Privacy Policy

1. General Information

The protection of your personal data is a top priority for ShoulderByte GmbH (hereinafter referred to as “us” or “we” for convenience). For this reason, it is particularly important for us that you know exactly what happens to your personal data when you play one of our games, visit our website or contact us and what rights you have under the General Data Protection Regulation (hereinafter “GDPR”).

Despite the fact that we do our best to protect your data and treat it in accordance with the statutory data protection regulations and this data protection declaration, we must point out that data transmission over the Internet (e.g. when communicating by e-mail) can always have security gaps. A complete protection of data against access by third parties is not possible on the Internet.

2. What information does this Privacy Policy contain?

In this privacy policy you will find information about the following aspects concerning the processing of your personal data:

What personal data we collect when you play our games, visit our website or contact us by e-mail, phone or contact form.
On the basis of which laws or which ordinances or regulations we collect and process this data.
Why we collect this data.
What exactly happens with your data.
The duration of the storage of your personal data
What rights you have in relation to your personal data.

3. Information about the responsible party

The responsible party in the sense of Art. 4 No. 7 GDPR for the collection, processing and use of your personal data is:

ShoulderByte GmbH
Pestalozzistraße 25
22305 Hamburg
E-Mail: info@shoulderbyte.com

Should you have any questions or suggestions regarding our data protection policy, you are welcome to contact us at any time.

4. Data processing by using our games

4.1 Data processing by third-party services

In order to improve the functionality of our games and the statistical processing and data collection within our games, we make use of the services of some third-party providers. Below is a description of these services so that you know which third party providers we work with and what data they use.

4.1.1 Google Play Games Services

Some of our games for Android use the Google Play Game Services as part of the Google Play service to provide game elements such as leaderboards or achievements.

In accordance with the Google Play Terms of Use (as of 22. January 2019), the Google Play service is provided to you by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you have your habitual residence in the European Economic Area or Switzerland. If you have your habitual residence in another country, the Google Play service is provided instead by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Google LLC has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement that aims to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission determined the adequacy of the guaranteed level of data protection under the EU-U.S. Privacy Shield Agreement in its decision of July 12, 2016 (Ref. C(2016) 4176).

You can access the decision of the EU Commission here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

The legal basis for the use of Google Play Games Services is Art. 6 para. 1. sentence 1 lit. f of the GDPR (legitimate interests). Our legitimate interest results from the improvement of our games by using Google Play Games Services. A Google Account is required to use these services. When starting the respective games, the player can decide by consent whether he/she wishes to use the Google Play Games Services. If the player agrees to use the services, the player will decide what data will be stored in their Google Account and how that data may be used.

See also:

https://play.google.com/intl/de_de/about/play-terms.html, https://developers.google.com/games/services/terms and https://policies.google.com/privacy

4.1.2 Unity Analytics

Our games use the service “Unity Analytics” from the company Unity Technologies (30 3rd Street, San Francisco, CA 94103, United States). The following data is processed by this service:

IP address
Device ID/ device designation, information about the hardware
Operating system, version
Device language
Mobile data network
Starting and ending of app use
Duration of app usage
Country in which the game is used
Approximate location calculated from the IP address (e.g. the city you are in)
Unique advertising identifiers for iOS and Android devices (e.g. IDFA or Android Ad ID)
Event-based data on the use of the respective game (e.g. completed levels, scores achieved, amount of in-game currency, power-ups purchased)
Only with your consent for scientific purposes: Age, sex (see: „4.2 Data processing for scientific purposes“)

As the operator of the games, however, we have no access to individual IP addresses or device numbers collected by Unity Analytics. We use the data collected by Unity Analytics to analyze how our games are used. The legal basis for the use of Unity Analytics is Art. 6 para. 1. p. 1 lit. f GDPR (legitimate interests). Our legitimate interest results from the improvement of our games in line with demand by investigating the players’ usage preferences.

To ensure an adequate level of data protection when transferring your data to a third country, we have concluded standard data protection clauses with Unity Technologies Inc. which have been adopted by the European Commission for this purpose. You can view the agreement at https://unity3d.com/legal/Controller_DPA_Monetization_Advertising or receive a copy from us on request. Please use the above mentioned contact details.

