Lotum One GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany ("Lotum" or "we") respects and protects your personal data.
Lotum collects, processes and uses personal data exclusively within the framework of the applicable legal regulations. Therefore, the high data protection standards of the General Data Protection Regulation ("GDPR") and the Telecommunications Digital Services Data Protection Act ("TDDDG") apply.
1.1. We develop games within Reddit Devvit ("Game" or "Games") that are made available for use on Reddit, which is operated by Reddit Inc. ("Reddit"). With the following Privacy Policy, we would like to inform you in more detail about the collection, processing and use of data in connection with our Reddit Devvit.
1.2. As far as certain Lotum services have a different Privacy Policy, then that policy applies.
1.3. The scope of this Privacy Policy does not include services and offers of third parties that may be referred to in the Games by so-called links. Lotum neither assumes responsibility for their content nor for compliance with data protection regulations by these third parties, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links via which social networks such as Facebook, Discord or chat apps such as WhatsApp can be accessed, and to links in advertisements that are displayed. For information on the handling of the User's personal data and their respective protection on these platforms, please refer to the privacy statement on the respective platform.
2.1. When you launch and use Lotum's Game Apps, a connection may automatically be established with our servers, depending on the Game App, to offer you the required content for the Game App. During this process, information transmitted by your device is logged. This includes the IP address of your device, details about the operating system, the installed Game App and its version, as well as the date, time (including time zone), and specific content accessed within the Game App.
2.2. Lotum processes this data to provide the Game App and ensure access to its latest content. Processing this data is essential for entering into the user contract for the Game App and the associated services provided by Lotum. The legal basis for this data processing, in order to fulfill contractual obligations, is Art. 6 (1) (b) GDPR. Users may voluntarily provide additional information in connection with the offer. Lotum may collect and process personal data to fulfill its contractual obligations to you, such as for Users to create a player profile. Depending on the Game App, this data may include the name you provided and information identifying your device.
3.1. If you contact our customer support or reach out to us through other means (e.g., via a contact form within the Game), the information you provide, including your contact details, will be processed to handle and resolve your inquiry. This includes investigating and addressing any issues with the Game, as well as responding to follow-up questions. When contacting customer support through the Game, additional information such as game details, your game progress, Player ID, the specific issue in question, and relevant technical data from your device will also be processed.
3.2. We process this data in accordance with Art. 6 (1) (b) GDPR when you contact us within the scope of an existing contract for the use of the Game or to initiate such a contractual relationship. If your inquiry relates to reporting content you believe to be illegal, the processing is carried out under Art 6 (1) (c) GDPR in conjunction with Art 16 of the Digital Services Act (DSA). Otherwise, the storage and use of your data are based on Art 6 (1) (f) GDPR, where our legitimate interest is to ensure the thorough handling of your request and resolution of any technical issues. Access to the data stored on your device is essential, in accordance with § 25 (2) No. 2 TDDDG, for Lotum to address your support request.
4.1. The app may involve data processing activities to improve its content, functionality, and performance ("Analytics"). We use Analytics to understand and visualize how users interact with the app. This helps us identify areas that need improvement and make the app more user-friendly. For instance, we analyze how users engage with specific features and game content, such as whether a certain game level is reached and successfully completed by users. Depending on the app and its usage, Analytics may track which parts of the app are accessed, how often, and for how long. This includes collecting technical data, such as your IP address, device details (like manufacturer, model, language settings, and country of use), and an anonymized user ID. Our analytics methods are designed to aggregate and interpret this data at a high level, without focusing on or identifying individual users. These insights, such as how users interact with features or game content (e.g., whether certain levels are reached and completed), are essential for optimizing the app and guiding its further development.
4.2. To ensure the app functions correctly, monitor its overall performance, and better understand user engagement, Lotum may process limited data related to how the app is used. This helps us meet user interests by verifying that the app is working as expected, checking if it performs as intended, and identifying areas where users may face difficulties. This information is essential for continuously improving the app’s performance, resolving technical issues, and enhancing the overall user experience, all in the best interest of our users.
