Privacy Policy
Spiele-Palast GmbH

I. General information

If you have any questions or uncertainties about data protection, you can our data protection officer at any time. contactor us as the person responsible

1. Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Act on Data Protection (FADP-new) is

Spiele-Palast
Boxhagener Str. 106
10245 Berlin
Germany

e-mail:

support@spiele-palast.de

support@skat-palast.de

support@doppelkopf-palast.de

support@schafkopf-palast.de

support@mau-mau-palast.de

support@romme-palast.de

support@solitaire-palast.de

support@canasta-palast.de

support@binokel-palast.de

support@spider-palast.de

support@whist-palast.de

support@ginrummy-palace.com

2. Contact information of the data protection officer

For questions about data protection, for enquiries and/or for further information about data processing at Spiele-Palast GmbH, please contact our data protection officer:

E-mail: datenschutz@spiele-palast.de

3. Supervisory authority

If you are of the opinion that the processing of your personal data by Spiele-Palast GmbH has not been carried out properly, you have the right to contact a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. The supervisory authority responsible for Spielepalast in accordance with Art. 55 GDPR is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Telephone: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de
Contact and/or complaint form: https://www.datenschutz-berlin.de/buergerinnen-und-buerger/beschwerde/

II. General information on data processing

1. General information on data processing and scope of application

In principle, Spiele-Palast GmbH processes your personal data only with your consent and in order to be able to present content and services for a functioning website or app. Your personal data is processed when you create an account with us. This data protection declaration applies to all pages of our online and app offers.

2. Definitions

a) Definitions according to Art. 4 GDPR:

  • Personal data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.
  • Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data or parts thereof.
  • Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyze or predict aspects concerning the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person.
  • Restriction of processing: the marking of stored personal data with the aim of restricting its future processing.

b) “Need-to-know principle”:

  • The principle that every employee who processes data can only access those data sets and execute those programs that are actually needed for the respective task.

3. Legal basis for the processing of your data

The legal basis for processing your personal data results from Art. 6 para. 1 of the EU General Data Protection Regulation (GDPR).

a) If the processing of your personal data is based on your consent, Art. 6 para. 1 lit. a GDPR.

b) If the processing of your personal data is necessary for the fulfilment of a contract or pre-contractual measures, Art. 6 para. 1 lit. b GDPR.

c) 6 para. 1 lit. c GDPR For the fulfilment of legal obligations on the part of Spiele-Palast GmbH Art. 6 para. 1 lit. c GDPR.

d) In the case of processing to protect vital interests, Art. 6 para. 1 lit. d GDPR.

e) For processing in the public interest Art. 6 para. 1 lit. e GDPR.

f) If the processing of personal data is necessary to safeguard the legitimate interests of Spiele-Palast GmbH or other third parties, and the interests, fundamental rights and freedoms of the data subjects do not prevail, Art. 6 para. 1 lit. e GDPR.

4. Categories of recipients

  • Employees of Spiele-Palast GmbH in accordance with the “need-to-know” principle
  • Payment provider
  • Service providers and business partners of Spiele-Palast GmbH within the scope of the tasks assigned by them
  • Companies in the legal succession of Spiele-Palast GmbH and/or companies that acquire parts of the business of Spiele-Palast GmbH in the event of the full or partial sale of Spiele-Palast GmbH, the business operations it conducts or parts thereof.
  • Other users of the platform: Since our online games offer a multiplayer experience, certain game data (e.g. player name, club, rating, game statistics and, if applicable, profile picture) are published on our website or app and in our online games in the form of leaderboards, live statistics or similar. This is to give all users an authentic impression of the game and the level of play. The legal basis is Art. 6 para. 1 lit. f GDPR.
  • Public authorities and courts: Personal data may be passed on in connection with official enquiries, court orders or legal proceedings if this is necessary for legal prosecution or enforcement.

5. Description of the data and the purpose of processing

The following personal data is processed:

  • Data for access management (login information)
    All information that you provided when registering on our website or in our app, e.g. email address, password [in encrypted form so that no employee has access to your personal password], etc.

Purpose:

    • To use the website or app of the registered player account and the services offered.
    • For the purpose of making payments with the help of financial institutions and/or payment service providers.
    • Provision of customer support services, regardless of the chosen form of contact (e-mail correspondence, chat, etc.).
    • To protect Spiele-Palast GmbH and the rights of the data subject, the controller, the processor or related third parties. Furthermore, the may processing of personal data be necessary to: (a) your protect security and public safety and our and (b) protect and, if necessary, enforce your and our rights.
    • To comply with legal provisions, regulatory obligations or to respond to enquiries from the public sector.
    • For the purpose of carrying out marketing communication of Spiele-Palast GmbH, which is carried out Marketing communication includes communication via exclusively on the basis of voluntary consent or consent to the corresponding processing of your personal data. e-mail or chat messages, possibly also via messengers of possible third-party providers or by post.

Legal basis: Art. 6 para. 1 lit. a, b, c GDPR

  • Data about your gaming behavior and your use of the services offered by us
    such as activity and transaction data, stakes, game results, player account balance, etc.

