The information in this Privacy Notice
applies to the processing of personal data on or via our website and is
intended to inform you in particular about the scope of processing, the
purposes of processing, recipients, legal bases, retention periods and your
rights. Personal data is any information relating to an identified or
identifiable natural person, i.e. an individual (hereinafter also referred to
as a ‘data subject’), including, for example, your name, address or email
address. ‘Processing’ personal data means, in particular, the collection,
storage, use and transmission of such data.
The controller within the meaning of the
General Data Protection Regulation (‘GDPR’) and other national data protection
laws of EU Member States as well as other data protection regulations is:
You may contact our data protection officer
as follows using the following contact details:
KING Art GmbH
Datenschutzbeauftragte
Kleine Waagestrasse 1
D-28195 Bremen
Email: datenschutz@kingart-games.com
In cases where we have obtained your
consent to process personal data, Art. 6(1)(a) of the General Data Protection
Regulation (‘GDPR’) serves as the legal basis for processing this personal
data.
When processing personal data required for
the performance of a contract to which the data subject is a party, Art.
6(1)(b) GDPR serves as the legal basis for such processing. This also applies
to processing operations that are necessary in connection with pre-contractual
activities.
In cases where it is necessary to process
personal data in order to comply with a legal obligation to which we are
subject, Art. 6(1)(c) GDPR serves as the legal basis for such processing.
If processing is necessary to protect a
legitimate interest of ours or a third party and if the interests, fundamental
rights and freedoms of the data subject do not outweigh these interests, Art.
6(1)(f) GDPR serves as the legal basis for such processing.
Personal data of the data subject will be
erased or blocked as soon as the purpose for which the data is stored ceases to
apply. Furthermore, data may be retained for longer periods if this has been
provided for by European or national legislative bodies in EU regulations, laws
or other rules to which the controller is subject.
This data is also stored in log files on our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
The temporary retention of the IP address
by the system is necessary to enable access to the website by the user’s
device. To this end, the user’s IP address must be stored for the duration of
the session. The data is stored in log files to ensure and improve the
functionality of the website and for statistical analysis.
These purposes also include our legitimate interest in processing personal data.
The data will be deleted as soon as it is
no longer necessary to achieve the purpose for which it was collected. In the
case of data collected to enable provision of the website, this will be
undertaken once the respective session has ended.
Any data stored in log files will be erased
within seven days at the latest. Retention beyond this period is nevertheless
possible. In this case, the users’ IP addresses will be erased or modified, so
that it is not possible to associate the IP address with the requesting client.
Cookies are small text files that are saved
on the hard drive of your computer according to the web browser you use and
that send certain information to the party who placed the cookie.
We use the following cookies that are
necessary for the provision of our website (essential cookies):
We use so-called session cookies on our
website. The purpose of these cookies is to identify your device during a visit
to our website and to be able to determine the end of your visit. These cookies
store a so-called session ID by means of which various requests from your
browser can be assigned to a common session. This allows us to recognise your
computer when you return to our website during a browser session.
When you visit our website, you can consent
to the use of so-called tracking cookies via a so-called cookie banner (see
section 6). If
you click on ‘Accept’ on the cookie banner, a cookie with this information will
be stored on your device (‘consent cookie’) so that the cookie banner will no
longer be displayed on subsequent visits to our website.
If you have a user account and log in, you
have the option to activate the ‘Remember login’ function. If you do so, a
cookie will be set on your device that identifies you as logged in so that you
do not have to log in again each time (‘login cookie’).
For security reasons, we also use a
so-called XSRF token cookie, the purpose of which is to prevent cross-site
request forgery attacks on our website.
In addition, Google Analytics sets cookies that are used for purposes of web analysis (see section 7).
The legal basis for setting essential cookies is Art. 6(1)(f) GDPR.
Essential cookies enable the provision of our web pages and support the security of the operation of our website These purposes also include our legitimate interest in processing the relevant data.
The XSRF token session cookies are deleted
two hours after you leave our site. The consent cookie and the login cookie are
automatically deleted from your device after 24 months unless you delete them
before that.
Cookies are stored on your device and
transmitted by your device to our website. Accordingly, you have the option to
deactivate, restrict or delete the transmission of cookies by changing your
browser settings. If cookies are deactivated for our websites, you may no
longer be able to use all functions of our website to their full extent.
