Privacy Policy TikTok Minigames
Lotum two GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany ("Lotum" or
"we") respects and protects your personal data.
Lotum collects, processes or uses personal data exclusively within the
applicable legal framework. Therefore, the high data protection level of
the General Data Protection Regulation (GDPR) holds true.
1. FIELD OF APPLICATION
1.1 We develop games ("TikTok Minigames") that are available on the social
network TikTok, a platform provided by the TikTok Inc., 5800 Bristol
Parkway, Culver City, CA 90230, USA ("TikTok"). In this privacy policy, we
inform you about the collection, processing and use of personal data
concerning the TikTok Minigames.
1.2 Insofar as individual services of Lotum have different privacy
policies, these apply.
1.3 The TikTok Minigame can only be accessed via the TikTok network, which
is operated solely by TikTok, and only if you have registered for the
TikTok network and are logged in to your TikTok account. The processing of
data by TikTok when you register your TikTok account and every time you
access the TikTok network is excluded from the field of application of this
privacy policy. Likewise, data that TikTok may use for statistical
evaluations when you access the TikTok platform is not within this privacy
policy's scope. TikTok organizes the aforementioned data processing
independently and on its own responsibility, without us having any
influence on this. For further information on this data processing by
TikTok, see TikTok’s privacy policy under
https://www.tiktok.com/legal/privacy-policy.
2. DATA PROCESSED WHEN ACCESSING AND USING THE TIKTOK MINIGAMES
2.1 When you first access our TikTok Minigame, TikTok will disclose your
OpenID to us (the "Player ID"), which is linked to your personal
information. TikTok also provides us with technical information, e.g. your
IP address and a notification if you have concluded a screen recording of
our Minigame’s gameplay. Lotum receives and uses the Player ID and the
other aforementioned data solely to create your player profile in the
TikTok Minigame to the extent necessary for using the game. Hence, the data
processing in this context is carried out for the purpose of performing the
contract with you on the use of the TikTok Minigame pursuant to Art. 6 (1)
(b) GDPR. We would like to point out that Lotum does not receive any
additional personal data from your TikTok user account. Lotum will not use
the data to identify you or create user profiles for purposes other than
providing the TikTok Minigames. If you want to have the aforementioned data
on you, including the player profile, deleted, you can, for example, send
an email to games@lotum.de. In order to be able to identify the data
concerning you for deletion, we need your Player ID. Please note that it is
not possible to use the TikTok Minigames without such a player profile. If
you use our TikTok Minigames again after the deletion of your player
profile, a new player profile will be set up for you.
2.2 In order for you to access and play the respective TikTok Minigame,
including all game functions, Lotum collects and processes data on the use
of the TikTok Minigame (data on game progress such as completed levels,
decisions and answers made in the game, high scores achieved and game
sessions). This data is linked to the Player ID and added to your player
profile by Lotum. The processing of this data for the use of the TikTok
Minigames is carried out for the performance of the contract with you on
the use of the TikTok Minigames pursuant to Art. 6 (1) (b) GDPR.
2.3 At no point is data connected to your player profile, e.g. the number
of levels played within the TikTok Minigame, transferred from Lotum to
TikTok. TikTok may independently collect data regarding your access to the
TikTok Minigames and the screen recordings made of the TikTok Minigame’s
gameplay. TikTok uses the aforementioned information independently and on
its own responsibility for its individual purposes and may collect and
process additional data, including information from your TikTok account,
for these purposes, without us being involved or having any influence on
this. Details of this use of your personal data are explained in the TikTok
privacy policy, which you can view under
https://www.tiktok.com/legal/privacy-policy.
3. USAGE ANALYSIS VIA FIREBASE
3.1 The TikTok Minigame implements functions of the Firebase service, which
is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin
4, Ireland ("Google").
3.2 Data on the general use of the TikTok Minigame is collected and
evaluated via the Firebase service (so-called Google Analytics for
Firebase). For these purposes, information on whether and how you use
certain parts of the TikTok Minigames is collected together with the IP
address, a hash of your Player ID and other technical data on your device
and the configurations assigned to it (hereinafter "Device-Related Data"),
such as the manufacturer and model of the device, the language setting and
the advertising ID as well as the country from which you use the TikTok
Minigame. At no time will personal data from your player profile, such as
your Player ID, be transmitted to Google in cleartext.
