Playa Games GMBH respects your right to control your privacy. We have put in place security measures for your personal data and manage your personal data in accordance with applicable data protection and data privacy regulations. This Privacy Policy explains how we handle and treat your data when you (i) register an account or visit our sites such as www.playa-games.com ( collectively the ”Website”) ( ii) use our services (iii) engage or communicate with us. It also provides information about your rights relating to your Personal Data.
Throughout this Privacy Policy the following terms have the following meanings:
”Data Privacy Laws” means applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (2016/679) (the ”GDPR”).
“Processing” and “Process” means all activities involving your Personal Data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information.
“Services“ means our applications, games such as Shakes & Fidget and other products, Websites, Forums, Webbshop, email communications, social media accounts and any related services or properties we control.
“Personal Data” means Personal Data that relates to you as an identified or identifiable individual.
All capitalised terms not specifically defined herein shall have the meaning ascribed to such terms in the GDPR.
While operating the Services, Personal Data will be shared with partners we work with. Some of these partners are Controllers independently of us and, therefore, independently determine how and why they process your data. For more information on these partners and the ways in which they may process your data, please refer to section 4 of this Privacy Policy. Under certain circumstances we will transfer your Personal Data to countries outside the European Economic Area. Such transfers will be done in accordance with section 5 of this Privacy Policy.
Our Services are not directed to children and we do not knowingly collect Personal Data from children under 16 years of age.
Controller
The Controller responsible for your Personal Data for the purposes of the GDPR is:
Playa Games GmbH
Alstertor 9, 20095 Hamburg
hereinafter referred to as the “Company”, ”we”,
”us” or “our”.
The principles set out in this Privacy Policy apply to all instances in which the Company Processes your personal data as a Controller for the purposes described in this Privacy Policy. The Company is part of the Stillfront Group, a global group of gaming studios with its parent company, Stillfront Group AB (publ), incorporated in Sweden and listed on Nasdaq First North Premier Growth Market.
Data protection Officer
The data protection officer of the Controller for the purposes of the GDPR is:
Name: Peter
Birgersson, Deloitte AB
Contact details: dpo@stillfront.com
2. What information do we collect from you?
|
Source |
The information collected includes the following data |
|
Information you provide voluntarily when using our Services. |
● Your name, email address, or other contact information communicated to us. |
|
● Any Personal Data provided in and through communication channels available in our Services. |
|
|
● If you have subscribed to our communications, your content preferences, language, contact information or other information you submit to us when subscribing to our communications. |
|
|
● If you participate in our surveys or other research, any comments, feedback, responses, or other information you provide to us when doing so. |
|
|
● Any other information you choose to submit to us through our Services or otherwise. |
|
|
Information provided and collected specific to when using our service Shakes & Fidget and its accompanying products |
● Username, character information, email address, account registration information, payment information, server log and device information, device ID, third party login information. |
|
Information provided and collected specific to when using our service Mobile Dungeon its accompanying products |
● Your name, username, Device ID, character information, email address, account registration information, payment information, server log and device information, third party login information |
|
Directly from you and/or your device by automatic means. The Company collects Personal Data directly from you and/or your device (such as your phone or computer) by automatic means when you use our Services or interact with our ads outside of our Services on third-party websites or applications, including through cookies or similar technologies or software development kits (SDKs) For more information regarding the Company’s use of cookies, please view our Cookie Policy.
|
● Your device and browser: Certain information is collected by most browsers or automatically through your device, such as your device type, model, manufacturer, operating system, language, display, processor, the Internet browser type you are using your IP address (including your coarse location). |
|
● Your use of our Services: We track and collect usage data, such as the date and time you access our Services, access status, duration of use of our Services, the site you visited, the information and files that have been downloaded. |
|
|
● Crash logs or other information related to bugs, errors, or other issues in our Services. |
|
|
● Inferences we make based on your activity in our Services. |
We
do not expect or intend to collect or otherwise process any special categories
of data relating to you. By special catego
3. How do we use your Personal Data?
We use your Personal Data for different purposes. We will for example use the Personal Data to provide you with the Services you have requested, to improve and develop our Services, to predict user trends, to make recommendations and marketing activities based on your usage and to customise our Services to you, these include the following processing activities:
|
Lawful basis |
Purpose of the processing |
|
To perform our contract with you in respect of our Services.
