Spiele-Palast GmbH
Privacy Policy for Apps

Issued: June 3, 2022
Version: 3.8

Thank you for your interest in our online offer. Protecting your data is important to us. So, at this point, we would therefore like to explain to you which personal data we process for what purpose and in what form when you use our offers.

This policy applies to the apps operated by Spiele-Palast GmbH.

1. Responsible contact person

The contact person and so-called controller for the processing of your personal data when you use our app in accordance with the EU General Data Processing Regulation (GDPR) is

Spiele-Palast GmbH, Boxhagener Str. 106, DE-10245 Berlin.

Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us personally. Our contact details are:

Letter:

Spiele-Palast GmbH
Boxhagener Str. 106
DE-10245 Berlin

Email:

support@palace-of-cards.com
support@skat-palast.de
support@doppelkopf-palast.de
support@schafkopf-palast.de
support@mau-mau-palast.de
support@rummy-palace.com
support@solitaire-palace.com
support@canasta-palace.com
support@pinochle-palace.com
support@spider-palace.com
support@whist-palace.com
support@ginrummy-palace.com

If you have any questions about data protection in connection with our offers or the use of our apps, you can also contact our data protection officer at any time. They can be contacted via the above postal address and at the email address datenschutz@spiele-palast.de (keyword: “To data protection officer”).

2. Data security

We maintain state-of-the-art technical measures to guarantee data security, in particular to protect your personal data from risks during data transmission and against unauthorised third parties acquiring knowledge of your data. All passwords are encrypted using the SHA256 algorithm and an individual salt.

3. Use of our apps

3.1 Processing when using the apps without registration

You can also use our apps without registering by using an anonymous profile. Here, too, personal data are already being processed.

For use without registration, the apps generate a device-specific identifying code the first time they are opened after installation. This code cannot be assigned to a specific data subject. In addition, the operating system used (e.g. Android or iOS), the host name of the accessing terminal device (IP address) and the time of the server request are processed for the technical display of the specified contents.

The functionality of the Internet technically requires that the IP address be stored at least in the short term. The IP addresses are deleted or anonymised after processing. In the case of anonymisation, the IP addresses are changed in such a way that the data subject cannot or can no longer be identified. A location determination is carried out on the basis of the anonymised IP address. For data protection reasons, this only goes as far as the geographical level of the country from which the request originates. This makes it impossible to draw any conclusions about the specific location or place of residence of a user.

The data in technical protocols (so-called log files) are evaluated by us in anonymised form in order to further improve our apps and to make them more user-friendly as well as finding and correcting errors more quickly.

The data processing is necessary so that you can inform yourself about the contents of our apps. The legal basis is Article 6(1)(b) of the GDPR. The processing of the specified data is required for the provision of the contents. Otherwise you will be unable to use the apps as desired.

3.2. Processing when using apps with registration

You can use the apps with or without registration. You can log in using your Facebook social network account to further personalise the apps. It is also possible to upload a profile picture and choose a username. This is solely on an optional basis.

The user can carry out this personalisation in the apps via integrated social media services. We use the “Facebook Sign In” service for this (from Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA).

Please note that when using the Facebook Sign In, your data can also be transmitted to Facebook servers in the USA. There is currently no decision by the EU Commission that the US provides an adequate level of data protection.

There is a link between the apps and the Facebook account. From the provider, we store and process the provider’s full name, email address, profile picture, ID and token, as well as a list of your friends who also use our apps. For a person to appear on the Friends list, both must have chosen to share their Friends list with the apps and must not have disabled this permission during registration. These advanced personalisation features are optional and you can remove the personalisation or connection to the social media services from the app at any time. The purpose and scope of the data collection and the further processing and use of the data by the social media providers as well as your associated rights and setting options to protect your privacy can be found in the Facebook data policy.

