Privacy Policy Website

Privacy Policy

Effective: January 13, 2025

A. General Privacy Policy provisions relating to GDPR (all users)

1. General information

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our apps and website and the functions and content associated with it. Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

California Notice: California residents can learn more about our information practices by visiting our California Privacy Notice here.

Covered States Privacy Rights: Residents of certain U.S. states other than California have additional privacy rights. To learn more about these rights, see here.

1.1 Controller within the meaning of data protection law

During the data processing described in this Privacy Policy, Gimica GmbH (Gimica) and JustPlay GmbH (JustPlay) (hereinafter the "Controllers") work closely together to provide our users with Gimica's game apps and JustPlay's associated rewards program. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible (Art. 26 GDPR) for the protection of the personal data they process to the extent described below (2.1 – 2.5).

Contact details:

Gimica GmbH

Ludwig-Ganghofer-Str. 1, 82031, Grünwald, Germany

JustPlay GmbH

Bunnenstr. 11a, 10119, Berlin, Germany

email: dataprotection@justplayapps.com

Within the scope of their joint responsibility under data protection law, the Controllers have agreed between themselves which one of them fulfils which obligations under the GDPR and have specified this in a written agreement. The essence of this agreement can be found here.

1.2 Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de

Data Protection Officer Mr. Fünkner
Leopoldstraße 21, 80802 Munich

datenschutzbeauftragter@datenschutzexperte.de

When contacting our Data Protection Officer, please specify the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.

2. Data collection regarding the use of our apps

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you download our apps, register, or log in to the apps and use the apps, certain personal data is processed.

Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

2.1 Access to and storage of information in terminal equipment

By using our apps, access to information (e.g., IP address) or storage of information (e.g., cookies or similar technologies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done based on § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.

In cases where such a process serves other purposes (e.g., the needs-based design of our apps), this will only be carried out based on § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities in our apps.

2.2 Information collected during download of the apps.

When you download the apps, certain required information is transmitted to the app store you have selected (Google Play Store, Apple App Store). In particular, IP address, unique device ID, location, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, app usage data, operating system and its interface language. We have no influence on this data collection and are not responsible for it. The contract is concluded with the respective provider of the store and is handled in accordance with their terms and conditions as well as their privacy policy. Within the scope of your use of the stores, we only process the reviews and associated data published by you on our apps and receive anonymous statistics via the stores, e.g., on download figures, uninstalls and crashes.

2.3 Data processing when using the apps.

As part of your use of the apps, we collect certain data as outlined in detail as below that is required for the provision and use of the apps. The following data is processed for these purposes: internal device ID, version of your operating system, time of access, IP address, content of access, country of access.

This data is collected in order to provide you with the service and related functions and to prevent and resolve misuse and malfunctions. To do so we use our service provider IPQualityScore, LLC to estimate fraud risks and our service provider Ipregistry: PSI IPV Ltd, Oxford, UK to determine the country from which a user logs in based on the IP address.

If you use the JustPlay app, we collect information on your progress in the different game apps of Gimica as well as your advertising data (see below) and connect this data with you via identifiers (GAID / Google App Set ID/ IDFA / IDFV / JustPlay User ID). To do so we use our service provider AppLovin Corporation, 1100 Page Mill Road, Palo Alto, CA 94304.

This data processing is justified by the necessity of the processing for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the apps and by our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in ensuring the functionality and error-free operation of the apps.

Our apps are hosted by an external service provider. We use Google Cloud Services, offered by Google Cloud EMEA Ltd., as a hosting service provider that processes data on servers in several global locations. Personal data collected through the apps is stored on the hoster's servers. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which they commit to protect the data of our customers and not to pass them on to third parties.

For using more functions of the apps, you are asked to provide us with certain other data. Such data will only be sent and provided to us after you clicked the respective submit button within the apps.

If you are using additional payout options in our apps we may ask for your full name and address details and pass this information to the external payment service provider. The payment providers are either PayPal: 2211 N 1st St, San Jose, CA, USA, Tangocard: 4700 42nd Ave SW #430, United States or Tremendous: 592 Union St Ste 502, San Francisco, California, 94123, United States. However, please note that we do not process your payment data and bank account details but use external providers that handle the payments.

