Lotum one GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, games@lotum.de
("Lotum" or "we") respects and protects your personal data.
The following Privacy Policy is intended to provide you with more detailed
information about the collection, processing and use of data in connection
with our games offered as mobile applications ("the Games Apps").
Lotum collects, processes and uses personal data exclusively within the bounds of the applicable statutory provisions. Therefore, the high level of data protection enshrined in the General Data Protection Regulation (“GDPR”) and the German Telecommunication, Telemedia, Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes – TTDSG) applies.
1.1 This Privacy Policy is intended for all users of the Games Apps
("Users"). If certain services or individual apps of Lotum have a different
data protection declaration, such declaration shall apply.
1.2 The scope of this Privacy Policy does not include services and offers
of third parties that may be referred to in the Games App by so-called
links. Lotum neither assumes responsibility for their content nor for
compliance with data protection regulations by these third parties, unless
otherwise stated in the privacy policy of the linked content. This applies,
for example, to links via which social networks such as Facebook or chat
apps such as WhatsApp can be accessed, and to links in advertisements that
are played. For information on the handling of the User's personal data and
their respective protection on these platforms, please refer to the privacy
statement on the respective platform.
When you download and install our Games Apps, the operator of the platform
through which you obtain the respective app (for example Apple, Inc. for
the AppStore and Google Ireland Limited for the Google PlayStore) collects
personal data required for the download. These data include in particular
your name, your e-mail address and your postal code, time of download, the
IP address and the individual device identification number of your device
(so-called IMEI), as well as your payment information, if applicable. This
collection and processing of your personal data is, however, basically
carried out solely by the respective platform operator without our
participation in the data processing or our ability to influence it. In
this respect, the data protection provisions of the platform operator
apply, which can be viewed on the platform in question. We only receive and
process personal data collected by the platform operator to the extent
necessary for the download and provision of the Games App. If we process
personal data as part of the installation, this is done on the basis of the
contract on the subscription and use of the Games App that you concluded
with us when downloading and installing the app, in accordance with Article
6 (1) sentence 1 lit. b) GDPR.
3.1 When you start and use Lotum's Games Apps, depending on the Games App,
a connection may be automatically established to the servers used by us in
order to retrieve current content. Information that your device transmits
to us is logged in the process. This includes the IP address of the device
you are using, data on the operating system used as well as the installed
Games App and its version, date and time (including time zone) of the
respective access to the contents of the Games App as well as the
information on which specific contents have been requested for the
respective Games App. In addition, Lotum may collect and process personal
data in order to fulfil its contractual obligations with the User, e.g. to
create the User's player profile. Depending on the respective Games App,
this data includes name and IP address and data identifying the User's
device.
3.2 Lotum collects and processes this data for the provision of the Games App and the respective up-to-date content of the Games App. The provision of this data is not required by law, but is necessary for the conclusion of the use contract for the respective Games App and the associated Lotum service. In this respect, it involves data that is absolutely necessary for the use of the game requested by the user. The user may voluntarily give further data to Lotum within the scope of the offer. The basis for collecting this data is § 25 (2) no. 2 TTDSG and the further data processing for the fulfilment of contractual obligations Art. 6 (1) sentence 1 b) GDPR.
4.1 In some Games Apps, we may offer certain additional versions and
content for purchase, e.g. the use of an ad-free version of the app. In
order to conclude the corresponding contract and the associated payment
processing, it is necessary to enter bank details or other payment-related
data (e.g. credit card). For payment processing, we use the services
provided by the respective operator of the platform through which you have
obtained the Games App (for example, Apple, Inc. for the AppStore and
Google Ireland Limited for the Google PlayStore). The aforementioned
information will be processed accordingly together with the necessary usage
data by the operator of the respective platform, insofar as this is
necessary to process the payment. Details on the handling of your personal
data in connection with the payment processing can be found in the privacy
statement of the respective platform operator which can be viewed on the
corresponding platform.
4.2 The use of these payment services is mandatorily required by the
platform operator in order for us to be allowed to offer the app on the
respective platform and also serves to provide you with an easy and smooth
payment process in the app.
4.3 This data processing in connection with the purchase of additional
content in the respective Games App, including payment processing, is
carried out for the conclusion and processing of the contract regarding
this content and thus on the basis of Article 6 (1) sentence 1 lit. b)
GDPR.
5.1 If you notify our customer support or otherwise contact us (e.g. with a
contact form in the Games App), the information you provide in the contact,
including the contact details given there, will be processed for the
purpose of handling your enquiry and processing it, including investigating
and rectifying any problems in the Games App and in the event of follow-up
questions. In the event of a request to our customer support via the Games
App, information on the Games App, your game progress, Player-ID and, if
applicable, the problematic part of the game as well as technical data on
your device will also be processed automatically.
5.2 We process this data in accordance with Art. 6 (1) sentence 1 (b) GDPR, if you contact us within the scope of an existing contract for the use of the Games App or for the purpose of initiating such a contractual relationship. Otherwise, this storage and use of data is based on Art. 6 (1) sentence 1 (f) GDPR, whereby our legitimate interest is the thorough processing of your respective request and the solution of any technical problems. Access to the data stored in your end device is absolutely necessary in accordance with §25 (2) no. 2 TTDSG so that Lotum can answer your (support) request.
