EN
open-close
open-close

REGISTER

Privacy Policy of gamigo US Inc.

Please click here to download a PDF version of this document.

gamigo US Inc. (hereinafter: “we,” “us”) respects the integrity of personal data, protects privacy and ensures the security of its customers’ personal data.

In this Privacy Policy, we want you to understand what information we collect and process about you when you use our games and other services and for what purpose we collect such data. In addition, we would like to inform you about the rights you are entitled to if you have entrusted us with your personal data as part of our offers.

Contents

A) Data Processing with respect to EU/EEA/UK/Brazil Residents

1. Controller
2. Contact Details of the Data Protection Officer
3. Contact data of the representative in the European Union
4. Definitions
5. Handling Personal Data
6. Origin of Personal Data

6.1. Information provided by you
6.2. Automatically collected and generated data
6.3. Data collected by third parties

7. Scope and Purpose of the Processing of Personal Data and the Legal Bases for Processing

7.1. Use of our websites

7.1.1. Forums
7.1.2. Transactions
7.1.3. Log files
7.1.4. Downloads
7.1.5. Cookies
7.1.6. Advertising

7.2. Use of our games

7.2.1. User account information
7.2.2. Log files
7.2.3. Downloads
7.2.4. Gaming data
7.2.5. Use of “Social Logins”
7.2.6. Support
7.2.7. Transactions
7.2.8. Push messages

7.3. Transfer to users or the public
7.4. Case records
7.5. Marketing and newsletters
7.6. Media information
7.7. Processing for legal reasons

8. Storage Duration and Deletion of the Collected Data
9. Recipient of Personal Data

9.1. Disclosure to third parties in the context of the use of non-essential cookies

9.1.1. Google Universal Analytics
9.1.2. Google “Remarketing and similar target groups function”
9.1.3. Additional Google Analytics functions for display advertising

9.2. Transfer to third parties outside of the EU or the EEA

10. Your rights

10.1. Right of access by the data subject to Art. 15 GDPR
10.2. Right to rectification pursuant to Art. 16 GDPR
10.3. Right to erasure pursuant to Art. 17 GDPR
10.4. Right to restriction of processing pursuant to Art. 18 GDPR
10.5. Right to data portability pursuant to Art. 20 GDPR
10.6. Right to object pursuant to Art. 21 GDPR
10.7. Right to withdraw the granted consent under data protection law
10.8. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

11. Final Provisions

B) Data Processing with respect to California Residents
C) Data Processing with respect to Residents of other States/Countries

A) Data processing with respect to EU/EEA/UK/Brazil Residents

1. Controller

gamigo US Inc.

2700 La Frontera Blvd

Round Rock

TX 78681

United States of America

Telephone: +1 650 273 9618 (Not for support queries)

We are the controller within the meaning of Article 4 No. 7 of the General Data Protection Regulation (GDPR) and other data protection regulations. As the controller, we decide, if necessary jointly with third parties, on the purposes and means of processing personal data. This is contingent upon the processing being lawful.

2. Contact Details of the Data Protection Officer

You can reach our external Data Protection Officer, Dr. Baran Kizil, LL.M. by writing a letter to

Dr. Baran Kizil, LL.M.

Butzweilerhofallee 3

50829 Köln

Germany

and by letting us know you are an EU/EEA/UK/Brazil resident and emailing to: dataprotection-us-inc(at)gamigo.com

3. Contact data of the representative in the European Union

You can contact our representative within the European Union by writing a letter to

gamigo AG

Behringstr. 16b

22765 Hamburg

Germany

and by emailing: EURepresentative(at)gamigo.com

4. Definitions

Decisive for the definition of the terms used in this Privacy Policy, such as the term personal data, is Art. 4 of the General Data Protection Regulation (GDPR).

5. Handling Personal Data

The provision of personal data on the internet always carries the risk of unauthorized processing by third parties who gain unauthorized access to this data, as no technological system can be fully protected against external attacks.
We take technical and organizational measures to protect your data from misuse. We process your data in accordance with the requirements of German and European data protection law and continue to further educate ourselves. The data processing is carried out according to the current state of the art.

6. Origin of Personal Data

We obtain personal data in the following way:

6.1. Information provided by you

We receive personal data from you when you provide it in the course of using our games and other services. Providing this information is always voluntary. However, some of our services may require certain information from you in order to function properly.

Examples: Registration/update of user accounts, support and community management requests, use of the social functions offered by us; purchases in our shops, e-mail address, self-chosen nicknames in our offers, name, date of birth, address.

6.2. Automatically collected and generated data

When you use our games and other services, data is automatically collected and generated.

Examples: Device information, game data in our games, user account and character IDs, information from your support or community management request

6.3. Data collected by third parties

We can also receive information from third parties. Our games and other services require that you create a user account on Glyph. Instead of creating a user account, you can also log in with an account you have already created. This gives you the advantage of not needing to create a user account for Glyph, as it is created automatically.

