DATA PROTECTION STATEMENT
smuttlewerk interactive UG (“smuttlewerk”/“we”) is committed to protecting the privacy of its users (“users”/“you”) with regard to the processing of personal data. smuttlewerk observes the applicable data protection requirements.
We have compiled this document to inform our users about the handling of their data. If you have any questions concerning the use of your personal data by smuttlewerk, or if you would like to revoke a previously granted declaration of consent, please get in touch with us and tell us about the game you play and your platform.
This Data Protection Statement applies to all services offered on the websites operated by smuttlewerk, in particular smuttlewerk.com, (“website”) and mobile applications, as well as the games offered for download via portals such as the Apple App Store and Google Play Store etc. (“games apps” or “apps”)
1. General information on data processing
1.1 Legal basis for the processing of personal data
Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data that was obtained with the consent of the data subject.
Article 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data that is required for the performance of a contract to which the data subject is a party. This also applies to data processing operations that are necessary for the performance of pre-contractual measures.
In as far as the processing of personal data is required for compliance with a legal obligation incumbent on our company, the legal basis for data processing is Article 6 para. 1 lit. c GDPR.
In the event the vital interests of the data subject or another person compel us to process personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis for such data processing.
Article 6 para. 1 lit. f GDPR serves as the legal basis if the data processing is necessary to safeguard a legitimate interest of our company or a third party in a situation where the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the legitimate interest of our company or a third party.
1.2 Deletion of data, storage period
We will delete or block a data subject’s personal data as soon as the purpose of storing the data has been achieved. Personal data can be stored for longer periods if prescribed by a European or national legislator in EU regulations, laws or other regulations that govern the data controller. The data is also blocked or deleted at the end of a retention period prescribed by one of the above regulations, unless the data is required to be stored for a longer period for the purpose of performing or entering into a contract.
1.3 Data security
We always try our best to put reasonable arrangements in place to prevent unauthorised access to your personal data, use of your personal data or manipulation of your personal data and to minimise the risk of these incidents occurring. The provision of personal data is, irrespective of whether disclosed in person, over the phone or via the internet, inevitably associated with certain risks and no technological system is absolutely fail-safe from being manipulated or sabotaged.
We process all information collected from you in accordance with the German and European data protection laws. All our employees are bound by data secrecy and the data protection regulations and have been instructed accordingly. When making a payment, your data will be transmitted using SSL-encryption technology.
2. Collection and use of personal data via the website and apps
2.1 Our website can be used by all users without requiring registration. The following data is collected: internet protocol, IP address, URL of the referring website from which the file was requested, the date and time of access, browser type and operating system, the site visited by you, data volume transmitted, access status (file transfer, file not found etc.), duration and frequency of use. This data is also stored in the log files of our system. The data is not stored together with other personal data of the user.
Each access of a registered user on the website and each file access will cause the following use-specific access data to be transmitted to our server: internet protocol, shortened IP address, the respective device, advertising, user or ad ID, the URL of the referring website from which the file was requested or the ID of the social network if you used one to log on, date and time of access, territory from which the game app was downloaded, state in which the game app was accessed, browser type and operating system, the page visited by you, data volume transmitted, access status (file transfer, file not found etc.), duration and frequency of use, device type, language setting, date of downloading the game app, number of days since downloading the game app, name and number of game apps from Flaregames for which the user is registered. Flaregames also stores the game scores, levels achieved and other game-related data that we require to operate the game app for the user. We further store data for the purpose of placing advertising messages, specifically advertising messages that were delivered to the user. We collect the user’s advertising network ID and information on whether the user found the game app as a result of an advertising campaign.
2.2 To improve the gaming experience for our users, smuttlewerk will collect information on the duration of use, the number of times the games app was launched, internet protocol, device type and operating system, data volume transferred, access status (file transfer, file not found etc), avatar name, download tag and game app version, as well as amounts/tokens you have invested in the game app’s features. This data can be used to generate pseudonymised statistics that help smuttlewerk to make the apps and games even better for you, fix bugs and improve our services. The data is not used for any other purpose specifically related to the data subject. This data will be deleted as soon as there is no further need for their storage, the user has requested the data to be deleted, or a law prohibits the (continued) storage of the data. Data can only be deleted if the deletion is not opposed by a statutory retention obligation.
As a general rule, smuttlewerk will only collect and use the personal data specifically disclosed by the user, i.e. during his registration or login, for the user’s enrolment in prize competitions or use of paid services. Personal data means data that contains information about personal or factual circumstances (e.g. name, address, date of birth, e-mail address).
The contractual use of the games apps requires the collection and processing of the user’s personal data by the stores smuttlewerk has no control over this type of data collection and does not accept any liability or responsibility. Detailed information about the data collected by Google Play and Apple App Store, Windows Store and other stores may be obtained from the data protection statement of the respective store. smuttlewerk processes this data to the extent it is provided by the stores and necessary for downloading the games app to the user’s device, as well as for the operation of the games app. The data is not stored for any other purposes.
