Privacy Policy Microsoft Start Apps
Lotum GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany ("Lotum" or
"we") respects and protects your personal data.
Lotum collects, processes or uses personal data exclusively within the applicable legal framework.
Therefore, the high data protection level of the General Data Protection Regulation (GDPR) holds true.
-
Field of application
-
We develop games ("Microsoft Start Games") that are available on Microsoft Start, a
platform provided by the Microsoft Corporation, One Microsoft Way, Redmond,
Washington 98052-6399, USA ("Microsoft"). In this privacy policy we inform you about
the collection, processing and use of data concerning the Microsoft Start Games.
-
Insofar as individual services of Lotum have different privacy policies, these apply.
-
The Microsoft Start Games can only be accessed via Microsoft Start, which is operated
solely by Microsoft, and only if you have registered for the Microsoft network. The
processing of data by Microsoft when you register your Microsoft account and every time
you access Microsoft Start is excluded from the field of application of this privacy policy.
Likewise, cookies that Microsoft may use for statistical evaluations when you access
Microsoft Start are not within this privacy policy's scope. Microsoft organizes the
aforementioned data processing independently and on its own responsibility, without us having
any influence on this. For further information on this data processing by Microsoft see
Microsoft’s privacy policy under https://privacy.microsoft.com/de-DE/.
-
Data processed when accessing and using the Microsoft Start Games
-
When you first access one of our Microsoft Start Games, we will assign you one unique ID
per Microsoft Start Game (the "Player ID"). Lotum uses the Player ID solely to create your
player profile in the Microsoft Start Game to the extent necessary for using the game and
aggerate certain game data, e.g., the number of levels played, within this player profile.
Besides this, Lotum uses no personal data or device data to provide you with the gaming experience.
Lotum will not use this data to create user profiles for any other purpose than to provide the
Microsoft Start Games. Microsoft provides us with no personal information of yours and at no point
does Lotum receive any personal data from your Microsoft account. The data processing in this
context is carried out for the purpose of performing the contract with you on the use of the
Microsoft Start Game pursuant to Art. 6 (1) (b) GDPR. If you want to have the aforementioned data
on you including the player profile deleted, you can, for example, send an email to games@Lotum.de.
In order to be able to identify the data concerning you for deletion, we need your Player ID.
Please note that it is not possible to use the Microsoft Start Games without such a player profile.
If you use our Microsoft Start Games again after deletion of your player profile, a new player
profile will be set up for you.
-
In order for you to access and play the respective Microsoft Start Game including all game
functions, Lotum collects and processes data on the use of the Microsoft Start Game (data on
game progress such as completed levels, decisions and answers made in the game, jokers and
player aids used, high scores achieved, ongoing and paused game sessions). This data is linked
to the Player ID and added to your player profile by Lotum. At no point will any of this data be
transferred to or shared with Microsoft. The processing of this data for the use of the Microsoft
Start Game is carried out for performance the contract with you on the use of the Microsoft Start
Game pursuant to Art. 6 (1) (b) GDPR.
-
Usage analysis via Firebase
-
The Microsoft Start Game implements functions of the Firebase service, which is provided by
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
-
Data on the general use of the Microsoft Start Game are collected and evaluated via the
Firebase service (so-called Google Analytics for Firebase). For these purposes, information
on whether and how you use certain parts of the Microsoft Start Games is collected together
with the IP address, a hash of your Player ID and other technical data on your device and the
configurations assigned to it (hereinafter "Device-Related Data"), such as the manufacturer
and model of the device, the language setting as well as the country from which you use the
Microsoft Start Game. At no time will personal data from your player profile, such as your
username and Player ID, be transmitted to Google in clear text.
Google evaluates such data on our behalf and compiles aggregated reports for us. We use these
reports to gain insight into the general use of the Microsoft Start Game, in order to use this
information to improve the content and functions of the Microsoft Start Game and, in particular,
to eliminate existing errors and problems. In addition to this, we also get access to the in-game
activity of individual users through Google, based on an anonymized user-id. Nevertheless, it is
not relevant for Lotum which User used the respective Microsoft Start Game and to what extent.
It is therefore not a matter of creating user profiles for Lotum but rather of providing functional
Microsoft Start Games through the analysis of aggregated reports from Google. Google may also
transfer these data to servers operated by Google LLC in the USA and analyse them there. However,
in member states of the European Union or in other states that are party to the Agreement on the
European Economic Area your IP address will be shortened and thus made anonymous before it is
transmitted to a Google server in the USA.
-
Google also processes the aforementioned data collected via the Firebase service to the extent
covered by its own privacy policy which you can find at https://policies.google.com/privacy.
