Privacy Policy

Spielworks GmbH, Linkstraße 12, 10785Berlin, Germany is the operator of the Mobil Application Wombat (the “App” or “Wombat”) which allows a bundled and direct access to websites, features and functionalities, especially based on decentralized storage technologies. We collect and process personal data of individuals (the “User” or “you”) using the App. The protection and confidentiality of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable data protection laws, in particular with the EU General Data Protection Regulation (the “GDPR“).

In the following, we will inform you what data are collected during your use of the App, as well as the legal bases for the processing of personal data, the purpose of the data processing, the use, the duration of the storage of data and your rights.

1. Name and address of the responsible body

The responsible body (the “Controller”) within the meaning of the GDPR is:

Spielworks GmbH, Linkstraße 12, 10785Berlin, Germany

If you have any questions relating to data processing and your rights according tothe applicable data protection laws, you may contact us:

Telephone: +49 (0)30 25925755

Email: info@spielworks.com

2. What categories of data do we collect?

I) Contact information; in Particular login/registration data; in case you are using the free version of Wombat only the Android or iOS log in is stored and processed;
II) Technical data: such as your IP address or your operating system when using the App
III) Behaviour: the manner in which you use/handle the App;
IV) Invoicing and payment data, when amounts must becharged;
V) Your correspondence with us;
VI) If you are (a person of interest at) a prospect (e.g.an interesting party for a sponsorship, for a partnership or for participation to an event as speaker or attendant) for prospection by e-mail (cold mailing)or by phone (cold calling), we may collect your company, name, function, work phone and professional e-mail;
VII) If you are a job applicant, we process the data you provide us with, the data that results from interviews and tests, data we obtain form persons you designated as referrals and data that is publicly available and relevant to evaluate your application (such as public posts on social media).

3. How do we use your personal data

3.1 To communicate with you

I) To communicate with you (e.g. membership information or when you ask us a question);
II) To provide you with updates or changes on services;
III) To provide you with (targeted) information on services and products, based on legitimate interest.

3.2 Provisioning of the App and storage of log files

The provider of the Application automatically collects and stores information inso-called server log files. Such information is needed to establish a connection with the services of the App. The processed information is:

· operating system used;
· the internet service provider of theUser;
· the IP address of the User;
· hostname of the accessing computer;
· time of the server inquiry;
· websites accessed by the User’s system via our Websites.

These data are not stored together with other personal data of the user and is not combined with other data sources.

The legal basis for processing of the data is Article 6 (1)(f) GDPR. The log files are processed for technical and administrative purposes of establishing and maintaining a connection in order to guarantee the security and functionality of the Website and to be able to prosecute any illegal attacks on it if necessary.

Our legitimate interest in data processing pursuant to Art. 6 (1)(f) GDPR results from the security interest mentioned and the necessity of a trouble-free provision of our Websites.

Data will be stored as long the User is using his Wombat account.

3.3 Cookies

We are using cookies. Cookies are small amounts of information that are distributed from some websites to your web browser to recall information about past browsing activities. We may use cookies to identify the browser you are using so that our Website displays properly. We also use cookies in various places on our Website in order to document your visit to our Website and allow for a more efficient website design.

We make use of the following type of cookies:

· Strictly necessary cookies. These cookies are necessary for the functioning of our Website. They allow you to log in and use our services.
· Analytical/performance cookies. These cookies analyse the way our Website is used, which pages are most frequently visited, which problems occur, etc. This way we can improve our Website and keep your user experience optimal.
· Functionality cookies. These cookies are used to recognize individual users and to remember their preferences. We can for instance remember your choice of language and other settings so that they are immediately correct on your next visit.
· We do not used targeted or advertising cookies.  Such cookies analyse your surfing behaviour (on our and other websites) to show you ads that match your interests and profile. Such cookies generally come from third parties (such as Google or Facebook) that collect that information and also take care of the ads based on it.

