Privacy policy for apps
Lotum one GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, games@lotum.de ("Lotum" or "we") respects and protects your personal data.
The following Privacy Policy is intended to provide you with more detailed information about the collection, processing and use of data in connection with our games offered as mobile applications ("the Games Apps").
Lotum collects, processes and uses personal data exclusively within the bounds of the applicable statutory provisions. Therefore, the high level of data protection enshrined in the General Data Protection Regulation (“GDPR”) and the German Telecommunication, Telemedia, Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes – TTDSG) applies.
1. Scope of Application
1.1 This Privacy Policy is intended for all users of the Games Apps ("Users"). If certain services or individual apps of Lotum have a different data protection declaration, such declaration shall apply.
1.2 The scope of this Privacy Policy does not include services and offers of third parties that may be referred to in the Games App by so-called links. Lotum neither assumes responsibility for their content nor for compliance with data protection regulations by these third parties, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links via which social networks such as Facebook or chat apps such as WhatsApp can be accessed, and to links in advertisements that are played. For information on the handling of the User's personal data and their respective protection on these platforms, please refer to the privacy statement on the respective platform.
2. Downloading and inatalling the game apps
When you download and install our Games Apps, the operator of the platform through which you obtain the respective app (for example Apple, Inc. for the AppStore and Google Ireland Limited for the Google PlayStore) collects personal data required for the download. These data include in particular your name, your e-mail address and your postal code, time of download, the IP address and the individual device identification number of your device (so-called IMEI), as well as your payment information, if applicable. This collection and processing of your personal data is, however, basically carried out solely by the respective platform operator without our participation in the data processing or our ability to influence it. In this respect, the data protection provisions of the platform operator apply, which can be viewed on the platform in question. We only receive and process personal data collected by the platform operator to the extent necessary for the download and provision of the Games App. If we process personal data as part of the installation, this is done on the basis of the contract on the subscription and use of the Games App that you concluded with us when downloading and installing the app, in accordance with Article 6 (1) sentence 1 lit. b) GDPR.
3. Collection, processing and use of data when using the games apps
3.1 When you start and use Lotum's Games Apps, depending on the Games App, a connection may be automatically established to the servers used by us in order to retrieve current content. Information that your device transmits to us is logged in the process. This includes the IP address of the device you are using, data on the operating system used as well as the installed Games App and its version, date and time (including time zone) of the respective access to the contents of the Games App as well as the information on which specific contents have been requested for the respective Games App. In addition, Lotum may collect and process personal data in order to fulfil its contractual obligations with the User, e.g. to create the User's player profile. Depending on the respective Games App, this data includes name and IP address and data identifying the User's device.
3.2 Lotum collects and processes this data for the provision of the Games App and the respective up-to-date content of the Games App. The provision of this data is not required by law, but is necessary for the conclusion of the use contract for the respective Games App and the associated Lotum service. In this respect, it involves data that is absolutely necessary for the use of the game requested by the user. The user may voluntarily give further data to Lotum within the scope of the offer. The basis for collecting this data is § 25 (2) no. 2 TTDSG and the further data processing for the fulfilment of contractual obligations Art. 6 (1) sentence 1 b) GDPR.
4. In-app payments
4.1 In some Games Apps, we may offer certain additional versions and content for purchase, e.g. the use of an ad-free version of the app. In order to conclude the corresponding contract and the associated payment processing, it is necessary to enter bank details or other payment-related data (e.g. credit card). For payment processing, we use the services provided by the respective operator of the platform through which you have obtained the Games App (for example, Apple, Inc. for the AppStore and Google Ireland Limited for the Google PlayStore). The aforementioned information will be processed accordingly together with the necessary usage data by the operator of the respective platform, insofar as this is necessary to process the payment. Details on the handling of your personal data in connection with the payment processing can be found in the privacy statement of the respective platform operator which can be viewed on the corresponding platform.
4.2 The use of these payment services is mandatorily required by the platform operator in order for us to be allowed to offer the app on the respective platform and also serves to provide you with an easy and smooth payment process in the app.
4.3 This data processing in connection with the purchase of additional content in the respective Games App, including payment processing, is carried out for the conclusion and processing of the contract regarding this content and thus on the basis of Article 6 (1) sentence 1 lit. b) GDPR.
5. Support requests and contact via the games app
5.1 If you notify our customer support or otherwise contact us (e.g. with a contact form in the Games App), the information you provide in the contact, including the contact details given there, will be processed for the purpose of handling your enquiry and processing it, including investigating and rectifying any problems in the Games App and in the event of follow-up questions. In the event of a request to our customer support via the Games App, information on the Games App, your game progress, Player-ID and, if applicable, the problematic part of the game as well as technical data on your device will also be processed automatically.
