Privacy Policy

Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data when using our mobile apps.

§ Controller

The controller and provider of our mobile apps listed under B including BestPlay or ‘Bestplay’, (each and jointly “App”) is Bestplay Systems S.L. email: [email protected]

This privacy policy also names other controllers that process your personal data.

§ Data Protection Officer

We have appointed a data protection officer who may be reached via email to [email protected].

§ Personal Data and Processing Purposes

Personal data are any information relating to an identified or identifiable natural person. Personal data include e.g. name or email address.

We will only collect, use and/or pass on personal data if this is permitted by law or if you give your consent.

Applicable legal provisions are, in particular, those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

Your data will be used for the following purposes:

● to provide you with the functionality of the App,

● to answer any requests you send to us or send you emails,

● to implement this privacy policy and carrying out the contractual relationship with you,

● to analyze your use of our App and improve our App with our legitimate interests of quality assurance and marketing,

● to analyze your use of the App and cooperate with our advertising partners with the legitimate interest of marketing,

● as otherwise explained in this privacy policy or by any communication by us.

You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face disadvantages, for example, limited or no possibility of using our App.

In general we do not process any data via “profiling” or in form of automated decision making via the App.

For reasons of fraud prevention, payouts that users earn through the use of the App will only be possible after additional user verification via a selfie taken with the device’s camera when first requesting a payout. Consent to the processing of personal data therefore already applies to the processing of these photos. I acknowledge that selfies are also special-category personal data per Art. 9 para. 1 GDPR and expressly consent to the processing described below.

We use users’ selfies exclusively for the purpose of fraud prevention and to ensure that bonuses have not been earned through the automated, fraudulent use of software. For this purpose, a photo (“selfie”) is saved when your face is recorded using your device’s camera. We use the recording to create an individual and anonymous digital user ID that is used to check whether the bonus has actually been earned by a real person and whether this person has already requested or received a bonus with another account. For reasons of data economy, this is only necessary if you want to receive bonuses. If you do not want to receive bonuses, you can use the App fully without providing any selfies. The selfies will not be used by us for any other purposes and we will delete them 4 weeks after your bonus has been disbursed.

§ Download and Use of the App

When using the App, we collect the personal data described below to enable convenient use of the functions. If you want to use our App, we collect the following data, which is technically necessary for us to offer you the functions of our App and to guarantee stability and security (legal basis is Art. 6 (1) f. GDPR): IP address, unique device ID, location, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, app usage data, operating system and its interface language.

The legal basis for our processing of this data is Art. 6 (1) b. GDPR on the basis of the existing contract with the app store and us.

§ Registration for the App; Facebook Connect

Furthermore we need your email address in order to create and manage your account, to process your enquiries and, if necessary, to be able to contact you. If you register via Facebook (facebook.com) we process your email address and name from your user profile on Facebook after you have clicked the respective button. For further details on data processing on Facebook please refer to: Full Data Use Policy

The legal basis for our processing of data is Art. 6 (1) b. GDPR based on the existing contract with us or your consent to use such data based on Art. 6 (1) a. GDPR.

You have the right to change the email address via message to [email protected] at any time.

§ Use of the App

For using more functions of the App you are asked to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective submit button within the App.

If you are using additional paid options in our App we may ask for your full name and address details. However, please note that we do not process your payment data and bank account details but use external providers that handle the payments.

You may delete and change entered data any time via message to [email protected].

If the data processed for providing the App services are considered personal data, such data processing is based on Art. 6 (1) b. or f. GDPR for the purpose of providing our service and analyzing those data based on our legitimate interests of improving our product and research purposes.

§ Advertising Partners and use of the Advertising ID

We and our advertising partners also use the information collected, including your personal data, for marketing/advertising purposes.

For this purpose the following data: GAID / IDFA, IP address, location / time zone and locale settings (country and preferred language), carrier, operating system, network connection type and speed, device properties related to screen size and orientation, audio volume and battery, device memory usage, Internet browser user-agent used to access the services, device make, model and operating system are processed by us and such advertising partners.

The so-called ‘Advertising Identifier’ (IDFA) or ‘Google Advertising Identifier’ (GAID) is a unique, but non-personalized and non-permanent identifier for a specific device provided by iOS or Android. Data collected through such identifier is not linked to any other device-related information. We as well as our advertising partners use the identifier to provide you with personalized advertising and to evaluate your use. If you activate the option [‘no ad tracking’ / ‘Ads’] in the iOS/Android settings, we can only take the following actions: Measuring your interaction with banners by counting the number of times a banner is displayed without clicking (‘frequency capping’), click rate, unique user detection, security measures, fraud prevention and troubleshooting. You can delete the IDFA / GAID at any time in the device settings, then a new IDFA / GAID will be created which is not merged with the previously collected data. Please note that if you limit the use of the identifier, you may not be able to use all the features of our Apps.

