The RPG Raid Roleplaying Games Ltd (“RPG RAID Roleplaying Games”/“we”) is committed to protecting the privacy of its users (“users”/“you”) with regard to the processing of personal data. RPG Raid Roleplaying Games observes the applicable data protection requirements.
We have compiled this document to inform our users about the handling of their data. If you have any questions concerning the use of your personal data by RPG Raid Roleplaying Games, or if you would like to revoke a previously granted declaration of consent, please get in touch with us and tell us about the game you play, your platform and the server you use.
This Data Protection Statement applies to all services offered on the websites operated by RPG Raid Roleplaying Games Ltd, in particular www.rpgroleplayinggames.com, (“website”) and mobile applications, as well as the games offered for download via portals such as the Apple App Store and Google Play Store etc. (“games apps” or “apps”)
We offer our apps only to persons who are 16 years or older. This means that we do not process any data of persons who are younger than 16 years of age.
RPG Raid Roleplaying Games Ltd 71 Queen Victoria Street, EC4V 4BE, London Email: email@example.com Website: www.rpgroleplayinggames.com
Name and address of the Data Protection Officer The data controller has appointed the following Data Protection Officer: Email: firstname.lastname@example.org
General information on data processing 3.1 Legal basis for the processing of personal data Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data that was obtained with the consent of the data subject.
Article 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data that is required for the performance of a contract to which the data subject is a party. This also applies to data processing operations that are necessary for the performance of pre-contractual measures.
In as far as the processing of personal data is required for compliance with a legal obligation incumbent on our company, the legal basis for data processing is Article 6 para. 1 lit. c GDPR.
In the event the vital interests of the data subject or another person compel us to process personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis for such data processing.
Article 6 para. 1 lit. f GDPR serves as the legal basis if the data processing is necessary to safeguard a legitimate interest of our company or a third party in a situation where the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the legitimate interest of our company or a third party.
3.2 Deletion of data, storage period We will delete or block a data subject’s personal data as soon as the purpose of storing the data has been achieved. Personal data can be stored for longer periods if prescribed by a European or national legislator in EU regulations, laws or other regulations that govern the data controller. The data is also blocked or deleted at the end of a retention period prescribed by one of the above regulations, unless the data is required to be stored for a longer period for the purpose of performing or entering into a contract.
3.3 Data security We always try our best to put reasonable arrangements in place to prevent unauthorised access to your personal data, use of your personal data or manipulation of your personal data and to minimise the risk of these incidents occurring. The provision of personal data is, irrespective of whether disclosed in person, over the phone or via the internet, inevitably associated with certain risks and no technological system is absolutely fail-safe from being manipulated or sabotaged.
We process all information collected from you in accordance with the German and European data protection laws. All our employees are bound by data secrecy and the data protection regulations and have been instructed accordingly. When making a payment, your data will be transmitted using SSL-encryption technology.
4.2 Each access of a registered user on the website and each file access will cause the following use-specific access data to be transmitted to our server: internet protocol, shortened IP address, the respective device, advertising, user or ad ID, the URL of the referring website from which the file was requested or the ID of the social network if you used one to log on, date and time of access, territory from which the game app was downloaded, state in which the game app was accessed, browser type and operating system, the page visited by you, data volume transmitted, access status (file transfer, file not found etc.), duration and frequency of use, device type, language setting, date of downloading the game app, number of days since downloading the game app, name and number of game apps from RPG Raid Roleplaying Games for which the user is registered. RPG Raid Roleplaying Games also stores the game scores, levels achieved and other game-related data that we require to operate the game app for the user. We further store data for the purpose of placing advertising messages, specifically advertising messages that were delivered to the user. We collect the user’s advertising network ID and information on whether the user found the game app as a result of an advertising campaign.
4.3 To improve the gaming experience for our users, RPG Raid Roleplaying Games will collect information on the duration of use, the number of times the games app was launched, internet protocol, IP address, device type and operating system, data volume transferred, access status (file transfer, file not found etc), avatar name, download tag and game app version, as well as amounts/tokens you have invested in the game app’s features. This data can be used to generate pseudonymised statistics that help RPG Raid Roleplaying Games to make the apps and games even better for you, fix bugs and improve our services. The data is not used for any other purpose specifically related to the data subject. This data will be deleted as soon as there is no further need for their storage, the user has requested the data to be deleted, or a law prohibits the (continued) storage of the data. Data can only be deleted if the deletion is not opposed by a statutory retention obligation.
