Privacy Statement for Mobile Apps

We, upjers GmbH, located at Hafenstraße 13, 96052 Bamberg, Germany, are developers and publishers of games for mobile devices (our "Game Apps"), which are made available via app stores such as the iTunes App Store, Google Play, Amazon Appstore and Windows Store (hereinafter "Distribution Platforms"). We are responsible for the provision of games and related services (such as support, our website, competitions, newsletters, advertising, etc.) (together the "Services") and are responsible for the processing of the data.

In the following privacy policy, you will learn what we do with your data, so-called personal data, and why we do this. We also tell you how we protect your data, when the data is deleted and what rights you have thanks to data protection.

If you visit another website - for example via a link on our website - please note that this privacy policy does not apply to this third-party website.

The company is responsible for providing the game apps:

upjers GmbH
Hafenstraße 13
96052 Bamberg
Germany

Phone: +49 (0)951/5109080
Fax: +49 (0)951/510908102
E-mail: mail@upjers.com
Customer support:
Support form: https://support.upjers.com/de/start
Email: support@upjers.com

You can also reach our data protection officer via these contact details. If you have specific questions about your data, its deletion or your rights, you can contact us directly about data protection via the e-mail address datenschutzbeauftragter@upjers.com. If you wish to submit a written request, simply add "Data protection".

You can contact us at any time if you have any questions about your data protection rights or wish to assert any of the following rights:

• Right of revocation pursuant to Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to revoke a previously given consent to a newsletter)
• Right to information in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
• Rectification in accordance with Art. 16 GDPR (e.g. you can contact us if your email address has changed and you want us to replace the old email address)
• Erasure in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to erase certain data that we have stored about you)
• Restriction of processing in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your email address but only want us to use it to send essential emails)
• Data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data stored by us in a compressed format, e.g. because you want to make the data available to another website)
• Objection pursuant to Art. 21 GDPR (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures specified here)
• Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 para. 1 GDPR (e.g. you can also contact the data protection supervisory authority directly in the event of complaints)
• Insofar as processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, you have the right to object in accordance with Art. 21 GDPR.

If no specific storage period is specified in the individual sections, the data will be deleted at the latest after the expiry of statutory retention periods or after the purpose of processing no longer applies. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. Certain data may have to be stored for longer for legal reasons. You can of course request information about the stored data at any time.

**We will take all reasonable and appropriate measures to protect the personal information we store from misuse, loss or unauthorized access. We have taken a number of technical and organizational measures to do this. This includes measures to deal with any suspected data breaches.

**If you suspect that your personal information has been misused, lost or accessed without authorization, please let us know as soon as possible and contact us using the contact details above.

**Automated decision-making within the meaning of Art. 22 GDPR does not take place. Personalization and analysis procedures are used exclusively for statistical evaluation and offer optimization and have no legal or similarly significant effects.

When you play our gaming apps, we collect and store certain data about you in order to provide our games and services, improve your overall gaming experience and provide you with customized offers (e.g. certain in-game offers that you may like based on your gaming behavior):

• Device identifier (hash of device identifier and timestamp), as well as user-related device identifiers (user IDs)
• Progress in the game and game behavior (e.g. how quickly you have reached a certain level)
• In-app purchases
• Game version (e.g. v1.23.111)
• Language settings (e.g. German system language)
• Approximate location based on device language and time zone
• Date and time of the game session (e.g. 11:45 on 25.05.2018)
• Operating system (e.g. MacOS, Android)
• Hardware (e.g. Intel processor)

To protect your privacy, we delete or anonymize identifiers in our database and most technical data after your gaming session. All other data is collected exclusively for statistical purposes to optimize the game, for the placement of interest-based ads (for more information, see "Personalized advertising" below) and to offer you as our player a personalized gaming experience (e.g. adapting the gameplay depending on your gaming behavior).

The purpose of the temporary storage of this data is to establish a connection to our game servers, which is necessary for the provision of our games and services, as well as to offer you a more personalized gaming experience.

Legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract). Insofar as personalization for marketing purposes takes place, this is done exclusively on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR.

When you download our games as mobile apps or purchase in-app items via a distribution platform (e.g. Apple App Store or Google Play Store), you submit certain information to that platform, in particular your account details, e.g. name, device identifier, email address and payment information. We have no influence on this data collection and are not responsible for it.

