1. Introduction

The protection of your personal data is of great importance to us, the GLHF Games GmbH (hereinafter referred to as “we”, “us” or “our”). This Privacy Policy is meant to help you understand in which ways we process your personal data when you use our mobile apps, for example when you access our apps or play games in them. In particular, we would like you to inform about which personal data we collect, in which ways and for what purposes we use it and with whom we share it. Personal data is all data that relates to your person or can be related to your person according to Art. 4 No. 1 General Data Protection Regulation (hereinafter referred to as “GDPR”).

This Privacy Policy is applicable to all apps offered by us and the associated marketing and advertising services (hereinafter referred to as “Services”). Please note that this privacy policy does not apply to the use of our website (https://www.glhf-games.net/), for which there is a separate privacy policy.

We regularly review this Privacy Policy to determine whether it needs to be adapted or amended. We will keep you informed of any changes. This Privacy Policy was last updated on 03.05.2022.

2. Purposes and legal basis for the processing of personal data

First, we collect and process personal data about you when you use our apps, insofar as it is necessary for the fulfilment of the contract between you and us or for the implementation of pre-contractual measures at your request (Art. 6 para. 1 sentence 1 lit. b GDPR).

Furthermore, we process data whenever it is necessary to protect our legitimate interests, unless they are outweighed by your interest in protecting your personal data (Art. 6 para. 1 sentence 1 lit. f GDPR). For example, we process personal data to ensure your compliance with our terms and conditions, to verify purchases and prevent fraud, to ensure and optimise the functionality of our apps and to close security gaps and solve technical problems.

In addition, we collect and process personal data as far as this is necessary to comply with our legal obligations (Art. 6 para. 1 sentence 1 lit. c GDPR).

Lastly, we may collect and process your personal data when you use our apps if we have your prior consent ( (Art. 6 para. 1 sentence 1 lit. a GDPR). The consent only applies to the respective app for which you have declared it. You can revoke your consent at any time (see point 10.7). Based on your consent, we can show you individualised content such as customised offers or personalised advertising in our apps. This helps us to show you offers and advertising relating to products and services that may be of interest to you. The data used for this purpose includes device-related information, usage data and other demographic and interest-based information that we collect when you use the app or that we receive from our third-party marketing partners or other third parties who are authorised to share this data with us.

We have no intention to use your personal data for any automatic decision making processes (including profiling).

We only process your personal data for a different purpose than mentioned above if we are allowed to do so by statutory law or if we have your prior consent in the changed purpose of our data processing.

3. Download

We offer our apps for download via Google Play. When you do this, Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter „Google“) collects personal data about you that is required for the download. They may, for example, collect your email address, individual device identification number, payment information and the time of the download. However, it is not us who collect this data, but Google. Accordingly, Google, not we, is responsible for the collection and processing of your personal data during the download.

4. Scope of data processing

We collect and process the following personal data when you use our apps:

• Device-related information: This includes your IP address, device ID, device type, operating system, device-specific settings and app settings, the date and time of the retrieval, app error messages, the time zone and the amount of data transferred. We process this data to ensure the app you are using functions without technical errors.
• Usage data: This data provides information about your user behaviour concerning our services and includes data on the way and time you are using our apps, which game levels you have reached or attempted, and which in-app-purchases you have made.
• Contact information: If you contact us by email or via our contact forms, we process the data transmitted by you (e.g. your email address, surname and first name, telephone number) and the time of transmission.
• Payment information: We do not collect your payment information when you make in-app-purchases via Google Play. However, Google will collect payment information about you in this case.
• Third Party Information: Third parties (e.g. advertising platforms and partners) may provide us with information about your other purchases and your general interests.
• Other information is processed by us if we have your prior consent.

5. Data security

We apply appropriate technical and organisational security measures to ensure your personal data stored with us is protected against unauthorised access, accidental or intentional manipulation and loss. When choosing our security measures based on state-of-the-art technology, we consider the type of data, the likelihood of a data breach and its potential impact on you. We continuously improve our security measures following the latest technological developments.

Your data may be shared with our business partners (hereinafter referred to as “third party companies”). We let you know in detail separately at the appropriate place (see 7. in particular) to which third party companies and to what extent we pass on personal data. Third party companies may be located outside the European Economic Area (hereinafter referred to as “third countries”). In its so-called adequacy decisions, the European Commission certifies that some of these third countries provide data protection comparable to that in the European Economic Area. If this is not the case, we ensure that sufficient data protection is in place by appropriate legal and contractual obligations.

