Our Privacy Policy
At Whow Marketing GmbH ("we" / "us"), we take your data privacy seriously. As such, we're committed to making it easy for you to understand what we do with your data. This privacy policy is an overview over what data we collect, why we collect and process it and what choices you have to control what you share. We'd also like to inform you what legal rights you have in regards to your personal data, as well as who to contact about enforcing those rights.
We use the term "personal data" in the sense of Article 4 of the General Data Protection Regulation ("GDPR").
If you want to opt-out of web analytics, jump to the relevant section using this link: Right of objection
Who we are
Whow Marketing GmbH is a German game development company. Our offices are in Hamburg, Germany. You can find us here:
WHOW Marketing GmbH
Bleichenbrücke 10
20354 Hamburg
Germany
If you have questions specifically about data privacy, you can contact us using
data-privacy@whow.net, or you can reach out to our data protection officer:
Maximilian Hartung
SECUWING GmbH & Co. KG
Frauentorstraße 9
86152 Augsburg
Germany
E-Mail: epost@datenschutz-agentur.de
The supervisory authority responsible for Whow Marketing GmbH is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22, 7. OG
20459 Hamburg
Germany
Phone: +49 40/42854-4040
Fax: +49 40/42854-4000
E-Mail: mailbox@datenschutz.hamburg.de
Homepage: https://datenschutz-hamburg.de/
Who this privacy policy applies to
This privacy policy applies to you if you are a visitor of our Game Coin Kings.
What personal data do we collect?
We collect personal data from you when you register an account with us.
We process the following categories of data:
Data for access management (credentials)
e.g. email address, password (but also e.g. Facebook identifier if you connect your Facebook account)
Customisation data
e.g. your display name, your avatar
Data about your game progress
e.g. your level, quest status, the number of in-game currency you have
Data about your preferences
e.g. whether you subscribed to our newsletter
Device data
e.g. device ID, operating system, browser string
Data about your online behaviour
e.g. logins, gameplay, clicks
Data about individual payments in our games
e.g. if you buy in-game currency using our shop
Network data
e.g. IP address, referrer
Localisation data
e.g. country of origin, language
Personally identifiable data
e.g. address, date of birth
Affiliate information
e.g. banner ads you clicked on to reach us
The way we process these data, why and on what legal basis we do this are explained in the section What do we process your data for?
Sensitive data
Sensitive data in the GDPR are the so-called "special categories of personal data", e.g. on your racial or ethnic origin, your health, or your political opinions.
We do not intentionally collect any sensitive data from you.
That said, we cannot control what content you put into messages you write through our website (e.g. to other users, or when you create a support ticket). While we strive to protect any privacy implied by such a transfer, we cannot differentiate a particularly sensitive message from any other kind of message you may choose to write. Please be aware such messages are not afforded any additional protection.
Data from children
We do not collect any information on children. You need to be a legal adult to play our games.
What do we process your data for?
We only process a user's personal data in compliance with the relevant and pertinent data protection regulations. This means that a user's data shall only be processed if the user has given his or her legal permission for us to do so. This is the case especially then when data processing is required in order for us to be able to provide our contractual and online services, or when required by law, we are in possession of the consent of the user, and when it is collected for the sake of our legally legitimate interests (i.e. interest in the analysis, optimization, and economic operation and safety of our online product as per Article 6 (1) (f) of the GDPR, in particular with regard to range measurement, the creation of profiles for advertising and marketing purposes, as well as the collection of access data and the use of the services of third-party providers).
We feel obligated to point out that Art. 6 (1) (a) and Art. 7 of the GDPR serve as the legal basis for consent, Art. 6 (1) (b) of the GDPR serves as the legal basis for processing for the performance of services and the performance of contractual measures, Art. 6 (1) (c) of the GDPR serves as the legal basis for processing in order to fulfill our legal obligations, and Art. 6 (1) (f) of the GDPR serves as the legal basis for processing in order to safeguard legitimate interests.
Enabling gameplay (contractual fulfillment; Article 6.1.b GDPR)
Our game platform cannot function without certain data. In order for you to have any meaningful progress in your gameplay, we need to be able to reliably differentiate you from other users of our website, which is why we ask you to register an account. When you log in, we compare your login credentials against those we have on file, and maintain your customisation data and game progress.
