Privacy Policy
Privacy Policy
We respects and protects your personal data.
With the following privacy policy, we want to inform you in more detail about the data collection, processing and use in connection with the website, the games and the related in-app services of We ("offers").
We collects, processes or uses personal data exclusively within the applicable legal framework. Therefore, the high data protection level of the General Data Protection Regulation (GDPR) holds true.
1. Field of application
This privacy policy is directed at all users of our services ("users"). Insofar as individual services of We have different privacy policies, these apply.
Likewise, third-party services to which the service may refer by so-called links are excluded from the field of application. We is not responsible for their content or compliance with any data protection regulations. This includes, for example, links to social networks such as LinkedIn and Xing. The processing of users' personal data via these social networks is carried out by the respective network operator without us having any influence on such processing. This also applies to the personal data that the user communicates to us via such a platform, for example by contacting our user profile in the respective social network. Information on the use and protection of the user's personal data on these platforms can be found in the privacy policy of the respective platform.
2. Collection, processing and usage of data when accessing the website
2.1. When you visit the We website, information transmitted to us by your web browser will be recorded automatically. This includes the IP address of the device you are using, the date and time (including time zone) of the particular access to the website as well as the information which specific page or file you requested, the domain via which the particular request was made (so-called referrer URL) and the operating system and browser you are using.
2.2. We collects this data for the purpose of providing the website on the basis of Art. 6 par. 1 s. 1 lit. f) GDPR, whereby the legitimate interest of We is the provision of the website.
2.3. We may also use the aforementioned data to ensure proper functioning of We's website, particularly for IT security purposes. The basis for this collection and processing is Art. 6 par. 1 s. 1 lit. f) GDPR, whereby the legitimate interest of We is to ensure the security of the website.
3. Cookies
3.1. The We website uses cookies. Cookies are small text files which store settings and data on the user's terminal device for transmission to We and which are transmitted each time the user accesses the We website. Cookies enable We to identify your terminal device and, if present, to load your presettings immediately.
3.2. Cookies are used by We to make the website more user-friendly and effective, in particular by storing presettings selected by the user during the visit and by providing We with information on the use of the website and other statistical information. Cookies are only set with the user's consent (Art. 6 par. 1 s. 1 lit. a) GDPR).
3.3. Some cookies will be deleted automatically when you close your browser. Other cookies remain stored for 2 years and are automatically deleted afterwards.
3.4. In general, the user can adjust his browser so that he is notified about the setting of cookies, or that the setting of cookies is prohibited for certain cases or in general, or that the user only permits the setting of cookies in individual cases. In addition, the user can delete stored cookies in the settings of his browser. However, if cookies are deactivated, the functionality of We's website may be limited.
4. Downloading mobile apps
When downloading a mobile app from We, the owner of the platform on which the app is provided (e.g. Apple Inc. for the AppStore and Google LLC for the Google PlayStore and Amazon.com Inc. for the Amazon Appstore) collects the following data: User name, email address, customer number of the account, time of download, payment information and the individual device code number. However, the platform owner is exclusively responsible for this collection. To the extent necessary for the download, We processes the data provided by the platform owner.
5. Collection, processing and usage of data for the fulfilment of contractual obligations, consent when using registration via single sign-on services
5.1. We collects, processes and uses personal data to fulfil contractual obligations, i.e. within the framework of concluding a contract with the user about the usage of the service, the execution of the contract and the termination of the contract, including the billing of paid elements of the service. We will not pass on personal data to third parties if there is no legal basis or legal obligation and the user has not consented.
5.2. Personal data that We may collect in order to fulfil its contractual obligations with the user includes, depending on the service, the name, address, gender, age, email address as well as IP address and data for identifying the user's terminal device. The provision of this data is not required by law, but is required for the conclusion of the user contract for the respective We service. The user may voluntarily transmit further data to We as part of the service. The basis of this data processing for the fulfilment of contractual obligations is Art. 6 par. 1 s. 1 lit. b) GDPR.
5.3. We may offer the user the opportunity to register for individual "Facebook Connect" offers of the social network Facebook, operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter: "Facebook"). An additional registration is therefore not necessary if the user does not want this. To log in, the user is redirected to the Facebook page, where he can log in with his user data. This links the Facebook profile of the user and our offer. The link automatically transmits the following information from Facebook to We: name.
We only uses the name of the user of this data. This information is absolutely necessary for the conclusion of the contract in order to be able to identify the user.
For more information about Facebook Connect and the privacy settings, please see the Facebook Privacy Notice and Terms of Use.
