Pixel + Code GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, pixelandcodegmbh@gmail.com (“pixel + code” or “We”) respects and protects your personal data.

The following privacy policy is intended to inform you in greater detail about the collection, processing and use of data by our games, offered as mobile applications (“the Games or Apps).

Pixel + code collects, processes and uses personal data exclusively within the bounds of the applicable statutory provisions. Therefore, the high level of data protection enshrined in the General Data Protection Regulation (“GDPR”) and the German Telecommunication, Telemedia, Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes – TTDSG) applies.

1.1 This privacy policy is intended for all users of Games Apps (“Users”). If specific services or individual apps from Pixel + code have a different privacy policy, this will apply.

1.2 Services and offers of third parties, to which reference may be made in the Games App by means of so-called links, are excluded from the scope of this. Pixel + code does not take any responsibility for the content of these third parties or their compliance with data protection regulations, unless otherwise stated in the privacy policy of the linked content. This applies, for example, to links that can be used to access social networks such as Facebook or chat apps such as WhatsApp, and to links in embedded advertisements. You will find information on how users' personal data is handled and protected on these platforms in the privacy policies of the respective platforms.

When you download and install our Games Apps, the operator of the platform through which you obtain the respective app (for example, Apple, Inc. for the AppStore and Google Ireland Limited for the Google PlayStore) collects personal data required for the download. This data includes in particular your name, your email address as well as your postcode, time of download, IP address and the individual device identification number of your terminal device (so-called IMEI), as well as your payment information, if applicable. This collection and processing of your personal data is generally carried out solely by the respective platform operator without our involvement in the data processing or any possibility to influence it. In this respect, the data protection provisions of the operator of the platform apply, which can be viewed on the platform in question. We only receive and process this personal data collected by the platform operator to the extent necessary for the download and provision of the Games App. If we process personal data as part of the installation, this is based on the contract for the purchase and use of the Games App that you concluded with us when you downloaded and installed the app, in accordance with Art. 6 (1) sentence 1 (b) GDPR.

3. Collection, processing and use of data when using the Games Apps

3.1. When starting and using the Pixel + code Games Apps, a connection to the servers used by us may be established automatically to retrieve up-to-date content, depending on the respective Games App. In this process, information that your end device conveys to us will be logged. This includes the IP address of the end device you are using, data on the operating system used as well as the installed Games App and its version, date and time (including time zone) of the respective access to the content of the Games App as well as information on which specific content has been requested for the respective Games App. In addition, Pixel + code may collect and process personal data to fulfil its contractual obligations with the User, e.g. to create the user's player profile. Depending on the respective Games App, this data includes the name and IP address and data identifying the user's end device.

3.2. Pixel + code collects and processes this data for the provision of the Games App and the respective up-to-date content of the Games App. The provision of this data is not required by law, but is necessary for the conclusion of the use contract for the respective Games App and the associated Pixel + code service. In this respect, it involves data that is absolutely necessary for the use of the game requested by the user. The user may voluntarily give further data to Pixel + code within the scope of the offer. The basis for collecting this data is § 25 (2) no. 2 TTDSG and the further data processing for the fulfilment of contractual obligations Art. 6 (1) sentence 1 b) GDPR.

4.1. In some Games Apps, we may offer certain additional versions and content for purchase, e.g. the use of an ad-free version of the app. To conclude the corresponding contract and the related payment processing, bank details or other payment-relevant data (e.g. credit card) must be provided. For payment processing, we use the services provided for payment processing by the respective operator of the platform through which you obtained the Games App (for example, Apple, Inc. for the AppStore and Google Ireland Limited for the Google PlayStore). The aforementioned information will be processed accordingly together with the required usage data by the operator of the respective platform, insofar as this is necessary to process the payment. Details on how your personal data is handled in connection with payment processing can be found in the privacy policy of the respective operator of the platform, which can be viewed on the relevant platform.

4.2. The use of these payment services is required by the operator of the platform for us to be permitted to offer the app on the respective platform and also provides you with a simple and seamless payment process in the app.

4.3. This data processing in connection with the purchase of additional content in the respective Games App, including payment processing, is carried out for the conclusion and processing of the contract regarding this content and therefore based on Art. 6 (1) sentence 1 (b) GDPR.

5. Support requests and contact via the Games Ap

5.1. If you notify our customer support or otherwise contact us (e.g. via the contact form in the Games App), the information you provide when contacting us, including the contact details given there, will be processed for the purpose of handling your enquiry and processing it, including investigating and rectifying any problems in the Games App and in the event of follow-up questions. When a request is made to our customer support via the Games App, information on the Games App, your game progress, player ID and, if applicable, the problematic area in the game as well as technical data on your end device are also automatically processed.

5.2. We process this data in accordance with Art. 6 (1) sentence 1 (b) GDPR, if you contact us within the scope of an existing contract for the use of the Games App or for the purpose of initiating such a contractual relationship. Otherwise, this storage and use of data is based on Art. 6 (1) sentence 1 (f) GDPR, whereby our legitimate interest is the thorough processing of your respective request and the solution of any technical problems. Access to the data stored in your end device is absolutely necessary in accordance with §25 (2) no. 2 TTDSG so that Pixel + code can answer your (support) request.

