Data Protection Declaration
We, the upjers GmbH (Ltd.) seated in Hafenstraße 13, 96052 Bamberg, Deutschland, run the website www.upjers.com and gather data from our visitors, as far as it is necessary. In the following data protection declaration you will learn what we are doing with your data, so called personal data, and why we do this. Furthermore, we explain to you, how we protect your data, when data will be deleted and which rights you have thanks to the data protection.
In advance: We adhere to the data protection laws and protect your sphere of personal privacy in the best way possible. But we also want to be completely honest: the internet lives from data exchange and still displays many security leaks. Even when your data is encrypted while you are visiting our website, there is always a remaining risk, at the latest with the exchange of foreign websites. If you visit a different website, for example, via a link on our website, please consider that this data protection declaration at hand will not be valid for the foreign website.
- Person in Charge – to Whom can I Turn to?
- Data Protection Officer
- What Rights do I have?
- Deletion of Data and Storage Period of Data
- How Is your Personal Data Protected?
- Visit of the Website
- Requests to our Customer Support
- Downloading of Apps
- Usage of built-in Games
- Social Sign-In & Social Log In
- Communication in the Games
- Payment Handling
- Googe Analytics
- Promotional Videos
- Social Plug-Ins
- Enforcement, Exercition and Defence of Legal Claims
- Personal Data of Children
- Change of Data Protection Declaration
Responsible for this website is:
Telefon: +49 (0)951/5109080
Fax: +49 (0)951/510908102
Via the contact data you can also contact our data protection officer. If you have specific questions regarding your data, their deletion, or your rights, there is a direct contact possibility for data protection via the email firstname.lastname@example.org. If you want to raise a request, the notation “data protection” is sufficient.
You can contact us whenever you have questions regarding your data protection rights or want to claim one of your following rights:
- Right of revocation according to Article 7 Paragraph 3 GDPR (for example you can turn to us in case you would like to withdraw a formerly given agreement for a newsletter)
- Right of Information according to Article 15 GDPR (for example, you can turn to us if you want to know which data of yours we have saved)
- Rectification according to Article 16 GDPR (for example, you can turn to us in case your email has changed and if we are supposed to substitute the old email)
- Deletion according to Article 17 GDPR (for example, you can turn to us if we have to delete certain data about you which we have saved)
- Restriction of processing according to Article 18 GDPR (for example, you can turn to us if you want that your email is not deleted, but instead only used for sending you the absolutely necessary emails)
- Data Portability according to Article 20 GDPR (for example, you can turn to us in order to receive your saved data in a compacted format, for example, when you want to provide another website with your data)
- Objection according to Artice 21 GDPR (for example you can turn to us when you are inconvenient with the here mentioned promotional videos or analysis methods)
- Right of appeal at the controlling authority in charge according to Article 77, Paragraph 1 GDPR (for example, you can also direct your complaints straight to the Data Protection Authorities)
As long as not stated differently, we delete your data as soon as we do not need it any more. A blocking or deletion of your data also occurs when a storage limit, which is required by law, is ending unless there is a further need to save the data for a contract closing or a contractual performance. Certain data might have to be saved longer due to legal reasons. Of course, you can always obtain information about the saved data.
We will take all useful and suitable measures to protect the personal data saved by us from abuse, loss or unauthorized access. Therefore, we have taken several technical and organisational measures. This includes measures how to deal with every alleged data corruption possible.
If you have the suspicion that your personal data have been abused or have been lost, or that an unauthorized access has taken place, please let us know this as quickly as possible and turn to the contact data mentioned above!
If you only want to have a look around at our website, we do not gather any personal data with exception of the data your browser is transmitting in order to enable the visit of the website. This concerns especially:
- the approximate localisation based on the IP-area (only country of the port)
- Internet-provider (for example, Telstra, Vodafone or Comcast)
- Date and Time (for example, 11:45 am, 25 May 2018)
- Browser (for example Chrome or Safari)
The technical data raised cannot be traced back to you and only serve anonymous, statistic purposes to optimise our website.
Purpose of the temporary storage of data at the beginning is to secure the connection as well as the accessibility and the correct depiction of our website.
Legal basis is the so called legitimate interest in the frame of the above mentioned security measures, which has also been verified in accordance with the European Data Protection Requirements from Article 6 Paragraph 1 lit. GDPR.
You have the opportunity to contact our support team. With clicking at “support” on our websites, you will be forwarded to https://support.upjers.com/de/start. A request is furthermore possible via email to email@example.com.
