The information in this declaration applies to the processing of personal data on or via our website and is intended in particular to inform you of the scope of processing, the purposes of processing, the recipients, legal bases, storage periods and your rights. Personal data are all information relating to an identified or identifiable natural person, i.e. a person (hereinafter also referred to as "data subject"), including for example your name, your address or your e-mail address. Processing" of personal data means in particular the collection, storage, use and transmission of such data.

I. Name and Address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

KING Art GmbH 
Tiefer 5
D-28195 Bremen
Germany

Tel. +49 (0) 421 322 76 0
Fax +49 (0) 421 322 76 20

imprint@kingart-games.com 

II. Contact data of the data protection officer

The data protection officer can be consulted under the following contact details:

KING Art GmbH 
– Privacy protection officer –
Tiefer 5
D-28195 Bremen
Germany

E-Mail: privacy@kingart-games.com 

III. General information data processing

1. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, legal basis is Art. 6 para. 1 lit. a GDPR.

Insofar as the processing of personal data is required for the performance of a contract to which the data subject is a party, legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, legal basis is Art. 6 para. 1 lit. c GDPR.

If processing of data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, legal basis is Art. 6 para. 1 lit. f GDPR.

2. Data deletion and storage time
The personal data of the data subject will be deleted or processing restricted as soon as the purpose of storage ceases to apply. In certain cases, data can be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject.

IV. Provision of the website and creation of log files

1. Description and extent of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing device (computer, smartphone, tablet, etc.).

The following data is collected:
  • The IP address of the accessing device
  • Information about the browser type and version used
  • The operating system of the accessing device
  • Referrer URL
  • Host name of accessing device
  • Date and time of access
  • Country from where you are accessing our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's device. For this the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure and improve the functionality of the website and for statistical evaluations.

Our legitimate interest in data processing also lies in these purposes.

4. Storage time
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this will happen after seven days at the latest. Further storage is possible. In this case, however, the IP addresses of the users are deleted or made anonymous, so that an identification of the accessing client is no longer possible.

V. Usage of Cookies

1. Description and extent of data processing
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

The following data is stored and transmitted in the cookies:
  • Language settings
  • Log-in information
  • Anonymized User ID

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para 1 lit. f GDPR.

3. Purpose of data processing
The cookies serve us to make our Internet presence more user-friendly and to ensure the secure operation of our Internet presence. These purposes also constitute our legitimate interest in the processing of the data.

4. Storage time and possibility of opposition and elimination
The session cookies of the XSRF token cookie are deleted two hours after you leave our website. The consent cookie is automatically deleted after 24 months and the login cookie after 60 months on your device, unless you delete these cookies manually beforehand.

Cookies are stored on your device and transmitted to our site. You therefore have the option of deactivating, restricting or deleting the transmission of cookies by changing the settings in your browser. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

VI. Webanalysis with Google Analytics

1. Description and extent of data processing
Our website uses Google Universal Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Universal Analytics uses "cookies", which are text files placed on users' computers, to help the website analyze how users use the site. The information generated by the cookie about the use of the website by users is generally transferred to a Google server in the USA and stored there. IP anonymization has been activated on this website so that the IP addresses of users of Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area are previously shortened. In some cases, the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by the users, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Universal Analytics is not merged with other Google data.

2. Legal basis for data processing
The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
The processing of user data by Google Analytics enables us to analyze the surfing behavior of our users. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of the data. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Storage time and possibility of objection
Cookies are stored on the user's device and transmitted to our site from there. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website.

You can object to the collection of data described above at any time with effect for the future by using the deactivation add-on for browsers from Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent data collection by Google Universal Analytics by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on terms of use and data protection can be found at:

5. Recipient of the data and transfer to a third country
The recipient of the data is Google. For the cases in which personal data is transferred to the USA, a transfer to Google in the USA as a third country within the meaning of the GDPR is permitted, since an appropriate level of data protection is given for the USA in relation to this company.

On the basis of Art 25 para. 6 EU-Personal data directive(1995), the EU Commission has issued an adequacy decision in the form of the so-called EU-US Privacy Shield. The EU-US Privacy Shield is an intergovernmental agreement between the United States and the European Union. This agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. A self-certification procedure by the companies under the supervision of the US authorities ensures that only companies that respect data protection equivalent to that of the EU process personal data from the EU in the USA. Google is certified according to the requirements of the EU-US Privacy Shield. This ensures an adequate level of protection for the designated recipients despite the lack of an adequacy resolution by the EU Commission within the meaning of Art. 45 GDPR. The current certifications can be viewed here: https://www.privacyshield.gov/list

VII. Contacting us by E-Mail contact form or phone

1. Description and extent of data processing
It is possible to contact us via the e-mail addresses provided on our website. In this case, the user's personal data transmitted by e-mail will be collected.

There is also a contact form on our website where you can send us support requests for our products.

We use this form to collect the following data, among other things:
  •  e-mail address
  •  Product
  •  Platform
  •  Preferred language

In addition, there is the data that you may transmit to us via your individual message.