For more information, contacting details about such advertising partners as well as their privacy guidelines please refer to:

● AppLovin by AppLovin Corporation, 849 High St., Palo Alto, CA 94301, USA: Applovin Privacy and Applovin Data Processing Agreement;

● Facebook by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA / Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland: Facebook Full Data Use PolicyAudience Network Publisher TOS and Facebook Data Procesing

● Google by Google LLC, Mountain View, CA, USA / Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland: Google Privacy Policy;

● Fyber by the Fyber Group (Fyber N.V., Fyber Monetization Ltd., Fyber GmbH, Fyber Media GmbH, Fyber RTB GmbH, Advertile Mobile GmbH, and Heyzap Ltd.): Fyber Privacy Policy;

● InMobi by InMobi Pte Ltd, Embassy Tech Square, 7th Floor, Block Delta, B Block, Kadubeesanahallli Village Outer Ring Road, Varthur Hobi, Bengaluru, 560103, India: InMobi Privacy Policy

● IronSource by ironSource Mobile Ltd. 121 Menachem Begin Rd., Tel Aviv, Israel: IronSource Privacy Policy;

● MoPub by MoPub Inc. as a division of Twitter, Inc., 1355 Market S San Francisco, CA 94103, USA: MoPub Privacy Policy;

● AdColony Inc, 1888 Century Park East, Suite 1450, Century City, CA 90067: Adcolony Privacy Policy;

● Vungle by Vungle Inc, 1255 Battery Street, Suite 500, San Francisco, CA, 94111, United States: Vungle Privacy Policy;

● MyTarget by My.com B.V. located at Barbara Strozzilaan 201, 1083HN, Amsterdam, the Netherlands: MyTarget Privacy Policy;

Such data processing is performed to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations (based on Art. 6 (1) b. GDPR or TMG and as otherwise explained in this privacy policy) or improving our product and perform marketing activities (based on Art. 6 (1) f. GDPR). Regarding the data processing based on Art. 6 (1) f. GDPR we wish to achieve the legitimate interests of marketing. If legally required such data processing shall be based on your explicit consent (Art. 6 (1) a. GDPR).

OPT-OUT:

You may de-activate the processing of data for such advertising and marketing purposes via message to [email protected]

§ Analysis of your data

We (as well as third party providers engaged by us) also use the information collected, including your personal data, for the purpose of marketing and improving our Apps. For this purpose your personal data, such as the IP address, the ‘Advertising Identifier’ (IDFA) or ‘Google Advertising Identifier’ (GAID) as well as further use data is used.

For more information, contacting details about such third party service providers engaged by us for such purposes as well as their privacy guidelines please refer to:

● ‘Tenjin’ by Tenjin, Inc., 333 Bryant St., Suite 100, San Francisco, CA 94107; more information: Tenjin Privacy Policy;

● ‘Unity 3D’ by Unity Technologies Finland OY, Kaivokatu 8 B, 00100 Helsinki, Finland / Unity Technologies, 30 3rd Street, San Francisco, CA 94103, USA; more information: Unity 3D Privacy Policy, Unity3D Controller DPA Monetization Advertising, Unity3D GPDR;

● ‘Google Firebase’ by Google LLC, Mountain View, CA, USA / Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland: more information: Firebase Google and Google Privacy Policy;

● ‘Flurry Analytics’ by Flurry Inc. / Oath Inc., 701 First Avenue, Sunnyvale, CA 94089, USA / Oath (EMEA) Ltd., 5-7 Point Square, North Wall Quay, Dublin 1, Ireland; more information: Flurry TOS , Flurry DPA  and Oath Privacy Policy;

● ‘Facebook Analytics’ by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; more information: Facebook Policy , Facebook Data Processing, Facebook Ads Preferences or Facebook Settings;

● AppLovin by AppLovin Corporation, 849 High St., Palo Alto, CA 94301, USA: Applovin Privacy and Applovin Data Processing Agreement;

Such data processing is performed to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations (based on Art. 6 (1) b. GDPR or TMG and as otherwise explained in this privacy policy) or improving our product and perform marketing activities (based on Art. 6 (1) f. GDPR). Regarding the data processing based on Art. 6 (1) f. GDPR we wish to achieve the legitimate interests of quality assurance and marketing. If legally required such data processing shall be based on your explicit consent (Art. 6 (1) a. GDPR).

OPT-OUT:

You may de-activate the processing of data for such analytics purposes any time in the App via message to [email protected].

§ Contacting us; Sending Messages

When contacting us via the App/email, your details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.

We may also contact you via App/email for purposes related to the use of the App or similar services based on Art. 6 (1) b. or f. GDPR, TMG, or German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb, UWG) if you did not object to such messages.

§ Your Rights

You have certain rights referring to the use of your personal data, which you may act upon any time without any disadvantages:

● You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based on your consent.

● You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.

● You have the right to object to the processing of your personal data, for example if your personal data are processed for direct marketing purposes.

● You are entitled to request the erasure of your data.

● You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.

● For acting according to your rights as set forth above please contact us via [email protected]. You may also download your data via clicking the respective button in the App’s settings menu.

