Lotum One GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany ("Lotum" or "we") respects and protects your personal data.
The following privacy policy is intended to inform you in greater detail about the collection, processing, and use of data in connection with the website.
Lotum collects, processes and uses personal data exclusively within the framework of the applicable legal regulations. Therefore, the high data protection standards of the General Data Protection Regulation ("GDPR") and the Telecommunications Digital Services Data Protection Act ("TDDDG") apply.
1.1. This privacy policy is addressed to all users of the website (“Users”).
1.2. As far as certain Lotum services have a different privacy policy, then that policy applies.
1.3. The scope of this Privacy Policy does not include services and offers of third parties that may be referred to in the Games by so-called links. Lotum neither assumes responsibility for their content nor for compliance with data protection regulations by these third parties, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links via which social networks such as Facebook, Discord or chat apps such as WhatsApp can be accessed, and to links in advertisements that are played. For information on the handling of the User's personal data and their respective protection on these platforms, please refer to the privacy statement on the respective platform.
1.4. The Facebook Instant Games are only accessible via the Facebook network operated solely by Facebook and only if you have registered for the Facebook network and are logged into your Facebook user account. Data processing that Facebook collects and processes when you register your Facebook user account and each time you access the Facebook network is excluded from the scope of this privacy policy. This also applies to cookies that Facebook may set for statistical analysis when you visit the Facebook website. Facebook carries out this data processing independently and on its own responsibility, without us having any influence over it. Further information on this data processing by Facebook can be found in Facebook's privacy policy at:
https://www.facebook.com/privacy/explanation
1.5. Games on the Discord platform ("Discord Activities") are only accessible through the platform operated solely by Discord and only if you have registered for Discord and are logged into your Discord user account. Data processing that Discord collects and processes when you register your Discord user account and each time you use Discord is excluded from the scope of this privacy policy. This also applies to cookies and other technologies that Discord may set for statistical analysis when you access Discord's services. Discord carries out this data processing independently and on its own responsibility, without us having any influence over it. Further information on this data processing by Discord can be found in Discord's privacy policy at:
https://discord.com/privacy
1.6. Third-party services that may be referenced by the website via so-called links are likewise excluded from the scope of this privacy policy. Lotum generally assumes no responsibility for their content or for their compliance with data protection regulations, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links to social networks such as LinkedIn and Xing. Users can find information on the handling and protection of their personal data on these platforms in the respective platform’s privacy policy.
2.1. When visiting Lotum's website, information that your browser automatically transmits to us is logged. This includes the IP address of the device you are using, the date and time (including time zone) of each access to the website, as well as the information about which specific page or file was requested, the domain from which the respective request originated (so-called referrer URL), the operating system used, and the browser used. These are data that are absolutely necessary for the use of the website.
2.2. Lotum collects this data for the provision of the website on the basis of § 25 (2) no. 2 TDDDG and processes this data in accordance with Article 6 (1) sentence 1 lit. f) GDPR, whereby Lotum's legitimate interest is the provision of the website.
2.3. Lotum may also use the aforementioned data to ensure the proper and secure operation of the website, i.e., in particular for IT security purposes. The basis for this further processing is Article 6 (1) sentence 1 lit. f) GDPR, whereby Lotum's legitimate interest is to ensure the security of the website.
3.1. We provide the website and the media files contained therein using third-party services. For this purpose, we use the service Firebase Hosting, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Firebase”).
3.2. This service may collect and, if necessary, store the IP address of your device when you use the website. However, Lotum does not directly receive the IP addresses and only accesses IP addresses collected by these services in exceptional cases and only when there is a legal basis, particularly when it is necessary to protect Lotum’s legitimate interests (e.g., during maintenance work or in the event of technical issue investigations). We use this service and the aforementioned data to provide the website efficiently and with the lowest possible error rate, thereby ensuring the smooth use of the website’s functions. The legal basis for the related data processing is Article 6 (1) sentence 1 lit. f) GDPR, whereby our legitimate interest is the optimal and technically flawless provision of the website. Access to the mentioned data is also absolutely necessary for this purpose (§ 25 (2) no. 2 TDDDG).
3.3. Further information and the applicable privacy policies of Firebase can be found at:
https://firebase.google.com/support/privacy
3.4. Firebase is part of Google Cloud and may also process data on servers outside the EU, particularly in the USA. In such cases, the data transfer is based on the standard contractual clauses approved by the EU Commission pursuant to Article 46 (2) lit. c) GDPR, in order to ensure an adequate level of data protection. In addition, supplementary protective measures have been implemented, which may include encryption of the data depending on the level of protection required.
4.1. To analyze and attribute app installations triggered via our website, we use Firebase Dynamic Links, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Firebase”).
4.2. When such links are used, Firebase may process certain information to determine whether and through which source an app installation was triggered. In particular, the IP address of the device, mobile device identifiers, timestamps, user interactions with the link, and, if applicable, referrer data may be collected and processed. This information is used solely for the purpose of correct attribution and performance evaluation of app installations. Lotum does not receive any personal profiles or user histories, but only aggregated or pseudonymized evaluations.