Please note that when you log in via Facebook, data are transferred to the Facebook servers. If you are logged in to Facebook at this time with your username and password, the information that you are visiting our app will be transferred there and assigned to your user account. In principle, we have no influence on data processing on Facebook. However, we do receive statistics from Facebook about the use of and visits to our apps. Consequently, we share certain parameters with Facebook about our company and the offers on our apps. Facebook uses this information to generate more detailed statistics. Facebook may also use the data for its own purposes over which we have no control. Further information can be found in the Facebook data policy linked above. You may address your requests for information regarding data processing within the scope of logging in via Facebook to us via the contact data given in section 1. We will then inform you about the data we have collected and the data transmitted to us as well as their further processing and implement your rights as exercised against us. Should you also wish to assert rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing and can, at your request, implement appropriate measures if you exercise your rights. The contact details can be found in the data policy linked above.

There is also the option of registering by email. To do this, you must create an account by entering your email address, a password of your choice and your freely definable player name. It is not compulsory to use your real name, i.e. pseudonymous participation in the game is possible. If you wish, you may also upload a profile picture. After registration is complete, we create your account. To do this, we store your email address, your encrypted password and your player names. If you have uploaded an image, we will also save it.

The legal basis for the aforementioned transmission and processing of your data by us is Article 6(1)(1)(b) of the GDPR. If you do not wish to log in, the described functions cannot be used, but basic use of the apps is still possible.

In addition, on the basis of Article 6(1)(f) of the GDPR, we store the country of origin of the IP address that you used for registration for the purpose of evaluating the reach of our online games and in which countries the players of our online games are located.

3.3. User Data Deletion

You can initiate the deletion of your user data in the game as follows: Log in to the game. Viewing the main menu, find Data Privacy in white font, tap it, and select it in the popup. Next, select Delete Data and then confirm your choice.

Your account and associated data will be flagged for deletion across all our games and irrevocably deleted after 14 days.

But if you log in with this account to any of our games during that time, the flag is removed, and your account will not be deleted.

Alternatively, you can send an e-mail with the headword Termination to support@palace-of-cards.com and request to delete your account.

4. Push notifications

The apps use iOS and Android push notifications which can be deactivated at any time.

The push notifications are used to remind the player of information such as the day bonus or when a tournament starts for which a player has registered. In addition, our app uses remote push notifications for such cases where we do not already know in the app that they will occur, e.g. if another player has bought something for you or if we want to inform you about a sales promotion. For remote push notifications, we have implemented the services of Google and Apple ourselves, i.e. we do not use any third-party services here. The legal basis is Article 6(1)(f) of the GDPR, based on our interest in making users aware of our content and reminding them of this for important events such as tournaments.

Below we explain how push notifications are activated or deactivated – for the separate mobile operating systems for which we offer the app.

a) iOS

Open the “Settings” application in iOS and select the menu item “Notifications”. The following menu gives you an overview of all the apps installed on your device which have push notifications. Select the corresponding Spiele-Palast app. You can activate or deactivate the push notifications here.

b) Android

Open the “Settings” application in the Android operating system and select the “Notifications” menu item under “Sounds and notifications”. The following menu gives you an overview of all the apps installed on your device which have push notifications. Select the corresponding Spiele-Palast app. You can activate or deactivate the push notifications here. The names may differ slightly depending on the version of Android you are using.

5. Rights/Permissions

Some features require that the apps are able to access certain services and data on your device. Depending on the mobile operating system you are using, this may require your express access permission. Below, we explain which permissions the apps request and for what they are required – separately for each mobile operating system for which we offer the apps. The legal basis is Article 6(1)(a) of the GDPR, based on your consent or on Article 6(1)(b) of the GDPR, if the authorisation is required for operation of the app.

a) iOS

Push notifications: If you click OK to the “Allow push notifications” query, you allow the apps to use push notifications to refer to specific events and topics (e.g. sales promotions, tournament start), even if the apps are not currently open.