4.3. This processing activity is carried out without the involvement of third-party analytics services. The legal basis for this is Art. 6 (1) (f) GDPR, supported by the exemption under § 25 (2) of the TDDDG.
4.4. We use data aggregation and visualization to view how the user base generally interacts with the Game and whether and how certain functions and game content are generally used (for example, whether a certain game level is reached and successfully completed by Users at all), in order to identify any need for improvement and a scope for making the functions and content of the Games even more user-friendly, and to be able to further develop our Games on this basis. The purpose is to be able to understand how users interact with the app as a whole, and, if applicable, in specific game sections. The information is evaluated in an aggregated form only and does not contain any personal or individual-level data. These processing activities rely exclusively on data that has already been collected through other analytics services.
4.5. We use the service "Hex", provided by Hex Technologies Inc., 2261 Market Street, #4233, San Francisco, CA 94114, USA, as well as "Looker", provided by Looker Data Sciences Inc., 101 Church Street, Santa Cruz, CA 95060, USA (“Looker”) for certain data processing operations. Hex is a cloud-based data analytics platform that supports us in processing and analyzing user interactions, device usage data, and other app-related information — for example, to improve gameplay or enhance the user experience.
4.6. The service provider operates servers in the USA, where this data may be processed. We would like to point out that the transmission of data to servers in the USA used by the service provider may involve additional risks, for instance, the enforcement of your rights to this data may be more difficult. In order to counter these risks, we have concluded several measures. The transmissions are protected by transport encryption. We have ensured that the service provider is a participant of the EU-U.S. Data Privacy Framework. Therefore, the data transfer is based on Art. 45 GDPR. Additionally, we have concluded the standard data protection clauses adopted by the EU Commission with the service provider to safeguard the transfer of data to the USA. We have also concluded a data processing agreement with the service provider. The transfer of personal data to the service provider in connection with the aforementioned services can therefore also be based on Art. 46 (2) lit. c) and 28 GDPR.
4.7. The processing of this data is carried out for the technical provision, improvement, and analysis of our services. The legal basis for this is Article 6(1)(f) GDPR (legitimate interest) or Article 6(1)(b) GDPR (performance of a contract), insofar as users make use of contractual services.
4.8. Further information and the applicable privacy policy on Looker's handling of personal data can be found at https://looker.com/trust-center/privacy/policy/.
4.9. Further information and the applicable privacy policy onHex's
handling of personal data can be found at
https://learn.hex.tech/docs/trust/privacy-policy
5.1. We use error reporting to detect and resolve technical issues that may occur during your use of the app. When an error happens, technical details related to the usage of the app, as well as in-game actions, are collected. This data helps us analyze the circumstances surrounding the error and its potential causes, allowing us to improve the app’s stability and provide a smoother user experience. In most cases, the information collected does not contain personal data, but in certain instances, it may include personal data necessary to diagnose and fix the issue. Where possible we avoid processing personal data for this purpose.
5.2. For error reporting, we utilize the Sentry Analytics service, provided by Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107 ("Sentry"). In the event of an error, technical data such as device information, app version, and error-specific details are transmitted to Sentry, which processes this information on our behalf. Due to the way the data is processed it is not possible for Sentry or us to identify you from the data transmitted to and processed by Sentry. The data transferred for the Sentry service will not be associated with other data by Sentry and will be used solely for the analysis and correction of the technical error. Further information and Sentry's applicable privacy policy can be found at https://sentry.io/terms/ and https://sentry.io/privacy/. The data collected will be stored by the Sentry service for a maximum of 90 days and then deleted.
