PRESS CENTER

PRIVACY POLICY

This is the Privacy Policy of GIANTS Software GmbH (“GIANTS”, “we”). We offer information and the opportunity to download electronic games (hereinafter jointly referred to as “Services”) in the Shop section (“Shop”) of our websites (“Website”). This Privacy Policy will inform you about the type of personal data we collect in the context of your use of the Services and about the purpose for which it will be used. It will also inform you about your rights. We take our responsibility for the protection and processing of personal data very seriously. We use a variety of technical means and contractual arrangements to protect your data against unauthorised access and loss. We have implemented the necessary technical and organizational measures. Please note that where links lead to the websites of third parties, those companies provide their own privacy notices which apply to the use of their websites. We only offer our services to individuals who are at least 16 years old. Therefore we do not knowingly collect data from, or process data of, individuals under the age of 16.

I. Name and address of the Controller

The Controller, as this term is defined by the General Data Protection Regulation, other national data protection laws of the Member States, and other data protection regulations, is:

GIANTS Software GmbH
Wiesenstrasse 19
8952 Zürich-Schlieren
Switzerland

II. Name and address of the representative in the European Union

Jan-Hendrik Pfitzner, GIANTS Software Entertainment GmbH, Nägelsbachstraße 33, 91052 Erlangen, Germany

III. General information on data processing

1. Scope of personal data processing

As a matter of principle, we only collect the personal data you provide when you use the Services and, as applicable, when you use fee-based services. Personal data is data that contains information on personal or factual circumstances. When you place an order through our website, you are required to provide your name, address, e-mail address and payment information.

Sometimes we also need to ask you for personal data like your name, address, e-mail address and telephone number in order to process your inquiries or to provide support to you.

In addition, we collect data in the context of a voluntary participation in inquiries and surveys. We only disclose personal data to cooperating companies or external service providers where this is required or permitted by law, in particular for the performance of contracts, for processing payments, for protecting other users, or for the prevention of threats to national or public security, or for the prosecution of criminal offences.

Your legitimate interests will be considered in accordance with the statutory data protection regulations.

We treat all of this information confidentially and in compliance with the statutory data protection regulations. As a matter of principle, we do not disclose such information to third parties without your consent unless this is required for the performance and execution of the contract, for processing your inquiry, or for providing support services to you, or unless it is permitted pursuant to the statutory data protection regulations.

2. Legal basis for processing personal data

Where we obtain data subjects’ consent for processing operations involving personal data, the processing of personal data is based on Art. 6 (1)(a) of the EU General Data Protection Regulation (GDPR).

The legal basis for processing personal data which is necessary for the performance of a contract to which the data subject is a party, is Art. 6 (1)(b) GDPR. This also applies to processing operations that are necessary for taking steps prior to entering into a contract.

Where the processing of personal data is necessary to comply with a legal obligation to which our company is subject, processing is based on Art. 6 (1)(c) GDPR.

In the event that personal data needs to be processed in order to protect the vital interests of the data subject or another natural person, processing is based on Art. 6 (1)(d) GDPR.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests or the fundamental rights and freedoms of the data subject do not override that legitimate interest, processing is based on Art. 6 (1)(f) GDPR.

3. Purpose of personal data processing

We collect and process data in order to enable your use of the services. This also includes processing personal data for the purpose of data security, the stability and operational safety of our system, and for billing purposes. We process data in order to assist you with support inquiries. Data is also processed to detect and prevent a misuse of the Services, e.g. a use for fraudulent purposes. Data is processed to acquire new customers and to present advertising that we believe matches your interests.

4. Erasure of data and storage period

The personal data of data subjects is erased or blocked when the purpose of storing it no longer exists. Data can also be stored beyond such time if the European or national legislator provided for this in Union law regulations, laws or other legal regulations to which the Controller is subject. Data is also blocked or erased when a storage period required by the aforementioned regulations expires unless data needs to be stored beyond such time in order to execute or perform a contract.