For the purpose of managing our customers, we may process user data in internally used systems. We base this data processing on Art. 6 para. 1 lit. b. and f. GDPR. We use our service providers Google Cloud EMEA Ltd., 70 Sir John Rogerson's Quay, Dublin 2, Ireland, Ireland and Metabase, Inc 9740 Campo Rd. Suite 1029, Spring Valley, CA 91977 for this purpose.

You may request the deletion and change of entered data any time via message to dataprotection@justplayapps.com. Please note that this might not apply to data whose processing is needed for legitimate needs. This is in accordance with the “right to erasure” of GDPR.

If the data processed for providing the apps services are considered personal data, such data processing is based on Art. 6 (1) b. or f. GDPR for the purpose of providing our service and analysing those data based on our legitimate interests of improving our product and research purposes.

2.4 Technical functions of the apps

Only if further functions of the apps are to be used in addition to the basic functions, the following accesses can be requested:

Push Notifications: Push notifications are sent to keep you informed about various aspects of the app. Specifically, you will receive notifications regarding:

Status changes in your earnings.
Reminders related to your account or activities.
Updates to the app or its features.
Promotions and offers that may be of interest to you.

The permissions to access the above function are explicitly requested and can be confirmed or denied. Please be aware that with older OS versions explicit requests for push notifications might not occur, but are allowed by default.

If you have granted the individual permission, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. A granted authorization can be cancelled in the settings of the device in most cases at any time (however, this depends on the device and the operating system, which we have no influence on). The lawfulness of the data processing already carried out remains unaffected by the revocation. Please note that permissions that have not been granted may restrict the use of the apps.

2.5 Contact via contact form, e-mail.

If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract.

You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

We may also contact you via app/email for purposes related to the use of the Apps or similar services based on Art. 6 (1) b. or f. GDPR.

In this context, we use our service providers Google Cloud EMEA Ltd., 70 Sir John Rogerson's Quay, Dublin 2, Ireland, Twilio Ireland Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland and Zendesk, Inc, 1019 Market Street San Francisco California 94103, USA.

2.6 JustPlay payout functionality

If and insofar as you want to exchange collected Coins within our JustPlay App into payments or other gratifications and you want to use the payout options as detailed above, we may ask you for your consent to collect and use a photo and facial mapping information in accordance with the Facial Mapping Notice and Consent Policy below.

Please note that JustPlay GmbH is the sole controller for the data processing described below.

You can download our apps from the app store without registering with us. Personal data is not collected for us in the course of downloading the apps. Nor is any personal data passed on to us by the apps store provider. If you want to use pay out functionalities, further details are required to process the payment. The processing of the payment is handled by external payment service providers.

The user payment data is transferred to the payment provider.

The data entered during the payout is processed for the fulfilment of a contract with the user or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). Additional voluntary information is processed on the basis of your voluntarily given consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent with effect for the future at any time. For this purpose, an informal e-mail to the contact details of the controller mentioned at the beginning of this privacy policy is sufficient. The lawfulness of the data processing already carried out remains unaffected by the revocation.

If you register via Facebook (facebook.com) or Google (Google login) we process your email address and name from your user profile on Facebook after you have clicked the respective button. For further details on data processing on Facebook please refer to: https://www.facebook.com/full_data_use_policy

You have the right to change the email address via message to dataprotection@justplayapps.com at any time.

2.7 Technical functions

Only if further functions of the JustPlay app are to be used in addition to the basic functions, the following accesses can be requested:

Camera Access:

The app requests access to your device’s camera for the purposes described in the Facial Mapping Notice and Consent Policy below.

Location Access:

The app requires access to your location data to determine your market for a more tailored user experience. Additionally, location data is used for security and fraud prevention purposes to ensure the integrity of user accounts and transactions.

The permissions to access the above functions are explicitly requested and can be confirmed or denied.

3. Data transfer and recipients

Your personal data is not transferred to third parties, unless

we have explicitly pointed this out in the description of the respective data processing.
you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
the transfer pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern app-hosting services, the dispatch of emails and IT updates and maintenance.

When you use our apps, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA) without an adequate level of data protection, e.g., in the U.S., especially if you have consented to a transfer of your data to our advertising partners.