Some features of our games require access to certain functions and services on your device. Depending on which mobile operating system you use, it may be necessary for you to accept certain app permissions. We will now explain what these permissions mean:

a) iOS

Push notifications: If you select OK in the "Allow push notifications" pop-up window, you allow the app to notify you of certain events in the game, even if the app is not currently open. You will then receive notifications in the form of sounds, messages and icons (an image or a number on the app icon).

Game Center: Game apps may also provide a connection to Apple's Game Center service, which is subject to Apple's privacy policy available at https://www.apple.com/privacy. If you use the service, e.g. to receive notifications of achievements, the personal information you share is visible to other users and can be read, collected or used by them. You should therefore carefully consider what personal information you wish to provide.

b) Android

External storage (changing or deleting your external storage, reading the contents of your external storage): These functions allow an app to temporarily store content on your device. The app only uses its own storage space for this. Other data on the external memory is not deleted, changed or read.

Internet connection (retrieve Internet data, full network access, display network and Wi-Fi connections): These functions allow the app to retrieve data from the Internet and determine whether there is a connection to the Internet via a Wi-Fi network or via a mobile data connection. This is intended to prevent large amounts of data from using up the potentially limited data volume.

Deactivating the sleep mode: This function allows the app to deactivate the phone's sleep mode (e.g. to display videos without turning off the screen).

To protect your privacy, all app permissions are optional, except for the technical permissions required to run the app. You can decline at any time (by clicking on "no" or "do not accept"). You can also revoke the permissions later by changing the corresponding settings on your device.

The purpose of requesting these permissions is to make the game app available and to keep you and the game up to date with game updates, game-related news and notifications.

Legal basis for required technical permissions is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b GDPR. The legal basis for the optional authorizations is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

You have the option of contacting our support team. By clicking on "Support" on our website, you will be redirected to https://support.upjers.com/de/start. You can also send a request by e-mail to support@upjers.com.

The following data can be requested from us:

• User name or login name
• User ID
• upjers ID
• E-mail address
• Sales platform
• Message or support request
• Operating system (e.g. Mac OS)
• Hardware (e.g. Intel processor)

As a protection measure, the support request is sent via an encrypted connection. We also apply the principle of data minimization and only collect the data actually required in the support form. After successfully contacting you and completing the support process, your data will be stored for the aforementioned retention period.

The sole purpose of the data requested is to contact you and provide customer support, which is why the data is only used for this purpose.

Legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract).

We may offer you the option of logging in to our app using Facebook Login. This is a service provided by Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). You can easily log in with your Facebook account. If you decide to do so, you will be redirected to the Facebook social media network. There you can log in with your Facebook user data. This login procedure stores your data and transmits it to Facebook.

On the one hand, the Facebook login offers a quick registration process and, on the other hand, it gives us the opportunity to share data with Facebook. This allows us to better adapt our offer and our advertising campaigns to your interests and needs. Data that we receive from Facebook in this way is public data such as

• Facebook name
• profile picture
• a stored e-mail address
• friend lists
• More

In return, we provide Facebook with information about your activities in our app.

The legal basis for authentication is Art. 6 para. 1 lit. b GDPR. Any further data processing (e.g. for marketing or personalization) is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Meta is independently responsible for the subsequent processing of the data by Meta. You can revoke this consent at any time. If you would like more information about data processing by Facebook, you can find this in the Facebook privacy policy at https://de-de.facebook.com/policy.php.

In order to constantly improve and optimize our offer and to measure the success of advertising campaigns, we use so-called mobile tracking technologies. We use the following services for this purpose:

a) Adjust

A service of Adjust GmbH, Saarbrücker Str. 38a, 10405 Berlin, Germany (https://www.adjust.com). Further information on data collection can be found in Adjust's privacy policy: https://www.adjust.com/terms/privacy-policy/

When you use our apps, information transmitted by your device is collected and analyzed. The following data is collected: IP address, which is shortened or pseudonymized before storage, MAC address, anonymized device ID (IDentifier For Advertisers - IDFA or Google Advertiser ID - GAID), browser type, language, Internet service provider, network status, time zone, URL of the access and exit page, time spent and date of access, clickstream data and other statistical information about the use of our services.

Data collection and storage can be prevented at any time with effect for the future by resetting the IDentifier for Advertisers or Google Advertiser ID in the settings of your mobile device. You can also revoke the collection and analysis of usage data by using the following opt-out function: https://www.adjust.com/forget-device/

As a protective measure, we have concluded an order processing contract with Adjust in accordance with Art. 28 GDPR. In addition, the data is only used in the form of aggregated and pseudonymized statistics.