Purpose:

    • To use the website or app of the registered player account and the services offered.
    • For the purpose of making payments with the help of financial institutions and/or payment service providers.
    • Provision of customer support services, regardless of the chosen form of contact (e-mail correspondence, chat, etc.).
    • To protect Spiele-Palast GmbH and the rights of the data subject, the controller, the processor or affiliated third parties. Furthermore, the processing of personal data may be required to: (a) protect your, our and public safety and (b) protect and, if necessary, enforce your and our rights.
    • To improve the services and functionality of the website or app.
    • To comply with legal provisions, regulatory obligations or to respond to enquiries from the public sector.
    • For the purpose of conducting marketing communication of Spiele-Palast GmbH, which is based exclusively on voluntary consent or consent to the corresponding processing of your personal data. Marketing communication includes communication via email or chat messages, possibly also via messenger of possible third-party providers or by post.

Legal basis: Art. 6 para. 1 lit. a, b, c, f GDPR

  • Account settings data
    such as whether you have subscribed to the newsletter, data on participation in advertising campaigns and set preferences, etc.

Purpose:

    • To use the website or app of the registered player account and the services offered.
    • Provision of customer support services, regardless of the chosen form of contact (e-mail correspondence, chat, etc.).
    • To protect Spiele-Palast GmbH and the rights of the data subject, the controller, the processor or related third parties. Furthermore, the may processing of personal data be necessary to: (a) your protect security and public safety and our and (b) protect and, if necessary, enforce your and our rights.
    • To improve the services and functionality of the website or app.
    • For the purpose of conducting marketing communication of Spiele-Palast GmbH, which is based exclusively on voluntary consent or consent to the corresponding processing of your personal data. Marketing communication includes communication via email or chat messages, possibly also via messenger of possible third-party providers or by post.

Legal basis: Art. 6 para. 1 lit. a, b, c GDPR

  • Technical device and access information
    such as device ID, operating system, user agent, IP address, referrer, geo-location data, etc.

Purpose:

    • To use the website or app of the registered player account and the services offered.
    • For the purpose of making payments with the help of financial institutions and/or payment service providers.
    • Provision of customer support services, regardless of the chosen form of contact (e-mail correspondence, chat, etc.).
    • To protect Spiele-Palast GmbH and the rights of the data subject, the controller, the processor or related third parties. Furthermore, the may processing of personal data be necessary in order to: (a) your protect security and public safety and our and (b) protect and, if necessary, enforce your and our rights.
    • To improve the services and functionality of the website or app.
    • To comply with legal provisions, regulatory obligations or to respond to enquiries from the public sector.
    • For the purpose of carrying out marketing communication of Spiele-Palast GmbH, which is carried out exclusively on the basis of voluntary consent or consent to the corresponding processing of your personal data.

Legal basis: Art. 6 para. 1 lit. a, b, c, f GDPR

  • Partner information
    such as advertising banners that you have clicked on to reach us

Purpose:

    • To use the website or app of the registered player account and the services offered.
    • Provision of customer support services, regardless of the chosen form of contact (e-mail correspondence, chat, etc.).
    • To protect Spiele-Palast GmbH and the rights of the data subject, the controller, the processor or related third parties. Furthermore, the may processing of personal data be necessary to: (a) your protect security and public safety and our and (b) protect and, if necessary, enforce your and our rights.
    • To improve the services and functionality of the website or app.
    • For the purpose of conducting marketing communication of Spiele-Palast GmbH, which is based exclusively on voluntary consent or consent to the corresponding processing of your personal data. Marketing communication includes communication via email or chat messages, possibly also via messenger of possible third-party providers or by post.

Legal basis: Art. 6 para. 1 lit. a, b, c, f GDPR

6. Processing of chat data

Our online games offer the opportunity to communicate directly with other players and friends. We differentiate between three types of chat:

  • Public chats at the game table: These chats are visible to all users. Inappropriate language is automatically recognized here, which can lead to a warning or a temporary ban for the player.
  • Club chats: These are only visible to members of the respective club.
  • Private chats: These messages can only be viewed by the selected recipient.

We store chat logs for public chats at the game table and for club chats, but not for private chats. The chat logs are automatically deleted after 30 days. The legal basis for the processing of this data is Art. 6 para. 1 sentence 1 lit. b GDPR.

If there is a legitimate interest, e.g. in the case of insults or other irregular or criminal behavior, we reserve the right to store individual chats for longer. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our interest to protect our players from offensive and inappropriate comments.

7. Blog comment function

Our websites and apps offer you the opportunity to leave public comments on our blogs. For this purpose, we collect your name or your freely chosen pseudonym and your e-mail address. Optionally, you can enter the URL of your homepage.

Please note that comments are not editorially checked before publication. However, we carry out random checks and reserve the right to delete illegal content.

As we can be held liable for illegal comments under certain circumstances, we also store your IP address. This is automatically deleted or anonymized after 30 days. It is stored solely for the purpose of contacting you if a third party claims that their rights have been infringed by your comment (e.g. in the case of an insult). It also serves to prevent future infringements. Your e-mail address may also be used to contact you in connection with your comment. However, it will not be used for advertising purposes. The legal basis for processing is Art. 6 para. 1 lit. f GDPR for the prevention and prosecution of legal violations.