5.2 We process this data in accordance with Art. 6 (1) sentence 1 (b) GDPR, if you contact us within the scope of an existing contract for the use of the Games App or for the purpose of initiating such a contractual relationship. Otherwise, this storage and use of data is based on Art. 6 (1) sentence 1 (f) GDPR, whereby our legitimate interest is the thorough processing of your respective request and the solution of any technical problems. Access to the data stored in your end device is absolutely necessary in accordance with §25 (2) no. 2 TTDSG so that Lotum can answer your (support) request.
6. Error reporting and usage analysis via Firebase
6.1 The Games App implements functions of the Firebase service which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
6.2 Data on the general use of the app are collected and evaluated via the Firebase service (so-called Google Analytics for Firebase). At the same time, reports on errors and crashes that occur in the app are generated to analyse and resolve these errors and crashes. For these purposes, information on whether and how you use certain parts of the Games App is collected together with the IP address and other technical data on your device and the configurations assigned to it (hereinafter "Device-Related Data"), such as the manufacturer and model of the device, the language setting and the advertising ID as well as the country from which you use the app. In order to generate error reports, details about the error that occurred, information about the affected Games App and, if necessary, game-relevant data will be collected and processed additionally, but only if such an error occurs while you are using the app. Google evaluates such data on our behalf and compiles aggregated reports for us. We use these reports to gain insight into the general use of the Games App as well as into the errors that have occurred, in order to use this information to improve the content and functions of the app and, in particular, to eliminate existing errors and problems. In addition to this we also get access to the in-game activity of individual users through Google, based on an anonymized user-id. Nevertheless it is not relevant for Lotum which User used the respective app and to what extent. It is therefore not a matter of creating user profiles for Lotum but rather of providing functional Games Apps through the analysis of aggregated reports from Google. Google may also transfer these data to servers operated by Google LLC in the USA and analyse them there. However, in member states of the European Union or in other states that are party to the Agreement on the European Economic Area your IP address will be shortened and thus made anonymous before it is transmitted to a Google server in the USA.
6.3 Google also processes the aforementioned data collected via the Firebase service to the extent covered by its own privacy policy which you can find at https://policies.google.com/privacy. There you will also find additional information on Google's handling of personal data.
6.4 We would like to point out that the transmission of data to servers in the USA used by Google LLC may involve additional risks, for instance the enforcement of your rights to these data may be more difficult. In order to counter these risks, we have concluded the standard data protection clauses by the EU Commission with Google LLC for this data transfer and also stipulated appropriate protective measures therein, which, depending on the need for protection of the data, also include data encryption and can be improved in accordance with the legal and technical conditions for appropriate protection of the data. If data is transferred to Google LLC in the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
6.5 We only use Firebase for the general usage analysis described above if you have given your consent to this. The legal basis for accessing the data described above is therefore §25 (1) TTDSG and for the subsequent data processing in this context Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time. We have also concluded a contract with Google on commissioned processing in accordance with Art. 28 GDPR on data processing in connection with error analysis. Accordingly, Google will only process the data collected in this context for this purpose in accordance with our instructions. This passing on of data to Google is therefore based on Art. 28 GDPR.
7. Usage analysis and data visualization via Looker
7.1 We also use Looker in the Games Apps. This analytics and data visualization service is provided by Looker Data Science Inc., 101 Church Street Santa Cruz, CA 95060, USA („Looker").
7.2 We use this service to evaluate and visualize the use of our Games Apps in order to identify any need for improvement and a scope for making the functions and content of the Games Apps even more user-friendly, and to be able to further develop our Games Apps on this basis. For this purpose, we use Looker to view how the user base generally interacts with the Games Apps and whether and how certain functions and game content are generally used (for example, whether a certain game level is reached and successfully completed by Users at all). Looker in this context doesn’t collect any data by itself, but rather exclusively uses the data previously collected via the Firebase service. With the help of these data, Looker creates aggregated reports on the interactions of the user base in the respective app as a whole and, if applicable, also in specific game sections. Looker also includes demographic information about the user base of our Games Apps (such as approximate age group and gender) in the reports. Even beyond that, we only ever receive aggregated data and no information that we could relate to individual users, as it is only relevant for the aforementioned purpose how the user base or specific user groups use the Games Apps but not specific, individual Users.
7.3 Further information and the applicable privacy policy on Looker's handling of personal data can be found at https://looker.com/trust-center/privacy/policy/.
7.4 The data used by the analysis service may be transferred by Looker to servers in the USA. In this particular case, Looker and we guarantee that appropriate protection measures are in place in accordance with Article 44 et seq. GDPR. In particular, Looker and we have agreed on the standard data protection clauses of the EU Commission as a precautionary measure which provide for appropriate protection measures for the specific case, such as encryption of the data, in accordance with Article 46 (2) lit. c) GDPR. The measures are also continuously developed and supplemented to the extent necessary to ensure an adequate level of data protection throughout.
7.5 We only use Looker if you have given your consent to do so, and therefore based on §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time.