The following data can be requested by us:
- username and/or login
- user ID
- upjers ID
- if necessary, payment service provider
- message, support request
- plug-ins (for example, Adobe Flash)
- operating system (for example, Mac OS)
- hardware (for example, Intel processor)
As a measure of protection, the support request is forwarded via an encrypted connection. Furthermore, we apply the basic principle of data minimisation and only gather data in the support form, which is effectively important. After the successful contacting with you and the ending of the support case, your data will be deleted immediately.
Purpose of the requested data is exclusively contacting and supporting you, which is why the data are also only used for this purposes.
Legal Basis is next to your agreement (Article 6 Paragraph 1a, GDPR) the implementation and fulfilment of the contract (Article 6 Paragraph 1b, GDPR).
Through our websites you can also reach our game range in the app stores for mobile terminal devices (in the following: apps) via a link.
During the download of an app, necessary information will be raised by the app store in question, especially the point in time of the download, title, language version and an advertiser ID/ individual device ID. We have no influence whatsoever on these data and are not responsible for it. The app stores provide you with their own data protection declaration concerning the handling of personal data.
We process data within the scope of app usage, as far as it is necessary for the download of the mobile app to your terminal device, the supply of the game in question and the liquidation of in-game purchases.
Further information regarding the data processing within the scope of app usage can be found in our data protection declaration for mobile applications (https://en.upjers.com/mprivacy).
Additionally, you have the possibility to register yourself on our website and log in afterwards whenever you want with your user account. To register yourself, the following data is needed:
- email address
- user name and/ or log in name
As a measure of protection, the transmission of the data entered by you will take place via an encrypted connection. Further, we apply the basic principle of data minimisation and only raise the data, which is effectively needed. Please do not use your real name or the one of a different person as a user name. We also assign you, depending on the transmitted IP-address, to a country. This data is saved in order to show you the corresponding offer of payment methods. After creating a user account, your data will be saved until you decide to delete certain data or the whole user account.
Purpose of the raised data is the creation of a user account in order to use our browser games and extended functions on the website (for example, in-game messages, post in the forum). Registration is voluntarily and can always be revoked and/ or the user data deleted.
Legal Basis is the user's consent in accordance with the European Data Protection Requirements from Article 6 Paragraph 1 lit. GDPR.
Some of our upjers-games are embedded in social networks (for example Facebook). The games will be called there, for example, “apps” or “applications”. For its data processing and possible data transmission in accordance with data protection, the respective network itself is responsible and enlightens the user in its own data protection declaration. We would like to point out, however, that you might be asked by the network to agree to the transmission of personal data if you want to use an integrated upjers game. In the case of Facebook, the following data can be affected:
- first name, surname, sex, birth date
- profile picture or corresponding URL
- log-in email address, which has been used at the registration of Facebook
- location and access devices
- user-ID- number, which is linked to public accessible information (on Facebook)
- user-ID- number to your friends, which are likewise connected with the game
As long as you agree to the data transmission, the network might send in some circumstances data to upjers. upjers will only process such data if it is absolutely necessary for providing you with the game. upjers points out that you can influence the extent of information yourself, which the network is transferring, through the corresponding privacy settings. Exertion of influence could especially be exercised through
- controlling, which information your Facebook friends share with you/ about you,
- blocking certain applications, and/ or preventing them from raising certain information about you,
- ignoring certain invitations to games,
- controlling, who can see all your activities.
Besides the manual registration, we also offer you the possibility to directly register yourself at upjers with your already existing user account of a social network of selected providers. We use the platforms “Facebook Sign In” and “Amazon”. As long as you would like to use one of these functions, you will be forwarded to the website of the provider in question and navigated through the registration process there.
As a measure of protection, transmission of the data entered by you will take place via an encrypted connection to the platform in question. We do not use the registration to access personal data like friend lists, or contacts, or for saving them for our own purposes. A temporary connection between your user account and the user account of Facebook and Amazon does not take place. Both networks are certified under the EU-US-PRIVACY-Shield (for further information please consult the the respective data protection declarations). Which data is not raised in social networks with the registration or how the data is connected, is not known to us. Further details can be found in the data protection declaration of Facebook (https://de-de.facebook.com/policy.php) and Amazon (https://www.amazon.com/gp/help/customer/display.html?nodeId=468496).
Purpose of the data asked is the registration via an already existing user account for the use of extended functions on the website. The registration via social networks is voluntarily and can always be recalled and/ or the user account can be deregistered.
Legal Basis is your agreement in accordance with European Data Protection Requirements from Article 6 Paragraph1 lit. GDPR.