5.3. Sentry operates servers in the USA, where this data may be processed. We would like to point out that the transmission of data to servers in the USA used by Sentry may involve additional risks, for instance, the enforcement of your rights to this data may be more difficult. In order to counter these risks, we have concluded several measures. The transmissions are protected by transport encryption. We have ensured that Sentry is a participant of the EU-U.S. Data Privacy Framework. Therefore, the data transfer is based on Art. 45 GDPR. Additionally, we have concluded the standard data protection clauses adopted by the EU Commission with Sentry to safeguard the transfer of data to the USA. We have also concluded a data processing agreement with Sentry. The transfer of personal data to Functional Software, Inc. in connection with the aforementioned services can therefore also be based on Art. 46 (2) lit. c) and 28 GDPR.
5.4. The legal basis for processing error-related data as described above is our legitimate interest under Art 6 (1) (f) GDPR. Our legitimate interest lies in maintaining the functionality and stability of the Game App by quickly identifying and resolving technical issues. We take into account your privacy by anonymizing any known personal references before analysis. Where possible, we avoid processing personal data for error reporting. If you still do not want your data to be collected by the Sentry service in case of a possible error analysis, we must ask you to refrain from playing the free apps. In cases where data is transferred to Sentry in the USA, this is done in compliance with Art 46 (2) (c) GDPR, supported by the standard data protection clauses agreed with Sentry.
6.1. We process your personal data as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in accordance with statutory laws.
6.2. Data that we store for legal reasons, however, is stored for as long as this is required by law. After expiry of a statutory retention period, the data will be deleted without undue delay, unless there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.
7.1. Lotum has taken appropriate technical and organizational measures to protect personal data against accidental loss, damage, unauthorized access or unauthorized changes. In particular, Lotum will transmit data only in encrypted form. However, Lotum points out that privacy and data security cannot be guaranteed for transmissions outside Lotum's sphere of influence.
8.1. Personal data will only be transferred to third parties without the User's explicit consent if this is necessary for the provision of Lotum's services (e.g. for the technical provision of the offer), unless stated otherwise at another point in this Privacy Policy. Accordingly, a transfer of data to such service providers (such as technical service providers) only takes place in order to protect our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR. Of course, Lotum will ensure that the respective service provider has taken appropriate technical and organizational measures to guarantee the security of the data before forwarding the User's personal data.
8.2. Apart from that, Lotum will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) sentence 1 lit. a) GDPR) and Lotum is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Lotum will transfer the data in order to fulfil a legal obligation according to Article 6 (1) sentence 1 lit. c) GDPR.
The user has the right to object at any time to data processing based on Art. 6 (1) lit. e) or lit. f) GDPR for reasons arising from his particular situation, unless Lotum can prove compelling reasons worthy of protection, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.
The user has the right to obtain free of charge from Lotum the personal data stored by Lotum concerning him or her, the processing purposes, their origin, which transfer to which recipients or categories of recipients took place, the storage period and the rights of the data subjects available to him or her.
Furthermore, the user has the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about him or her, insofar as there is no legal obligation for Lotum to keep records or other reasons in the sense of Art. 17 (3) GDPR which prevents deletion. Insofar as this includes personal data that is necessary for the provision of services to the user, the deletion or restriction of the processing of this data can only take place when the user no longer uses Lotum's services.
If the user provides data relating to him or her and Lotum processes such data on the basis of the user's consent or in order to fulfill the contract, the user may request that he/she receives such data in a structured, current and machine-readable format from Lotum or that Lotum transmits such data to another controller, insofar as this is technically possible (so-called right to data portability).
Any consent given by the user to the use of personal data can be freely revoked by the user at any time with effect for the future.
The user may also lodge a complaint with a supervisory authority against data processing which he or she considers to be in breach of the statutory provisions.
10.1. Lotum reserves the right to change this privacy policy at any time, while Lotum will always comply with the legal requirements of data protection. Therefore, Lotum recommends that users regularly take note of the applicable privacy policy. Lotum will inform users in advance of any further use of data, for example via in-game notification or so-called push notifications in your browser, if you allow such push notifications.
Lotum One GmbH, Am Goldstein 1, 61231 Bad Nauheim, Deutschland
10.2. Data Protection Officer: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 München, Germany, privacy@lotum.de