|
● To enable you to use our Services and administer the Services. |
|
● Providing, maintaining, enhancing and personalising the Service(s) (including selecting an appropriate language version for you based on your location). |
|
|
● To know your preferences and to try to ensure that the content on our Website is presented in the most effective manner for you and your computer or mobile device, based on your browsing history on our services. |
|
|
● To provide you with an account and log in features and share that data depending on your chosen method. ● To provide you with account related features as can be expected for the service, such as friends list, achievements and history tracker. |
|
|
Based on your given consent when using our services. |
● The data provided by you and collected from your device is used to send you interest-based and personalised advertisements along with marketing of our services and those of the Stillfront Group and our affiliates. ● Data provided by you in surveys is used for the purposes of improving the game and the customer experience when interacting with our services. ● Delivery of newsletters, update information and game information, including information about patches, updates, community events, special promotions, personalised updates, interesting information about the development of our games and services and, if applicable, offers related to our game. Stored payment information and methods submitted and approved by you are used for easing future transactions and purchases. |
|
Based on our legitimate interest to make our Services the best they can be and provide you with the best possible user experience in our Services |
● Operate and maintain our Services (improve our current Services or develop new Services). |
|
● Where available, provide social features (such as chat and forum functions) or events in our Services or other Services. |
|
|
● Contact information and the contents of your message provided by you is used for the purpose of contacting you and/or handling your support requests or otherwise managing our relationship with you. |
|
|
● Troubleshoot or debug any bugs, errors, or other issues in our Services. |
|
|
● Automatically collected data is used to measure and analyse the use of our Services or data we collect through our Services (for example, to discover trends or other insights or to inform our operations). |
|
|
● Data provided by you as well as automatically collected data is used to create data that is not identifiable to you (for example, aggregate data), which we then use and share freely. |
|
|
● Automatically collected data is used to analyse how visitors use our Services. |
|
|
Based on our legitimate interest to make our services more intuitive and evaluate user behaviours and preferences. |
● Automatically generated data, that is not identifiable to you, specifically aggregated data regarding recency and frequency of player events such as “game closed” or “in-app purchases” is analysed to understand retention patterns and player behaviour. |
|
Based on our Legitimate interest to market our services and attract new players and customers. |
● Account information such as email address is used to market our and our affiliates services that we believe might interest you. ● Account information is used to conduct marketing campaigns for our and affiliated services. ● Information collected and submitted to you is used to operate, optimise and measure the effectiveness of our marketing campaigns. |
|
Based on our legitimate interest to facilitate performance marketing.
|
● Automatically generated data, that is not identifiable to you, specifically aggregated data regarding recency and frequency of player events such as “watched in-game advertising” or “in-app purchases” is used to understand and measure player lifetime value. Through this data, we can analyse expected future revenue from our players. |
|
Based on our legitimate interest to provide you with interest-based service and in-game advertisement. |
● We use ad identifiers, third-party tracking ID’s (such as AppsFlyer ID) and similar technologies to collect data from your device. Information from third party providers is combined with features including device type, system language and IP address to create a unique player ID. This is done for the purpose of recognising you and your device and providing you with customised player experiences and in-game advertisement |
|
Based on our legitimate interest to safeguard our operations. |
● Audit our operations or processes (for example, to verify that they function as intended). ● Inferences made based on customer and user behaviour in order to prevent bugs or abuses. ● Anti-cheat software is used to detect unapproved uses of our services. |
|
Based on our legitimate interest to establish, exercise and defend legal claims. |
● E.g. in the unlikely event of a dispute or a criminal investigation. Where required by law, your Personal Data will be disclosed to an applicable governmental, regulatory, sporting or enforcement authority. Your Personal Data will also be disclosed to any regulatory body in connection with prevention and detection of crime and where the Company considers that there are reasonable grounds to suspect that you may be involved in a breach of the law. Those bodies will then use your Personal Data to investigate and act on any such breaches in accordance with their procedures. |
In addition, we may process your data for additional purposes which are compatible with any of the purposes listed above.
4. Who we share your information with
Your Personal Data will (for the purposes described in this Privacy Policy) be transferred or disclosed to third parties, for the processing of that Personal Data on our behalf, such as to:
● Other companies in the Stillfront Group, where they help us develop, market, improve or operate our games, applications and services or provide other Services as defined by the purposes above will receive access to all available Personal Data. For information on the entities within Stillfront Group, see the most recent annual report published on https://www.stillfront.com/en/reports-presentations/, as updated from time to time.
