Privacy Policy Discord Games

Privacy Policy Discord Games

Lotum One GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany ("Lotum" or "we") respects and protects your personal data.

Lotum collects, processes and uses personal data exclusively within the framework of the applicable legal regulations. Therefore, the high data protection standards of the General Data Protection Regulation ("GDPR") and the Telecommunications Digital Services Data Protection Act ("TDDDG") apply.

1. Scope of Application

1.1. This privacy policy is directed to all users of the gaming apps ("Users"). If certain services or individual apps have a different privacy policy, that policy applies.

1.2. We develop games within Discord Activities ("Game" or "Games") that are made available for use on Discord, which is operated by Discord Inc. ("Discord"). With the following privacy policy, we would like to inform you in more detail about the collection, processing and use of data in connection with our Discord Activities.

1.3. The scope of this Privacy Policy does not include services and offers of third parties that may be referred to in the Games by so-called links. Lotum neither assumes responsibility for their content nor for compliance with data protection regulations by these third parties, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links via which social networks such as Facebook, Discord or chat apps such as WhatsApp can be accessed, and to links in advertisements that are played. For information on the handling of the User's personal data and their respective protection on these platforms, please refer to the privacy statement on the respective platform.

2. Data Processed when accessing and using Discord Activities

2.1. When you first access one of our Games, Discord will assign you a unique ID for each activity (the "Discord Activity ID" or "Game ID"), which is linked to your personal information and will disclose this ID to us. Discord also provides us with your nickname for the server, global name, and username. We also receive your profile picture and the language you have selected. However, we do not receive your region. Additionally, Discord provides us with a list of users who are currently online and participating in the same activity, but we do not receive any information about which other Discord users you are connected with outside of the activity.

Lotum receives and uses the Discord Activity ID and the aforementioned data solely to create your player profile in the Discord Activity to the extent necessary for using the activity. Hence, the data processing in this context is carried out for the purpose of performing the contract with you on the use of the Discord Activity pursuant to Art. 6 (1) lit. b) GDPR.

If you want to have the aforementioned data, including the player profile, deleted, you can send an email to games@lotum.de. In order to identify the data concerning you for deletion, we need your Discord Activity ID. Please note that it is not possible to use the Discord Activities without such a player profile. If you use our Discord Activities again after deletion of your player profile, a new player profile will be set up for you.

2.2. In order to enable you to launch and properly participate in the respective Game, Lotum collects and processes data required to run the Game (such as data on game progress such as completed levels, decisions and answers made in the game, jokers and aids used, high scores achieved, ongoing and paused game sessions). This data is linked to the Discord Activity ID. The processing of this data for the use of the Discord Activity is carried out for the performance of the contract with you on the use of the Discord Activity pursuant to Art. 6 (1) lit. b) GDPR.

2.3. In order to improve our Games, Lotum collects and processes data on the use of the Game (such as data on game progress such as completed levels, decisions and answers made in the game, jokers and aids used, high scores achieved, ongoing and paused game sessions). This information is used to provide Lotum with reports and analyses on the general use of the activities, allowing Lotum to gain insights for possible improvements and further developments of the Discord Activities. The data processing in connection with the above analyses of general Discord Activity usage and activity sessions is based on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, which consists in the continuous improvement of our activities to ensure the best possible, entertaining user experience. For such adjustments based on user experience, we need to know about the actual use of the Discord Activity.

3. Usage Analysis via Firebase

3.1. The Game implements functions of the Firebase service, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

3.2. Data on the general use of the Game are collected and evaluated via the Firebase service (so-called Google Analytics for Firebase). For these purposes, information on whether and how you use certain parts of the Game is collected together with the IP address, a hash of your Game ID and other technical data on your device and the configurations assigned to it (hereinafter "Device-Related Data"), such as the manufacturer and model of the device, the language setting and the advertising ID as well as the country from which you use the Discord Activity. At no time will personal data from your player profile, such as your username and Game ID, be transmitted to Google in clear text.

Google evaluates such data on our behalf and compiles aggregated reports for us. We use these reports to gain insight into the general use of the Game, in order to use this information to improve the content and functions of the Game and, in particular, to eliminate existing errors and problems. In addition to this we also get access to the in-game activity of individual users through Google, based on an anonymized user-id. Nevertheless, it is not relevant for Lotum which User used the respective Game and to what extent. It is therefore not a matter of creating user profiles for Lotum but rather of providing functional Games through the analysis of aggregated reports from Google. Google may also transfer these data to servers operated by Google LLC in the USA and analyze them there. However, in member states of the European Union or in other states that are party to the Agreement on the European Economic Area your IP address will be shortened and thus made anonymous before it is transmitted to a Google server in the USA.

3.3. Google also processes the aforementioned data collected via the Firebase service to the extent covered by its own privacy policy which you can find at https://policies.google.com/privacy. There you will also find additional information on Google's handling of personal data.

