Data Protection Declaration of Foosio Entertainment Limited, 10 Lapsi Street, STJ 1261 St. Julian's, Malta ("Foosio"; "we") concerning the website http://www.foosio.com/ ("Website"), the web application and the iOS and Android offered Apps ("App") and all data processing activities carried out within the Website and the App.
Thank you for your interest in our products. Below we inform you in detail to what extent we process your personal data and what rights you have in this regard. The protection of your privacy is a high priority to us. The following declaration is intended to inform you comprehensively on what (personal) data we collect while using our services as well as how we deal with it and which rights you have within this context. Our Data Protection Declaration complies with the General Data Protection Regulation of the European Union ("GDPR").
Data protection regulations must always be observed when personal data is processed. For the scope of this Data Protection Declaration, the definitions of the GDPR are relevant. Thus, the "processing" of personal data essentially includes any handling of the same. As far as data processed by us are human-related and—even if only through third parties or by means of additional knowledge—make you identifiable as a person (in particular, have your full name brought to light), it is basically personal data.
We differentiate between a Freemium model, a B2B model and a B2C model, all of which are available via the web application and the App. Due to the different design of the models, data processing also takes place with slight deviations.
In all web applications and apps made available by us, data that damage reputation, offend, abuse, mock, defame, endanger minors or otherwise unlawful or questionable may under no circumstances be posted. Furthermore, the posting of special categories of personal data (in particular so-called sensitive data on racial and ethnic origin, political opinions, religious or ideological beliefs, trade union membership as well as genetic data, biometric data to clearly identify a natural person, health data or data on a natural person's sexual life or sexual orientation) is prohibited.2. Data Processing following the Access of Our Website
You have the possibility to use the App and web application offered by us to a very limited extent without registration. In this case we process your IP address and metadata to your surfing behavior (e.g. date/time of retrieval, requesting provider). This data processing is carried out for the purpose of traceability of visitors, checking the effectiveness of advertising measures, playing off targeted advertising elements and messages as well as for the purpose of safety and improving the quality of our offer and is based on our legitimate interests, namely achieving the purposes just mentioned (Art 6 Paragraph 1 lit f GDPR). To whom this data is (can be) transmitted, see point 10. The data will be deleted according to our deletion concept as soon as it is no longer necessary for the purposes mentioned.3. App
If you install and start our App on a mobile device, your IP address and other metadata that allow us to draw general conclusions in connection with the usage of our app are collected and processed automatically. The explanations under point 1 apply analogously. This also includes device-specific information (device ID, operating system, platform). This data processing is based on the overriding legitimate interests of Foosio (Art 6 paragraph 1 lit f GDPR) and enables us, among other things, to continuously improve the quality of our App and to offer our users the best possible service. It also enables us to monitor the effectiveness of advertising measures and to implement correctives. Furthermore, the App does not request any specific authorisation from you, which is why we are unable to access any personal information (such as the address book).4. Newsletter
On our Website, you also have the opportunity to register for our newsletter. To register, we must collect and store your e-mail address and your full name (first name, surname). Your e-mail address is required to send the newsletter (Art 6 paragraph 1 lit b GDPR); your name is required to address you correctly. We collect your name to maintain the quality of our newsletter and for organisational reasons, pursuant to Art 6 paragraph 1 lit f GDPR. The newsletter is sent exclusively to the e-mail addresses provided by interested parties. If you no longer wish to receive the newsletter, you may unsubscribe at any time by clicking on the respective button at the end of each newsletter. Unless otherwise provided for by law, and unless the data is processed on a separate legal basis, data collected for sending the newsletter will be deleted after unsubscribing.
Your data will only be used to send you the newsletter.
To send the newsletter, we use the service "dmaxepaper", which is provided by Dmax.tv, Cat Lane, Swatar, BKR 4402, Malta, as SaaS (Software as a Service). Dmax.tv provides us with the software to create and automatically send the newsletter, and the data collected in connection with the newsletter is passed on to Dmax.tv; however, Dmax.tv will not process your personal data any further. Additionally, Dmax.tv acts as our processor and is contractually bound to our privacy standards.5. Data Processing by using the Freemium-Model
When using the Freemium model, the user can decide to make purchases, but can also use the basic functions of the game without making any purchases.
If you do not register, we will process your data as described under point 1.
Registration is required to use the game. In the course of this registration and your activities, we collect and process (in addition to the data mentioned under point 1):
Payment and user KYC data via App Store (Apple App Store or Google Play Store) or Payment Provider (depending on provider, e.g. proof of residence by invoice, identification by passport)*
The data marked with an * are necessary for you to be able to use our offer. In this respect, the processing takes place on the basis of the fulfilment and preparation of the contract (Art 6 paragraph 1 lit b GDPR). The provision of your data is voluntary; however, we cannot make our range of services available to you if you do not provide your personal data.