To make this possible, we need your consent to use the data provided by the third party. With your consent, your user account with us will be linked to the account you have with the third party. We thereby gain access to parts of your personal data that are required to create the account.

Examples of processed data: E-mail address, IP address, token, user ID.

7. Scope and Purpose of the Processing of Personal Data and the Legal Bases for Processing

The scope and purposes of the processing of your personal data will depend on which of our games and other services you use from us, i.e. not every one of our games and other services includes all of the personal data processing practices described herein. In the following, we would like to give you an overview of the personal data that we process in connection with all of our services. Furthermore, we have listed the different categories of data and examples of personal data that can be processed when using the corresponding service.

Personal data is all information about you and your factual and personal circumstances, for example name, address or age. Data that cannot be assigned to a specific natural person is not personal data. For example, this can be statistical data that describes a group.

Regardless of which of our games and other services you use, we will treat your personal data confidentially and in accordance with the statutory data protection regulations. We will not share it with third parties without your consent, unless permitted by law (e.g. because it is necessary to perform the contract).

In the following you can also read on which legal basis the respective processing of the listed data is based.

The main legal bases in scope are regulated in Art. 6 para. 1 sentence 1 GDPR. These are, as far as relevant for us, the following cases:

Art. 6 Para. 1 Sentence 1 lit. a) GDPR: Data processing is based on a consent that you have granted us.

Art. 6 Para. 1 Sentence 1 lit. b) GDPR: The data processing is necessary for the performance of a contract to which you are a party, or is necessary for the performance of pre-contractual measures taken at your request.

Art. 6 Para. 1 Sentence 1 lit c) GDPR: Data processing is necessary for the fulfillment of a legal obligation to which we are subject.

Art. 6 para. 1 sentence 1 lit. f) GDPR: The data processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data, outweigh these.

7.1. Use of our websites

7.1.1. Forums

Our websites offer you the opportunity to use our online forums. There you can create a publicly viewable profile in which you can voluntarily add additional information. In our forums you can make public posts and send private messages to other users. You can also have yourself included in public member lists.

Examples of processed data: content of the forum (version, division, location, time zone, authorizations, forum user account, posts), IP address, content written, name, date of birth, address.

The processing of personal data described above is legal under Art. 6 para. 1 sentence 1 lit. b) GDPR.

7.1.2. Transactions

On our websites, you can deposit real money on your user account and purchase virtual currency or items directly. You can also buy items or unlock features (e.g. character transfer) from previously purchased virtual currency on our websites. To do so, you will usually have the option of using various payment providers to pay for our games and other services.

The payment service providers process the data as a separate controller. Please read the respective privacy policy of the payment service provider carefully. You will find an overview of our partners in the “Transactions” section:

Payment service providerPrivacy Policy
Amazon (Amazon Digital Services Inc., Amazon EU S.a.r.l., Amazon Services International, Inc., Amazon Sevicos de Varejo do Brasil Ltd., Amazon.com Int’l Sales, Inc., Amazon Australia Services Inc. and its affiliates, Amazon Payments Inc., Amazon Services LLC, Amazon Services Europe S.a.r.l.)https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010
American Express Travel Related Services Company, Inc.https://www.americanexpress.com/us/privacy-center/
Boku Payments, Inc.https://www.boku.com/payments-privacy-notice/
JPMorgan Chase Bank N.A., Paymentech LLChttps://merchantservices.chase.com/privacy-statement
Hipay SAShttps://hipay.com/en/terms
Nexon America Inc.https://www.nexon.com/main/en/legal/privacy/
Microsoft (and its affiliates)https://privacy.microsoft.com/
PayPal Inc.https://www.paypal.com/en/webapps/mpp/ua/privacy-full
Razer Online Pte Ltdhttps://www.razer.com/legal/customer-privacy-policy
Sony Interactive Entertainment (SIE)https://www.sie.com/en/privacy.html
Valve Corporationhttps://store.steampowered.com/privacy_agreement/

Examples of processed data:  IP address, order information (especially time, product ordered and the quantity, transaction number, encrypted mobile phone number), subscriptions, chargebacks, refunds, gifts, payment details (especially also payment method, voucher redemption), shipping data (e.g. for CD shipping), licenses for consumable goods in games.

The processing of personal data described above is legal under Art. 6 para. 1 sentence 1 lit. b) GDPR. The legal basis is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Secs. 147 para. 1 no. 4, para. 3 AO (German Fiscal Code); Sec. 257 para. 1 no. 4, para. 4 HGB (German Commercial Code); Sec. 14b para. 1 UstG (German Vat Act), insofar as the transaction data are posting documents.