6.1 The Games App implements functions of the Firebase service which is
provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland ("Google").
6.2 Data on the general use of the app are collected and evaluated via the
Firebase service (so-called Google Analytics for Firebase). At the same
time, reports on errors and crashes that occur in the app are generated to
analyse and resolve these errors and crashes. For these purposes,
information on whether and how you use certain parts of the Games App is
collected together with the IP address and other technical data on your
device and the configurations assigned to it (hereinafter "Device-Related
Data"), such as the manufacturer and model of the device, the language
setting and the advertising ID as well as the country from which you use
the app. In order to generate error reports, details about the error that
occurred, information about the affected Games App and, if necessary,
game-relevant data will be collected and processed additionally, but only
if such an error occurs while you are using the app. Google evaluates such
data on our behalf and compiles aggregated reports for us. We use these
reports to gain insight into the general use of the Games App as well as
into the errors that have occurred, in order to use this information to
improve the content and functions of the app and, in particular, to
eliminate existing errors and problems. In addition to this we also get
access to the in-game activity of individual users through Google, based on
an anonymized user-id. Nevertheless it is not relevant for Lotum which User
used the respective app and to what extent. It is therefore not a matter of
creating user profiles for Lotum but rather of providing functional Games
Apps through the analysis of aggregated reports from Google. Google may
also transfer these data to servers operated by Google LLC in the USA and
analyse them there. However, in member states of the European Union or in
other states that are party to the Agreement on the European Economic Area
your IP address will be shortened and thus made anonymous before it is
transmitted to a Google server in the USA.
6.3 Google also processes the aforementioned data collected via the
Firebase service to the extent covered by its own privacy policy which you
can find at https://policies.google.com/privacy. There you will also find
additional information on Google's handling of personal data.
6.4 We would like to point out that the transmission of data to servers in
the USA used by Google LLC may involve additional risks, for instance the
enforcement of your rights to these data may be more difficult. In order to
counter these risks, we have concluded the standard data protection clauses
by the EU Commission with Google LLC for this data transfer and also
stipulated appropriate protective measures therein, which, depending on the
need for protection of the data, also include data encryption and can be
improved in accordance with the legal and technical conditions for
appropriate protection of the data. If data is transferred to Google LLC in
the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
6.5 We only use Firebase for the general usage analysis described above if you have given your consent to this. The legal basis for accessing the data described above is therefore §25 (1) TTDSG and for the subsequent data processing in this context Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time. We have also concluded a contract with Google on commissioned processing in accordance with Art. 28 GDPR on data processing in connection with error analysis. Accordingly, Google will only process the data collected in this context for this purpose in accordance with our instructions. This passing on of data to Google is therefore based on Art. 28 GDPR.
7.1 We also use Looker in the Games Apps. This analytics and data
visualization service is provided by Looker Data Science Inc., 101 Church
Street Santa Cruz, CA 95060, USA („Looker").
7.2 We use this service to evaluate and visualize the use of our Games Apps
in order to identify any need for improvement and a scope for making the
functions and content of the Games Apps even more user-friendly, and to be
able to further develop our Games Apps on this basis. For this purpose, we
use Looker to view how the user base generally interacts with the Games
Apps and whether and how certain functions and game content are generally
used (for example, whether a certain game level is reached and successfully
completed by Users at all). Looker in this context doesn’t collect any data
by itself, but rather exclusively uses the data previously collected via
the Firebase service. With the help of these data, Looker creates
aggregated reports on the interactions of the user base in the respective
app as a whole and, if applicable, also in specific game sections. Looker
also includes demographic information about the user base of our Games Apps
(such as approximate age group and gender) in the reports. Even beyond
that, we only ever receive aggregated data and no information that we could
relate to individual users, as it is only relevant for the aforementioned
purpose how the user base or specific user groups use the Games Apps but
not specific, individual Users.
7.3 Further information and the applicable privacy policy on Looker's
handling of personal data can be found at
https://looker.com/trust-center/privacy/policy/.
7.4 The data used by the analysis service may be transferred by Looker to
servers in the USA. In this particular case, Looker and we guarantee that
appropriate protection measures are in place in accordance with Article 44
et seq. GDPR. In particular, Looker and we have agreed on the standard data
protection clauses of the EU Commission as a precautionary measure which
provide for appropriate protection measures for the specific case, such as
encryption of the data, in accordance with Article 46 (2) lit. c) GDPR. The
measures are also continuously developed and supplemented to the extent
necessary to ensure an adequate level of data protection throughout.
7.5 We only use Looker if you have given your consent to do so, and therefore based on §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time.
8.1 The Singular service of Singular, Inc., 181 South Park Street Unit 2 San Francisco, CA 94107, USA, is still implemented in the Games Apps. This is an analytics service that we use to evaluate users' interactions with third party advertisements that we display in our respective Games App to finance the apps. These interactions are an important factor in financing the Games App through advertising, which is what allows us to make the app available for free in the first place. With these interactions, we can examine the contribution of specific advertising formats to the financing of the Games App and determine possible improvements to the app's advertising integration that most suitably take into consideration and balance the app's sustainable advertising financing and enjoyable gameplay experience. In this context, Singular also takes into account whether advertising financing is improved by our own advertising campaigns for the respective Games App and the new users gained as a result.
