Data Privacy Statement for the Use of the “GIFTPLAY” App
This Data Privacy Statement applies for the offering and use of the “GIFTPLAY” app (hereinafter referred to as “GIFTPLAY”), hereinafter referred to as “we” or “us” for use on your mobile device.
When using GIFTPLAY, personal data will be collected, processed and used by us. Because the protection of your privacy when using GIFTPLAY is important to us, we would like to inform you with the following information about what personal data we collect when you use GIFTPLAY and how we handle this data.
What is Personal Data?
“Personal data” is information, or parts thereof, by means of which you can be identified either directly (e.g. by your name) or indirectly (e.g. by pseudonymized data such as a unique ID). This means that personal data includes, for example, email addresses, addresses, mobile phone numbers, user names, profile pictures, personal preferences and use behavior regarding the apps used on your end device, user content, financial information and health-related information. However, this could also include one-time identifiers such as the IP address of your end device or the browser you use, and other specific information about your mobile device.
This Data Privacy Statement covers all personal data that is stored and processed by you when using GIFTPLAY.
Collection and Use of Your Data
In some cases, you will provide us with immediate access to the data (e.g. when creating a user account and contacting us) and in some cases we will collect the data automatically during the use of GIFTPLAY (e.g. in order to offer our services and understand how you use our services and your apps).
We will use your data to perform and process the contract on the use of GIFTPLAY. Within this framework, we will use your data primarily for the calculation and payment of the rewards acquired by you in the course of your use of GIFTPLAY and inform you about apps participating in GIFTPLAY. Other use will only take place due to other statutory obligations or authorization, if you have granted us permission.
The legal basis for the processing of your data may be the following:
In particular, your personal data will be used as follows during the use of GIFTPLAY:
In order to use GIFTPLAY, you must register for GIFTPLAY.
Consent to the Processing of Personal Data for the Use of GIFTPLAY
When using GIFTPLAY for the first time, you first have to accept our terms and conditions of use during the registration and agree to the processing of your personal data by GIFTPLAY. For this purpose, you have to confirm the following declaration of consent:
I hereby agree that by using GIFTPLAY may use the following personal data:
Registration data (email address, Username, Photo)
Installed apps (including the use duration and use history)
The data is linked to your device via the device ID (GAID or IDFA) transmitted to our servers in encrypted form. So that app providers can finance our app proposals, your device ID must be transferred to them for billing purposes. In order to measure the usage time as well as the installed apps, users can voluntarily upload screenshots from their mobile phone via the GIFTPLAY, after which they will be automatically processed, evaluated, and stored in our system for your membership.
The processing of the above data is required in order to be able to suggest apps available in the GIFTPLAY that match your interests, propose their installation via system notifications, and allow the bonuses earned from using said apps to be calculated. I am aware that the above data results in an interest profile, which, depending on the type of apps I use, may contain particularly sensitive personal data (such as health data or data on my sexual orientation as well as any other data from special categories).
Registration and Registration via Facebook or Google Login
For the registration, in the next step after accepting, you have to decide whether you would like to register via email or with the user data of your Facebook or Google account.
This information is absolutely necessary to be able to identify you. We will collect and use this data to set up and provide GIFTPLAY on your mobile end device. The use of GIFTPLAY is only permitted for people from the age of 18 years.
For the registration, you will be directed to the Facebook or Google page where you can register with your user data and therefore link your Facebook or Google profile to our app. We will hereby automatically receive the following information from Facebook or Google:
We will store the profile image used by you on Facebook or Google and use it to personalize the display within GIFTPLAY on your end device.
Your data will be sent encrypted in the SSL process and will therefore be safely sent from the servers of Facebook or Google.
The provider of social network “Facebook” is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Facebook profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.
Google's services are provided by Google, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Google profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://policies.google.com/privacy.
The use of the Facebook or Google login can lead to your personal data being collected by Facebook or Google and potentially sent outside the EU/EEA, and being stored and used there. This data collection and use is within the area of responsibility of Facebook or Google. The precise use of the data by Facebook or Google is not known to us and we have no influence on what data is collected by Facebook or Google and how it is used by Facebook or Google.
Registration/Setting Up a User Account
To be able to use all functions of GIFTPLAY and in particular to benefit from the reward payments, you have to register for the use of GIFTPLAY by setting up a user account. The registration therefore serves to provide the services of GIFTPLAY and calculate the bonuses or rewards generated by you.
During the registration process, we will collect and store certain other personal data about you for the setting up of a customer account, if necessary. This includes (if we have not already collected and stored this in accordance with the steps described above, see above) the following information:
This data is processed on the basis of the consent you have given (see above) and is used to fulfil the contract for you to use GIFTPLAY.
If you do not provide this information or data, you may not be able to use GIFTPLAY at all or only to a limited extent and will, in particular, not be eligible for any reward payments.
During the use of GIFTPLAY, we log and store certain data automatically.
Data Processing for the Recommendation of New Apps
To be able to recommend to you other apps that participate in GIFTPLAY based on your current app preferences, a list of apps currently installed on your end device, as well as apps that you have already installed (but that you have deinstalled) in the operating system installed on your end device, including a use history of all these apps, will be sent to us during the installation of GIFTPLAY.
In order to know your long-term preferences and continue to offer you interesting apps, after the installation of GIFTPLAY and permanently during the use of GIFTPLAY, other apps installed by you on your end device will be automatically recognized by GIFTPLAY and the name of each newly installed app will be sent to us.