As a general rule, RPG Raid Roleplaying Games will only collect and use the personal data specifically disclosed by the user, i.e. during his registration or login, for the user’s enrolment in prize competitions or use of paid services. Personal data means data that contains information about personal or factual circumstances (e.g. name, address, date of birth, e-mail address).
The contractual use of the games apps requires the collection and processing of the user’s personal data by the stores RPG Raid Roleplaying Games has no control over this type of data collection and does not accept any liability or responsibility. Detailed information about the data collected by Google Play and Apple App Store, Windows Store and other stores may be obtained from the data protection statement of the respective store. RPG Raid Roleplaying Games processes this data to the extent it is provided by the stores and necessary for downloading the games app to the user’s device, as well as for the operation of the games app. The data is not stored for any other purposes.
The user may be required to disclose additional data, such as his full name, address, etc., for purposes associated with the contractual use of the games app and the performance of the license agreement accepted by downloading the app, and in particular data associated with the use of paid services by the user (i.e. download of a paid app or in-game purchase). RPG Raid Roleplaying Games does not collect and process any payment data (bank account numbers, credit card data, etc.).
Google Play IDs and Game Center IDs can be saved to allow login from multiple devices.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6, para. 1 lit. f GDPR.
4.9 Data processing purpose The temporary storage of a user’s IP address by the system is necessary to deliver the services to the user’s computer. This requires the IP address to remain stored for the duration of the session.
The storage in log files serves the purpose of warranting the faultless functioning of the services. The data also assists us in optimising the website and to warrant the security of our computer systems. The data is not analysed for any marketing purposes, it is analysed exclusively for statistical purposes.
Our legitimate and prevailing interest in processing the data pursuant to Article 6 para. 1 lit. f GDPR is based on these purposes.
4.10 Period of storage The data will be deleted as soon as it is no longer required for achieving the purpose of their collection. Where data is collected for the purpose of making the website available, this is the case when the respective session has ended.
Where data is stored in log files, this is the case after a maximum period of seven days. In certain other cases, your data may be stored for longer periods. If this is the case, the IP addresses of the users will be deleted or anonymised, with the result that the accessing client can no longer be identified.
4.11 Your right to object and contest a decision Collecting the data for the purpose of making the website available and storing the data in log files is an essential requirement for the operation of the website. Users therefore cannot object against this type of data collection.
5.3 The user may change his login settings at any time if he wishes to prevent such data from being exchanged with Facebook, Google or other social networks he has previously used to login into on our services.
6.2 In all other respects, personal data is only disclosed if required for the protection of other users, for the prosecution of criminal offences, or as permitted under the statutory data protection regulations. We may in certain cases be compelled to disclose the data on the basis of statutory requirements (i.e. disclosure to investigating authorities). Disclosure is always limited to the extent necessary, legally permitted or prescribed.
6.3 A declaration of consent to the disclosure of data previously granted to us may be revoked at any time and without stating reasons.
RPG Raid Roleplaying Games complies with the statutory requirements and deletes personal data immediately upon being requested to do so by the user, unless prevented from deleting the data by statutory retention obligations.
A list of cookies used on our website and descriptions of these cookies can be found here.
Links to other websites Our website may from time to time contain interactive references (so-called links), for which RPG Raid Roleplaying Games does not accept any responsibility. RPG Raid Roleplaying Games has no control over the content and design of the linked external websites or internet services the user may access via our webpages. The respective operators of these internet services are exclusively responsible for their design, content and compliance with data protection requirements.
Push notifications 10.1 Description and scope of data processing You can set the configurations of your device to permit us to send you push notifications for updates to games apps and other relevant information. You can manage your push settings in the “options” or “settings” menu of your mobile app, or in the settings of your device.
10.2 Legal basis for data processing The legal basis for the processing of the data for the purposes of a contract is Article 6 para. 1 lit. b GDPR.
10.3 Period of storage The data will be stored until you delete them.
10.4 Your right to object and contest a decision For Apple mobile devices: Open the settings on your mobile device (e.g. iPhone or iPad), and select the menu item “Privacy”. You can switch off ad tracking under the menu item “advertising”.
For devices with Android operating systems: Open the settings in your app-list and tap the “Ad” button. Once the ad window has opened, you can disable the Google Advertising ID.
The provision of personal data, irrespective of whether disclosed in person, over the phone or via the internet, carries certain inevitable risks. No technological system is absolutely fail-safe from being manipulated or sabotaged. We would like to point out that there is always a residual risk of a transmission of data over the internet (i.e. communicating by email) being compromised. A fail-safe, guaranteed protection of the data against access by third parties is not possible.