8.2 For the above purposes, Singular collects data about the installation of the respective Games App and the way you found to download the Games App, as well as your use of the App including individual events in the App such as purchases and interactions with advertisements, as well as the IP address and individual device-related data of your end device. This data is used by Singular, Inc. to compile reports on app usage on our behalf for the aforementioned purposes.
8.3 You can object to the use of your data as part of the Singular service at any time, for example by changing your settings in the app.
8.4 For more information about Singular, Inc.'s handling of personal data, please visit https://www.singular.net/privacy-policy/.
8.5 By using the Singular service, personal data is transferred to Singular, Inc. in the USA. For this reason, we have concluded with Singular, Inc. not only a contract on commissioned processing within the meaning of Art. 28 GDPR, but also the EU standard contractual clauses approved by the EU Commission in order to ensure an adequate level of data protection. Obligations to take technical protective measures form part of these clauses. Depending on the specific need for protection of the data concerned, these measures may also include the encryption of this data. By implementing these commitments, Singular, Inc. and we ensure an adequate level of data protection. The transfer of data to Singular, Inc. in the USA therefore is based on Art. 46 (2) (c) GDPR.
8.6 We only use Singular for the analyses described above if you have given your consent to this. The legal basis for accessing the data described above is therefore §25 (1) TTDSG and for the subsequent data processing in this context Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time.
9. Partner services for advertising in the games apps
We integrate services of advertising networks in the Games Apps with which
we cooperate in order to be able to display third-party advertising to you
while you are using the Games Apps.
In this context we use services of different advertising networks, whereby
the personal data concerning you may be sent to several of the integrated
advertising networks. By integrating different advertising networks, we
ensure that only advertisements are displayed that are approved and
specifically available by the advertiser for the respective country from
which you have installed and use the relevant Games App. We generally make
our Games Apps available worldwide which is why the advertisements shown in
them are subject to different legal requirements depending on the User's
country. The advertisement networks each work with different advertisers
who may target their ads to only certain countries and adapt them solely to
the legal requirements applicable there. In addition, advertisers have also
set certain restrictions, such as a general maximum number of
advertisements to be displayed per user or certain media in which the
advertisements are to be displayed. However, we can only view individual
advertisers and advertising campaigns relevant to our Game Apps in very
limited cases in advance and therefore cannot evaluate them more precisely.
To ensure that we are nevertheless always able to display advertising that
has been approved by the advertiser for the User's region and may be
specifically played, we use different advertising networks. Since we can
only provide the free Games Apps by financing it through advertising, we
have a legitimate interest in generally displaying advertising to the
individual User in our Games Apps in order to generate revenue and to be
able to continue to offer the apps free of charge, if possible worldwide.
However, personalization of the displayed advertising is only activated to the extent permitted by law. In particular, we only use data from users in the EU to display personalized advertising to this user if the respective user has consented to this in advance. In these cases, the legal basis for processing your data in connection with personalized advertising is your consent pursuant to §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. You can, of course, withdraw your consent to data processing for personalized advertising with effect for the future at any time. Please note that in order to finance the free games apps, we also display advertising even if you have not consented to personalized advertising or have withdrawn this consent. However, the advertising displayed will then not be personalized, i.e. not adjusted to your personal interests and usage habits. Only general information is then taken into account, for example the Games App in question and the country where the app was installed and launched. More details on the display of this non-personalized advertising and its legal basis are explained below for the individual advertising services.
For some games we may also offer you the option of purchasing a paid,
ad-free version. In ad-free versions, of course, no advertising services
are implemented and accordingly no data processing takes place for the
purpose of displaying advertising in the app.
9.1 Google AdMob
9.1.1 The advertising network AdMob which is operated by Google is also
used in our Games Apps to integrate third-party advertising. In this
context, Google receives information about the respective Game App (name,
category and language of the Game App), Device-Related Data of your device
as well as the IP address of your device, which is, however, shortened and
only used in an abbreviated form, and information about some of your
interactions in the app. The aforementioned data may also be transmitted to
Google LLC servers in the USA for the AdMob service. Google processes this
data in order to select specific advertisements without giving us the
opportunity to exert any further influence, and to limit the display of an
advertisement, especially in the case of multiple displays to a specific
User. We have no insight into the selection of specific advertisements and
the related data processing, nor do we have any more precise setting
options to be able to influence this. Google uses the collected data in
accordance with Google's privacy policy.
9.1.2 Google also records whether and if so, how you interact with the
advertisement, the IP address and individual Device-Related Data of your
device as well as, if applicable, your further usage behaviour following a
click on the advertisement, in order to evaluate the success of the
respective advertisement together with the aforementioned data and to
properly invoice us and the advertiser accordingly. Based on their
evaluations, Google also creates aggregated reports for us on the scope and
results of the advertising. However, this only gives us access to
aggregated data on the results of the advertising which Lotum cannot trace
back to individual persons.
