Lotum GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, games@lotum.de ("Lotum" or "we") respects and protects your personal data.
The following privacy policy is intended to inform you in greater detail about the collection, processing, and use of data in connection with our games offered on Apple Arcade ("App" or "Apps").
Lotum collects, processes and uses personal data exclusively within the framework of the applicable legal regulations. Therefore, the high data protection standards of the General Data Protection Regulation ("GDPR") and the Telecommunications Digital Services Data Protection Act ("TDDDG") apply.
1.1. This Privacy Policy is addressed to all users of the App (“Users”).
1.2. As far as certain Lotum services have a different Privacy Policy, then that policy applies.
1.3. Our Apps on Apple Arcade are exclusively accessible via the platform operated by Apple Arcade. Data collected and processed by Apple Arcade when you register your user account, as well as during your use of Apple Arcade or other Apple services, does not fall within the scope of this privacy policy. This data processing is carried out under the sole responsibility of Apple Arcade. For more information on how Apple Arcade processes data, please refer to the privacy policy available at:
https://www.apple.com/legal/privacy/data/en/apple-arcade/
2.1. To provide and properly operate our game, the following personal data is generated on the user's device. This data is technically and functionally required to start the game and enable participation:
- A randomly generated username (until the user authenticates via Game Center)
- A preselected profile picture
- Game progress (e.g. completed levels, used jokers and hints, achieved highscores, unlocked items, as well as ongoing and paused game sessions). This data is stored exclusively on the user's device or within Apple services such as the user's iCloud.
3.1. To provide app content, we store and transmit game data such as image files and puzzle data or other necessary information via third-party services. For the delivery of this content, we use the Amazon CloudFront service, provided by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg ("Amazon").
3.2. When the app is launched and during use, a connection to our servers is established to provide the latest content. In the process, the following information is processed:
- the IP address of your device
- information about the installed app version
- date and time of access (including time zone)
- the specific content accessed within the app
This data processing is technically necessary for content delivery, to ensure the proper operation of the game, and to provide up-to-date content. It is carried out on
the basis of contractual necessity in the optimal and technically flawless provision of
the game in accordance with Art. 6 (1) (b) GDPR.
3.3. The transfer of personal data to Amazon is based on the EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR. In addition, we have concluded a data processing agreement with Amazon in accordance with Art. 28 GDPR to ensure the lawful and secure handling of the transferred data.
4.1. If you contact our customer support or reach out to us through other means (e.g., via a contact form within the App), information relevant to handle the case as well as any other information you provide, including your contact details, will be processed to handle and resolve your inquiry. This includes investigating and addressing any issues with the App, as well as responding to follow-up questions. When contacting customer support through the App, additional information such as device model, OS version, game details (e.g. install date, app version), your game progress, User ID, the specific issue in question, and relevant technical data from your device will also be processed to adress your support request.
4.2. We process this data in accordance with Art. 6 (1) (b) GDPR when you contact us within the scope of an existing contract for the use of the App or to initiate such a contractual relationship. If your inquiry relates to reporting content you believe to be illegal, the processing is carried out under Art 6 (1) (c) GDPR in conjunction with Art 16 of the Digital Services Act (DSA). Otherwise, the storage and use of your data are based on Art 6 (1) (f) GDPR, where our legitimate interest is to ensure the thorough handling of your request and resolution of any technical issues. Access to the data stored on your device is essential, in accordance with § 25 (2) No. 2 TDDDG, for Lotum to address your support request.
5.1. We process your personal data as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in accordance with statutory laws.
5.2. Data that we store for legal reasons, however, is stored for as long as this is required by law. After expiry of a statutory retention period, the data will be deleted without undue delay, unless there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.
6.1. Lotum has taken appropriate technical and organizational measures to protect personal data against accidental loss, damage, unauthorized access or unauthorized changes. In particular, data is transmitted by Lotum in encrypted form to the greatest extent possible. However, Lotum points out that privacy and data security cannot be guaranteed for transmissions outside Lotum's sphere of influence.
7.1. Personal data will only be transferred to third parties without the User's explicit consent if this is necessary for the provision of Lotum's services (e.g. for the technical provision of the offer), unless stated otherwise at another point in this Privacy Policy. Accordingly, a transfer of data to such service providers (such as technical service providers) only takes place in order to protect our legitimate interests pursuant to Article 6 (1) (f) GDPR. Of course, Lotum will ensure that the respective service provider has taken appropriate technical and organizational measures to guarantee the security of the data before forwarding the User's personal data.
7.2. Apart from that, Lotum will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) (a) GDPR) and Lotum is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Lotum will transfer the data in order to fulfil a legal obligation according to Article 6 (1) (c) GDPR.
8.1. We do not knowingly collect personal information from children under the age of 13 (or other applicable age of digital consent under local law) unless permitted by law or justified by our legitimate interests outside the United States. If we become aware that we have inadvertently collected such information, we will take reasonable steps to delete it from our records.
8.2. If you believe that we may have unintentionally collected personal data about your child, please contact us using the details provided below so that we can promptly investigate and take appropriate action.
The user has the right to object at any time to data processing based on Art. 6 (1) (e) or (f) GDPR for reasons arising from his particular situation, unless Lotum can prove compelling reasons worthy of protection, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.
The user has the right to obtain free of charge from Lotum the personal data stored by Lotum concerning him or her, the processing purposes, their origin, which transfer to which recipients or categories of recipients took place, the storage period and the rights of the data subjects available to him or her.
Furthermore, the user has the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about him or her, insofar as there is no legal obligation for Lotum to keep records or other reasons in the sense of Art. 17 (3) GDPR which prevents deletion. Insofar as this includes personal data that is necessary for the provision of services to the user, the deletion or restriction of the processing of this data can only take place when the user no longer uses Lotum's services.
To delete your game data stored in iCloud, go to:
Settings > [your name] > iCloud > Manage Storage > [Game Name] > Delete Data.
If the user provides data relating to him or her and Lotum processes such data on the basis of the user's consent or in order to fulfill the contract, the user may request that he/she receives such data in a structured, current and machine-readable format from Lotum or that Lotum transmits such data to another controller, insofar as this is technically possible (so-called right to data portability).
Any consent given by the user to the use of personal data can be freely revoked by the user at any time with effect for the future.
The user may also lodge a complaint with a supervisory authority against data processing which he or she considers to be in breach of the statutory provisions.
10.1. Lotum reserves the right to change this privacy policy at any time, while Lotum will always comply with the legal requirements of data protection. Therefore, Lotum recommends that users regularly take note of the applicable privacy policy. Lotum will inform users in advance of any further use of data, for example via in-app notification or so-called push notifications in your browser, if you allow such push notifications.
Lotum GmbH, Am Goldstein 1, 61231 Bad Nauheim, Deutschland
Data Protection Officer: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 München, Germany, legal@lotum.de