Privacy policy

Effective: January 13, 2025

A. General Privacy Policy provisions relating to GDPR (all users)

1. General information

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our apps and website and the functions and content associated with it. By referring to “our apps” or “apps” we mean the JustPlay App and the game apps that are listed in the JustPlay app. Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

California Notice: California residents can learn more about our information practices by visiting our California Privacy Notice here

Covered States Privacy Rights: Residents of certain U.S. states other than California have additional privacy rights. To learn more about these rights, see here.

1.1 Controller within the meaning of data protection law

During the data processing described in this Privacy Policy, Gimica GmbH (Gimica) and JustPlay GmbH (JustPlay) (hereinafter  the “Controllers“) work closely together to provide our users with Gimica’s game apps and JustPlay’s associated rewards program. This also concerns the processing of personal data relating to you. In this regard, Gimica and JustPlay as the Controllers are jointly responsible (Art. 26 GDPR) for the protection of the personal data they process to the extent described below (2.1 – 2.5).

Contact details:

Gimica GmbH, Ludwig-Ganghofer-Str. 1, 82031, Grünwald, Germany

JustPlay GmbH, Monbijouplatz 5, 10178 Berlin, Germany

Email: [email protected]

Within the scope of their joint responsibility under data protection law, the Controllers have agreed between themselves which one of them fulfils which obligations under the GDPR and have specified this in a written agreement. The essence of this agreement can be found provided to you upon request.

1.2 Data Protection Officer 

Proliance GmbHwww.datenschutzexperte.de
Data Protection Officer
Leopoldstraße 21, 80802 Munich, Germany
[email protected]

When contacting our Data Protection Officer, please specify the app to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.

2. Data collection regarding the use of our apps 

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you download and use our apps, certain personal data is processed.

Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

2.1 Access to and storage of information in terminal equipment 

By using our apps, access to information (e.g., IP address) or storage of information (e.g., cookies or similar technologies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done based on § 25 para. 1 s. 1, para. 2 no. 2 TDDDG.  

In cases where such a process serves other purposes (e.g., the needs-based design of our apps or the tracking of your online behavior as further explained in the respective consent wording), this will only be carried out based on § 25 para. 1 TDDDG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. 

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities in our apps.

2.2 Information collected during download of the apps.

When you download the apps, certain required information is transmitted to the app store you have selected (Google Play Store, Apple App Store). To our knowledge, this includes your IP address, unique device ID, location, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, app usage data, operating system and its interface language. We have no influence on this data collection and are not responsible for it. The contract is concluded with the respective provider of the store and is handled in accordance with their terms and conditions as well as their privacy policy. Within the scope of your use of the stores, we only process the reviews and associated data published by you on our apps and receive anonymous statistics via the stores, e.g., on download figures, uninstalls and crashes.

2.3 Data processing when using the apps.

As part of your use of the apps, we collect certain data as outlined in detail below that is required for the provision and use of the apps. The following data is processed for these purposes: internal device ID, version of your operating system, time of access, IP address, content of access, country of access.

This data is collected in order to provide you with the service and related functions and to prevent and resolve misuse and malfunctions. To do so we use our service provider IPQualityScore, LLC to estimate fraud risks and our service provider Ipregistry: PSI IPV Ltd, Oxford, UK to determine the country from which a user logs in based on the IP address. 

If you use the JustPlay App, we collect information on your progress in the different game apps of Gimica as well as your advertising data (see below) and connect this data with you via identifiers (e.g. GAID / Google App Set ID/ IDFA / IDFV / JustPlay User ID). To do so we use our service provider AppLovin Corporation, 1100 Page Mill Road, Palo Alto, CA 94304. 

Our apps are hosted by Google Cloud Services, offered by Google Cloud EMEA Ltd., as a hosting service provider that processes data on servers in several global locations. Personal data collected through the apps is stored on the hoster’s servers. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which they commit to protect the data of our customers and not to pass them on to third parties without being instructed accordingly by us.

For using more functions of the apps, you are asked to provide us with certain other data. Such data will only be sent and provided to us after you clicked the respective submit button within the apps.

For the purpose of managing our customers, we may process user data in internally used systems. We base this data processing on Art. 6 para. 1 lit. b. and f. GDPR. We use our service providers Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, Dublin 2, Ireland and Metabase, Inc 9740 Campo Rd. Suite 1029, Spring Valley, CA 91977 for this purpose.

If the data processed for providing the apps are considered personal data, such data processing is based on Art. 6 (1) b. and f. GDPR for the purpose of providing our service and analysing those data based on our legitimate interests of improving our product and research purposes ensuring the functionality and error-free operation of our apps.

2.4 Technical functions of the apps

Only if further functions of the apps are to be used in addition to the basic functions, the following accesses can be requested: 

Push Notifications: Push notifications are sent to keep you informed about various aspects of the app. Specifically, you will receive notifications regarding:

  • Status changes in your earnings.
  • Reminders related to your account or activities.
  • Updates to the app or its features.
  • Promotions and offers that may be of interest to you.
  • The permissions to access the above function are explicitly requested and can be confirmed or denied. Please be aware that with older OS versions explicit requests for push notifications might not occur, but are allowed by default.

    If you have granted the individual permission, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. A granted authorization can be cancelled in the settings of the device in most cases at any time (however, this depends on the device and the operating system, which we have no influence on). The lawfulness of the data processing already carried out remains unaffected by the revocation. Please note that permissions that have not been granted may restrict the use of the apps.

    2.5 Contact via contact form, e-mail. 

    If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. 

    We may also contact you via app/email for purposes related to the use of the Apps or similar services based on Art. 6 (1) b. or f. GDPR.