9.1.3 Further details on the processing of data by Google can be found in
Google's privacy policy (https://policies.google.com/privacy) and in the
information on the use of data from integrated Google services
(https://policies.google.com/technologies/partner-sites?hl=de).
9.1.4 The basis for access to the aforementioned data is §25 (2) no. 2 TTDSG and for data processing within the framework of the AdMob service our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. It is our legitimate interest to display advertising to users in order to finance the creation and development of the Games Apps available free of charge. In principle, the advertising financing allows us to offer the Games Apps worldwide. Therefore, access to the above-mentioned data in your end device is also necessary in order to be able to offer you the respective games you have selected. It is also in our legitimate interest to use the AdMob network, which is specifically tailored to displaying ads for apps, to serve ads that fit as coherently as possible into the format of the Games Apps and are not perceived by users as disruptive or inappropriate. As the Games Apps are available free of charge and solely serve your entertainment purposes, it is not evident that your interests prevail in this respect. For certain game apps, we also offer you the option to use a paid, ad-free version of the Games Apps, if available.
9.1.5 The transfer to servers of Google LLC in the USA is based on Article
46 (2) lit. c) GDPR. For this transfer we have agreed the standard data
protection clauses of the EU Commission with Google LLC. Together with
these clauses, we and Google LLC have also defined and implemented
appropriate protection measures that take into account the need for
protection of the data in each specific case and include encryption of the
data. These measures are also continuously adapted in accordance with the
legal and technical conditions for effective protection of the data in
order to provide continuous assurance of an adequate level of protection.
9.2 UnityAds
9.2.1 Our Games Apps also include the UnityAds advertising network which is
maintained by Unity Technologies Finland Oy, Kaivokatu 6, 00100 Helsinki,
Finland ("Unity"). In this context, Unity receives the following
information: the relevant Games App, the IP address of your device and
Device-Related Data about your device. Unity processes these data
independently for the purpose of deciding on the specific advertising to be
displayed. We have no insight into the selection of the specific
advertising and the related data processing, nor can we make any detailed
settings in this regard.
9.2.2 When advertising is displayed in the Games App, Unity also records
whether and how you interact with the advertisement and, if any, your
further usage behaviour following a click on the advertisement. Unity
processes all of the aforementioned data collected in the course of the
advertising display in order to verify and evaluate the results of the
advertising and to properly invoice us and the advertiser. In this context,
Unity also provides us with reports. We receive information from Unity
about the advertising results but only in aggregated form, so that Lotum
cannot trace this information back to individual persons.
9.2.3 Unity's privacy policy with further details on the handling of your
personal data in the context of UnityAds can be found at
https://unity3d.com/de/legal/privacy-policy.
9.2.4 The legal basis for the data processing related to UnityAds is the protection of our legitimate interest as per Art. 6 (1) sentence 1 (f) GDPR. Access to the aforementioned data stored in your end device is justified in accordance with §25 (2) no. 2 TTDSG because without access to this data for the purpose of displaying advertising, we cannot offer the games you have requested. It is our legitimate interest to display advertising to users in order to finance the creation and development of the Games Apps available free of charge. In principle the advertising financing allows us to offer the Games Apps worldwide and without financial costs for the user and to continuously provide new content for the Games Apps. As the Games Apps are available free of charge and solely serve your entertainment purposes, it is not evident that your interests prevail in this respect. For certain Games Apps, we also offer you the option to use a paid, ad-free version of the Games Apps, if available.
9.2.5 When providing the UnityAds service, Unity may also transfer the
personal data processed to its own servers in the USA, insofar as this is
necessary for the provision of the UnityAds service. Insofar as this
occurs, Unity will ensure that an appropriate level of protection for the
personal data is granted by means of suitable safeguards, in particular the
agreement of the standard data protection clauses adopted by the EU
Commission with technical protective measures adapted to the specific
planned transfer. In these cases, the data transfer is based on Article 46
(2) lit. c) GDPR.
9.3 Facebook Audience Network
9.3.1 Our Games Apps also include advertising through the advertising
network Facebook Audience Network. This advertising network is offered by
Facebook. With this network, Facebook collects data on the respective Games
App, Device-Related Data on your device and the IP address of your device.
Facebook may also process these data on servers in the USA. Facebook uses
these data to independently select the specific advertising in a process
that is not accessible to us, as well as to limit the display of an
advertisement, especially in the case of multiple displays to a specific
User. We have no insight into the selection of specific advertisements and
the related data processing, nor do we have any more precise setting
options to be able to influence this.
9.3.2 If an advertisement is displayed to you by the Facebook Audience
Network or if you click on such an advertisement, Facebook also records
your interaction with the advertisement, as well as your further usage
behaviour, if any, following a click on the advertisement. With these data,
Facebook determines the results of the respective advertisement and
processes them for the purpose of invoicing us and the advertiser. In this
context, Facebook also provides reports for us and the advertiser, which,
however, only provide aggregated data on the respective advertising and its
results and which we are therefore unable to trace back to individuals or
separate by individuals.
9.3.3 For more information on the handling of your personal data and their
protection by Facebook, please see Facebook's privacy statement at
https://www.facebook.com/policy.php.