Google evaluates such data on our behalf and compiles aggregated reports
for us. We use these reports to gain insight into the general use of the
TikTok Minigame, in order to use this information to improve the content
and functions of the TikTok Minigame and, in particular, to eliminate
existing errors and problems. In addition to this, we also get access to
the in-game activity of individual users through Google, based on an
anonymized user-id. Nevertheless, it is not relevant for Lotum which user
used the TikTok Minigame and to what extent. It is, therefore, not a matter
of creating user profiles for Lotum but rather of providing functional
TikTok Minigames through the analysis of aggregated reports from Google.
Google may also transfer these data to servers operated by Google LLC in
the USA and analyze them there. However, in member states of the European
Union or in other states that are party to the Agreement on the European
Economic Area, your IP address will be shortened and thus made anonymous
before it is transmitted to a Google server in the USA.
3.3 Google also processes the aforementioned data collected via the
Firebase service to the extent covered by its own privacy policy, which you
can find at https://policies.google.com/privacy. There you will also find
additional information on Google's handling of personal data.
3.4 We would like to point out that the transmission of data to servers in
the USA used by Google LLC may involve additional risks, for instance, the
enforcement of your rights to these data may be more difficult. In order to
counter these risks, we have concluded the standard data protection clauses
by the EU Commission with Google LLC for this data transfer and also
stipulated appropriate protective measures therein, which, depending on the
need for protection of the data, also include data encryption and can be
improved in accordance with the legal and technical conditions for
appropriate protection of the data. If data is transferred to Google LLC in
the USA, such transfer is based on Article 46 (2) (c) GDPR.
3.5 We only use Firebase for the data analyzing purposes described above if
you consent to it via your TikTok settings. In these cases, the legal basis
for the processing of your data is Article 6 (1) (a) GDPR. You may revoke
an already granted consent for data processing at any time with effect for
the future. We have further concluded a data processing agreement with
Google in accordance with Article 28 GDPR on data processing in the context
of error analysis. Accordingly, Google will only process the data collected
in this context in accordance with our instructions for this purpose. This
forwarding of data to Google is therefore based on Article 28 GDPR.
4. USAGE ANALYSIS AND DATA VISUALIZATION VIA LOOKER
4.1 We also use Looker in our TikTok Minigame. This analytics and data
visualization service is provided by Looker Data Science Inc., 101 Church
Street Santa Cruz, CA 95060, USA („Looker").
4.2 We use this service to evaluate and visualize the use of our TikTok
Minigames to identify any need for improvement and a scope for making the
functions and content of the TikTok Minigames even more user-friendly and
to be able to further develop our TikTol Minigames on this basis. For this
purpose, we use Looker to view how the user base generally interacts with
the TikTok Minigame and whether and how certain functions and game content
are generally used (for example, whether a certain game level is reached
and successfully completed by users at all). Looker, in this context,
doesn’t collect any data by itself but rather exclusively uses the data
previously collected via the Firebase service. With the help of these data,
Looker creates aggregated reports on the interactions of the user base in
the respective app as a whole and, if applicable, also in specific game
sections. We only ever receive aggregated data and no information that we
could relate to individual users, as it is only relevant for the
aforementioned purpose of how the user base or specific user groups use the
TikTok Minigame but not specific, individual users.
4.3 Further information and the applicable privacy policy on Looker's
handling of personal data can be found at
https://looker.com/trust-center/privacy/policy/.
4.4 The data used by the analysis service may be transferred by Looker to
servers in the USA. In this particular case, Looker and we guarantee that
appropriate protection measures are in place in accordance with Article 44
et seq. GDPR. In particular, Looker and we have agreed on the standard data
protection clauses of the EU Commission as a precautionary measure which
provides for appropriate protection measures for this specific case, such
as encryption of the data, in accordance with Article 46 (2) (c) GDPR. The
measures are also continuously developed and supplemented to the extent
necessary to ensure an adequate level of data protection throughout.