You can also contact us via the phone numbers provided. If you contact us by phone, we generally collect the data that you provide to us or that is automatically transmitted with your call. This includes your name, your request and your phone number.

2. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of contacting us by e-mail, contact form or telephone is Art. 6 para. 1 lit. f GDPR. If the aim of the contacting is to conclude a contract or if the contact is made within the framework of an existing contractual relationship, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. 

3. Purpose of data processing
The processing of personal data serves us solely to process the establishment of contact. This is also our legitimate interest in the processing of the data.

4. Storage time
The data will be deleted as soon as the purpose of its collection is no longer given. For the personal data sent by e-mail or contact form or transmitted as part of a telephone contact, this is the case when the respective conversation with you has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

If data is collected in the course of e-mail communication which we are obliged to store due to tax, commercial law or other regulations, it will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.

VIII. Registration/Customer account

1. Description and extent of data processing
On our website, we offer customers the opportunity to create a customer account by entering personal data. The data is entered into an input mask and transmitted to us and saved. The following data is collected during the registration process:
  • First and last name
  • e-mail address
  • Country
  • Password

At the time of registration, the following data is also stored:
  • The date and time of registration

In the customer account further data of the customer are stored, e.g. his games, player tag and the order history. In addition, the customer has the option of storing shipping addresses there. The customer can see which data is stored for the customer account via the menu item "Settings" in his customer account and also add, delete or change the data there.

2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing
The processing of personal data within the framework of opening and providing the user account is carried out in order to offer the user the corresponding functionalities of the user account and thus serves the fulfilment of the corresponding agreement with the user.

4. Storage time
The data will be deleted as soon as the purpose of its collection no longer requires it. This is usually the case for the data stored in the customer account when the customer account is deleted.  We also delete a customer account if it is inactive for a period of 12 months, i.e. no login has taken place during this period.

If the customer account contains data which we are obliged to store or store due to tax, commercial law or other regulations, the data will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this storage is Art. 6 para. 1 lit. c GDPR.

IX. Newsletter

1. Description, extent and purpose of data processing
Within the registration for a customer account you also have the possibility to register for our newsletter. We will then use your e-mail address and your name to send you information and advertising about our games, promotions and events by e-mail.

2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR.

3. Storage time and revoke of consent
You have the possibility to unsubscribe from our newsletter at any time and thus to revoke your consent, e.g. via the corresponding settings in your customer account or via the corresponding links which you will find at the end of each newsletter.

If you revoke your consent, we will no longer use your data to send you our newsletter. However, we will store your e-mail address and the proof of your consent for a period of three years starting at the end of the year in which we last sent you our newsletter before your revocation, so that we can prove the consent in the event of a dispute. We will subsequently delete the data unless we need it for other purposes stated in this declaration, e.g. because you still have a customer account with us.

X. Orders in our online shop

1. Description and extent of data processing
When you place orders in our online shop, we collect the data that can be seen in the requested form fields and the order itself, among other things:
  • Country from where you are accessing our website
  • Your e-mail address
  • Subject and price of the order
  • Your used payment service
  • Transaction-ID of the payment service

2. Legal basis for data processing
The legal basis for the processing of these data is Art. 6 para. 1 lit. b and f GDPR.

3. Purpose of data processing
We use the data of the respective order, in order to execute and account for these. If you have a customer account, we also use the data to provide you with your games and order history. For these purposes, it is also in our legitimate interest to process the data.

4. Data transfer and collection by payment service providers
For the fulfilment of the contract we pass on your data to the shipping company commissioned with the delivery, as far as this is necessary for the delivery of ordered goods.

When processing payments, the selected payment service providers collect the necessary payment data themselves. The data protection declaration of the respective payment service provider shall apply in this respect.

5. Duration of storage and possibility of objection and elimination
The data on your customer account including the order history will be stored with us until your customer account is deleted.

Outside your customer account we use the data of your orders for the execution and accounting of these. After execution, billing and payment of an order, we still store the data as long as we are obliged to do so due to tax, commercial law or other regulations. Only then does the deletion take place. The legal basis for this storage is Art. 6 para. 1 lit. c GDPR.

XI. Categories of recipients of personal data

For the provision of our website and the offered contact possibilities, we make use of other service providers, including host providers and e-mail providers, each based in the European Union, who process the data stored by them exclusively on our behalf as processors according to Art. 28 GDPR.

XII. Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller (in the case of the fulfilment of further conditions regulated in the relevant regulations, if applicable):
  • The right of access according to Art. 15 GDPR
  • The right to rectification according to Art. 16 GDPR
  • The right to erasure ("right to be forgotten") according to Art. 17 GDPR
  • The right to restriction of processing according to Art. 18 GDPR
  • The right to a notification according to Art. 19 GDPR
  • The right to data portability according to Art. 20 GDPR
  • The right to object according to Art. 21 GDPR
  • The right not to be subject to a decision based solely on automated processing according to Art. 22 GDPR
  • The right to withdraw consent to the processing of personal data according to Art. 7 para. 3 GDPR

To assert these rights, please contact our data protection officer at the aforementioned address.
Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the GDPR.