Data Privacy Statement for the Use of the “GIFTPLAY” App

This Data Privacy Statement applies for the offering and use of the “GIFTPLAY” app (hereinafter referred to as “GIFTPLAY”), hereinafter referred to as “we” or “us” for use on your mobile device.

When using GIFTPLAY, personal data will be collected, processed and used by us. Because the protection of your privacy when using GIFTPLAY is important to us, we would like to inform you with the following information about what personal data we collect when you use GIFTPLAY and how we handle this data.

What is Personal Data?

“Personal data” is information, or parts thereof, by means of which you can be identified either directly (e.g. by your name) or indirectly (e.g. by pseudonymized data such as a unique ID). This means that personal data includes, for example, email addresses, addresses, mobile phone numbers, user names, profile pictures, personal preferences and use behavior regarding the apps used on your end device, user content, financial information and health-related information. However, this could also include one-time identifiers such as the IP address of your end device or the browser you use, and other specific information about your mobile device.

This Data Privacy Statement covers all personal data that is stored and processed by you when using GIFTPLAY.

Collection and Use of Your Data

In some cases, you will provide us with immediate access to the data (e.g. when creating a user account and contacting us) and in some cases we will collect the data automatically during the use of GIFTPLAY (e.g. in order to offer our services and understand how you use our services and your apps).

We will use your data to perform and process the contract on the use of GIFTPLAY. Within this framework, we will use your data primarily for the calculation and payment of the rewards acquired by you in the course of your use of GIFTPLAY and inform you about apps participating in GIFTPLAY. Other use will only take place due to other statutory obligations or authorization, if you have granted us permission.

The legal basis for the processing of your data may be the following:

• your consent to data use within the framework of GIFTPLAY;
• the fulfilment of our service obligations resulting from the contract on the use of GIFTPLAY, in order to provide you with the desired services;
• our legitimate interest;
• our commercial interests in the improvement of our services, so that we can better understand your needs and expectations and therefore improve our services for you;
• for the prevention of fraud and to guarantee that the use of GIFTPLAY takes place completely and without fraudulent conduct and in accordance with the terms and conditions of use of GIFTPLAY: We reserve the right to exclude certain users and their end devices from the services, in the event of impermissible use behavior, without specifying the exact reason (impermissible behavior includes, for example, the use of multiple end devices from one IP address [if this is not customary at the respective location or in the respective country], multiple use of user accounts that are linked to payment service providers, furthermore, the use of several mobile phone numbers (which are used to validate the identity of the user), and certain changes to the mobile operating systems, such as the granting of unrestricted admin access, installation of malware or a specific modification of the operating system etc.);
• in order to guarantee the security of our services and ensure that our offering (apps and web server) is technically safe and works properly;
• to secure and implement our contractual entitlements and claims.
• If the collection, storage, transfer or other processing of the data is legally prescribed or necessary for the processing, in order to fulfil our statutory obligations.

In particular, your personal data will be used as follows during the use of GIFTPLAY:

Registration

In order to use GIFTPLAY, you must register for GIFTPLAY.

Consent to the Processing of Personal Data for the Use of GIFTPLAY

When using GIFTPLAY for the first time, you first have to accept our terms and conditions of use during the registration and agree to the processing of your personal data by GIFTPLAY. For this purpose, you have to confirm the following declaration of consent:

I hereby agree that by using GIFTPLAY may use the following personal data:

Registration data (email address, Username, Photo)

Installed apps (including the use duration and use history)

The data is linked to your device via the device ID (GAID or IDFA) transmitted to our servers in encrypted form. So that app providers can finance our app proposals, your device ID must be transferred to them for billing purposes. In order to measure the usage time as well as the installed apps, users can voluntarily upload screenshots from their mobile phone via the GIFTPLAY, after which they will be automatically processed, evaluated, and stored in our system for your membership.

The processing of the above data is required in order to be able to suggest apps available in the GIFTPLAY that match your interests, propose their installation via system notifications, and allow the bonuses earned from using said apps to be calculated. I am aware that the above data results in an interest profile, which, depending on the type of apps I use, may contain particularly sensitive personal data (such as health data or data on my sexual orientation as well as any other data from special categories).

Registration and Registration via Facebook or Google Login

For the registration, in the next step after accepting, you have to decide whether you would like to register via email or with the user data of your Facebook or Google account.

This information is absolutely necessary to be able to identify you. We will collect and use this data to set up and provide GIFTPLAY on your mobile end device. The use of GIFTPLAY is only permitted for people from the age of 18 years.

For the registration, you will be directed to the Facebook or Google page where you can register with your user data and therefore link your Facebook or Google profile to our app. We will hereby automatically receive the following information from Facebook or Google:

• Facebook ID or Google ID;
• your user names (nickname) entered in Facebook or Google;
• your email address entered in Facebook or Google;
• your profile and title picture entered in Facebook or Google;

We will store the profile image used by you on Facebook or Google and use it to personalize the display within GIFTPLAY on your end device.

