Privacy Statement for Mobile Apps
We, the upjers GmbH (Ltd.) seated in Hafenstraße 13, 96052 Bamberg, Germany, are a developer and publisher of games for mobile devices (our “game apps”), which are made available in app stores such as the iTunes App Store, Google Play Store, Amazon App Store and Windows Store (hereafter referred to as “distribution platforms”). We are responsible for the provision of apps and related services (such as the support, our website, contests, newsletters, advertisement, etc.) (collectively “services”) and the processing of data.
In the following data privacy statement, you'll learn what we do with your data – so called personal data – and why. We will also tell you how we protect your data, when data will be deleted, and which rights you have thanks to data privacy.
Up front: We adhere to the data protection laws and protect your sphere of personal privacy to the best of our ability. But we also want to be completely honest: the internet lives off data exchange and has many security leaks. Even if your data is encrypted while you are visiting our website, there is always a remaining risk, if only through interaction with foreign websites. If you visit a different website, for example, via a link on our website, please be aware that this data protection declaration will not apply to this foreign website.
1. Responsible Parties – To Whom Can I Turn?
2. Data Protection Officer
3. What Rights Do I Have?
4. Deletion of Data and Storage Period of Data
5. How Is your Personal Data Protected?
6. Data Collection in Our Games
7. Mobile Apps and App Permissions
8. Contacting Our Customer Support
9. Multiplayer Cloud
10. Mobile App Tracking
11. Communication Within the Games
12. Payment Handling
13. (Personalized) Advertisements
14. Video Advertisements
15. Assertion, Exercise and Defense of Legal Claims
16. Personal Data of Children
17. Change of Data Privacy Statement
for the provision of game apps:
Telephone: +49 (0)951/5109080
Fax: +49 (0)951/510908102
Data Protection Officer
You can also reach our data protection officer through the contact channels listed above. If you have specific questions regarding your data, data deletion or your rights, you can contact our data protection officer directly at firstname.lastname@example.org. If contacting us in writing, it will suffice to include the subject “Data Privacy”, for it to be directed to the correct place.
You can contact us any time if you have questions regarding your data protection rights or want to assert any of your following rights:
Right of revocation according to Article 7 Paragraph 3 GDPR (for example, you can turn to us in case you would like to revoke a formerly given agreement for a newsletter)
Right of Information according to Article 15 GDPR (for example, you can turn to us if you want to know which data of yours we have saved)
Rectification according to Article 16 GDPR (for example, you can turn to us in case your e-mail has changed or you would like us to update an older e-mail)
Deletion according to Article 17 GDPR (for example, you can turn to us if you would like us to delete certain data about you which we have saved)
Restriction of processing according to Article 18 GDPR (for example, you can turn to us if you want us to use your e-mail only for sending you absolutely necessary e-mails)
Data Portability according to Article 20 GDPR (for example, you can turn to us in order to receive your saved data in a compacted format, for example, when you want to provide another website with your data)
Objection according to Artice 21 GDPR (for example you can turn to us when you don't agree with promotional or analysis methods used in our services)
of appeal at the controlling authority in charge according to
Article 77, Paragraph 1 GDPR (for example, you can also direct your
complaints straight to the Data Protection Authorities)
Unless stated otherwise, we delete your data as soon as we do not need it any more. Blocking or deletion of your data may also occur if a legally mandated storage limitation has been reached, unless there is a further need to save the data for a contract closing or a contractual performance. Certain data might have to be saved longer for legal reasons. Of course, you can contact us anytime to obtain information about the saved data.
How Is your Personal Data Protected?
We will take all sensible and appropriate measures to protect the personal data saved by us from abuse, loss or unauthorized access. To this end, we have taken several technical and organizational measures, including determining procedures to deal with suspected breaches of data protection.
If you have reason to assume that your personal data have been lost or abused, or that an unauthorized access has taken place, please let us know this as soon as possible and turn to the contact data mentioned above!