The games run by us offer you the possibility to communicate with us or with other players. We use automatic filter systems, which prevent the plentiful sending of messages, insulting, violence-glorifying, obscene, racist or whatever offensive statements, or news with promotional character. Further, we record: for the purposes of analyses and rectification of technical errors; for the warranty of system security and system integrity; for combatting abusive and/ or unauthorised usage, as well as for the preparation of user statistics on non-personal related basis, and the use of the provided communication channels for a short time. The reports created contain date and time of the news, sender and recipient, the text message, as well as the transmitted amount of data.
Without your agreement, none of our staff-members will read messages. If we have suspicion of abusive and/ or unauthorised usage of the communication channels provided (for example by a report of the recipient), we nevertheless reserve ourself the right to examine the player account in question, as well as the player account from which the message was sent and – if need be – take further measures.
As a measure of protection, the transmission of the data entered by you will take place via an encrypted connection to the platform in question.
Purpose of the processing is the provision of an ingame solution for communication for the exchange of messages between the players.
Legal basis for the temporary storage of data is Article 6 Paragraph 1 lit. a GDPR as well as Article 6 Paragraph 1 f GDPR. The input of data for the purpose of communication is voluntarily, and therefore on the basis of agreement by the user. The use of filter systems serves the purpose of keeping the conditions and protecting the data of third parties. In this purposes lies our rightful interest in data procession according to Article 6 Paragraph 1 f GDPR.
If you initiate a payment process to purchase premium currency, you will have to provide further data. The nature of the required data depends on the chosen payment method. Furthermore, upjers allows you to use anonymous payment methods.
You will have a variety of payment providers to choose from. In addition, the cooperation with third parties involves the payment processing via external payment providers (PayPal, credit card companies, mobile network operators, Paysafecard, cash payment, immediate transfer, etc.). All external payment providers are by law obliged to the secure handling of your data, and they are solely allowed to use your data as far as it is necessary for the fulfilment of their task.
You are able to choose freely which payment method you want to use, and therefore we would like to refer to the privacy policies and regulations of the respective payment provider.
The payment provider will collect personal data of the customer on their own responsibility to execute the payment. Thereafter, a response of the payment provider is sent to upjers, in which the successful completion of the payment process is confirmed.
We point out that we will save the IP address of the customer when a payment process is confirmed. The sole objective is the fulfilment of our tax obligations. The IP address is used to determine the location of performance for tax objectives. The data is stored according to the fiscal period of time for safeguarding.
We use the so-called Double-Opt-In Procedure for providing our newsletters, which means we will send you a newsletter via email as soon as you confirm that you would like to receive our newsletter by clicking on the link within the notification email.
Of course you can unsubscribe from our newsletter at any time. Therefore, you will find a respective link in every newsletter. Alternatively, you can contact our support staff via the support form or via email: firstname.lastname@example.org.
For providing our newsletter we are cooperating with the service provider Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany. We concluded an order data processing contract with this service provider according to the specifications of Article 28, GDPR.
To some extent so-called cookies are used on our websites. Cookies are small text files which are normally stored within a folder of your browser. Cookies contain information about the current as well as the last visit of the respective website:
- name of the website
- termination date of the cookie
- arbitrary value
If cookies have no specific termination date, they are solely temporarily stored and will be automatically deleted, as soon as you close your browser or restart the terminal device. Cookies with a termination date remain stored when you close your browser or restart the device. These cookies are deleted at that specific date or if you delete them manually.
On our websites we use the following three types of cookies:
- required cookies (for example, these are necessary to display the website correctly and to temporarily save specific settings)
- function and performance-related cookies (these help us, for instance, to evaluate technical data of your visit on our website to prevent error messages)
- cookies for advertising and analysing purposes (for example, these are responsible for showing shoe advertisements if you searched for shoes before)
In the settings of your browser you will find options to configure, block or delete cookies. If you delete all cookies of our websites, there is a possibility that some functions of the website are not displayed correctly. The German Federal Office for Information Security Technology provides helpful information and instructions for commonly used browsers: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html
We use YouTube for directly embedding videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When playing the embedded videos, a connection to the YouTube servers is established and at least your IP address is transmitted for technical reasons. In addition, if you are logged into your YouTube account, YouTube will assign information to your personal user account about the videos watched. You can prevent this procedure by logging out from your YouTube account, as well as other accounts, which are connected to the Google platform, before you use our website.
Furthermore, we embed YouTube videos with advanced privacy settings and a server solution. The user is initially solely shown a preview image, which is loaded from an upjers server. Only after pressing the Play-button is the YouTube frame activated and a limited data exchange with YouTube proceeds.