Your data will be sent encrypted in the SSL process and will therefore be safely sent from the servers of Facebook or Google.

Further Information:

The provider of social network “Facebook” is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Facebook profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.

Google's services are provided by Google, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Google profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://policies.google.com/privacy.

The use of the Facebook or Google login can lead to your personal data being collected by Facebook or Google and potentially sent outside the EU/EEA, and being stored and used there. This data collection and use is within the area of responsibility of Facebook or Google. The precise use of the data by Facebook or Google is not known to us and we have no influence on what data is collected by Facebook or Google and how it is used by Facebook or Google.

Please see the above privacy policy and terms of use of Facebook and Google you agreed to when you registered with them.

Registration/Setting Up a User Account

To be able to use all functions of GIFTPLAY and in particular to benefit from the reward payments, you have to register for the use of GIFTPLAY by setting up a user account. The registration therefore serves to provide the services of GIFTPLAY and calculate the bonuses or rewards generated by you.

During the registration process, we will collect and store certain other personal data about you for the setting up of a customer account, if necessary. This includes (if we have not already collected and stored this in accordance with the steps described above, see above) the following information:

• Payment data: Email address of a PayPal account or details for other payment providers that are supported by GIFTPLAY.

This data is processed on the basis of the consent you have given (see above) and is used to fulfil the contract for you to use GIFTPLAY.

If you do not provide this information or data, you may not be able to use GIFTPLAY at all or only to a limited extent and will, in particular, not be eligible for any reward payments.

Use Data

During the use of GIFTPLAY, we log and store certain data automatically.

Data Processing for the Recommendation of New Apps

To be able to recommend to you other apps that participate in GIFTPLAY based on your current app preferences, a list of apps currently installed on your end device, as well as apps that you have already installed (but that you have deinstalled) in the operating system installed on your end device, including a use history of all these apps, will be sent to us during the installation of GIFTPLAY.

In order to know your long-term preferences and continue to offer you interesting apps, after the installation of GIFTPLAY and permanently during the use of GIFTPLAY, other apps installed by you on your end device will be automatically recognized by GIFTPLAY and the name of each newly installed app will be sent to us.

In addition, we will log data about the use of the apps running in the foreground of your end device and the temporal extent of the use (date, time and duration of the use of all apps).

For the logging of the use data within GIFTPLAY, we measure the so-called “customer journey”. For this purpose, each click or typing of a key within GIFTPLAY will be logged and linked to your profile or stored on the server.

Data Processing for the Calculation of Bonus Payments

We also use the data about your use of the apps running in the foreground of your end device to calculate the bonuses generated by you, if you have obtained and installed these apps via GIFTPLAY. For this purpose, we also log and use data about your purchases of services and virtual items within the framework of the apps used by you (in-app purchases), and about relevant in-app occurrences relevant for the calculation of the bonuses, such as level increases.

Authorization to Access Functions and Data on the End Device

In order to be able to use all functions of GIFTPLAY, you may have to grant GIFTPLAY permission to access certain functions and data on your device (such as access to your camera or your app library), but this depends on your device and the operating system, over which we have no influence. We will use all authorization granted by you solely for the above-named purposes, even if authorization granted (e.g. for technical reasons) theoretically enables other possible uses. You can normally (in other words, depending on your device and the installed operating system) cancel granted authorization in your device settings at any time.

Storage Duration of Your Data

We will only store your personal data for as long as we need it for the performance of the contract on the use of GIFTPLAY, for the fulfilment of your wishes, or for our legitimate interests for the purposes of which we have logged your personal data, or for as long as is permitted or required by law:

• For as long as you take part in the use of GIFTPLAY, we will store and process your personal data for the duration of your use of GIFTPLAY, until you end it or request that we erase your data;
• For as long as you set up a user account for our services, we will store and process your personal data for the duration of your use of GIFTPLAY, until you terminate it or until you request that we erase your data;
• If you have agreed to the use of your email address for marketing purposes, we will store your email address within our mailing database until you deregister or request that we erase the data, or by the end of a period of inactivity (no interaction with us for a maximum duration of 18 months);
• If you send us a query, we will process your personal data for the duration of the processing of your query.

When we no longer require your personal data, we will erase it from our systems and records, or anonymize it so that it can no longer be identified.

