From May 25, 2018, new data protection and privacy regulations will apply in Europe: the General Data Protection Regulation (GDPR). It establishes a uniform standard in Europe. In some countries, the new regulation will significantly increase the level of data protection. However, we have always taken protecting the personal data of all our players very seriously. This statement gives you an overview of how we use data. It shows which data is processed by us for what purpose and on what legal basis. We also explain what rights you have with regard to your data and how you can exercise them.
1. Personal Data
The new regulations apply to personal data. This refers to all information that can, with reasonable effort, be linked to the identity of an individual (Art. 4 No. 1 GDPR). The primary reason why we process the personal data of our players is so that they can use our Games comfortably. The legislative basis for this is Art. 6 Para. 1 b) GDPR.
When you create a user account for our Games, we assign it a unique number. We store the username and password you chose as well as your e-mail address unless you sign in via Facebook login (for third-party logins, see section 3 for more information). The provision of this data is a prerequisite for concluding a contract. We use a double opt-in procedure to verify whether the e-mail address you provide really belongs to you. Participation is not a prerequisite for using our Games but we recommend it because we can only use validated e-mail addresses to send you important messages such as login confirmations, password changes, or occasional information about the Games you play. The legislative basis for the latter direct advertising is Art. 6 f) GDPR. We may also use your hashed e-mail address to advertise our games via social networks so long as the hash method used does not allow for retroactive decryption.
We store the originating IP address and the time at which registration is made. We also store the originating IP address and the time when you validate your e-mail address. This is to comply with our burden of proof, to ward off attacks against our system, and to ensure compliance with the rules of the game.
When you use our Games, your device communicates with our servers. In that context, we record signing in and signing out times as well as any relevant IP addresses. This can be the IP address of your telecommunications connection or of your mobile device. We process this data in order to handle violations of our T&Cs and to comply with the requirements of law enforcement authorities.
You can also communicate with other users in our Games and may divulge personal information. In regards to this, we advise that you exercise caution. If you receive messages from other users, they will be saved to your user account. This allows you to view all the messages you have received in the Game. Deleting messages in the Game will also delete them from your user account.
If you participate in one of our sweepstakes, we store the data you provide (which can also be personal). We process this data to determine the winners, distribute the prizes, and to obtain statistical information about our players. We do not share the data with third parties.
When you send us an e-mail or a message via our support system, we will store this message in order to process your request. In the case of messages via the support system, we also store so-called metadata about your device, such as the browser and operating system, in order to better be able to help you with your problem.
2. Data Security and Disclosure of Personal Data
We process only a few categories of personal data, none of which are particularly sensitive. Nevertheless, we take extensive precautions and are constantly improving these in order to prevent unauthorized access to your personal data and to minimize the corresponding risks. We process personal data exclusively on servers located in Germany. All our employees who regularly handle personal data are obligated by data secrecy and data protection regulations and are instructed in this respect.
Not all processes connected to our Games are provided by us. Some services are provided on our behalf by third parties in accordance with Art. 28 GDPR (“Processor”). This in part concerns the processing of payments via external service providers, such as credit card companies, banks, PayPal etc. (for further information see section 5). We also sometimes employ the services of third parties in the context of statistics, advertising, and e-mail. In cases where we remain responsible for the processing, the external companies are obliged to treat your data confidentially and securely and may only process the data insofar as this is necessary to fulfil their task. Moreover, they may only process personal data in accordance with our instructions. To this end, we have concluded appropriate contracts and regularly verify whether the service providers comply with their contractual obligations.
In the context of the above-mentioned order processing, some data is sent to American companies within the framework of the EU-US Privacy Shield. In accordance with Art. 45 Par. 1 GDPR, this transmission of data does not require special approval. In sections 3 and 4, we provide detailed information on the circumstances and the companies to which we send the data.
Furthermore, we will only disclose your personal data if this is necessary to pursue our rights, to protect other users, to prevent endangerment to the state or public security, or to prosecute criminal offences, and only if it is permissible under the statutory data protection regulations or if you have given your express consent. Your interests worthy of protection will be taken into account in accordance with the legal data protection regulations.
3. Facebook Login/Steam/Apple Gamecenter Login/Signing in with Twitter/Google Play Games/Social Plug-ins
When creating a user account for our Games, you can either enter your information manually or use data already provided to a third party (see section 1 for details).
If you are using Facebook Login, Facebook (Facebook, Inc.) will send the information from your public Facebook profile and your e-mail address to us once you have consented to this data transfer. The public information transferred in such a manner consists of your id, name, first_name, last_name, link, gender, locale, time zone, updated_time, and verified. This is a one-time data transfer and the information will be used to create a new user account on the game world you selected Of the transferred data, we only save the Facebook Token and the Facebook ID since these are required for logging in to one of our Games. We do not obtain knowledge of your Facebook password. However, Facebook may save data about your use of our Games. Facebook is subject to the EU-US Privacy Shield; for this reason, the transmission of data does not require special approval in accordance with Art. 45, Par. 1 GDPR. For more information on Facebook and the GDPR, please visit https://www.facebook.combusiness/gdpr
You can also create a user account for our Games on Steam (Steam is a product owned by Valve Corporation; for more information, please visit https://store.steampowered.com/subscriber_agreement/). In this case, we do not receive any personal data.
Google is subject to the EU-US Privacy Shield; for this reason, the transmission of data does not require special approval in accordance with Art. 45, Par. 1 GDPR.
You may also link your user account(s) with Facebook, Google Play Games, and Game Center at a later time. This allows you to import user accounts and use them on additional devices.
