General Information

What is personal data?
Personal Data is information by which you can be directly or indirectly identified (hereinafter "data"). This generally includes information such as your name, address, email address and telephone number; however, it may also include other information such as your IP address or preferences and interests.

What is processing?
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

The Data Controller
The person that is responsible for your information under this Privacy Policy (the "data controller") is:

AD4FUN
Jakub Cieslak
Marienstr.
79098 Freiburg,
Germany

If you have any questions about the processing of your personal data by us or about data protection in general, you can reach us at [email protected].

Overview of processing operations
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of personal data processed

  1. Inventory data
  2. Content data
  3. Contact data
  4. Meta/communication data
  5. Usage data

Purposes of the processing

  1. Provision of the APP and user experience
  2. Contact requests and communication
  3. Security measures
  4. Provision of contractual services and customer services
  5. Administration and response to enquiries

Relevant legal basis
In the following, we inform you about the legal basis on which we process personal data. If more specific legal bases apply in individual cases, we will inform you of these separately.

  1. Consent - The data subject has given his/her/their consent to the processing of personal data relating to him/her/them for a specific purpose or purposes.
  2. Performance of a contract and pre-contractual enquiries - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject's request.
  3. Legitimate interests - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Security measures
We take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

However, you must understand that no Internet transmission is completely secure. Therefore, we can never guarantee that unauthorized access, hacking, data loss and other incidents can be completely excluded.

Your rights
The data protection laws in your country may give you the following rights:

BDSG and GDPR Rights

  1. Right to information: What personal data a company is processing and why (this policy).
  2. Right of access: You can request information about data collected.
  3. Right to rectification: If data collected is not correct, you can ask for it to be corrected.
  4. Right to erasure: Under certain circumstances, you can request the erasure of your data.
  5. Right to restriction of processing: In certain circumstances, you can request the further processing of your data, but the data will remain stored.
  6. Right to data portability: You can have the data collected about you transferred to another provider in a machine-readable format.
  7. Right to object: In certain circumstances (including where your data is processed on the basis of legitimate interests or for marketing purposes) you may object to processing.
  8. Rights in relation to automated case-by-case decisions, including profiling: This includes several rights where data is processed solely by automated means, and this has a legal or significant impact on an individual. In these circumstances, you have, among other things, the right to human intervention in the decision-making process.
  9. Right to Complaint: Where the BDSG and the GDPR apply you have a right to complaint to your local or for AD4FUN relevant Data Protection Authority. The state commissioner for data protection and freedom of information in Baden-Württemberg (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) is the state Data Protection Authority. Their contact details can be found on their website (www.baden-wuerttemberg.datenschutz.de), we would however appreciate the chance to deal with your concern first.
If you wish to exercise any of the rights listed above, you can contact us by email at [email protected]. For your protection and the protection of all our users, we may need to request certain information from you to help us confirm your identity before we can respond to the above requests.

Do you have to provide personal data?
The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data could result in you not being able to use our APP or not being able to use it to its full extent. The legal basis for this data processing is consent.

About our APP

In principle, our APP is designed to have data protection-friendly default settings. This includes, for example, that only such personal data is collected that is required for the function of the APP (principle of data minimization). As such we have made sure that as little as possible information that directly identifies you is collected.

We assure you of the lawful and responsible handling of all data that you transmit to us as a user of our APP and would like to transparently present to you below which data we process, what we use it for and whether and, if so, to what extent it is stored by us and/or transmitted to third parties.

What sources and data do we use
We process personal data only to the extent authorized by you personally. In doing so, we only collect and process the data that is absolutely necessary to maintain and use the APP. Personal data may be collected in two ways, that is directly when you for example volunteer it to us or automatically for example when you install and use our APP.

How we use data?
The main reason we use your data is to deliver and improve our services as follows:

  1. to provide our APP to you,
  2. provide you with customer support and respond to your requests,
  3. to improve our APP and develop new features and services,
  4. retain data related to fraudulent activities to prevent against recurrences,
  5. to ensure legal compliance,
  6. assist law enforcement, and
  7. enforce or exercise our rights.

Data storage and transmission
If, Personal Data is transmitted this is done exclusively via SSL-encrypted connections and only transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary/legally required for the purpose of providing our Services and the APP or if you have given us your consent.

Storage and retention
In the rare event that you have provided us directly with personal data, we will retain your personal data on our server until the purpose for processing it no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Security
We work hard to protect you from unauthorized access to or alteration, disclosure, or destruction of your personal data. As with all online technology, we take steps to secure your data, however we do not promise, and you should not expect, that your personal data will always remain secure. We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical, and organizational security measures.

We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security. Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Push messages
When you use the app, you will receive so-called push messages from us, even if you are not currently using the app. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device.

Authorizations and Access
We may request permission to access your internet and network access, push notifications. The legal basis for data processing is our legitimate interest and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.