6. Storage period and deletion of personal data

We will only store your personal data for as long as it is needed to fulfil the purpose it was originally stored for. After that, or if the legal basis for storing and processing the data no longer applies, we will delete your personal data. We usually store your personal data for the duration of the usage or contractual relationship via the app. However, storage beyond this point may occur for example in the event of an (imminent) legal dispute with you.

This does not affect legal requirements for the storage or deletion of personal data. We will delete your personal data stored with us right after the expiration of any legally prescribed storage periods unless further storage by us is required and allowed by statutory law.

7. Sharing your information

7.1 Processors

We work with various partners who support us in our business and are bound by contracts with regard to us (e.g., in the areas of IT, telecommunications, sales and marketing as well as payment services). We may make your data available to these so-called processors (Art. 4 para. 8 GDPR) to enable them to process the data on our behalf for the purposes stated in this Privacy Policy. Within the meaning of Art. 28 GDPR, we have appropriate confidentiality agreements in place which contractually oblige the processors comply with data protection provisions and guarantee sufficient security measures.

7.2 Marketing partners

When using an app for the first time we may ask you for your consent with which you agree pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR that our marketing partners may collect and use data about you when using our app to place personalised advertising unless you object to the processing of personal data for personalised advertising (see point 10.). Our marketing partners use this data to show you personalised advertising on our app and on other websites and in other apps as well as to improve the accuracy of their targeting and evaluation systems. Personalised advertising is made possible by our marketing partners combining the data they collect from us with information about you that they have collected on other websites and in other apps. The collection of data outside of our apps is not governed by this Privacy Policy, but by the privacy policy of the website or app where the data is collected.

7.3 Legal obligations to share personal data

In certain cases, we are obliged by law to share data with third parties. For example, in cases of fraud, we may be obliged to pass on the data we have lawfully stored about you to the relevant law enforcement agency. The legal basis for sharing the data is in this case Art. 6 para. 1 sentence 1 lit. c GSDPR.

8. Use of cookies

8.1 General information

We use cookies in our apps. Cookies are small text files that are stored on your end device and are assigned to the respective mobile app you are using. Cookies allow certain information to flow to the party setting the cookies. Cookies cannot execute programs or transfer viruses to your device. Instead, their purpose is to enable us to provide our apps and make them more user-friendly, as well as to ensure certain functions in the first place. The use of analytics cookies also provides us with information about how our apps are used so that we can optimise our services. Other cookies enable us to show you personalised offers.

8.2 Types of cookies

Some cookies may contain data that allow us to recognise the device you are using. Other cookies only contain information about certain settings that cannot be linked to your person. We use some cookies to collect data about your user behaviour regarding our app. When we collect data that way, we pseudonymise taking all necessary technical precautions. Direct identification of the user via cookies is impossible.

So-called session cookies are automatically deleted as soon as you close the app or log out. We also use so-called permanent cookies that are stored beyond the individual session and are deleted after a specific period of time.

In terms of their function, the following types of cookies can be distinguished:

• Technical cookies: They are necessary to let you use the basic functions of our apps and to ensure the security of our services. These cookies do not collect information for marketing purposes nor information on which websites you have visited or which other apps you have used.
• Performance cookies: They collect information about the way you use our services, which websites you visit and whether error messages occur. They do not collect any data that can be linked back to you but provide us with anonymous general information about what our users are interested in and show us room for improvement to our services.
• Advertising cookies, targeting cookies: They allow us to show you personalised offers from us and third parties and make it possible to measure the effectiveness of these offers.
• Sharing cookies: They make it possible for us to let our services interact with other services (e.g. social media).

8.3 Preventing the setting of cookies and consent

The way mobile apps work require the use of technical cookies. Without these cookies, our apps cannot be (fully) used and we cannot offer support functions. Technical cookies are usually session cookies (see 8.2) which are deleted after the end of the respective use of the app. You cannot deselect these cookies if you want to use the app. Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis for the processing of personal data using necessary technical cookies.

For the use of cookies that are not technically necessary (in particular advertising cookies, targeting cookies and sharing cookies), we require your prior consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. We only set the corresponding cookies if you have actively selected them in our consent manager during your first visit to our mobile app. We only pass on personal data processed by cookies to third parties after you have consented to this.

