Privacy Statement for Mobile Apps

We, the upjers GmbH (Ltd.) seated in Hafenstraße 13, 96052 Bamberg, Germany, are a developer and publisher of games for mobile devices (our “game apps”), which are made available in app stores such as the iTunes App Store, Google Play Store, Amazon App Store and Windows Store (hereafter referred to as “distribution platforms”). We are responsible for the provision of apps and related services (such as the support, our website, contests, newsletters, advertisement, etc.) (collectively “services”) and the processing of data.

In the following data privacy statement, you'll learn what we do with your data – so called personal data – and why. We will also tell you how we protect your data, when data will be deleted, and which rights you have thanks to data privacy protection.

Up front: We adhere to the data protection laws and protect your sphere of personal privacy to the best of our abilities. But we also want to be completely honest: the internet lives off data exchange and has many security leaks. Even though your data is encrypted while you are visiting our website, there is always a remaining risk, which can stem from interaction with other websites. If you visit a different website, for example, via a link on our website, please be aware that this data protection declaration will not apply to that external website.

Responsible for the provision of game apps:

upjers GmbH
Hafenstraße 13
96052 Bamberg
Germany

Contact:
Telephone: +49 (0)951/5109080
Fax: +49 (0)951/510908102
E-Mail: mail@upjers.com
Customer Support:
Support Form: https://support.upjers.com/en/start
E-Mail: support@upjers.com

You can also reach our data protection officer through the contact details listed above. If you have specific questions regarding your data, data deletion or your rights, you can contact our data protection officer directly at datenschutzbeauftragter@upjers.com. If you contact us in written form, it will suffice to include the subject “Data Privacy Protection”, for it to be directed to the correct recipient.

You can contact us any time if you have questions regarding your data protection rights or want to assert any of your following rights:

• Right of revocation according to Article 7 Paragraph 3 GDPR (for example, you can turn to us in case you would like to revoke a formerly given agreement for a newsletter)
• Right of information according to Article 15 GDPR (for example, you can turn to us if you want to know which data of yours we have stored)
• Rectification according to Article 16 GDPR (for example, you can turn to us in case your e-mail has changed and you would like us to update an older e-mail address)
• Deletion according to Article 17 GDPR (for example, you can turn to us if you would like us to delete certain data about you which we have stored)
• Restriction of processing according to Article 18 GDPR (for example, you can turn to us if you want us to use your e-mail address only for sending you absolutely necessary e-mails instead of deleting your email address)
• Data Portability according to Article 20 GDPR (for example, you can turn to us in order to receive your saved data in a compacted format, for example, when you want to provide another website with your data)
• Objection according to Article 21 GDPR (for example, you can turn to us when you don't agree with promotional or analysis methods used in our services)
• Right of appeal at the controlling authority in charge according to Article 77, Paragraph 1 GDPR (for example, you can also direct your complaints straight to the Data Protection Authorities)

Unless stated otherwise, we delete your data as soon as we do not need it any more. Blocking or deletion of your data may also occur if a legally mandated storage limitation period has ended, unless there is a further need to save the data for the conclusion of a contract or a contractual performance. Certain data might have to be saved longer for legal reasons. Of course, you can contact us anytime to obtain information about the saved data.

We will take all sensible and appropriate measures to protect the personal data stored by us from abuse, loss or unauthorized access. Therefore we have taken several technical and organizational measures, including determining procedures to deal with suspected breaches of data protection regulations.

If you have reason to assume that your personal data have been lost or abused, or that an unauthorized access has taken place, please let us know this as soon as possible and turn to the contact data mentioned above!

When you play our apps, we will collect and save certain data about you, to make our games and services available, improve your game experience and provide customized offers for you (for example, certain offers in the game you might be interested in based on your playing habits):

• Device identification (hash composed of device identifier and time stamp), as well as user-related device identifiers (user IDs)
• Progress in the game and gaming behavior (for example, how fast you reached a certain level)
• In-app purchases
• Game version (for example, v1.23.111)
• Language settings (for example, German system language)
• Approximate location, based on device language and time zone
• Date and time of gaming sessions (for example, 11:45 am on May 25, 2018) *
• Operating system (for example, macOS, Android)
• Hardware (for example, Intel processor)

To protect your privacy, we delete or anonymize most technical data and identifiers in our database after each session. All other data are used exclusively for the statistical optimization of the game, displaying interest-based ads (find out more in the section “Customized Advertising”) and offering our players a customized gaming experience (e.g. adapting the game to your playing habits).