For transmission to the United States, the EU Commission has issued an adequacy decision (No. 2016/1250) according to which companies that meet certain criteria guarantee an adequate level of protection, also known as the "EU-US Privacy Shield". These companies are listed in the so-called "Privacy Shield List" or "Privacy Shield List". Facebook is one of the companies listed there. The transmission to Facebook in connection with Facebook-Connect is based on Art. 45 GDPR.
The user is free to choose whether to log on to read.it with Facebook Connect. If the user chooses to do so, the legal basis for the data processing associated with the use of Facebook Connect is the user's consent pursuant to Art. 6 par. 1 s. 1 lit. a) GDPR.
5.4. When using the service, We collects information on the type and extent of its use ("usage data") in order to ensure proper gameplay within the terms of the contract. Usage data in this context includes, in particular, information for the identification of the user (such as name), information regarding the beginning and end as well as type and extent of the respective use and information about the products and services used by the user. The legal basis for this data processing is Art. 6 par. 1 s. 1 lit. b) GDPR.
We may also use this data to identify and eliminate malfunctions or abuse of the offer. This data processing is carried out on the basis of Art. 6 par. 1 s. 1 lit. f) GDPR. The legitimate interest of We is to ensure the proper functioning and use of the offer.
5.5. For the payment processing, the necessary usage data as described above are collected and processed. We is currently working with Apple, Google, Amazon and Microsoft as payment service providers. Aside from this, We will not pass on user data or the content of private messages in connection with the use of the service to third parties, unless this is required by law or the user has consented. The legal basis for data processing for the processing of payments is Art. 6 par. 1 s. 1 lit. b) GDPR.
5.6. We is authorized to transmit or store personal user data at locations in other member states of the European Union, or in other states which are parties to the Agreement on the European Economic Area and at locations in other states which guarantee an adequate level of data protection, provided that the user consents thereto or this is legally permissible.
6. Data processing in connection with ad-financed services
Individual offers (such as individual games or other individual services) may be wholly or partly financed by advertising. In the case of services financed by advertising, advertising is displayed instead of payment to be paid by the user for the provision and use of the service to the user during the use of the service in order to finance the provision of the service. For the insertion of advertising, data for the identification of the user's device (IP address, individual device ID of the device or identifier), which is used to use the offer, is processed. Currently, We does not display any personalized advertising in the European Economic Area. The processing of data for advertising and transmission to service providers is carried out on the basis of Art. 6 par. 1 s. 1 lit. b) GDPR.
7. Analytics tools
To optimize the service, We uses analytics tools that allow an evaluation of the use of the service. This can be done by using cookies, web beacons or tracking pixels. The cookies used for this purpose store settings and data to be exchanged with the We service (e.g. data on the user's terminal device or usage behavior) and transmit this data each time the service is accessed. Web beacons or tracking pixels are single-pixel files that link to We's services, enabling We to evaluate the user's behavior. The analytics tools collect and process data to identify the user's terminal device (such as IP address; for individual services also the individual advertising ID of the terminal device).
Some of these analysis tools transfer data to the USA where it is stored for further processing. The user can withdraw his consent to the use of all these services by adjusting the corresponding settings in his terminal device or as described in more detail in the presentation of the individual services below. The transmission of the user's personal data to the aforementioned providers of analytics tools takes place on the basis of Art. 28 GDPR. The legal basis for the use of the analytics tools is Art. 6 par. 1 S. 1 lit. f) GDPR. The legitimate interest of We is the improvement and further development of the service. In particular, this requires knowledge and statistical evaluations about the use of the service and potential crashes of the apps.
We uses the following analytics tools:
· Swrve
We uses the web analytics tool SWRVE by New Game Technologies Limited, t/a Swrve New Media UK, Suite 2.03, The White Collar Factory, 1 Old Street Yard London EC1Y 8AF, United Kingdom.
The user can withdraw his consent to the collection and storage of his data at any time by sending an email to games@lotum.de
Further information on Swrve's privacy practices is available to the user at https://www.swrve.com/company/privacy-policy
Swrve is obliged to comply with the requirements of the GDPR due to its main establishment being located within the EU. The transmission to Swrve is therefore based on Art. 28 GDPR.
· Adjust
We also uses the web analytics tool adjust by Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin. Adjust uses IP and Mac addresses of the user in anonymized form for its analysis. The identification of a natural person is thus made impossible.