The purpose of data transmission is to integrate YouTube's video service, which is acclaimed among our users, for them to conveniently access the videos displayed without leaving our website.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the objective and within the framework of the aforementioned protective measures and in accordance with the European data protection requirements under Article 6 Paragraph 1 lit. f GDPR.
We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses the aforementioned cookies for advertising and analysing purposes, to analyse our website regarding your user behaviour. The information generated by cookies about the use of this website is transferred to and stored in a Google server based in the USA. However, your IP address is shortened before the usage statistics are evaluated. Therefore, no conclusions can be drawn about your person. For this purpose, we extended Google Analytics on our website by the code “anonymizelp” to ensure the anonymous collection of IP addresses. Google will use the anonymous information collected by cookies to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services relating to the website and internet use. In addition, Google may transfer this information to third parties if this is required by law, or if third parties process this data on behalf of Google.
The objective of using Google Analytics is the anonymous analysis of your user behaviour on our websites. The information acquired from this procedure helps us to improve our service.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the objective and within the framework of the aforementioned protective measures, as well as in accordance with the European data protection requirements of article 6 paragraph 1 lit. f GDPR. Moreover, an order data processing contract was concluded, according to the specifications of article 28, GDPR.
We have embedded promotional videos in various places of our websites and games. Our advertising partners provide selected content there, which we display for them. We would like to emphasise that our advertising partners are essential to keep our free2play system alive, and we are anxious to implement it in the interest of our users. If you as a user watch the provided promotional videos, you are able to obtain premium currency or game features. For further questions please contact our customer support.
We are cooperating with the following advertising companies:
Smartstream (www.smartstream.tv) uses technologies to control and optimise the insertion of promotional materials for the user. The service provider of Smartstream is SMARTSTREAM.TV GmbH, Dachauer Straße 15A, 80335 Munich, Germany. If you wish to veto the acquisition of anonymised information, you are able to deactivate the data acquisition at https://www.smartstream.tv/en/privacy under “OptOut”.
If you have already activated “OptOut”, you can cancel this setting at any time by clicking on the “OptIn” button.
As a protective measure, solely pseudonymous usage data is processed and the user has the right of objection at his disposal. In addition, we concluded an order data processing contract with Smartstream according to the specifications of Article 28, GDPR.
The objective of processing usage data is to display promotional material to enable our free2play service.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the objective, and within the framework of the aforementioned protective measures, as well as in accordance with the European data protection requirements in Article 6 Paragraph 1 lit. f GDPR
Furthermore, we cooperate with the advertising partner adbility media GmbH, Große Elbstraße 38, 22767 Hamburg, Germany. Adbility uses technologies to control and optimise the insertion of promotional materials for the user. You can veto the acquisition of anonymised information at https://www.adbility-media.com/en/privacy-policy/ at any time.
Processing solely pseudonymous usage data is regarded as a protective measure. Furthermore, the user has the right of objection at his disposal. In addition, we concluded an order data processing contract with the adbility media GmbH according to the specifications of article 28, GDPR which states that we as well as adbility are liable for processing your data. Therefore, you can contact either us or adbility for any questions regarding data processing. You can find the contact information at https://www.adbility-media.com/en/contact/.
The objective of processing usage data is to display promotional material to enable our free2play service.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the objective and within the framework of the aforementioned protective measures and in accordance with the European data protection requirements under article 6 paragraph 1 lit. f GDPR.
Pseudonymous information about the online behaviour of website visitors is collected and stored on our websites for marketing purposes by a technology of Criteo SA, 32 Rue Blanche, 75009 Paris, France. This data is stored in cookies on the visitor's computer. Criteo SA uses an algorithm to analyse the anonymised recorded online behaviour and can thereafter display certain product recommendations in form of personalised advertising banners on other websites (publishers). This data cannot be used to personally identify you as a visitor of our website under no circumstances. The collected data will solely be used to improve our services. This information will not be used for any other objectives or transferred to third parties.
You can veto the anonymised analysis of your online behaviour on our websites by clicking here: Criteo unsubscription. If you have already unsubscribed (OptOut cookie) and would like to see personalised Criteo banners again, please click here: Criteo Subscription.
As a measure of protection, the evaluation proceeds on a statistical basis only, but not on the basis of your person. In addition, the high security standards of Criteo apply. Further, we concluded a contract with Criteo according to the specifications of Article 28, GDPR which states that we as well as Criteo are liable for processing your data. Therefore, you can contact either us or Criteo for any questions regarding data processing. You can find the contact information at https://www.criteo.com/legal/
The objective of using Criteo is the anonymised analysis of your usage behaviour on our websites and providing interest-related advertising.