● For analytical purposes, we collect automatically generated data such as your recent visits to our services and how you move around different sections, in order to make our services more intuitive and evaluate user needs and preferences. This data will be shared with a limited group of employees in the Stillfront Group.
● Persons or companies that provide services to us and process Personal Data on our behalf when providing those services, for example, services that help us develop and operate our Services.
● Third party services when you link, connect or login on our services with a third party service. The third party service will then share your necessary information such as email for the specific purpose with us or as otherwise authorised by your settings.
● Professional advisors such as external legal and audit services etc. Personal Data shared will consist of information you provide voluntarily when using our Services and data collected from your device by automatic means.
● Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers such as Dropbox, Amazon Web Services etc. Data shared will consist of information you provide voluntarily when using our Services and data collected from your device by automatic means.
● Competent courts of law or other government authorities where we believe disclosure is necessary as a matter of applicable law or regulation, such as the Authority for Privacy Protection in relation to any scrutiny of compliance with GDPR.
● Any person or entity where we believe disclosure is necessary to exercise, establish or defend our legal rights or to protect your or another person’s vital interests.
● Please note this list is non-exhaustive and there may be other examples where we need to share data with other parties in order to provide the Services as effectively as we can.
When Personal Data is shared with our business partners, group affiliates or other trusted entities stated above, we always require them to only use information in accordance with our instructions.
5. Appropriate Safeguards to countries outside the EU/EEA-area
In connection with the processing activities described in this Privacy Policy, we share information outside of the European Union (“EU”) and the European Economic Area (“EEA”). For example, a number of servers we use for hosting data are located in the United States, and some of our group companies,affiliates or the service providers we use to provide the Services may be located outside of the EU and the EEA. Where the Company transfers Personal Data outside the EU/EEA, The Company will ensure that Standard Contractual Clauses have been entered into between the transferring entity and the receiving external party. Alternatively, other safeguards will be put in place prior to such transfers.
Data shared will consist of information you provide voluntarily when using our Services and data collected from your device by automatic means. You are under Data Privacy Laws upon request entitled to receive a copy of any documentation demonstrating that appropriate safeguards have been taken in order to protect your Personal Data during a transfer outside the EU/EEA. You can do so by reaching out to our Data Processing Officer dpo@stillfront.com
6. How long do we keep hold of your information?
We will retain your information only for as long as is necessary for the purposes set out in this Privacy Policy. We are using the following criteria to establish our retention period: (i) as long as we have an ongoing relationship with you; (ii) as required by legal obligations to which the Company is subject (such as tax and accounting obligations); and (iii) as advisable in light of our legal position (such as applicable statutes of limitations). For more specific information about data retention terms, please contact our Data Processing Officer dpo@stillfront.com and we will provide the specific data retention terms for your jurisdiction.
7. Security
We will ensure that the access to your data is accurately secured by applying appropriate safeguards, depending on the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to protect your Personal Data against unauthorised or accidental destruction, alteration or disclosure; misuse; damage; theft or accidental loss; or unauthorised access.
8. Your rights
Providing data to us is not mandatory. However, we are unable to provide the Services, or some parts or features of the Services, without processing your data. If you use our Services, we will collect data relating to you for some or all the purposes described in this Privacy Policy, depending on the Services you decide to use and your choices when using them. You have a number of options to limit or control the extent to which your data is processed. For example, you can choose to not connect your third-party accounts with our Services, use your device settings to reset or limit the use of your Advertising ID, or disable some or all cookies from your browser settings.
In relation to our processing of your Personal Data you have, under certain circumstances, the right to exercise the following rights:
Access
You may request confirmation whether or not Personal Data is processed and, if that is the case, access to your Personal Data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the Personal Data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.
Object to certain processing
You may object to the processing of your Personal Data on the basis of a legitimate interest, on grounds relating to your particular situation and to the processing for direct marketing purposes.
To unsubscribe from our marketing communications, please use the unsubscribe link provided in the messages we send. The unsubscribe link is typically found at the end of the message.
Rectification
You have at any time the right to have inaccurate Personal Data rectified, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed.