8. Singular
8.1 The Singular service of Singular, Inc., 181 South Park Street Unit 2 San Francisco, CA 94107, USA, is still implemented in the Games Apps. This is an analytics service that we use to evaluate users' interactions with third party advertisements that we display in our respective Games App to finance the apps. These interactions are an important factor in financing the Games App through advertising, which is what allows us to make the app available for free in the first place. With these interactions, we can examine the contribution of specific advertising formats to the financing of the Games App and determine possible improvements to the app's advertising integration that most suitably take into consideration and balance the app's sustainable advertising financing and enjoyable gameplay experience. In this context, Singular also takes into account whether advertising financing is improved by our own advertising campaigns for the respective Games App and the new users gained as a result.
8.2 For the above purposes, Singular collects data about the installation of the respective Games App and the way you found to download the Games App, as well as your use of the App including individual events in the App such as purchases and interactions with advertisements, as well as the IP address and individual device-related data of your end device. This data is used by Singular, Inc. to compile reports on app usage on our behalf for the aforementioned purposes.
8.3 You can object to the use of your data as part of the Singular service at any time, for example by changing your settings in the app.
8.4 For more information about Singular, Inc.'s handling of personal data, please visit https://www.singular.net/privacy-policy/.
8.5 By using the Singular service, personal data is transferred to Singular, Inc. in the USA. For this reason, we have concluded with Singular, Inc. not only a contract on commissioned processing within the meaning of Art. 28 GDPR, but also the EU standard contractual clauses approved by the EU Commission in order to ensure an adequate level of data protection. Obligations to take technical protective measures form part of these clauses. Depending on the specific need for protection of the data concerned, these measures may also include the encryption of this data. By implementing these commitments, Singular, Inc. and we ensure an adequate level of data protection. The transfer of data to Singular, Inc. in the USA therefore is based on Art. 46 (2) (c) GDPR.
8.6 We only use Singular for the analyses described above if you have given your consent to this. The legal basis for accessing the data described above is therefore §25 (1) TTDSG and for the subsequent data processing in this context Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time.
9. Partner services for advertising in the games apps
We integrate services of advertising networks in the Games Apps with which we cooperate in order to be able to display third-party advertising to you while you are using the Games Apps.
In this context we use services of different advertising networks, whereby the personal data concerning you may be sent to several of the integrated advertising networks. By integrating different advertising networks, we ensure that only advertisements are displayed that are approved and specifically available by the advertiser for the respective country from which you have installed and use the relevant Games App. We generally make our Games Apps available worldwide which is why the advertisements shown in them are subject to different legal requirements depending on the User's country. The advertisement networks each work with different advertisers who may target their ads to only certain countries and adapt them solely to the legal requirements applicable there. In addition, advertisers have also set certain restrictions, such as a general maximum number of advertisements to be displayed per user or certain media in which the advertisements are to be displayed. However, we can only view individual advertisers and advertising campaigns relevant to our Game Apps in very limited cases in advance and therefore cannot evaluate them more precisely. To ensure that we are nevertheless always able to display advertising that has been approved by the advertiser for the User's region and may be specifically played, we use different advertising networks. Since we can only provide the free Games Apps by financing it through advertising, we have a legitimate interest in generally displaying advertising to the individual User in our Games Apps in order to generate revenue and to be able to continue to offer the apps free of charge, if possible worldwide.
However, personalization of the displayed advertising is only activated to the extent permitted by law. In particular, we only use data from users in the EU to display personalized advertising to this user if the respective user has consented to this in advance. In these cases, the legal basis for processing your data in connection with personalized advertising is your consent pursuant to §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. You can, of course, withdraw your consent to data processing for personalized advertising with effect for the future at any time. Please note that in order to finance the free games apps, we also display advertising even if you have not consented to personalized advertising or have withdrawn this consent. However, the advertising displayed will then not be personalized, i.e. not adjusted to your personal interests and usage habits. Only general information is then taken into account, for example the Games App in question and the country where the app was installed and launched. More details on the display of this non-personalized advertising and its legal basis are explained below for the individual advertising services.
For some games we may also offer you the option of purchasing a paid, ad-free version. In ad-free versions, of course, no advertising services are implemented and accordingly no data processing takes place for the purpose of displaying advertising in the app.
9.1 Google AdMob
9.1.1 The advertising network AdMob which is operated by Google is also used in our Games Apps to integrate third-party advertising. In this context, Google receives information about the respective Game App (name, category and language of the Game App), Device-Related Data of your device as well as the IP address of your device, which is, however, shortened and only used in an abbreviated form, and information about some of your interactions in the app. The aforementioned data may also be transmitted to Google LLC servers in the USA for the AdMob service. Google processes this data in order to select specific advertisements without giving us the opportunity to exert any further influence, and to limit the display of an advertisement, especially in the case of multiple displays to a specific User. We have no insight into the selection of specific advertisements and the related data processing, nor do we have any more precise setting options to be able to influence this. Google uses the collected data in accordance with Google's privacy policy.