7.1.3. Log files

We use log files to analyze and optimize the functionality of our websites, to find errors, to ensure the security of our systems (e.g. to fend off cyberattacks) and to ensure compliance with the Terms of Use for the “Glyph” platform, the Terms of Use for the games on the “Glyph” platform, the game rules and applicable law.

Examples of processed data: Connection type, IP address, URL of the referring website from which the file was requested, date and time of access, browser type and operating system as well as hardware information, the page you visited, hardware features, duration and frequency of use.

On the one hand, the described processing of personal data is lawful according to Art. 6 para. 1 sentence 1 lit. b) GDPR, because we need the data in order to fulfill the user agreement concluded with you, and on the other hand according to Art. 6 para. 1 sentence 1 lit. f) GDPR, because our users and we have a legitimate interest in our websites being secure and functional.

7.1.4. Downloads

You can download various programs, especially the launcher for Glyph, on our websites. As part of this, personal data is processed so that we can check whether the download is working, and if not, where there are errors, in order to optimize our service quality. Error sources can e.g. originate from a certain region, emanate from a certain internet provider, or result from only the partial transfer of the file.

Examples of processed data: Transferred data quantity, time of download, access status (transfer file, file not found), IP address, hardware features, speed.

The described processing of personal data is legal according to Art. 6 para. 1 sentence 1 lit. b) GDPR, insofar as it concerns our obligation from a user agreement concluded with you (e.g. for the provision of the game software) and according to Art. 6 para. 1 sentence 1 lit. f) GDPR, given that we have a legitimate interest in providing our services safely and reliably, free of technical errors.

7.1.5. Cookies

When you visit our websites, we want to make sure that you always get the information that is most relevant to you. For this reason, we use cookies on our websites.

Cookies are small text files that are stored on your local device. They ensure that we recognize you the next time you visit our websites and that we can offer you a personalized experience on our websites.

There are permanent cookies, which remain stored for a longer period of time and so-called session cookies, which are only placed as long as your visit lasts and are deleted as soon as you leave.

Sometimes we place cookies ourselves, other times, however, we use cookies from third parties (so-called third-party cookies).

We use cookies so that we can show you our websites, you can take advantage of comfort functions, we can carry out statistical evaluations and for marketing purposes.

If cookies contain personal data that is required for the operation of our websites, the legal basis for the processing of your personal data is Art. 6 (1) p. 1 lit. f) GDPR. All other cookies are only set if you give us your consent. If cookies contain personal data, the legal basis in this case is Art. 6 para. 1 p. 1 lit. a) GDPR.

7.1.6. Advertising

In order to improve our advertising offer, we sometimes use small images on our websites, which independently collect data.

This aims at only showing you advertising that is relevant to you. It also allows us to see if you have clicked on our advertisement.

Examples of processed data: IP address.

The processing of personal data described above is lawful as per Art. 6 para. 1 sentence 1 lit. f) GDPR, as our partners and we have a legitimate interest in determining the success of services and campaigns.

7.2. Use of our games

7.2.1. User account information

If you want to play our games, you will need a user account to use Glyph. After activating a user account, you can register for one or more games (“game registration”).

A Glyph user account is created when you manually create once for Glyph or register for one of our games. You need your account in order to write forum posts on our game pages, or to participate in online games and make payments. You can enter some information under the user account manually, and some information is generated automatically. You can view most of the data when you log in and update it in the user account settings.

Examples of processed data: Account name, your name, age, gender, email address and former email address, account region, preferred language, date of birth, phone number, home address, shipping address, account links (for example with Facebook), opt-in and opt-out details.

The processing of personal data described above is legal under Art. 6 para. 1 sentence 1 lit. b) GDPR.

7.2.2. Log files

We use log files to analyze and optimize the functionality of Glyph, to find errors, to ensure the security of our systems (e.g. to fend off cyberattacks) and to ensure compliance with the Terms of Use for the “Glyph” platform, the Terms of Use for the games on the “Glyph” platform, the game rules and applicable law.

Examples of processed data: Connection type, date and time of access, IP address, browser type and operating system as well as hardware information, hardware features, duration and frequency of use.

On the one hand, the described processing of personal data is legal according to Art. 6 para. 1 sentence 1 lit. b) GDPR, because we need the data in order to fulfill the user agreement concluded with you, and on the other hand according to Art. 6 para. 1 sentence 1 lit. f) GDPR, because our users and we have a legitimate interest in our websites being secure and functional.

7.2.3. Downloads

For the most part, you must download our games and other services offered in order to use them. Our games are updated regularly, so updates are provided and must be installed. As part of this, personal data is processed so that we can track whether the download (and thus our offered game or other service) works, and if not, where there are errors. Error sources can e.g. originate from a certain region, emanate from a certain internet provider, or result from only the partial transfer of the file.

Examples of processed data: Transferred data quantity, time of download, access status (transfer file, file not found), IP address, hardware features.

