The RPG Raid Roleplaying Games Ltd (“RPG RAID Roleplaying Games”/“we”) is committed to protecting the privacy of its users (“users”/“you”) with regard to the processing of personal data. RPG Raid Roleplaying Games observes the applicable data protection requirements.
We have compiled this document to inform our users about the handling of their data. If you have any questions concerning the use of your personal data by RPG Raid Roleplaying Games, or if you would like to revoke a previously granted declaration of consent, please get in touch with us and tell us about the game you play, your platform and the server you use.
This Data Protection Statement applies to all services offered on the websites operated by RPG Raid Roleplaying Games Ltd, in particular www.rpgroleplayinggames.com, (“website”) and mobile applications, as well as the games offered for download via portals such as the Apple App Store and Google Play Store etc. (“games apps” or “apps”)
We offer our apps only to persons who are 16 years or older. This means that we do not process any data of persons who are younger than 16 years of age.
1. Name and address of the data controller (the person in control of your data)
The data controller for the purposes of the General Data Protection Regulation and other national data protection laws of the Member States, as well as any other data protection-related regulation is:
RPG Raid Roleplaying Games Ltd
71 Queen Victoria Street
2. Name and address of the Data Protection Officer
The data controller has appointed the following Data Protection Officer
External Data Protection Officer:
Prof. Dr. Christian Rauda
Board-certified specialist for information technology law
GRAEF Rechtsanwälte Digital Part GmbB
Phone: +49 40 80 6000 9-0
Fax: +49 40 80 6000 9-10
3. General information on data processing
3.1 Legal basis for the processing of personal data
Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data that was obtained with the consent of the data subject.
Article 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data that is required for the performance of a contract to which the data subject is a party. This also applies to data processing operations that are necessary for the performance of pre-contractual measures.
In as far as the processing of personal data is required for compliance with a legal obligation incumbent on our company, the legal basis for data processing is Article 6 para. 1 lit. c GDPR.
In the event the vital interests of the data subject or another person compel us to process personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis for such data processing.
Article 6 para. 1 lit. f GDPR serves as the legal basis if the data processing is necessary to safeguard a legitimate interest of our company or a third party in a situation where the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the legitimate interest of our company or a third party.
3.2 Deletion of data, storage period
We will delete or block a data subject’s personal data as soon as the purpose of storing the data has been achieved. Personal data can be stored for longer periods if prescribed by a European or national legislator in EU regulations, laws or other regulations that govern the data controller. The data is also blocked or deleted at the end of a retention period prescribed by one of the above regulations, unless the data is required to be stored for a longer period for the purpose of performing or entering into a contract.
3.3 Data security
We always try our best to put reasonable arrangements in place to prevent unauthorised access to your personal data, use of your personal data or manipulation of your personal data and to minimise the risk of these incidents occurring. The provision of personal data is, irrespective of whether disclosed in person, over the phone or via the internet, inevitably associated with certain risks and no technological system is absolutely fail-safe from being manipulated or sabotaged.
We process all information collected from you in accordance with the English and European data protection laws. All our employees are bound by data secrecy and the data protection regulations and have been instructed accordingly. When making a payment, your data will be transmitted using SSL-encryption technology.
4. Collection and use of personal data via the website and apps
4.1 Our website can be used by all users without requiring registration. The following data is collected: internet protocol, IP address, URL of the referring website from which the file was requested, the date and time of access, browser type and operating system, the site visited by you, data volume transmitted, access status (file transfer, file not found etc.), duration and frequency of use. This data is also stored in the log files of our system. The data is not stored together with other personal data of the user.