We use the web analysis tool Google Analytics for purposes of tailoring the design of our website. Google Analytics creates usage profiles based on pseudonyms. Permanent cookies are stored on your device and read by us for this purpose. This permits us to recognise returning visitors and tally them as such.
Data processing is based on your consent in accordance with Art. 6(1)(a) GDPR provided that you have given your consent via our banner. The data transfer to a third country is based on Art. 49(1)(a) GDPR.
Processing users’ data via Google Analytics enables us to analyse the surfing behaviour of our users. We are able to compile information about the use of the individual elements of our website by evaluating collected data. This helps us to continuously improve our website and its user-friendliness. These purposes also include our legitimate interest in processing personal data. The interest of users in protecting their personal data is given due consideration through the anonymisation of IP addresses.
Cookies are stored on the user’s device and
transmitted by it to our website. Therefore, as a user, you have full control
of the use of cookies. You can deactivate or restrict the transmission of
cookies by changing the settings of your web browser. Cookies that have already
been saved can be deleted at any time. This can also be done automatically. If
cookies are deactivated for our websites, you may no longer be able to use all
functions of our website to their full extent.
You may withdraw your consent to the data
collection described above at any time with future effect by using the Google
Analytics Opt-out Browser Add-on found at:
http://tools.google.com/dlpage/gaoptout?hl=de.
You can also prevent Google Analytics from
collecting this data by clicking on this [link]. This sets an opt-out cookie
which prevents any future collection of your data when visiting this website.
This opt-out cookie is only valid in this browser and only for our website and
is stored on your device. If you delete the cookies in this browser, you must
set the opt-out cookie again.
Additional information about Google’s terms
of use and Privacy Policy is available at:
Google Ireland Limited and Google LLC. (USA) support us as processors according to Art. 28 GDPR. The data processing can therefore also take place outside the EU or EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. Please take this into account if you decide to give your consent to the use of Google Analytics.
We use the Google reCaptcha service to determine whether a person or a computer is making specific entries in our contact form. Google uses the following data to determine whether you are a person or a computer: IP address of the device in use, the website of ours you are visiting and on which the Captcha is embedded, the date and duration of your visit, identification data for the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces as well as tasks in which you have to identify images. The legal basis for the data processing described above is Art. 6(1)(f) of the General Data Protection Regulation (weighing of interests, based on our interest in ensuring the security of our website).
Contents from the third-party provider are
downloaded only after clicking on the preview image. This informs the
third-party provider that you have accessed our site and they are provided
technically required usage data in this context. We have no influence over
subsequent data processing by the third-party provider. YouTube/Google is based
in the United States. There is a risk that authorities may access the data for
security and monitoring purposes without you being informed or having the right
to appeal. Please take this into account if you decide to give your consent to
the use of YouTube. By clicking on the preview image, you are providing us
consent to download content from the third-party provider.
Embedding is based on your consent in
accordance with Art. 6(1)(a) GDPR provided that you have given your consent by
clicking on the preview image. The data transfer to a third country is based on
Art. 49(1)(a) GDPR. Please do not click on other preview images if you do not
want similar downloads on other pages.
You can contact us via the email address
provided on our website. In this case, the user’s personal data transmitted
along with the email will be collected.
Our website also provides a contact form
that you can use to send us support requests related to our products.
We collect the following details using this
form:
This is supplemented by any other data you
include in your specific message.
You may also contact us via the telephone
numbers we have provided. If you contact us by telephone, we usually collect
all data you provide us in the form of conversation note, or data that is
automatically transmitted with your call. This includes your name, your request
and your telephone number.
The legal basis for processing data
transferred in the course of contacting us by email, contact form or telephone
is Art. 6(1)(f) GDPR. If the intent of contacting us is to enter into a
contract or is within the scope of an existing contractual relationship, this
creates an additional legal basis for its processing in accordance with Art.
6(1)(b) GDPR.
We process personal data in such cases
solely for the purpose of processing your enquiry. This likewise comprises the
required legitimate interest in processing such data.
