Privacy Policy Terms

Last update: 01 July 2021
What is the purpose of this document?
N-Arcade is committed to protecting the privacy and security of your personal data.
This privacy policy describes how we collect and use your personal data when you use our mobile apps, online games as well as portals and websites.
It applies to all end users, including paying and non-paying users.
Contents

• Introduction
  
• Name and address of the controller
  
• Name and address of the data protection officer
  
• General information on data processing
  
• Provision of our services and creation of log files
  
• Inquiries via contact form, email, and support tool
  
• Submission of newsletters
  
• Submission of push notifications
  
• Use of cookies
  
• Transfer of personal data to third parties
  
• Use of third-party login services (“social logins”)
  
• Use of third-party analysis services
  
• Use of third-party advertising services
  
• Use of other third-party services
  
• Rights of the data subject
  
• Final provisions
  

I. Introduction
N-Arcade (“N-Arcade”, “We”) is the data controller in respect of your personal data and is committed to protecting and respecting your privacy and personal integrity when you are using the mobile apps and online games as well as portals and websites offered by us (together “Services”). This Privacy Policy will help you understand what personal data we collect about you, why it is collected and how it is used by us. It will clarify how you can exer-cise your rights when you trust us to handle your personal data for you. We ask that you take a moment to read this Privacy Policy carefully and familiarize yourself with its content. If you have any questions, you are welcome to contact us by using the contact information provided at the end of this Privacy Policy.
Please note that our Services may contain links to websites that can be held by partner com-panies. If you follow a link to any of these websites or use these third-party services, you should be aware that they have their own privacy policies and that we do not assume any liability for their processing of your personal data. Therefore, please make sure to read their privacy policies before providing your personal data to them.
We offer our Services only to players who are at least 16 years old. Hence, we do not knowingly market to or solicit personal data from persons under the age of 16.

II. Name and address of the controller
The controller in line with the General Data Protection Regulation and other national data protection laws of the member states, as well as other legal data protection provisions, is:
N-Arcade
E-Mail: [email protected]
Website: www.n-arcade.io

III. Name and address of the data protection officer
The data protection officer of the controller is:
Lawyer and bar-certified specialist in information technology law
E-Mail: contact@n-arcade.io

IV. General information on data processing
1. Scope of personal data processing
In general, we record only the personal data which you disclose when using Services as part of your login or registration and possibly during use of fee-based services. Personal data are those which contain information about personal or factual circumstances. When logging in and registering as a user on our website, you only have to provide an email address and, if applicable, a username and password. When registering for certain Services, email addresses are not collected during registration but only later during the use of the Service. The password is stored in hashed form, which never allows for an inference of the actual password.
In the context of implementing the concluded user contract, particularly in the context of fee-based Services you have chosen, the disclosure of further data, such as the full name, address, account details, credit card numbers, etc., may be required. It is sometimes also necessary to request personal information such as your name, address, email address, and telephone number for the purposes of processing your inquiries or providing you with support. N-Arcade will handle these data confidentially and in compliance with the legal data protection provisions. In principle, N-Arcade will not disclose such information to third parties without your permission, unless this is required for the implementation and execution of the contract, for processing your request or for your support or in the case of a legal permit.

2. Legal basis for personal data processing
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6(1)(a) of EU General Data Protection Regulation (GDPR) serves as the legal basis for personal data processing.
In personal data processing required for the fulfilment of a contract of which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to the processing required in order to carry out pre-contractual actions.
Insofar as personal data processing is required for the fulfilment of a legal obligation which our company is subject to, Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require personal data processing, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is required to protect the legitimate interests of our company or of a third party, and if the interests, fundamental rights, and freedoms of the data subject do not prevail over the interests mentioned first, Art. 6(1)(f) serves as the legal basis for processing.

3. Deletion of data and duration of storage
The personal data of the data subject are deleted or blocked as soon as the purpose of storage no longer exists. In addition, such storage may occur if this is provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The blocking or deletion of data also occurs when the storage period prescribed in the abovementioned regulations lapses, unless further storage of the data is required for conclusion or fulfilment of a contract.

4. Data security
N-Arcade makes reasonable efforts to prevent unauthorised access to your personal data as well as unauthorised use or falsification of these data and to minimise the corresponding risks. However, the provision of personal data, whether it be in person, over the phone or over the Internet, always involves risks and no technological system is completely free of the possibility of being manipulated or sabotaged.
N-Arcade processes the information collected from you in accordance with German and European data protection law. All employees are obliged to comply with data secrecy and data protection provisions and are instructed in this regard. Your data are transmitted in an en-crypted form using the SSL method.