9. Services used

9.1 Chartboost

We use Chartboost. Chartboost is an advertising service that allows us to display promotional videos in our Apps about products that may be of interest to you. Further information about this service and the associated data processing can be found in Chartboost’s privacy policy, which you can access here: https://answers.chartboost.com/en-us/articles/200780269

We need your consent to use Chartboost. We may ask for this consent when you use our app for the first time. Art. 6 para. 1 sentence 1 lit. a) GDPR the legal basis for the corresponding processing of personal data.

9.2 AdMob

We use AdMob provided by Google. AdMob is an advertising service that allows us to display personalised advertising in our apps. The advertising may be displayed in the form of banners when using the app. Further information about this service and the associated data processing can be found in Google’s privacy policy, which you can access here: https://policies.google.com/technologies/ads

We need your consent to use AdMob. We may ask for this consent when you use our app for the first time. Art. 6 para. 1 sentence 1 lit. a) GDPR the legal basis for the corresponding processing of personal data.

10. Your rights

Whenever we process your personal data, you as a data subject within the meaning of Art. 4 no. 1 of the GDPR are, in addition to the rights already mentioned, entitled to the following rights:

10.1 Right of access

In accordance with Art. 15 GDPR, you have the right to request information from us about whether or not personal data concerning you is being processed and to what extent and for what purposes we process it. Upon your request (see 11. for contact details), we are also obliged to provide you with information on whether personal data about you is transferred to a third country. In that case, you have the right to request information about the safeguards in place in connection with the transfer, as required by Art. 46 GDPR. Please address any such request to the person indicated as contact (see under 11.).

10.2 Right to rectification

In case your personal data processed by us is incorrect, you have the right, pursuant to Art. 16 GDPR, to obtain from us without undue delay the rectification of your personal data or to have incomplete data completed. Please address any such request to the person indicated as contact (see under 11.).

10.3 Right to erasure (‘right to be forgotten’)

Under the conditions set out in Art. 17 GDPR, you have the right to request the erasure of your personal data stored with us without undue delay. This can be the case once the respective data is no longer necessary for the collection or processing purposes, if the data processing period has elapsed, if there is an objection to the processing of personal data (see 10.6.) or if the legal basis for the processing has ceased to exist or does not exist. Please address any such request to the person indicated as contact (see under 11.).

10.4 Right to restriction of processing

Under the conditions set out in Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. You have this right for example if the accuracy of the data in question is disputed between you and us. In this case, you have the right to request the restriction of processing the respective data for a period enabling us to verify the accuracy. The same right exists if the successful exercise of your right of objection (see 10.6) is still disputed between you and us. In addition, whenever you have a right to erasure (see 10.3), you can choose to request limited processing of your personal data instead of erasure. Please address any such request to the person indicated as contact (see under 11.).

10.5 Right to data portability

Under the conditions set out in Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format. Please address any such request to the person indicated as contact (see under 11.).

10.6 Right to object

Under the conditions set out in Art. 20 GDPR, you can object at any time to us processing your personal data. We will stop processing the respective data immediately, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or, if we need to process the data for the establishment, exercise or defence of legal claims. Please address any such request to the person indicated as contact (see under 11.).

10.7 Recht auf Widerruf deiner Einwilligung in die Verarbeitung

Where processing is based on consent, you may at any time, in accordance with Art. 7 para. 3 GDPR, withdraw your consent. The withdrawal of your consent means that we are not allowed to continue processing the data based on your withdrawn consent in the future.

Please address any such request to the person indicated as contact (see under 11.).

10.8 Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. This is possible with the supervisory authority responsible for us: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Str. 22, D-20459 Hamburg, e-mail: mailbox@datenschutz.hamburg.de, tel.: +49 40 428544040.

11. Controller and contact

We are the controller for the processing of your personal data within the meaning of Art. 4 no. 7 GDPR (see our imprint at https://www.glhf-games.net/imprint):

GLHF Games GmbH

Schlüterstr. 86

D-20146 Hamburg

If you wish to exercise any of your rights set out above, or if you wish to contact us regarding this Privacy Policy or with any other questions about our handling of data protection, our data protection officer is available to you at any time. You can contact him via mail to our postal address adding „the data protection officer“ or using the following way:

• via e-mail to: dataprotection@glhf-games.net

If you contact us by e-mail, the data you provide (your e-mail address and, if included in your e-mail, your name and your telephone number) will be stored by us in order to be able to answer your enquiry. As soon as we no longer need the data for this purpose, we will delete it. In case we have to store the data for a longer period of time due to legal retention periods, we will restrict the processing.

Last modified: 05/2022