The data will be deleted as soon as it is
no longer necessary to achieve the purpose for which it was collected. For
personal data sent by email or contact form, or that is transmitted in the
context of a telephone call, this is the case when the respective conversation
with you has ended. The conversation has ended when it can be inferred from the
circumstances that the matter at hand has been conclusively resolved.
If, in the course of communication, data is created that we are obliged to retain or store on the basis of tax, commercial or other regulations, it will only be deleted after the expiry of the respective legal retention or storage periods. The legal basis for storage in such cases is Art. 6(1)(c) GDPR.
We offer users the option to create a
customer account on our website subject to the provision of personal data. In
this context, data is entered via an input form, transmitted to us and stored.
The following data is collected during the registration process:
The following data is also stored at the
time of registration:
Additional customer data is stored in the
customer account, e.g. the user’s games, player tag and the order history. In
addition, the customer has the option to store shipping addresses in the
customer account. The customer can see which data is stored in the customer
account in each case using the menu heading ‘Settings’ in their customer
account and can also supplement, delete or modify the data using these
settings.
The legal basis for processing data in this
context is Art. 6(1)(b) GDPR.
Personal data is processed in the context
of opening and using the user account in order to provide the user with the
corresponding features of the user account and thus facilitates performance of
the corresponding agreement with the user.
The data will be deleted as soon as it is
no longer necessary to achieve the purpose for which it was collected. This is
usually when the customer account is deleted with regard to data stored in the
customer account. We will also delete customer accounts if they are inactive
for a period of 12 months, i.e. if there has been no login during this period.
If data is created with regard to a customer account that we are obliged to retain or store on the basis of tax, commercial or other regulations, it will only be deleted after the expiry of the respective legal retention or storage periods. The legal basis for storage in such cases is Art. 6(1)(c) GDPR.
You also have the option to subscribe to
our newsletter when registering for a customer account. We will also use your
email address and name to send you information and advertising about our games,
promotions and events by email.
The legal basis for data processing in this
context is your consent pursuant to Art. 6(1)(a) GDPR.
You can choose to unsubscribe from our
newsletter at any time and thus withdraw your consent, for example by using the
corresponding settings in your customer account or using the corresponding
links available at the end of each newsletter.
We will no longer use your data to send our newsletter if you withdraw your consent. However, we will store your email address and proof of your consent for a period of three years starting at the end of the year in which we last sent you our newsletter before you withdrew your consent, so that we can verify your consent in the event of a dispute. We will then delete this data unless we need it for other purposes listed in this Privacy Notice, for example because you still have a customer account with us.
When you place orders in our online shop, we collect the data that is apparent from the required form fields and the order itself, including:
The legal basis for processing this data is
Art. 6(1)(b) and (f) GDPR.
We use the data from the respective order
for purposes of executing and invoicing the order. If you have a customer
account, we also use the data to make your games and order history available to
you. These purposes also include our legitimate interest in processing personal
data.
In order to perform the contract, we share
your data with the shipping company we have commissioned to perform delivery to
the extent necessary for the delivery of merchandise you have ordered.
The selected payment service providers
collect required payment data themselves in the course of processing
payments. Accordingly, this is governed
by the privacy notice of the respective payment service provider. External
payment services have been integrated into our shop in such a way that a
connection to the respective service provider’s servers is only created when
you select the respective service as a means of payment during the ordering
process.
Data in your customer account, including
your order history, will be stored by us until your customer account is
deleted.
We use data from your orders for the execution and invoicing of your order outside of your customer account. After the execution, invoicing and payment of an order, we still store the data concerned as long as we are obliged to do so on the basis of applicable tax, commercial or other regulations. This data will be deleted only after the expiry of such periods. The legal basis for storage in such cases is Art. 6(1)(c) GDPR.
We make use of various service providers,
including host providers and email providers, for the provision of our website,
and contact options we offer. They process data stored by them exclusively on
our behalf within the European Union as processors in accordance with Art. 28
GDPR.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the controller (if applicable, subject to satisfaction of additional requirements set out in the relevant regulations):
Please contact us using the contact details
set out above if you wish to exercise any of these rights.
Notwithstanding any other administrative or
judicial legal remedy, you also have the right to lodge a complaint with the
competent supervisory authority if you are of the opinion that the processing
of your personal data breaches the GDPR.