The described processing of personal data is lawful according to Art. 6 para. 1 p. 1 lit. b) GDPR and because of the need to ensure a safe operation of our games, according to Art. 6 para. 1 p. 1 lit. f) GDPR.

7.2.4. Gaming data

When you play our games, data is generated that stores your game progress. Among other things, we keep records of game licenses, progress, history, statistics, in-game purchases and interactions with other users.

On the one hand, we process this data to enable us to provide support for the affected user in the event of an error. On the other hand, we must ensure that the user is compliant with our Terms of Use, the rules of the game and applicable law (e.g. data protection and criminal regulations) in order to guarantee a flawless gaming experience. In particular, the maximum permitted user accounts per person according to our Terms of Use (“multi-accounting”) must not be exceeded, and the use of fraud software which is used to gain in-game advantages or for attacks on technical systems must be prevented. For this purpose we use various protection programs that also process personal data.

Examples of processed data: Purchased items (e.g. skins, portraits, gold, boosters), other unlocks, character names, social exchanges, connected games, chat logs, progress, game history, tasks in progress, game statistics, guild information, in-game messages, friend lists, inventory items (equipment, skills, etc.), screenshots, technical user data such as browser data, IP address, user account information.

The processing of personal data described above is legal under Art. 6 para. 1 sentence 1 lit. b) GDPR. The processing of personal data for the purpose of preventing fraud and manipulation is also legal under Art. 6 para. 1 sentence 1 lit. f) GDPR, as we and our users have a legitimate interest in ensuring that the services we offer are free from manipulation and that the general terms and conditions, rules of the game and applicable law are complied with.

7.2.5. Use of “Social Logins”

In order to use our games and other services, you must create a user account on the Glyph platform. Alternatively, you can log in with an account you have already created. This offers the advantage that you do not need to create a user account for Glyph, as it is created automatically.

To make this possible, we need your consent to use the data provided by the third party. With your consent, your user account with us will be linked to the account you have with the third party. We thereby gain access to parts of your personal data that are required to create an account.

Which data is collected by the respective provider depends on the operator and is beyond our control. The providers process the data as independent controllers. Please read the privacy policy of the respective provider carefully. You will find an overview of our partners in the “Social Login” section:

PartnerPrivacy Policy
Steamhttps://store.steampowered.com/privacy_agreement/
Microsoft (Xbox)https://privacy.microsoft.com/en-us/privacystatement
Sony (Playstation Network)https://www.playstation.com/en-us/legal/privacy-policy/

Examples of processed data: E-mail address, IP address, token, user ID.

The processing of personal data presented is legal under Art. 6 para. 1 sentence 1 lit. a) GDPR.

7.2.6. Support

We are happy to support our users and are always happy for you to contact us. If you create a ticket for our games and other services, or contact us via contact form, mail or e-mail, we need information to help you with your request and to answer it. We also use this information to optimize our services. Please contact us for your support requests primarily via our ticket system (https://support.gamigo.com/hc/en-us).

You can also reach and contact us via social media (e.g. Facebook) Personal data is collected by the provider of the respective service. Please review their privacy policy before contacting us. We only receive the data that is generally required when contacting us (such as the user name).

Examples of data processed: problems encountered, experiences, sanctions (ban, mutes), contact details, contact methods (ticket, e-mail, contact form, post, social networks), description of the problem in the service ticket, notes on the user account, ticket chat log, documents used to authenticate user accounts (e.g. information on the user account, screenshots of invoices).

The processing of personal data presented is lawful under Art. 6 para. 1 sentence 1 lit. b) GDPR to the extent that the contact is necessary for the performance of the contract or the implementation of pre-contractual measures. Insofar as the contact is made for the other purposes mentioned, the processing is lawful according to Art. 6 para. 1 sentence 1 lit. f) GDPR, as our users and we have a legitimate interest in helping our users with (technical) problems and supporting them within the scope of our services.

7.2.7. Transactions

In our games, you can purchase items or unlock features (e.g. character transfers) for virtual currency or, in some cases, real money.

Examples of processed data: IP address, order data (in particular time, product ordered and the quantity, transaction number, possibly encrypted mobile phone number), subscriptions, chargebacks, refunds, gifts, payment details (in particular also payment method, coupon redemption, delivery address), licenses for consumer goods in games.

The processing of personal data presented is legal under Art. 6 para. 1 sentence 1 lit. b) GDPR. The legal basis is also Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Secs. 147 para. 1 no. 4, para. 3 AO (German Fiscal Code); Sec. 257 para. 1 no. 4, para. 4 HGB (German Commercial Code); Sec. 14b para. 1 UstG (German Vat Act), insofar as the transaction data are posting documents.