The user can withdraw his consent to the collection and storage of his data at any time by following the opt-out instructions provided at https://www.adjust.com/opt-out/
Further information on Adjust's privacy practices can be found at https://www.adjust.com/privacy-policy/.
Due to its main establishment being located within the EU, Adjust is obliged to comply with the requirements of the GDPR. The transmission to Adjust is therefore based on Art. 28 GDPR.
· Fabric Crashlytics
We uses fabric crashlytics, a service provided by Google (1600, Amphitheatre Parkway, Mountain View, CA 94043, USA). When using this analytics tool, not only the above-mentioned data but also data on crashes of the service as well as the crash report, the information provided during installation of the app and device information (information on hardware and operating system) are processed. The data collected by fabric crashlytics may also be sent to Google servers outside the EU such as the USA.
The user can withdraw his consent to the use of the data collected through the use of fabrics crashlytics at any time by sending an email to games@lotum.de
Further information on Fabrics' privacy practices is available to users at https://fabric.io/terms and https://fabric.io/dpst.pdf.
The transmission to Google servers in the USA in this context is based on Art. 45 and 28 GDPR. Google is one of the companies listed in the so-called "Privacy Shield List" or "Privacy Shield List", which ensures an appropriate level of data protection on the basis of an adequacy decision by the EU Commission (No. 2016/1250).
· Firebase Analytics und Firebase Realtime Database
We uses Firebase Analytics and Firebase Realtime Database, each offered by Google (1600, Amphitheatre Parkway, Mountain View, CA 94043, USA).
The user can withdraw his consent to the collection of the aforementioned data by Google at any time by sending an email to games@lotum.de
Further information on Google's privacy practices can be found at https://policies.google.com/privacy?hl=en.
The transmission to Google servers in the USA in this context is based on Art. 45 and 28 GDPR. Google is one of the companies listed in the so-called "Privacy Shield List" or "Privacy Shield List", which ensures an appropriate level of data protection on the basis of an adequacy decision by the EU Commission (No. 2016/1250).
· Flurry
We uses the analytics tool Flurry by Oath (EMEA) Limited (5-7 Point Village, North Wall Quay, Dublin 1, Ireland), which makes it possible to analyze application performance and app usage by using cookies. The information obtained through the cookies may also be transferred to a server of Oath (EMEA) Limited outside the EU such as the USA.
All data collected by Flurry to identify the terminal device (such as the ID for advertisers of the device) will be replaced by a Flurry-specific code immediately after its collection and then be erased.
Oath provides We with the collected data exclusively in an aggregated form.
The user can withdraw his consent to the collection of the aforementioned data by Flurry at any time by following the instructions in the opt-out link provided by Flurry at https://developer.yahoo.com/flurry/end-user-opt-out.html
Further information on Flurry's privacy practices is available to the user at https://policies.oath.com/us/en/oath/privacy/products/developer/index.html.
A transfer to Oath servers only takes place after We has ensured that a data protection level comparable to that in the EU is guaranteed by a contractual agreement. Any transmission to Oath servers in the USA in this context is based on Articles 46 and 28 GDPR.
We uses the Facebook Analytics tool offered by Facebook (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). The data collected in this way may also be transferred to a Facebook server outside the EU such as the USA.
The user can withdraw his consent to the collection of the aforementioned data by the Facebook Analytics tool at any time by sending an e-mail to games@lotum.de
For more information about Facebook's privacy practices, please visit https://www.facebook.com/privacy/explanation.
The transmission to Facebook servers in the USA in this context is based on Art. 45 and 28 GDPR. Facebook is one of the companies listed in the so-called "Privacy Shield List" or "Privacy Shield List", which ensures an appropriate level of data protection on the basis of an adequacy decision by the EU Commission (No. 2016/1250).
· Branch.io
We uses the Branch analytics tool by Branch Metrics Inc., 2443 Ash Street, Palo Alto, CA 94306, USA ("Branch").
The user may withdraw his consent to the collection of data by Branch at any time by following the opt-out instructions at https://branch.io/policies/#privacy
Further information on Branch's privacy practices is available to users at https://branch.io/policies/#privacy.
The transmission to servers of Branch in the USA in this context is based on Art. 45 and 28 GDPR. Branch is one of the companies listed in the so-called "Privacy Shield List" or "Data Protection Shield List" which guarantees an appropriate level of data protection on the basis of an adequacy decision by the EU Commission (No. 2016/1250).
· Sentry.io
We uses the analytics tool Sentry by Functional Software Inc, 132 Hawthorne St., San Francisco, CA 94107, USA ("Sentry").