9.1.2 Google also records whether and if so, how you interact with the advertisement, the IP address and individual Device-Related Data of your device as well as, if applicable, your further usage behaviour following a click on the advertisement, in order to evaluate the success of the respective advertisement together with the aforementioned data and to properly invoice us and the advertiser accordingly. Based on their evaluations, Google also creates aggregated reports for us on the scope and results of the advertising. However, this only gives us access to aggregated data on the results of the advertising which Lotum cannot trace back to individual persons.
9.1.3 Further details on the processing of data by Google can be found in Google's privacy policy (https://policies.google.com/privacy) and in the information on the use of data from integrated Google services (https://policies.google.com/technologies/partner-sites?hl=de).
9.1.4 The basis for access to the aforementioned data is §25 (2) no. 2 TTDSG and for data processing within the framework of the AdMob service our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. It is our legitimate interest to display advertising to users in order to finance the creation and development of the Games Apps available free of charge. In principle, the advertising financing allows us to offer the Games Apps worldwide. Therefore, access to the above-mentioned data in your end device is also necessary in order to be able to offer you the respective games you have selected. It is also in our legitimate interest to use the AdMob network, which is specifically tailored to displaying ads for apps, to serve ads that fit as coherently as possible into the format of the Games Apps and are not perceived by users as disruptive or inappropriate. As the Games Apps are available free of charge and solely serve your entertainment purposes, it is not evident that your interests prevail in this respect. For certain game apps, we also offer you the option to use a paid, ad-free version of the Games Apps, if available.
9.1.5 The transfer to servers of Google LLC in the USA is based on Article 46 (2) lit. c) GDPR. For this transfer we have agreed the standard data protection clauses of the EU Commission with Google LLC. Together with these clauses, we and Google LLC have also defined and implemented appropriate protection measures that take into account the need for protection of the data in each specific case and include encryption of the data. These measures are also continuously adapted in accordance with the legal and technical conditions for effective protection of the data in order to provide continuous assurance of an adequate level of protection.
9.2 UnityAds
9.2.1 Our Games Apps also include the UnityAds advertising network which is maintained by Unity Technologies Finland Oy, Kaivokatu 6, 00100 Helsinki, Finland ("Unity"). In this context, Unity receives the following information: the relevant Games App, the IP address of your device and Device-Related Data about your device. Unity processes these data independently for the purpose of deciding on the specific advertising to be displayed. We have no insight into the selection of the specific advertising and the related data processing, nor can we make any detailed settings in this regard.
9.2.2 When advertising is displayed in the Games App, Unity also records whether and how you interact with the advertisement and, if any, your further usage behaviour following a click on the advertisement. Unity processes all of the aforementioned data collected in the course of the advertising display in order to verify and evaluate the results of the advertising and to properly invoice us and the advertiser. In this context, Unity also provides us with reports. We receive information from Unity about the advertising results but only in aggregated form, so that Lotum cannot trace this information back to individual persons.
9.2.3 Unity's privacy policy with further details on the handling of your personal data in the context of UnityAds can be found at https://unity3d.com/de/legal/privacy-policy.
9.2.4 The legal basis for the data processing related to UnityAds is the protection of our legitimate interest as per Art. 6 (1) sentence 1 (f) GDPR. Access to the aforementioned data stored in your end device is justified in accordance with §25 (2) no. 2 TTDSG because without access to this data for the purpose of displaying advertising, we cannot offer the games you have requested. It is our legitimate interest to display advertising to users in order to finance the creation and development of the Games Apps available free of charge. In principle the advertising financing allows us to offer the Games Apps worldwide and without financial costs for the user and to continuously provide new content for the Games Apps. As the Games Apps are available free of charge and solely serve your entertainment purposes, it is not evident that your interests prevail in this respect. For certain Games Apps, we also offer you the option to use a paid, ad-free version of the Games Apps, if available.
9.2.5 When providing the UnityAds service, Unity may also transfer the personal data processed to its own servers in the USA, insofar as this is necessary for the provision of the UnityAds service. Insofar as this occurs, Unity will ensure that an appropriate level of protection for the personal data is granted by means of suitable safeguards, in particular the agreement of the standard data protection clauses adopted by the EU Commission with technical protective measures adapted to the specific planned transfer. In these cases, the data transfer is based on Article 46 (2) lit. c) GDPR.
9.3 Facebook Audience Network
9.3.1 Our Games Apps also include advertising through the advertising network Facebook Audience Network. This advertising network is offered by Facebook. With this network, Facebook collects data on the respective Games App, Device-Related Data on your device and the IP address of your device. Facebook may also process these data on servers in the USA. Facebook uses these data to independently select the specific advertising in a process that is not accessible to us, as well as to limit the display of an advertisement, especially in the case of multiple displays to a specific User. We have no insight into the selection of specific advertisements and the related data processing, nor do we have any more precise setting options to be able to influence this.