8. Duration of data storage and data erasure

Spiele-Palast GmbH will delete your personal data if the purpose for which it was stored no longer applies. The above data is mandatory for the use and implementation of the website or app, as well as for the fulfilment of the terms and conditions. However, it is conceivable that further storage may result from European or national laws, ordinances or other regulations to which Spiele-Palast GmbH is subject. Such data is only deleted when the corresponding storage periods, which result from the previously mentioned legal sources, have ended. The only exception to this is when the stored data is required for the fulfilment or conclusion of a contract. For example, storage periods of up to ten years are legally required for certain data due to tax regulations.

The data mentioned are also temporarily stored in internal log files for the purposes described above in order to compile statistical information on the use of our website or app, to further develop our website or app with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and to maintain our website or for general administrative purposes. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

The log files are stored for 30 days and archived after subsequent anonymization by means of shortening, so that it is subsequently no longer possible to establish a reference to individual users.

9. Place of processing

Your personal data will be processed by Spiele-Palast GmbH exclusively in data centers in the Federal Republic of Germany. Our partners process personal data in the context of fulfilling the contract with us at all times in accordance with the provisions of the GDPR in Germany and abroad. Even if personal data is processed outside the borders of the European Economic Area, it is ensured at all times that the processing of personal data by, for or on behalf of Spiele-Palast GmbH meets the requirements of the GDPR. This applies in particular to the use of services located in third countries such as the USA (e.g. through providers such as Google or Meta). When transferring personal data to recipients in third countries that do not provide an adequate level of data protection in accordance with the GDPR, we ensure that appropriate safeguards are in place to ensure the security and confidentiality of your data.

10. Use of cookies

We use cookies and similar technologies on our website and in our app to improve the user experience, provide and analyze our services, and display personalized advertising. Cookies are small text files that are stored on your device and contain information about your use of our platform.

a) Types of cookies and purposes of processing

  • Essential cookies: These are necessary to ensure the basic functions of the website and app, such as navigation and access to secure areas. Without these cookies, the website or app cannot function properly.
  • Functional cookies: These enable us to save settings such as language or game preferences in order to offer you a personalized user experience.
  • Analysis and performance cookies: These help us to understand how our users interact with the platform by collecting anonymized information. This allows us to continuously improve the performance and user-friendliness of our services.
  • Advertising and marketing cookies: These cookies are used to show you relevant adverts and measure the success of our marketing campaigns.

b) Legal basis of the processing:

Essential cookies are processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, as they are necessary for the operation of the website and app.

For all other cookies, we ask for your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our cookie settings.

c) Cookie settings and withdrawal of consent:

You can adjust your cookie settings at any time in our cookie banner or in the settings of your browser or app usage and revoke your consent. Please note that deactivating certain cookies may limit the functionality of the platform.

III. Information on the necessary data processing and transmission

Login & identity services

1. Identification as part of the registration process

a) Description and scope of data processing

Registration is required to participate in the online games offered by Spiele-Palast GmbH. Here there is either the option of direct registration by means of an e-mail address, a freely selectable game name and a password and there is the option of voluntarily uploading a profile picture, which is stored and processed by Spiele-Palast GmbH. In addition, the IP address is stored.

Alternatively, registration via Facebook Sign In is possible, so that Spiele-Palast GmbH transfers the data to Meta Platforms Ireland as part of the registration process.

If you use the registration via Facebook and thus establish a link, Spiele-Palast GmbH receives the following information from Facebook about you:

  • Public profile (e.g. name, age, profile picture, gender)
  • Friends list (optional)
  • E-mail address (optional)

When using the services of Meta Platforms Ireland, it is not excluded that the data will be transferred both within the EU and to the USA. Meta Platforms Ireland is part of Meta Platforms Inc. based in the USA. Meta Platforms Inc. is a participant in the EU-U.S. Data Privacy Framework and is committed to ensuring an adequate level of data protection in accordance with the requirements of the GDPR.

The data will not be passed on to other third parties unless there is a legal obligation to do so. The data is used exclusively for personalized customer communication and internal analysis purposes.

b) Legal basis for data processing

Firstly, this data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
On the other hand, they are also part of the necessary pre-contractual measures within the meaning of Art. 6 para. 1 lit. b GDPR, which are the prerequisite the services of Spiele-Palast GmbH for being able to use .
The legal basis for the storage of the image is Art. 6 para. 1 lit. b) GDPR. The legal basis for the storage of the IP address is Art. 6 para. 1 lit. f) GDPR.

c) Purpose of data processing

The processing is for the purpose of participating in the online games offered by Spiele-Palast GmbH, as well as for storing the country of origin of the IP address used for registration in order to be able to statistically record the reach of Spiele-Palast GmbH.

We only use your name and profile picture from your public Facebook profile to create your account. We use your friends list to display your Facebook friends in the game if they are also registered with us.

d) Right of cancellation, objection and removal

If, at a later date, you wish to remove the link between your Facebook member account and one of our online games, you can do so within your Facebook profile by removing the respective online game.

Analysis & Tracking

2. Adjust GmbH

a) Description and scope of data processing

Spiele-Palast GmbH uses the services of adjust GmbH to analyze and optimize its marketing measures and to measure the success of advertising campaigns. adjust GmbH, based in Saarbrücker Str. 37A, 10405 Berlin, Germany, offers a mobile analytics tool that records and analyses the interactions of users within the mobile apps of Spiele-Palast GmbH.