Your display name, avatar, and certain elements of your progress are made public within our game platform (e.g. for in-game leaderboards, or to broadcast certain wins). You can change your display name and avatar at any time.
Additionally, your country and language is used to provide you with a localisation of our website - we will try to serve you content in your language and our in-game shop in your local currency.
Payments and invoices If you want to buy in-game currency in our in-game shop, your interaction will usually be with third-party payment processors. In either case, if a payment was successful, we get this information as a digital invoice, which we store to fulfil legal requirements (Article 6.1.c GDPR), to retain them in the case of legal dispute (legitimate interest; Article 6.1.f GDPR), and to optimise our web presence for you (legitimate interest; Article 6.1.f GDPR).
These invoices contain data on what item you purchased, how much you paid for the item and what method you used to pay us with. We do not store information that could be used to make a payment on your behalf, unless you have given us a separate explicit, specific permission for this to ease your payment process (by enabling QuickPay; contractual fulfillment; Article 6.1.b GDPR).
Prize delivery (contractual fulfillment; Article 6.1.b GDPR)
When you win a physical prize through our platform, we need your address to be able to deliver it to you. We'll ask you for your address when you win a prize. Optionally, you can also provide an address for us to keep on file.
Direct marketing (legitimate interest; Article 6.1.f GDPR)
We offer our players the ability to optionally subscribe to our newsletter, to keep them up to date with current events. You can easily unsubscribe at any time, either through the unsubscribe link in our emails or by changing your email preferences in your account.
Security and fraud prevention (legitimate interest; Article 6.1.f GDPR)
To help secure our website and to prevent fraud, we store data such as your IP address and certain device information when you access our website and interact with it.
Your device data and IP address information is stored and logged to allow fraud and data security forensic investigation. Your IP address information is also processed automatically by our network devices - this infrastructure is needed to serve our website, but also to deny access to IP addresses known to be in use by malicious actors.
Due to the nature of this interest, we cannot offer you a means to opt-out of this processing, as this would undermine its purpose (and in some cases, an opt-out is technically impossible - e.g. we cannot exempt your IP address from processing by our network devices).
If you object to this processing, we ask that you please do not use our website.
Optimisation of website and campaigns (legitimate interest; Article 6.1.f GDPR)
To optimise our marketing campaigns and our website, we track information about your behaviour and preferences. These data are pseudonymised and stored separately from your account data. While they are stored on an individual basis, these data are only available to the employees that must work with these data, and they are reported on only in aggregate.
Over the course of campaign optimisation, we share some of these data with third-party trackers by embedding a tracking pixel on our website.
Please refer to the section Web and App Analytics for further information about these trackers and how you can opt-out of them.
Are you required to share your personal data with Whow Marketing GmbH?
There is some data we require from you:
Data needed to fulfill our contractual obligations and the associated services
Data you explicitly make available: Data for access management, Personally identifiable data (where applicable), Data about your preferences (opt-in/opt-out). Data you supply by browsing our website: Network data, Data about your game progress.
Data that we are legally required to store
Data you supply by making a purchase: Data about individual payments in our games.
Data required for security
Data you supply by browsing our website: Device data, Network data.
Without this personal data, we cannot provide you with our services.
Automated decisions
We do not use your personal data for any automated individual decision-making that would have legal or otherwise similarly significant effects on you.
Any effects of automated decisions based on your personal data are confined to our game platform. For example, we may use your purchase information (frequency and amount) to give you automated, customised discounts in-game.
How long do we store your data?
For data that we store for legal reasons, we retain the data as long as legally required of us (up to ten years).
For data that we store in consideration of legal disputes, we retain the data as long as legally permissible. This may be up to 30 years.
For logs storing network data, we delete the data in regular intervals - the exact time varies based on configuration rules (which may prune the logs based on size rather than a fixed time), on whether the data was part of a snapshot that landed in a backup, and on whether the logs are part of a set of logs that are routinely forwarded to a central log repository, but will not exceed 2 years.
Where do we store your data and who do we share it with?
Your personal data within Whow Marketing GmbH Your personal data is processed only by the people necessary for us to pursue our legitimate interests, or to comply with our contractual or legal obligations.
Your personal data outside of Whow Marketing GmbHWe share your data only where it is legally permissible to do so, either when it's required to fulfil contracts you may have with us (Article 6.1.b GDPR) or on basis of legitimate interest (Article 6.1.f GDPR).