5. Data security

We have taken the steps that can reasonably be expected of us to prevent unauthorised access to your personal data and the unauthorised use or alteration of this data and minimise the related risks. Nevertheless, the provision of personal data, whether in person, by phone or over the internet, always involves risks, and the possibility of a manipulation or sabotage of technical systems cannot be excluded.

We process the information collected from you in accordance with national and European data protection law. All employees are subject to the obligation to preserve data confidentiality and comply with data protection regulations, and have been trained in this respect. Your data is transmitted in encrypted form using the SSL method.

IV. Provision of the services and creation of log files

1. Description and scope of data processing

Every time our Services are requested, our system automatically collects data and information from the system of the requesting computer. In this context we collect the following data:

The data is also stored in the log files of our system.

2. Legal basis of data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1)(f) GDPR.

3. Purpose of data processing

The system needs to temporarily store the IP address in order to enable the provision of the Services to the user's computer. For this purpose, the system must store the user's IP address for the duration of the session. Data is stored in log files to ensure the operability of the Services. In addition, the data is used to optimise the Services and to ensure the security of our IT systems. Data is stored beyond the session for the purpose of fraud prevention (e.g. payment fraud, a violation of the rules of the game where one person uses multiple accounts) and for the purpose of IT security (e.g. protection against DDoS attacks). Data sets are only analysed for statistical purposes.

We delete log files after a period of fourteen days. We reserve the right to continue to store IP addresses and log files for a certain period of time even after users have used the services. This is done, in particular, to be able to prevent or investigate any cases of misuse and, in this context, to disclose such data to investigating authorities in individual cases, or to be able to fix bugs. All other data analyses use data in anonymised form where this is possible. After the expiry of this period, the IP address and the log files are deleted completely unless this information must be retained to comply with compulsory legal obligations or unless specific investigations by law enforcement authorities or misuse investigations are pending. These purposes also reflect our legitimate and overriding interest in data processing in accordance with Art. 6 (1)(f) GDPR.

4. Storage period

Data is erased when it is no longer needed to achieve the purpose of its collection.

5. Objection and removal options

The collection of the data for the provision of the Services and the storage of the data in log files are absolutely necessary to ensure that Services can be operated with as few interruptions as possible. Consequently, users do not have a right to object.

V. Support system

1. Description and scope of data processing

In the context of our Services we provide a support ticket system which can be used to contact us electronically by sending an e-mail to support@giants-software.de. Where users use this option, the data entered is transmitted to and stored by us. This data consists of:

E-mail header (e.g. server from which data is sent, e-mail client (as applicable), etc.)
E-mail address
Content of the message
We also record the time when the message was sent.
Chat record (if the chat feature is used)

The data collected in this context is not disclosed to third parties. The data is exclusively used to process the inquiry.

2. Legal basis of data processing

Where the user has given his/her consent, data processing is based on Art. 6 (1)(a) GDPR.

The processing of data that is transmitted in the context of sending an e-mail is based on Art. 6 (1)(f) GDPR. If the purpose of the contact by e-mail is to execute a contract, data processing is also based on Art. 6 (1)(b) GDPR.

3. Purpose of data processing

We only process the personal data to process the e-mail. Where users contact us by e-mail, this also reflects our necessary legitimate interest in processing the data. All other personal data processed while the e-mail is being submitted is used to prevent a misuse of the contact form and to ensure the security of our IT systems.

4. Storage period

Data is erased when it is no longer needed to achieve the purpose of its collection, but at the latest one month after the inquiry has been taken care of.

5. Objection and removal options

Users can revoke their consent to the processing of the personal data at any time. When users contact us, they can object to their personal data being stored at any time. In this case, the correspondence cannot be continued. All personal data that was stored in the context of the user's contacting us will be deleted in this case.

VI. Cookies, Web Beacons, etc.

1. Description and scope of data processing

Cookies

We use “cookies”, i.e. text files or pixels that are stored on the user's display device. Cookies are technologies that are used to collect certain user-specific settings and technical information which allow identification of the user. We use cookies to make our Services more user-friendly. Some elements of our Services require the ability to identify the user. We also use cookies that allow us to analyse user behaviour. Cookies are stored on the user's display device.