Erasure
You may have your Personal Data erased under certain circumstances such as when your Personal Data is no longer needed for the purposes for which it was collected.
Restriction of processing
You may ask us to restrict the processing of your Personal Data to only comprise storage of your Personal Data under certain circumstances, such as when the processing is unlawful, but you do not wish your Personal Data erased.
Withdrawal of consent
You have the right to at any time withdraw your consent to processing of Personal Data to the extent the processing is based on your consent. This does not affect the lawfulness of processing based on consent before its withdrawal.
Data Portability
You may ask to receive a machine-readable copy of Personal Data processed and ask for the information to be transferred to another Controller (where possible). This only refers to such Personal Data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you and only to the extent the Personal Data has been provided to the Company by you (data portability).
Complaints to the supervisory authority
You have the right to lodge complaints pertaining to the processing of your Personal Data to the relevant data protection supervisory authority.
How to adjust
your preferences
To access your data in our Services or to request its deletion, please use the
automatic tools provided in our Services. These tools are specific to each of
our Services. You will find them in the game settings under “Terms &
Privacy” or a similarly named option. You can also opt out of our personalised
offers, where applicable, by writing us an email at
datenschutz@playa-games.com
. If you opt out of interest-based advertising, you will still be able to play
our games and you may still see advertising in our games. You can also choose
to prevent your device's ad identifier by changing the settings of your device.
We ask you to primarily use these tools to submit requests, because that helps us validate, process, and fulfil your request more quickly and reliably.
If you have any questions about this Privacy Policy or our data collection practices, please contact us at the address or email set out under section 1 of this Privacy Policy and specify your country of residence and the nature of your question.
9. Changes to the terms of this Privacy Policy
We may update this Privacy Policy from time to time, for example due to changes in our operations or the legal obligations that apply to us. Updates will be made available here. We will also inform you of any changes by other means that are appropriate to the significance of the changes.
Appendix : Partners and Processors
When you visit our Facebook or Instagram page, which we use to present our company or individual products from our offers, certain information about you is processed. Facebook Ireland Ltd. (Ireland/EU – “Facebook”) is the sole controller of this processing of personal data. You can find more information about the processing of personal data by Facebook at https://www.facebook.com/privacy/explanation. Facebook offers the possibility to opt out of certain data processing; information and opt-out features can be found at https://www.facebook.com/settings?tab=ads.
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole controller for processing personal data when visiting our LinkedIn page. You can find more information about the processing of personal data by LinkedIn at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit our LinkedIn company page, follow this page, or interact with this page, LinkedIn processes personal data to provide us with statistics and insights in anonymized form. As joint controllers, we have entered into a data sharing agreement with LinkedIn which defines the allocation of the data protection obligations between us and LinkedIn. This agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Accordingly, the following applies:
● LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights pursuant to the GDPR. You can contact LinkedIn for this purpose online at the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or via LinkedIn’s contact information in the privacy policy. You can contact the data protection officer of LinkedIn Ireland at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. To exercise your rights in connection with the processing of personal data related to the page insights, you can also contact us at the provided contact information. In such a case, we will forward your inquiry to LinkedIn.
● LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority that monitors the processing for the page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.
Please note that, according to the LinkedIn privacy policy, personal data is also processed by LinkedIn in the USA or other third countries.
TikTok Technology Limited (Ireland/EU) is the sole controller for the processing of personal data by TikTok. You can find more information about the processing of personal data by TikTok Technology Limited at https://www.tiktok.com/legal/privacy-policy.
New Work SE (Germany/EU) is the sole controller for processing personal data when visiting our Xing profile. You can find more information about the processing of personal data by New Work SE at https://privacy.xing.com/de/datenschutzerklaerung.
Twitch Interactive, Inc. (USA) is the sole controller for processing personal data when visiting our Twitch channel. You can find more information about the processing of personal data by Twitch Interactive, Inc. or Google Ireland Limited at https://www.twitch.tv/p/de-de/legal/privacy-notice/.
Google Ireland Limited (Ireland/EU) is the sole controller for processing personal data when visiting our YouTube channel. You can find more information about the processing of personal data by YouTube or Google Ireland Limited at https://policies.google.com/privacy
g. Google
Google Ireland Limited (Ireland/EU) is the sole controller for processing personal data for our Google related services. You can find more information about the processing of personal data by Google at https://policies.google.com/privacy