We collect the data
The purposes pursued here are (within the framework of the performance of the contract):
The processing of the following data not marked with * in the list serves the legitimate interests of Foosio, namely to achieve the following purposes:
All data collected will be transmitted for marketing purposes to e-quadrat Communications GmbH, based in Austria. This transfer only takes place if you have given us the corresponding data protection consent within the scope of the registration process. You can revoke the consent at any time, whereby a revocation has no retroactive effect. You are not obliged to give such consent in order to be able to use our offer.
A detailed breakdown of which data are collected and processed within the framework of which processing on what legal basis and for what purpose can be found in record of data processing activities.6. Data processing when displaying Advertising Content
We are reliant on the marketing of our advertising opportunities on our Website by advertisers. Only then is it possible for us to operate this Websiste. Advertisers provide you with online advertising based on your usage; concurrently, they are interested in valid information about the scope of their advertisement. If you want to deselect this tracking, you will find detailed instructions at http://www.youronlinechoices.com/uk/your-ad-choices.
By using tracking applications, we as publishers are responsible for the processing of data together with our partner, E-Quadrat Communications GmbH ("E2"), Rathausstraße 19, 1010 Vienna, Austria, email: firstname.lastname@example.org. E2 cooperates when it comes to website marketing with different companies, which take on different functions depending on the tasks involved. According to the GDPR we are to be qualified as publisher and E2 as independent controller or processor. In the context of data processing when displaying advertising content, however, there is joint responsibility with E2 according to Article 26 GDPR.
E2 uses the tracking tool Cxense of Cxense ASA, Karenslyst Allé 4, 0278 Oslo, Norway as well as the adsystem Oddsserve using the adserver of ADITION technologies AG, Oststraße 55, 40211 Düsseldorf, Germany. In order to correctly provide online advertising based on usage, your behavior on the Website is analyzed and enriched by additional sources, device data or profile parts from registration areas, but only in a pseudonymized form, what makes you unidentifiable as a person.
The processing of data when providing advertising content is carried out for the purpose of measuring reach, providing online advertising based on usage and targeted advertising elements and messages, checking the effectiveness of advertising measures, as well as for the marketing and monetization of the Website and is based on Article 6 (1) (f) GDPR (overriding legitimate interests, namely the attainment of the stated purposes, in particular the financing of the Website, measurement of range, marketing of advertising spaces and display and provision of usage-based online advertising as well as the targeting of advertising elements).
The following link https://www.e-2.at/en/privacy-policy/ provides specific information about the applications of Cxense and Oddsserve, the technology on which they are based, the collected data categories, the rights of the data subjects, the opt-out options, the right of appeal, the competent supervisory authority, the storage period, the data processing as well as the purpose of the processing by E2, the recipients of data as well as the possibility to contact the data protection officer of E2.7. Data storage and Deletion
Your personal data will only be kept by us for as long as reasonably deemed necessary by us to achieve the purpose of performance of the contract and as permitted by applicable law. We store the personal data in any case as long as legal storage obligations exist or limitation periods for potential legal claims have not yet expired. If the storage of the data is no longer required for the purposes of the original collection (or within the scope of a legally permissible change of purpose) and there are no legal provisions to the contrary, we will arrange the data deletion. For this purpose, we have implemented a deletion concept that records all personal data.8. Data transmission
For the purposes explained in this Data Protection Declaration, we will transfer your (personal) data to recipients of the following categories:
Within our organisation, those departments or employees who need your data to fulfil their contractual or legal obligations and as a result of data processing based on our legitimate interests, will receive it.
Furthermore, (external) contractors commissioned by us receive your data if they require the data to provide their respective service (whereby access to personal data is sufficient). All contractors are contractually obliged to treat your data confidentially and to process it only within the scope of the provision of services. This includes the following categories of recipients:
We have a constantly updated list of our recipient categories with regard to data transfers and contract processors.
In addition, as already mentioned under point 5 above, we transmit, with the corresponding consent, the data to e-quadrat Communications GmbH, a marketing company based in Austria.
Some of the recipients mentioned above are outside the EU or process your (personal) data there. However, we take measures to ensure that all recipients have an adequate level of data protection. To this end, we conclude standard contractual clauses, for example, which can be submitted on request. Alternatively, we use providers that are certified according to the EU-US Privacy Shield and for this reason have an appropriate level of data protection according to the GDPR (according to the adequacy decision of the European Commission).
If we use contract processors, they are bound to our data protection practice as previously mentioned and will treat your personal data strictly confidential. Under no circumstances will they transmit your data to third parties or use it for purposes other than those intended to fulfil their obligations towards Foosio or in accordance with our express instructions without our express consent.9. Rights of the Data Subject
A central aspect of data protection regulation is the implementation of adequate opportunities to allow for the disposition of personal data even after such data has been processed. For this purpose, a series of rights of the data subject are set in place. Foosio shall comply with your corresponding requests to exercise your rights without undue delay and in any event within 1 (one) month after receipt of the request. To exercise your rights, please contact us at the following email address: email@example.com.