The data collected includes installation sources, interaction data, device information (such as operating system, device model and advertising ID) and usage events within the apps. This enables better allocation of marketing measures and optimization of advertising strategies.

adjust GmbH processes this data exclusively on behalf of Spiele-Palast GmbH and in accordance with the provisions of the GDPR. The data processing is pseudonymized and in compliance with the applicable data protection regulations. The data will not be passed on to uninvolved third parties. However, it is possible that the data may be transferred within the EU and to third countries, provided that an adequate level of data protection is ensured there.

b) Legal basis for data processing

The legal basis for the processing of data by adjust GmbH is the consent of the user in accordance with Art. 6 para. 1 lit. a) GDPR, provided that such consent was obtained when using the app. In cases where processing is necessary for the fulfilment of a contract or to protect the legitimate interests of Spiele-Palast GmbH, it is carried out on the basis of Art. 6 para. 1 lit. b) or lit. f) GDPR.

c) Purpose of data processing

The data is collected and processed to analyze and improve the marketing strategies of Spiele-Palast GmbH, to measure the efficiency of advertising campaigns and to provide an optimized user experience within the apps. The processing also serves to recognize and prevent misuse or fraudulent activities.

d) Duration of storage

The data collected will only be stored for as long as is necessary to fulfil the stated purposes. The data will be deleted or completely anonymized at the latest after expiry of statutory retention obligations or after withdrawal of consent.

e) Right of cancellation, objection and removal

Users have the option to withdraw their consent to the processing of their data at any time. To do so, they can adjust the data protection settings in the app or contact Spiele-Palast GmbH or adjust GmbH directly. It is also possible to reset device-related advertising IDs or to restrict data collection by making the appropriate settings on the end device.

It is not possible to deactivate performance measurement separately, so in this case the entire processing of usage data within the Spiele-Palast GmbH apps must be prevented.

3. Google Analytics

a) Description and scope of data processing

Spiele-Palast GmbH uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to user behaviour on analyse and thereby optimise our offering. Cookies are stored on the user’s end device, which to analyse the use of the website our websites and in our apps enable us by the user. The information generated by the cookie about the use of the website or app or app (including the shortened IP address of the user) is usually transmitted to a Google server in the USA and stored there.

We only use Google Analytics with activated IP anonymization (” anonymizeIp()” function). This means that the IP address of Google users within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area is shortened before being transmitted to the USA in order to exclude the possibility of direct personal identification. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google Analytics processes the following data in particular:

  • IP address (anonymized)
  • Usage data (e.g. pages visited, interactions, length of visit)
  • technical information (e.g. browser type, operating system)
  • Referral URL (previously visited page)
  • Location data (based on the anonymized IP address)
  • Google Analytics uses this information on our behalf to analyze the use of the website and/or app, to compile reports on website and app activities and to provide further services to Spiele-Palast GmbH associated with the use of the website and app and of the internet.

The data will not be passed on to other third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The legal basis for the use of Google Analytics is the consent of the user in accordance with Art. 6 para. 1 lit. a) GDPR. This consent is via the on the websites and in the apps obtained and recorded cookie banner integrated.

c) Purpose of data processing

The processing of users’ personal data by Google Analytics serves to analyze user behavior and optimize our websites and apps. This allows us to make our content more user-friendly and better customize our offers to the needs of our players.

d) Duration of storage

The data stored by Google Analytics is anonymized and automatically deleted after 14 months at the latest. Further information on the storage period can be found in the Google Analytics privacy policy.

e) Right of cancellation, objection and removal

Users can revoke their consent to the use of Google Analytics at any time with effect for the future by adjusting the cookie settings on our website or in our app accordingly or by downloading and installing the browser add-on to deactivate Google Analytics.

Alternatively, the storage of cookies can be prevented by a corresponding setting in the browser software. In this case, however, not all functions of the website or app could be fully usable.

4. Google Analytics Firebase

a) Description and scope of data processing

Spiele-Palast GmbH uses Google Analytics Firebase to analyze user behavior within the mobile apps and websites of Spiele-Palast GmbH. Google Analytics Firebase is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics Firebase is used to collect and analyze pseudonymized usage data such as app interactions, session duration, crash reports and demographic information (e.g. language settings and device information).

For this purpose, Google Analytics Firebase uses so-called tracking and analysis technologies, such as software development kits (SDKs) and cookies, which enable the user to be recognized when they visit the website again or use the app. In particular, the following data is processed:

  • Usage data (e.g. pages visited, app interactions, dwell time)
  • Device information (e.g. operating system, device model)
  • Location data (if this has been authorized by the user)
  • IP address (in anonymized form)

The data is transferred to Google servers and stored there. A transfer of the data to the USA cannot be ruled out. Google is a participant in the EU-U.S. Data Privacy Framework and is committed to ensuring an adequate level of data protection in accordance with the requirements of the GDPR.