The payment service providers process the data as a separate controller. Please read the respective privacy policy of the payment service provider carefully. You will find an overview of our partners in the “Transactions” section:

Payment service provider Privacy Policy
Amazon (Amazon Digital Services Inc., Amazon EU S.a.r.l., Amazon Services International, Inc., Amazon Sevicos de Varejo do Brasil Ltd., Amazon.com Int’l Sales, Inc., Amazon Australia Services Inc. and its affiliates, Amazon Payments Inc., Amazon Services LLC, Amazon Services Europe S.a.r.l.)https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010
American Express Travel Related Services Company, Inc.https://www.americanexpress.com/us/privacy-center/
Boku Payments, Inc.https://www.boku.com/payments-privacy-notice/
JPMorgan Chase Bank N.A., Paymentech LLChttps://merchantservices.chase.com/privacy-statement
Hipay SAShttps://hipay.com/en/terms
Nexon America Inc.https://www.nexon.com/main/en/legal/privacy/
Microsoft (and its affiliates)https://privacy.microsoft.com/
PayPal Inc.https://www.paypal.com/en/webapps/mpp/ua/privacy-full
Razer Online Pte Ltdhttps://www.razer.com/legal/customer-privacy-policy
Sony Interactive Entertainment (SIE)https://www.sie.com/en/privacy.html
Valve Corporationhttps://store.steampowered.com/privacy_agreement/

7.2.8. Push messages

Some of the games and other services allow you to stay up to date using push messages. They inform you about important events or remind you of certain events. The device token allows us to identify the phone based on the app-device combination issued by the providers of push notification gateways. This enables gateway providers to forward messages and ensure that the notification is only sent to devices that have the unique app-device combination.

Examples of processed data: Mobile phone number, content of the sent message, date of the sent message, user account, device tokens

The above processing of personal data only takes place if you have consented to being contacted via push messages. The legal basis is on Art. 6 para. 1 sentence 1 lit. a) GDPR.

7.3. Transfer to users or the public

When you use our games or other services, your personal information (e.g. character name, nickname, e.g. in forums) may be visible to other users or the public. This is the case, for example, when you post in our forums, post messages in the public chat of our games, participate in competitions or use leader boards (Competition Boards).

Examples of processed data: Name of the game figure, nickname, e.g. in forums.

The processing of personal data described above is legal under Art. 6 para. 1 sentence 1 lit. b) GDPR. In addition, the processing is legal as per Art. 6 para. 1 sentence 1. lit. f) GDPR, having in mind that our users and we have a legitimate interest in an open exchange between our users about our games and services and other topics.

7.4. Participation in competitions

We will be hosting competitions at irregular intervals where you can win physical or digital prizes. The task that needs to be accomplished to participate in the respective competition can be found in the announcement of the competition. Depending on the nature of the prize and the required task, different corresponding personal data will be processed to run the competition. The announcement of the respective competition will also include information about what kind of personal data will be used. Please read the announcement of the competition as well as the terms of participation carefully before participating in the competition.

Examples of data processed: E-Mail Address, Address

This processing of personal data is legal according to art. 6, para. 1, sentence 1 b) of the GDPR. In the case that a different legal basis is relevant, this will be stated in the competition announcement.

7.5. Participation in surveys

You have the opportunity to participate in our surveys. In these surveys, we would like to learn more about how you use our services and our games and how you feel about them. The results of the surveys will be used to improve our services and games.

Examples of data processed: E-Mail Address, your answers

This processing of personal data is legal according to art. 6, para. 1, sentence 1 f) of the GDPR. In the case that a different legal basis is relevant, this will be stated in the respective survey or in the announcement of the respective survey.

7.6. Case records

We keep case records for legal disputes with which we are confronted.

Examples of processed data: Name, address, correspondence

The described processing of personal data is lawful according to Art. 6 para. 1 lit. f) GDPR, as we have a legitimate interest in protecting and asserting the rights of third parties and our rights.

7.7. Marketing and newsletters

We can inform you by newsletter about similar goods and services according to Sec. 7 para. 3 UWG (German Unfair Competition Act), for example about other games from us. You can unsubscribe from receiving further newsletters at any time free of charge using the link contained in the newsletter (“Unsubscribe button”). In addition, we inform you by newsletter about all offers, services and other activities by us or the other companies in the gamigo group and about all other offers, services and other activities by third parties in connection with the offers, services and other activities of one or more companies in the gamigo group (so-called gamigo group newsletter) if you have previously consented to this newsletter being sent to you. You can also unsubscribe from this newsletter free of charge at any time using the unsubscribe button contained in the newsletter.

Newsletters are sent at our request by our service provider. Your e-mail address, which receives our newsletter, and other personal data are temporarily stored on the service provider’s servers. This information is used to send and evaluate the newsletter. For this purpose, so-called tracking pixels are used, i.e. in our newsletter there is a non-visible image file which transmits technical information to the service provider when the newsletter is opened (e.g. whether the newsletter has been opened). Your data will not be used by the service provider independently to send the newsletter.

