enable them to log in, play our games and save progress.We will retain the data for as long as is reasonably necessary to provide our services to you but not more than 5 years after your account is inactive.

Your Rights

If you are a resident of California, you have the following rights:

  • Right to Delete Personal Information: You have the right to request that we delete your Personal Information. Depending on the specific case, exceptions can apply to this right, e.g/, if we have to keep you information to comply with legal obligations or to ensure the freedom of expression (Section 1798.105 CCPA).
  • Right to Correct Inaccurate Personal Information: You have the right to request the correction of Personal Information we maintain about you (Section 1798.106 CCPA).
  • Right to Know What Personal Information is Being Collected: You have the right to request the following information from us (Section 1798.110 and 1798.115 CCPA):
  • The categories of personal information we have collected about you.
  • The categories of sources from which the personal information is collected.The business or commercial purpose for collecting, selling, or sharing personal information.
  • The categories of third parties to whom we disclose personal information.
  • The specific pieces of personal information we have collected about you.
  • The categories of personal information that we sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared.
  • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
  • Right to Opt-Out of Sale and Sharing: We do not sell your Personal Information. We share your Personal Information with advertising partners to show you ads that might be more interesting to you. You have the right to opt out of any sale or sharing of your Personal Information (Section 1798.120 CCPA). Please see Section VII (6) of this Privacy Policy on how to do this.
  • Right to Limit the Use and Disclosure of Sensitive Personal Information: Even though we do not process Sensitive Personal Information of yours, we’d like to also inform you that you principally have the right to limit the use or disclosure of your Sensitive Personal Information should we be using such data of yours beyond what is reasonable and proportionate to provide the requested services or other purposes permitted by the CCPA (Section 1798.121 CCPA).
  • Right of No Retaliation Following Opt Out or Exercise of Other Rights: If you exercise your CCPA rights, you have the right that we do not unlawfully treat you in a detrimental way (Section 1798.152 CCPA). Please note though, that depending on your request, features within our game might not work the same way as they would have without your request (e.g., if you want to see ads that might interest you more).