This Privacy Notice gives you an overview of the processing of your personal data in the context when using the the gaming applications made available online by Softgames Mobile Entertainment Services GmbH, Karl-Liebknecht-Str. 32, 10178 Berlin, Germany (hereinafter “SOFTGAMES” or “Us” or “We”) on subpages of the website at www.softgames.com and associated domains (e.g. www.softgames.de, collectively the “Website”) through i-framing to third party partner websites (“Gaming Applications”). Please be reminded that our Gaming Applications might be embedded on online resources operated by independent third parties using our services to integrate the Gaming Applications into their own web offerings on their own websites or applications also including, without limitation, third-party social media platforms such as the Instant Games service in the Facebook App Center (what we call “Partner Websites”).
You can contact our data protection officer at the above address and at privacy[at]softgames.com or datenschutz[at]softgames.de.
We have taken technical and organizational measures to ensure the security of your personal data. For example, we use the Transport Layer Security (TLS) for the transmission of data for encryption.
You are not obliged by law to provide us with the personal data stated in this Privacy Notice. Specifically, the contractual relationship that you have entered into with us by agreeing to our terms and conditions (https://softgames.com/privacy/) does not imply any obligation to provide your personal data.
However, the transmission of the contract information provided by you to us is a basic requirement for the conclusion of a contract with us. In addition, you may not use the Website and/or the Gaming Applications or only to a limited extent if you do not provide us with certain data or object to the use of this data.
1. Which personal data we process and from which sources:
When we make our Gaming Applications available to you, we process personal data from various sources. On the one hand, these are data that we automatically process for every visitor when the Gaming Applications are accessed. However, this may also be data that you have voluntarily provided to us or that we receive from the Partner Websites. What personal data exactly will be collected will depend on how exactly you as a user access our Gaming Applications. Please be reminded that, as a matter of principle, Partner Websites will process data as independent data controllers. This means: The explanations provided in this Privacy Notice relate exclusively to the processing of personal data regarding our Gaming Applications. If you would like to learn more about the privacy practice of the respective Partner Website through which our Gaming Applications are provided, please review the Partner Website’s privacy statement.
Data that we automatically collect when you use our Gaming Applications:
As soon as you launch one of our Gaming Applications, you send technical information to our web servers.
This happens regardless of whether you register with an account to use the Partner Website and/or the Gaming Applications.
In any case, we collect the following access and web access data (which we call “Usage Data”):
- Date and time of the visit and the duration of the use of the Gaming Applications;
- The anonymized IP address of your device;
- the referral URL (the website from which you may have been referred);
- the visited sub-pages of the Website, including the Gaming Applications; and
- more information about your device (device type, browser type and version, settings, operating system).
We process the Usage Data in order to enable you to use the Gaming Applications and to ensure the functionality of the Gaming Applications.
We also use the data that accumulates when using our Gaming Applications to carry out anonymised evaluations of gaming behavior. For this purpose, we use so-called hash values. It is not possible for us to assign the results of these evaluations to a specific player.
In addition, we process the Usage Data to analyze the performance of the Gaming Applications, continuously improve the Gaming Applications and correct errors or personalize their content for you. However, we also process Usage Data in order to guarantee IT security and the operation of our systems and to prevent or detect misuse, in particular fraud.
We store this Usage Data exclusively in anonymized form, so that it is no longer possible for us to draw any conclusions about your person.
If you would like to know more about how cookies and similar technologies work, which cookies process which data in the the Gaming Applications, for which purposes and how you can deactivate them, click https://softgames.com/privacy-2/ for our cookie page.
From our Partner Websites on which we roll out our Gaming Applications we receive information whether a user is a subscriber on such Partner Website or not. On Facebook, friends, connections and other people that you play with will be able to see your game activity.
Data that you yourself transmit to us:
If you contact customer service at info[at]softgames.de , the written communication between you and service staff and notes on each transaction will be stored until it is completed in order to ensure smooth customer service at all times when the transaction is resumed by other service staff.
2. The purposes for which we also process your data:
We have already informed you above for which purposes we process your data in individual cases. In addition, we may process your data for further purposes. This includes, for example, the disclosure of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes.
3.The legal basis for processing:
When processing your personal data, we rely on various legal bases in accordance with the so-called General Data Protection Regulation, an EU-wide legal framework for standardising data protection laws (“GDPR”). These are in detail:
Fulfilment of our contractual obligations towards you (Article 6 (1) b) GDPR):
Your data will be processed to provide the Gaming Applications to you, as part of the fulfilment of our contract with you. Accordingly, in most cases the processing of personal data (e.g. your Facebook account name, IP address) is necessary to fulfil our contractual obligations towards you.
Our legitimate interests (Article 6 (1) f) GDPR):
There are also cases in which we would be entitled to process your data without your consent because it is necessary to pursue our legitimate interests (or the interests of third parties). In this respect, the purposes described above, for which we process your data, also represent legitimate interests in many cases. Specifically, this concerns the Usage Data (as described above) we process to gain insights on user behaviour (in pseudonymized form) or constantly improve our Gaming Applications. This also concerns the prevention of abuse of our Website or the personalisation and targeting of advertisements to your interests (so-called direct marketing) in connection with the use of the Gaming Applications.