We also place banner ads on websites, i.e. we provide our partners with a graphic that they can integrate on their website. The banner contains a hyperlink so that the user can reach one of our websites. In order to enable a statistical evaluation, an ID is generated using a pixel-code to determine how users became aware of our products and, if applicable, whether they have completed a payment transaction.

Examples of processed data: IP addresses, the language used, hardware, how the newsletter was handled, i.e. when it was read and which links were clicked on.

The described processing of personal data, i.e. the sending of newsletters, has as its basis Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with Sec. 7 para. 3 UWG for the advertising of our own similar goods and services, on the other hand, Art. 6 para. 1 p.1 lit. a) GDPR in connection with Sec. 7 para. 2 no. 3 UWG if you have consented to the gamigo group newsletter being sent to you. We base the use of the pixel-code on Art. 6 Para. 1 S.1. lit. f) GDPR, as we have a legitimate interest in customizing our information according to the recipient.

7.8. Media information

We collect contact details of journalists in order to provide them with specially prepared information about our services.

Examples of processed data: Name, company, email, telephone number.

The above processing of personal data is lawful under Art. 6 para. 1 lit. a) GDPR.

7.9. Processing for legal reasons

We pass on personal data insofar as we are legally obliged to do so. This can happen, for example, as a result of a court or public prosecutor’s order. In doing so, strict attention is paid to ensuring that all statutory requirements are met before passing on the data. In general, only certain data is requested (e.g. technical user data), but in principle the obligation to pass on data may apply to all data collected. Before each transfer of personal data, we critically check whether we are obliged to do so.

We also pass on personal data in the context of legal proceedings (e.g. to external lawyers) if this is necessary to assert our rights (e.g. to protect intellectual property rights).

Examples of processed data: Contact details, user account information.

We will only process personal data for legal reasons as described above if it is compliant with the applicable law. The legal basis is by Art. 6 para. 1 sentence 1. lit. c) GDPR for the fulfillment of a legal obligation or under Art. 6 para. 1 sentence 1. lit. f) GDPR because we have a legitimate interest in ensuring that our rights are safeguarded or enforced.

8. Storage Duration and Deletion of the Collected Data

We store personal data only as long as there is a concrete purpose for this. The duration of the storage depends on the purpose of the processing, the requirements of the processing, as well as on your and our interests and rights and, if applicable, the interests and rights of third parties. We always store personal data as briefly as possible (principle of data economy data/minimization), but at the same time we observe the statutory requirements which stipulate a minimum retention period (e.g. in commercial and tax law of up to 10 years, Sec. 257 para. 4 of the German Commercial Code, Sec. 147 para. 3 of the German Fiscal Code).

In any case, the following shall apply: If the purpose of processing has ceased to exist or if data is no longer required to achieve this purpose and there are no further statutory storage obligations to the contrary, we delete the relevant data (e.g. we delete support tickets at the latest 9 months after we have processed your request).

9. Recipient of Personal Data

To achieve the processing purposes described above, we pass on personal data to various categories of recipients. The concrete passing on of personal data about you depends largely on which of our services you use.

We share personal data with the following categories of service providers as processors: service providers in the context of fraud and manipulation prevention, , to service providers to conduct surveys, to service providers for analysis services, to payment service providers, to service providers for sending newsletter, to service providers for advertising services, data centers, as well as to subsidiaries and affiliated companies within the meaning of Sec. 15 AktG (German Stock Corporation Act). The transfer of the personal data to the respective recipient as processor is lawful under Art. 28 GDPR.

We pass on personal data to the following categories of service providers as independent controllers: Lawyers, authorities, the police, payment service providers, and providers of “social logins.”

9.1. Disclosure to third parties in the context of the use of non-essential cookies

Where you consent to us setting non-essential cookies (see the “Cookies” section), we share personal data with third parties. This includes advertising partners, IT service providers, social media providers and partners to analyze our website for performance (i.e., measuring visits, traffic sources, and usage patterns).

In the following sections, we will explain in more detail the Google services that we use:

9.1.1. Google Universal Analytics

Google Universal Analytics is a widely used web analytics service from Google Ireland Ltd. in Dublin. The methods provided by Google Universal Analytics enable a cross-device analysis of website usage by placing cookies. The information generated while using the website is usually transferred to a Google server in the United States of America and also stored there. Google uses the collected information to analyze the use of websites on our behalf, to create reports and to provide services for the purposes of market research and website optimization. The anonymous IP address automatically transmitted to Google is not combined with other Google data and is only used by us for statistical analysis. The processing of the data by Google can be prevented by a suitable browser add-on. If you use a mobile device, it is possible to deactivate  Google Analytics using the following link. This prevents activity data from being shared with Google Universal Analytics via the JavaScript (gtag.js, ga.js, analytics.js and dc.js) executed on websites. For more information about Google Universal Analytics, please consult the Google privacy policy.