The notifications can be by means of tones, messages and/or symbol identifiers (a picture or number on the app icon).

Mobile data: This function enables the apps to download and update data outside a WLAN network via mobile data connections (e.g. GSM, UMTS or LTE).

Access to media: This function enables the uploading of an avatar. When uploading, this is requested and may be rejected.

b) Android

In addition to the standard permissions to run Android apps (such as receipt of Internet access or the ability of the device to vibrate; also called “normal permissions” by Google), we request the following permissions:

Access to media: This function enables the uploading of an avatar. When uploading, this is requested and may be rejected.

6. Participation in online games

6.1.

When you participate in an online game, we collect and use additional data, insofar as these are required for the secure and fast execution and personalisation of the online game (“game data” such as scores, moves, game history, participation in leagues, membership in clubs, status of the premium membership). Since our online games also offer a multi-player experience, this also includes the publication of game data (e.g. game status, player name, club, rounds played, rating, platform, game statistics and, if applicable, profile picture) for friends or other players. In addition, we collect and use registration, game and access data insofar as these are required for billing for playing the online games. The legal basis is Article 6(1)(b) of the GDPR.

6.2.

If you play the online game Pinochle Palace or Whist Palace, please note that we use the Unity technology for this from Unity Technologies (30 3rd Street, San Francisco, CA 94103, USA). This will involve Unity Technologies collecting some or all of the following information about your device: unique device identifiers (e.g. IDFV for iOS devices and Android ID for Android devices); IP address; country where the installation was performed (based on IP address); device manufacturer and model platform type (iOS, Android, Mac, Windows, etc.) and operating system and version running on your system or device; language; CPU information such as model, number of CPUs present, frequency and instruction set support flags; graphics card type and vendor name; graphics card driver name and version (e.g. “nv4disp.dll 6.10.93.71”); which graphics API is used (e.g. “OpenGL 2.1” or “Direct3D 9.0c”); the amount of existing system and video RAM; the current screen resolution; the version of the Unity Editor used to create the game; sensor flags (e.g. device support for gyroscope, contact pressure or acceleration sensor); application or bundle identification (“App-ID”) of the installed game; unique advertising identifiers for iOS and Android devices (e.g. IDFA or Android Ad ID); and a checksum of all sent data to ensure that it has been transmitted correctly.

This data processing helps us to make our games more attractive and to adjust our monetisation services in terms of user satisfaction. The legal basis for the data processing described here is Article 6(1)(f) of the GDPR, based on our aforementioned legitimate interest.

In the event that personal data is transferred outside the European Economic Area (EEA) to countries with a level of data protection not considered adequate by the European Commission, we and Unity Technologies have taken appropriate measures, in particular the conclusion of standard contractual clauses, which are provided by the European Commission to protect your personal data. A copy of these measures can be obtained at DPO@unity3d.com.

You can opt-out of this data collection by Unity Technologies by clicking on the “Unity Data” button under the “Data Protection” item in the menu. You will then be forwarded to the Unity Technologies privacy settings. Pressing the “OPT-OUT” button will deactivate data collection by Unity Technologies.

More information on this can be found in Unity Technologies’ data policy as well as in the data protection FAQs.

6.3.

In order to offer safe and fair gaming to all users, we make reasonable use of playing, registration and access data (e.g. IP addresses) in order to detect unusual activity or conduct that we know from experience indicates fraudulent or abusive use of our online games (e.g. suspicious reaction behaviour indicating the use of bots or cheats, or multiple logins from different devices at the same time). We also use this data to investigate complaints we receive from other users. In cases of suspected fraud or abuse, we may temporarily suspend your player account in order to protect you, other users and/or Spiele-Palast from fraud or abuse. If this happens, Spiele-Palast will inform you on your next login attempt of the suspension and, if applicable, any information or steps required to lift the suspension. The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our and our users’ legitimate interest in preventing fraud and abuse.