4.2 Each access of a registered user on the website and each file access will cause the following use-specific access data to be transmitted to our server: internet protocol, shortened IP address, the respective device, advertising, user or ad ID, the URL of the referring website from which the file was requested or the ID of the social network if you used one to log on, date and time of access, territory from which the game app was downloaded, state in which the game app was accessed, browser type and operating system, the page visited by you, data volume transmitted, access status (file transfer, file not found etc.), duration and frequency of use, device type, language setting, date of downloading the game app, number of days since downloading the game app, name and number of game apps from RPG Raid Roleplaying Games for which the user is registered. RPG Raid Roleplaying Games also stores the game scores, levels achieved and other game-related data that we require to operate the game app for the user. We further store data for the purpose of placing advertising messages, specifically advertising messages that were delivered to the user. We collect the user’s advertising network ID and information on whether the user found the game app as a result of an advertising campaign.
4.3 To improve the gaming experience for our users, RPG Raid Roleplaying Games will collect information on the duration of use, the number of times the games app was launched, internet protocol, IP address, device type and operating system, data volume transferred, access status (file transfer, file not found etc), avatar name, download tag and game app version, as well as amounts/tokens you have invested in the game app’s features. This data can be used to generate pseudonymised statistics that help RPG Raid Roleplaying Games to make the apps and games even better for you, fix bugs and improve our services. The data is not used for any other purpose specifically related to the data subject. This data will be deleted as soon as there is no further need for their storage, the user has requested the data to be deleted, or a law prohibits the (continued) storage of the data. Data can only be deleted if the deletion is not opposed by a statutory retention obligation.
4.4 As a general rule, RPG Raid Roleplaying Games will only collect and use the personal data specifically disclosed by the user, i.e. during his registration or login, for the user’s enrolment in prize competitions or use of paid services. Personal data means data that contains information about personal or factual circumstances (e.g. name, address, date of birth, e-mail address).
4.5 The contractual use of the games apps requires the collection and processing of the user’s personal data by the stores RPG Raid Roleplaying Games has no control over this type of data collection and does not accept any liability or responsibility. Detailed information about the data collected by Google Play and Apple App Store, Windows Store and other stores may be obtained from the data protection statement of the respective store. RPG Raid Roleplaying Games processes this data to the extent it is provided by the stores and necessary for downloading the games app to the user’s device, as well as for the operation of the games app. The data is not stored for any other purposes.
4.6 The user may be required to disclose additional data, such as his full name, address, etc., for purposes associated with the contractual use of the games app and the performance of the license agreement accepted by downloading the app, and in particular data associated with the use of paid services by the user (i.e. download of a paid app or in-game purchase). RPG Raid Roleplaying Games does not collect and process any payment data (bank account numbers, credit card data, etc.).
4.7 Google Play IDs and Game Center IDs can be saved to allow login from multiple devices.
4.8 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6, para. 1 lit. f GDPR.
4.9 Data processing purpose
The temporary storage of a user’s IP address by the system is necessary to deliver the services to the user’s computer. This requires the IP address to remain stored for the duration of the session.
The storage in log files serves the purpose of warranting the faultless functioning of the services. The data also assists us in optimising the website and to warrant the security of our computer systems. The data is not analysed for any marketing purposes, it is analysed exclusively for statistical purposes.
4.10 Period of storage
The data will be deleted as soon as it is no longer required for achieving the purpose of their collection. Where data is collected for the purpose of making the website available, this is the case when the respective session has ended.
Where data is stored in log files, this is the case after a maximum period of seven days. In certain other cases, your data may be stored for longer periods. If this is the case, the IP addresses of the users will be deleted or anonymised, with the result that the accessing client can no longer be identified.
4.11 Your right to object and contest a decision
Collecting the data for the purpose of making the website available and storing the data in log files is an essential requirement for the operation of the website. Users therefore cannot object against this type of data collection.
5. Login via a third-party platform
5.1 By logging into the games via a third-party user account, such as the Facebook account or other social networks, the user declares his consent to the access to and/or storage of certain account and/or profile information held by such third-party provider or certain information stored in cookies downloaded to your device by a third-party platform.
5.3 The user may change his login settings at any time if he wishes to prevent such data from being exchanged with Facebook, Google or other social networks he has previously used to login into on our services.