9.3.2 If an advertisement is displayed to you by the Facebook Audience Network or if you click on such an advertisement, Facebook also records your interaction with the advertisement, as well as your further usage behaviour, if any, following a click on the advertisement. With these data, Facebook determines the results of the respective advertisement and processes them for the purpose of invoicing us and the advertiser. In this context, Facebook also provides reports for us and the advertiser, which, however, only provide aggregated data on the respective advertising and its results and which we are therefore unable to trace back to individuals or separate by individuals.
9.3.3 For more information on the handling of your personal data and their protection by Facebook, please see Facebook's privacy statement at https://www.facebook.com/policy.php.
9.3.4 Data processing within the framework of the Facebook Audience Network is carried out to protect our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. This legitimate interest is to display advertising to users in order to finance the creation and development of the Games Apps available free of charge. In principle, the advertising financing allows us to offer the Games Apps worldwide. As the Games Apps are available free of charge and solely serve your entertainment purposes, it is not evident that your interests prevail in this respect. At the same time, access to the aforementioned data stored in your end device is absolutely necessary to be able to provide you with the desired games free of charge in the first place (§25 (2) no. 2 TTDSG). For certain Games Apps, we also offer you the option to use a paid, ad-free version of the Games Apps, if available.
9.3.5 If data is transferred to servers of Facebook in the USA, such transfer is based on Article 46 (2) lit. c) GDPR. We have concluded the standard data protection clauses adopted by the EU Commission with Facebook for transferring data by the Facebook Audience Network, having included the implementation of appropriate protective measures. Facebook and we also regularly review the need for possible additions and, if necessary, the implementation of additional appropriate protection measures within the meaning of Article 44 et seq. of the Data Protection Regulation, to the extent as this is necessary to continuously grant a suitable level of data protection.
10. Advertising on Facebook for Lotum's offers 
10.1 We advertise our own offers and Games Apps on websites and apps of other providers using Facebook's advertising services. Through these services, advertisements are displayed on the websites and apps of other providers who are part of the Facebook advertising network and have implemented the advertising network accordingly. Facebook also provides us with aggregated reports to track the success of our advertisements.
10.2 Facebook decides independently on the specific advertisements displayed and on the processing of your personal data in connection with the selection and displaying of these advertisements via the Facebook advertising network. In this respect, we can only impose abstract restrictions on user categories to which our advertising can potentially be shown at all, when the advertising is ordered, on the basis of a number of default settings defined by Facebook. However, Facebook carries out the data processing in connection with the selection of the user and the display of the advertisement independently and without any further instructions from us. Facebook does not receive any personal data from us in this context and we do not have any insight into the data processed by Facebook of the users to whom advertisements are shown, nor do we have any further influence on the related data processing.
10.3 Facebook also records the success of our advertisements for invoicing and analysis purposes. When the Games Apps are installed, both we and Facebook receive information that the User clicked on one of our advertisements, was redirected to the platform page where the relevant Games App can be downloaded, and then installed our app. This information may also be sent to Facebook servers in the USA. This links contacts that Users have with advertisements in apps of the Facebook advertising network (visual contacts and clicks on advertising banners) with subsequent interactions of the Users in our Games Apps, including the installation and launch of the specific app. The data collected in this way is also statistically analysed by Facebook. Facebook provides us with parts of the evaluations in the form of aggregated reports (so-called Facebook Ads Manager function), with which we gain an overview of the effectiveness of the advertising. We receive data on the results of our advertising and aggregated demographic information (such as approximate age group and gender) about the total Users who have viewed and clicked on our ads. However, we cannot view information that would personally identify Users. We do not combine the reports with any other personally identifiable information about individual Users.
10.4 The legal basis for the data processing described above in connection with measuring the effectiveness of our advertising on Facebook is our legitimate interests pursuant to Art. 6 (1) sentence 1 (f) GDPR. These consist of being able to track the results and effectiveness of our ads via Facebook and to be able to validate Facebook's invoicing of the ads based on this. This is the only way we can provide you with the games you have selected free of charge, which is why the associated data accesses are absolutely necessary (§25 (2) no. 2 TTDSG). Your interests are taken into account by the fact that Facebook only displays ads to registered users of the Facebook social network and therefore only data from these Facebook users is used in our advertising measurement. As part of the registration process for the Facebook network, Facebook explicitly refers to the processing of data for advertising purposes, including by advertisers such as us, and asks for the Facebook user's consent to this data processing. In addition, you can object to our processing procedures for measuring the effectiveness of our advertising.
10.5 Data are transferred to Facebook only in compliance with suitable protective measures in accordance with Article 44 et seq. GDPR. To this end, we have concluded the standard data protection clauses adopted by the EU Commission with Facebook in accordance with Article 46 (2) lit. c) GDPR. The clauses also provide for protective measures tailoured to the transfer which are continuously developed and adapted in order to ensure an appropriate level of data protection throughout.
10.6 Further information on the processing of your personal data by Facebook in the context of advertising on Facebook and the rights to which you are entitled in this context can be found here: https://www.facebook.com/policy.php.