7. Chargeable content

You can add paid content (“premium content”) to our online games. Should you wish to purchase premium content, you will be required to enter your payment details. We have commissioned the following service providers to process the following payment methods:

  • for payment via Sofortüberweisung: Sofort GmbH, Theresienhöhe 12, DE-80339 Munich
  • for payment via PayPal: PayPal (Europe) Sà r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg
  • for payment via Boku: Boku Payments Inc, 735 Battery Street, 2nd Floor, San Francisco, CA 94111, USA
  • for payment via DaoPay: DaoPay GmbH, Hackhofergasse 5/14, AT-1190 Vienna, Austria
  • for payment via Facebook: Facebook Payments International Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, 2 Ireland
  • for payment via Google Play: Google Payment Limited, Belgrave House, 76 Buckingham Palace Road, London SW1W 9TQ, UK
  • for payment via Amazon: Amazon Media EU Sà r.l. (Société à responsabilité limitée), 5 Rue Plaetis, L-2338 Luxembourg
  • for payment via Apple iTunes Store: Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland
  • for payment via Steam: Valve Corporation, 10500 NE 8th Street, Suite 1000, Bellevue, WA 98004-4345, USA
  • for payment via Microsoft Store: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

All information that you provide to the aforementioned service providers in the context of payment processing will not be transferred to us by them. We only receive information that payment for the respective Spiele-Palast GmbH offer has been made by the respective buyer.

8. Chat with other players

8.1.

Some of our online games may offer you the opportunity to chat directly with other players and friends. Chat logs are stored here as follows: There are three different types of chat: 1. Public chats at the gaming table, 2. Club chats and 3. Private chats between individual players. We create chat logs for chats of type 1. (public at the gaming table) and type 2. (club chat), but not for type 3. There is also automated recognition of expletives with no. 1 (public chats at the gaming table), which can result in a warning or temporary suspension for the player. The chat logs are automatically deleted within 30 days. The legal basis for processing the chat logs is Article 6(1)(1)(b) of the GDPR. In the event of legitimate interest (e.g. insults or other improper or punishable behaviour), we also store individual chats for longer. The legal basis is Article 6(1)(1)(f) of the GDPR. Our interest is in protecting our players from insulting and other inappropriate comments.

8.2.

Messages sent via the “Private chat” function are only visible to the recipient you have selected. Messages sent via the “Club chat” function are only visible to the members of the respective club.

9. Google Analytics and Firebase

9.1. Google Analytics

Our apps use Google Analytics, an analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses technologies to analyse and improve our apps based on your user behaviour. The data resulting in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data are transferred to the USA, Google is contractually committed to us to provide an appropriate level of data protection in accordance with the EU standard contractual clauses. However, your IP address is truncated before the usage statistics are evaluated, so no conclusions can be drawn about your identity. For this purpose, Google Analytics was extended in our apps by the code “anonymizeIP” in order to guarantee the anonymised collection of IP addresses.

Google will process the information obtained via the analyses in order to evaluate your use of the app, to compile reports on the activities for the app operators and to provide further services associated with the use of the app and the Internet. We use Google Analytics to analyse usage behaviour and for evaluation of the associated data in order to adapt our apps accordingly. The legal basis for this data processing is Article 6(1)(1)(f) of the GDPR.

You can configure our apps such that Google Analytics is not used. Use the “Tracking data” button in the data protection window of our app. This will prevent Google Analytics from collecting data on this app in the future (the opt-out only works on this particular device). If you wish to delete the data in our app, you must use this button again.

More information on this can be found in Google’s privacy policy.