The purpose of saving these data for a limited period of time is to establish a connection to our game servers, which is necessary for the provision of our games and services and to offer you a more personal gaming experience.

The legal basis is the contract with you, according to Art. 6, para. 1 lit. b GDPR.

When you download our games as mobile apps or make in-app purchases via a distribution platform (e.g. the Apple App Store or the Google Play Store), this platform will receive certain information about your account, such as your name, device type, e-mail address and payment information. We have no influence over this data collection and are not responsible for it.

Some of our game features require access to certain features and services on your device. Depending on your operating system, it may be necessary to accept certain app permissions. We will now explain what these permissions mean:

a) iOS

Push-Notifications: When you select okay in the pop-up window 'Allow push-notifications', you allow the app to inform you about certain events in the game, even if the app isn't currently running. You will get a notification in form of sounds, messages and symbols (a picture or a number on the app icon).

Game Center: Game apps may offer a connection to Apple's Game Center service, which is subject to Apple's privacy statement. You can read up on them here: https://www.apple.com/privacy . If you use the service to get notifications about achievements, for example, the information shared by you will be visible to other users and can be read, collected and used by them. You should think about which personal information you wish to share.

b) Android

External Storage (modify or delete your external storage, read content of your external storage): These functions allow an app to temporarily store content on your device. The app will only use its own storage space – other data in the external storage will not be deleted, modified or read.

Internet Connection (retrieve internet data, full network access, show network and WiFi connections): These functions allow the app to retrieve data from the internet and determine if there is an internet connection via a WiFi network or a mobile data connection. This is meant to prevent the app from using large amounts of data, which could exhaust your data volume.

Disable Sleep Mode: This function allows the app to disable your device's sleep mode (e.g. to watch videos without the screen going dark).

To protect your privacy, all app permissions are optional, with the exception of technical permissions necessary for running the app. You can limit them at any time (by tapping on “no” or “do not accept”). You can also withdraw them later by changing the corresponding settings on your device.

The purpose of the request for app permissions is to make the gaming app available to you and to keep you posted when it comes to game updates, game-related news and notifications.

The legal basis for mandatory technical permissions is the fulfillment of a contract according to Art. 6, para. 1 lit. b GDPR. The legal basis for optional permissions is your approval according to Art. 6, para. 1, lit. a GDPR.

You have the option of contacting our customer support team. By clicking on “Support” in our games and on our sites, you will be redirected to https://support.upjers.com/en/start . You can also reach out to support@upjers.com via e-mail.

We may ask about the following:

• Username or login name
• User ID
• upjers ID
• E-mail address
• Distribution platform
• Message or support request
• Operating system (e.g. macOS, iOS, Android)
• Hardware (e.g. Intel processor)

As a security measure, all support requests are handled over an encrypted connection. We also adhere to the principle of data minimization – our support form only asks for information that is really required. Once contact has been established and the support interaction has been terminated, your data will be deleted.

Asking about this data is solely for purposes of contacting you and supporting you; the data is used exclusively for this purpose.

The legal basis is your approval (Art. 6, para. 1, lit. a GDPR).

In order to offer our users multiplayer features and the services related to that, we use the Photon Engine developed by the company Exit Games (Exit Games Inc. 121 SW Salmon ST STE 1100, Portland, Oregon 97204, USA; Exit Games GmbH, Hongkongstr. 7, 20457 Hamburg, Germany; Data Privacy Protection Contact: privacy@photonengine.com).

Exit Games provides the multiplayer middleware and the services Photon Server and Photon Cloud, which make the development of scaling, cross-platform real-time multiplayer games possible.

As a security measure, we concluded an order-processing contract with Exit Games according to Art. 28 GDPR.

The purpose of this data processing is to provide a multiplayer solution in our games.

The legal basis is the execution and fulfillment of the contract (Art. 6, para. 1 lit. b GDPR).

If applicable, we provide you with the option of using your Facebook login for registering with our app. This is a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). In doing so you can easily log in by using your Facebook account. If you choose this option, you will be redirected to the Social Media Network Facebook. There you can log in with your Facebook user data. This log in procedure stores your data and submits them to Facebook.

The Facebook login feature provides a quick registration process and also allows us to share data with Facebook. So we can adapt our services and advertisement campaigns more efficiently to your interests and needs. Information, which we receive from Facebook by this means, is public data like

• Facebook name
• Profile Photo
• A stored e-mail address
• Friend lists
• Other

In return we provide Facebook with information about your activities in our app.