12.1 Right to information You can request the data controller confirm whether we are processing any personal data relating to you.
If this is the case, you may request the data controller to provide you with the following information:
You have the right to request information on whether your personal data is transmitted to a third country or an international organization. You may in this respect demand to be informed about the adequate safeguards taken in relation to the transmission pursuant to Article 46 GDPR.
12.2 Right to correction You have the right to demand the data controller to correct and/or complete any of your personal data that is incorrect or incomplete. The data controller must correct or complete the data without undue delay.
12.3 Right to restrict the processing of data You can demand the processing of your personal data to be restricted under the following conditions:
Where the processing of your personal data has been restricted, such data may – except for their storage – only be processed with your consent or for the purpose of asserting, exercising or defending legal interests, or to protect the legal interests of another person or legal entity, or for reasons of a substantial public interest of the European Union or a Member State.
If the data processing was restricted on the basis of the conditions stipulated above, you will be notified by the data controller prior to lifting the restriction.
12.4 Right to the deletion of your data You may at any time delete your account.
12.4.1 Mandatory deletion You may instruct the data controller to promptly delete your personal data. The data controller is legally required to delete such data without undue delay, provided one of the following reasons apply:
Your personal data is no longer required for the purposes they were collected or previously processed.
You revoke your declaration of consent on which the data processing was based pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a GDPR, and there is no other legal basis that would legitimate the data processing.
You object against the data processing pursuant to Article 21 para. 1 GDPR and there are no prevailing legitimate reasons for the data processing, or you lodge an objection against the data processing pursuant to Article 21 para. 2 GDPR.
The processing of your data was unlawful.
The deletion of your personal data is necessary to perform a legal obligation under EU law or the law of a Member State governing the data controller.
Your personal data was collected in relation to services offered by the information society pursuant to Article 8 para. 1 GDPR.
12.4.2 Notification of third parties Where the data controller has made your personal data publicly accessible and is required to delete your data under Article 17 para. 1 GDPR, the data controller will, in consideration of the available technology and cost of implementation, take adequate measures, including technical measures, to inform any other data controllers who process such personal data about the circumstance that you as the data subject have requested them to delete all links to said personal data, copies or reproductions of such personal data.
12.4.3 Exemptions You are not entitled to the deletion of your data to the extent the data processing is required
You are entitled to be informed about these recipients by the data controller.
When you exercise this right, you are further entitled to your personal data being transferred directly from one data controller to another data controller, subject to technical feasibility. This must not curtail the freedoms and rights of third parties.
The right to data portability does not apply to the processing of personal data that is required for the performance of a function in the public interest or in the exercise of public authority conferred upon the data controller.
The data controller will then cease processing your personal data, unless he can demonstrate compelling legitimate interests for the data processing that prevail over your interests, rights and freedoms, or unless the data processing serves the purpose of asserting, exercising or defending legal interests.
Where your personal data is processed for direct advertising purposes, you have the right to lodge an objection against the processing of your personal data for such advertising purposes at any time; this also applies to profiling associated with such direct advertising.
If you lodge an objection against data processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
When using services of the information society, you have the option to exercise your right to object via automated processes that use technical specifications, irrespective of the Directive 2002/58/EC.
Right to revoke data protection-related declarations of consent You have the right to revoke a previously granted declaration of consent at any time. A revocation of consent is without prejudice to the lawfulness of the data processing conducted prior to your revocation.
Automated individual decision-making You have the right not to be subjected to a decision based solely on automated processing, including profiling, which would produce legal effects concerning you or would significantly affect you in a similar way. This does not apply if the decision
These decisions may however not be made on the basis of personal data of special categories pursuant to Article 9 para. 1 GDPR, unless Article 9 para. 2 lit. a or g applies and adequate safeguards for your rights, freedoms and legitimate interests have been put in place.
In the cases referred to at (1) and (3), the data controller takes adequate measures to safeguard your rights, freedoms and legitimate interests, which at the minimum includes the right to obtain intervention of a person on the part of the data controller, the right to express your own opinion and the right to contest the decision.
The supervisory authority where the complaint was lodged will inform the complainant about the progress and results of the complaint, as well as the option to seek relief from a court of law pursuant to Article 78 GDPR.
We only send our newsletters with your express consent. You may revoke your consent to the collection and storage of your data at any time without stating reasons. Please use the unsubscribe link at the end of each newsletter sent out by us or contact us to revoke your consent. Your data will be deleted after you have unsubscribed.
Last revised: 18 March 2021 Copyright: RPG RAID ROLEPLAYING GAMES LTD ‒ All rights reserved.