Such a retroactive linking can be done via the Facebook logo in the Games. Clicking on the Facebook logo in one of our Games will provide a link that forwards you to the official Facebook App page, a "Like" button, and the option to retroactively connect or disconnect your user account via Facebook Connect. The Twitter logo opens the service’s official Twitter channel but without establishing a permanent connection.
We store Push Tokens in order to be able to send Push Messages to your Android or Apple device. We may also use this technology for other platforms in the future. You can manage Push Messages under “Options” or “Settings” in the mobile app or in your device settings.
In order to identify through which advertising channel a user found one of our Games, we utilize unique codes (“CID”) that are transferred to us through media such as ad banners and videos. If this leads to the creation of a user account, the CID will be permanently linked to it.
For this, we use a technology called “fingerprinting”, which allows us to settle fairly with an advertising partner. Clicking on an advertising banner temporarily stores various openly accessible criteria such as browser type, version number, and operating system for comparison with information when registering on our game pages. All this data is fully deleted within a few minutes.
Furthermore, there are several tiny graphics (“pixels”) from Facebook and Google on our websites and in the apps that are automatically loaded by your device. They allow us to anonymously track how many people visit our website or use the app for the first time. This is how we count the number of users of our games. It can also be used for retargeting and for Facebook advertising directed at lookalike audiences (“statistical twins”). For more information on how Facebook processes data and what options you have to protect your privacy, please visit https://de-de.facebook.com/about/privacy/.
Most of our static game content (e.g. graphics) is stored with Akamai Technologies GmbH from where it is sent to your device whenever you play. Your IP address may be stored when you access game content from Akamai. Some of our websites display fonts from Adobe Systems Incorporated. These are accessed from servers in the United States and Adobe may determine that you have visited our website.
You may be able to turn off or reset the tracking of your mobile device – please refer to your end device’s manual under the keywords “Ad Tracking” or “Google Advertising ID” to find out more.
5. Additional Content
Our Games are strictly free to play. However, we also offer additional services with costs. If you decide to purchase such services, the financial transaction will be carried out by the service provider you select, who will then be responsible for the technical side of processing the payment. In this event, we may transfer data to other service providers to the extent necessary to determine the price, for billing, and for payment collection. Specifically, this data includes your alias, the game world on which you created your user account, the language settings and your pre-selection (if any). Any personal data that you provide to the service provider, in particular your name, address and payment information, will not be forwarded to us.
After payment has been processed, we receive and store an acknowledgement from the respective service provider. This acknowledgement contains information that allows us to verify the status of the respective transaction. This is necessary in order to provide the agreed and paid for service and, if necessary, provide customer service.
6. User Rights
The processing of personal data generally occurs so that we can fulfil the user agreement pursuant to Art. 6 Par. 1 b) GDPR. However, the data may only be processed if the user is at least 16 years of age (13 years in some countries). For this reason, our games may only be played by individuals who have reached the age at which data processing is permitted in their country of origin. Children who currently have a user account must prove the consent of their legal guardian by May 25, 2018. Children who want to create a new user account must also first prove the consent of their legal guardian. If you or your legal guardian(s) have consented to the processing of your personal data, you have the right to revoke this consent at any time without reason, as pursuant to Art. 7 Par. 3 GDPR. You can use our support tool for this purpose.
You have the right to request confirmation as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data. The content of this right to information results from the provisions of Art. 15 GDPR. You can use our support tool to request such information. If you make an inquiry by e-mail, we are usually only able to provide information about data linked to the e-mail address from which the inquiry is made. For inquiries by fax or letter, please provide the game world, the player name, and the e-mail address with which you registered.
Pursuant to Art. 21 Par. 1 GDPR, you have the right to object to the processing of personal data concerning you in accordance with Art. 6 para. 1 f at any time for reasons arising from your particular situation. In particular, this may affect direct advertising for our Games. You can object through our support tool or use the corresponding link in any promotional message you have received from us. Subsequently, the data will no longer be processed for direct mail. This also includes retargeting campaigns and the creation of Facebook Lookalike Audiences.
If there are changes to your personal data or if we have stored an incorrect date, you are entitled to have it corrected in accordance with Art. 16 GDPR. Please use our support tool.
Pursuant to the provisions of Art. 17 GDPR, you have the right to have your personal data deleted. This could be the case if you want to delete all your user accounts; the legal obligation to retain data ceases to exist; your data is no longer required for billing purposes; and for asserting, exercising or defending legal claims. In the event of a justified objection to the processing of your data, this data may have to be deleted. In the latter case, you can request the restriction of data processing. It is also possible that it relates to a child's data, which may not be processed. You can use our support tool to request the deletion of your data.
Generally, you have the right to request and receive from us the personal data that you have provided us with, or to have it transferred by us to another responsible person. We are not currently aware of any case in which this could have practical significance in relation to our games.
You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your workplace, or the place of presumed infringement (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Klosterwall 6 (Block C), 20095 Hamburg, Germnany, Tel.: 040/428 54 - 4040, Fax: 040/428 54 - 4000, E-mail: email@example.com) if you believe that the processing of your personal data violates the General Data Protection Regulation (GDPR).
7. Storage Period of Personal Data
8. Validity and Amendments to this Policy
9. Further Information
Playa Games GmbH
Alstertor 9, 20095 Hamburg, Germany
Local district court Hamburg, commercial registry number 109725
Represented by Managing Director Thorsten Rohmann
Responsible pursuant to Art. 4 No. 7 GDPR: Hannes Beuck
firstname.lastname@example.org (not for game support!)
May 2018, Playa Games GmbH