If you do not want your data to be used within the framework of Unity Analytics, you can object at any time with effect for the future as follows: First open the options menu within the respective game, then tap on the “Privacy Options” button. In the next window you have the possibility to delete your data by tapping on the “OPT-OUT AND DELETE DATA” button and to object to the future use of Unity Analytics. This process has to be done separately for each game we provide and after each new installation of a game.

Further information on data processing and data collection by Unity Technologies can be found at: https://unity3d.com/de/legal/privacy-policy and https://unity3d.com/de/legal/gdpr.

4.1.3 Unity Ads

We use the advertising network “Unity Ads” of the company Unity Technologies (30 3rd Street, San Francisco, CA 94103, USA) to display advertisements within our free games. For the purpose of personalized advertising, Unity Ads collects the following data and shares it with the advertisers, if applicable:

IP address
Device ID/ Device name
Data collected through „Unity Analytics“ can be used to provide personalized advertising

The legal basis for the use of this advertising network and the associated transfer of data is derived from Art. 6 (1)(f) of the GDPR (legitimate interest). Our legitimate interest lies in the refinancing of our expenses caused by the development and operation of our games through the advertising revenue.

If you receive a personalized advertisement by means of Unity Ads, Unity Technologies will inform you of this and offer you the opportunity to object to the display of personalized advertisements.

In addition, you can object to personalized advertising by adjusting the settings of your device: If you are using an Android device with Google Play Services, you must first open the “Settings” section. Then tap on “Google settings” and then on “Advertising”. Finally, activate the tab “Deactivate personalised advertising” and confirm your decision by tapping “OK”.

Further information on data processing and data collection by Unity Technologies can be found at: https://unity3d.com/de/legal/privacy-policy and https://unity3d.com/de/legal/gdpr.

4.1.4 AdMob

We use the advertising network “AdMob” of the Google Corporation (Google Corporation, 1600 Amphitheatre Parkway in Mountain View, California, USA) to display advertisements within our free games. For the purpose of personalized advertising, AdMob collects the following data and shares it with the advertisers, if applicable:

Online identifiers, including cookie identifiers
IP addresses and device identifiers as well as client identifier

You can object to personalized advertising by adjusting the settings of your device: If you are using an Android device with Google Play Services, you must first open the “Settings” section. Then tap on “Google settings” and then on “Advertising”. Finally, activate the tab “Deactivate personalised advertising” and confirm your decision by tapping “OK”.

Further information on data processing and data collection by the Google Corporation can be found at: https://policies.google.com/privacy?hl=en

4.1.5 AppLovin

We use the advertising network “AppLovin” of the AppLovin Corporation (AppLovin Corporation, 849 High Street, Palo Alto, CA 94301, USA) to display advertisements within our free games. For the purpose of personalized advertising, AppLovin collects the following data and shares it with the advertisers, if applicable:

Device make, model and operating system; Device properties related to screen size & orientation, audio volume and battery, device memory usage
Carrier; Operating system; Country, time zone and locale settings (country and preferred language);
Network connection type and speed;IP Address; Internet browser user-agent used to access the Services; and Identifier for advertisers (IDFA).

Further information on data processing and data collection by AppLovin can be found at: https://www.applovin.com/privacy/

4.1.6 Facebook Ads

We use the advertising network “Facebook Ads” of Facebook Inc. (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA) to display advertisements within our free games. For the purpose of personalized advertising, Facebook collects the following data and shares it with the advertisers, if applicable:

Device attributes (operating system, hardware, software versions, etc.), processes on the device, identifiers (unique identifiers, device IDs, and other identifiers) device signal (Bluetooth, WLAN, etc.), device settings data (GPS, camera, photos), network and connections (mobile radio or Internet provider, language, time zone, IP address, etc.), cookie data.

Further information on data processing and data collection by Facebook can be found at: https://www.facebook.com/about/privacy/update

4.2 Data processing for scientific purposes

In some of our games you have the opportunity to make your data available for scientific purposes and thus make an important contribution to current research. It is of utmost importance for us that you can play these games even if you do not want your data to be used for scientific purposes. The decision that your data will be used to support science is always voluntary in our games.