As a rule, our cookies expire automatically.
Cookies can also be explained on the basis of who issues them. They can be divided into:

· First party cookies. These cookies come from us. They control and remember e.g. the display of the website in your preferred language or remember the contents of a shopping basket.
· Third-party cookies. These cookies come from other parties. They are often used to track online behaviour across different websites or to analyse website use (such as Google Analytics).

You also have the option of deleting cookies from your computer’s hard disk at anytime. The cookies are set to expire no later than one month after initial transmission. When cookies are disabled, the functionality of our Website maybe limited.

Most of the cookies we use are so-called session cookies. They will automatically be deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our Website.

We erase your Personal Data automatically when they are no longer required for the purposes listed above. We also erase your Personal Data according to your request and if further storage is neither required nor permitted by applicable laws.

Cookies cannot identify you as a person. In any case, the use of cookies is justified on the basis of our legitimate interest in a needs-based design (Article 6 (1)(f) GDPR).

3.3.1 Google Analytics

[This Website uses the functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA(“Google”). Google is certifiedunder the EU Privacy Shield and thus guarantees compliance with European data protection laws, https://policies.google.com/privacy/frameworks?hl=en&gl=de.  

Google Analytics uses cookies. The information generated by cookies about your use of this Website is usually transferred to a Google server in the USA and stored there.

Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide other services associated with the use of the Website and the Internet. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Information generated by the cookies are automatically deleted by Google after one month or earlier in accordance with the settings of your web browser.

This processing is required to pursue our legitimate interests (Art. 6 paragraph 1lit. f GDPR) to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient’s participation in the “EU-US Privacy Shield”.For more information please see the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en]

4. Legal basis for the processing of your data

We process your personal data in strict accordance with the applicable privacy legislation and on the basis of the following legal grounds:

I) Performance of the agreement: we need to process some of your data to deliver our services, to comply with our obligations (for example to you as a member, as described above), to communicate with you prior to entering into a (membership) contract with you and to evaluate the opportunity of such a contract. For example, we need your contact details to be able to contact you and your invoicing data to be able to invoice.
II) Legal obligation: in some cases, we are legally obligated to process certain information about you, for example, when we have to send your invoices, we need your VAT number.
III) Legitimate interest: if you are a member, partner, sponsor or more generally in an existing trade relationship with us, we may send you information and newsletters about our activities based on a legitimate interest to do so. Unless you unsubscribe of course. If you are (a person of interest at) a “prospect” (e.g. an interesting party for a sponsorship, for a partnership or for participation to an event as speaker or attendant), we may collect your personal data as described above and contact you by phone and/or e-mail to inform you about our products.
IV) Consent: we may also process your data if we are given express consent, e.g. when you register for a newsletter or for certain (targeted) offers (direct marketing, such as for our events).

5. How do we collect your data

I) When using the App and the realted services.
II) When communicating with us.

From public sources. For example, if you are (a person of interest at) a“prospect” (e.g. an interesting party for a sponsorship, for a partnership or for participation to an event as speaker or attendant), we may gather your personal contact details via publicly available sources such as your company website.

How do we protect your data?

Reliable partners.
We ensure that we only allow reliable partners to process your data, who provide us with the required written guarantees that they will process data in compliance with the requirements of this Privacy Policy and the privacy regulations.

I) Technical security measures:
In terms of access (login requirements, password policy, role division, etc.), storage (encryption, backup, etc.), and protection against outside access (firewall, antiviral software, etc.) of the media on which personal data can be stored.
II) Organisational measures:
This includes raising awareness among employees and service providers concerning the importance of privacy, the enforcement of policies, the continuous maintenance of a data register, compliance with a data policy, etc. If we process your personal data based on grounds of legitimate interest (such as processing for prospection purposes to persons we have no prior relationship with), we will conduct a “legitimate interest assessment” (or “balancing test”) to assure that additional safe guards are foreseen and applied. This way, we guarantee a proportionate and balanced processing of your data in accordance with the privacy legislation.

Despite the security measures that we take, it is important to know that the transfer of data via an Internet connection is never without risks and you must take the necessary precautions when you are connected with the Internet in order to protect yourself from viruses, malware, etc.