The purpose of the data processing is the aggregated and pseudonymized analysis of your usage behavior in our game apps. The insights gained from this help us to improve our offering. In addition, the data can be used to measure the success of advertising campaigns.

The use of mobile tracking technologies (e.g. Adjust, Google Firebase Analytics) takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time in the app settings.

b) Google Firebase

A service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (EU: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland). Firebase is part of the Google Cloud Platform and offers numerous services for developers. You can find a list here: https://firebase.google.com/terms/.

In addition to the "Instance ID" described above, Google also uses the advertising ID of the end device for Firebase Analytics. You can restrict the use of the advertising ID in the device settings of your mobile device.
For Android: Settings > Google > Ads > Reset advertising ID
For iOS: Settings > Privacy > Advertising > No ad tracking

You can find more information about Firebase's data protection and security here: https://firebase.google.com/support/privacy/

As a protective measure, we use servers located within the EU wherever possible. However, it cannot be ruled out that data may also be transferred to the USA (see https://www.google.com/about/datacenters/locations/). If data is transferred to the USA, this is done on the basis of the EU-US Data Privacy Framework (DPF), provided the respective provider is DPF-certified. If no certification exists, the transfer takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 GDPR.

Furthermore, we have concluded an order processing contract with Google in accordance with Art. 28 GDPR (see https://privacy.google.com/businesses/processorterms/). In this contract, Google undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties.

In addition, the data is only used in the form of anonymized statistics.

The purpose of data processing is the aggregated and pseudonymized analysis of your usage behavior in our game apps. The insights gained from this help us to improve our offering. In addition, the data can be used to measure the success of advertising campaigns.

The use of mobile tracking technologies (e.g. Adjust, Google Firebase Analytics) takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time in the app settings.

The game apps operated by us may offer you the opportunity to communicate with us or other players. We use automatic filtering systems that prevent the mass sending of messages or offensive, violent, obscene, racist or otherwise objectionable statements or messages of an advertising nature. Furthermore, we log the use of the communication channels provided for a short period of time in order to analyze and correct technical errors, to ensure system security and integrity, to combat abusive or unauthorized use and to compile usage statistics on a pseudonymized or aggregated basis. The logs created contain the date and time of the message, its sender and recipient, the message text and the volume of data transmitted.

If we suspect misuse or unauthorized use of the communication channels provided (e.g. if a message is reported by the recipient), we reserve the right to investigate the player account concerned and the messages sent from this player account and to take further measures if necessary.

As a protective measure, the data you enter is transmitted via an encrypted connection of the respective platform.

The purpose of the processing is to provide an in-game communication solution for the exchange of messages between players.

The processing of communication data is carried out for the performance of the user contract in accordance with Art. 6 para. 1 lit. b GDPR. To ensure system security, to prevent misuse and to comply with legal obligations (in particular under the Digital Services Act - DSA), processing is also carried out on the basis of Art. 6 para. 1 lit. c and lit. f GDPR. Supporting automated filter systems are used exclusively for pre-structuring and risk prevention. Measures are only taken after human review.

The respective sales platform from which the game was purchased is responsible for the payment processing of in-app purchases and the corresponding data processing. If you initiate a payment process in a game app to purchase premium currency, you must enter additional data. What data this is depends on the type of payment method you choose. The sales platforms provide various services for payment processing, which you can select.

The sales platforms often work together with external service providers, e.g. Paypal, credit card companies, etc.. These external service providers are obliged to treat your data in a lawful, confidential and secure manner and may only use your data insofar as this is necessary to fulfill their task.

You are free to decide which of the payment options offered you use and we refer in this respect to the data protection provisions and notices of the sales platforms and the respective payment service providers.

Once a payment transaction has been successfully completed, the sales platform will send a response to upjers confirming the successful transaction.

We may use advertising technologies in our games and exchange pseudonymous identifiers with external advertising networks to improve personalized advertising within our games. We and our trusted partners collect and process the Apple Advertising ID (IDFA) on iOS devices and the Google Advertising ID on Android devices to enable interest-based advertising and measure the success of the above advertising. Advertising IDs are unique but pseudonymous identifiers provided by your operating system and device. How you can activate or deactivate the advertising technologies within the mobile apps is explained below:

a) iOS

Open the "Settings" application of iOS and select the menu item "Privacy" and then the sub-item "Advertising". If you activate the "No ad tracking" option, we can only take limited measures, such as identifying unique users or combating fraud. In the same menu, you can delete the IDFA at any time ("Reset Ad ID"), in which case a new ID will be created that will not be merged with the previously collected data.

b) Android

Open the "Settings" application and select the "Google" menu item. Depending on your device, this option may not be visible in the main menu, but you can use the search function at the top of the Settings menu to find it. There, select the sub-item "Ads" and activate the option "opt out of ads personalization" to prevent the creation of profiles and the display of interest-based advertising. You can delete the advertising ID in the same menu at any time ("Reset advertising ID"), in which case a new ID will be created that will not be merged with the previously collected data.