The user may withdraw his consent to the collection of the aforementioned data by Sentry at any time by sending an email to games@lotum.de
For more information about Sentry's own privacy practices, please visit https://sentry.io/privacy/.
The transmission to Sentry servers in the USA in this context is based on Art. 45 and 28 GDPR. Sentry is one of the companies listed in the so-called "Privacy Shield List" or "Privacy Shield List", which guarantees an adequate level of data protection on the basis of an adequacy decision by the EU Commission (No. 2016/1250).
· Goedle.io
We uses the analytic tool Goedle by goedle.io GmbH, Am Hof 20-26, 50667 Cologne, Germany ("Goedle").
The user can withdraw his consent to the collection of the aforementioned data by Goedle at any time by sending an email to games@lotum.de
Further information on data protection by Goedle is available to the user at https://goedle.io/privacy.htm.
Goedle is obliged to comply with the requirements of the GDPR due to its main Establishment being located within the EU. The transmission to Goedle is therefore based on Art. 28 GDPR.
8. Sending advertisement; analysis for market research purposes
8.1. We may inform its users about other similar products and services of We by email. In each individual email, the user is informed of his or her right to unsubscribe from these electronic messages. The user can withdraw his consent to receiving emails by We at any time without additional costs (at base rate). All he has to do is send an informal email to games@lotum.de or click on the unsubscribe link included in each newsletter. The legal basis for sending advertisement by email is Par. 7 Sub. 3 of the German Act Against Unfair Competition ("UWG").
8.2. We may collect and evaluate statistical data on the use of the service in aggregated or anonymized form for the development of advertising, for market research purposes, to improve the existing range of services and to develop new products.
9. Facebook Plugin
9.1. We integrates the social plugin of the social network facebook.com in parts of the service. This social plugin is offered by Facebook (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). When the user accesses content included in this service which contains such a social plugin from Facebook, the user's terminal device creates a direct connection to Facebook's servers, which may also be located in the USA. Facebook directly transmits the content of the social plugin to the user's browser, which then integrates it into the website of this service. We therefore has no influence on the extent of the data that Facebook collects with the help of this social plugin and informs the user according to his own level of knowledge: By integrating the social plugins, Facebook receives Information on when the user accesses the service. If the user is logged in to Facebook during this time, Facebook can assign the usage to the user's Facebook account. If the user interacts with the social plugins, for example by clicking the "Like" button or making a comment, the corresponding information is transmitted directly from the user's device to Facebook and stored there. If the user is not a member of Facebook, it is still possible that Facebook stores the IP address of the user's device, but according to Facebook, only an anonymized IP address is stored in Germany. If the user is a member of Facebook and does not want Facebook to collect data about him or her via this service and link it to the user data stored on Facebook, the user must log out of Facebook before using the service. For further information on the purpose and extent of data collection and the further use of the data by Facebook, as well as your rights and options to protect your privacy, please refer to the Facebook's own privacy policy under the following link: https://www.facebook.com/about/privacy/. We points out that the user can block social plugins for his browser with the help of browser add-ons.
9.2. For the transmission of data to the USA, there is an EU Commission adequacy decision (No. 2016/1250) according to which companies that meet certain criteria guarantee an adequate level of protection, also known as the "EU-US Privacy Shield". These companies are listed in the so-called "Privacy Shield List". Facebook is one of the companies listed therein. The data transmission to Facebook connected to the social plugin is based on Art. 45 and 6 par. 1 s. 1 lit. f) GDPR. Our legitimate interest is to provide the best possible service based on the wishes and preferences of our users.
9.3. The legal basis for using this social plugin is the user's consent according to Art. 6 par. 1 s. 1 lit. a) or Art. 6 par. 1 s. 1 lit. f) GDPR. Our legitimate interest is to provide the best possible service based on the wishes and preferences of our users.
10. Twitter Plugin
10.1. We integrates the social plugin of the social network Twitter in parts of the service. This social plugin is offered by Twitter (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). When the user accesses content included in this service which contains a Twitter button, the user's device creates a direct connection to Twitter's servers. Twitter directly transmits the content of the Twitter button to the user's terminal device. We therefore has no influence on the extent of the data that Twitter collects with the help of this button and informs the user according to its own level of knowledge: only the IP address of the user's device and the text of the service are transmitted, when the button is used, and are not used for purposes other than displaying the button.