9.3.4 Data processing within the framework of the Facebook Audience Network is carried out to protect our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. This legitimate interest is to display advertising to users in order to finance the creation and development of the Games Apps available free of charge. In principle, the advertising financing allows us to offer the Games Apps worldwide. As the Games Apps are available free of charge and solely serve your entertainment purposes, it is not evident that your interests prevail in this respect. At the same time, access to the aforementioned data stored in your end device is absolutely necessary to be able to provide you with the desired games free of charge in the first place (§25 (2) no. 2 TTDSG). For certain Games Apps, we also offer you the option to use a paid, ad-free version of the Games Apps, if available.
9.3.5 If data is transferred to servers of Facebook in the USA, such
transfer is based on Article 46 (2) lit. c) GDPR. We have concluded the
standard data protection clauses adopted by the EU Commission with Facebook
for transferring data by the Facebook Audience Network, having included the
implementation of appropriate protective measures. Facebook and we also
regularly review the need for possible additions and, if necessary, the
implementation of additional appropriate protection measures within the
meaning of Article 44 et seq. of the Data Protection Regulation, to the
extent as this is necessary to continuously grant a suitable level of data
protection.
10. Advertising on Facebook for Lotum's offers
10.1 We advertise our own offers and Games Apps on websites and apps of
other providers using Facebook's advertising services. Through these
services, advertisements are displayed on the websites and apps of other
providers who are part of the Facebook advertising network and have
implemented the advertising network accordingly. Facebook also provides us
with aggregated reports to track the success of our advertisements.
10.2 Facebook decides independently on the specific advertisements displayed
and on the processing of your personal data in connection with the
selection and displaying of these advertisements via the Facebook
advertising network. In this respect, we can only impose abstract
restrictions on user categories to which our advertising can potentially be
shown at all, when the advertising is ordered, on the basis of a number of
default settings defined by Facebook. However, Facebook carries out the
data processing in connection with the selection of the user and the
display of the advertisement independently and without any further
instructions from us. Facebook does not receive any personal data from us
in this context and we do not have any insight into the data processed by
Facebook of the users to whom advertisements are shown, nor do we have any
further influence on the related data processing.
10.3 Facebook also records the success of our advertisements for invoicing
and analysis purposes. When the Games Apps are installed, both we and
Facebook receive information that the User clicked on one of our
advertisements, was redirected to the platform page where the relevant
Games App can be downloaded, and then installed our app. This information
may also be sent to Facebook servers in the USA. This links contacts that
Users have with advertisements in apps of the Facebook advertising network
(visual contacts and clicks on advertising banners) with subsequent
interactions of the Users in our Games Apps, including the installation and
launch of the specific app. The data collected in this way is also
statistically analysed by Facebook. Facebook provides us with parts of the
evaluations in the form of aggregated reports (so-called Facebook Ads
Manager function), with which we gain an overview of the effectiveness of
the advertising. We receive data on the results of our advertising and
aggregated demographic information (such as approximate age group and
gender) about the total Users who have viewed and clicked on our ads.
However, we cannot view information that would personally identify Users.
We do not combine the reports with any other personally identifiable
information about individual Users.
10.4 The legal basis for the data processing described above in connection with measuring the effectiveness of our advertising on Facebook is our legitimate interests pursuant to Art. 6 (1) sentence 1 (f) GDPR. These consist of being able to track the results and effectiveness of our ads via Facebook and to be able to validate Facebook's invoicing of the ads based on this. This is the only way we can provide you with the games you have selected free of charge, which is why the associated data accesses are absolutely necessary (§25 (2) no. 2 TTDSG). Your interests are taken into account by the fact that Facebook only displays ads to registered users of the Facebook social network and therefore only data from these Facebook users is used in our advertising measurement. As part of the registration process for the Facebook network, Facebook explicitly refers to the processing of data for advertising purposes, including by advertisers such as us, and asks for the Facebook user's consent to this data processing. In addition, you can object to our processing procedures for measuring the effectiveness of our advertising.
10.5 Data are transferred to Facebook only in compliance with suitable
protective measures in accordance with Article 44 et seq. GDPR. To this
end, we have concluded the standard data protection clauses adopted by the
EU Commission with Facebook in accordance with Article 46 (2) lit. c) GDPR.
The clauses also provide for protective measures tailoured to the transfer
which are continuously developed and adapted in order to ensure an
appropriate level of data protection throughout.
10.6 Further information on the processing of your personal data by Facebook
in the context of advertising on Facebook and the rights to which you are
entitled in this context can be found here:
https://www.facebook.com/policy.php.
10.7 You can also control the types of advertisements you see on the
Facebook advertising network by visiting the page set up by Facebook and
following the instructions there on how to set up usage-based advertising:
https://www.facebook.com/settings?tab=ads. The settings you make on this
website are applied throughout all platforms, i.e. they are applied to all
devices on which you log into your Facebook account (such as desktop
computers or mobile devices).