The data collected will not be merged with other data sources. The data will not be passed on to third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The legal basis for the use of Google Analytics Firebase is Art. 6 para. 1 lit. a) GDPR if the user has given consent. This consent is obtained when the app is started for the first time or when the website is visited by means of a corresponding notice and a selection option (opt-in).

c) Purpose of data processing

Personal data is processed for the purpose of analyzing user behavior in order to improve and optimize the offer and functionalities of the apps and websites of Spiele-Palast GmbH. This includes, in particular, analyzing errors, monitoring performance and adapting content to user requirements.

d) Duration of storage

The data collected by Google Analytics Firebase is anonymized and automatically deleted after 14 months. Aggregated reports do not contain any personal data and are stored permanently so that long-term analyses and developments can be tracked.

e) Right of cancellation, objection and removal

The user has the option to revoke their consent to data processing at any time with effect for the future. This can be done in the app’s privacy settings or via the device settings (deactivation of tracking and analysis). The user can also prevent tracking by installing the “Google Analytics Opt-out Browser Add-on”.

Subsequent anonymization or deletion of data already collected takes place automatically in accordance with the specified storage period.

5. Unity Technologies

a) Description and scope of data processing

Spiele-Palast GmbH uses the Unity engine and the associated services of Unity Technologies, provided by Unity Technologies SF, 30 3rd Street, San Francisco, CA 94103, USA, to provide and improve its game apps and online services. Unity Technologies acts as a processor in accordance with Art. 28 GDPR.

When using the games, various technical and device-related data may be collected, including

  • IP address of the end device
  • Device information (e.g. model, operating system, language settings)
  • Usage data (e.g. game progress, interactions within the app, session duration)
  • Performance data (e.g. error reports, crashes, loading times)

This data is processed for the provision of gaming services, error analysis and to improve the user experience. Unity may also use certain anonymized or pseudonymized data for analysis purposes and to optimize its own services.

Data transfer to the USA or other third countries is not excluded. Unity Technologies is a participant in the EU-U.S. Data Privacy Framework and is committed to ensuring an adequate level of data protection in accordance with the requirements of the GDPR.

The data collected will not be passed on to other third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The data is processed on the basis of Art. 6 para. 1 lit. f) GDPR (legitimate interest). The legitimate interest lies in ensuring the functionality of the games and improving the user experience. Insofar as consent is required (e.g. for personalized advertising), processing is carried out on the basis of Art. 6 para. 1 lit. a) GDPR.

c) Purpose of data processing

The processing of personal data serves to provide and improve the gaming apps and to analyze technical performance in order to ensure a stable and secure gaming experience.

d) Duration of storage

The data is only stored for as long as is necessary to fulfil the above-mentioned purposes. Technical and performance data are regularly anonymized or deleted as soon as they are no longer required for the analysis.

e) Right of cancellation, objection and removal

Players can object to the processing of their personal data or withdraw their consent at any time. It is possible to deactivate certain data collection in the game settings. Alternatively, a request for data deletion can be made via the Spiele-Palast GmbH support team. However, the functionality of the games may be restricted if certain data collection is deactivated.

Advertising & Marketing

6. Facebook App Events / Pixel

a) Description and scope of data processing

Spiele-Palast GmbH uses Facebook Pixel and Facebook App Events from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Meta’) on its websites and in its apps. These tools enable us to track the behavior of users when they have been redirected to our website by clicking on a Facebook ad or have installed and used our app. This allows us to evaluate the effectiveness of our Facebook ads for statistical and market research purposes and to optimize future advertising efforts.

The following data is collected via Facebook Pixel and Facebook App Events:

  • Visited websites and content within the app
  • Usage behavior (e.g. installations, app starts, in-app purchases)
  • IP address of the user
  • Information about the browser or end device used
  • Referrer URL (original website)

This data is processed by Meta and can be linked to the user’s Facebook account. Spiele-Palast GmbH does not receive any personal data of individual users, but only aggregated reports on the target groups and the performance of the adverts.

Meta may use the data for its own purposes, in particular for profiling and personalized advertising. Further information on data processing by Meta can be found in Meta’s privacy policy: https://www.facebook.com/about/privacy.

The data will not be passed on to other third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The legal basis for the use of the Facebook Pixel and Facebook App Events is the consent of the user in accordance with Art. 6 para. 1 lit. a) GDPR. This consent is obtained via the cookie or tracking banner when you first visit our website or install and use our app and can be withdrawn at any time with effect for the future.

c) Purpose of data processing

Data processing is carried out for the purpose of analyzing user behavior, measuring the success of our Facebook ads and optimizing future marketing measures. This allows us to target our advertising campaigns to user groups that show a higher level of interest in our offers.

d) Duration of storage

The data collected by the Facebook Pixel and Facebook App Events are stored and processed by Meta. The storage period depends on Meta’s specifications and the settings in the user’s Facebook account. Spiele-Palast GmbH has no influence on the storage period of this data. Aggregated and anonymized reports are stored for as long as they are required for the analysis and optimization of our advertising measures.

e) Right of cancellation, objection and removal

Users can revoke their consent to the use of Facebook Pixel and Facebook App Events at any time with effect for the future by the cookie settings on our changing website or in the app or by making the appropriate settings in their Facebook account.

In addition, users can use the opt-out page of the Network Advertising Initiative or the European website of the Digital Advertising Alliance to deactivate the collection of their data by Facebook for personalized advertising.

7. Google Ads Conversion Tracking & Remarketing

a) Description and scope of data processing

Spiele-Palast GmbH uses Google Ads conversion tracking and remarketing on its websites and in its apps. Google Ads is an online advertising program provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Ads conversion tracking to measure the effectiveness of our advertising and optimize our online offering. When you click on an ad placed by Google, a conversion tracking cookie is stored on your device. These cookies are valid for 30 days and are not used for personal identification. If you visit certain pages of our website or app and the cookie has not yet expired, Google and Spiele-Palast GmbH can recognize that you clicked on the ad and were redirected to this page.