V. Provision of our services and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected here:

• Internet protocol
  
• IP address
  
• URL of the referring website from which the file was requested
  
• Date and time of access
  
• Browser type and operating system
  
• the page visited by you
  
• amount of transferred data
  
• access status (file transferred, file not found etc.),
  
• duration and frequency of use
  

The data is also stored in the log files of our system.
When accessing mobile apps, the following data and information are collected:

• Internet protocol
  
• IP address
  
• date and time of access
  
• device type and operating system
  
• amount of transferred data
  
• access status (file transferred, file not found etc.),
  
• duration and frequency of use
  
• Google Play IDs and Game Center IDs can possibly be stored to log you in to several devices.
  

If an error occurs during the use of our Services and we want to rectify this, we may also col-lect other data, e.g. Player ID and username.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is provided by Art. 6(1)(f) GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the Services to the computer of the user. For this purpose, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the Services. In addition, the data is used by us in order to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context. Only a statistical evaluation of datasets takes place.
N-Arcade reserves the right to store IP addresses and log files for a maximum period of 30 days after the website is used to monitor compliance with the terms of use and rules of the game. In particular, this procedure is used to prevent any cases of abuse or to resolve them and, on a case-by-case basis, to pass on the data for this purpose to investigative authorities. Apart from that, any other analysis of data is done in anonymous form as much as possible. After the end of this period, the IP address and log files are completely deleted, unless there are mandatory statutory storage requirements or specific prosecution- and abuse investigation proceedings pending.
These purposes also constitute our legitimate and predominant interest in data processing according to Art. 6(1)(f) GDPR.

4. Storage duration
The data are deleted as soon as they are no longer necessary to fulfil the purpose of their collection. In the case when data are collected for the purpose of making the website availa-ble, this is the case when the respective session is over.
Log files which contain personal data are generally deleted after seven days at the latest. Ad-ditional storage is possible in the case of so-called error logs which allow us to fix errors. These error logs are deleted after maximum 30 days, collected IP addresses are anonymised after 30 days.

5. Possibility of objection and removal
The collection of data for the purpose of making the website available and the storage of the data in log files is essential for the operation of the website. As a consequence, there is no objection possibility on the part of the user.

VI. Inquiries via contact form, email, and support tool
1. Description and scope of data processing
a) Contact form
On our website, a contact form is available which can be used to contact us electronically. Should a user choose this option, the data entered in the input mask will be transmitted to us and stored. These data are:

• Name
  
• Email address
  
• Message
  

Additionally, at the point of sending the message, the following data are stored:

• IP address of the user
  
• Date and time of submission
  

For the processing of the data, reference is made to this privacy policy in the context of the submission process.
b) Email
Alternatively, it is possible to contact us via our provided email addresses. In this case, the personal data of the user transmitted with the email are stored.
c) Support tool
Alternatively, you can contact us via our support tool integrated into our Service. It will then store your user data and the content of the support inquiry as well as the time of the inquiry.
No data are transmitted to third parties in this context. The data are used exclusively for the processing of the conversation.

2. Legal basis
Legal basis for data processing is Art. 6(1)(f) GDPR. If the e-mail contact is aimed to conclude a contract or serves the contract execution, additional legal basis for the processing is Art. 6(1)(b) GDPR.

3. Aim of data processing
The processing of the personal data serves us only to process the contact and the support request. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration
The data are deleted as soon as they are no longer necessary to fulfil the purpose of their collection.

5. Possibility of objection and removal
At any time after contacting us, you have the option to object to personal data processing, regardless of whether this was done via a contact form, email or support tool. In such a case, the conversation cannot continue and your concern may not be conclusively handled. All per-sonal data stored in the course of contacting will be deleted in this case. This shall not apply if mandatory statutory retention requirements preclude this.

VII. Submission of newsletters
You can subscribe on our websites or in our games for a newsletter on the respective game. For this, we require your email address.
In addition, we must verify, taking into consideration the relevant legal regulations, that you are the actual owner of the provided email address and wish to receive the newsletter. For this purpose, we send you a validation email.
Our newsletters contain a pixel-size image (tracking pixels), which is retrieved by a server of the newsletter sender when the newsletter is opened. As part of this retrieval, technical information, such as information about your browser or operating system, as well as your IP address, location, and time of retrieval, is collected. This information is anonymised and evaluated independently of the individual.
Since the submission and receipt of the newsletter depend on your consent, you can revoke this consent for collection and storage of your data at any time without providing the reasons for it. For this purpose, use the unsubscribe link which can be found at the end of our newsletter.
Additionally, you have the option to opt-out of receiving newsletters in the Data Usage Window inside any of our games under “Settings”.

VIII. Submission of push notifications
1. Description and scope of data processing
If you have selected the appropriate settings on your device, N-Arcade can send push notifications to your mobile device to give you updates for games and other relevant news. You can manage push notifications on the page “Options” or “Settings” in the mobile app or in the settings of your device.