3.4. We would like to point out that the transmission of data to servers in the USA used by Google LLC may involve additional risks, for instance the enforcement of your rights to these data may be more difficult. In order to counter these risks, we have concluded the standard data protection clauses by the EU Commission with Google LLC for this data transfer and also stipulated appropriate protective measures therein, which, depending on the need for protection of the data, also include data encryption and can be improved in accordance with the legal and technical conditions for appropriate protection of the data. If data is transferred to Google LLC in the USA, such transfer is based on Article 46 (2) lit. c) GDPR. Google is a participant of the EU-U.S. Data Privacy Framework.

3.5. We only use Firebase for the data analyzing purposes described above, if you consent to it via your settings. In these cases, the legal basis for the processing of your data is Article 6 (1) sentence 1 lit. a) GDPR. You may revoke an already granted consent for data processing at any time with effect for the future. We have further concluded a data processing agreement with Google in accordance with Article 28 GDPR on data processing in the context of error analysis. Accordingly, Google will only process the data collected in this context in accordance with our instructions for this purpose. This forwarding of data to Google is therefore based on Article 28 GDPR.

4. Usage Analysis and Data Visualization via Looker

4.1. We also use Looker in our Games. This analytics and data visualization service is provided by Looker Data Science Inc., 101 Church Street Santa Cruz, CA 95060, USA („Looker").

4.2. We use this service to evaluate and visualize the use of our Games in order to identify any need for improvement and a scope for making the functions and content of the Games even more user-friendly, and to be able to further develop our Games on this basis. For this purpose, we use Looker to view how the user base generally interacts with the Game and whether and how certain functions and game content are generally used (for example, whether a certain game level is reached and successfully completed by Users at all). Looker in this context doesn’t collect any data by itself, but rather exclusively uses the data previously collected via the Firebase service. With the help of these data, Looker creates aggregated reports on the interactions of the user base in the respective app as a whole and, if applicable, also in specific game sections. Looker also includes demographic information about the user base of our Games (such as approximate age group and gender) in the reports. Even beyond that, we only ever receive aggregated data and no information that we could relate to individual users, as it is only relevant for the aforementioned purpose how the user base or specific user groups use the Game but not specific, individual Users.

4.3. Further information and the applicable privacy policy on Looker's handling of personal data can be found at https://looker.com/trust-center/privacy/policy.

4.4. The data used by the analysis service may be transferred by Looker to servers in the USA. In this particular case, Looker and we guarantee that appropriate protection measures are in place in accordance with Article 44 et seq. GDPR. In particular, Looker and we have agreed on the standard data protection clauses of the EU Commission as a precautionary measure which provide for appropriate protection measures for the specific case, such as encryption of the data, in accordance with Article 46 (2) lit. c) GDPR. The measures are also continuously developed and supplemented to the extent necessary to ensure an adequate level of data protection throughout.

4.5. We only use Looker for the data analyzing purposes described above, if you consent to it via your settings. In these cases, the legal basis for the processing of your data is Article 6 (1) sentence 1 lit. a) GDPR. You may revoke an already granted consent for data processing at any time with effect for the future.

5. Error Analysis With Sentry Analytics

5.1. In order to detect and correct technical errors, we use the service Sentry Analytics provided by Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107 ("Sentry"). For this purpose, during the play session of a Game, technical details regarding the use of the Game and any in-game actions will be stored locally on your device. In the event of an error, these technical details, insofar they are relevant based on the time at which the error occurred, as well as your IP address will be transmitted to Sentry and processed by Sentry along with the following data: Information regarding the hardware and operating system of your device, the name and version of the Game used, a hash of the Game ID as well as the date, time, details of the error that occurred and game-related data connected to the error. At no time will personal data from your player profile, such as your username and Game ID, be forwarded to Sentry in clear text. Sentry will not profile you at any time. Based on the aforementioned information, Sentry, on behalf of Lotum, merely provides reports and evaluations of apparent errors, including the circumstances of the error's occurrence which may therefore provide insight on possible causes for the error. In this context, the above-mentioned information will also be transmitted to and stored on a Sentry server in the USA. However, Sentry will not merge the data transmitted as part of the Sentry service with any other data and the data will only be used to analyze and correct the technical error. The data collected will be stored by the Sentry service for a maximum of 90 days and deleted afterwards.

5.2. For further information and the applicable privacy policies of Sentry please visit https://sentry.io/terms/ and https://sentry.io/privacy.

5.3. We use the Sentry service to resolve any errors in our Games and difficulties in using them as swiftly and thoroughly as possible, and thus to further develop our services continuously for ensuring a smooth user experience. The basis for using the Sentry service is our legitimate interest, as described above, in accordance with Art. 6 (1) (f) GDPR. Your legitimate interests are taken into account by removing any personal reference after a transmission of the technical data from your end device, but before its analysis. If you still do not want your data to be collected by the Sentry service in case of a possible error analysis, we must ask you to refrain from playing the free Games.

5.4. We would like to point out that Sentry may also process data outside the EU or the European Economic Area, in particular on servers located in the USA. This may result in risks for Users, for example because it may make it more difficult to enforce Users' rights. We take these risks into account by taking appropriate protective measures in accordance with Art. 44 et seq. GDPR in particular by agreeing on the standard data protection clauses of the EU Commission with Sentry, which provide for appropriate protective measures such as encryption of data in individual cases. If data is transferred to Sentry in the USA, this is based on Art. 46 (2) (c) GDPR.