6. Data Collection in Our Games
When you play our apps, we will collect and save certain data about you, to make our games and services available, improve your game experience and provide customized offers for you (for example, certain offers in the game you might be interested in based on your play):
Device identification (Hash composed of device identifier and time stamp), as well as user-related device identifiers (user Ids)
Progress in the game and gaming behavior (e.g. how fast you reached a certain level)
Game version (for example, v1.23.111)
Language settings (e.g. German system language)
Approximate location, based on device language and time zone
Date and time of gaming sessions (e.g. 11:45 am on June 25,2018)
Operating system (e.g. macOS, Android)
Hardware (e.g. Intel processor)
To protect your privacy, we delete or anonymize most technical data and identifiers in our database after each session. All other data are used exclusively for the statistical optimization of the game, displaying interest-based ads (find out more in the section “Customized Advertising”) and offering our players a customized game experience (e.g. adapting the game to your playing habits).
The purpose of saving these data is to establish a connection to our game servers, which is necessary for the provision of our games and services and to offer you a more personal gaming experience.
The legal basis is the contract with you, according to Art. 6, para. 1 lit. b GDPR, as well as legitimate interests in accordance with the European data privacy requirements according to Art. 6. para. 1 lit. f GDPR. Additionally, we make use of the security measures detailed above to protect your data.
7. Mobile Apps and App Permissions
When you download our games as mobile apps or make in-app purchases via a distribution platform (e.g. the Apple App Store or the Google Play Store), this platform will receive certain information about your account, such as your name, device type, e-mail address and payment information. We have no influence over this data collection and are not responsible for it.
Some of our games' features require access to certain features and services on your device. Depending on your operating system, it may be necessary to accept certain app permissions. We will now explain what these permissions mean:
Push-Notifications: When you select okay in the pop-up window 'Allow push-notifications', you allow the app to inform you about certain events in the game, even if the app isn't currently running. You will get a notification in form of sounds, messages and symbols (a picture or a number on the app icon).
Game Center: Game apps may offer a connection to Apple's Game Center service, which is subject to Apple's privacy statement. You can read up on them here: https://www.apple.com/privacy . If you use the service to get notifications about achievements, for example, the information shared by you will be visible to other users and can be read, collected and used by them. You should think about which personal information you wish to share.
External Storage (modify or delete your external storage, read content of your external storage): These functions allow an app to temporarily store content on your device. The app will only use its own storage space – other data in the external storage will not be deleted, modified or rad.
Internet Connection (retrieve internet data, full network access, show network and WiFi connections): These functions allow the app to retrieve data from the internet and determine if there is an internet connection via a WiFi network or a mobile data connection. This is meant to prevent the app using large amounts of data, which could exhaust your data volume.
Sleep Mode: This function allows the app to disable your device's
sleep mode (e.g. to watch videos, without the screen going dark).
To protect your privacy, all app permissions are optional, with the exception of permissions necessary for running the app. You can limit them at any time (by tapping on “no” or “do not accept”). You can also withdraw them later, by changing the corresponding settings on your device.
The purpose of the request for app permissions is to make the gaming app available to you and to keep you posted when it comes to game updates, game-related news and notifications.
The legal basis for mandatory technical permissions is the fulfillment of a contract according to Art. 6, para. 1 lit. b GDPR. The legal basis for optional permissions is your approval according to Art. 6, para. 1, lit. a GDPR.
have the option of contacting our customer support team. By clicking
on “Support” in our games and on our sites, you will be
redirected to https://support.upjers.com/en/start
. You can also reach out to email@example.com
We may ask about the following:
Username or login name
Message or support request
Operating system (e.g. macOS, iOS, Android)
Hardware (e.g. Intel processor)
As a security measure, all support requests are handled over an encrypted connection. We also adhere to the principle of data minimization – our support form only asks for information that is really required. Once contact has been established and the support interaction has been terminated, your data will be deleted.
Asking about this data is solely for purposes of contacting you and supporting you; the data is used exclusively for this purpose.
legal basis is your approval (Art. 6, para. 1, lit. a GDPR)
and the fulfillment of a contract (Art. 6, para. 1 lit. b GDPR).