9.2. Google Analytics for Firebase

We also use the analytics service “Google Analytics for Firebase”, which is offered by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”). It processes technical usage data (e.g. IP address of your device, installation data such as the app version and time of installation, information on the content and functions you use, information on clicks, duration of use and information on your device such as device model and operating system). The information is collecting in pseudonymous form using so-called identifiers, e.g. in the form of the Apple Advertising ID or the Android Ad ID. Google will use this information for the purpose of evaluating your use of our websites and apps on our account, compiling statistical reports on general usage patterns for us and providing other services associated with use and internet usage for purposes of market research and tailoring our offerings to meet customer needs. As part of the reports, Google may also provide us with statistical data regarding the age structure of our users and other compiled demographic data. In the event that personal data is transferred to the USA, Google is contractually committed to us to provide an appropriate level of data protection in accordance with the EU standard contractual clauses.

The legal basis for this data processing is Article 6(1)(1)(f) of the GDPR.

You can configure our app such that Google Analytics for Firebase is not used. Use the “Tracking data” button in the data protection window of our app. This will prevent Google Analytics for Firebase from collecting data on this app in the future (the opt-out only works on this particular device). If you wish to delete the data in our app, you must use this button again.

Further information can be found in Firebase’s privacy policy.

10. Analysis via Adjust

To improve our apps, we use the services of “Adjust” (adjust GmbH, Saarbrücker Str. 38a, DE-10405 Berlin, Germany) for the apps on iOS and Android.

These processes take place anonymously or using pseudonyms, but never with direct association to a data subject. We would like to explain these technologies to you in more detail below. For this purpose, in addition to usage data, the following data may be processed: IP address, MAC address, mobile identifier depending on your mobile device such as iOS IDFA and IDFV, Android ID or Google Advertising ID (if Google Play services have been activated on your mobile device). The data will be transferred to an Adjust server where they are stored and evaluated. The corresponding results will be returned to us in anonymised form. Working with our partner Adjust, we use the information to tailor our advertising to you and your interests, to evaluate the effectiveness of our promotional campaigns and to better understand user behaviour after you have viewed a particular advertisement and then downloaded our mobile app. In addition, Adjust enables us to track certain events such as creating a user account, reaching 20 game rounds, completion of a purchase.

Further information about Adjust can be found at https://www.adjust.com/privacy-policy/ and at https://www.adjust.com/gdpr/.

You have the option to object to such analysis of your usage behaviour at any time by visiting the website https://www.adjust.com/opt-out/, selecting the terminal to which the objection applies and specifying the identifier of your mobile terminal (opt-out). Adjust will immediately terminate the corresponding usage tracking. If you have further questions about the opt-out, contact privacy@adjust.com or legal@adjust.com. Alternatively, you can use the “Tracking data” button in the data protection window of our app. This will prevent Adjust collecting data within our app in the future (the opt-out only works on this particular device). If you wish to delete the data in our app, you must use this button again.

The legal basis is Article 6(1)(f) of the GDPR, based on our legitimate interest in the analysis of the usage behaviour to improve and further develop the app.

11. Online advertising

11.1. Facebook app events

For marketing purposes, our apps use so-called conversion and retargeting tags (also “Facebook Analytics” or “Facebook App Events”) from the social network Facebook, a service offered by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use Facebook Pixel to analyse the general use of our apps and to track the effectiveness of Facebook advertising (“conversion”). In addition, we use the Facebook pixels to show you individualised advertising messages based on your interest in our products (“retargeting”). For this, Facebook processes data that the service collects on our apps. However, data processing only takes place when the purchase process has begun at Spiele-Palast or a purchase has been completed.

Please note that the data resulting in this context can be transmitted by Facebook to a server in the USA for evaluation and processed there. There is currently no decision by the EU Commission that the US provides an adequate level of data protection. In particular, there is a risk that your data processed by Facebook in the USA may be collected by US security authorities also without a court order or legal protection.

If you are a member of Facebook and Facebook has permitted it via your account’s privacy settings, Facebook may also link the information we collect from your visit to us to your member account and use it to target Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a member of Facebook, you can stop processing of your information by clicking the “Tracking data” button in the data protection window of our app. This will prevent Facebook App Events collecting data within our app in the future (the opt-out only works on this particular device). If you wish to delete the data in our app, you must use this button again.