There are permanent cookies, which remain on your display device for an extended period of time, and session cookies, which are stored on your display device temporarily and are deleted after the services have been closed.

We use essential cookies, function cookies and performance cookies.

Essential cookies. These cookies are necessary for using the services. Without these essential cookies, we may not be able to make certain services or features available to you, or the presentation of the Services may not be free of errors.

Function cookies. Function cookies allow us to recognise your default settings and to provide enhanced features which better match your needs. For example, they enable us to personalise the Services and to recognise whether we have asked you about certain things or whether you have requested certain services. All of these features help us improve the Services for you.

Performance Cookies. Performance cookies are sometimes also referred to as analytics cookies and collect information on your use of the Services. They enable us to improve the functioning of the Services. For example, performance cookies show us which pages are used most frequently and what the entire usage pattern for the Services looks like. They also help us to recognise problems relating to the use of the Services and to determine whether our advertising is displayed effectively.

The following is a list of the cookies placed by us:

The following is a list of the cookies placed by third parties:

Upon users’ first use of the Services, they are informed about the use of cookies. If users do not want cookies to be stored on their display device, or if they want to delete a cookie that was stored or want to be notified when cookies are stored, they can change the settings of their browser or mobile end device accordingly. Information on how to perform each of these actions can be found in the browser's Help section. We would like to expressly point out that it may not be possible to fully use all of the features of the Services in this case.

If you reach our Services through third parties, these third parties may place cookies. This is beyond our control. Please review the privacy notices of these third parties.

2. Legal basis of data processing

The legal basis for processing personal data using cookies is Art. 6 (1)(f) GDPR.

3. Purpose of data processing

The purpose of using cookies that are technically necessary is to simplify the use. Some features of our Services cannot be offered without using cookies. User data collected through technically necessary cookies is not used to create user profiles. Analysis cookies are used to improve the quality of our Services and their content. Analysis cookies inform us about how Services are used and allow us to continuously optimise our offering. These purposes also reflect our legitimate interest in processing the personal data in accordance with Art. 6 (1)(f) GDPR.

4. Storage period, objection and removal options

Cookies are stored on the user's device and are transmitted to us by that device. Consequently you, as the user, have complete control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser or mobile device. Any cookies already stored can be deleted at any time. This can also be done automatically. Where cookies are disabled, users may no longer be able to fully use all features of the Services.

VII. Google Analytics

On the basis of our legitimate interests (i.e. the interest in the analysis, optimisation and efficient operation of our website within the meaning of Art. 6 (1)(f) GDPR), we use Google Analytics, a web analytics service provided by "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland". (“Google”). Google uses cookies. In general, the information on the users’ use of the website generated by the cookie is transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and thereby provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to analyse users’ use of our website, compile reports on the activities carried out within this website and to provide to us further services related to the use of this website and of the internet. The data processed can be used to create pseudonymous usage profiles of users.

We only use Google Analytics with IP anonymisation. This means that the users’ IP address is shortened by Google within Member States of the European Union or in other States party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.

The IP address transmitted by the users’ browser will not be combined with other Google data. Users can prevent cookies from being stored by selecting the respective setting in their browser software; in addition, users can prevent the data generated by the cookie and related to their use of the website from being collected and processed by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information regarding the use of data by Google and the options for stopping such use and objecting to it is available on Google's web pages: https://www.google.com/intl/de/policies/privacy/partners („Use of data by Google when you use our partners’ websites or apps“), https://www.google.com/policies/technologies/ads („Use of data for advertising purposes“), https://www.google.de/settings/ads („Manage information used by Google to display advertising to you“).