If you provide consent to the use of your data for research purposes, we will ask you for additional information. Since we want to show that video games can make a contribution to science even with very little data, we only ask for your age and gender. The reason for this is that human behaviour can vary greatly depending on age and gender and is therefore of particular scientific interest, especially in the field of social science research. Your age and gender are recorded using Unity Analytics and are transmitted to Unity Technologies.

We anonymize your data before we transfer it to one of our external research partners (e.g. Ludwig-Maximilians-University Munich). Our research partners can thus no longer assign the data received to a specific person. The transmitted data is provided to the research partners for research purposes only and is limited to the following information:

Age, Gender
The country where you have installed the game
Approximate location calculated from the IP address (e.g. the city you are in)
Information about how and when you use the game (e.g. levels completed, scores achieved, amount of in-game currency, power-ups purchased)

If you agree to the processing of your data for scientific purposes, you accept that they may be published in anonymous form. This publication is important because it gives other scientists the opportunity to review research results and thus ensure that the scientists involved have worked methodically accurate.

If you no longer wish your data to be used for research purposes, you can revoke your consent at any time with effect for the future by clicking on the button in the options menu of the respective game. To do so, you must open the options menu of the respective game, remove the check mark for consent to the processing of your data for scientific purposes and then click on the “Save” button.

The processing of your data for scientific purposes takes place on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with your consent.

The data collected for scientific purposes are stored by us for up to two years.

5. Data processing by using our website.

5.1 Collection of general information when visiting our website

When you access our website, i.e. when you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes:

The version and type of your browser
The operating system used
The referrer URL
The host name of the accessing computer
The time and date of the server request
The IP address

These data are processed in particular for the following purposes:

To ensure that the website can be accessed without problems,
Ensuring a smooth use of our website,
Evaluation of system security and stability and
for other administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, in order to optimize our Internet presence and the technology behind it.

We use the IP address only for the duration of your visit and save the data for logging purposes only in anonymised form by shortening the IP address so that it can no longer be assigned.

Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. To ensure this, the server log files must be recorded.

5.2 Inquiries by e-mail, telephone or contact form

If you contact us by e-mail, telephone or contact form, your name, your request and a communicated communication channel (e.g. your e-mail address) will be stored and processed for the purpose of communication with you. This data helps us to classify your request and to answer your inquiry. The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, a contact option (e.g. your e-mail address) and the reason for the inquiry.

The processing of the data provided by you is carried out on the legal basis of art. 6 para. 1 sentence 1 letter f GDPR (legitimate interests) and in our interest, in order to be able to answer your request. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions. If you contact us to request an offer, the data you provide will be processed for the purpose of implementing pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

The data that you send us by telephone, e-mail or contact form will be stored until your request has been processed, you revoke your consent for data storage or you request us to delete the data. Legal retention periods (e.g. according to HGB) are not affected by this. If we are legally obliged to store the data, the data will be deleted after the expiry of these periods.

5.3 Plugins and Tools

5.3.1 Google Fonts

In order to present our content in a consistent, correct and graphically appealing manner, we use the “Google Fonts” service on this website.

In accordance with the Google Terms of Use (as of 31. March 2020), the Google Fonts service is provided to you by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you are a resident of the European Economic Area or Switzerland. If you are habitually resident in another country, the Google Fonts service is provided instead by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

When you visit our website, your browser loads the required web fonts into the browser cache to display text and fonts correctly. To do this, the browser you are using must connect to Google’s servers. Therefore, when you visit our website, the Google company responsible for your location (Google LLC or Google Ireland Limited) receives the information that you have called up the corresponding page on our website. In addition, the data mentioned in section 5.1 of this declaration is transmitted.

You can view the decision of the EU Commission here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

The use of Google Fonts is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests) and in our interest of a uniform and attractive presentation of our website. If your browser does not support Web Fonts, a standard font from your computer will be used.

You can find more information about Google Fonts under https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

5.3.2 Embedded YouTube-Videos

We embed YouTube videos on some of our websites.

In accordance with the YouTube Terms of Use (as of 22. July 2019), the YouTube service is provided within the European Economic Area and Switzerland by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). In other countries, the YouTube service is provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”). Google Ireland Limited and YouTube LLC are subsidiaries of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

When you visit one of our sites that has YouTube embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

We use the so-called “extended privacy mode” of YouTube. This means that when you visit our websites, only the technically necessary data is transmitted to the service provider responsible for your area (YouTube LLC or Google Ireland Limited), which your browser must send to retrieve the video from YouTube (retrieved video, date and time, IP address, browser type and settings, operating system).