To ensure an adequate level of data protection when transferring your data to third countries, standard contractual clauses of the European Commission are concluded in accordance with Art. 46 (2) lit. c DSGVO. They oblige the recipient of the data to process it in accordance with the European level of protection. A copy of the standard contractual clauses can be requested via the contact channels indicated above.

If the standard data protection clauses alone are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to safeguard the transfer of data. Furthermore, it is regularly reviewed and evaluated whether these additional measures continue to ensure a sufficient level of data protection or whether further supplementary measures may need to be taken.

To the extent that we grant other parties access to information collected via our apps, they are expected to follow privacy practices no less protective than our practices to the extent allowed by applicable law.

4. Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g., from commercial law and tax law) or as indicated within this privacy policy and the attached Facial Mapping Notice and Consent Policy. The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection. Your profile and account data are deleted after you deleted such data in your apps account or deleted the entire account via the respective button in the apps, which is more or less immediately after such deletion according to our deletion routines.

5. Cookies

Our apps use so-called “cookies” and similar technologies.

Cookies and similar technologies have various functions. They are technically necessary, as certain apps functions would not work without them. Some are used to evaluate user behaviour or display advertising.

The processing of data using strictly necessary cookies or similar technologies is based on § 25 para. 1 s. 1, para. 2 no. 2 TTDSG and a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free delivery of our services.

The processing of personal data using other cookies or similar technologies is based on consent in accordance with § 25 para. 1 TTDSG, Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

You can find more information about processing purposes and our advertising partners below.

Purposes:

01 - Store and/or access information on a device

02 - Select basic ads

03 - Create a personalised ads profile

04 - Select personalised ads

05 - Create a personalised content profile

06 - Select personalised content

07 - Measure ad performance

08 - Measure content performance

09 - Apply market research to generate audience insights

10 - Develop and improve products

List of partners:

Ad Colony: 901 Mariners Island, Blvd, Suite 250, San Mateo, CA94404, United States
AD4Game: Ad4Game Inc on behalf of Liquid Media SARL, Ile Bizard, Quebec, Canada
AdJoe GmbH: An der Alster 42, 20099 Hamburg, Deutschland
Amazon: A9.com inc, 130 Lytton Ave Ste 300 Palo Alto, CA 94301, USA
AppLovin: Applovin Corporation, 849 High Street, Palo Alto CA 94301, United States
BidMachine: 1640 Boro Place, 4th Floor McLean, Virginia 22102, USA
Criteo: 32 Rue Blanche, Paris, France
Digital Turbine: 110 San Antonio St #160, Austin, Texas, USA
Happtiq (Google cloud reseller): 6 Liberty Square #2305 Boston, MA 02109, USA
Facebook A: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
FaceTec: 707 Village Center Cir Ste 250, Las Vegas, Nevada, 89134, United States
Fyber Germany: Fyber GmbH, Wallstr. 9-13, 10179 Berlin
Fyber Israel: Fyber MONETIZATION, 4 Hapsagot Street, St. Petach, Tikva na 49551447 Israel
Gimica GmbH, Ludwig-Ganghofer-Str. 1, 82031, Grünwald, Germany
Google Ads: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Ad Mob Network: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland
Google In App Purchases (PlayDox Games): Google Payment Ireland Ltd. 70 Sir John Rogerson's Quay
Dublin 2, Ireland
Index: 20 California St 6th Floor, San Francisco, United States
Inmobi: Cecil Street 19-08, PRUDENTIAL T SINGAPORE"
Ironsource (=SuperSonic Network): Azrieli Sarona Tower, Derech Menachem Begin 121, Tel Aviv 6701318 Israel
Kayzen: Ackerstraße 29, 10115 Berlin, Deutschland
LINE: Shibuya, 27F, Shibuya Hikarie, 2-21-1, Japan
LiveRamp, 225 Bush Street, 17th Floor, San Francisco, CA. 94104, US
Liftoff: 900 Middlefield Rd 2nd Floor, United States
LoopMe: 32-38 Saffron Hill, London, United Kingdom
MediaNet: 2505 2nd Ave. Suite 410 Suite 300 Seattle, Washington, 98121, United States
Mintegral (=Adlogic): 6 EU TONG SEN STREET 11-20 THE CEN, SINGAPORE
Mobilfuse: PO Box 37, Stirling, NJ 07980, USA
MOLOCO: 601 Marshall St #5th, Redwood City, United States
Ogury: Classic House, Martha's Buildings, 174-180 Old St, United Kingdom
OpenX: 177 E. Colorado Blvd. #3039. Pasadena, CA 91105 USA
Pangle: 13929 34th Rd Apt 6C, Flushing, New York, 11354, United States
PubMatic: 601 Marshall St, Redwood City, United States
Reklamup: Arsus Technologies Ltd., Free Port and Region, Mersin 10, Turkey
SEON Technologies Kft., Rákóczi út 42, 1072 Budapest
Sharethrough: 5455 Av. de Gaspé #730, Montreal, Canada
Smaato: San Francisco, 240 Stockton St, 9th Floor, San Francisco, CA 94108, USA
Start.io: 584 Broadway, New York City, USA
Tapjoy: 353 Sacramento St 6th Floor, San Francisco, United States
Tappx: Carrer de Rosselló i Porcel, 21, 15B, 08016 Barcelona, Spain
The Trade Desk, Inc. 42 N. Chestnut St Ventura, CA 93001 USA
Triplelift: 53 W 23rd St 12th Floor, New York, NY 10010, USA
Unity Ads: Unity Technologies SF, 30 3rd Street, San Francisco, Califonia 94103, USA
Verve / PubNative: Verve Group Europe GmbH , Karl-Liebknecht-Str. 32, 10178 Berlin, Deutschland
Vungle / Liftoff: Vungle Inc., 1255 Battery Street, Suit 500, San Francisco, CA 94111, USA
Xandr: 1 Rockefeller Plaza, New York City, United States

