Bigitec Studio - Privacy & Security Policy
Last updated: April 2020
Data protection is an important issue for us. Both the protection of the privacy of our users and the security of our data is very serious to us. That is why we handle your data confidentially and properly.
With regard to the other terms used below, such as "controller" or "processor", please refer to the list of definitions in Article 4 of the GDPR.
The processing of personal data in connection with the software solutions distributed by us is carried out by
53111 Bonn (Germany)
(hereinafter "Bigitec", "us", "we").
2. Processing of personal data
We only process personal data if you have consented or if this is permitted by law. This 'prohibition with reservation of permission', which applies in data protection law, means that processing may only take place on the basis of a permissible circumstance. The most important and relevant permissions for us can be found in Art. 6 (1) GDPR. These relate in particular to the case,
- that you or your parents have given their consent, cf. Art. 6 para. 1 sentence 1 lit. a in conjunction with Art. 7 GDPR,
- that the processing of your data is necessary for the fulfillment of our contractual obligations, see Art. 6 para. 1 p. 1 lit. b GDPR,
- or that the processing is based on our legitimate interests (e.g. increasing economic efficiency, analysis and further development of our products), cf. Art. 6 para. 1 p. 1 lit. f GDPR.
3. Type of personal data processed and purpose
(1) Log Files
When using our app, we collect usage data on the basis of our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, which are technically necessary for us to display the app to you and to ensure data security and the stability and security of our IT systems, such as app session time, operating system used, country, ip-address etc.
The processing of the IP address serves the protection against or the traceability of hacker and cyber attacks. The processing of the other data is used to deliver the content of our app, to ensure the functionality of our information technology systems, to optimize our app and to ensure the functionality of the app. The data of the log files are always stored separately from other personal data of the users. This processing of your aforementioned data is necessary to protect our legitimate interests and is justified by a balancing of interests in our favor.
We have a legitimate interest in ensuring that the app and the services offered there function technically and are protected against attacks. Your legitimate interest in not having your aforementioned data used for this purpose does not outweigh our legitimate interest, as we use this data appropriately for the described processing purpose and you also benefit from the functionality of the app.
(2) Usage Data
In the following, we would like to explain to you when personal data is collected during use and what happens with it.
We only request personal data in the app that is necessary for functionality and the user experience. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR. The data is only requested for use on the respective end device and is not passed on to third parties. After deleting the respective user account, all personal data is deleted too.
In the app, we process personal data such as:
- app session, game progress, game save data, highscores etc.
We anonymously track user behavior and use ads to monetize the version of the product.
4. Profiles - Parental consent
Users can create profiles within our products, which are stored on our servers. The profile is stored on our server and used across products, i.e. the same user profile can also be accessed / edited by our other products.
In order to create a profile, the user must either be at least 16 years old and confirm this in the app when asked and, if necessary, prove this with appropriate documents, or the consent of one of the user's legal guardians is required, which is carried out via a registration form and double opt-out verification of the parents' email.
5. In-App Purchase
If our games can be expanded by means of in-app purchases, the billing system of the respective provider (Apple's App Store / Google's Play Store) is used for this purpose. Here, too, the consent of a parent or guardian is required for underage users.
We offer all interested parties the opportunity to sign up for our newsletter. This appears at irregular intervals and keeps you up to date on current products, industry news and everything that Bigitec revolves around.
Purpose of data processing, legal basis and content of consent:
When registering for the newsletter, you only need to enter your first and last name (for a personal address) and your e-mail address. We send our newsletter only on the basis of the consent of the recipients according to Art. 6 para. 1 p. 1 lit. a in conjunction with Art. 7 GDPR. By subscribing to our newsletter, you agree to receive information and promotional materials regarding Bigitec's offers and promotions.
Double Opt-In Procedure: As part of the registration for the newsletter, we use the so-called double opt-in procedure. After registration, the interested party receives an e-mail with a confirmation link to the e-mail address provided, which he must click to confirm the registration for the newsletter. We log the registrations to the newsletter in order to be able to prove the registration process in accordance with the data protection requirements. In this context, we store the time of the registration and the confirmation time as well as the IP address.