Only when you call up the video by clicking on it will additional data be transmitted to the service provider responsible for your area. At the same time, YouTube also regularly saves data on your end device using cookies and similar technologies. These cookies enable YouTube to obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve user experience and prevent fraud. The cookies remain on your device until you delete them. If you are logged into your YouTube account, YouTube can personally identify your browsing habits. You can prevent this by first logging out of your YouTube account.

Google LLC has a so-called EU-U.S. Privacy Shield certification, which according to this certification includes the wholly owned subsidiaries of Google LLC in the USA, thus currently also including YouTube LLC. The EU-U.S. Privacy Shield Agreement is a data protection agreement that is intended to ensure an appropriate level of data protection for data transfers to certified U.S. companies. The EU Commission determined the adequacy of the guaranteed level of data protection under the EU-U.S. Privacy Shield Agreement in its decision of July 12, 2016 (Ref. C(2016) 4176).

You can view the decision of the EU Commission here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

The processing of your data through the integration of YouTube videos on our site is based on the legal basis of Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interests) and in our interest of an attractive presentation of our online offers. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of the consent (Art. 6 para. 1 p. 1 lit. a GDPR); the consent can be revoked at any time.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider’s privacy policy. There you will also receive further information on your rights and settings to protect your privacy (https://policies.google.com/privacy).

5.4. Hosting

Our website (https://shoulderbyte.com) is hosted by the external service provider (hereinafter “Hoster”) “ALL-INKL.COM – Neue Medien Münnich” (Hauptstraße 68, 02742 Friedersdorf, Germany). If personal data are collected on our website, they are stored on the servers of the hoster.

This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions regarding this data. In order to ensure that the processing complies with data protection regulations, we have concluded a contract for order processing with our hoster.

5.5 SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

6. Age Limits

If you are under 16, we do not knowingly collect personal information from you or consent to your use of our games. If we discover that we have collected or processed data from players under the age of 16, we will delete that data.

7. Automated individual decision decisions or profiling measures

We do not use automated processing to make decisions or so-called profiling.

8. Storage period of your personal data

In order to protect your personal data, it will be immediately deleted or made anonymous as soon as it is no longer required for the purposes for which the data was collected and processed. In some cases, the law provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will continue to be stored by us only for these legal purposes, but will not be processed in any other way and will be deleted after the legal retention period has expired.

9. Your rights according to the GDPR

If the legal requirements are met, you have the following rights with regard to the processing of your personal data:

You have the right to obtain confirmation from us as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and of the information specified in Art. 15 GDPR.

You have the right to demand that we immediately correct any incorrect personal data concerning you and, if necessary, complete incomplete personal data (Art. 16 GDPR).

You have the right to demand that personal data relating to you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to deletion).

You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have filed an objection to the processing, for the duration of the examination by us.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of data relating to you which is carried out pursuant to Art. 6, para. 1, sentence 1, letter e or letter f of the GDPR or for direct marketing purposes (Art. 21 GDPR), see in detail below.

You have the right to revoke any consent you have given us at any time with effect for the future (right of revocation).

You have the right to receive from us the data concerning you that you have provided us with in a structured, common and machine-readable format. You may also transmit this data to other parties or have it transmitted by us (right to data transferability).

To exercise your rights, please contact us using the contact details above.

Without prejudicing any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR (Art. 77 GDPR).

The competent supervisory authority in Hamburg:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
www.datenschutz-hamburg.de

10. Changes to this privacy policy

Changes in the law, our internal processes or new technologies may require occasional adjustments to this privacy policy. If we change our privacy policy, this will be indicated on our website (https://shoulderbyte.com/en/privacy-policy/).

Current status of this declaration: March 19h 2021

Note on the right of objection:

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6, paragraph 1, sentence 1, letter e or letter f of the GDPR or for the purposes of direct marketing (Art. 21 GDPR).

We then no longer process the personal data unless we can prove compelling reasons for the processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Under no circumstances will the data be further processed for direct marketing purposes.