10.7 You can also control the types of advertisements you see on the Facebook advertising network by visiting the page set up by Facebook and following the instructions there on how to set up usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings you make on this website are applied throughout all platforms, i.e. they are applied to all devices on which you log into your Facebook account (such as desktop computers or mobile devices).
11. Facebook Login
11.1 In some Games Apps, you will need to create a player profile and provide some information (such as the player name you choose) according to the registration form. In some Games Apps, we also offer you the option of creating a player profile by entering the login data of your Facebook user account (so-called "Facebook Login", formerly known as "Facebook Connect"), if you express your consent to this by clicking on the corresponding button to connect to Facebook ("Log in with Facebook"). The Facebook Login function is offered by Facebook. The login data of your Facebook account will be sent directly to Facebook. We do not have access to your login data. After verification of your login data, Facebook only informs us about the following data from your Facebook user account: the registered name, your profile picture, your language setting, and the country from where you are playing. Facebook further checks which other Facebook users with whom you are connected on Facebook (so-called "friends") have already played the respective Games App and provides us with this information. Lotum receives and uses the aforementioned data to set up your player profile in the Games App. We also use the information about your friends on Facebook to enable you to invite a Facebook friend to a joint game session and to easily start this game session. However, we only process this information to the extent necessary for a joint gaming session.
11.2 By using the Facebook Login function, Facebook receives the information that you have created a player profile for the relevant Games App and can link this information to your Facebook user account. Information on how Facebook handles your personal data can be found in Facebook's privacy statement at: https://www.facebook.com/privacy/explanation
11.3 The legal basis for data processing within the framework of the Facebook login function is your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR), which you give by calling up the Facebook login function and subsequently entering your access data to your Facebook account. You can withdraw your consent to data processing when using the Facebook login function with effect for the future at any time.
11.4 The transfer of your personal data to Facebook in this context is based on Article 46 (2) lit. c) GDPR. In this respect, above statements of section 9.5 apply accordingly.
12. Apple Sign In
12.1 In some Games Apps that require you to register with a player profile, you may also create your player profile by signing in to your Apple services profile (called an Apple ID account) if you express your consent to do so by clicking on the appropriate Apple connection button. The function required for this ("Apple Sign in") is provided by Apple Distribution International Ltd Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple"). The necessary feature (called "Apple Sign In") is provided by Apple Distribution International Ltd. Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple"). We do not have access to the login details of your Apple profile. After verification of your login data, we will only be informed about the following data from your Apple profile: the registered name, your Apple ID, your language setting, and the country from where you are playing.
12.2 The legal basis for data processing within the framework of the Apple sign in function is your consent (§25 (1) TTDSG, Art. 6 (1) sentence 1 (a) GDPR), which you give by calling up this function and subsequently entering your access data to your Apple ID account. You can withdraw your consent with effect for the future at any time.
12.3 By using Apple Sign in, Apple may receive the information that you have created a player profile for the relevant Games App. Information on how Apple handles your personal data can be found in Apple's privacy statement at: www.apple.com/de/privacy
12.4 In the event that the Apple Sign in feature transfers personal data concerning you to Apple, Inc. in the USA, Apple has ensured prior to the transfer that this transfer is covered by the EU Commission's standard data protection clauses pursuant to Article 46 (2) (c) of the GDPR. Apple and we also take additional technical security measures to protect your data, including appropriate encryption, pseudonymisation and reducing data processing as far as possible
13. Inviting players using links
13.1 In certain Games Apps, you may also be able to create an invitation to a shared game session via a direct link to the specific game session in order to send this game invitation to a contact via a messenger app or other means (e.g. email). When the game invitation is created, a specific link is generated in the Games App that leads directly to the game session in the Games App.
13.2 We use Google's Firebase Dynamic Links service to create the direct link to the game session and bring together the relevant users in the same game session. When the recipient clicks on an appropriately created link to a game, Google collects the IP address of the recipient as well as information on the relevant Games App and device-related data on the end device used. Google uses this data on our behalf to ensure that the recipient is directed directly to the correct game session in the relevant Games App. To do this, it must be assigned in the app that it is your contact who has clicked on the link and for which game you have invited the recipient. For these reasons, access to the aforementioned data is also absolutely necessary within the meaning of §25 (2) no. 2 TTDSG.
13.3 The data processing in connection with the direct link to the game session is carried out for the purpose of giving players an easy way to specifically start a game session with other persons and therefore is based on Art. 6 (1) sentence 1 (f) GDPR. Our legitimate interest is to make it as easy and convenient as possible for our users to start a game session together and thereby provide users with a special gaming experience. At the same time, this is also in the interest of our users, both the sender and the recipient of invitations to game sessions. A possible opposing interest of the recipients to the effect that no transfer of their data to Google takes place is taken into account by the fact that such a data transfer only takes place when the recipient voluntarily clicks on the invitation link sent and therefore expresses that they accept the game invitation. From this point onwards, it can no longer be assumed that the recipient has a conflicting interest with regard to the processing of their personal data via our Games App.