The legal basis is the so-called legitimate interest, which has been examined in accordance with the European data protection requirements under Article 6 Paragraph 1 lit. f GDPR, in order to pursue the objective and within the framework of the aforementioned protective measures.
We use the following social plug-ins on our websites: Facebook's “Like” button, the “Google +1-button by Google and the “Tweet”-button by Twitter.
The respective service provider can be identified by the marking on the box above its initial letters as well as by the logo. We provide the option to directly communicate with the service provider of the plug-in via the button. Only if you click on the highlighted area and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. According to the provider in Germany, the IP address is anonymised immediately after collection in the case of Facebook. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider obtains data especially via cookies, we recommend that you delete all cookies using the security settings of your browser before clicking on the grayed-out box.
We have neither influence on the data collected and data processing procedures, nor are we aware of the full scope of data acquisition, the objectives of processing the data and the storage periods. Furthermore, we have no information on the deletion of the data obtained by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses these for means of advertising, market research and needs-oriented design of his website. Such an evaluation particularly takes place (for not logged-in users as well) for displaying needs-oriented advertisements, and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you have to contact the respective plug-in provider to exercise this right. We provide the option to interact with social networks and other users via the plug-ins. Therefore, we are able to improve our services and make them more interesting for you as a user. The legal framework for using these plug-ins is Article 6 Paragraph 1 S. 1 lit. f GDPR.
The data is transferred regardless of whether you have an account on the plug-in provider's website and are logged in there. If you are logged in on the plug-in provider's website, your data collected on our website will be directly assigned to your existing account on the plug-in provider's website. If you click on the activated button and link the page, for example, the plug-in provider stores this information in your user account, as well and notifies your contacts publicly of it. We recommend that you log out regularly from a social network after using it, especially before activating the buttons to prevent the assignment of information to your user profile on the plug-in provider's website.
Further information about the objectives and extent of this data acquisition, as well as their processing by the plug-in provider are available in the privacy policies of the providers listed below. Moreover, they will provide you with further information about your rights in this regard and configuration options available to you in order to protect your personal data.
Addresses of the respective plug-in provider and URLs of ther privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; for further information about data acquisition please visit: https://www.facebook.com/policy.php. Facebook is liable to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; for further information about data acquisition please visit: https://policies.google.com/technologies/partner-sites?hl=en-GB. Google is liable to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Twitter “Tweet” of the communication platform Twitter, provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA; for further information about data acquisition please visit: https://twitter.com/en/privacy. Twitter is liable to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework)..
The high security standards of the Google platform of Facebook and Twitter and the associated privacy policies of these platforms are regarded as protective measures (refer to the before mentioned). We collect no personal data via the social plug-ins or their usage. To prevent that data is transferred to the service providers in the USA without the user's knowledge, we use the so-called “Shariff solution”. This solution ensures that initially no personal data is transferred to the respective plug-in providers when you visit our website. Only after you click on one of the social plug-ins, data can be transferred to the provider and stored there. For more information about the Shariff solution please visit the website of the provider, Heise Medien Gmbh & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
The objective of the data transmission is implementing the plug-ins for the user to be able to share contents and interests with other users.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the objective and within the framework of the aforementioned protective measures and in accordance with the European data protection requirements under Article 6 Paragraph 1 lit. f GDPR
Sometimes it might be necessary for us to process personal data and, if required, sensitive personal data, in accordance with local laws and regulations, relating to the exercise or defence of legal claims. Article 9(2)(f) GDPR facilitates it, if the data processing “is essential for asserting, exercising and defending legal claims or if courts act in the course of their judicial activity”. For instance, this may be the case if we need legal advice in relation to legal proceedings or are legally obliged to preserve or disclose certain information in the course of legal proceedings.
This can, for example, happen if we need legal advice in reference to a legal procedure or if we are legally obliged to keep or reveal certain information within the context of a lawsuit.
upjers is aware of the significance and data protection of children on the internet. Therefore, and to comply with specific laws, we do neither intentionally collect personal, individually identifiable information about children under 16, nor do we offer content for children under 16.
upjers reserves the right to change this data privacy statement at any time, however, upjers will always adhere to the currently applicable data security laws. upjers advises you to inform yourself on each visit to these websites and games about the current data privacy statement.
Data Policy effective as of May 2018