Specifically, the following rights are entailed:
Please also note that we may not be able to comply with your request due to compelling reasons worthy of protection for processing (balancing of interests) or processing due to the assertion, exercise or defence of legal claims (on our part). The same applies in the case of excessive requests, whereby a fee may be charged here as well as in the processing of manifestly unfounded requests.10. Data Security
Foosio takes all appropriate technical and organizational measures to ensure that only personal data whose processing is absolutely necessary for business purposes are processed by default. The measures we have taken concern both the amount of data collected, the processing scope and its storage period and accessibility. On the basis of these measures, we ensure that personal data by default is only made available to a narrowly limited and necessary number of persons. Under no circumstances will other persons be granted access to personal data without the express consent of the data subject. We also use various protection mechanisms (backups, encryption) to secure the Website and other systems. This should serve to protect your (personal) data as best as possible from loss or theft, destruction, unauthorized access, alteration and dissemination.
All Foosio employees have been sufficiently informed of all applicable data protection regulations, internal data protection regulations and data security precautions and are required to keep secret all information entrusted or made available to them in the context of their professional employment. The requirements of the GDPR are strictly observed and personal data is only made available to individual employees insofar as this is necessary with regard to the purpose of data collection and our obligations arising therefrom. If we use contractors, they are also obliged to comply with all applicable data protection regulations on the basis of specific framework agreements. Furthermore, when handling your (personal) data, they are strictly bound to our guidelines, in particular with regard to type and scope.11. Push-Notifications
Both on our Website and within our App, push notifications are offered to draw your attention to relevant information in connection with our offer.
If you visit our Website and the browser you are using supports push notifications, a window will appear. You will be asked if you want to allow push notifications from our Website. If you choose to block our push notifications, the browser will not display any information or news in this way. You must explicitly confirm if you would like to receive notifications. Push notifications can also be managed in the browser settings. Instructions for the most common browsers can be found at https://pushassist.com/knowledgebase/how-to-enable-or-disable-push-notifications-on-chrome-firefox-safari-b/.
After installing the App, push notifications are automatically activated on your device, depending on the software, or you may be asked whether the App is allowed to display notifications. However, push notifications can also be deactivated for individual apps in the settings of the mobile device, although differences may occur depending on the platform and operating system.12. Cookies
Most browsers automatically accept cookies. However, you have the option of adjusting your browser settings so that cookies are either generally rejected or only certain types are permitted (e.g. restriction of refusal to third-party cookies). If you change your browser's cookie settings, however, our Website may no longer be used in full. You will find the setting options for the most common browsers under the following links:
If you are of the opinion that we violate applicable data protection laws when processing your data, you have the right to file a complaint with the relevant national data protection authority. The requirements for such a complaint are based on the respective national implementation law of the GDPR, as the GDPR itself does not provide for any regulation in this respect. However, we ask you to contact us in advance in order to clarify any questions or problems.14. Google Analytics
Our Website, web application and App use web analysis tools of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), which enable us to analyse how you use this Website, web application and/or App. In this context, we process your data on the basis of our legitimate interest in producing easy-to-use website access statistics in a cost-efficient manner (Art 6 Paragraph 1 lit f GDPR).
By using the software, a cookie is set (for the client ID), which is stored on your computer. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this Website, your IP address will be reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to its transmission to a Google server in the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services relating to Website and internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. Google cannot find out who you are.
Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and to maintain a level of data protection in line with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list. In addition, all services Google offers via Firebase are ISO 27001 certified.
With the procedure described under point 14 you can prevent the storage of cookies by a corresponding setting of your browser software (possibly limited to third party cookies). You can also prevent Google from collecting data generated by cookies and relating to your use of the Website (including your IP address) and from processing this data by downloading and installing an appropriate browser plug-in (http://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can also set an opt-out cookie, which is stored on your device and also prevents Google Analytics from collecting your data. If you delete your saved cookies, however, this step is required again. However, we would like to point out that you may then not be able to use all functions of the website to their full extent.
Further information on data protection in connection with Google Analytics and your options in this regard can be found at https://www.google.com/analytics/learn/privacy.html?hl=en-GB.15. Contact Details regarding Data Protection Issues
In case you have any questions or requests concerning our privacy practices or if you would like to exercise your right of information, rectification or deletion, please send us a written request outlining your desire to:
Foosio Entertainment Limited
10 Lapsi Street
STJ 1261 St. Julian's
Data Protection Officer: VACE Systemtechnik GmbH, also available at firstname.lastname@example.org