11. Facebook Login
11.1 In some Games Apps, you will need to create a player profile and
provide some information (such as the player name you choose) according to
the registration form. In some Games Apps, we also offer you the option of
creating a player profile by entering the login data of your Facebook user
account (so-called "Facebook Login", formerly known as "Facebook Connect"),
if you express your consent to this by clicking on the corresponding button
to connect to Facebook ("Log in with Facebook"). The Facebook Login
function is offered by Facebook. The login data of your Facebook account
will be sent directly to Facebook. We do not have access to your login
data. After verification of your login data, Facebook only informs us about
the following data from your Facebook user account: the registered name,
your profile picture, your language setting, and the country from where you
are playing. Facebook further checks which other Facebook users with whom
you are connected on Facebook (so-called "friends") have already played the
respective Games App and provides us with this information. Lotum receives
and uses the aforementioned data to set up your player profile in the Games
App. We also use the information about your friends on Facebook to enable
you to invite a Facebook friend to a joint game session and to easily start
this game session. However, we only process this information to the extent
necessary for a joint gaming session.
11.2 By using the Facebook Login function, Facebook receives the
information that you have created a player profile for the relevant Games
App and can link this information to your Facebook user account.
Information on how Facebook handles your personal data can be found in
Facebook's privacy statement at:
https://www.facebook.com/privacy/explanation
11.3 The legal basis for data processing within the framework of the Facebook login function is your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR), which you give by calling up the Facebook login function and subsequently entering your access data to your Facebook account. You can withdraw your consent to data processing when using the Facebook login function with effect for the future at any time.
11.4 The transfer of your personal data to Facebook in this context is
based on Article 46 (2) lit. c) GDPR. In this respect, above statements of
section 9.5 apply accordingly.
12. Apple Sign In
12.1 In some Games Apps that require you to register with a player profile,
you may also create your player profile by signing in to your Apple
services profile (called an Apple ID account) if you express your consent
to do so by clicking on the appropriate Apple connection button. The
function required for this ("Apple Sign in") is provided by Apple
Distribution International Ltd Hollyhill Industrial Estate, Hollyhill,
Cork, Ireland ("Apple"). The necessary feature (called "Apple Sign In") is
provided by Apple Distribution International Ltd. Hollyhill Industrial
Estate, Hollyhill, Cork, Ireland ("Apple"). We do not have access to the
login details of your Apple profile. After verification of your login data,
we will only be informed about the following data from your Apple profile:
the registered name, your Apple ID, your language setting, and the country
from where you are playing.
12.2 The legal basis for data processing within the framework of the Apple sign in function is your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR), which you give by calling up this function and subsequently entering your access data to your Apple ID account. You can withdraw your consent with effect for the future at any time.
12.3 By using Apple Sign in, Apple may receive the information that you
have created a player profile for the relevant Games App. Information on
how Apple handles your personal data can be found in Apple's privacy
statement at: www.apple.com/de/privacy
12.4 In the event that the Apple Sign in feature transfers personal data
concerning you to Apple, Inc. in the USA, Apple has ensured prior to the
transfer that this transfer is covered by the EU Commission's standard data
protection clauses pursuant to Article 46 (2) (c) of the GDPR. Apple and we
also take additional technical security measures to protect your data,
including appropriate encryption, pseudonymisation and reducing data
processing as far as possible
13. Inviting players using links
13.1 In certain Games Apps, you may also be able to create an invitation to a shared game session via a direct link to the specific game session in order to send this game invitation to a contact via a messenger app or other means (e.g. email). When the game invitation is created, a specific link is generated in the Games App that leads directly to the game session in the Games App.
13.2 We use Google's Firebase Dynamic Links service to create the direct link to the game session and bring together the relevant users in the same game session. When the recipient clicks on an appropriately created link to a game, Google collects the IP address of the recipient as well as information on the relevant Games App and device-related data on the end device used. Google uses this data on our behalf to ensure that the recipient is directed directly to the correct game session in the relevant Games App. To do this, it must be assigned in the app that it is your contact who has clicked on the link and for which game you have invited the recipient. For these reasons, access to the aforementioned data is also absolutely necessary within the meaning of §25 (2) no. 2 TTDSG.
13.3 The data processing in connection with the direct link to the game session is carried out for the purpose of giving players an easy way to specifically start a game session with other persons and therefore is based on Art. 6 (1) sentence 1 (f) GDPR. Our legitimate interest is to make it as easy and convenient as possible for our users to start a game session together and thereby provide users with a special gaming experience. At the same time, this is also in the interest of our users, both the sender and the recipient of invitations to game sessions. A possible opposing interest of the recipients to the effect that no transfer of their data to Google takes place is taken into account by the fact that such a data transfer only takes place when the recipient voluntarily clicks on the invitation link sent and therefore expresses that they accept the game invitation. From this point onwards, it can no longer be assumed that the recipient has a conflicting interest with regard to the processing of their personal data via our Games App.