In addition, we will log data about the use of the apps running in the foreground of your end device and the temporal extent of the use (date, time and duration of the use of all apps).
For the logging of the use data within GIFTPLAY, we measure the so-called “customer journey”. For this purpose, each click or typing of a key within GIFTPLAY will be logged and linked to your profile or stored on the server.
Data Processing for the Calculation of Bonus Payments
We also use the data about your use of the apps running in the foreground of your end device to calculate the bonuses generated by you, if you have obtained and installed these apps via GIFTPLAY. For this purpose, we also log and use data about your purchases of services and virtual items within the framework of the apps used by you (in-app purchases), and about relevant in-app occurrences relevant for the calculation of the bonuses, such as level increases.
Authorization to Access Functions and Data on the End Device
In order to be able to use all functions of GIFTPLAY, you may have to grant GIFTPLAY permission to access certain functions and data on your device (such as access to your camera or your app library), but this depends on your device and the operating system, over which we have no influence. We will use all authorization granted by you solely for the above-named purposes, even if authorization granted (e.g. for technical reasons) theoretically enables other possible uses. You can normally (in other words, depending on your device and the installed operating system) cancel granted authorization in your device settings at any time.
Storage Duration of Your Data
We will only store your personal data for as long as we need it for the performance of the contract on the use of GIFTPLAY, for the fulfilment of your wishes, or for our legitimate interests for the purposes of which we have logged your personal data, or for as long as is permitted or required by law:
When we no longer require your personal data, we will erase it from our systems and records, or anonymize it so that it can no longer be identified.
Forwarding of Data
The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:
Security Measures to Protect the Data Stored by Us
We are obliged to protect your privacy and treat your personal data confidentially. Your data will be stored in our databases, which are only accessible to us and employees specifically trained in data protection.
If we use support from third-party service providers who process your data on our behalf in order to provide our web services, we have ensured that they are subject to the strict conditions of this Data Privacy Statement, and that the use of your data beyond the cases described in this Data Privacy Statement will not take place. All contractors, service providers and their employees are subject extensively to our instructions and are also in particular legally obliged to observe, and trained in, the protection of your data.
In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organizational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorized information.
However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.
EU & UK Data Subjects Privacy Rights
The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). The following section provides additional information regarding the lawful basis and purpose for data processing and specific rights regarding your personal data.
As a resident of the EEA & UK, you also have certain specific rights regarding your personal data. You are free to exercise any of these rights by contacting us or as specified herein:
· Access: You have the right to request a copy of the personal data that we process about you. However, there are exceptions to this right, so that access may be denied if, for example, making the information available to you would adversely affect the rights and freedoms of another person, or if we are legally prevented from disclosing such information.
· Accuracy: We aim to keep your personal data accurate and complete. We encourage you to keep us informed about changes that you would like reflected in our records.
· Objecting: In certain circumstances, you have the right to object to processing of your personal data. You may ask us to block, erase or limit the use or other processing of your personal data.
· Data Portability: You have the right to request that some of your personal data is provided to you, or to another provider should you wish to stop using our Services in favor of another, in machine-readable format.
· Erasure: You have the right to erase or request that we erase your personal data when it is no longer necessary for the purposes for which it was collected or if you think it has been used unlawfully.
· Complaints: You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information.
Resident of California Privacy Rights
The California Consumer Privacy Act (CCPA) grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. As a consumer, you have the right to request, once a year and free of charge, certain information about parties to whom we have disclosed or sold your personal information in the prior calendar year and a description of the categories of personal information shared. Additionally, upon request, once a year and free of charge, we shall provide to you any information relating to your personal information and our processing of your personal information. To make such a request, please send an email to firstname.lastname@example.org. You can also ask us to delete your personal data stored on our platform. Requests to know and requests to delete will be honored within 60 days; if more time is needed to respond, we will notify you.
Data Storage Abroad
We consistently ensure the strict data protection made legally binding in the United States. In some cases, particularly for technical reasons, it may transpire that your data entrusted to us is stored on servers outside of your country (even outside of the United States) in which you originally entered your data. In this case and in the case of a risk that countries to which your data are sent are not subject to data protection law that is just as strict as that in your home country and in the country from which you use our services, we ensure that your data is handled in accordance with the provisions of this Data Privacy Statement.
Data processing by processor
For the operation of our services we are partly dependent on third party suppliers (called processors). For these companies to be able to carry out their services, your data must be transferred to them. We have entered into a processing contract with these contract processors in accordance and they implement the strict requirements of the data protection authorities when using your data. We ensure that all third-party service providers, who assist us in the provision of our services, comply with data protection law by this agreement and strict controls that your data will be treated according to our instructions and will not be disclosed to third parties. In addition, we take further measures to guarantee the protection and safety of your data. Data will only be processed outside the EEA if the service provider guarantees that we comply with the requirements of European data protection law.
The following service providers (processors) work with us for the following purposes:
Withdrawal of Your Consent to Data Processing
Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.
Should you have any questions or comments about the handling or use of your personal data, should you require information about the personal data stored about you, you can contact us via email to email@example.com
Changes to this Data Privacy Statement
We always keep this Data Privacy Statement up-to-date. Therefore, we reserve the right to change it from time to time and update it with changes during the collection, processing and use of your data. Therefore, please read through this Data Privacy Statement regularly. You can access the current version of this Data Privacy Statement at any time.