2. Legal basis for data processing
The legal basis for data processing in the presence of a contract is according to Art. 6(1)(b) GDPR.

3. Purpose of data processing
Push notifications are special notifications which are displayed directly on your mobile device. The notifications contain, for instance, the information that one of your buildings in the game has been completed. As a rule, push notifications contain short messages which focus on the essential.

4. Storage duration
The messages are stored within our push gateway for up to 21 days. The messages are also stored in anonymised form in our event tracking system for an indefinite amount of time. To our knowledge, messages may be stored by the supplier of your mobile device.

5. Possibility of objection and removal
You can switch off the push notifications as follows:
a) Android
Open Settings > Apps & notifications > Notifications > App notifications > Name of the app. On this screen you can control if and how Push Notifications are shown to you.
b) iOS
Open settings > Notifications > Name of the app. On this screen you can control if and how Push Notifications are shown to you.
c) Data Usage Window
Additionally, you have the option to opt-out of receiving push notifications sent for marketing purposes in the Data Usage Window inside any of our games under “Settings”.

IX. Use of cookies
1. Description and scope of data processing
In order to ensure that you receive the most relevant information and the best service when you visit the Website, information and data will be collected through the use of cookies. It helps us (and other authorized third parties) to provide you with a personalized experience when you visit our Website, and it also allows us to improve our Service and make sure that you will easily find what you want. We want you to understand our use of cookies. Hence, we explain the types of technologies we use, what they do and your choices regarding their use.
Cookies are small pieces of data (text files) that are sent to your browser from a web server and stored on your device so that the website can recognize your device. There are two types of cookies, permanent and temporary (or “session”) cookies. Permanent cookies are stored as a file on your computer or mobile device for a longer period of time. Session cookies are temporarily placed on your computer when you visit our Website but are erased when you shut down the page. If you do not want to accept cookies, you can adjust the settings in your web browsers security preferences, see more information on this below.
We and our service providers may use the following categories of cookies:
a) Essential Cookies
These cookies are strictly necessary for us to provide our Services. For example, we may use these cookies to authenticate and identify our members when they use our Site so we can provide our Services. Without these cookies we would not be able to recognise you and you would not be able to access our Services. They also help us to enforce our Terms and Conditions and maintain the security of our Services.
b) Performance and Functionality Cookies
These cookies are not strictly necessary but allow us to personalize your online experience of our Site. For example, they allow us to remember your preferences and mean that you do not need to re-enter information you have already provided e.g. when signing-up to our Ser-vices. We also use these cookies to collect information (e.g. popular pages, viewing patterns, click-throughs) about our visitors' usage of our Services so that we can improve our Site and Services and conduct market research. If you choose to delete these cookies you will have limited functionality of our Services.
c) Advertising Cookies
These cookies use information about your usage of our Site and other websites, e.g. the pages you visit or your response to ads, to deliver ads that are more tailored to you, both on and off our Site. These types of ads are called “Interest-Based Advertising.” Many of these types of cookies belong to our service providers. For third party advertisers, see more below.

2. Legal basis for the data processing
The legal basis for personal data processing with the use of cookies is Art. 6(1)(f) GDPR.

3. Purpose of data processing
We use the information from cookies to make our Website user-friendly and to enable us to provide you with personalized recommendations. We may also use several authorized third parties who put cookies on our Website to deliver services that they provide (third party cookies).
We may use session cookies to allow you to move between pages on our Website without having to re-enter information.
Permanent cookies are used in several ways, including:

• To allow you to move between pages on our Services without having to re-enter information.
  
• To help us recognize you when you return to our Website to use our Services.
  
• To allow you access to stored information.
  
• To allow us to recommend other games that suit your preferences.
  
• To ensure that you do not get asked to fill in survey forms repeatedly.
  

We (and our authorized third parties) may use non-personal information from both permanent cookies and session cookies for statistical purposes as follows:

• To determine which are the most popular parts of our Services.
  
• To monitor the use of our Services and our Website (frequency and time).
  
• To provide anonymous information to third parties so that more appropriate advertising can be directed at you.
  
• To track product success.
  
• To determine how frequently you and other users visit our Services and your interaction in our games.
  

