”Data Privacy Laws” means applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (2016/679) (the ”GDPR”).
“Processing” and “Process” means all activities involving your Personal Data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information.
“Services“ means our games, applications and other products, the Website, email communications, social media accounts and any related services or properties we control.
“Personal Data” means Personal Data that relates to you as an identified or identifiable individual.
All capitalised terms not specifically defined herein shall have the meaning ascribed to such terms in the GDPR.
Our Services are not directed to children, and we do not knowingly collect Personal Data from children under 16 years of age.
- Who we are
The Controller responsible for your Personal Data for the purposes of the GDPR is:
Data protection Officer
The data protection officer of the Controller for the purposes of the GDPR is:
Name: Peter Birgersson, Deloitte AB
Contact details: email@example.com
- What information do we collect from you?
As a rule, we only collect personal data that you share when making use of the Services while logging in or registering and when utilising fee-based Services, as needed. Personal data means data relates to you as an identified or identifiable individual that includes information on personal or factual circumstances. Below are examples of the personal data we collect:
|The information collected includes the following data
|Information you provide voluntarily when using our Services.
|Directly from you and/or your device by automatic means.
Your interests worthy of protection are considered in pursuance with statutory data protection regulations. In the event of a default in payment, we hereby reserve the right to commission a collection agency or an attorney to collect the payment due, as needed, and to provide the necessary data within this context.
We treat all of this data in a confidential manner and in consideration of statutory data protection regulations.
We do not expect or intend to collect or otherwise process any special categories of data relating to you. By special categories of data, we mean genetic, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or information about your criminal offences or convictions. Please do not provide this kind of information to us or use the Services to make it available to others.
- How do we use your Personal Data?
We use your Personal Data for different purposes. We will for example use the Personal Data to provide you with the Services you have requested, to improve and develop our Services, to predict user trends, to make recommendations and marketing activities based on your usage and to customise our Services to you, these include some examples as the following processing activities:
|Purpose of the processing
|Processing is necessary to perform our contract with you in respect of our Services.
|Performance of a contract
|Based on our legitimate interest to safeguard our Services
|Based on our legitimate interest to optimise our Services
|Based on your consent in our Services
|Based on our legitimate interest to prevent policy misuse
|Based on our legitimate interest to moderate customer communication
|Based on our legitimate interest to prevent cheating and fraud in our Services and games
|Based on our legal obligations
In addition, we may process your data for additional purposes which are compatible with any of the purposes listed above.
- Who we share your information with
- Other companies in the Stillfront Group, for example where they help us develop or operate our Services or other Services will receive access to all available Personal Data. For information on the entities within Stillfront Group, see the most recent annual report published on https://www.stillfront.com/en/reports-presentations/, as updated from time to time.
- For analytical purposes, we collect and make inferences based on generated data such as your recent visits to our Services and how you move around different sections, in order to make our Services more intuitive and evaluate user needs and preferences. This data will be shared with a limited group of employees in the Stillfront Group.
- Persons or companies that provide Services to us and process data on our behalf when providing those Services (for example, Services that help us develop and operate our Services and professional advisors).
- Third parties to whom we outsource certain Services such as, without limitation, document processing and translation services, marketing partnerings, confidential waste disposal, IT systems or software providers, IT Support service providers, documents, and information storage providers. For more information on our processors and third party partners please either contact as at firstname.lastname@example.org.
- Competent courts of law or other government authorities where we believe disclosure is necessary as a matter of applicable law or regulation.
- Any person or entity where we believe disclosure is necessary to exercise, establish or defend our legal rights or to protect your or another person’s vital interests.
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.
Where required by law, your personal data may be disclosed to an applicable governmental, regulatory, sporting or enforcement authority. Your personal data may also be disclosed to any regulatory body in connection with prevention and detection of crime and where we consider that there are reasonable grounds to suspect that you may be involved in a breach of the law. Those bodies may then use your personal data to investigate and act on any such breaches in accordance with their procedures
When Personal Data is shared with our business partners, processors, group affiliates or other trusted entities stated above, we always require them to only use information in accordance with our instructions.
- Appropriate Safeguards to countries outside the EU/EEA-area
- How long do we keep hold of your information?
We endeavour to take reasonable precautions in order to prevent unauthorised access to your personal data as well as unauthorised use or falsification of this data and to minimise the associated risks. Nevertheless, providing personal data, whether in person, on the telephone, or via the internet, is always associated with risks and no technical system is completely free of the possibility of manipulation or sabotage. We process the data collected from you in accordance with German and European data protection law. All employees are required to protect data privacy and comply with data protection regulation, and are trained accordingly. For payment purposes, your data is transmitted using encrypted SSL processes.
- Your rights
In relation to our processing of your Personal Data you have, under certain circumstances, the right to exercise the following rights:
You may request confirmation whether or not Personal Data is processed and, if that is the case, access to your Personal Data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the Personal Data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.
You have at any time the right to have inaccurate Personal Data rectified, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed.
You may have your Personal Data erased under certain circumstances such as when your Personal Data is no longer needed for the purposes for which it was collected. We offer the option to independently delete or correct your own personal data in game. If you are logged in to your account, you can delete your personal data in the settings of your user account.
Restriction of processing
You may ask us to restrict the processing of your Personal Data to only comprise storage of your Personal Data under certain circumstances, such as when the processing is unlawful, but you do not wish your Personal Data erased.
Withdrawal of consent
You have the right to at any time withdraw your consent to processing of Personal Data to the extent the processing is based on your consent. This does not affect the lawfulness of processing based on consent before its withdrawal.
You may ask to receive a machine-readable copy of Personal Data processed and ask for the information to be transferred to another Controller (where possible). This only refers to such Personal Data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you and only to the extent the Personal Data has been provided to the Company by you (data portability).
Complaints to the supervisory authority
You have the right to lodge complaints pertaining to the processing of your Personal Data to the relevant data protection supervisory authority.
- Right to object
In accordance with Article 21 GDPR, you have the right, for reasons relating to your particular situation, to submit at any time an objection to processing of the personal data concerning you which is conducted based on Art. 6 Para. 1 e or f GDPR; this also applies to profiling based on these conditions. The responsible party no longer processes the personal data concerning you, unless said party can provide evidence of compelling reasons worthy of protection for the processing that prevail over your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. If the personal data concerning you is processed in order to pursue direct advertising, you have the right to submit at any time an objection to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling, provided it is in connection with direct advertising. If you object to processing for the purpose of direct advertising, the personal data concerning you will no longer be processed for these purposes. Regardless of Directive 2002/58/EC, you have the option, in connection with the use of services of the information company, of exercising your right to object using an automated process that uses technical specifications.