I) Technical security measures:
In terms of access (login requirements, password policy, role division, etc.), storage (encryption, backup, etc.), and protection against outside access (firewall, antiviral software, etc.) of the media on which personal data can be stored.
II) Organisational measures:
This includes raising awareness among employees and service providers concerning the importance of privacy, the enforcement of policies, the continuous maintenance of a data register, compliance with a data policy, etc. If we process your personal data based on grounds of legitimate interest (such as processing for prospection purposes to persons we have no prior relationship with), we will conduct a “legitimate interest assessment” (or “balancing test”) to assure that additional safe guards are foreseen and applied. This way, we guarantee a proportionate and balanced processing of your data in accordance with the privacy legislation.

6. Your rights in connection with processing of personal data

In the following, we inform you on your rights that you have in connection with the processing of personal data by us and may exercise according to applicable data protection laws, in particular to the GDPR.

6.1 Rights of access

You have the right at any time to demand information on if we process your personal data. In the event of such processing, you may request the following information from us: (I) the purposes for which personal data are processed; (II) the categories of personal data which are processed; (III) the recipients or categories of recipients to whom your personal data have been or will be disclosed; (IV) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration; (V) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing; (VI) the existence of a right of appeal to a supervisory authority; (VII) all available information on the origin of the data if the personal data are not collected directly from you; (VIII) the existence of automated decision-making, including profiling in accordance with Article 22 paragraph 1and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.

You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed on the appropriate guarantees in connection with the transfer of data.

6.2 Rights of rectification

You have the right to demand us to correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed on the appropriate guarantees in connection with the transfer of data.

6.3 Right to erasure

You may demand your personal data to be deleted if (I) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; (II) you revoke your consent to the processing and there is no other legal basis for the processing; (III) you submit an objection to data processing and there are no predominant justifiable reasons for the processing; (IV) your personal data have been processed illegally; (V) the deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

6.4 Right to restriction of processing

You may request to restrict the processing of your personal data if (I) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data; (II) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (III) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; (IV) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.

6.5 Right to data portability

You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.

6.6 Right to object

On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data which is carried out on the basis of Article 6(1) (f) GDPR. Such grounds exist, in particular, if they underline your interests and outweigh our interest in the respective data processing. If your personal data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.

6.7 Right to revoke the declaration of consent under data protection law

If you give us the consent to process your personal data, you have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

6.8 Right to lodge a complaint with the supervisory authority

You have the right to address the supervisory authority for any questions or complaints. The supervisory authority is Berliner Beauftragte für Datenschutz und Informationsfreiheit, https://www.datenschutz-berlin.de/

7. Where do we process your data?

Within the EU as much as possible.

8. Which third parties process your data? 

In certain cases, we appoint third parties (data processors) for the provision of services. Your data is transmitted to these undertakings to facilitate the performance of their duties. We have concluded processing agreements with these data processors as per Art. 28 GDPR with the proviso that they implement the strict requirements of the data protection authorities for handling your data. These contracts and strict checks serve to ensure that all services providers who assist us with the provision of our services exclusively handle your data according to our instructions and do not disclose it to third parties. Furthermore, we have agreed on further measures to protect and safeguard your personal data. As such, your personal data shall only be further processed outside the EEA if the relevant service provider is able to warrant compliance to the provisions of European data protection law.

We work with the following service providers (data processors) on the basis of specified purposes:

  1. Amazon Web Services, Inc., P.O BOX 81226, Seattle, WA 98108-1226, USA - Server hosting provider for the storage of data.

    Data required for the mailing of the newsletter is stored on the servers of Amazon Web Services within the European Union. Amazon Web Services is certified by the EU-E.S. Privacy Shield. The privacy shield is an agreement between the European Union (EU) and the USA intended to ensure compliance with European data protection standards in the USA. We have also concluded a processing agreement with Amazon Web Services as per Art. 28 GDPR with the proviso that it fully implements the strict requirements of the Germany data protection authorities for handling your data.

    Please find more information on data protection in the Amazon Web Service privacy policy at: https://aws.amazon.com/de/compliance/data-privacy/.