4.5 We only use Looker for the data analyzing purposes described above if
you consent to it via your TikTok settings. In these cases, the legal basis
for processing your data is Article 6 (1) (a) GDPR. You may revoke an
already granted consent for data processing at any time with effect for the
future.
5. ERROR ANALYSIS WITH SENTRY ANALYTICS
5.1 To detect and correct technical errors, we use the service Sentry
Analytics provided by Functional Software, Inc. dba Sentry, 132 Hawthorne
Street, San Francisco, CA 94107, USA ("Sentry"). For this purpose, during
the play session of a TikTok Minigame, technical details regarding the use
of the game and any in-game actions will be stored locally on your device.
In the event of an error, these technical details, insofar they are
relevant based on the time at which the error occurred, as well as your IP
address will be transmitted to Sentry and processed by Sentry along with
the following data: Information regarding the hardware and operating system
of your device, the name and version of the TikTok Minigame used, a hash of
the Player ID as well as the date, time, details of the error that occurred
and game-related data connected to the error. At no time will personal data
from your player profile, such as your Player ID, be forwarded to Sentry in
cleartext. Sentry will not profile
you at any time. Based on the aforementioned information, Sentry, on behalf
of Lotum, merely provides reports and evaluations of apparent errors,
including the circumstances of the error's occurrence, which may therefore
provide insight on possible causes for the error. In this context, the
above-mentioned information will also be transmitted to and stored on a
Sentry server in the USA. However, Sentry will not merge the data
transmitted as part of the Sentry service with any other data and the data
will only be used to analyse and correct the technical error. The data
collected will be stored by the Sentry service for a maximum of 90 days and
deleted afterwards.
5.2 For further information and the applicable privacy policies of Sentry,
please visit https://sentry.io/terms/ and https://sentry.io/privacy/.
5.3 We use the Sentry service to resolve any errors in our TikTok Minigames
and difficulties in using them as swiftly and thoroughly as possible, thus
further developing our services continuously and ensuring a smooth user
experience. The basis for using the Sentry service is our legitimate
interest, as described above, in accordance with Art. 6 (1) (f) GDPR. Your
legitimate interests are taken into account by removing any personal
reference after transmission of the technical data from your end device but
before its analysis. If you still do not want your data to be collected by
the Sentry service in case of possible error analysis, we must ask you to
refrain from playing the free TikTok Minigame.
5.4 We would like to point out that Sentry may also process data outside
the EU or the European Economic Area, in particular on servers located in
the USA. This may result in risks for users, for example, because it may
make it more difficult to enforce users' rights. We take these risks into
account by taking appropriate protective measures in accordance with Art.
44 et seq. GDPR, in particular, by agreeing on the standard data protection
clauses of the EU Commission with Sentry, which provide for appropriate
protective measures such as encryption of data in individual cases. If data
is transferred to Sentry in the USA, this is based on Art. 46 (2) (c) GDPR.
6. STORAGE PERIOD AND ERASURE OF DATA
6.1 We process your personal data as long as it is necessary to achieve the
purposes of the processing or as is prescribed by a legal obligation to
store the data. Subsequently, the data is deleted in accordance with
statutory laws.
6.2 Data that we store for legal reasons, however, is stored for as long as
this is required by law. After the expiry of a statutory retention period,
the data will be deleted without undue delay unless there are other reasons
within the meaning of Art. 17 (3) GDPR opposing the deletion.
7. DATA SECURITY
Lotum has taken appropriate technical and organisational measures to
protect personal data against accidental loss, damage, unauthorised access
or unauthorised changes. In particular, Lotum will transmit data only in
encrypted form. However, Lotum points out that privacy and data security
cannot be guaranteed for transmissions outside Lotum's sphere of influence.
8. TRANSMISSION TO THIRD PARTIES
8.1 Personal data will only be passed on to third parties - unless
otherwise set out elsewhere in this privacy policy - without the express
consent of the user, if this is necessary for the provision of Lotum's
services or for contract execution with the user (e.g. for the technical
provision of the offer). Accordingly, the data are transmitted to such
service providers (such as technical service providers) in our legitimate
interests pursuant to Art. 6 (1) (f) GDPR, namely to provide access to our
TikTok Minigames. Of course, before passing on the user's personal data,
Lotum ensures that the relevant service provider has taken appropriate
technical and organizational measures to ensure the security of the data.