You can change your privacy settings or withdraw your consent at any time by opening the respective opt-out link in the app.

6. Your rights

In the following, you will find information about your data subject rights, which the GDPR grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. If you would like to have your personal data deleted please contact dataprotection@justplayapps.com.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The right to object, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation. This right applies particularly if your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

If you no longer wish to provide us information through our apps, you may uninstall our apps from your device. Note that this action will not delete information we previously collected via our apps nor does it affect our information collection on our website.

If you wish to exercise your right of withdrawal, objection, or any of your other rights, simply send an e-mail to dataprotection@justplayapps.com.

8. Necessity of providing personal data

Providing personal data to allow for a decision on entering into a contract, the fulfilment of such contract or for the implementation of pre-contractual measures is voluntary. However, we will only be able to form our decision in the context of contractual measures if you provide such personal data.

9. Automated decision making / profiling.

For the purpose of fraud detection and prevention, certain criteria such as IP addresses, email-adresses and gaming behaviour are evaluated automatically. If several criteria apply that indicate fraudulent behaviour, players may be partially or completely excluded from using the app. This data processing is necessary to properly process the contract concluded with the user (Art. 6 para. 1 lit. b GDPR, Art. 22 para. 2 lit. a GDPR). Data resulting from such processing will be deleted after the automated evaluation has been completed.

10. Facebook fan page

In case you provide us with data, which is also or exclusively processed by Facebook, the entity Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.

Since a transfer of personal data by Facebook Ltd. to the United States is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the sufficient level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.

If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection, or withdrawal), you can contact both, Facebook and us.

You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:

https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please see Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/

You can use Facebook’s online form to contact Facebook’s Data Protection Officer. To access it, please use the following link: https://www.facebook.com/help/contact/540977946302970.

11. Certain data processing activities not related to our website or our apps

Data processing for statistical purposes using Page Insights

Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights.

This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created based on user behavior and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR and our legitimate interest lies in the optimized presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means.

Data processing for market research and advertising

Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL. The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data that is gathered from memberships on other platforms.

Data processing through making contact

We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide, and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalised, when the regarding circumstances are clarified.

Data processing for the purpose of performing a contract or entering a contract.

If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contract. Please consider that it may be necessary to store personal data of our contractual partners to comply with contractual or legal obligations even after the conclusion of contract.

Data processing on the legal basis of consent

If the respective platform providers request you to consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.

B. Additional Provisions for California users

These additional provisions for California consumers supplement the other parts of our privacy policy and applies only to individuals who reside in California. This section outlines how we collect, use, and share your data, including the use of the Unified ID 2.0 (“UID2.0”) and the RampID (“RampID”) framework, and how we comply with the California Consumer Privacy Act and its implementing regulations (“CCPA”).