We set and read our own cookies to provide the following functions (first-party cookies):
a) Remember Me Cookie
To provide you with ‘remember me’ functionality: We allow users to log into the game via this cookie. This can be disabled by deselecting “Remember Me” on manual login. If you select the "Remember Me" function, a permanent cookie will be installed in the device you are using, so that you do not need to log in again when browsing the Services. If you log out of a Service, the cookie will be deleted again.
b) Language Version Cookie
To ensure the right language version of the game is shown to you.
c) Portal Cookie
To allow us to optimize our landing pages and improve our marketing: we store details of the landing page you visited as well as an identifier in a cookie.
d) 3rd Party Snippet Cookie
We set a cookie to record your decision about 3rd party tracking snippets and cookies.
We also use several third-party cookies as part of our Services. These cookies are governed by the respective sites and are not controlled by us. You can switch off the installation of some of these cookies in your general browser settings, for others you will need to go to the respective websites and follow the instructions provided.
For instance, it is checked which language version you use to access our Services. If you became aware of our Services through one of our partners, we store the information on who the partner is.
Third party advertisers: We may use advertisers, third party ad networks, and other advertising companies to serve advertisements on our Services. Please be advised that such advertising companies may gather information about your visit to our Services or other sites to enable such advertising companies to market products or services to you, to monitor which ads have been served to your browser and which webpages you were viewing when such ads were delivered. Please note that the collection and use of information by third party advertisers is not covered by this privacy policy.
In the abovementioned purposes, our legitimate interest also consists in personal data processing according to Art. 6(1)(f) GDPR.

4. Storage duration
The data are deleted as soon as they are no longer necessary to fulfil the purpose of their collection.

5. Possibility of objection and removal
If you do not want these cookies to be stored on your computer or wish to be informed of their storage, you can prevent the installation of cookies by a corresponding adjustment to your browser software by selecting the option "do not accept cookies" in your browser settings or declining the use of third party tracking on the first visit to the website. Your browser manufacturer's instructions will give you more details on how this works or see https://www.aboutcookies.org. You can also opt-out of receiving third-party cookies in general at http://www.youronlinechoices.com. However, we would like to point out that by preventing cookies, you may find that you cannot use all the website's functions to the full extent.
a) Android
Open the settings in your app list and tap on the “Ad” button. Once you have opened the ad window, you can disable the Google Advertising ID.
b) iOS
Open the settings on your mobile end device (e.g. iPhone or iPad) and select the menu option “Data protection”. Under the option “Advertising”, you can switch off the ad tracking.
c) Data Usage Window
Additionally, you have the option to opt-out of using third-party tracking in the Data Usage Window inside any of our games under “Settings”.

X. Transfer of personal data to third parties
N-Arcade will only transfer your personal and/or billing-related data to third parties, in the sense of companies cooperating with N-Arcade or external service providers, insofar as this is required for the fulfilment of the contract, for payment processing as well as for the pro-tection of other users and is legally permitted or prescribed.
This applies in particular to the processing of payments made via external service providers chosen by you (e.g. banks, credit card companies, payment service providers such as Al-lopass, Amazon, Apple, Boacompra, Facebook, Google, Boku Payments, DaoPay, HiPay, Mobiyo, PayPal, Samsung, Sofortüberweisung, Worldpay). Your legally protected interests will be considered in accordance with the statutory provisions. The external service providers are required to treat your data confidentially and securely and may only use your data to the extent necessary to fulfil their task.
In the event of payment delay, we may commission a debt collection agency or a lawyer to collect the outstanding debt. For this purpose, the necessary data will be passed on and used in compliance with all data protection guidelines.
In addition, your personal information will be shared if it is necessary to protect other users or to counter threats to state or public security or to prosecute criminal offences and if is permitted by statutory data protection provisions. Your protectable interests will be considered in accordance with the statutory provisions. Please note that N-Arcade may be obliged to disclose data due to statutory provisions or, for instance, a judicial order (e.g. disclosure to investigative authorities). Disclosure always occurs only insofar as it is necessary and legally permitted or prescribed.

XI. Use of third-party login services (“social logins”)
1. Login via Facebook Connect
We offer you the possibility to log in to our services via Facebook Connect. This is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or, if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). If you use it, additional registration is not necessary. To log in, you are redirected to the Facebook website where you can log in with your user data. This links your Facebook profile and our service. Through the link, we automatically receive information from Facebook. The following information is transferred to us: Email address
This information is mandatory for the conclusion of the contract in order to identify you. Further information on Facebook and privacy settings can be found in the data protection guidelines at: https://www.facebook.com/about/privacy/update.

2. Login via Google Sign-In
We offer you the possibility to log in to our services via your Google account. This is a service of Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”)). If you use it, additional registration is not necessary. To log in, you are redirected to the Google website where you can log in with your user data. This links your Google profile and our service. Through the link, we automatically receive information from Google. The following information is transferred to us: Email address
This information is mandatory for the conclusion of the contract in order to identify you. Further information on Google and privacy settings can be found in the data protection guidelines at: https://policies.google.com/privacy.