The user may be required to disclose additional data, such as his full name, address, etc., for purposes associated with the contractual use of the games app and the performance of the license agreement accepted by downloading the app, and in particular data associated with the use of paid services by the user (i.e. download of a paid app or in-game purchase). smuttlewerk does not collect and process any payment data (bank account numbers, credit card data, etc.).
The legal basis for the temporary storage of data and log files is Article 6, para. 1 lit. f GDPR.
2.3 Collection and Sharing of User Information
Some ad-networks require the usage of user information. This information is
2.4 Data processing purpose
The temporary storage of a user’s IP address by the system is necessary to deliver the services to the user’s computer. This requires the IP address to remain stored for the duration of the session.
The storage in log files serves the purpose of warranting the faultless functioning of the services. The data also assists us in optimising the website and to warrant the security of our computer systems. The data is not analysed for any marketing purposes, it is analysed exclusively for statistical purposes.
Our legitimate and prevailing interest in processing the data pursuant to Article 6 para. 1 lit. f GDPR is based on these purposes.
2.5 Period of storage
The data will be deleted as soon as it is no longer required for achieving the purpose of their collection. Where data is collected for the purpose of making the website available, this is the case when the respective session has ended.
Where data is stored in log files, this is the case after a maximum period of seven days. In certain other cases, your data may be stored for longer periods. If this is the case, the IP addresses of the users will be deleted or anonymised, with the result that the accessing client can no longer be identified.
3. Login via a third-party platform
3.1 By logging into the games via a third-party user account, such as the Facebook account or Google+ account or other social networks, the user declares his consent to the access to and/or storage of
3.3 The user may change his login settings at any time if he wishes to prevent such data from being exchanged with Facebook, Google or other social networks he has previously used to login into on our services.
4. Disclosure of the data to third parties; contract (data) processing
4.1 The user’s personal data will be treated confidential and will generally only be disclosed to external service providers or contractors with the user’s express consent, or if disclosure is necessary to perform a contract, respond to inquiries or to provide customer support. smuttlewerk cooperates with providers who collect and compile statistical data, as well as with IT service providers (i.e. computer centres, hosting, back-up and database services). The user’s legitimate interests are given consideration in accordance with the statutory requirements. The external service providers are under a statutory obligation to treat the data confidential and securely and are only permitted to use the data to the extent necessary to perform their duties. In as far as external service companies perform contract data processing, the statutory requirements pertaining to contract (data) processing are observed.
4.2 In all other respects, personal data is only disclosed if required for the protection of other users, for the prosecution of criminal offences, or as permitted under the statutory data protection regulations. We may in certain cases be compelled to disclose the data on the basis of statutory requirements (i.e. disclosure to investigating authorities). Disclosure is always limited to the extent necessary, legally permitted or prescribed.
4.3 A declaration of consent to the disclosure of data previously granted to us may be revoked at any time and without stating reasons.
5. Modification and deletion
smuttlewerk can, at its own discretion or at the user’s request, complete, correct or delete any personal data stored by smuttlewerk in relation to the operation of this website or the games app that is incomplete, incorrect or outdated.
smuttlewerk complies with the statutory requirements and deletes personal data immediately upon being requested to do so by the user, unless prevented from deleting the data by statutory retention obligations.
7. Links to other websites
Our website may from time to time contain interactive references (so-called links), for which smuttlewerk does not accept any responsibility. smuttlewerk has no control over the content and design of the linked external websites or internet services the user may access via our webpages. The respective operators of these internet services are exclusively responsible for their design, content and compliance with data protection requirements.
8. Push notifications
8.1 Description and scope of data processing
You can set the configurations of your device to permit us to send you push notifications for updates to games apps and other relevant information. You can manage your push settings in the “options” or “settings” menu of your mobile app, or in the settings of your device.
8.2 Legal basis for data processing
The legal basis for the processing of the data for the purposes of a contract is Article 6 para. 1 lit. b GDPR.
8.3 Period of storage
The data will be stored until you delete them.
8.4 Your right to object and contest a decision
For Apple mobile devices: Open the settings on your mobile device (e.g. iPhone or iPad), and select the menu item “Privacy”. You can switch off ad tracking under the menu item “advertising”.
For devices with Android operating systems: Open the settings in your app-list and tap the “Ad” button. Once the ad window has opened, you can disable the Google Advertising ID.
9. Protection of your data
We always try our best to put reasonable arrangements in place that are aimed at preventing unauthorised access to your personal data, use of your data or manipulation of your data and at minimising the risk of these incidents occurring. All our employees have been instructed with regard to their legal obligations to comply with data protection regulation and to maintain data secrecy. Our SSL transmission is certified by different official certificate authorities.