By using the Facebook log in option you agree to the data processing. You can revoke your permission at any time. If you want to gather more information about the data processing executed by Facebook, you can find the Facebook data protection declaration on https://www.facebook.com/policy.php

upjers uses the service “App Store Demos” in the scope of the distribution platform Google Play. This service is provided by AppOnBoard Inc., 11620 Wilshire Blvd, Suite 370, Los Angeles, CA 90025, USA. This service allows the user to test the app in the scope of a short demo without requiring an app download.

AppOnBoard collects data about the utilization of the App Store Demo. This data includes device information, language settings, IP addresses, browser, android advertising ID, utilization period and connection, interaction. The gathered information will be transferred to and stored on a server of AppOnBoard in the USA. For further information please read the data protection declaration of AppOnBoard on https://apponboard.com/legal/privacy-policy/

As a security measure, we concluded an order-processing contract with AppOnBoard according to Art. 28 GDPR. Since AppOnBoard is located in the USA, which is a so-called third country, further guarantees for ensuring an appropriate European data protection level are required. AppOnBoard subjected to the EU standardized contractual terms and in doing so legitimated a possible data transfer to the USA.

The purpose of the data processing is the provision of a demo version which enables new customers to get an uncomplicated first impression of our gaming app.

The legal basis is your consent in accordance with Art. 6, para. 1 lit. a GDPR, which will be granted before the activation of the demo app by clicking on the "Test Now" button on the distribution service platform.

We use so-called Moblie-Tracking-Technologies to be able to constantly improve our services and to measure the level of success of advertising campaigns. We use the following services to accomplish that:

a) Adjust

The service of the company adjust GmbH, Saarbrücker Str. 38a, 10405 Berlin, Germany (https://www.adjust.com). You will find further information regarding data collecting in the data protection declaration of the adjust company: https://www.adjust.com/terms/privacy-policy/

Information which your devices transfers is collected and evaluated in the scope of the utilization of our app. The following data is collected: IP address, which will be anonymized immediately, MAC address, anonymized device ID (IDentifier For Advertisers - IDFA oder Google Advertiser ID - GAID), browser type, language, Internet Service Provider, network status, time zone, URL of the referring and exit page, utilized time and date of the access, Clickstream data and other static information about the utilization of your services.

Data collecting and storage can always be prohibited with regard to the future, if you reset the IDentifier for Advertisers or Google Advertiser ID in the range of your mobile device settings. You can also object to the collection and evaluation of your user data by using the following opt out feature: https://www.adjust.com/forget-device/

As a security measure, we concluded an order-processing contract with Adjust according to Art. 28 GDPR. Furthermore data is only used in the form of anonymized statistics.

The purpose of the data processing is the anonymized analysis for your utilization habits regarding our gaming apps. The gathered information thereof assists us with improving our services. Furthermore the success of advertising campaigns can be measured due to these data.

The legal basis is the so-called legitimate interest, which has been checked regarding the purpose pursuance and in the scope of the aforementioned security measures as well as in accordance with Art. 6, para. 1 lit. f GDPR. Under consideration of the minor interference intensity and the taken security measures our interest in further optimizing our app offer and measuring the success of our advertising campaigns prevails.

b) Google Firebase

A service of the Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (EU: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland). Firebase is part of the Google Cloud Platform and offers numerous services for developers. Here you will find a listing in this regard: https://firebase.google.com/terms/.

Besides the above mentioned "Instance ID" Google also uses the Advertising ID of the end device for Firebase Analytics. You can limit the utilization of the Advertising ID in the settings of your mobile device.
For android: settings > google > ads > rest advertising ID
For iOS: settings > data protection > advertisement > no ad tracking

Further information regarding data protection and about the safety of Firebase can be found here: https://firebase.google.com/support/privacy/

As security measure we use servers located within the EU whenever it is possible. However, it can not be excluded that data is also transferred to the USA (compare https://www.google.com/about/datacenters/locations/). In order to ensure an appropriate data protection level Google provides additional guarantees in the form of EU standardized contractual terms, which we concluded with Google (compare https://privacy.google.com/businesses/processorterms/).

Furthermore we concluded an order processing contract with Google in accordance with Art. 28 DSGVO (compare https://privacy.google.com/businesses/processorterms/). There Google obligates itself to protect our users' data, to process it in accordance with their data protection regulations acting on our instructions and especially not to forward it to third parties.