13.4 From the aforementioned data, Google also creates reports on the use of links to Games Apps, which we evaluate. These reports tell us about the use of the links created, the functioning of the links and any subsequent app openings or installations of the Games App in question. All of these reports always contain only aggregated data and do not allow us to draw any conclusions about individual users; we cannot view data on individual users. The data processing described above is necessary to protect our legitimate interests (Art. 6 (1) sentence 1 (f) GDPR), whereby our legitimate interest is to be able to provide users with the best possible functionalities in our Games Apps in order to offer users an optimal gaming experience. To do this, we need insights from the users' interactions with the links provided and their functionalities. At the same time, access to this data is necessary to be able to monitor and improve the functionalities of inviting people to play together. This is the only way we can provide and maintain this service requested by users (§25 (2) no. 2 TTDSG).
13.5 From the aforementioned data, Google also compiles reports on the use of links to Games Apps which we evaluate. These reports provide us with information about the use of the generated links, the functioning of the link and any subsequent app openings or installations of the relevant Games App. However, we do not receive any information about the user navigation following the click on the link. All these reports only contain aggregated data and do not allow us to draw any conclusions about individual Users; data about individual Users are not visible to us. The data processing described above is necessary to protect our legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR), whereby our legitimate interest is to be able to provide users with the best possible functionalities in our Game Apps in order to offer users an optimal gaming experience. For this purpose, we need insights from the Users' interactions with the provided links and their functionalities.
13.6 Google also processes the aforementioned data collected via the Firebase service to the extent covered by its own privacy policy which you can find at https://policies.google.com/privacy. There you will also find additional information on Google's handling of personal data.
13.7 We would like to point out that the transmission of data to servers in the USA used by Google LLC may involve additional risks, for instance the enforcement of your rights to these data may be more difficult. In order to counter these risks, we have concluded the standard data protection clauses by the EU Commission with Google LLC for this data transfer and also stipulated appropriate protective measures therein, which, depending on the need for protection of the data, also include data encryption and can be improved in accordance with the legal and technical conditions for appropriate protection of the data. If data is transferred to Google LLC in the USA, such transfer is based on Article 46 (2) lit. c) GDPR.
14. Error evaluation using Sentry Analytics
14.1 In order to detect and correct technical errors, we use the Sentry Analytics service provided by Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107 ("Sentry"). For this purpose, during the game session of a Games App, technical details on the use of the game and any action in the game are stored locally on your device. In the event of an error, these technical details, insofar as they are temporally related to the occurrence of the error, as well as your IP address are transmitted to Sentry and processed by Sentry together with the following data: information on the hardware and the operating system used on your device, name and version of the Games App used as well as the date, time, details of the error that occurred and game-related data in connection with the error. Sentry does not profile you at any time. On the basis of the above information, Sentry will, on behalf of Lotum, only produce reports and evaluations of identifiable errors, including the circumstances under which the error occurred, which may therefore provide information about possible causes of the error. In this context, the aforementioned data are also transmitted to a Sentry server in the USA and stored there. However, the data transferred for the Sentry service will not be associated to other data by Sentry and will be used solely for the analysis and correction of the technical error. The data collected will be stored by the Sentry service for a maximum of 90 days and then deleted.
14.2 Further information and Sentry's applicable privacy policy can be found at https://sentry.io/terms/ and https://sentry.io/privacy/.
14.3 We use the Sentry service to eliminate bugs in our Games Apps and difficulties in their use as quickly and comprehensively as possible and therefore to be able to continuously develop our offer in terms of a trouble-free user experience. For these reasons, access to the aforementioned data is also absolutely necessary pursuant to §25 (2) no. 2 TTDSG. The legal basis for the subsequent data processing in the use of the Sentry service is our aforementioned legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. Your legitimate interests are taken into account by removing any reference to your person after the technical data has been transferred from your end device, but before it is evaluated. If you still do not want your data to be collected by the Sentry service in case of a possible error analysis, we must ask you to refrain from playing on the free Games Apps.
14.4 We would like to point out that Sentry may also process data outside the EU or the European Economic Area, in particular on servers located in the USA. This may result in risks for Users, for example because it may make it more difficult to enforce Users' rights. We take these risks into account by taking appropriate protective measures in accordance with Art. 44 et seq. GDPR in particular by agreeing on the standard data protection clauses of the EU Commission with Sentry, which provide for appropriate protective measures such as encryption of data in individual cases. If data is transferred to Sentry in the USA, this is based on Art. 46 (2) (c) GDPR.
15. Strorage, storage period and deletion of data
15.1 We will process your personal data for as long as is necessary to achieve the purposes of the processing, is required by law to retain the data or is necessary for other reasons. Subsequently, the data will be deleted in accordance with the statutory provisions.
15.2 However, we retain data that we store for legal reasons for as long as this is legally required. After expiry of a statutory retention period, the data are deleted immediately, unless there are other reasons preventing deletion in terms of Article 17 (3) GDPR.