10.2. For the transmission to the USA, there is an EU Commission adequacy decision (No. 2016/1250) according to which companies that meet certain criteria ensure an adequate level of protection, also known as the "EU-US Privacy Shield". These companies are listed in the so-called "Privacy Shield List". Twitter is one of the companies listed therein. The data transmission to Twitter connected to the social plugin is based on Art. 45 and 6 par. 1 s. 1 lit. f) GDPR. Our legitimate interest is the adjustment of the service according to the preferences and wishes of the users.
10.3. The legal basis for using this social plugin is the user's consent according to Art. 6 par. 1 s. 1 lit. a) or Art. 6 par. 1 s. 1 lit. f) GDPR. Our legitimate interest is to provide the best possible service based on the wishes and preferences of our users.
11. Communication between users
We want to inform the user that content uploaded within the offer can be made publicly accessible and can be seen by other users. We therefore ask the user to handle the information provided by him/her carefully. Uploaded user content is transmitted in order to fulfil the purpose of the service pursuant to Art. 6 par. 1 s. 1 lit. b) GDPR.
12. Storage period and erasure of data
We process personal data of the user as long as the user is registered for the use of the app and the website, or as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data in the generally immediately deleted.
Data that we store for legal reasons, however, is stored for as long as this is required by law (up to ten years).
Data that we store in consideration of legal disputes, however, is stored for as long as this is legally permissible. This can be up to 30 years.
With regard to logs that store network data, we delete the data at regular intervals - the exact time varies depending on configuration rules (which can shorten the logs by size and not by a specified time), whether the data was part of a snapshot that ended up in a backup, and whether the logs are part of a set of logs that are routinely forwarded to a central log repository, but in no case longer than two years.
13. Transmission to Third Parties
Personal data will only be passed on to third parties - unless otherwise set out elsewhere in this privacy policy - without the express consent of the user, if this is necessary for the provision of We services or for contract execution with the user (e.g. for processing payments, including in-app purchases, or for the technical provision of the offer). Accordingly, the data are transmitted to such service providers (such as payment service providers, advertising providers, technical service providers) for the purposes of contract fulfilment pursuant to Art. 6 par. 1 s. 1 lit. b) GDPR. Before passing on the user's personal data, We naturally ensures that the respective service provider has taken appropriate technical and organizational measures to ensure the security of the data.
Otherwise, We will not pass on the user's personal data to third parties unless the user has expressly consented to the transfer (Art. 6 par. 1 s. 1 lit. a) GDPR), or We is entitled or obliged to do so by legal provisions or court orders. In the latter case, the transmission is carried out by We to fulfil a legal obligation pursuant to Art. 6 par. 1 s. 1 lit. c) DSGVO.
14. Data security
We hereby clarifies that data protection and data security cannot be guaranteed for transmissions outside We's sphere of influence, e.g. within your mobile network. We therefore draw the user's attention to the fact that his mobile network operator or unauthorized third parties may have access to the data that the user is transmitted to our servers or that is transmitted by us.
15. User rights
15.1 Right to information
The user has the right to obtain free of charge in writing from We the personal data stored by We concerning him, the processing purposes, their origin, which transfer to which recipients or categories of recipients took place, the storage period and the rights of the data subjects available to him or her.
15.2 Right to correction, deletion and/or limitation of data processing
Furthermore, the user has the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about him, unless We is legally obliged to retain such data. Insofar as this includes such personal data that is necessary for the provision of services to the user, the deletion or restriction of the processing of this data can only take place when the user no longer uses We's services.
15.3 Right of objection
The user has the right to object at any time to data processing based on Art. 6 par. 1 s. 1 lit. e) or f) GDPR for reasons arising from his particular situation, unless We can prove compelling reasons worthy of protection, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.
15.4 Right to Data Portability
If the user provides data relating to him or her and We processes such data on the basis of the user's consent or in order to fulfil the contract, the user may request that the user receive such data in a structured, current and machine-readable format from We or that We transmit such data to another person responsible, insofar as this is technically possible (so-called right to data portability).
15.5 Right to revoke consent
Any consent given by the user to the use of personal data can be freely revoked by the user at any time with effect for the future.
15.6 Right to complain to a supervisory authority
The user may also lodge a complaint with a supervisory authority against data processing which he considers to be in breach of the statutory provisions.
16. Changes to the Privacy Policy
We reserves the right to change this privacy policy at any time, while We will always comply with the legal requirements for data protection. Therefore, We recommends that users regularly take note of the applicable privacy policy. We will inform users in advance of any further use of data.
Lucy, 24 June 2018
Data Protection Officer of We : Lucy, com2miao@gmail.com
评论