6. Error messages and usage analysis via Firebas

6.1. Functions of the service Firebase are implemented in the Games App. Firebase is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

6.2. Data on the general use of the app is collected and evaluated via the Firebase service (so-called Google Analytics for Firebase). At the same time, reports on occurring errors and crashes in the app are generated in order to analyze and fix these errors and crashes. For these purposes, information on whether and how you use certain parts of the Games App is collected along with the IP address and other technical data about your end device and configurations assigned to it (hereinafter "Device Technical Data"), such as the manufacturer and model of the device, the language set and the advertising ID as well as the country from which you use the app. To create error reports, additional details about the error that occurred, information about the affected Games App and, if applicable, game-relevant data are collected and processed, but only if this error occurs when you are using the app. Google evaluates this data on our behalf and creates aggregated reports for us. These reports provide us with insights into the general use of the Games Apps as well as the errors that have occurred, so that we can gain knowledge to improve the content and functions of the apps and, in particular, to eliminate existing errors and problems. Moreover, Google gives us insight into the activity of individual users in our game, based on the anonymized player ID. For Pixel + code, however, it is not relevant which user has used the respective app and to what extent. Pixel + code is not interested profiling users. Pixel + code is interested in providing functional Games Apps, by evaluating aggregated reports. Google may also transfer this data to servers operated by Google LLC in the USA and analyze it there. However, your IP address will be shortened and therefore anonymized within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to a server in the USA.

6.3. Google also processes the aforementioned data collected via the Firebase service to the extent in accordance with its own privacy policy, which you can find at https://policies.google.com/privacy. There you will also find additional information on how Google handles personal data.

6.4. We would make you aware that the data transfer to servers in the USA used by Google LLC may pose additional risks; for example, it may be more difficult to enforce your rights to this data. To counter these risks, we have agreed the standard data protection clauses of the EU Commission with Google LLC for this data transfer and have also defined appropriate protective measures therein, which, depending on the need to protect the data, can also include its encryption and can be improved in accordance with the legal and technical conditions for appropriate data protection. If data is transferred to Google LLC in the USA, this is based on Art. 46 (2) (c) GDPR.

6.5. We only use Firebase for the general usage analysis described above if you have given your consent to this. The legal basis for accessing the data described above is therefore §25 (1) TTDSG and for the subsequent data processing in this context Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time. We have also concluded a contract with Google on commissioned processing in accordance with Art. 28 GDPR on data processing in connection with error analysis. Accordingly, Google will only process the data collected in this context for this purpose in accordance with our instructions. This passing on of data to Google is therefore based on Art. 28 GDPR.

7.1. We also use Looker in the Games Apps. This analysis and data visualization service is provided by Looker Data Science Inc, 101 Church Street Santa Cruz, CA 95060, USA ("Looker").

7.2. We use this service to evaluate and visualize the use of our Games Apps in order to identify any potential need for improvement and identify any scope for making the functions and content of the Games Apps even more user-friendly, and to be able to further develop our Games Apps based on this. To do this, we use Looker to see how the user base generally interacts with the Games Apps and whether and how certain functions and game content are generally used (for example, whether a certain game level is reached and successfully completed by users at all). Looker does not collect any data in this context. Looker only uses data that we have collected via the Google Firebase service. Using this data, Looker produces aggregated reports on the interactions of the user base in the app as a whole and, where applicable, in specific sections of the game. Looker also summarizes demographic information about the user base of our Games Apps (such as approximate age group and gender) in the reports. We also only ever receive aggregated data and no information that we could relate to individual users, as it is also only relevant for the aforementioned purpose of how the user base or specific user groups use the Games Apps, but not the use by specific, individual users.

7.3. For more information and the applicable privacy policy that governs Looker's handling of personal data please visit https://looker.com/trust-center/privacy/policy/.

7.4. The data used by the analysis service may also be transferred by Looker to servers in the USA. In this case, Looker and we guarantee that appropriate protection measures exist in accordance with Art. 44 et seq. GDPR, in particular by the fact that Looker and we have agreed on the standard data protection clauses of the EU Commission as a precautionary measure, which provide for appropriate protection measures for the specific case, such as encryption of the data, in accordance with Art. 46 (2) (c) GDPR. The measures will also be continuously developed and supplemented to the extent necessary to ensure an adequate level of continuous data protection.

7.5. We only use Looker if you have given your consent to do so, and therefore based on §25 (1) TTDSG and Art. 6 (1) sentence 1 (a) GDPR. You can withdraw your consent with effect for the future at any time.

8. Storage, storage duration and erasure of the data

8.1. We will process your personal data for as long as is necessary to achieve the purposes of the processing, as long as is required by law to retain the data or as long as is necessary for other reasons. The data will subsequently be erased pursuant to the statutory provisions.

8.2. We retain data that we store for legal reasons for as long as is required by law. After a statutory retention period expires, the data will be erased without delay, provided that no other reasons within the meaning of Art. 17 (3) GDPR prevent the erasure.