The conversion cookie is used to collect the following data, among others:

  • Number of users who have clicked on an advert
  • Information about completed orders or other conversion actions (e.g. registration, enquiries)
  • Your IP address (in anonymized form)

In addition to conversion tracking, we use Google Ads Remarketing to display targeted advertising on other websites in the Google partner network to users who have already visited our website or app. To do this, cookies are placed on your device that enable your browser to be recognized.

The information collected by the cookies is usually transferred to a Google server in the USA and stored there. Google is a participant in the EU-U.S. Data Privacy Framework and is committed to ensuring an adequate level of data protection in accordance with the requirements of the GDPR.

The data will not be passed on to other third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The legal basis for the use of Google Ads conversion tracking and remarketing is your consent pursuant to Art. 6 para. 1 lit. (a) GDPR, which you in the context of the cookie banner on our websites give or apps.

c) Purpose of data processing

Personal data is processed for the following purposes:

  • Measuring and analyzing the effectiveness of advertising measures
  • Optimization of our websites, apps and advertising campaigns
  • Placement of interest-based advertising to increase reach and customer loyalty

d) Duration of storage

The cookies lose their validity after 30 days and are not used for personal identification. The data collected is stored in anonymized form and deleted after the statutory retention periods have expired.

e) Right of cancellation, objection and removal

You can revoke your consent at any time with effect for the future by the settings in the cookie banner on our websites changing or by preventing the storage of cookies by setting your browser software accordingly. You can also deactivate personalized advertising by Google by clicking on the following deactivate link.

Further information on data protection at Google can be found in Google’s privacy policy.

8. Google AdMob

a) Description and scope of data processing

Spiele-Palast GmbH uses the Google AdMob advertising service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, in its apps. Google AdMob is used to display adverts in our apps and helps us to generate advertising revenue to finance our services.

Google AdMob uses cookies and similar tracking technologies to display personalized or contextual advertising.

The following data, among others, is processed:

  • Information about the device used (e.g. device type, operating system, language settings)
  • Advertising ID of the end device (e.g. Google Advertising ID)
  • IP address (will be anonymized)
  • App usage and interactions with the displayed adverts
  • Location data (if corresponding authorizations have been granted)

The data collected may be used by Google to create profiles and for personalized advertising. Further information on data processing by Google can be found in Google’s privacy policy.

The data will not be passed on to other third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The legal basis for the use of Google AdMob is the user’s consent in accordance with Art. 6 para. 1 lit. a) GDPR. This consent is obtained via the consent management tool when the app is first launched and can be revoked at any time with effect for the future.

c) Purpose of data processing

The processing of personal data by Google AdMob is carried out for the following purposes:

  • Placement of personalized or context-related advertisements
  • Analysis of advertising performance to optimize advertisements
  • Financing our app offering through advertising revenue

d) Duration of storage

The storage duration of the collected data is based on Google’s specifications and the user’s settings in their Google account. As a rule, pseudonymized data is stored for as long as it is required for advertising purposes. Spiele-Palast GmbH has no direct influence on the storage duration of the data at Google.

e) Right of cancellation, objection and removal

Users can revoke their consent to the use of Google AdMob at any time with effect for the future by changing the settings in the app’s consent management tool.

In addition, users can deactivate personalized advertising from Google by the appropriate settings in the Google advertising settings making under the following link.

Payment processing

9. Payment provider

a) Description and scope of data processing

Spiele-Palast GmbH works with the following payment providers and payment service providers:

  • Adyen N.V. (Naamloze Vennootschap), Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, The Netherlands
  • Amazon Media EU S.à r.l. (Société à responsabilité limitée), 5 Rue Plaetis, L-2338 Luxembourg
  • Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland
  • DaoPay GmbH, Hackhofergasse 5/14, 1190 Vienna, Austria
  • Facebook Payments International Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, 2 Ireland
  • Google Payment Limited, Belgrave House, 76 Buckingham Palace Road, London SW1W 9TQ, United Kingdom
  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America
  • PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg
  • Valve Corporation, 10500 NE 8th Street, Suite 1000, Bellevue, WA 98004-4345, United States of America
  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America

b) Legal basis for data processing

First of all, this data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, furthermore the fulfilment of contractual obligations between you, Spiele-Palast GmbH and the other listed payment providers or payment service providers, existing contracts represent the legal basis for data processing.

c) Purpose of data processing

It is only possible to make a deposit into your player account by submitting your personal data.

Duration of storage

The listed payment providers and/or payment service providers, as well as Spiele-Palast GmbH, delete your personal data once the payment transaction has been successfully completed, provided that no legal obligations stipulate a longer retention period.

Server & backend services

10. Amazon Web Services

a) Description and scope of data processing

Server services of Amazon Web Services EMEA SARL, are 38 Avenue John F. Kennedy, L-1855 Luxembourg (“AWS”) used to host the website and the app. When you visit our website or use our app, connection data such as your IP address, date and time of the request, transferred data volumes and information about your browser and operating system are automatically processed. This data is by stored on our behalf in order to the operation of the AWS ensure and to guarantee its functionality. website or app Data processing by AWS takes place in a data center within the EU. In exceptional cases, the parent company of AWS (Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109, USA) may also access the data for maintenance purposes. In the event that data must be transferred to the USA, Amazon Web Services, Inc. has made a contractual commitment to us to ensure an appropriate level of data protection in accordance with the EU standard contractual clauses.