13.4 From the aforementioned data, Google also creates reports on the use of links to Games Apps, which we evaluate. These reports tell us about the use of the links created, the functioning of the links and any subsequent app openings or installations of the Games App in question. All of these reports always contain only aggregated data and do not allow us to draw any conclusions about individual users; we cannot view data on individual users. The data processing described above is necessary to protect our legitimate interests (Art. 6 (1) sentence 1 (f) GDPR), whereby our legitimate interest is to be able to provide users with the best possible functionalities in our Games Apps in order to offer users an optimal gaming experience. To do this, we need insights from the users' interactions with the links provided and their functionalities. At the same time, access to this data is necessary to be able to monitor and improve the functionalities of inviting people to play together. This is the only way we can provide and maintain this service requested by users (§25 (2) no. 2 TTDSG).
13.5 From the aforementioned data, Google also compiles reports on the use
of links to Games Apps which we evaluate. These reports provide us with
information about the use of the generated links, the functioning of the
link and any subsequent app openings or installations of the relevant Games
App. However, we do not receive any information about the user navigation
following the click on the link. All these reports only contain aggregated
data and do not allow us to draw any conclusions about individual Users;
data about individual Users are not visible to us. The data processing
described above is necessary to protect our legitimate interests (Article 6
(1) sentence 1 lit. f) GDPR), whereby our legitimate interest is to be able
to provide users with the best possible functionalities in our Game Apps in
order to offer users an optimal gaming experience. For this purpose, we
need insights from the Users' interactions with the provided links and
their functionalities.
13.6 Google also processes the aforementioned data collected via the
Firebase service to the extent covered by its own privacy policy which you
can find at https://policies.google.com/privacy. There you will also find
additional information on Google's handling of personal data.
13.7 We would like to point out that the transmission of data to servers in
the USA used by Google LLC may involve additional risks, for instance the
enforcement of your rights to these data may be more difficult. In order to
counter these risks, we have concluded the standard data protection clauses
by the EU Commission with Google LLC for this data transfer and also
stipulated appropriate protective measures therein, which, depending on the
need for protection of the data, also include data encryption and can be
improved in accordance with the legal and technical conditions for
appropriate protection of the data. If data is transferred to Google LLC in
the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
14. Error evaluation using Sentry Analytics
14.1 In order to detect and correct technical errors, we use the Sentry
Analytics service provided by Functional Software, Inc. dba Sentry, 132
Hawthorne Street, San Francisco, CA 94107 ("Sentry"). For this purpose,
during the game session of a Games App, technical details on the use of the
game and any action in the game are stored locally on your device. In the
event of an error, these technical details, insofar as they are temporally
related to the occurrence of the error, as well as your IP address are
transmitted to Sentry and processed by Sentry together with the following
data: information on the hardware and the operating system used on your
device, name and version of the Games App used as well as the date, time,
details of the error that occurred and game-related data in connection with
the error. Sentry does not profile
you at any time. On the basis of the above information, Sentry will, on
behalf of Lotum, only produce reports and evaluations of identifiable
errors, including the circumstances under which the error occurred, which
may therefore provide information about possible causes of the error. In
this context, the aforementioned data are also transmitted to a Sentry
server in the USA and stored there. However, the data transferred for the
Sentry service will not be associated to other data by Sentry and will be
used solely for the analysis and correction of the technical error. The
data collected will be stored by the Sentry service for a maximum of 90
days and then deleted.
14.2 Further information and Sentry's applicable privacy policy can be
found at https://sentry.io/terms/ and https://sentry.io/privacy/.
14.3 We use the Sentry service to eliminate bugs in our Games Apps and difficulties in their use as quickly and comprehensively as possible and therefore to be able to continuously develop our offer in terms of a trouble-free user experience. For these reasons, access to the aforementioned data is also absolutely necessary pursuant to §25 (2) no. 2 TTDSG. The legal basis for the subsequent data processing in the use of the Sentry service is our aforementioned legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. Your legitimate interests are taken into account by removing any reference to your person after the technical data has been transferred from your end device, but before it is evaluated. If you still do not want your data to be collected by the Sentry service in case of a possible error analysis, we must ask you to refrain from playing on the free Games Apps.
14.4 We would like to point out that Sentry may also process data outside
the EU or the European Economic Area, in particular on servers located in
the USA. This may result in risks for Users, for example because it may
make it more difficult to enforce Users' rights. We take these risks into
account by taking appropriate protective measures in accordance with Art.
44 et seq. GDPR in particular by agreeing on the standard data protection
clauses of the EU Commission with Sentry, which provide for appropriate
protective measures such as encryption of data in individual cases. If data
is transferred to Sentry in the USA, this is based on Art. 46 (2) (c) GDPR.
15. Strorage, storage period and deletion of data
15.1 We will process your personal data for as long as is necessary to
achieve the purposes of the processing, is required by law to retain the
data or is necessary for other reasons. Subsequently, the data will be
deleted in accordance with the statutory provisions.
15.2 However, we retain data that we store for legal reasons for as long as
this is legally required. After expiry of a statutory retention period, the
data are deleted immediately, unless there are other reasons preventing
deletion in terms of Article 17 (3) GDPR.
16. data security
Lotum has taken appropriate technical and organisational measures to
protect personal data against accidental loss, damage, unauthorised access
and unauthorised alteration. In particular, Lotum's data are only
transferred in encrypted form. Lotum however clarifies that data protection
and data security cannot be guaranteed for transfers outside Lotum's sphere
of influence.