There you will also find additional information on Google's handling of personal data.
-
We would like to point out that the transmission of data to servers in the USA used by Google LLC
may involve additional risks, for instance the enforcement of your rights to these data may be
more difficult. In order to counter these risks, the standard data protection clauses by the
EU Commission have been concluded with Google LLC for this data transfer, including appropriate
protective measures, which, depending on the need for protection of the data, also include data
encryption and can be improved in accordance with the legal and technical conditions for appropriate
protection of the data. If data is transferred to Google LLC in the USA, such transfer is based
on Article 46 (2) (c) GDPR.
-
We only use Firebase for the data analysing purposes described above, if you consent to it via
the Microsoft Start platform settings. In these cases, the legal basis for the processing
of your data is Article 6 (1) (a) GDPR. You may revoke an already granted consent for data
processing at any time with effect for the future. We have further concluded a data processing
agreement with Google in accordance with Article 28 GDPR on data processing in the context
of error analysis. Accordingly, Google will only process the data collected in this context in
accordance with our instructions for this purpose. This forwarding of data to Google is therefore
based on Article 28 GDPR.
-
Usage analysis and data visualization via Looker
-
We also use Looker in our Microsoft Start Games. This analytics and data visualization service
is provided by Looker Data Science Inc., 101 Church Street Santa Cruz, CA 95060, USA („Looker").
-
We use this service to evaluate and visualize the use of our Microsoft Start Games in order to
identify any need for improvement and a scope for making the functions and content of the
Microsoft Start Games even more user-friendly, and to be able to further develop our Microsoft
Start Games on this basis. For this purpose, we use Looker to view how the user base generally
interacts with the Microsoft Start Game and whether and how certain functions and game content
are generally used (for example, whether a certain game level is reached and successfully completed
by Users at all). Looker in this context doesn’t collect any data by itself, but rather exclusively
uses the data previously collected via the Firebase service. With the help of these data, Looker
creates aggregated reports on the interactions of the user base in the respective app as a whole
and, if applicable, also in specific game sections. Looker may also include demographic information
about the user base of our Microsoft Start Games (such as approximate age group and gender) in the
reports. Even beyond that, we only ever receive aggregated data and no information that we could
relate to individual users, as it is only relevant for the aforementioned purpose how the user base
or specific user groups use the Microsoft Start Game but not specific, individual Users.
-
Further information and the applicable privacy policy on Looker's handling of personal data can
be found at https://looker.com/trust-center/privacy/policy/.
-
The data used by the analysis service may be transferred by Looker to servers in the USA. In this
particular case, Looker and we guarantee that appropriate protection measures are in place in
accordance with Article 44 et seq. GDPR. In particular, Looker and we have agreed on the standard
data protection clauses of the EU Commission as a precautionary measure which provide for appropriate
protection measures for the specific case, such as encryption of the data, in accordance with
Article 46 (2) (c) GDPR. The measures are also continuously developed and supplemented to the
extent necessary to ensure an adequate level of data protection throughout.
-
We only use Looker in connection with Google Firebase for the data analysing purposes described
above, if you consent to it via the Microsoft Start platform settings. In these cases, the legal
basis for the processing of your data is Article 6 (1) (a) GDPR. You may revoke an already granted
consent for data processing at any time with effect for the future.
-
Error analysis with Sentry Analytics
-
In order to detect and correct technical errors, we use the service Sentry Analytics provided by
Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA ("Sentry"),
within our Microsoft Start Games.
-
For this purpose, during the play session of a Microsoft Start Game, technical details regarding
the use of the game and any in-game actions will be stored locally on your device. In the event
of an error, these technical details, insofar they are relevant based on the time at which the
error occurred, as well as your IP address will be transmitted to Sentry and processed by Sentry
along with the following data: Information regarding the hardware and operating system of your device,
the name and version of the Microsoft Start Game used, a hash of the Player ID as well as the date,
time, details of the error that occurred and game-related data connected to the error. At no time
will personal data from your player profile, such as your username and Player ID, be forwarded to
Sentry in clear text. Sentry will not profile you at any time. Based on the
aforementioned information, Sentry, on behalf of Lotum, merely provides reports and evaluations of
apparent errors, including the circumstances of the error's occurrence which may therefore provide
insight on possible causes for the error. In this context, the above-mentioned information will also
be transmitted to and stored on a Sentry server in the USA. However, Sentry will not merge the data
transmitted as part of the Sentry service with any other data and the data will only be used to
analyse and correct the technical error. The data collected will be stored by the Sentry service
for a maximum of 90 days and deleted afterwards.