  2. UAB MailerLite, J. Basanavičiaus g. 15, LT-03108 Vilnius - Software service provider for optimised email dispatch.

    We have concluded a processing agreement with MailerLite as per Art. 28 GDPR. According to this agreement, MailerLite must ensure the protection of our customer data and not pass it on to third parties.

    Please find more information on data protection in the MailerLite privacy policy at: https://www.mailerlite.com/legal.

  3. Mixpanel, Inc., One Front Street, Floor 28, San Francisco, CA 94111, USA - Product analytics provider for analysing usage data.

    Mixpanel logs website activity and usage data. In the process, log data is transmitted to Mixpanel(and Mixpanel inc.). Please find more information on the handling and use of your data in the Mixpanel privacy policy (http://mixpanel.com/privacy).

    We have concluded a processing agreement with Mixpanel as per Art. 28 GDPR. According to this agreement, Mixpanel must ensure the protection of our customer data and not pass it on to third parties.

    Please find more information on data protection in the Mixpanel privacy policy at: https://mixpanel.com/legal/terms-of-use.

  4. Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - Provider of Google Analytics, a tool used to analyse usage data.

    Googly Analytics logs website activity and views. In this process, log data is transmitted to Google Inc. Please find more information on the handling and use of your data at https://marketingplatform.google.com/about/analytics/terms/de/.

    We have concluded a processing agreement with Google as per Art. 28 GDPR. According to this agreement, Google must ensure the protection of our customer data and not pass it on to third parties.

  5. Snap Inc., 2772 Donald Douglas Loop N, Santa Monica, CA 90405, USA - Provider of Snapchat, a social network and marketing platform.

  6. AppsFlyer – Attn: Legal Team/Data Protection Officer, 14 Maskit St., Herzliya, Israel, 4673314 - Provider of AppsFyler, an attribution and marketing analytics tool to analyse user acquisition channels.
  7. MoEngage, Inc., 3575 Bankhead Road, Loomis, CA 95650, USA - Provider to send newsletters and in-app notifications. MoEngage is a service which organizes and analyzes the distribution of newsletters. For details, see the MoEngage privacy policy at https://www.moengage.com/privacy-policy/ and please find more information on the handling and use of your data at https://www.appsflyer.com/legal/services-privacy-policy/.

    In order to analyse and optimise our website and services, we use ‘Snap Pixel’ provided by the social network Snapchat. Snap Pixel enables Snapchat to specify the users of our website as the target group for the display of ads. We use the Snapchat Pixel in order to display Snapchat ads placed by us solely to Snapchat users who have shown an interest in our website or possess certain characteristics (such as an interest in particular topics or products determined on the basis of websites visited).

    The Snap Pixel is also used to display our Snapchat ads on the basis of the potential interest of the user, in order to avoid being bothersome in nature. The Snap Pixel also enables us to understand the efficacy of Snapchat ads for statistical purposes by allowing us to see whether users are forwarded to our website after clicking on a Snapchat ad (conversion). The processing of data by Snapchat take places within the framework of the Snapchat data policy. Please find more information on this topic in the Snapchat data policy: https://www.snap.com/en-US/privacy/privacy-center/.

9. Newsletter

9.1 Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

9.2 MoEngage

This website uses the services of MoEngage to send newsletters. This service is provided by MoEngage, Inc., 3575 Bankhead Road, Loomis, CA 95650, USA.

MoEngage is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MoEngage servers in the USA.

MoEngage is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.

We use MoEngage to analyze our newsletter campaigns. When you open an email sent by MoEngage, a file included in the email (called a web beacon) connects to MoEngage servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you do not want your usage of the newsletter to be analyzed by MoEngage, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.

Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MoEngage. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.

For details, see the MoEngage privacy policy at https://www.moengage.com/privacy-policy/

10. Changes of the Privacy Policy

This Privacy Policy may be amended or updated from time to time in order to adapt it to changes in the law or changes to the service and data processing. However, this applies solely with regard to declarations on data processing. If your consent is required or if parts of Privacy Policy contain regulations of the contractual relationship with you, changes will only be made with your consent.