Further information can be found in the AWS privacy policy.

The data will not be passed on to other third parties unless there is a legal obligation to do so.

b) Legal basis for data processing

The legal basis for the use of AWS as a processor is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in a stable and secure infrastructure for the operation of the websites and apps providing Spiele-Palast GmbH. If the user’s consent is required, the processing is carried out on the basis of Art. 6 para. 1 lit. a) GDPR.

c) Purpose of data processing

The processing of personal data by AWS is carried out for the purpose of providing and managing the websites and apps of Spiele-Palast GmbH, including hosting, storage and backup of data, as well as for maintaining IT security and the technical functionality of the websites and apps.

d) Duration of storage

The data is only stored for as long as is necessary to fulfil the respective processing purposes. As soon as the purpose of data storage no longer applies, the data is deleted or anonymized.

e) Right of cancellation, objection and removal

Data subjects have the right to object to the processing of their personal data at any time on grounds relating to their particular situation (Art. 21 GDPR). If the processing is based on consent, this consent can be withdrawn at any time with effect for the future.

Players can assert their rights by contacting the data protection officer of Spiele-Palast GmbH. In this case, the stored personal data will be deleted, provided there are no statutory retention obligations.

Communication & Support

11. Braze CRM Tool

a) Description and scope of data processing

Spiele-Palast GmbH uses the CRM tool “Braze” from Braze, Inc, 330 West 34th Street, New York, NY 10001, USA, to personalize and optimize customer communication. Braze enables us to send personalized messages to our players, whether by email, push notification or in-app message. Information such as user behavior, gaming activities and communication preferences are processed to provide relevant content.

The following data is collected and processed when you use Braze:

  • E-mail address
  • User ID
  • Device data (e.g. operating system, app version)
  • Usage data within the games (e.g. game history, purchases, interactions with messages)
  • Communication history (e.g. sending and opening messages)

Data processing takes place on Braze’s servers. It cannot be ruled out that data will be transferred both within the EU and to the USA. Braze is a participant in the EU-U.S. Data Privacy Framework and is committed to ensuring an adequate level of data protection in accordance with the requirements of the GDPR.

The data will not be passed on to other third parties unless there is a legal obligation to do so. The data is used exclusively for personalized customer communication and internal analysis purposes.

b) Legal basis for data processing

The legal basis for the processing of the data is the consent of the user in accordance with Art. 6 para. 1 lit. a) GDPR. If the processing is necessary for the fulfilment of the contract, it is carried out in accordance with Art. 6 para. 1 lit. b) GDPR.

c) Purpose of data processing

Data processing by Braze serves the purpose of improving the user experience, the targeted provision of relevant information and the optimization of customer communication by Spiele-Palast GmbH.

d) Duration of storage

The data is stored for as long as it is required to fulfil the purpose for which it was collected. Users can withdraw their consent at any time, as a result of which their data will be deleted from the Braze system or anonymized.

e) Right of cancellation, objection and removal

Users have the option of withdrawing their consent to the processing of personal data at any time. This can be done via the settings in the user account or by sending a corresponding enquiry to the Spiele-Palast GmbH support team. In this case, the data stored in Braze will be deleted or anonymized.

It is not possible to reject performance measurement separately, meaning that all communication must be deactivated in this case. Existing statutory retention obligations remain unaffected by this.

Consent Management

12. CookieYes (Consent Management Software)

a) Description and scope of data processing

Our websites use CookieYes, a consent management software, CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, to obtain and manage user consent to the storage of cookies in accordance with the GDPR. CookieYes uses cookies to store and manage user consent preferences. As soon as you start visiting our website CookieYes checks which cookies and tracking technologies are active on your device and displays a consent banner where you can indicate your preferences. Your IP address, information about your browser, your language settings and your consent preferences are processed and stored in anonymized form.

b) Legal basis for data processing

Data processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR, as we are legally obliged to obtain and document user consent for the use of cookies and other tracking technologies. In addition, the processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to ensure legally compliant and user-friendly administration of consents.

c) Purpose of data processing

The purpose of data processing is to obtain and manage consent to the use of cookies and other technologies on our website or app in accordance with applicable data protection laws. CookieYes helps us to comply with the legal requirements of the GDPR and to document the consent preferences of our users.

d) Duration of storage

The consent data collected (anonymized IP address, consent status) is stored for a period of 12 months to fulfil legal obligations to provide evidence. At the end of this period, the data is automatically deleted.

e) Right of cancellation, objection and removal

You can change or withdraw your consent to the processing of cookies at any time by the cookie settings on our accessing and adjusting your preferences. You can also block or delete cookies via your browser settings. Further information on data protection at website CookieYes can be found here.

App usage

13. Push notifications

a) Description and scope of data processing

Our apps use push notifications for iOS and Android to inform users about important events. The push notifications can be deactivated at any time in the settings of the respective operating system.