9. Multiplayer Cloud
In order to offer our users multiplayer features and the services related to that, we use the Photon Engine developed by Exit Games (Exit Games Inc. 121 SW Salmon ST STE 1100, Portland, Oregon 97204, USA; Exit Games GmbH, Hongkongstr. 7, 20457 Hamburg, Germany; Data Privacy Contact: firstname.lastname@example.org).
Exit Games provides the multiplayer middleware and the services Photon Server and Photon Cloud, which make the development of scaling, cross-platform real-time multiplayer games possible.
As a security measure, we have an order-processing contract with Exit Games according to Art. 28 GDPR.
The purpose of this data processing is to provide a multiplayer solution in our games.
legal basis is your approval (Art. 6, para. 1, lit. a GDPR) ,
as well as our rightful interests (Art. 6, para. 1 lit. f GDPR).
upjers uses “Mobile App Tracking”, a software developed by Tune Inc. (2220 Western Avenue, Seattle, WA 98121, USA) in its apps.
This sofrtware collects usage data in our gaming apps. The information is collected via integrated SDK and transmitted to a server belonging to Tune in the USA, where it is saved. You can find out more in Tune's data privacy statement: http://www.tune.com/mat-privacy-policy/
You can opt of data collection in analysis by using the following opt-out function: http://www.optoutmobile.com/optout/index.html
As a security measure, we have an order-processing contract with Tuine according to Art. 28 GDPR. As Tune has its company seat in the USA (a third country), further guarantees safeguarding an appropriate European data protection level are required. Tune has been certified by the so-called EU-US Privacy Shield and has demonstrated such a level of data protection: https://www.tune.com/privacy-shield-statement/
The purpose of this data processing is the anonymized analysis of usage behavior in our gaming apps. The insights provided by this analysis help us improve our products.
legal basis for this is the so-called rightful interest, which has
been reviewed and found to be in accordance with the aforementioned
security measures and the European data privacy requirements detailed
in Art. 6, para. 1 lit. f GDPR.
The games run by us offer you the opportunity to communicate with us or with other players. We use automatic filter systems, which prevent the plentiful sending of messages, insulting, violence-glorifying, obscene, racist or whatever offensive statements, or news with promotional character. We record the communication channels provided for a short time for the purposes of analyses and rectification of technical errors, for the warranty of system security and system integrity, for combating abusive and/ or unauthorized usage, and for the preparation of user statistics on non-personal basis. The reports created contain date and time of the message, sender and recipient, the text message, as well as the transmitted amount of data.
Without your agreement, none of our staff-members will read messages. However, if we suspect abusive and/ or unauthorized usage of the communication channels (for example, because a message recipient has reported inappropriate content), we reserve the right to examine the player account in question, including any messages sent by it and – if need be – take further action.
As a measure of protection, the transmission of the data entered by you will take place via an encrypted connection to the platform in question.
Purpose of the processing is the provision of an in-game solution for communication for the exchange of messages between the players.
Legal basis for the temporary storage of data is Article 6 Paragraph 1 lit. a GDPR as well as Article 6 Paragraph 1 f GDPR. The input of data for the purpose of communication is voluntary, and therefore on the basis of agreement by the user. The use of filter systems serves the purpose of keeping the conditions and protecting the data of third parties. In this purposes lies our rightful interest in data procession according to Article 6 Paragraph 1 f GDPR.
Purchases of in-app products are handled by the distribution platform from which you downloaded the game. When you initialize the payment process in order to purchase premium currency, you will need to enter additional data. Which those are depends on the payment method you selected. Distribution platforms offer a variety of services for payment processing which you can choose from.
Often, distribution platforms work together with external payment providers, such as PayPal, credit card companies, etc. These external payment providers are obligated by law to handle your data securely, and they are only allowed to use your data as far as it is necessary for the fulfilment of their task.
You are free to choose which payment providers you use; you can read up on the data privacy statements and notes on the matter on the sites of the distribution platforms and payment prociders.
a transaction is completed successfully, the distribution platforms
send feedback to upjers, confirming the success of the transaction.