We share your personal data only if you have given us permission to do so, in aggregate or anonymised form (preventing the data from being linked to other data you may have supplied elsewhere), or with providers that are contractually obliged to treat your data with care.
We exchange data with providers in the following categories:
Hosting and content distribution providers. These typically have no direct access to our systems, but provide network infrastructure that will necessarily process your IP address to deliver our assets.
Payment providers. When you make a payment through a payment provider, we will get invoice information from these providers. Any payment details needed to actually make a payment on your behalf is handled only by the payment providers, not by us.
Debt collection. When you revoke a payment you made, we may share the information available to us with debt collectors, so that they can get in touch with you on our behalf.
Email marketing service providers. We share your email address, display name, and localisation information, and whether or not you are currently subscribed to our newsletter with our email marketing service providers, so that they can send you relevant emails.
Single sign-on providers. These are only relevant if you're playing our games through their websites or explicitly choose single-sign on options, in which case our interaction with them enables you to sign into our game platform. Should you change your mind about using these, the providers usually offer a way to decouple your single-sign on account from our website (revoking our access to your metadata); for more information, please refer to the providers' documentation.
Business intelligence. We use providers to help us sift through own our tracking data.
Game developers. These create and maintain our casino games for us. As these applications are typically standalone and can simply be embedded in our website "plug-and-play" style, we share only very little information about you with these providers - your IP address, device information, display name and the amount of in-game currency you own.
Crash reporting. Our mobile games embed crash reporting functionality. The crash reports contain only anonymous information. Nonetheless, you can opt-out of this in the settings of the application.
Affiliates, CoBrands and Performance Marketing. To allow brands, partners and campaigns to measure their own effectiveness, we embed various trackers on our website. For details, please refer to the Web and App Analytics section of this privacy policy.
Address verification. Before we send out prizes to a physical address, we first ensure that the address is correct by letting it be processed by an address verification service.
Geolocation. We receive data about the approximate geographical location of IP addresses from geolocation services. (We do not share any information with these services, we are only consumers of this data.)
Support ticket system. We use an external provider to handle our support ticketing for us. Any support ticket you write us through official channels will be stored with this provider.
Video streaming. In some cases, we use video streaming services to show you advertisements. Your impression of these videos is recorded by these services.
The providers we use are either in the European Union, in a country formally deemed safe by the data privacy standards of the European Union, or contractually bound to treat your data with the utmost care. Whenever the process allows, we anonymize or pseudonymize your data.
Under no circumstances do we sell your data to third parties.
Information regarding your rights
Whow Marketing GmbH is headquartered in the European Union. We are committed to complying to the General Data Protection Regulation (GDPR). This affords you several inherent rights to your personal data.
You have the right to...
...request access to your personal data (Article 15 GDPR) in a portable format (Article 20 GDPR),
...request correction of your personal data (Article 16 GDPR),
...request restriction of the processing of your personal data (Article 18 GDPR),
...request deletion of your personal data (Article 17 GDPR),
...withdraw consent for your processing of data, when we do this in accordance with a legitimate interest (Article 7.3 and Article 21 GDPR),
...lodge a complaint with a supervisory authority (Article 77 GDPR).
You can easily delete your data in the settings for your account. For all other requests, please contact us either through the support widget on our website, or by contacting us via email (
info@whow-marketing.net). If you contact us through a means other than the support widget, please understand that we may need to ask you to prove your identity - after all, you wouldn't want a random stranger to get access to your data, and neither do we.
Note that it may take up to a month for us to process a request of yours. Should there be any delay, we will of course let you know.
You can find additional legal information in the Articles 7.3, 15 – 21 and 77 of the GDPR.
Your right to access, correct and erase your personal data
(Articles 15, 16, 17 and 20 GDPR)
At any time, you can request information on whether your personal data is processed by Whow Marketing or not, what the conditions of such processing are, and to receive a copy of your personal data. More specifically, you can request information about:
the purposes for which the data is processed,
the categories of personal data that is processed,
the categories of recipients with whom we have shared the data,
the intended duration of storage,
your rights in regards to this data (correction, erasure, restriction, withdrawal of consent, and lodging a complaint with the supervisory authority),
the source of the data in cases where we did not obtain it from your direct interactions with us,
and the existence of any automated decision-making based on this data, including profiling, and your right to request meaningful information about the algorithms involved.