Data collection, storage, and use of personal data

When you contact us
If you send us feedback, or a support request, your e-mail address will only be used for correspondence with you and only to clarify your support case. Your data will not be passed on to third parties. The data of your request will be deleted after completion. In the course of the support you have requested, it may be necessary for you to provide us with some of your personal data so that we can fulfill our contractual obligations. The data transmitted in this context will be deleted after the end of the support. The legal basis for this processing is Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Purchases
When you make in-app purchases, we (Google and Apple on our behalf) may collect the following data from you to process the purchase:

  1. Android or Apple user ID
  2. Email address
  3. Payment confirmation from the payment data collected by Apple or Google; and
  4. Device IP and device serial number to link the story history to the device.

Storage
In general, your APP data is saved and stored in part on your device and through Unity (operated by Unity Technologies, 30 3rd Street, San Francisco, CA 94103, United States), and we only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you.

Data collection, storage and use of technical personal data

Some countries including Germany and the European Union, have a broad definition of personal data and as indicated above it encompasses online identifiers, IP address, device IDs as such we are required to cover the following.

Installation of our APP
The App can be downloaded and installed from the "Google Playstore" and/or "Apple App Store". Downloading the App may require prior registration with the respective App store and/or installation of the respective App store software.

As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. And Apple collects and processes the following data: device identifiers, IP addresses, and location information.

It cannot be ruled out that Google and Apple also transmit the information collected to a server in a third country. We cannot influence which personal data Google and Apple processes with your registration and the provision of downloads in the respective App store and App store software. The responsible parties in this respect are solely Google and Apple.

Google and Apple may collect information from and about the device(s) you use to access our APP, including hardware and software information such as IP address, device ID and type, device-specific and app settings and properties, APP crashes, advertising IDs information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.

Starting the App
Every time you start the App, your data is synchronized, and your device communicates with our server through a signed token. The transmission takes place automatically and is a prerequisite for the secure functioning of the App and is therefore mandatory.

Firebase
We use the Google Firebase developer platform and related features and services provided by Google LLC and Google Ireland Limited including Firebase Analytics. Google Firebase is a platform for developers of apps for mobile devices. The Google Firebase developer platform offers a variety of features. A list of these features can be found at: https://firebase.google.com/terms/. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy.

Unity
Our apps are built using the game development platform Unity. This uses software modules and libraries that come from Unity Technologies itself or third parties and become an inherent part of our App (called a game engine). During the execution of the app, personal data may be processed by Unity itself, including device identification numbers (so-called UDID - unique device identifiers, IP address). Data such as the device type, country of app installation, advertising ID, sensor markings (e.g., from the pressure or acceleration sensor), game identification number (app ID) and the checksum of the transmitted data are also processed.

Advertising
Our APP is build using the Freemium Model. As such, the APP uses third-party advertising networks service to display ads. In order to provide personalized advertisements to our users, those listed below use device information that include personal and non-personal information, such as advertising (or ad) identifiers, IP address regarding the delivery of advertisements and your interaction with them and/or other tracking technologies to enable and optimize this advertising procedure. Ad identifiers are non-permanent device identifiers such as Google's ID for advertising. Advertisers and third parties also may collect information about your activity on our APP, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our APP and on third-party sites and applications.

The APP uses the Google Admob service to display ads. Ads are either personalized based on the device you are using or random and you will be asked to decide upon you opening our APP for the first time. You can also opt out on the Digital Advertising Alliance (DAA) if you wish not to receive targeted advertising. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.

Using Unity also means that the services are using "Unity Analytics" and "Unity Ads". Unity Analytics and Unity Ads collect the personal data such as IP addresses and device identification number (so-called UDID - unique device identifiers). Other data collected includes device specifications (device type, device language), usage data, information about in-app behavior and in-app purchases, custom event data (where applicable). Through Unity Analytics and Unity Ads, we can find out which app ads are tapped or clicked on from your device, which of advertisement was watched and whether you download and use the advertised apps.

How we share personal data

We may share some user information with service providers and partners who help us operate the Services, and in some cases with legal authorities. We follow a rigorous vetting process before engaging a service provider or working with a partner. All our service providers and partners should commit to strict confidentiality.

We may transfer your information if:

  1. we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
  2. reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation, or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person.
  3. disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, suspected fraud or other misconduct.
We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information.

Miscellaneous and Closing

Uninstall
You can stop the collection of information by the APP by uninstalling it using the standard uninstall procedure for your device.

Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so in your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Exercising your rights
If you wish to access your personal data or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity. Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.

Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is given on the basis of your consent. Consent given can be revoked at any time.

Automated individual decision-making including profiling
We do not make automated decisions in individual cases, including profiling.

Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Changes, Queries and Complaints
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date. This Policy was last updated on Sunday, 04th of December 2022.

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.