If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the information collected about you.

More information on this can be found in Facebook’s data policy.

11.2. Google Ads conversion tracking and remarketing

Our websites and apps use the conversion tracking and remarketing Google Ads services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Google Ads is used by us to capture specific customer actions (such as clicking on an advertisement, page views, downloads and purchases) and to analyse them to display individualised advertising messages within the Google advertising network (such as Google Search, Play Store, YouTube, or third-party websites and apps). Google uses cookies and similar technologies for this purpose. The data resulting in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data are transferred to the USA, Google is contractually committed to us to provide an appropriate level of data protection in accordance with the EU standard contractual clauses.

If you use a Google account, Google may – depending on the settings saved in your Google account – link your web and app browser history with your Google account and use information from your Google account in order to personalise advertisements. If you do not wish for this allocation to the Google account, it will be necessary for you to log out before visiting our website at Google. As set out above, you can so configure your browser that it rejects cookies. You can also turn off “ad personalization” on Google’s ad settings page. Once you’ve turned off ad personalization, Google will only display general Google ads that are not selected based on the information collected about you. More information on this can be found in Google’s ads and data section and in Google’s privacy policy.

12. Recipient of the data

The data collected by us will only be transferred if this is necessary to fulfil the contract or for provision of the technical functionality of the apps or if there is another legal basis for transferring the data.

12.1.

A portion of the data processing can be conducted by our service providers. In addition to the service providers mentioned in this privacy policy, this may include data centres that store our apps and databases, IT service providers which maintain our systems and consulting firms. Should we transfer data to service providers, they may use the data solely for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions and have appropriate technical and organisational measures in place to protect the rights of the data subjects.

12.2.

For the technical provision of our website, online games and backend systems we use server services (e.g. application hosting, database server) from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (“AWS”), which processes our data on our account. Data processing by AWS takes place in a computer centre within the EU. In exceptional cases, the parent company of AWS (Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109, USA) may also access the data for maintenance purposes. In the event that data has to be transferred to the USA, Amazon Web Services, Inc. is contractually committed to us to provide an appropriate level of data protection in accordance with the EU standard contractual clauses.

Further information can be found in AWS’s data policy.

12.3.

Since our online games offer a multi-player experience, in some of our online games certain game data (e.g. player name, club, rating, game statistics and, if applicable, profile picture) is published on our website and in our online games for all users in the form of highscore lists, live statistics or in similar form, in order to give them a realistic impression of the game activity and level of play. The legal basis is Article 6(1)(b) of the GDPR.

12.4.

In addition, a transfer may occur in connection with official enquiries, court decisions and legal proceedings if required for legal prosecution or enforcement.

13. Newsletter

You have the opportunity to subscribe to our newsletter, in which we provide you with regular information about innovations to our products and campaigns.

You can subscribe to our newsletter by registering on our app by email and then confirming your email address in the welcome email. The welcome email will once again make separate reference to the newsletter. However, use of the games offered by Spiele-Palast, does not require confirmation of the email address and therefore registration for the newsletter. You may unsubscribe from the newsletter at any time without incurring any costs other than the transmission costs in accordance with the basic tariffs. An “unsubscribe link” can be found in each newsletter. Notification via the contact data specified above or in the newsletter (e.g. by email or letter) is, of course, also sufficient. The legal basis for the processing is your consent as per Article 6(1)(a) of the GDPR.

In our newsletters we use commercially available technologies to measure interactions with the newsletters (e.g. opening of the email, clicked links). We use these data in pseudonymous form for general statistical evaluations as well as for the optimising and further development of our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data are collected exclusively in pseudonymous form and are not associated in any way to your other personal data. The legal basis for this is our above-mentioned legitimate interest as per Article 6(1)(1)(f) of the GDPR. We want to use our newsletters to share content that is as relevant as possible to our customers and, as a result, to better understand what our readers are actually interested in. Should you not wish your usage behaviour to be analysed, you may unsubscribe from the newsletter or deactivate the graphics in your email program as standard. The data on the interaction with our newsletters are stored pseudonymously for 30 days and subsequently completely anonymised.