If you make this request electronically, the information will be provided in a commonly used electronic form. Should you make this request several times, Whow Marketing may ask a fee of you to cover administrative costs.
You also have the right to instruct us to correct any personal data that is inaccurate.
Lastly, you have the right to ask us to erase your personal data, if there are no legal reasons for us to retain it (such as freedom of expression, legal requirements, public interest or if required as evidence in legal disputes) and one of the following reasons applies:
your personal data is no longer necessary considering the purposes for which it was collected or processed;
you wish to revoke your consent having served as the basis for the processing and there is no other basis justifying such processing;
your personal data has been the subject of unlawful processing;
your personal data should be erased pursuant to a legal requirement.
When we delete data that we've shared with third parties, we will also contact those third parties and ensure that your data are erased there as well.
When we delete data that we've made public over the course of offering our services to you, we will, to the degree feasible, contact any third party providers that may have this information cached to forward your request to them.
Right to the restriction of processing of personal data
(Article 18 GDPR)
You can assert your right to limit the processing of your personal data when:
you contest the accuracy of your personal data, during the time necessary to verify the accuracy of such data;
the processing of your personal data is unlawful but you oppose the erasure thereof and instead demand the limitation of processing;
when we no longer need your personal data but you still need such personal data for the establishment, exercise or defense of legal claims.
Right to personal data portability
(Article 20 GDPR)
You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit such data to another controller without hindrance from Whow Marketing GmbH.
Whenever this is technically feasible, you may request that your personal data be transmitted directly to another data controller by Whow Marketing GmbH.
Right to revoke consent
(Article 7.3 and 21 GDPR)
We only process your personal data with your consent, unless the data processing is otherwise required (see section Are you required to share your personal data with Whow Marketing GmbH?).
If you have a registered account with us, you may revoke your consent at any time by changing the settings associated with your account (or by deleting your account outright, if you prefer). If you do not have a registered account with us, please refer to the Web and App Analytics section for the means of opting-out of other data collection.
Please note that a revocation of your consent does not affect the lawfulness of processing carried out prior to such revocation.
Right to file a complaint with your supervisory authority
(Article 77 GDPR)
If, despite our efforts to protect the confidentiality of your personal data, you consider that your rights have not been respected, you have the right to file a complaint with the national data protection authority in your country.
Objection against the processing of your data for direct marketing When you register an account with us, you have the option to subscribe to our newsletters. You can opt-out of our newsletters at any time using the unsubscribe links provided in the email footers, or in your account settings.
Web and App Analytics
To improve our website and apps, to correct errors, to optimise the site and our campaigns used to promote it, we store pseudonymised data about our visitors' behaviour on our website and use several tracking services to assist us (on basis of Article 6.1.f GDPR).
These services either use cookies (desktop) or device IDs (mobile) to allow them to correlate the behavioural data they collect (for example to tell us how long the average user spent on our site, or how great a percentage of users that visited our site registered an account with us).
Data exchanged may be information on when you registered an account with us, from where you came (which banner you clicked or which game site you play our games on), your device parameters (e.g. operating system, brand), your user ID in our games, page impressions (time and page identifier) or payments you make.
The trackers use these data either to craft approximate behavioural profiles of you (enabling them to supply better marketing targeting to the users of their service), or to permit us to pay our campaigns by registration events or paying users rather than impressions ("performance marketing").
Right of objection
Should you object to the use of this pseudonymised processing of your data, your opt-out options are:
For mobile, for tracking to end-points controlled by us, please refer to the settings in the application itself. We use Firebase Crashlytics (a Google product) for error reporting; you can use the settings to opt-out of the error reporting functionality as well.
Since you may also interact with the other trackers that we use on other people's websites, opting out of the trackers on a single website will probably not do what you intended. To better enable you to opt-out of the tracking services effectively, this section contains an overview of all trackers we use and where you can opt-out of them.
The opt-out options of many tracking services can also be found on http://youronlinechoices.eu, which provides a unified and central opportunity for you to opt-out of various tracking services. That site can also help you if you want to review your online choices for other providers not used by us.
Unless otherwise noted (be it here or on our tracking partners' opt-out pages), your browser will need to accept cookies for the opt-out process to work.