We use advertising technologies in our games and exchange non-personal IDs with external advertising networks to improve personalized advertising in our games. We and our trustworthy partners collect and process the Apple Advertising ID (IDFA) on iOS devices and the Google Advertising ID on Android devices to facilitate interest-based advertising and measure the success thereof. Advertising IDs are unique, but not personalized and not permanent identification numbers provided by your device and operating system. You can find out how to enable/disable these advertising technologies as follows:
Open the iOS application “Settings” and tap on “Privacy” > “Advertising”. If you enable the option “Limit Live Tracking” we can only make limited use of the tracker, for example to identify unique users or combat fraud. You can also delete your IDFA (“Reset Advertising Identifier...”) in the same menu; this creates a new ID that will not be merged with previously collected data.
Open the “Settings” app and tap on “Google”. Depending on your device, you might not find this option in the main menu, but you can use the search feature at the top of the settings menu to find it. Select “Ads” and enable the “Opt out of Ads Personalization” option to prevent profile creation and the display of interest-based advertising. You can delete your advertising ID (“Reset advertising ID”) in the same menu; this creates a new ID that will not be merged with previously collected data.
In the interest of your personal privacy, personal data is only stored temporarily. Furthermore, users can disable interest-based advertising in the device settings as described above. We also commit to ensuring that our external services partners commit to maintaining high standards of data protection by negotiating data protection agreements.
The purpose of personalized advertising is to offer our players ads which appeal to their interests and keep our games free for a broad playerbase.
The legal basis is the rightful interest according to the European data privacy guidelines outlined in Art. 6 para. 1 lit. f GDPR, which we have evaluated together with our data privacy officer. Additionally, a contract detailing data spread has been agreed upon with external advertising networks in accordance with the requirements of Art. 28 GDPR.
Video advertisements are integrated into our games in various places. Our advertising partners keep select content ready for users, which we then display. We would like to note that our free2play system also lives off our advertising partners, and we are committed to employing their services in the interest of our users. If you watch video ads as a player, you can earn premium currency or other in-game perks. If you have any questions regarding this, please contact our customer support.
We work together with the following providers:
We work with our oartner Unity Technologies (Unity Technologies, 30 3rd Street, San Francisco, CA 94103, USA; Unity Technologies GmbH, Ritterstrasse 11, 10969 Berlin, Germany). Unity uses technologies to displays, manages and optimizes ads for users. If you would like to opt out of the collection of anonymized information, you can do so at https://unity3d.com/legal/cookie-policy#cookies. Alternatively, you can adjust settings or revoke permission for data processing within the game using the link “unity Privacy.”
As measures of protection, we only process psedonymized usage data and offer our users an option to opt out. We have reached an agreement with Unity in accordance with Art. 26 GDPR, which states that both we and Unity are responsible for processing your data.
You can direct any questions about the data processing to us as well as unity. You can find contact information at: https://unity3d.com/contact/addresses
To secure and defend international data transfer within its own businesses, Unity has established so-called Binding Corporate Rules (BCR). These are data privacy agreements with guarantee a unified level of data privacy for all of its corporations.
The purpose of this data processing is to enable the playing of ads which make our free2play offer possible.
The legal basis is the so-called rightful interest that has been evaluated in regards to the pursuit of the purpose and within the framework of previously mentioned security measures and found to be in accordance with the data privacy requirements detailed in Art. 6. para. 1 lit. f GDPR.
Sometimes it may be necessary for us to process personal data and, if required, sensitive personal data, in accordance with local laws and regulations, relating to the exercise or defence of legal claims. Article 9 para. 1 lit. f GDPR facilitates it, if the data processing “is essential for asserting, exercising and defending legal claims or if courts act in the course of their judicial activity”.
For instance, this may be the case if we need legal advice in relation to legal proceedings or are legally obliged to preserve or disclose certain information in the course of legal proceedings.
16. Personal Data of Children
upjers is aware of the significance and data protection of children on the internet. Therefore, and to comply with specific laws, we neither intentionally collect personal, individually identifiable information about children under the age of 16, nor do we offer content for children under 16.
17. Change of Data Privacy Statement
upjers reserves the right to change this data privacy statement at any time, however, upjers will always adhere to the currently applicable data security laws. upjers advises you to inform yourself about the current data privacy statement any time you visit our websites or games.
Last updated: May 2018