6. Feedback Form

6.1. To improve our Game, we use a feedback form which can be found in the Game settings. If you send us your email address and other feedback information, you allow us to use this data to improve the Game and to contact you by email if we have any questions about your feedback. We process this data in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

6.2. The information you provide in the feedback form will be used exclusively for the purpose of improving the Game.

7. Support requests and contact via the game

7.1. If you notify our customer support or otherwise contact us (e.g. with a contact form in the Game), the information you provide in the contact, including the contact details given there, will be processed for the purpose of handling your enquiry and processing it, including investigating and rectifying any problems in the Game and in the event of follow-up questions. In the event of a request to our customer support via the Game, information on the Game, your game progress, Player-ID and, if applicable, the problematic part of the Game as well as technical data on your device will also be processed automatically.

7.2. If you notify our customer support or otherwise contact us (e.g. via the contact form), the information you provide when contacting us (game title, Support ID, email address), will be processed for the purpose of handling your enquiry and processing it, including in the event of follow-up questions.

7.3. We process this data in accordance with Art. 6 (1) sentence 1 lit. b) GDPR, if you contact us within the scope of an existing contract for the use of the Game or for the purpose of initiating such a contractual relationship. If you contact us regarding the reporting of individual information that you consider to be illegal content, the processing is carried out in accordance with Art. 6 (1) lit. c) GDPR in conjunction with Art. 16 DSA. Otherwise, this storage and use of data is based on Art. 6 (1) sentence 1 (f) GDPR, whereby our legitimate interest is the thorough processing of your respective request and the solution of any technical problems. Access to the data stored in your end device is absolutely necessary in accordance with § 25 (2) no. 2 TDDDG so that Lotum can answer your (support) request.

8. Storage Period and Erasure of Data

8.1. We process your personal data as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in accordance with statutory laws.

8.2. Data that we store for legal reasons, however, is stored for as long as this is required by law. After expiry of a statutory retention period, the data will be deleted without undue delay, unless there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.

9. Data Security

9.1. Lotum has taken appropriate technical and organizational measures to protect personal data against accidental loss, damage, unauthorized access or unauthorized changes. In particular, Lotum will transmit data only in encrypted form. However, Lotum points out that privacy and data security cannot be guaranteed for transmissions outside Lotum's sphere of influence.

10. Transmission to Third Parties

10.1. Personal data will only be transferred to third parties without the User's explicit consent if this is necessary for the provision of Lotum's services (e.g. for the technical provision of the offer), unless stated otherwise at another point in this Privacy Policy. Accordingly, a transfer of data to such service providers (such as technical service providers) only takes place in order to protect our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR. Of course, Lotum will ensure that the respective service provider has taken appropriate technical and organizational measures to guarantee the security of the data before forwarding the User's personal data.

10.2. Apart from that, Lotum will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) sentence 1 lit. a) GDPR) and Lotum is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Lotum will transfer the data in order to fulfill a legal obligation according to Article 6 (1) sentence 1 lit. c) GDPR.

11. User Rights

11.1 Right to Object

The user has the right to object at any time to data processing based on Art. 6 (1) lit. e) or lit. f) GDPR for reasons arising from his particular situation, unless Lotum can prove compelling reasons worthy of protection, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.

11.2 Right to Access

The user has the right to obtain free of charge from Lotum the personal data stored by Lotum concerning him or her, the processing purposes, their origin, which transfer to which recipients or categories of recipients took place, the storage period and the rights of the data subjects available to him or her.

11.3 Right to Correction, Deletion And/or Restriction of Data Processing

Furthermore, the user has the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about him or her, insofar as there is no legal obligation for Lotum to keep records or other reasons in the sense of Art. 17 (3) GDPR which prevents deletion. Insofar as this includes personal data that is necessary for the provision of services to the user, the deletion or restriction of the processing of this data can only take place when the user no longer uses Lotum's services.

11.4 Right to Data Portability

If the user provides data relating to him or her and Lotum processes such data on the basis of the user's consent or in order to fulfill the contract, the user may request that he/she receives such data in a structured, current and machine-readable format from Lotum or that Lotum transmits such data to another controller, insofar as this is technically possible (so-called right to data portability).

11.5 Right to Revoke Consent

Any consent given by the user to the use of personal data can be freely revoked by the user at any time with effect for the future.

11.6 Right to Complain to a Supervisory Authority

The user may also lodge a complaint with a supervisory authority against data processing which he or she considers to be in breach of the statutory provisions.

12. Changes to the Privacy Policy

12.1. Lotum reserves the right to change this privacy policy at any time, while Lotum will always comply with the legal requirements of data protection. Therefore, Lotum recommends that users regularly take note of the applicable privacy policy. Lotum will inform users in advance of any further use of data, for example via in-game notification or so-called push notifications in your browser, if you allow such push notifications.

Lotum One GmbH, Am Goldstein 1, 61231 Bad Nauheim, Deutschland

Data Protection Officer of Lotum One GmbH: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 München, Germany, privacy@lotum.de