Details of the service provider: The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
Furthermore, according to its own information, the shipping service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. for the technical optimization of the shipping and presentation of the newsletter or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties. The use of the dispatch service provider, the performance of the statistical surveys and the analyses as well as logging of the registration process are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GPDR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users.
Statistical collection and analyses: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to the dispatch of the newsletter by the dispatch service provider and to the collection of statistical analyses will expire. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter.
Deletion: If you unsubscribe from the newsletter, your personal data will be deleted.
7. Disclosure to third parties, categories of data recipients
We pass on your data to third parties within the scope of fulfilling our obligations from any underlying contracts in accordance with Art. 6 (1) lit. b GDPR, insofar as this is necessary for the processing of our services.
In addition, we use external technical service providers, as processors according to Art. 28 GDPR, which are carefully selected and monitored by us.
8. Protection of personal data
We secure our app as well as the data stored in our area of responsibility against loss, destruction, unauthorized access, changes or publication by unauthorized persons by means of a bundle of technical and organizational measures in accordance with the state of the art.
The input and transmission of personal data is encrypted using the SSL (Secure Socket Layer) method.
What is SSL?
An app encrypted with SSL transmits personal data to the server in an encrypted form so that it is impossible for third parties to intercept or read it. A certificate verifies our identity.
What is the benefit of SSL?
Due to the encryption of the transmission you can assume that your entered data can only be read by us.
9. Use of Google Analytics
For the pseudonymized analysis of our website, we use Google Analytics, a web analytics service provided by Google Inc. ("Google"), is used. We use Google Analytics to analyze and regularly improve the use of our app. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
This app uses the IP anonymization of Google Analytics. This means that your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this app, Google will use this information for the purpose of evaluating your use of the app, compiling reports on app activity and providing other services relating to app usage and internet usage to the app operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google is certified under the US-EU Privacy Shield Agreement and thus guarantees compliance with the requirements of the GDPR, see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link.
As an alternative to browser add-ons on mobile devices, please click this link to prevent Google Analytics from collecting data within this app in the future (the opt-out only works in the browser used and only for this domain). An opt-out cookie will be stored on your device.
10. Rights of the data subjects
You have the following rights with respect to the personal data concerning you:
- Right to information according to Art. 15 GDPR,
- Right to rectification or deletion according to Art. 16 GDPR or Art. 17 GDPR,
- Right to restriction of processing according to Art. 18 GDPR,
- Right to data portability according to Art. 20 GDPR,
- Right to object to processing pursuant to Art. 21 GDPR.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf.
To the extent that we base the processing of YOUR personal data on the balance of interests, YOU MAY object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process YOUR personal data as we have done. In the event of YOUR justified objection, we will review the merits of the case and either stop or adjust the data processing or show YOU our compelling legitimate grounds on the basis of which we will continue the processing.
YOU MAY object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the contact details listed in section 1.
11. Objection or revocation against the processing
If you (or your parents) have given consent to the processing of your data, you can revoke this consent at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.
TO THE EXTENT THAT WE BASE THE PROCESSING OF YOUR PERSONAL DATA ON THE BALANCE OF INTERESTS, YOU MAY OBJECT TO THE PROCESSING. WHEN EXERCISING SUCH AN OBJECTION, WE ASK YOU TO EXPLAIN THE REASONS WHY WE SHOULD NOT PROCESS YOUR PERSONAL DATA AS WE HAVE DONE. IN THE EVENT OF YOUR JUSTIFIED OBJECTION, WE WILL REVIEW THE MERITS OF THE CASE AND EITHER STOP OR ADJUST THE DATA PROCESSING OR SHOW YOU OUR COMPELLING LEGITIMATE GROUNDS ON THE BASIS OF WHICH WE WILL CONTINUE THE PROCESSING.
YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR PURPOSES OF ADVERTISING AND DATA ANALYSIS AT ANY TIME. YOU CAN INFORM US OF YOUR OBJECTION TO ADVERTISING USING THE CONTACT DETAILS LISTED IN SECTION 1.