6. Disclosure of the data to third parties; contract (data) processing
6.1 The user’s personal data will be treated confidential and will generally only be disclosed to external service providers or contractors with the user’s express consent, or if disclosure is necessary to perform a contract, respond to inquiries or to provide customer support. RPG Raid Roleplaying Games cooperates with providers who collect and compile statistical data, as well as with IT service providers (i.e. computer centres, hosting, back-up and database services). The user’s legitimate interests are given consideration in accordance with the statutory requirements. The external service providers are under a statutory obligation to treat the data confidential and securely and are only permitted to use the data to the extent necessary to perform their duties. In as far as external service companies perform contract data processing, the statutory requirements pertaining to contract (data) processing are observed.
6.2 In all other respects, personal data is only disclosed if required for the protection of other users, for the prosecution of criminal offences, or as permitted under the statutory data protection regulations. We may in certain cases be compelled to disclose the data on the basis of statutory requirements (i.e. disclosure to investigating authorities). Disclosure is always limited to the extent necessary, legally permitted or prescribed.
6.3 A declaration of consent to the disclosure of data previously granted to us may be revoked at any time and without stating reasons.
7. Modification and deletion
RPG Raid Roleplaying Games can, at its own discretion or at the user’s request, complete, correct or delete any personal data stored by RPG Raid Roleplaying Games in relation to the operation of this website or the games app that is incomplete, incorrect or outdated.
RPG Raid Roleplaying Games complies with the statutory requirements and deletes personal data immediately upon being requested to do so by the user, unless prevented from deleting the data by statutory retention obligations.
8. Links to other websites
Our website may from time to time contain interactive references (so-called links), for which RPG Raid Roleplaying Games does not accept any responsibility. RPG Raid Roleplaying Games has no control over the content and design of the linked external websites or internet services the user may access via our webpages. The respective operators of these internet services are exclusively responsible for their design, content and compliance with data protection requirements.
9. Push notifications
9.1 Description and scope of data processing
You can set the configurations of your device to permit us to send you push notifications for updates to games apps and other relevant information. You can manage your push settings in the “options” or “settings” menu of your mobile app, or in the settings of your device.
9.2 Legal basis for data processing
The legal basis for the processing of the data for the purposes of a contract is Article 6 para. 1 lit. b GDPR.
9.3 Period of storage
The data will be stored until you delete them.
9.4 Your right to object and contest a decision
For Apple mobile devices: Open the settings on your mobile device (e.g. iPhone or iPad), and select the menu item “Privacy”. You can switch off ad tracking under the menu item “advertising”.
For devices with Android operating systems: Open the settings in your app-list and tap the “Ad” button. Once the ad window has opened, you can disable the Google Advertising ID.
10. Protection of your data
We always try our best to put reasonable arrangements in place that are aimed at preventing unauthorised access to your personal data, use of your data or manipulation of your data and at minimising the risk of these incidents occurring. All our employees have been instructed with regard to their legal obligations to comply with data protection regulation and to maintain data secrecy. Our SSL transmission is certified by different official certificate authorities.
The provision of personal data, irrespective of whether disclosed in person, over the phone or via the internet, carries certain inevitable risks. No technological system is absolutely fail-safe from being manipulated or sabotaged. We would like to point out that there is always a residual risk of a transmission of data over the internet (i.e. communicating by email) being compromised. A fail-safe, guaranteed protection of the data against access by third parties is not possible.
11. Rights of the data subject (the person whose data is collected)
The processing of your personal data makes you a data subject for the purposes of the GDPR. As a data subject, you may assert the following rights against the data controller:
11.1 Right to information
You can request the data controller confirm whether we are processing any personal data relating to you.
If this is the case, you may request the data controller to provide you with the following information:
You have the right to request information on whether your personal data is transmitted to a third country or an international organization. You may in this respect demand to be informed about the adequate safeguards taken in relation to the transmission pursuant to Article 46 GDPR.
11.2 Right to correction
You have the right to demand the data controller to correct and/or complete any of your personal data that is incorrect or incomplete. The data controller must correct or complete the data without undue delay.