9.1.2. Google “Remarketing and similar target groups function”

We use the remarketing feature of Google Ireland Ltd. in Dublin, which allows us to target visitors to a website with personalized and interest-based advertising as soon as they visit another Google Display Network site. For this purpose, Google uses cookies that perform an analysis of website usage, which forms the basis for creating interest-based online advertising. To carry out this process, Google places a short file with an identification number on your end device, through which website visits and anonymized data on the use of the respective websites are recorded. To the extent that visitors have agreed to have their web and app browsing histories linked by Google to their Google Account, and information from their Google Account is used to personalize ads displayed, Google will use data from these logged-in users along with Google Analytics data to create and define target audience lists for cross-device remarketing. This allows visitors to the website to be addressed with personalized, interest-based advertising across devices. Subsequent visits to other sites on the Google Display Network will display advertisements that most likely reflect the product and information areas previously viewed by the site visitor. If you do not wish to use Google’s remarketing function, you can deactivate it by adjusting the corresponding settings at http://www.google.com/settings/ads. Google’s use of cookies can also be permanently disabled by accessing the following links to the cookie management settings:

http://www.google.com/policies/technologies/managing/

http://www.google.com/policies/technologies/ads/

For more information about Google Remarketing, please consult the Google privacy policy.

9.1.3. Additional Google Analytics functions for display advertising

The following Google Analytics functions are used on our websites to display advertising:

  • Report editor in Google Display Network
  • Integration of Double Click Campaign Manager,
  • Google Analytics reports on performance by demographic features and interests

The aforementioned reporting functions serve to evaluate and use the data collected by Google in the context of interest-based advertising as well as visitor data from third-party providers in Google Universal Analytics, such as age, gender and interests. The end customer can deactivate Google Analytics for display advertising at any time and adjust the ads in the Google Display Network under the display settings at https://www.google.de/settings/ads.

For more information about functionalities of Google analytics for display advertising, please consult Google’s privacy policy.

9.2. Transfer to third parties outside of the EU or the EEA

Compliance with Art. 44 et seq. GDPR is ensured if data is transferred to a third country, i.e., before any personal data is transferred to third parties in a country outside the EU or the EEA (Norway, Iceland, Liechtenstein), we check whether these countries offer an adequate level of protection. This can be ensured by the fact that an adequacy decision by the EU Commission has been made or that third country transfers are permitted under other instruments regulated in Art. 46 et seq. GDPR.

10. Your rights

In this section, we inform you about the rights you have in relation to the processing of your data. You will find the exact scope of the law mentioned in each case in the corresponding article of the General Data Protection Regulation (GDPR). To exercise your rights, please let us know you are an EU/EEA/UK/Brazil resident and email us at dataprotection-us-inc(at)gamigo.com.

10.1. Right of access by the data subject to Art. 15 GDPR

You have a right to access your data pursuant to Art. 15 GDPR stored by us.

10.2. Right to rectification pursuant to Art. 16 GDPR

You have a right pursuant to Art. 16 GDPR to have incorrect personal data rectified or correct personal data completed.

10.3. Right to erasure pursuant to Art. 17 GDPR

Pursuant to Art. 17 GDPR, you have the right to have your personal data stored by us erased. Please note that we cannot undo an erase, i.e. all your game scores and progress are permanently lost.

10.4. Right to restriction of processing pursuant to Art. 18 GDPR

You have the right to restrict the processing of your data pursuant to Art. 18 GDPR if you dispute the accuracy of the data, if the processing is unlawful but you refuse to erase it, if we no longer need the data but you need it for the assertion, exercise or defense of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

10.5. Right to data portability pursuant to Art. 20 GDPR

You have the right to data transfer pursuant to Art. 20 GDPR, i.e. the right to receive selected data stored by us about you in a common, machine-readable format, or to request the transfer to another controller,

10.6. Right to object pursuant to Art. 21 GDPR

You have a right to object processing of data pursuant to Art. 21 GDPR.

10.7. Right to withdraw the granted consent under data protection law

If we process data on the basis of a consent given by you, you have the right to withdraw the consent given at any time. The withdrawal of consent does not render invalid the data processed on the basis of the consent until the time of withdrawal.

10.8. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. To consult the contact details of the supervisory authorities in the German federal states, please access the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

11. Final Provisions

This Privacy Policy is merely to inform you and does not require your agreement. We can and must adapt the Privacy Policy in the event of a change in circumstances, i.e. other data protection processes, and will inform you thereof by appropriate means.

B) Data Processing with respect to California Residents

California Privacy Notice

Personal Data

The following is a list of the categories of personal information which we collect, or have collected, in the twelve months prior to the effective date of this Privacy Policy, the categories of sources from which such category is collected; and the categories of third parties with whom we share such information.