4.3. The legal basis for the use of Singular is Article 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest lies in measuring the success of our marketing activities and efficiently managing advertising budgets. If the processing by Singular is not strictly necessary, it is carried out only with your consent pursuant to § 25 (1) TDDDG or Article 6 (1) lit. a) GDPR (depending on the type of tracking and device used).
4.4. Further information on data protection at Firebase can be found at:
https://firebase.google.com/support/privacy
4.5. Firebase reserves the right to process data on servers at other locations as well, such as in the USA. For this data transfer with Firebase, we have concluded the EU Commission’s standard data protection clauses and defined appropriate protective measures within them, which may include encryption of the data depending on its sensitivity and can be enhanced in accordance with the legal and technical conditions for adequate data protection. Therefore, if data is transferred to Firebase in the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
5.1. If you contact our customer support or reach out to us through other means (e.g., via a contact form within the Game), the information you provide, including your contact details, will be processed to handle and resolve your inquiry. This includes investigating and addressing any issues with the Game, as well as responding to follow-up questions. When contacting customer support through the Game, additional information such as game details, your game progress, Player ID, the specific issue in question, and relevant technical data from your device will also can be processed.
5.2. If you notify our customer support or otherwise contact us (e.g. via the contact form), the information you provide when contacting us (game title, Support ID, email address), will be processed for the purpose of handling your enquiry and processing it, including in the event of follow-up questions.
5.3. We process this data in accordance with Art. 6 (1) (b) GDPR when you contact us within the scope of an existing contract for the use of the Game or to initiate such a contractual relationship. If your inquiry relates to reporting content you believe to be illegal, the processing is carried out under Art 6 (1) (c) GDPR in conjunction with Art 16 of the Digital Services Act (DSA). Otherwise, the storage and use of your data are based on Art 6 (1) (f) GDPR, where our legitimate interest is to ensure the thorough handling of your request and resolution of any technical issues. Access to the data stored on your device is essential, in accordance with § 25 (2) No. 2 TDDDG, for Lotum to address your support request.
6.1. We process your personal data as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in accordance with statutory laws.
6.2. Data that we store for legal reasons, however, is stored for as long as this is required by law. After expiry of a statutory retention period, the data will be deleted without undue delay, unless there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.
7.1. Lotum has taken appropriate technical and organizational measures to protect personal data against accidental loss, damage, unauthorized access or unauthorized changes. In particular, Lotum will transmit data only in encrypted form. However, Lotum points out that privacy and data security cannot be guaranteed for transmissions outside Lotum's sphere of influence.
8.1. Personal data will only be transferred to third parties without the User's explicit consent if this is necessary for the provision of Lotum's services (e.g. for the technical provision of the offer), unless stated otherwise at another point in this Privacy Policy. Accordingly, a transfer of data to such service providers (such as technical service providers) only takes place in order to protect our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR. Of course, Lotum will ensure that the respective service provider has taken appropriate technical and organizational measures to guarantee the security of the data before forwarding the User's personal data.
8.2. Apart from that, Lotum will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) sentence 1 lit. a) GDPR) and Lotum is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Lotum will transfer the data in order to fulfill a legal obligation according to Article 6 (1) sentence 1 lit. c) GDPR.
The user has the right to object at any time to data processing based on Art. 6 (1) lit. e) or lit. f) GDPR for reasons arising from his particular situation, unless Lotum can prove compelling reasons worthy of protection, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.
The user has the right to obtain free of charge from Lotum the personal data stored by Lotum concerning him or her, the processing purposes, their origin, which transfer to which recipients or categories of recipients took place, the storage period and the rights of the data subjects available to him or her.
Furthermore, the user has the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about him or her, insofar as there is no legal obligation for Lotum to keep records or other reasons in the sense of Art. 17 (3) GDPR which prevents deletion. Insofar as this includes personal data that is necessary for the provision of services to the user, the deletion or restriction of the processing of this data can only take place when the user no longer uses Lotum's services.
If the user provides data relating to him or her and Lotum processes such data on the basis of the user's consent or in order to fulfill the contract, the user may request that he/she receives such data in a structured, current and machine-readable format from Lotum or that Lotum transmits such data to another controller, insofar as this is technically possible (so-called right to data portability).
Any consent given by the user to the use of personal data can be freely revoked by the user at any time with effect for the future.
The user may also lodge a complaint with a supervisory authority against data processing which he or she considers to be in breach of the statutory provisions.
10.1. Lotum reserves the right to change this privacy policy at any time, while Lotum will always comply with the legal requirements of data protection. Therefore, Lotum recommends that users regularly take note of the applicable privacy policy. Lotum will inform users in advance of any further use of data, for example via in-game notification or so-called push notifications in your browser, if you allow such push notifications.
Lotum One GmbH, Am Goldstein 1, 61231 Bad Nauheim, Deutschland
Data Protection Officer of Lotum One GmbH: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 München, Germany, privacy@lotum.de