VIII. Amazon Pixel

We use the web analytics services Amazon Conversion Pixel and Amazon Remarketing Pixel provided by Amazon of Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA. By visiting this website, Amazon will receive the information that you have accessed our website. For this purpose, Amazon retrieves a “web beacon” (invisible graphics) and places a cookie on your computer in this process. In this context, the data specified in the section “Data processing on this website” of this Privacy Policy will be sent to Amazon. The IP address that is transmitted by your browser in this context will not be combined with other Amazon data. Amazon uses the cookie placed by it to recognise you on other websites, in apps and within services provided by Amazon and, as applicable, display personalised advertising to you. You can prevent cookies from being stored by selecting the respective setting in your browser software. However, we would like to point out that you may not be able to fully use all of the features of this website in this case. In addition, you can prevent the data generated by the cookie and relating to your use of the website from being collected and processed by Amazon by clicking on the following link and selecting the setting “Do not personalise advertising displayed by Amazon for this browser”: https://www.amazon.de/adprefs. In this case, an opt-out cookie is placed in your browser which will prevent any future collection of your data by the Amazon pixels when you visit our website. This objection will remain in effect until you delete the opt-out cookie. Amazon provides further information regarding the collection of data at: https://www.amazon.de/gp/BIT/InternetBasedAds.

We do not have any control over the data collected or any knowledge of the full scope of the data being collected. This data will be transmitted to the USA and will be analysed there. Beyond the privacy policy mentioned above, you can request further information regarding the purpose and scope of the data collection and processing, as well as further information on your respective rights and settings options for the protection of your privacy, from: Amazon EU S.à.r.l, Amazon Services Europe S.à.r. l. and Amazon Media EU S.à.r. l., all three of them with a registered office at 5, Rue Plaetis, L-2338 Luxembourg; e-mail: ad-feedback@amazon.de. The data processor is Amazon.de GmbH, Marcel-Breuer-Str. 12, 80807 Munich, Germany.

IX. Web pages on social media and including third-party services

We maintain web pages in social networks and on social media platforms in order to communicate with customers, potential customers and users who are active there, and to inform them about our Services there. When you access these networks and platforms, the general terms and conditions and the data processing policies of the relevant operator apply. Unless otherwise specified in our Privacy Policy, we process users’ data when they communicate with us in social networks and on social media platforms, e.g. create contributions on our web pages or send us messages. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and the efficient operation of our web pages within the meaning of Art. 6 (1)(f) GDPR), we place links to these third-party services on our web pages.

This always requires that the third parties who provide this content can see users’ IP address because they cannot send the content to their browser without the IP address. Consequently, the IP address is required to display this content. We strive to only use content which is provided by parties that use the respective IP address solely for purposes of delivering said content. Third-party providers may also use “pixel tags” (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” make it possible to analyse information, such as visitor traffic on the various pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and may contain, for example, technical information regarding the browser and the operating system, information on referring websites and times of website visits, as well as further information regarding the use of our web pages. It may moreover be combined with similar information from other sources.

YouTube

We embed video content provided by YouTube into our Services. YouTube is a service provided by “Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland” (“Google”). For this purpose, we request the respective content from Google servers. If you are logged into Google with your Google account, Google is able to combine your surfing behaviour with other data. Google's privacy policy applies: https://policies.google.com/privacy?hl=de&gl=de.

X. Forum

Our website provides the opportunity to submit contributions to a forum. The forum also requires registration with a user name, your e-mail address and a password. You can use a pseudonym to register. We only store this data to allow users to log in. Your password is encrypted. Nevertheless, we recommend that users do not use the same password on different websites. The password allows users to access their account in the forum, so please keep it in a safe place and do not disclose it to third parties. If you do not remember your password for your account, you can use the “I forgot my password” function of the phpBB software. This process will ask you to enter your user name and your e-mail address, then the phpBB software will generate a new password that will allow you to get your account back.

The forum is operated by the provider phpBB Deutschland e. V., Sandweg 17, 70771 Leinfelden-Echterdingen (“phpBB”). phpBB generates multiple cookies when you visit the forum. Cookies are small text files which the browser stores as temporary files. Two of these cookies contain a unique user number (user ID) and an anonymous session number (session ID) which is automatically assigned to the user by phpBB. A third cookie is generated once a user has visited topics and is used to store information on the contributions read by the user in order to be able to mark any contributions not yet read. Further information is collected when information is sent to the operator. This may include contributions created as a guest, data that is collected in the context of the registration, and the messages created by a user after he/she has registered with the forum. Further information on how your data is used by the operator is available at: https://www.phpbb.com/community/ucp.php?mode=privacy.