Furthermore data will only be used in the form of anonymized statistics.

Purpose of the data processing is the anonymized analysis of your utilization habits in our app games. Such gathered information helps us to improve our offer. Furthermore this data can assist us with accessing the success of advertising campaigns.

Legal basis is the so called rightful interest, which was checked regarding the pursuing of the purpose and in the scope of the before mentioned protection measures as well as in accordance with the European data protection requirements of Article 6 Paragraph 1 lit. f GDPR. Under consideration of the minor interference intensity and the taken security measures our interest in further optimizing our app offer and measuring the success of our advertising campaigns prevails.

The games run by us offer you the opportunity to communicate with us or with other players. We use automatic filter systems, which prevent the plentiful sending of messages, insulting, violence-glorifying, obscene, racist or whatever offensive statements, or news with promotional character. We record the communication channels provided for a short time for the purposes of analyses and rectification of technical errors, for the warranty of system security and system integrity, for combating abusive and/or unauthorized usage, and for the preparation of user statistics on non-personal basis. The reports created contain date and time of the message, sender and recipient, the text message, as well as the transmitted amount of data.

Without your agreement, none of our staff-members will read messages. However, if we suspect abusive and/or unauthorized usage of the communication channels (for example, because a message recipient has reported inappropriate content), we reserve the right to examine the player account in question, including any messages sent by it and – if need be – take further action.

As a measure of protection, the transmission of the data entered by you will take place via an encrypted connection of the corresponding platform.

Purpose of the processing is the provision of an in-game communication solution for the exchange of messages between players.

Legal basis for the temporary storage of data is Article 6 Paragraph 1 lit. a GDPR as well as Article 6 Paragraph 1 lit. f GDPR. The data input for the purpose of communication is voluntary, and therefore on the basis of agreement by the users. The use of filter systems serves the purpose of monitoring the adherence of the rules for proper communication and protecting the rights of third parties. In this purposes also lies our rightful interest in data procession according to Article 6 Paragraph 1 lit. f GDPR.

The processing of in-app purchases is handled by the distribution platform of which the game was downloaded. When you initialize the payment process in order to purchase premium currency in a gaming app, you will have to enter additional data. The required data depends on the payment method you selected. Distribution platforms offer a variety of services for payment processing which you can choose from.

Distribution platforms often work together with external payment providers, such as PayPal, credit card companies, etc. These external payment providers are obligated by law to handle your data confidentially and securely, and they are only allowed to use your data as far as it is necessary for the fulfillment of their task.

You are free to choose which of the offered payment methods you use; in this regard we refer to the data privacy protection statements and notes on the matter on the sites of the distribution platforms and payment providers.

Once a transaction is completed successfully, the distribution platform will send feedback to upjers, which will confirm the success of the transaction.

If applicable we use advertising technologies in our games and exchange non-personal IDs with external advertising networks to improve personalized advertising in our games. We and our trustworthy partners collect and process the Apple Advertising ID (IDFA) on iOS devices and the Google Advertising ID on Android devices to facilitate interest-based advertising and measure the success thereof. Advertising IDs are unique, but as the same time not personalized and non-permanent identification numbers provided by your device and operating system. In the following you can find out how to enable/disable these advertising technologies within the mobile gaming apps:

a) iOS

Open the iOS application “Settings” and tap on “Privacy” > “Advertising”. If you enable the option “Limit Live Tracking” we can only make limited use of the tracker, for example to identify unique users or combat fraud. You can also delete your IDFA (“Reset Advertising Identifier”) in the same menu; this creates a new ID that will not be merged with previously collected data.

b) Android

Open the “Settings” app and tap on “Google”. Depending on your device, you might not find this option in the main menu, but you can use the search feature at the top of the settings menu to find it. Select “Ads” and enable the “Opt out of Ads Personalization” option to prevent profile creation and the display of interest-based advertising. You can delete your advertising ID (“Reset advertising ID”) in the same menu; this creates a new ID that will not be merged with previously collected data.

In the interest of your personal privacy, personal data is only stored temporarily. Furthermore, users can disable interest-based advertising in the device settings as described above. We also commit to ensuring that our external service partners commit to maintaining high standards of data protection by negotiating data protection agreements. Furthermore we concluded an order-processing contract with the external advertisement networks according to Art. 28 GDPR.