Legal requirements (Article 6 (1) c) GDPR):
In addition, on request from such authorities, we are legally obliged to process certain data in individual cases in order to provide information to law enforcement authorities or tax authorities.
4. With whom we share your information:
With the exception of the service providers and partners described below, we will not pass on your data to third parties. Insofar as the respective listed recipients of the data receive data as data processors, these recipients will process your data solely on our instructions and have undertaken to comply with strict requirements for the security of your data.
In addition, we transmit data to our hosting service providers that enable us to provide the Website. The providers listed in our information on cookies and tracking tools will only receive your pseudonymized Usage Data as further explained there https://softgames.com/privacy-2.
5. Data processing outside the EEA:
We do not transfer your access and account data to countries outside the EEA (so-called “third countries”). We do not host your data in third countries and all your data is located on the servers of our hosting service providers in the EU through Amazon Web Services Inc. 410 Terry Ave North Seattle, WA 98109-5210.
In some cases, however, your data will be processed in third countries. This applies in particular to third party cookies provided by companies based in the United States. However, we will ensure that an adequate level of data protection is guaranteed at all times.
We ensure that data recipients are either certified according to the so-called “EU Privacy Shield” (as with Google and Facebook) or that the so-called EU standard contract clauses are included in our contracts with these providers in order to guarantee the security of processing and an appropriate level of data protection (as in the case of Amazon Web Services).
As explained above, where you access our Gaming Applications through Partner Websites, these partners will also receive limited personal data directly from you in accordance with the privacy statement of the respective Partner Website.
6. Data retention periods:
We process and store your personal data insofar as this is necessary to fulfil our contractual or legal obligations. Therefore, we store the data for as long as our contractual relationship with you exists and after termination only to the extent and for as long as required by the law of the Federal Republic of Germany. All other data will be deleted when you log out of the Gaming Application. If the remaining data is no longer required to fulfil legal obligations (e.g. in accordance with tax or commercial law), it will be regularly deleted, unless further processing is necessary to preserve evidence or to defend against legal claims against us. For the preservation of evidence, for example, your IP address and the exact time of issue are required if you have given us your consent (e.g. to receive a newsletter).
7. Your legal rights under the GDPR:
You can assert the following rights against us within the scope of the GDPR with regard to your personal data:
- Your right to information and access in accordance with Article 15 of the GDPR,
- Your right to rectification under Article 16 GDPR,
- Your right to erasure under Article 17 GDPR,
- Your right to restriction of processing under Article 18 GDPR and
- Your right to data portability under Article 20 GDPR.
- You also have a right to lodge a complaint the competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).
You can also withdraw a given declaration of consent to the processing of your personal data at any time. However, this withdrawal only applies to the future. Any processing that took place before the revocation remains unaffected by this.
Information on your right of objection under Article 21 GDPR
- Right of objection in individual cases
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Article 6 (1) f) GDPR (data processing on the basis of a balance of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
- Right to object to the processing of data for advertising purposes
You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter); this also applies to the creation of a user profile (so-called “profiling”), insofar as this is associated with direct marketing. If you file an objection, we will no longer process your personal data in the future. Please note that you will not use the Website if you do not provide us with certain data or if you object to the use of this data.
Data Deletion Instructions
To exert any of the rights listed above or to raise your objection you can send an informal request addressed to our data protection officer at datenschutz[at]softgames.de
8. Data protection officer
We have appointed a data protection officer (“DPO”) for our company. The DPO can be reached under the following contacts:
Datargus Rechtsanwaltsgesellschaft mbH
Datenschutzbeauftragter der Softgames Mobile Entertainment Services GmbH
9. Your rights under the CCPA
We do not sell personal data. This means we will not transmit data to any party except for the recipients mentioned in section 4. above. All these recipients have agreed to our contractual limitations as to their retention, use, and disclosure of personal data.
California law requires that we detail the categories of personal data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our Gaming Applications and collaboration with business partners (i.e. the providers of the Partner Website). In accordance with section 1. above, we disclose the following categories of personal data for our business purposes:
- Usage Data (Internet activity information)
California law grants state residents certain rights, including the rights to access specific types of personal data, to learn how we process personal data, to request deletion of personal data, and not to be denied goods or services for exercising these rights.
If you are a California resident under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our Website(s). Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another user. Please also be aware that we currently do not allow for users to sign up with an account, so this right is currently not relevant. If you would like to delete your account on a Partner Website, please do so by reviewing the respective privacy statement applicable to the Partner Website.
For information on how to exercise your rights, please refer to section 7. of this privacy notice. As a data controller under GDPR and a business regulated under CCPA, we ensure that your rights are respected in all jurisdictions. If you are an authorized agent wishing to exercise rights on behalf of a California resident, please contact our DPO (see above) and provide us with a copy of the consumer’s written authorization designating you as their agent.
We may need to verify your identity and place of residence before completing your CCPA rights request.
10. Changes to this Privacy Notice
11. Vulnerabilities found in SOFTGAMES Products or SOFTGAMES Websites
If you believe you have found a vulnerability in any SOFTGAMES product or web application, please inform us confidentially via security[at]softgames.com