XII. Use of third-party analysis services
1. Adjust
a) Description and scope of data processing
We might use mobile tracking technologies. With the help of several services we collect statistical data about the use of our services to continually improve them. When you use our apps, your device sends us information that we collect and analyse. The following data is collected: IP address that is immediately anonymised, MAC address, anonymised Device ID (IDentifier For Advertisers - IDFA or Google Advertiser ID - GAID), browser type, language, Internet service provider, network status, time zone, access and exit page URL, time and date of access, clickstream data and other statistical information about the use of our services. There are no direct personal identifiers. The data collected in this way is used to create anonymous user profiles. The data collected with the tracking technology will not be used to personally identify the visitor of these websites without the express consent of the person concerned. For more information, please refer to the Adjust data protection policy at: https://www.adjust.com/terms/privacy-policy.
b) Legal basis for the data processing
The legal basis for this processing is Art. 6(1)(f) GDPR. We have entered into a data processing agreement with Adjust.
c) Purpose of the data processing
The purpose is to improve your user experience with our services and to make our offer more attractive to you. In addition, the data collected is used to analyse the performance of marketing campaigns and generate performance reports.
d) Storage duration
The data will be retained by us for the duration of use of the service and by Adjust for 28 days.
e) Objection and deletion
Data collection and storage can be halted at any time with future effect by configuring your mobile device as described above at IX.5.

2. Google Analytics
a) Description and scope of the data processing
This website uses the “Google Analytics” service, which is provided by Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland) for analysis of website usage by users. The service uses “cookies” - text files which are stored on your device. The information collected by the cookies is usually sent to a Google server and stored there.
IP anonymisation is used on this website. The IP address of users within the member states of the EU and the European Economic Area will be abbreviated. This abbreviation eliminates the personal reference to your IP address. Under the data processing agreement, which we have established with Google, Google uses the information collected to analyse website usage and activity and to provide services related to internet usage.
b) Legal basis for the data processing
The legal basis for this processing is Art. 6(1)(f) GDPR. We have entered into a data processing agreement with Google.
c) Purpose of data processing
On our behalf, Google uses this information to analyse your website usage, to compile reports on website activity and to provide other services relating to website and internet usage. The IP address transmitted by your browser through Google Analytics is not amalgamated with other Google data.
d) Storage duration
The data will be retained by Google for 26 months; due to the abbreviation of the IP addresses, no personal data will be stored.
e) Objection and deletion
You have the option of preventing the storage of cookies on your device by configuring your browser accordingly. There is no guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google. The following link takes you to the required plug-in: https://tools.google.com/dlpage/gaoptout.
More information on how Google uses your data, can be found here: https://support.google.com/analytics/answer/6004245.

3. Hotjar
a) Description and scope of data processing
We use the services of Hotjar Ltd, Malta. This is an analysis tool that helps us to track how you use our website, such as how you navigate through our site. Among other things, Hotjar uses “cookies” (small text files that are stored on your display device) to perform the analysis. More information about Hotjar's cookies can be found here: https://www.hotjar.com/cookies. We have also embedded the Hotjar tracking code on our website, which is used for the collection of (i) device-specific data (i.e. collection and storage of the IP address in anonymised form, size of the device screen, device type and browser information, country as geographical location and preferred language when displaying a website) and (ii) log data (i.e. referring domain, visited page(s), country as geographical location and preferred language when displaying a website, date and time of website access). Hotjar also uses third-party services such as Google Analytics and Optimizely. More information about Hotjar's data protection services can be found here: https://www.hotjar.com/privacy.
b) Legal basis for the data processing
The legal basis for this processing is Art. 6(1)(f) GDPR. We have entered into a data processing agreement with Hotjar.
c) Purpose of the data processing
The purpose is to improve your user experience with our website and to make our offer more attractive to you. If you do not wish to allow cookies, you can disable them (see above). If you register with us, your data will not be linked to your personal data.
d) Storage duration
The data will be retained for 365 days by Hotjar ( https://help.hotjar.com/hc/en-us/articles/115011640427-Data-Retention).
e) Objection and deletion
You can opt-out of the future collection and storage of your data by Hotjar here: https://www.hotjar.com/opt-out.

XIII. Use of third-party advertising services
1. General information
The website may occasionally contain advertisements from third parties and interactive links to third-party websites for which we are not responsible. In particular, we have no influence whatsoever on the content and design of the external sites linked to the websites to which you may be directed via these sites. The respective providers are exclusively responsible for the content and design of these websites as well as compliance with data protection regulations. Advertisers occasionally use technologies that send advertisements that appear on our websites directly to your browser, automatically transmitting your IP address. The advertisers concerned sometimes also use cookies and other technical means to measure the efficiency of their advertising or to optimise their content. This applies in particular, but not exclusively, to the classification of websites to certain interest categories within the scope of your Internet use. No connection will be established between this information and your name, address, telephone number or email address. We have no influence on that. The handling of data by these third parties is therefore not covered by this data protection declaration. Therefore, please contact the respective provider directly for information on their data protection regulations. You can disable the use of cookies in your browser settings (see above).
We forward your anonymised Device ID (IDentifier For Advertisers - IDFA or Google Advertiser ID - GAID) to some of our marketing partners within and outside of Europe (e.g. in the USA), in order to generate advertising for certain user groups with the help of our partners or to exclude users from certain advertising efforts. You can revoke data collection, storage, and transfer by applying your mobile device settings as described above.