To protect your privacy, we only store personal data temporarily. In addition, the user can deactivate interest-based advertising in the device settings as described above. Furthermore, by concluding data protection agreements, we ensure that our external service providers commit to a high level of data protection. In addition, a data processing agreement has been concluded with the external advertising networks in accordance with the requirements of Art. 28 GDPR.

The purpose is to provide the player with personalized advertising tailored to their interests and to keep our games free of charge for a broad player base.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which is obtained prior to corresponding data processing.

We use ad mediation services in our apps to play advertising videos and to optimize advertising utilization. This involves the technical connection of various advertising networks that deliver advertisements independently.

We use the following services in particular:

• Google AdMob (Google Ireland Ltd.)
• Unity Ads (Unity Technologies)
• Digital Turbine / Fyber
• Liftoff (Vungle)
• InMobi
• IronSource
• Meta Audience Network

With regard to the processing of personal data, these companies generally act as independent controllers within the meaning of Art. 4 No. 7 GDPR. Where required by law, corresponding agreements are in place to regulate responsibilities under data protection law.
Type of data processed: The following data in particular may be processed as part of advertising playout:

• Device identifiers (e.g. Advertising ID / IDFA / GAID)
• IP address (shortened or pseudonymized)
• Device information (device type, operating system, app version)
• Usage data (e.g. interactions with advertisements)
• Approximate location information (e.g. country/region)

Processing is generally carried out in pseudonymized form.

Legal basis: The processing of personal data for the purposes of personalized advertising and advertising-related performance measurement is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent is obtained via our consent management tool before the corresponding SDKs are activated. You can revoke your consent at any time in the data protection settings within the app with effect for the future.

Non-personalized advertising: If you do not give your consent to personalized advertising, non-personalized advertising may continue to be displayed. There is no profile-based personalization. Insofar as technically mandatory information is processed, this is done on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to enable the financing of our offer through advertising. Insofar as no technically mandatory information is processed for this purpose, non-personalized advertising is also played out exclusively on the basis of your consent.

If data is transferred to countries outside the European Union or the European Economic Area (in particular to the USA), this is done on the basis of the EU-US Data Privacy Framework (DPF), provided that the respective provider is certified accordingly, or on the basis of the EU standard contractual clauses in accordance with Art. 46 GDPR.
Further information on data processing by the respective providers can be found in their privacy policies.

As a rule, we only receive aggregated or pseudonymized evaluations of advertising performance (e.g. number of ad impressions or clicks) from the advertising partners. We do not merge this data with directly identifiable personal data.

Sometimes it may be necessary for us to process personal data and, where appropriate - in accordance with local laws and regulations - sensitive personal data in connection with the exercise or defense of legal claims. Art. 9 para. 2 lit. f GDPR allows this if the processing is "necessary for the establishment, exercise or defense of legal claims or when courts are acting in their judicial capacity".

This may occur, for example, if we require legal advice in relation to legal proceedings or are legally obliged to preserve or disclose certain information as part of the legal proceedings.

upjers’ services are intended for users aged 16 years and older. Individuals under the age of 16 are not permitted to create an account or use our services.

If we become aware that personal data has been collected from a person under the age of 16, we will take appropriate steps to delete such data without undue delay.

We do not knowingly process personal data of children under the age of 16.

upjers reserves the right to amend this Privacy Policy at any time, but upjers will always comply with the applicable data protection laws. upjers recommends that you inform yourself about the current Privacy Policy each time you visit the websites and games.

Our game apps are offered internationally. As a company based in Germany, we are subject to European data protection regulations, in particular the General Data Protection Regulation (GDPR). Insofar as personal data is processed in the context of the use of our game apps, this is done on the basis of the applicable legal provisions and the legal bases described in this privacy policy.

If consent is required for certain processing operations, this is obtained in advance and can be revoked at any time with effect for the future. Consent is obtained via a consent management system that ensures that non-technically required tracking or analysis functions are only activated after active consent has been given. Processing for these purposes does not take place without consent.

Status of the privacy policy: February 2026