1. Personal Information We Collect

We may obtain the personal information listed in “Data collection regarding the use of our apps” from California residents through our apps. For further information please see the table below.

Some of the ways in which we disclose personal information are considered “sales” or “sharing” under the CCPA. Listed below are the categories of personal information we disclose for purposes cross-context behavioral advertising or otherwise sell:

Identifiers
Internet or other electronic network activity information
Geolocation data

The types of third parties to which personal information is sold or shared for cross context behavioral advertising may be third-party advertisers and analytics providers. The purposes for which we disclose this personal information includes showing you relevant ads, marketing, advertising, certain types of analytics, optimizing our services, personalizing content or to serve ads that may be more relevant to your interests, to perform other advertising-related services such as reporting, attribution, analytics and market research, or similar purposes. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

Category of Personal Information Purposes for Collection, Use, and Disclosure

We collect and use different categories of personal information for various business and operational purposes. Below is a detailed breakdown of the types of information we collect and how we use them.

Identifiers

This includes your name, telephone number, email address, mailing address, third-party accounts, unique personal identifier, online identifier, and IP address.

We collect and use this information for the following purposes:

• To communicate with you, including responding to your questions, marketing to you, and providing customer service.

• To operate our business and provide you with our services.

• To conduct marketing, personalization, and advertising.

• For research purposes and business analytics.

• To design, develop, and improve our apps.

• To track the effectiveness of our advertising.

• To personalize your experience on our apps.

• For safety and security purposes.

• To improve our business operations, products, services, and customer experience.

• For other internal business purposes.

• To fulfill our legal obligations.

Customer Records

This includes personal information such as your name, signature, address, employment-related details, and financial information as defined under Section 1798.80(e) of the California Civil Code.

The purposes for collecting and using this information are the same as those listed under Identifiers above.

Internet or Other Electronic Network Activity Information

This includes your browsing history, search history, operating system, and information regarding your interactions with our websites, applications, or advertisements.

We collect and use this information to:

• Provide you with our apps and services.

• Operate our business.

• Conduct marketing, personalization, and advertising.

• Perform research and trend analysis.

• Design, develop, and improve our apps.

• Analyze business trends and conduct business analytics.

• Track the effectiveness of our advertising efforts.

• Personalize your experience on our apps.

• Ensure safety and security.

• Enhance our business operations, products, services, and customer experience.

• Fulfill our legal obligations.

Geolocation Data

This includes your approximate location, which may be derived from your IP address or mobile device.

We use this information for the same purposes listed under Internet or Other Electronic Network Activity Information, as well as:

• To verify your identity.

Inferences from Personal Information

This includes profiles created based on collected data, reflecting your preferences, characteristics, and interests.

We use this information for the same purposes as Internet or Other Electronic Network Activity Information, as well as:

• To verify your identity.

Sensitive Personal Information

Sensitive data may be collected as outlined in our Facial Mapping Notice and Consent Policy.

We use this information for:

• Other internal business purposes.

• Fulfilling our legal obligations.

2. California Privacy Rights

Under the CCPA, you have several rights regarding your personal information:

2.1 Right to Know

You have the right to know what personal information we have collected about you, including:

The categories of personal information we have collected about you;
The categories of sources from which the personal information was collected;
Our business or commercial purposes for colleting, selling, sharing, or disclosing personal information;
The categories of recipients to which we disclose personal information;
The categories of personal information that we sold or shared, and for each category identified, the categories of third parties to which we sold or shared that particular category of personal information; and
The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of personal information.
The specific pieces of personal information we have collected about you.

2.2 Right to Delete

You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.

2.3 Right to Correct

You have the right to request that we correct any personal information we maintain about you that you believe is inaccurate.

2.4 Right to Opt-Out of Sales and Sharing

You have the right to opt-out of the sale of your personal information and to request that we do not share your personal information for cross-context behavioral advertising. If you would like to opt out of sales and sharing you can do so by clicking on the respective opt-out link in the Settings section of our apps. You may also exercise your right to opt-out of certain sales and sharing via an opt out preference signal on our websites. If you choose to use the Global Privacy Control (“GPC”) browser signal, you will need to turn it on for each browser you use.