The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the forum. Where we or phbBB use the data to improve the Services, this use is justified in accordance with Art. 6 (1)(f) GDPR. There is an overriding interest in improving the Services.

XI. Giants Developer Network

We offer the opportunity to create user-generated content using the GIANTS SDK (“User-Generated Content”). The GIANTS SDK provides access to various tools that allow to create and share User-Generated Content, e.g. an editor (“Tools”). In order to use the Tools, users must register with the GIANTS Developer Network. For this purpose they must provide their e-mail address and a password. We only use this data to administrate the GIANTS Developer Network; it will not be disclosed to third parties. The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the GIANTS Developer Network.

XII. ModHub

We offer a platform (“ModHub”) for user-generated content created with GIANTS SDK (“User-Generated Content”). The GIANTS SDK provides access to various tools with which to create and share User-Generated Content. Users can upload User-Generated Content created by them using the ModHub. For this purpose they must register by providing an e-mail address and a password. We only use this data to administrate the ModHub; such data will not be disclosed to third parties. The tools transmit the IP address and the users’ access to files to us to enable the user to access the interface (API). The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the ModHub.

XIII. Rights of data subjects

Where your personal data is processed, you are the “data subject”, as defined in the GDPR, and you have the following rights vis-à-vis the Controller:

1. Right of access

You have the right to demand that the Controller confirm to you whether it is processing personal data concerning you. Where such processing exists, you can request the following information from the Controller:

You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organisation. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to have the Controller rectify and/or complete data where the personal data concerning you being processed is inaccurate or incomplete. The Controller must rectify this data without undue delay.

3. Right to restriction of processing

You have the right to demand that the Controller restrict the processing of personal data concerning you if the following applies:

Where processing of the personal data concerning you has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where the processing was restricted in accordance with the aforementioned conditions, you will be informed by the Controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You may demand that the Controller erase the personal data concerning you without undue delay where one of the following reasons applies:

b) Information provided to third parties

Where the Controller has made the personal data concerning you public and is obliged to erase the personal data concerning you in accordance with Art. 17 (1) GDPR, it has the following duty: It must take reasonable steps (including technical measures, taking into account the available technology and the cost of implementation) to notify third-party companies which are controllers that you have requested the erasure of all links to, or copies of, such personal data.

c) Exceptions

The right to erasure does not apply where processing is necessary

5. Right to information

Where you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller has a duty to communicate this rectification or erasure of the data or the restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you which you have provided to the Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit that data to another controller without hindrance by the Controller to which the personal data has been provided, where the processing is based on consent pursuant

When exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where this is technically feasible. This right must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object

You have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you that is based on Art. 6 (1) (e or f) GDPR at any time; this also applies to profiling which is based on these provisions. In such an event, the Controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the data is being processed for the establishment, exercise or defence of legal claims. Where personal data concerning you is processed for the purposes of direct marketing, you have the right to object to the processing of personal data concerning you for that purpose at any time; this also applies to profiling where profiling is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revoke consent given for data protection law purposes

You have the right to revoke your consent given for data protection law purposes at any time. Revoking your consent does not affect the lawfulness of any processing performed based on the consent until such revocation.

9. Automated decision made in individual cases, including profiling

You have the right not to be subject to a decision which is based solely on automated processing – including profiling – and which produces legal effects concerning you or similarly significantly affects you. This does not apply where the decision

a) is necessary for entering into or performing a contract between you and the Controller,
b) is authorised by Union or Member State laws to which the Controller is subject and where these laws also contain suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is made with your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2)(a or g) applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. With respect to the cases mentioned in subsections (a) and (c), the Controller must implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the Controller, the right to express your own point of view and the right to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged violation, if you believe that the processing of the personal data concerning you violates provisions of the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.