2. AppNexus
N-Arcade uses the advertising display services of the external vendor AppNexus Inc., 28 West 23rd Street, 4th Floor, New York, NY 10010, USA, https://www.appnexus.com („AppNexus“). For this purpose, we have implemented the AppNexus tracking pixel (i.e. a code snippet) on our website. The tracking pixel allows players' actions to be tracked on our website. No personal reference is established. Only statistical information is collected and transmitted to Ap-pNexus. This is intended to optimise advertising campaigns and to broadcast advertisements of interest to Internet users. Should wish otherwise, you can disable the AppNexus tracking by tapping the opt-out button at https://www.appnexus.com/en/company/platform-privacy-policy#choices. For more information on data protection at AppNexus, please visit: https://www.appnexus.com/en/company/platform-privacy-policy.

3. Facebook Pixel
On grounds of our legitimate interests in and for these purposes of analysis, optimisation and economic operation of our Services, our services use the so-called “Facebook pixel” by the Facebook social network, operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
The Facebook pixel is a code snippet placed on our website.
Facebook Pixel allows Facebook to identify the visitors of our online content as a target group for displaying advertisement (known as “Facebook ads”). Accordingly, we use Facebook Pixel to display our posted Facebook ads only to Facebook users who have shown an interest in our services or who share certain factors (such as interests in certain topics or products determined on the basis of visited web pages), which we transmit to Facebook (which is known as Custom Audiences). Facebook Pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes, by showing whether users have been redirected to our services after clicking on a Facebook ad (known as conversion, and allowing to determine on which devices a user is performing an action), in order to create so-called lookalike audiences or statistical twins (i.e. to broadcast ads to target groups that are similar to existing customers) and to obtain comprehensive statistics about the use of the website. Facebook Pixel establishes a direct connection to the Facebook servers when you visit our website. This way, the Facebook server is notified that you have visited our website and Facebook assigns this information to your personal Facebook user account.
Facebook is certified under the Privacy Shield Agreement and therefore offers a guarantee of compliance with European data protection laws: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
For further information about the collection and use of data by Facebook and your privacy protection rights and options, please see the Facebook data protection policy at https://www.facebook.com/about/privacy/update. For specific information and details about Facebook Pixel and how it works, please visit the Facebook help section at https://www.facebook.com/business/help/651294705016616. You can disable this function as shown at https://de-de.facebook.com/business/help/1415256572060999?helpref=uf_permalink or at https://www.facebook.com/settings?tab=ads. You must be logged into Facebook to do this.

4. Google DoubleClick
DoubleClick is a service of Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”)). DoubleClick uses cookies to display advertisements relevant to you. Your browser is assigned an pseudonymised identification number (ID) to check which ads have been displayed in your browser and which ads have been interacted with. These cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to display ads based on previous visits to our site or other websites on the Internet. The information generated by cookies is transmitted by Google to a server and stored for analysis. You can reject the use of cookies by selecting the appropriate settings on your browser. However, please note that this may limit the full functionality of our website for you. You can also prevent Google from collecting and processing cookie-generated data about your use of the website by disabling the use of cookies in your browser settings (see above). You can also opt out of the collection and categorisation of interest-based information by disabling it on the DoubleClick cookie settings page at: https://support.google.com/ads/answer/7395996

5. TV Squared
In order to measure the effectiveness and the effect of TV commercial campaigns on user behaviour, we use TV tracker technology. This is a service of TV Squared Ltd., Codebase, Argyle House, 3 Lady Lawson Street, Edinburgh, EH3 9DR, United Kingdom. On our behalf TV Squared surveys the dates and times of user sessions, referring websites, user interactions on our websites and information about browser and operating system. For this purpose, a cookie assigns each user a random user ID. All data is processed by TV Squared in the EU. The privacy policy of TV Squared applies: https://tvsquared.com/privacy-policy. You can object to the future collection of personal data by TV Squared at:

• Overall: https://collector.tvsquared.com/optout.php
  
• Only Elvenar (US): http://collector-4683.tvsquared.com/optout.php
  
• Only Forge of Empires (US): http://collector-4686.tvsquared.com/optout.phpp
  

XIV. Use of other third-party services
1. Episerver Campaign (formerly optivo Broadmail)
Our newsletters are sent via Episerver Campaign (formerly optivo broadmail), an email marketing platform provided by Episerver GmbH, Wallstraße 16, 10179 Berlin.
The e-mail addresses of our newsletter recipients and other data described in this notice are temporarily stored for this purpose on Episerver servers in data centres within Germany and are subject to the German Data Protection Act. Episerver uses this information to send and assess newsletters on our behalf. Episerver may also use this information to improve its own services, such as technically optimising newsletter dispatch and presentation. However, Episerver does not use the data of our newsletter recipients to write to them, and never forwards the information to third parties if not legally required. The security scheme of Episerver Campaign for the Omni channel and the email marketing cloud is ISO 27001 certified. For further information, please visit: https://www.episerver.de/produkte/plattform/episerver-campaign/sicherheit.
Our newsletters contain a pixel-sized image (pixel code) that is retrieved by an Episerver server when the newsletter is opened. Technical information is collected as part of this retrieval, such as information about your browser or operating system, as well as your IP ad-dress, and the place and time of retrieval. This information is anonymised and assessed without personal information.

2. Google Maps
Our websites use maps from Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). When you access one of our pages featuring a relevant map, map content is retrieved from Google's servers. If you are signed in with your Google account, Google can merge your browsing behaviour with other information. The use of Google Maps is in the interest of an easy-to-understand representation of our Services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Google's data protection policy applies: https://policies.google.com/privacy?hl=de&gl=de.

3. LinkedIn
Our websites use buttons from LinkedIn Corp., 2029 Stierlin Court, Mountain View, CA 94043, USA. The contents of LinkedIn servers are retrieved when you access one of our pages with a relevant button. If you are logged into your LinkedIn account, LinkedIn can merge your browsing behaviour with other information. The use of LinkedIn buttons is in the interest of exchanging information about our Services and improving them. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. LinkedIn's data protection policy applies: https://www.linkedin.com/legal/privacy-policy.

4. Litmus
Litmus is a service provided by Litmus Software, Inc. (675 Massachusetts Ave., 10th Floor, Cambridge, MA 02139, USA) for analysing emails. The newsletters contain a pixel-sized image (pixel code) that is retrieved by a Litmus server when the newsletter is opened. Technical information is collected as part of this retrieval, such as information about your browser or operating system, as well as your IP address, and the place and time of retrieval. This information is anonymised and assessed without personal information.

5. Mailgun
Mailgun is a service provided by Mailgun, Inc. (620 Folsom St, Ste 100, San Francisco, CA 94107, USA) for sending our e-mails. This service may also collect information about the date and time when messages were read by the user and when the user interacts with incoming messages (such as by clicking on links contained in them). The company is a party to the Safe Harbour Agreement with the EU and is committed to upholding European data protection standards: https://www.mailgun.com/privacy.

6. Pinterest
Our websites use buttons from Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA. The contents of Pinterest servers are retrieved when you access one of our pages with a relevant button. If you are logged into your Pinterest account, Pinterest can merge your browsing behaviour with other information. The Pinterest data protection policy applies: http://pinterest.com/about/privacy/.

7. Twitter
Our websites use buttons from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. The contents of Twitter servers are retrieved when you access one of our pages with a relevant button. If you are logged into your Twitter account, Twitter can merge your browsing behaviour with other information. The use of Twitter buttons is in the interest of exchanging information about our Services and improving them. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The Twitter data protection policy applies: https://twitter.com/de/privacy.

8. YouTube
Our websites use videos from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). In doing so, we use the “Enhanced Data Protection Mode” option made available by YouTube. By loading one of our sites via a YouTube video, contents from YouTube will be loaded. If you are logged on to your YouTube account, YouTube shall have the possibility to amalgamate your navigation behaviour with other data. The use of YouTube videos serves the purpose of offering an easy-to-understand representation of our Services. YouTube’s privacy policies apply: https://www.google.de/intl/de/policies/privacy/.

9. Xing
Our websites use buttons by Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. By loading one of our sites via said buttons, contents from Xing will be loaded. To the best of our knowledge, no personal information is collected, and your navigation behaviour shall not be analysed. The data protection provisions for Xing’s buttons shall apply: https://www.xing.com/app/share?op=data_protection.

XV. Rights of the data subject
If your personal data are processed, you are a data subject as defined by the GDPR, and you have the following rights before the controller:

1. Right to information
You can request the controller to provide you with a confirmation of whether personal data concerning you are being processed by us.
If such processing should exist, you can demand that the controller provide you with the following information:

1. the purposes toward which your personal data are being processed;
   
2. The categories of personal data which are being processed;
   
3. The recipients and/or the categories of recipients to whom the affected personal data has been- or continues to be disclosed;
   
4. The planned storage duration of your personal data or, if specific information cannot be provided, criteria for determining the storage duration;
   
5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
   
6. the right to lodge a complaint with a supervisory authority;
   
7. where the personal data are not collected from the data subject, any available infor-mation as to their source;
   
8. the existence of automated decision-making, including profiling, referred to in Arti-cle 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such pro-cessing for the data subject.
   