AdCell
AdCell is based in Germany and offers an opt-out on
https://www.adcell.de/datenschutz (German).
AppNexus
AppNexus is based in the US, is committed to the
Privacy Shield Framework and offers an opt-out on
https://www.appnexus.com/en/company/platform-privacy-policy#choices.
AppsFlyer (for Mobile)
AppsFlyer is based in the US, is committed to the
Privacy Shield Framework and offers an opt-out on
https://www.appsflyer.com/optout.
Bing
Bing is run by Microsoft, who is based in the US, is committed to the
Privacy Shield Framework, and offers an opt-out on
https://account.microsoft.com/privacy/ad-settings/signedout.
Crimtan
Crimtan is based in the UK and offers an opt-out on
https://crimtan.com/cookie-opt-out/.
Dynamic Yield
Dynamic Yield is based in the US, is committed to the
Privacy Shield Framework and offers an opt-out on
https://www.dynamicyield.com/privacy-policy/ (in the section 'Accessing and Modifying Information and Communication Preferences').
Facebook Analytics
Facebook is based in the US, is committed to the
Privacy Shield Framework and offers opt-out instructions on
https://www.facebook.com/help/568137493302217.
Flashtalking
Flashtalking is based in the US, is committed to the
standards imposed by the GDPR and offers an opt-out on
http://www.flashtalking.com/privacypolicy/ (in the section 'Opting out of Interest-Based Advertising').
Google
Google are based in the US and are committed to the
Privacy Shield Framework.
Google Ads (a/k/a Google Remarketing) and AdMob
Google offers opt-out instructions for Google Ads and AdMob on
https://adssettings.google.com/authenticated.
Google Analytics
Google offers opt-out instructions for Google Analytics on
https://tools.google.com/dlpage/gaoptout. Your IP address is masked when it is sent to Google Analytics. For further information, see
https://www.google.com/analytics/terms/.
HasOffers
HasOffers is run by TUNE, which is based in the US, is committed to the
Privacy Shield Framework and offers opt-out instructions on
https://optoutmobile.com/.
InfoOnline
InfoOnline is based in Germany and offers an opt-out on
https://optout.ioam.de/optout.php (German).
ÖWA
ÖWA is based in Austria and offers an opt-out on
https://optout-at.iocnt.net/ (German).
Outbrain
Outbrain is based in the UK and in the US, has
GDPR contractual clauses between their UK and US branches and offers an opt-out on
https://www.outbrain.com/legal/privacy#advertising_behavioral_targeting.
Plista
Plista is based in Germany and offers an opt-out on
https://www.plista.com/about/opt-out/ (in the section 'Set opt-out').
Seznam.cz
Seznam.cz is based in the Czech Republic and offers an opt-out on
http://www.imedia.cz/ (Czech).
Simplaex
Simplaex is based in Germany and offers an instant opt-out link on
https://tracker.simplaex.net/v1/opt-out.
Taboola
Taboola is based in the US, is committed to
the principles of the European Interactive Digital Advertising Alliance and offers an opt-out on
https://www.taboola.com/privacy-policy#optout.
The Trade Desk
The Trade Desk is based in the US, is committed to the
Privacy Shield Framework and offers an opt-out on
http://www.adsrvr.org/opt-out.html.
TradeLab
TradeLab is based in France and offers an opt-out on
http://tradelab.com/en/privacy/ (in the section 'Should You No Longer Wish To See These Personalized Ads').
United Internet
United Internet is based in Germany and offers an opt-out on
https://www.united-internet-media.de/de/services/optin-optout/ (in the section 'Cookie-Verwaltung'; German).
Voluum
Voluum is run by Codewise, who is based in Poland, and offers an opt-out on
https://voluum.com/end-user-privacy-policy/ (in the section 'Opt-out').
Security
We make use of the widespread SSL (Secure Socket Layer) encryption method to deliver our site securely when you visit it, in conjunction with the highest level of encryption supported by your browser.
You can tell when any single page at our website is transmitted in encrypted form by the closed presentation of the lock (or key) symbol in your browser's status bar.
We also take appropriate technical and organizational security measures to protect your data against destruction, accidental or intentional manipulation, partial or total loss, or against the unauthorized access by third parties. Our security measures are continuously improved upon in accordance with technological developments.
Further information
If you have any questions or concerns about data privacy, you can contact us at
data-privacy@whow.net.