The provision of personal data, irrespective of whether disclosed in person, over the phone or via the internet, carries certain inevitable risks. No technological system is absolutely fail-safe from being manipulated or sabotaged. We would like to point out that there is always a residual risk of a transmission of data over the internet (i.e. communicating by email) being compromised. A fail-safe, guaranteed protection of the data against access by third parties is not possible.
10. Rights of the data subject (the person whose data is collected)
The processing of your personal data makes you a data subject for the purposes of the GDPR. As a data subject, you may assert the following rights against the data controller:
11.1 Right to information
You can request us to confirm whether we are processing any personal data relating to you.
If this is the case, you may request the data controller to provide you with the following information:
You have the right to request information on whether your personal data is transmitted to a third country or an international organization. You may in this respect demand to be informed about the adequate safeguards taken in relation to the transmission pursuant to Article 46 GDPR.
11.2 Right to correction
You have the right to demand from us to correct and/or complete any of your personal data that is incorrect or incomplete. We must correct or complete the data without undue delay.
11.3 Right to restrict the processing of data
You can demand the processing of your personal data to be restricted under the following conditions:
Where the processing of your personal data has been restricted, such data may – except for their storage – only be processed with your consent or for the purpose of asserting, exercising or defending legal interests, or to protect the legal interests of another person or legal entity, or for reasons of a substantial public interest of the European Union or a Member State.
If the data processing was restricted on the basis of the conditions stipulated above, you will be notified by us prior to lifting the restriction.
11.4 Right to the deletion of your data
You may at any time delete your account.
11.4.1 Mandatory deletion
You may instruct us to promptly delete your personal data. We are legally required to delete such data without undue delay, provided one of the following reasons apply:
11.4.2 Notification of third parties
Where we have made your personal data publicly accessible and are required to delete your data under Article 17 para. 1 GDPR, we will, in consideration of the available technology and cost of implementation, take adequate measures, including technical measures, to inform any other data controllers who process such personal data about the circumstance that you as the data subject have requested them to delete all links to said personal data, copies or reproductions of such personal data.
You are not entitled to the deletion of your data to the extent the data processing is required
12 Right to onward notification
Where you have asserted your right to the correction, deletion or restriction of the data processing against us, we are required to notify all recipients your personal data was disclosed to about said correction or deletion of the data, or restrictions imposed on their processing, unless such notification is infeasible or would entail unreasonable effort or expense.
You are entitled to be informed about these recipients by us.
13 Right to data portability
You have the right to receive the personal data disclosed by you to us in a structured, popular and machine-readable format. You further have the right to transfer such data to other data controllers without interference by the data controller said personal data was initially made available to, provided
When you exercise this right, you are further entitled to your personal data being transferred directly from one data controller to another data controller, subject to technical feasibility. This must not curtail the freedoms and rights of third parties.
The right to data portability does not apply to the processing of personal data that is required for the performance of a function in the public interest or in the exercise of public authority conferred upon the data controller.
14 Right to object
You have the right to lodge an objection against the processing of your personal data conducted on the basis of Article 6 para. 1 lit. e or f GDPR at any time for reasons that are attributable to your personal circumstances. This also applies to profiling based on the same provisions.
We will then cease processing your personal data, unless he can demonstrate compelling legitimate interests for the data processing that prevail over your interests, rights and freedoms, or unless the data processing serves the purpose of asserting, exercising or defending legal interests.
Where your personal data is processed for direct advertising purposes, you have the right to lodge an objection against the processing of your personal data for such advertising purposes at any time; this also applies to profiling associated with such direct advertising.
If you lodge an objection against data processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
When using services of the information society, you have the option to exercise your right to object via automated processes that use technical specifications, irrespective of the Directive 2002/58/EC.
15 Right to revoke data protection-related declarations of consent
You have the right to revoke a previously granted declaration of consent at any time. A revocation of consent is without prejudice to the lawfulness of the data processing conducted prior to your revocation.
16 Automated individual decision-making
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which would produce legal effects concerning you or would significantly affect you in a similar way. This does not apply if the decision
These decisions may however not be made on the basis of personal data of special categories pursuant to Article 9 para. 1 GDPR, unless Article 9 para. 2 lit. a or g applies and adequate safeguards for your rights, freedoms and legitimate interests have been put in place.
In the cases referred to at (1) and (3), we take adequate measures to safeguard your rights, freedoms and legitimate interests, which at the minimum includes the right to obtain intervention of a person on the part of the data controller, the right to express your own opinion and the right to contest the decision.
18 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy that may be available to you, you have the right to lodge a complaint with a supervisory authority, in particular an authority in the Member State of your residence, your place of work or the place of the alleged infringement if you have reason to believe that your personal data is processed in violation of the GDPR.
The supervisory authority where the complaint was lodged will inform the complainant about the progress and results of the complaint, as well as the option to seek relief from a court of law pursuant to Article 78 GDPR.
Last Update 06.05.2021