-
For further information and the applicable privacy policies of Sentry please visit
https://sentry.io/terms/ and https://sentry.io/privacy/.
-
We use the Sentry service to resolve any errors in our Microsoft Start Games and difficulties in
using them as swiftly and thoroughly as possible, and thus to further develop our services
continuously for ensuring a smooth user experience. The basis for using the Sentry service is our
legitimate interest, as described above, in accordance with Art. 6 (1) (f) GDPR. Your legitimate
interests are taken into account by removing any personal reference after a transmission of the
technical data from your end device, but before its analysis. If you still do not want your data
to be collected by the Sentry service in case of a possible error analysis, we must ask you to
refrain from playing the free Microsoft Start Games.
-
We would like to point out that Sentry may also process data outside the EU or the European
Economic Area, in particular on servers located in the USA. This may result in risks for Users,
for example because it may make it more difficult to enforce Users' rights. We take these risks
into account by taking appropriate protective measures in accordance with Art. 44 et seq. GDPR
in particular by agreeing on the standard data protection clauses of the EU Commission with Sentry,
which provide for appropriate protective measures such as encryption of data in individual cases.
If data is transferred to Sentry in the USA, this is based on Art. 46 (2) (c) GDPR.
-
Storage period and erasure of data
-
We process your personal data as long as it is necessary to achieve the purposes of the processing,
or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in
accordance with statutory laws.
-
Data that we store for legal reasons, however, is stored for as long as this is required by law.
After expiry of a statutory retention period, the data will be deleted without undue delay, unless
there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.
-
Data security
Lotum has taken appropriate technical and organisational measures to protect personal
data against accidental loss, damage, unauthorised access or unauthorised changes. In particular,
Lotum will transmit data only in encrypted form. However, Lotum points out that privacy and data
security cannot be guaranteed for transmissions outside Lotum's sphere of influence.
-
Transmission to Third Parties
-
We store and process all data, e.g., User-ID and game data, necessary for the provision of the
Microsoft Start Game only locally on your device.
-
Lotum will not pass on the user's personal data to third parties unless the user has expressly
consented to the transfer (Art. 6 (1) (a) GDPR), or Lotum is entitled or obliged to do so by
legal provisions or court orders. In the latter case, the transmission is carried out by Lotum
to fulfil a legal obligation pursuant to Art. 6 (1) (c) GDPR.
-
User rights
-
Right to object
The user has the right to object at any time to data processing based on Art. 6 (1) (e) or (f)
GDPR for reasons arising from his particular situation, unless Lotum can prove compelling reasons
worthy of protection, which outweigh the interests of the user, or the processing serves to assert,
exercise or defend legal claims. The user can object to data processing for the purpose of direct
advertising at any time without special reasons being required.
-
Right to information
The user has the right to obtain free of charge from Lotum the personal data stored by Lotum
concerning him or her, the processing purposes, their origin, which transfer to which recipients
or categories of recipients took place, the storage period and the rights of the data subjects
available to him or her.
-
Right to correction, deletion and/or restriction of data processing
Furthermore, the user has the right to request at any time the correction of incorrect data,
the deletion and/or restriction of the processing of personal data stored about him or her,
insofar as there is no legal obligation for Lotum to keep records or other reasons in the sense
of Art. 17 (3) GDPR which prevent deletion. Insofar as this includes personal data that is
necessary for the provision of services to the user, the deletion or restriction of the
processing of this data can only take place when the user no longer uses Lotum's services.
-
Right to data portability
If the user provides data relating to him or her and Lotum processes such data on the
basis of the user's consent or in order to fulfil the contract, the user may request that he/she
receives such data in a structured, current and machine-readable format from Lotum or that Lotum
transmits such data to another controller, insofar as this is technically possible (so-called
right to data portability).
-
Right to revoke consent
Any consent given by the user to the use of personal data can be freely revoked by
the user at any time with effect for the future.
-
Right to complain to a supervisory authority
The user may also lodge a complaint with a supervisory authority against data
processing which he or she considers to be in breach of the statutory provisions.
-
Changes to the Privacy Policy
Lotum reserves the right to change this privacy policy at any time, while Lotum will
always comply with the legal requirements of data protection. Therefore, Lotum recommends that users
regularly take note of the applicable privacy policy. Lotum will inform users in advance of any further use
of data, for example via in-game notification or so-called push notifications in your browser, if you allow
such push notifications.
Lotum GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany
Data Protection Officer of Lotum GmbH: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße
33, 80339 München, Germany, privacy@lotum.de