2.5 Right to Non-Discrimination

We will not discriminate against you for exercising your rights.

2.6 Exercising Your Rights

To exercise your rights, please submit a request by email to dataprotection@justplayapps.com with the subject line “CCPA and Covered State Rights Request.” We may need to verify your identity before processing your request. To verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. In certain circumstances, we may decline a request where we are unable to verify your identity.

If you have any questions or concerns, please email us at dataprotection@justplayapps.com. In certain circumstances, you are permitted to use an authorised agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorised agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us.

We will respond to your requests within the time period permitted under applicable law. If we require more time, we will inform you of the reason and extension period in writing.

2.7 California “Shine the Light” Law

California's "Shine the Light" law permits California residents to request certain information regarding our disclosure of certain personal information to third parties for their own direct marketing purposes. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us at dataprotection@justplayapps.com Any such request must include "California Shine the Light Request" in the subject line and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each calendar year.

C. Additional Provisions for Individuals Who Reside in Covered States

These additional provisions supplement the other parts of our privacy policy and applies only to individuals who reside in states that have comprehensive privacy laws to which we are subject (“Covered States”). If you are a resident of California, please review our California-specific disclosures, above.

1. Privacy Rights

Residents of Covered States may have certain rights relating to your personal data, as described below. To exercise any of these rights, please submit a request by emailing us at dataprotection@justplayapps.com. Please note that we may need to authenticate your identity before your request can be processed. For authentication, you will be asked to verify your identity in accordance with the law.

1.1 Right to Know

You have the right to confirm whether we are processing your personal data, access your personal data, and obtain a copy of the personal data you provided to us in a portable format.

Oregon residents may also request a list of third parties to which we disclose personal data.

If you live in Delaware, you have the right to request a list of the categories of third parties with whom we disclose your personal data.

1.2 Right to Delete

You have the right to request that we delete your personal data. Please note that we may retain certain personal data as permitted by applicable law.

1.3 Right to Correct

You have the right to request that we correct inaccuracies in your personal data.

1.4 Right to Opt-Out

You have the right to opt out of the sale of your personal data, and the use of your personal data for targeted advertising. If you would like to opt out of sales and targeted advertising you can do so by clicking on the opt-out links in the Settings section of our apps. You may also exercise your right to opt-out of certain sales and targeted advertising on our websites via an opt out preference signal. If you choose to use the GPC browser signal, you will need to turn it on for each browser you use.

1.5 Right to Appeal

You have the right to appeal our decision by emailing us at dataprotection@justplayapps.com.

1.6 Authorized Agents

Depending on your state of residency, you may have the right to designate an authorized agent to make certain privacy rights requests on your behalf.

2. Miscellaneous

Please note that if you make a privacy rights request, we will retain the personal data submitted in connection with your request for recordkeeping purposes.

You will not be discriminated against for exercising these rights. We will not deny you any services, nor charge you different prices, in retaliation for exercising your privacy rights.

3. Usage of certain marketing identifiers (only in the US)

3.1 Marketing Identifiers

In order to provide our users with the best experience when using our website, app and/or games we also use further marketing identifiers like UID2.0 and RampID:

UID2.0 is a privacy-focused identity framework that allows for secure, encrypted identifiers to deliver relevant advertising. This system uses email addresses or other forms of identity to create an anonymized identifier that enables us and our partners to provide personalized advertising, while protecting your privacy.
RampID is an identity resolution service that helps us match our data with online and offline information to create a consistent and secure user profile. We receive hashed or pseudonymized identifiers, which are referred to as "RampID Envelopes," allowing us to maintain privacy while delivering relevant and customized services.

3.2 Information Categories

When you interact with our services, we may collect the following types of personal data that can be used for and within the marketing identifiers:

Personal Identifiers: such as your email address or phone number, which may be encrypted and converted into an anonymized identifier.
Device Information: such as your browser type, IP address, and operating system.
Usage Data: such as your interactions with our website or mobile app, including browsing history and search queries.

We collect this information to improve your experience, deliver relevant advertising, and support business operations.

3.3 Use Categories

We use the marketing identifiers to:

Display personalized advertisements that match your interests.
Measure and analyze the effectiveness of our advertising efforts.
Enhance your experience by tailoring content to your preferences.