Forwarding of Data

The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:

• If necessary, for the resolution of unlawful use or misuse of GIFTPLAY or for prosecution, personal data will be passed on to the criminal prosecution authorities and, if necessary, to third parties who have been harmed. However, this will only take place if there are specific indications of unlawful conduct or misuse. We are also legally obliged to provide information to certain public bodies upon request. These are criminal prosecution authorities, authorities that pursue administrative offences punishable by a financial penalty, and the financial authorities.
• The forwarding to third parties bound to professional secrecy can only take place if this is necessary for the implementation of the GIFTPLAY terms and conditions of use or other agreements, and our claims from the contract on the use of GIFTPLAY.
• For the provision of our service, we are occasionally reliant on contractually bound third-party companies and external service providers, e.g. for our customer service and the hosting of GIFTPLAY. In such cases, information will be passed on to these companies or individual people in order to enable further processing. These external service providers are carefully selected by us and checked regularly, to ensure that your privacy remains protected, and they may only process the data for the purposes specified by us. They are also contractually obliged by us to only handle your data exclusively in accordance with this Data Privacy Statement.
• As part of the further development of our business, the structure of our company may change, in that the legal form is changed, or subsidiary companies, business units or components are founded, purchased or sold. In the event of such transactions, the customer information will be passed on, together with the part of the company to be transferred, with your consent. During any transfer of personal data to third parties to the specified extent, we will ensure that the further use takes place in accordance with this Data Privacy Statement and the relevant data protection laws, and we will ask for your permission.
  
  

Security Measures to Protect the Data Stored by Us

We are obliged to protect your privacy and treat your personal data confidentially. Your data will be stored in our databases, which are only accessible to us and employees specifically trained in data protection.

If we use support from third-party service providers who process your data on our behalf in order to provide our web services, we have ensured that they are subject to the strict conditions of this Data Privacy Statement, and that the use of your data beyond the cases described in this Data Privacy Statement will not take place. All contractors, service providers and their employees are subject extensively to our instructions and are also in particular legally obliged to observe, and trained in, the protection of your data.

In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organizational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorized information.

However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.

EU & UK Data Subjects Privacy Rights

The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). The following section provides additional information regarding the lawful basis and purpose for data processing and specific rights regarding your personal data.

As a resident of the EEA & UK, you also have certain specific rights regarding your personal data. You are free to exercise any of these rights by contacting us or as specified herein:

·         Access: You have the right to request a copy of the personal data that we process about you. However, there are exceptions to this right, so that access may be denied if, for example, making the information available to you would adversely affect the rights and freedoms of another person, or if we are legally prevented from disclosing such information.

·         Accuracy: We aim to keep your personal data accurate and complete. We encourage you to keep us informed about changes that you would like reflected in our records.

·         Objecting: In certain circumstances, you have the right to object to processing of your personal data. You may ask us to block, erase or limit the use or other processing of your personal data.

·         Data Portability: You have the right to request that some of your personal data is provided to you, or to another provider should you wish to stop using our Services in favor of another, in machine-readable format.

·         Erasure: You have the right to erase or request that we erase your personal data when it is no longer necessary for the purposes for which it was collected or if you think it has been used unlawfully.

·         Complaints: You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information.

Resident of California Privacy Rights

The California Consumer Privacy Act (CCPA) grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. As a consumer, you have the right to request, once a year and free of charge, certain information about parties to whom we have disclosed or sold your personal information in the prior calendar year and a description of the categories of personal information shared. Additionally, upon request, once a year and free of charge, we shall provide to you any information relating to your personal information and our processing of your personal information. To make such a request, please send an email to contact@giftplay.app. You can also ask us to delete your personal data stored on our platform. Requests to know and requests to delete will be honored within 60 days; if more time is needed to respond, we will notify you.

Data Storage Abroad

We consistently ensure the strict data protection made legally binding in the United States. In some cases, particularly for technical reasons, it may transpire that your data entrusted to us is stored on servers outside of your country (even outside of the United States) in which you originally entered your data. In this case and in the case of a risk that countries to which your data are sent are not subject to data protection law that is just as strict as that in your home country and in the country from which you use our services, we ensure that your data is handled in accordance with the provisions of this Data Privacy Statement.

Data processing by processor

For the operation of our services we are partly dependent on third party suppliers (called processors). For these companies to be able to carry out their services, your data must be transferred to them. We have entered into a processing contract with these contract processors in accordance and they implement the strict requirements of the data protection authorities when using your data. We ensure that all third-party service providers, who assist us in the provision of our services, comply with data protection law by this agreement and strict controls that your data will be treated according to our instructions and will not be disclosed to third parties. In addition, we take further measures to guarantee the protection and safety of your data. Data will only be processed outside the EEA if the service provider guarantees that we comply with the requirements of European data protection law.

The following service providers (processors) work with us for the following purposes:

1. InterServer, Inc
   For more information, see the InterServer privacy statement at: https://www.interserver.net/privacy-policy.html/.
2. Adjoe GmbH
   For more information, see the Adjoe privacy statement at: https://adjoe.io/privacy/.
3. AppsFlyer
   For more information, see the Adjoe privacy statement at: https://www.appsflyer.com/services-privacy-policy/

Withdrawal of Your Consent to Data Processing

Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.

Contact

Should you have any questions or comments about the handling or use of your personal data, should you require information about the personal data stored about you, you can contact us via email to contact@giftplay.io

Changes to this Data Privacy Statement

We always keep this Data Privacy Statement up-to-date. Therefore, we reserve the right to change it from time to time and update it with changes during the collection, processing and use of your data. Therefore, please read through this Data Privacy Statement regularly. You can access the current version of this Data Privacy Statement at any time.