8.2 We store the data collected by us in the context of access and use of
the TikTok Minigames (i.e. data of the player profile including Player ID,
country and data on the use of the game such as game progress and completed
levels as well as achieved high scores) via third party services. For this
matter we use the Google Cloud and Google Firebase services, both provided
by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
("Google"). These services also record the IP address of your device when
you use the TikTok Minigame and store it for a maximum of 30 days. However,
Lotum does not receive the IP addresses directly and only exceptionally
obtains insight into IP addresses recorded by these services and only if a
valid legal basis exists, in particular if this is necessary to protect the
legitimate interests of Lotum.
8.3 Google also transfers the collected data to their servers in the United
States. We use these services to provide the aforementioned data for
playing the TikTok Minigames efficiently and with the lowest possible
susceptibility to errors, thus ensuring the smooth use of the game
functions. The legal basis for the associated data processing is Art. 6 (1)
(f) GDPR, whereby our legitimate interest is an optimal, technically
flawless provision of the TikTok Minigames. We have concluded the standard
data protection clauses adopted by the EU Commission with Google to
safeguard the transfer of data to the USA. We have also concluded a data
processing agreement with Google. The forwarding of personal data to Google
in connection with the aforementioned services is therefore based on
Article 46 (2) (c) and 28 GDPR.
8.4 Otherwise, Lotum will not pass on the user's personal data to third
parties unless the user has expressly consented to the transfer (Art. 6 (1)
(a) GDPR), or Lotum is entitled or obliged to do so by legal provisions or
court orders. In the latter case, the transmission is carried out by Lotum
to fulfil a legal obligation pursuant to Art. 6 (1) (c) GDPR.
9. USER RIGHTS
9.1 Right to object
The user has the right to object at any time to data processing based on
Art. 6 (1) (e) or (f) GDPR for reasons arising from his particular
situation unless Lotum can prove compelling reasons worthy of protection,
which outweigh the interests of the user, or the processing serves to
assert, exercise or defend legal claims. The user can object to data
processing at any time without special reasons being required.
9.2 Right to information
The user has the right to obtain free of charge from Lotum the personal
data stored by Lotum concerning him or her, their origin, the processing
purposes, the transfer to recipients, the categories of recipients, the
storage period and the rights of the data subjects available to him or her.
9.3 Right to correction, deletion and/or restriction of data processing
Furthermore, the user has the right to request at any time the correction
of incorrect data, the deletion and/or restriction of the processing of
personal data stored about him or her, insofar as there is no legal
obligation for Lotum to keep records or other reasons in the sense of Art.
17 (3) GDPR, which prevent deletion. Insofar as this includes personal data
necessary for the provision of services to the user, the deletion or
restriction of this data processing can only occur when the user no longer
uses Lotum's services.
9.4 Right to data portability
If the user provides data relating to him or her and Lotum processes such
data on the basis of the user's consent or in order to fulfil the contract,
the user may request that he/she receives such data in a structured,
current and machine-readable format from Lotum or that Lotum transmits such
data to another controller, insofar as this is technically possible
(so-called right to data portability).
9.5 Right to revoke consent
Any consent given by the user to the use of personal data can be freely
revoked by the user at any time with effect for the future.
9.6 Right to complain to a supervisory authority
The user may also lodge a complaint with a supervisory authority against
data processing which he or she considers to be in breach of the statutory
provisions.
10. CHANGES TO THE PRIVACY POLICY
Lotum reserves the right to change this privacy policy at any time, while
Lotum will always comply with the legal requirements of data protection.
Therefore, Lotum recommends that users regularly take note of the
applicable privacy policy.
Lotum two GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany
Data Protection Officer of Lotum two GmbH: Susanne Klein, c/o Beiten
Burkhardt Services GmbH, Ganghoferstraße 33, 80339 München, Deutschland,
privacy@Lotum.de