We only use your marketing identifier data for lawful purposes and in accordance with this privacy policy.

3.4 Third Party Categories

We may share your marketing identifier data with:

Advertising Partners: to provide relevant ads across the web.
Service Providers: who assist us in analyzing and managing our data and delivering advertising services.
Law Enforcement or Regulatory Bodies: when required by law.

3.5 Opt-out Options

If you prefer not to receive personalized advertisements based on your marketing identifier data, you can also:

Use the UID2.0 opt-out page to stop the collection and use of your data in the UID2.0 framework here: https://www.transparentadvertising.com/
Use the RampID opt-out page to stop the collection and use of your data in the RampID framework here: https://liveramp.com/opt_out/

Please note that opting out of personalized advertising does not mean you will no longer see ads, but they may be less relevant to your interests.

D. Facial Mapping Notice and Consent Policy

Effective Date: January 13, 2025

1. Introduction

This Facial Mapping Notice and Consent Policy ("Policy") explains how Gimica GmbH and JustPlay GmbH (collectively, "Company", "we", "our" or "us") collect, use, store, and protect facial mapping data obtained through the FaceTec software("FaceTec")when you use our JustPlay App (the “JustPlayApp”). To the extent there is any inconsistency between this Policy and the above Privacy Policy, this Policy controls with respect to facial mapping data and photos collected through the FaceTec software. This Policy is intended to comply with any federal, state, or local laws that may apply to the facial mapping data. By proceeding to use the FaceTec software, you confirm that you are not doing so from within a jurisdiction where such use is prohibited.

2. Collection of Facial Mapping Data and Photos

In order to use the cashout feature within the JustPlayApp for the first time, you will need to use your device’s camera and software provided by FaceTec that is embedded within the JustPlayApp to scan your face and provide us with facial mapping data that is unique to you, as well as a photo of your face. We use the facial mapping data and photo for the following purposes:

Real person verification: To verify that you are a real person
Fraud prevention: To prevent unauthorized access and fraud. We compare the facial mapping data that you provide with facial mapping data that has been provided by other JustPlayApp users within the last four months to help prevent the same user from creating multiple accounts. We store the facial mapping data that you provide for four months and use your facial mapping data for this purpose as well.
Minor identification: To ensure that users are not underaged minors

3. Storage and Protection of Facial Mapping Data and Photos

Your facial mapping data and photo is stored in our rented server space on the servers of Google Cloud Services provided by Google Cloud EMEA Ltd. (70 Sir John Rogerson's Quay, Dublin 2, Ireland) (please see our general privacy policy in this regard). We implement robust security measures, including encryption and secure storage, to protect your information from unauthorized access, disclosure, or misuse.

Your facial mapping data is stored for up to 4 months and then is securely deleted. Your photo is stored for up to 1 month and then is securely deleted.

4. Sharing of Facial Mapping Data and Photos

Other than as described in this Policy, we do not sell, lease, trade, or otherwise profit from your facial mapping data or photos. The FaceTec software runs within our own environment, and we do not share your facial mapping data or photos with FaceTec. As noted above, the facial mapping data and photos are stored on Google Cloud Services. We may disclose your facial mapping data and photos when required by law, regulation, or legal process, such as a court order or subpoena.

5. Your Rights

Depending on the jurisdiction in which you reside, you may have the following rights regarding your Facial Mapping Data:

Access: Request access to your Facial Mapping Data, and/or information regarding how and why your Facial Mapping Data was collected, and any parties to whom we have disclosed your Facial Mapping Data.

Correction: Request corrections to any inaccurate or incomplete Facial Mapping Data.

Deletion: Request the deletion of your Facial Mapping Data, subject to certain legal exceptions.

Withdrawal of Consent: Withdraw your consent to the collection and use of your Facial Mapping Data, noting that this may affect your ability to use FaceTec.

6. How to Exercise Your Rights

To exercise any of your rights or if you have any questions about this Policy, please contact us at:

Email: dataprotection@justplayapps.com

Address: Monbijouplatz 5, 10178 Berlin

Questions?

For any inquiries and additional questions about processing personal data please contact dataprotection@justplayapps.com. Our contact details may also be found above or in the imprint under the App’s settings menu.

Final notice

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g., the introduction of new services. The most current version applies to your visit.

California

States