Categories we collect: User account information, support information, gaming information, transactions and purchases, posts in forums, email addresses, mobile advertising identifiers, session and persistent cookies, IP addresses, apps used or downloaded, web sites visited, browser and operating system type, type of devise used, information actively provided by users responding to a form in an ad, randomly assigned identifiers, precise and general location information and system information that our SDK may collect about your device or network provider.  Further details may also be found in the gamigo policy available at this web site.

Sources: All the information above is collected at our web sites and apps when you visit, register, play games or from your mobile device when you are using an app and is provided to us from the advertiser or publisher partners users interact with by using their app or viewing an ad. We also acquire this information from partners or from advertising or data exchanges.

Location information: We acquire location information when you provide it to an app which shares this information with us.

Each Category is collected for the following business purposes: providing games, processing transactions, supporting forums and newsletters, delivering ads on publisher sites, reporting on ad delivery, securing, protecting, auditing, bug and fraud detection, debugging and repair of errors and the detection, protection and prosecution of security incidents or illegal activity; enforcing our terms and policies;  complying with law.

Each Category is also collected for uses that advance our commercial interests including creating profiles to target ads on behalf of advertisers, using data collected from publishers and from other third parties.

Sale/Sharing Information: Do Not Sell My Personal Information rights

Gamigo may disclose the categories of information described above to vendors, such as analytics companies and may sell the information to advertisers, ad networks, other partners, and third parties. Please let us know you are a California resident and email us at dataprotection-us-inc(at)gamigo.com for instructions for how you can exercise your California access, deletion and Do Not Sell rights.

Do Not Sell signal

If a partner has transmitted to us a Do Not Sell signal, we will limit our use of information from that partner and we will act only as a service provider as defined in the CCPA.

Access and Deletion

Subject to certain exceptions and restrictions, the CCPA provides California Residents the right to submit requests to a business which has collected their personal information: (i) to provide them with access to the specific pieces and categories of personal information collected by the business about such California Resident, the categories of sources for such information, the business or commercial purposes for collecting such information, and the categories of third parties with which such information was shared; and (ii) to delete such personal information.

If you are a California Resident, please let us know and email us at dataprotection-us-inc(at)gamigo.com for instructions for how you can exercise your California access, deletion and Do Not Sell rights.

California Residents may designate an authorized agent to make California Requests on their behalf.

We do not discriminate against you

You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. We do not discriminate against California Residents for exercising their rights.

We do not sell the personal information of minors under 16 years of age without affirmative authorization.

For questions or further information please contact dataprotection-us-inc(at)gamigo.com

C) Data Processing with respect to Residents of other States/Countries

Personal Data

The following is a list of the categories of personal information which we collect, or have collected, in the twelve months prior to the effective date of this Privacy Policy, the categories of sources from which such category is collected; and the categories of third parties with whom we share such information.

Categories we collect: User account information, support information, gaming information, transactions and purchases, posts in forums, email addresses, mobile advertising identifiers, session and persistent cookies, IP addresses, apps used or downloaded, web sites visited, browser and operating system type, type of devise used, information actively provided by users responding to a form in an ad, randomly assigned identifiers, precise and general location information and system information that our SDK may collect about your device or network provider. Further details may also be found in the gamigo policy available at this web site.

Sources: All the information above is collected at our web sites and apps when you visit, register, play games or from your mobile device when you are using an app and is provided to us from the advertiser or publisher partners users interact with by using their app or viewing an ad. We also acquire this information from partners or from advertising or data exchanges

Location information: We acquire location information when you provide it to an app which shares this information with us.

Each Category is collected for the following business purposes: providing games, processing transactions, supporting forums and newsletters, delivering ads on publisher sites, reporting on ad delivery, securing, protecting, auditing, bug and fraud detection, debugging and repair of errors and the detection, protection and prosecution of security incidents or illegal activity; enforcing our terms and policies; complying with law.
Each Category is also collected for uses that advance our commercial interests including creating profiles to target ads on behalf of advertisers, using data collected from publishers and from other third parties.

Sharing Information

We may disclose the categories of information described above to vendors, such as analytics companies and may sell the information to advertisers, ad networks, other partners, and third parties.

Access and Deletion

Applicable law may provide you the right to submit requests to us (i) to provide you with access to the specific pieces and categories of personal information collected by us about you, the categories of sources for such information, the business or commercial purposes for collecting such information, and the categories of third parties with which such information was shared; and (ii) to delete such personal information. If applicable law does not provide you these rights, we will nevertheless do our utmost to fulfil your requests.

To send us an access and deletion request, or for questions, or further information please let us know where you are from so we can process your request and contact us under dataprotection-us-inc(at)gamigo.com

Version: 2022-01-11