You shall be entitled to demand information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this regard, you can demand to be briefed on the applicable guarantees pursuant to Art. 46 GDPR associated to said transfer.
We shall respond to inquiries within a month upon receipt of the request.

2. Right to rectification
You also have the right to rectification and/or completion before the controller, provided that the processed personal data concerning you are incorrect or incomplete. The controller shall have the obligation to implement the rectification immediately.

3. Right to restriction of processing
Under the following circumstances, you may claim the restriction of the processing of the personal data concerning you:

1. if the accuracy of the personal data is contested by the data subject, for a period ena-bling the controller to verify the accuracy of the personal data;
   
2. if the processing is unlawful and you oppose the erasure of the personal data, request-ing that their use be restricted instead;
   
3. if the controller no longer needs the personal data for the purposes of its processing, but you require it for the assertion, exercise, or defence of legal claims; or
   
4. if you have filed an objection to the processing pursuant to Art. 21(1) GDPR, and it has not been yet determined whether the controller’s stated grounds outweigh yours.
   

If processing has been restricted, such personal data shall, with the exception of storage, only be processed either with your consent; for the purposes of asserting, exercising, or defending legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest of the Union or of a Member State.
If the processing restriction was imposed under any of the above circumstances, you will be briefed by the controller before the restriction is lifted.

4. Right to erasure
You shall have the possibility to erase your account yourself at: https://n-arcade.io/ and submitting a request through our contact form. We will then erase all your personal data, provided that we are not legally mandated to storing them. After one year of inactivity, we will also erase your account with us.
a) Obligation to erase
You have the right to claim that the controller erase all personal data concerning you without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   
2. you have revoked your consent on the basis of which the data collection was ground-ed, Pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and no other legal grounds exist for their processing.
   
3. you file an objection to the processing, pursuant to Art. 21(1) GDPR, and there are no outweighing grounds for the processing, or you file an objection to the processing pur-suant to Art. 21(2) GDPR.
   
4. the personal data concerning you have been unlawfully processed;
   
5. the personal data concerning you have to be erased to comply with a legal obligation which requires processing under the laws of the European Union or the Member States, to which the processor is subject;
   
6. the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
   

b) Information for third parties
If the controller has made public the personal data concerning you and is obliged, pursuant to Art. 17(1) GDPR, to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as data subject, have requested the erasure by said controllers of any links to, or copy or replication of, this personal data.
c) Exceptions
The right to erasure shall not apply whenever the processing is required for the purposes of:

1. exercising the right of freedom of expression and information;
   
2. complying with a legal obligation which requires processing under the laws of the European Union or the Member States, to which the processor is subject, or performing a task in the public interest or in exercise of public authority vested in the processor;
   
3. reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR;
   
4. archival, scientific, or historiographical research purposes serving the public interest pursuant to Art. 89(1) GDPR, provided that the deletion right described in paragraph (a) does not render impossible or impede the realisation of the objectives of the processing;
   
5. for the establishment, exercise or defence of legal claims.
   

5. Right to briefing
If you assert the right to rectification, erasure, or restriction of processing before the controller, the latter has the obligation to notify all recipients to whom the personal data concerning you were disclosed of this data rectification, erasure, or the restriction of its processing, unless this should prove impossible or associated with a disproportionate cost.
You have the right to be informed of these recipients by the controller.

6. Right to data portability
You have the right to receive the personal data concerning you which you have provided to the controller in a structured, accessible, and machine-readable format. Furthermore, you have the right to transfer this data to another controller without restriction from the controller to whom the personal data had been provided, provided that

1. the processing is grounded on consent pursuant to Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR, and
   
2. the processing is carried out by automated means.
   

In exercising this right, you have the further right to request that the personal data concerning you be directly transferred by one controller to another, provided that this is technically feasible. The liberties and rights of other persons may not be compromised by these actions.
The right of data portability shall not apply to processing personal data which is required for the performance of a task carried out in the public interest or in exercise of public authority vested in the controller

7. Right to object
You have the right to object to personal data processing concerning you on grounds relating to your particular situation, at any time, on the basis of Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the assertion, exercise or defence of legal claims.
If personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for said marketing purposes, including profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by using automated means which use technical specifications.

8. Right of withdrawal of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of data processing based on consent effective prior to its withdrawal.

9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you in a significant manner. The above shall not apply if the decision

1. is required for entering into, or performance of, a contract between yourself and a data controller,
   
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
   
3. is made with your express consent.
   

Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9, Para. 1 GDPR, unless Article 9, Para. 2, lit. (a) or (g) applies and suitable measures are in place to safeguard your rights and freedoms and legitimate interests.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, entailing, at a minimum, the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if you consider that personal data processing relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

XVI. Final provisions
N-Arcade may alter these data protection provisions at any time. N-Arcade shall notify any such changes through appropriate channels.
© Copyright N-Arcade 2018. All rights reserved.