You also have the right to lodge a complaint with a supervisory authority of your choice (for example for Berlin Contact). An overview of the European National Data Protection Authorities may be found here: EU Data Protection Authorities

§ Third Party Providers used by us; data processing outside the EU/EEA

When using the App your data may be processed by third party providers engaged by us, for example cloud service provider(s) and advertising partners.

We use Google Cloud Services by as hosting service provider that processes data on servers in the EU/EEA.

The third party providers and advertising partners named in this privacy policy engaged by us (Google, Facebook, AppLovin, Flurry/Oath, MoPub, Tapjoy, IronSource, inMobi, Vungle, Mytarget, Adcolony) may process data outside the EU/EEA.

The US companies offering the services by Google, Facebook, AppLovin, Tenjin, MoPub Inc./Twitter, Inc. and Tapjoy are each certified according to the “EU-US-Privacy-Shield” to guarantee the compliance with EU data protection standards. For more information please refer to: Privacy Shield

To guarantee the compliance with EU data protection standards the companies offering the services of Flurry are either also certified according to the “EU-US-Privacy-Shield” or EU Standard Contractual Clauses; for more information see Oath Data Transfer Policy.

ironSource Mobile Ltd., Israel guarantees the compliance with EU data protection standards via the respective adequacy decision by the EU Commission (see: EU Data Protection).

The provider of inMobi has submitted to EU Standard Contractual Clauses for the international transfer of personal data (see: EU Standard Contractual Clauses ).

For further information (on engaged third party providers) please contact us via [email protected].

§ Deletion of Data; Retention Periods

The data are deleted if such data are no longer necessary for the purpose of processing.

Your profile and account data are deleted after you deleted such data in your App account or deleted the entire account via the respective button in the App, which is more or less immediately after such deletion according to our deletion routines.

In the case of long-term contractual relationships, such as the use of our App, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)). Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

§ Data Security and Encryption

We have implemented sufficient measures to ensure data and IT security. The App is operated through a safe TLS-connection, which is a protocol used to encrypt the connection from your device to our servers.

§ Access and Changes to this Privacy Policy

This privacy policy is accessible via the App’s settings menu.

We reserve the right to change the regulations of this privacy policy at any time, taking into account applicable laws and data protection provisions.

§ Data processing on our Facebook Page

We operate a “Social Media Page” on Facebook, facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy Facebook Policy, opt-out:  Opt-Out or Settings.

When you visit our Social Media-Page, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of Social Media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such provider has direct access to the relevant information on the Social Media Page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to the respective provider if necessary.

When using Facebook and Instagram data may also be processed outside the EU. The US company of Facebook is certified in accordance with the EU-US Privacy Shield agreement, which guarantees compliance with data protection regulations in the EU. For more information please refer to: Privacy Shield.

With our Social Media Pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages and reactions, which we then process to answer or communicate with you. If you use Social Media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of the Social Media Pages may also use cookies and tracking technologies to analyse and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services, advertising and marketing activities and presentation to the outside world (Art. 6 (1) f GDPR).

§ Page Insights and Cookies on Facebook:

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: Facebook Page Controller Addendum). This involves the processing of data in the form of so-called ‘page insights’, which are described in more detail at Facebook Page insights.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared or licked when and how often. When classifying people into target groups, demographic data or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook’s data protection statement at Facebook Policy or at Facebook Page Insights.

Facebook also uses cookies and storage technologies. More information can be found here: Cookie Policy

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at Preferences or the Facebook settings in your account. Facebook also provides opportunities to contact or exercise rights at Facebook Contact 1 or Facebook Contact 2.

§ Specific Provisions for California Consumers:

These additional provisions for California consumers apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires “businesses” collecting or disclosing personal information to provide notice and a means to exercise those rights.

● Categories of personal information collected in the preceding 12 months

● Business purpose for collection

● Third parties with whom we may share your information

§ Right to Know and Right to Delete

For any of the personal information described above, you can request to know what personal information we collected, disclosed, used and sold, and request that we delete your personal information at any time.

To exercise your right to know and right to deletion, please submit a request by:

Emailing [email protected] with the subject line “California Rights Request.” We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. In certain circumstances, we may decline a request to exercise the right to know and right to deletion, particularly where we are unable to verify your identity.

Upon verification of your request, we will delete (and direct our service providers to delete) your personal information from our records, unless retaining the information is necessary for us or our service providers to complete the transaction with you, detect security incidents or fraud, fixing errors, exercise free speech or another right provided by law, comply with legal obligations, or other internal and lawful uses.

§ Right to Opt Out of Sale

CCPA gives you a right to direct a business that sells your personal information to stop selling your personal information and to refrain from doing so in the future. We do not sell any of your personal information and will require our service providers not to sell your personal information.

You also have the right not to be discriminated against for exercising any of the rights listed above.

If you are a California resident seeking to exercise your rights under the CCPA or have any questions or concerns, please email us at [email protected]. In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorized agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us.

We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

§ Questions?

For any inquiries and additional questions about processing personal data please contact [email protected]. Our contact details may also be found above or in the imprint under the App’s settings menu.