Pixel + code has implemented appropriate technical and organizational measures to protect personal data against accidental loss, damage, unauthorized access or unauthorized alteration. In particular the data will only be transferred by Pixel + code in encrypted form. However, Pixel + code makes clear that data protection and data security cannot be guaranteed for transfers outside Pixel + code's sphere of influence.

10.1. Unless otherwise stated elsewhere in this privacy policy, personal data will only be passed onto third parties without the express consent of the user if this is necessary for the provision of Pixel + code's services (e.g. for the technical provision of the offer). Accordingly, data is transferred to these service providers (such as technical service providers) to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 (f) GDPR, specifically to be able to provide our Games Apps in the first place. Of course, before passing on the user's personal data, Pixel + code ensures that the respective service provider has taken appropriate technical and organizational measures to guarantee the security of the data.

10.2. We store the data which we collect when the Games Apps are used with the help of third-party services. We use the Google Cloud and Google Firebase services, both of which are provided by Google. These services may also collect and possibly store the IP address of your device when you use the Games Apps, but for a maximum of 30 days. However, Pixel + code does not receive the IP addresses directly and only views IP addresses collected by these services in exceptional cases and only if a legal basis exists, in particular insofar as this is necessary to protect Pixel + code's legitimate interests (e.g. during maintenance work or in the event of the investigation of technical problems). We use these services to provide the aforementioned data for playing the Games App efficiently and with the lowest possible error rate to thereby ensure a smooth use of the game features. The legal basis for the associated data processing is Article 6 (1) sentence 1 lit. f) GDPR, whereby our legitimate interest is an optimal, technically sound provision of the Games App. For this purpose, access to the aforementioned data is also absolutely necessary pursuant to §25 (2) no. 2 TTDSG. Google may also transfer the collected data to their servers in the USA. We have concluded the standard data protection clauses adopted by the EU Commission with Google to safeguard the transfer of data to the USA. We have also concluded a data processing agreement with Google. The forwarding of personal data to Google in connection with the aforementioned services is therefore based on Article 46 (2) lit. c) and 28 GDPR.

10.3. Otherwise Pixel + code will not pass on the User's personal data to third parties, unless the User has expressly consented to the transfer (Article 6 (1) sentence 1 lit. a) GDPR) and Pixel + code is neither entitled nor obliged to transfer the data due to legal regulations or court orders. In the latter case, Pixel + code will transfer the data in order to fulfil a legal obligation according to Article 6 (1) sentence 1 lit. c) GDPR.

10.4. Apart from that, Pixel + code will not disclose the user's personal data to third parties unless the user has expressly consented to such disclosure (Art. 6 (1) sentence 1 (a) GDPR) and Pixel + code is not entitled or obliged to disclose such data on the basis of legal provisions or court orders. In the latter case, the transfer is made by Pixel + code to fulfil a legal obligation pursuant to Art. 6 (1) sentence 1 (c) GDPR.

11.1. Right to object

The user has the right to object at any time to data processing based on Art. 6 (1) sentence 1 (f) GDPR for reasons arising from their particular situation, unless Pixel + code can demonstrate compelling legitimate grounds that override the interests of the user or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.

11.2. Right to information

The user has the right to obtain from Pixel + code, free of charge, in written or electronic form, the personal data stored by Pixel + code concerning the user, the purposes of the processing, its origin, which data has been disclosed to which recipients or categories of recipients, the storage period and the data subject rights available to the user.

11.3. Right to rectification, erasure and/or restriction of the data processing

The user also has the right to demand the rectification of incorrect data, the erasure and/or, under the legal conditions, the restriction of the processing of the stored personal data about the user at any time. The right to erasure only exists if there is no legal obligation for Pixel + code to retain the data or other reasons within the meaning of Art. 17 (3) GDPR prevent erasure. If this includes personal data that is required for the provision of services to the user, the erasure or restriction of the processing of this data can only take place if the user no longer makes use of Pixel + code's offer.

11.4. Right to data portability

If the user provides data relating to the user and Pixel + code processes this data based on the user's consent or to perform a contract, the user may request that Pixel + code provide them with this data in a structured, commonly used and machine-readable format or that Pixel + code transfer this data to another responsible party, insofar as this is technically possible (so-called right to data portability).

11.5. Right to withdraw consent

Any consent declared by the user for the use of personal data can be freely withdrawn by the user with effect for the future at any time.

11.6. Right to lodge a complaint with a supervisory authority

The user may also lodge a complaint with a supervisory authority against data processing that the user considers to be in breach of the statutory provisions.

Pixel + code reserves the right to amend this privacy policy at any time, whereby Pixel + code will at all times comply with the legal requirements of data protection. Therefore Pixel + code recommends that users regularly review the applicable privacy policy. Pixel + code will inform users in advance of any further data use, for example by means of a corresponding notification in the Game Apps or via so-called push notifications, if you allow such push notifications.

Pixel + code GmbH, Am Goldstein 1, 61231 Bad Nauheim, Germany, pixelandcodegmbh@gmail.com

Data protection officer: Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 Munich, Germany