17. Disclosure of personal data to third parties
17.1 Personal data will only be transferred to third parties without the
User's explicit consent if this is necessary for the provision of Lotum's
services (e.g. for the technical provision of the offer), unless stated
otherwise at another point in this Privacy Policy. Accordingly, a transfer
of data to such service providers (such as technical service providers)
takes place in order to protect our legitimate interests pursuant to
Article 6 (1) sentence 1 lit. f) GDPR, namely in order to be able to
provide our Games Apps for retrieval at all. Of course, Lotum will ensure
that the respective service provider has taken appropriate technical and
organisational measures to guarantee the security of the data before
forwarding the User's personal data.
17.2 We store the data which we collect when the Games Apps are used with the help of third-party services. We use the Google Cloud and Google Firebase services, both of which are provided by Google as well as in some cases the service Couchbase Capella Cloud, provided by Couchbase, Inc. 3250 Olcott Street, Santa Clara, CA 95054, United States („Couchbase“). These services may also collect and possibly store the IP address of your device when you use the Games Apps, but for a maximum of 30 days. However, Lotum does not receive the IP addresses directly and only views IP addresses collected by these services in exceptional cases and only if a legal basis exists, in particular insofar as this is necessary to protect Lotum's legitimate interests (e.g. during maintenance work or in the event of the investigation of technical problems). We use these services to provide the aforementioned data for playing the Games App efficiently and with the lowest possible error rate to thereby ensure a smooth use of the game features. The legal basis for the associated data processing is Article 6 (1) sentence 1 lit. f) GDPR, whereby our legitimate interest is an optimal, technically sound provision of the Games App. For this purpose, access to the aforementioned data is also absolutely necessary pursuant to §25 (2) no. 2 TTDSG. Google and Couchbase may also transfer the collected data to their servers in the USA. We have concluded the standard data protection clauses adopted by the EU Commission with Google and Couchbase to safeguard the transfer of data to the USA. We have also concluded a data processing agreement with Google and Couchbase. The forwarding of personal data to Google in connection with the aforementioned services is therefore based on Article 46 (2) lit. c) and 28 GDPR.
17.3 Otherwise Lotum will not pass on the User's personal data to third
parties, unless the User has expressly consented to the transfer (Article 6
(1) sentence 1 lit. a) GDPR) and Lotum is neither entitled nor obliged to
transfer the data due to legal regulations or court orders. In the latter
case, Lotum will transfer the data in order to fulfil a legal obligation
according to Article 6 (1) sentence 1 lit. c) GDPR.
18. User Rights
18.1 Right to Object
The User has the right to object at any time, for reasons arising from the
User's particular situation, to data processing based on Article 6 (1)
sentence 1 lit. f) GDPR, unless Lotum can prove compelling reasons worthy
of protection outweighing the User's interests, or the processing serves to
assert, exercise or defend legal claims. The User may object to data
processing for the purpose of direct marketing at any time without having
to furnish special reasons for doing so.
18.2 Right to Information
The User has the right to obtain from Lotum information on personal data
concerning the User stored at Lotum, on purposes of the processing, where
such data come from, what kind of disclosure has been carried out,
recipients or categories of recipients to whom personal data have been
disclosed, storage period, and on the data subject's rights, free of
charge, in writing or electronic form.
18.3 Right to Rectification, Erasure and/or Restriction of Data Processing
The User also has the right to demand at any time the rectification of
inaccurate data, the deletion and/or, under the legal conditions, the
restriction of the processing of the personal data stored about this User.
The right to erasure exists only to the extent that Lotum is not legally
required to retain the data and that there are no other reasons in terms of
Article 17 (3) GDPR that prevent the erasure. Insofar as this includes
personal data that are necessary for the provision of services to the User,
the erasure or restriction of the processing of such data may only be
carried out once the User no longer uses Lotum's offer.
18.4 Right to Data Portability
Moreover, in case the User has provided personal data concerning the User,
and Lotum has processed these data due to the User's consent or for the
purposes of performance of contract, the User has the right to request to
be provided with these data from Lotum in a structured, commonly used and
machine-readable format, as well as the right to have this information
transmitted by Lotum to another data controller, where it is technically
feasible (so-called right to data portability).
18.5 Right to Withdraw a Consent
All consents to the use of personal data declared by the User can be freely
revoked by the User at any time with effect for the future.
18.6 Right to Lodge a Complaint with a Supervisory Authority
The User may also lodge a complaint with a supervisory authority against a
data processing which in the User's opinion violates the statutory
provisions.
19. Changes to this Privacy Policy
Lotum reserves the right to change this Privacy Policy at any time, and
Lotum will always comply with the legal requirements of data protection.
Therefore, Lotum recommends that Users regularly take note of the most
up-to-date Privacy Policy. Lotum will inform Users in advance on further
use of data, for example by messages in this respect, in the Games App or
by so-called push notifications, insofar as you have allowed such push
notifications.
Lotum one GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, games@lotum.de
Data Protection Officer: Susanne Klein, c/o Beiten Burkhardt Services GmbH,
Ganghoferstraße 33, 80339 Munich, Germany, privacy@lotum.de