11.3 Right to restrict the processing of data
You can demand the processing of your personal data to be restricted under the following conditions:
Where the processing of your personal data has been restricted, such data may – except for their storage – only be processed with your consent or for the purpose of asserting, exercising or defending legal interests, or to protect the legal interests of another person or legal entity, or for reasons of a substantial public interest of the European Union or a Member State.
If the data processing was restricted on the basis of the conditions stipulated above, you will be notified by the data controller prior to lifting the restriction.
11.4 Right to the deletion of your data
You may at any time delete your account.
11.4.1 Mandatory deletion
You may instruct the data controller to promptly delete your personal data. The data controller is legally required to delete such data without undue delay, provided one of the following reasons apply:
11.4.2 Notification of third parties
Where the data controller has made your personal data publicly accessible and is required to delete your data under Article 17 para. 1 GDPR, the data controller will, in consideration of the available technology and cost of implementation, take adequate measures, including technical measures, to inform any other data controllers who process such personal data about the circumstance that you as the data subject have requested them to delete all links to said personal data, copies or reproductions of such personal data.
You are not entitled to the deletion of your data to the extent the data processing is required
12. Right to onward notification
Where you have asserted your right to the correction, deletion or restriction of the data processing against the data controller, the data controller is required to notify all recipients your personal data was disclosed to about said correction or deletion of the data, or restrictions imposed on their processing, unless such notification is infeasible or would entail unreasonable effort or expense.
You are entitled to be informed about these recipients by the data controller.
13. Right to data portability
You have the right to receive the personal data disclosed by you to the data controller in a structured, popular and machine-readable format. You further have the right to transfer such data to another data controller without interference by the data controller said personal data was initially made available to, provided the data processing is based
When you exercise this right, you are further entitled to your personal data being transferred directly from one data controller to another data controller, subject to technical feasibility. This must not curtail the freedoms and rights of third parties.
The right to data portability does not apply to the processing of personal data that is required for the performance of a function in the public interest or in the exercise of public authority conferred upon the data controller.
14. Right to object
You have the right to lodge an objection against the processing of your personal data conducted on the basis of Article 6 para. 1 lit. e or f GDPR at any time for reasons that are attributable to your personal circumstances. This also applies to profiling based on the same provisions.
The data controller will then cease processing your personal data, unless he can demonstrate compelling legitimate interests for the data processing that prevail over your interests, rights and freedoms, or unless the data processing serves the purpose of asserting, exercising or defending legal interests.
Where your personal data is processed for direct advertising purposes, you have the right to lodge an objection against the processing of your personal data for such advertising purposes at any time; this also applies to profiling associated with such direct advertising.
If you lodge an objection against data processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
When using services of the information society, you have the option to exercise your right to object via automated processes that use technical specifications, irrespective of the Directive 2002/58/EC.
15. Right to revoke data protection-related declarations of consent
You have the right to revoke a previously granted declaration of consent at any time. A revocation of consent is without prejudice to the lawfulness of the data processing conducted prior to your revocation.
16. Automated individual decision-making
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which would produce legal effects concerning you or would significantly affect you in a similar way. This does not apply if the decision
These decisions may however not be made on the basis of personal data of special categories pursuant to Article 9 para. 1 GDPR, unless Article 9 para. 2 lit. a or g applies and adequate safeguards for your rights, freedoms and legitimate interests have been put in place.
In the cases referred to at (1) and (3), the data controller takes adequate measures to safeguard your rights, freedoms and legitimate interests, which at the minimum includes the right to obtain intervention of a person on the part of the data controller, the right to express your own opinion and the right to contest the decision.
17. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy that may be available to you, you have the right to lodge a complaint with a supervisory authority, in particular an authority in the Member State of your residence, your place of work or the place of the alleged infringement if you have reason to believe that your personal data is processed in violation of the GDPR.
The supervisory authority where the complaint was lodged will inform the complainant about the progress and results of the complaint, as well as the option to seek relief from a court of law pursuant to Article 78 GDPR.
Last revised: 18 March 2021
Copyright: RPG RAID ROLEPLAYING GAMES LTD ‒ All rights reserved.