The purpose of personalized advertising is to offer our players ads which appeal to their interests and keep our games free for a broad player base.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which we be obtained before a corresponding data processing takes place.

Video advertisements are integrated into our games in various places. Therein our advertising partners provide selected content for users, which we will run for them. We would like to note that our free2play system also lives off our advertising partners, and we are committed to employing their services in the interest of our users. If you watch video ads as a player, you can earn premium currency or other in-game perks. If you have any questions regarding this, please contact our customer support: https://support.upjers.com/en/start

We work together with the following providers:

a) unityAds

We work with our partner Unity Technologies (Unity Technologies, 30 3rd Street, San Francisco, CA 94103, USA; Unity Technologies GmbH, Ritterstrasse 11, 10969 Berlin, Germany). Unity uses technologies to display, manage and optimize ads for users.

As measures of protection, we only process pseudonymized usage data and offer our users an option to opt out. If you would like to opt out of the collection of anonymized information, you can do so at https://unity3d.com/legal/cookie-policy#cookies. Alternatively, you can adjust settings or revoke permission for data processing within the game using the link “unity Privacy.”

Furthermore we have concluded an agreement with Unity in accordance with Art. 26 GDPR, which states that both, we and Unity, are responsible for processing your data.

Therefore you can direct any questions about the data processing to us as well as unity. You can find contact information at: https://unity3d.com/contact/addresses

To secure and defend international data transfer within its own businesses, Unity has established so-called Binding Corporate Rules (BCR). These are data privacy protection agreements with guarantee a unified level of data privacy protection for all of its corporations.

The purpose of this data processing is to enable the playing of ads which make our free2play offer possible.

The legal basis is your consent in accordance with Art. 6. para. 1 lit. a GDPR, which will be given in advance before the activation of the video player and the running of advertising videos by clicking on the confirmation button on the preceding site.

b) Google Admob

We use the service "Admob" by Google LLC., 1600 Amphitheatre Parkway
Mountain View, CA 94043, USA, EU Branch Office: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

Personalized advertisements can be displaying within an app by using Admob. Google specifically collects data regarding device, utilization and location of the gaming device by using a software which is integrated into the corresponding app. Due to this data Google is able to select advertisements, which are tailored to the user’s interests, and display them. Furthermore Google uses this data to further optimize its services. Information on Google’s data processing can be gathered from its data privacy declaration: https://policies.google.com/technologies/partner-sites

In order to execute this service, Google also forwards data to advertisement networks. A listing of these networks and their data privacy declarations can be found here:

https://support.google.com/admanager/answer/9012903

Due to security measures only pseudonymized utilization data is processed. You can always change the settings concerning data processing in the settings menu of the corresponding gaming app by using the link “Admob Privacy”.

Google provides the contractual terms and conditions for the utilization of the service, whereupon upjers and Google are independently of each other responsible parties regarding the data processing: https://privacy.google.com/businesses/controllerterms/ We recommend to contact Google directly concerning inquiries regarding data processing, because only Google collects personalized data in the scope of Admob.

Since Google’s registered office is in the USA and therefore in a so-called third country, further guarantees are required to assure a data privacy protection level which is appropriate for European standards.

Google got a certification in accordance with the so-called EU-US Privacy Shield and in doing so proved a corresponding data protection level: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

The purpose of the utilization of Admob and Google’s data processing connected to that is the usage of advertising means to enable our free services.

The legal basis is your consent in accordance with Art. 6. para. 1 lit. a GDPR, which will be given in advance before the activation of the video player and the running of advertising videos by clicking on the confirmation button on the preceding site.

Sometimes it may be necessary for us to process personal data and, if required, sensitive personal data, in accordance with local laws and regulations, relating to the exercise or defense of legal claims. Article 9 para. 1 lit. f GDPR facilitates it, if the data processing “is essential for asserting, exercising and defending legal claims or if courts act in the course of their judicial activity”.

For instance, this may be the case if we need legal advice in relation to legal proceedings or are legally obliged to preserve or disclose certain information in the course of legal proceedings.

upjers is aware of the significance of safety and data protection of children on the internet. Therefore, and to comply with specific laws, we neither intentionally collect personal, individually identifiable information about children under the age of 16, nor do we offer content for children under 16.

upjers reserves the right to change this data privacy statement at any time, however, upjers will always adhere to the currently applicable data security laws. upjers advises you to inform yourself about the current data privacy statement any time you visit our websites or games.

Last updated: December 2020