16. data security
Lotum has taken appropriate technical and organisational measures to protect personal data against accidental loss, damage, unauthorised access and unauthorised alteration. In particular, Lotum's data are only transferred in encrypted form. Lotum however clarifies that data protection and data security cannot be guaranteed for transfers outside Lotum's sphere of influence.
17. Disclosure of personal data to third parties
17.1 Personal data will only be transferred to third parties without the User's explicit consent if this is necessary for the provision of Lotum's services (e.g. for the technical provision of the offer), unless stated otherwise at another point in this Privacy Policy. Accordingly, a transfer of data to such service providers (such as technical service providers) takes place in order to protect our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR, namely in order to be able to provide our Games Apps for retrieval at all. Of course, Lotum will ensure that the respective service provider has taken appropriate technical and organisational measures to guarantee the security of the data before forwarding the User's personal data.
17.2 We store the data which we collect when the Games Apps are used with the help of third-party services. We use the Google Cloud and Google Firebase services, both of which are provided by Google as well as in some cases the service Couchbase Capella Cloud, provided by Couchbase, Inc. 3250 Olcott Street, Santa Clara, CA 95054, United States („Couchbase“). These services may also collect and possibly store the IP address of your device when you use the Games Apps, but for a maximum of 30 days. However, Lotum does not receive the IP addresses directly and only views IP addresses collected by these services in exceptional cases and only if a legal basis exists, in particular insofar as this is necessary to protect Lotum's legitimate interests (e.g. during maintenance work or in the event of the investigation of technical problems). We use these services to provide the aforementioned data for playing the Games App efficiently and with the lowest possible error rate to thereby ensure a smooth use of the game features. The legal basis for the associated data processing is Article 6 (1) sentence 1 lit. f) GDPR, whereby our legitimate interest is an optimal, technically sound provision of the Games App. For this purpose, access to the aforementioned data is also absolutely necessary pursuant to §25 (2) no. 2 TTDSG. Google and Couchbase may also transfer the collected data to their servers in the USA. We have concluded the standard data protection clauses adopted by the EU Commission with Google and Couchbase to safeguard the transfer of data to the USA. We have also concluded a data processing agreement with Google and Couchbase. The forwarding of personal data to Google in connection with the aforementioned services is therefore based on Article 46 (2) lit. c) and 28 GDPR.
17.3 Otherwise Lotum will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) sentence 1 lit. a) GDPR) and Lotum is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Lotum will transfer the data in order to fulfil a legal obligation according to Article 6 (1) sentence 1 lit. c) GDPR.
18. User Rights
18.1 Right to Object
The User has the right to object at any time, for reasons arising from the User's particular situation, to data processing based on Article 6 (1) sentence 1 lit. f) GDPR, unless Lotum can prove compelling reasons worthy of protection outweighing the User's interests, or the processing serves to assert, exercise or defend legal claims. The User may object to data processing for the purpose of direct marketing at any time without having to furnish special reasons for doing so.
18.2 Right to Information
The User has the right to obtain from Lotum information on personal data concerning the User stored at Lotum, on purposes of the processing, where such data come from, what kind of disclosure has been carried out, recipients or categories of recipients to whom personal data have been disclosed, storage period, and on the data subject's rights, free of charge, in writing or electronic form.
18.3 Right to Rectification, Erasure and/or Restriction of Data Processing
The User also has the right to demand at any time the rectification of inaccurate data, the deletion and/or, under the legal conditions, the restriction of the processing of the personal data stored about this User. The right to erasure exists only to the extent that Lotum is not legally required to retain the data and that there are no other reasons in terms of Article 17 (3) GDPR that prevent the erasure. Insofar as this includes personal data that are necessary for the provision of services to the User, the erasure or restriction of the processing of such data may only be carried out once the User no longer uses Lotum's offer.
18.4 Right to Data Portability
Moreover, in case the User has provided personal data concerning the User, and Lotum has processed these data due to the User's consent or for the purposes of performance of contract, the User has the right to request to be provided with these data from Lotum in a structured, commonly used and machine-readable format, as well as the right to have this information transmitted by Lotum to another data controller, where it is technically feasible (so-called right to data portability).
18.5 Right to Withdraw a Consent
All consents to the use of personal data declared by the User can be freely revoked by the User at any time with effect for the future.
18.6 Right to Lodge a Complaint with a Supervisory Authority
The User may also lodge a complaint with a supervisory authority against a data processing which in the User's opinion violates the statutory provisions.
19. Changes to this Privacy Policy
Lotum reserves the right to change this Privacy Policy at any time, and Lotum will always comply with the legal requirements of data protection. Therefore, Lotum recommends that Users regularly take note of the most up-to-date Privacy Policy. Lotum will inform Users in advance on further use of data, for example by messages in this respect, in the Games App or by so-called push notifications, insofar as you have allowed such push notifications.

Lotum one GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, games@lotum.de
Data Protection Officer: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 Munich, Germany, privacy@lotum.de