14. SendGrid as e-mail service provider

For the services on our app, we use the email delivery service provider “SendGrid” of SendGrid, Inc. (1801 California Street, Suite 500 Denver, Colorado 80202, USA). Two different types of emails are delivered using SendGrid. On the one hand, we use the service to send individual emails within the scope of contract performance (e.g. purchase confirmation, registration emails, password recovery emails). On the other hand, we also use the service to deliver our newsletter. In both cases, SendGrid receives the emails of the recipients from us. In some cases, additional data such as the player’s name or chip balance, as far as this is necessary for filling in placeholders in a newsletter. SendGrid acts as an email server and sends the information to the email addresses listed in the registration form. In the event that personal data are transferred to the USA, SendGrid is contractually committed to us to provide an appropriate level of data protection in accordance with the EU standard contractual clauses. The use of the SendGrid delivery service provider is based on our legitimate interests as per Article 6(1)(f) of the GDPR on the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.

More information on this can be found in the data protection policy from SendGrid and especially for the email delivery at https://sendgrid.com/policies/email/.

15. Storage period

In principle, we store personal data for only as long as is necessary to fulfil the contractual or statutory obligations for which we have collected the data. We then delete the data immediately, unless we need the data until the end of the statutory limitation period for purposes of evidence for civil claims or due to statutory retention obligations.

For evidence purposes, we must retain contract data for a further three years beyond the end of the year in which our business relationship with you is terminated. Any claims shall lapse after the statutory period of limitation at the earliest as of this date.

Even after that, we must still store some of your data for accounting reasons. We are obliged to do so on the basis of statutory documentation obligations that may arise from the German Commercial Code, the Fiscal Code of Germany, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified therein for the retention of documents range from two to ten years.

Insofar as personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, the personal data shall be deleted here at the latest when the legitimate interest in its processing no longer exists or the user requests the deletion of the data.

16. Your rights

You shall have the right to request information about our processing of your personal data at any time. Within the scope of providing information, we will explain the data processing and provide you with an overview of the data we have stored which relates to you. Should the data stored by us be incorrect or no longer up to date, you shall have the right to have these data corrected. You may also request that your data be deleted. If, in exceptional cases, deletion is not possible due to other legal regulations, the data shall be blocked such that they are only available for this statutory purpose. The processing of your data may also be restricted, for example if you believe that the data we have stored are incorrect. You also have the right to data portability, i.e. we will send you, on request, a digital copy of the personal data you have provided to us.

To exercise your rights as described here, you may contact us via the above contact details at any time. This shall also apply if you wish to receive copies of guarantees to prove an adequate level of data protection.

Finally, you shall have the right to complain to our data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are resident or working, or in the location of the suspected infringement. In Berlin, the location of the registered office Spiele-Palast GmbH, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, DE-10969 Berlin.

Right of revocation and objection

You have the right to revoke your consent at any time. The consequence of this is that we shall not continue processing data based on this consent in the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent prior to revocation.

Insofar as we process your data on the basis of legitimate interests, you shall have the right to object to the processing of your data at any time for reasons arising from your particular situation. Should you object to data processing for direct marketing purposes, you have a general right of objection, which we will implement without you giving any reasons. In the event of an objection to an automatic temporary suspension of your player account (see clause 6.3), you have the right to contest the suspension, to inform us of your own position, and to request that one of our employees manually review the suspension (also taking into account your point of view).

Should you wish to utilise your right of revocation or objection, an informal communication to the above-mentioned contact data is sufficient.

17. Changes to this Privacy Policy

We may update this privacy policy from time to time, for example when we adapt our apps or change the statutory requirements.