Push notifications are used, for example, to remind users of the daily bonus or to notify them of the start of a tournament for which they have registered. In addition, our apps use remote push notifications to inform users about events that cannot be predicted directly in the app, e.g. when another player buys a gift or a sale takes place.

For the provision of remote push notifications, we use the services of Google (Firebase Cloud Messaging) and Apple (Apple Push Notification Service). Device-specific identifiers are processed to send the messages specifically to the corresponding end devices. No further processing of the data by third-party providers takes place.

b) Legal basis for data processing

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to inform users about relevant events within the app and to improve the user experience.

c) Purpose of data processing

The data is processed to provide users with targeted notifications about events within the app that may be of interest to them. This includes both game-related notifications and information on relevant actions within the app.

d) Duration of storage

The device-specific identifiers used for the push notifications are stored for as long as the app is installed on the respective end device and push notifications have not been deactivated. As soon as the app is uninstalled or push notifications are deactivated, the stored identifiers are deleted.

e) Right of cancellation, objection and removal

Users have the option of deactivating push notifications in their operating system settings at any time:

iOS:

  1. Open the iOS “Settings” application.
  2. Select the “Messages” menu item.
  3. Select the relevant app from the list of installed applications.
  4. Here you can activate or deactivate push notifications.

Android:

  1. Open the “Settings” application in the Android operating system.
  2. Select the “Notifications” menu item under “Sounds and notifications”.
  3. Select the relevant app from the list of installed applications.
  4. Here you can activate or deactivate push notifications.

The names of the menu items may vary slightly depending on the Android version used.

14. Special authorizations

a) Description and scope of data processing

Our apps require certain authorizations to provide you with full functionality. Depending on the operating system used, different access rights may be required. The authorizations listed below will only be activated with your express consent.

iOS:

  • Push notifications: By agreeing to the use of push notifications, you enable the app to notify you of certain events (e.g. special offers, tournament starts) even when the app is not open. These notifications may take the form of sounds, messages or icon labels.
  • Mobile data: This authorization allows the app to download and update content via mobile data connections if no WLAN connection is available.
  • Access to media: This authorization is required if you want to upload an avatar. Authorization is requested at the respective moment and can be declined.

Android:

  • In addition to the standard authorizations for operating the app (such as Internet access or vibration control), the following authorizations are requested:
  • Access to media: This authorization allows you to upload an avatar. Authorization is requested during the respective action and can be declined.

b) Legal basis for data processing

The data collected is processed on the basis of Art. 6 para. 1 lit. a GDPR if you have given your consent to use certain functions. If the authorizations are required for the operation of the app, the processing is based on Art. 6 para. 1 lit. b GDPR.

c) Purpose of data processing

The authorizations are necessary to ensure the full functionality of the app and to enable you to use it smoothly. This includes the provision of push notifications, the ability to use mobile data and the uploading of media content.

d) Duration of storage

The data collected as part of the authorizations is only stored for as long as is necessary for the respective function. As soon as you withdraw the authorizations or uninstall the app, no further data will be processed.

e) Right of cancellation, objection and removal

You can change or revoke the authorizations granted at any time in the settings of your mobile operating system. You also have the option of deactivating certain functions without restricting the general use of the app. Further information on managing authorizations can be found in the privacy settings of your device.

IV. Information on the protection of your data and your rights

1. Your rights as a data subject

a) Right to information (Art. 15 GDPR)
You have the right to be informed about whether and which of your personal data we process. In accordance with the GDPR, we will provide you with a summary of the personal data on request. In accordance with the GDPR, we have a 30-day period to respond to your request for information.

b) Right to rectification (Art. 16 GDPR)
If you inform us that data processed by us is incorrect or incomplete, we will correct it immediately after a positive check.

c) Right to erasure (Art. 17 GDPR)
We will delete personal data immediately upon request, if none of the reasons stated in Art. 17 GDPR conflict with this. Data can only be erased for the future

d) Right to restriction of processing (Art. 18 GDPR)
If you so wish, we will restrict the processing of your data if one of the conditions specified in this provision applies.

e) Right to notification (Art. 19 GDPR)
We inform recipients (e.g. contract data processors) of personal data requests received if we have received a request to correct, restrict or delete your personal data.

f) Right to data portability (Art. 20 GDPR)
Upon request, we will provide your data in a commonly used, machine-readable format and transfer your personal data to another controller upon request.

g) Right to object (Art. 21 GDPR)
You can also object to the processing of personal data concerning you if this is based on certain legal legitimization bases (e.g. Art. 6 para. 1 lit. e or f GDPR), if there is a justification within the meaning of this provision.

h) Right of revocation (Art. 7 GDPR)
You have the right to withdraw your consent(s) at any time with effect for the future in accordance with Art. 6 para. 1 lit. a GDPR.

i) Right in the case of an automated decision (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling.

j) Right to lodge a complaint with supervisory authorities (Art. 77 GDPR)
If you believe that the processing of your data violates the provisions of the GDPR or that your data protection rights have otherwise been violated in any way, you can contact your competent data protection authority (see point I 3. above) or another supervisory authority at any time. – An overview of the supervisory authorities in the Federal Republic of Germany can be found at
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

V. Changes to this privacy policy

This data protection declaration may be amended due to new legal requirements. Spiele-Palast GmbH therefore recommends that the user regularly check this data protection declaration for possible changes and/or additions.