    In this context, we use our service providers Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, Dublin 2, Ireland,  Twilio Ireland Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland and Zendesk, Inc, 1019 Market Street San Francisco California 94103, USA.

    2.6 JustPlay payout functionality

    If and insofar as you want to exchange collected Coins within our JustPlay App into payments or other gratifications and you want to use the payout options as detailed above, we may ask you for your consent to collect and use a photo and facial mapping information in accordance with the Facial Mapping Notice and Consent Policy below.  The legal basis for the respective processing of your personal data is your consent (Art. 6 para. 1 lit. a GDPR). 

    Please note that JustPlay is the sole controller for the data processing described below.

    You can download our apps from the app store without registering with us. Personal data is not collected for us in the course of downloading the apps (cf. above). Nor is any personal data passed on to us by the apps store provider. If you want to use pay out functionalities, further details are required to process the payment. The processing of the payment is handled by external payment service providers. The user payment data is transferred to the payment provider. 

    The data entered during the payout is processed for the fulfilment of a contract with the user or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). 

    If you are using certain payout options in our JustPlay App we may ask for your full name and address details and pass this information to the external payment service provider. The payment providers are either PayPal: 2211 N 1st St, San Jose, CA, USA, Tangocard: 4700 42nd Ave SW #430, United States or Tremendous: 592 Union St Ste 502, San Francisco, California, 94123, United States. However, please note that we do not process your payment data and bank account details but use external providers that handle the payments.

    We will display your cashout history so that you can track and review all payouts from the past. This is based on our legitimate interest in providing our users with convenient solutions that enable them to understand how much money they have gained in the past (Art. 6 para 1 lit. f GDPR).

    You have the right to change the email address via message to  [email protected] at any time.

    2.7 Technical functions

    Only if further functions of the JustPlay App are to be used in addition to the basic functions, the following accesses can be requested: 

  • Camera Access: The app requests access to your device’s camera for the purposes described in the Facial Mapping Notice and Consent Policy below. 
  • Location Access: The app requires access to your location data to determine your market for a more tailored user experience. Additionally, location data is used for security and fraud prevention purposes to ensure the integrity of user accounts and transactions.
  • The permissions to access the above functions are explicitly requested and can be confirmed or denied. 

    If you have granted the individual permission, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR (regarding the camera data) and in accordance with Art. 6 para 1 lit. f GDPR (regarding the location data – the legitimate interests are the prevention of fraud and similar activities). You can revoke your consent at any time for the future. A granted authorization can be cancelled in the settings of the device in most cases at any time (however, this depends on the device and the operating system, which we have no influence on). The lawfulness of the data processing already carried out remains unaffected by the revocation. Please note that permissions that have not been granted may restrict the use of the apps.

    3. Data transfer and recipients

    Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. 
  • the transfer pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms. 
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
  • In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. In particular, these contracts concern app-hosting services, the dispatch of emails and IT updates and maintenance. 

    When you use our apps, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA) without an adequate level of data protection.

    To ensure an adequate level of data protection when transferring your data to third countries, standard contractual clauses of the European Commission are concluded in accordance with Art. 46 (2) lit. c DSGVO. They oblige the recipient of the data to process it in accordance with the European level of protection. A copy of the standard contractual clauses can be requested via the contact channels indicated above.

    If the standard data protection clauses alone are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to safeguard the transfer of data. Furthermore, it is regularly reviewed and evaluated whether these additional measures continue to ensure a sufficient level of data protection or whether further supplementary measures may need to be taken. 

    Your personal data might also be transferred to such third countries on the basis of another legal derogation in accordance with Chapter V GDPR (inter alia an adequacy decision by the Commission).

    To the extent that we grant other parties access to information collected via our apps, they are expected to follow privacy practices no less protective than our practices to the extent allowed by applicable law.

    4. Storage period 

    The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g., from commercial law and tax law) or as indicated within this privacy policy and the attached Facial Mapping Notice and Consent Policy. The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection and where we cannot rely on another legal ground for the processing. Subject to the principles described above, your profile and account data are deleted after you deleted such data in your apps account or deleted the entire account via the respective button in the apps, which is more or less immediately after such deletion according to our deletion routines.

    5. Cookies and similar technologies

    Our apps use so-called “cookies” and similar technologies. 

    Cookies and similar technologies have various functions. They are technically necessary, as certain apps functions would not work without them. Some are used to evaluate user behaviour or display advertising. 

    The processing of data using strictly necessary cookies or similar technologies is based on § 25 para. 1 s. 1, para. 2 no. 2 TDDDG and a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free delivery of our services. 

    The processing of personal data using cookies or similar technologies for other purposes is based on consent in accordance with § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR. The subject matter of this consent is described in the respective consent wording. The consent can be revoked at any time with effect for the future. 

    You can give your consent for either all purposes or in a granular manner for the following purposes:

  • Improving services based on statistics
  • Comfortable usage of our apps
  • Marketing
  • You can change your privacy settings or withdraw your consent at any time by opening the respective opt-out link in the app.

    6. Your rights

    In the following, you will find information about your data subject rights, which the GDPR grants you against the controller(s) concerning the processing of personal data:

  • The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
  • The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
  • The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
  • The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in a commonly used and machine-readable format and the right to transmit those data to another controller.
  • The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work. 
  • The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • The right to object, pursuant to Art. 21 GDPR, at any time to the processing of your personal data on grounds relating to your paerticular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation. This right applies particularly if your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.
  • If you no longer wish to provide us information through our apps, you may uninstall our apps from your device. Note that this action will not delete information we previously collected via our apps. 

    If you wish to exercise your right of withdrawal, objection, or any of your other rights (except for your right to lodge a complaint with a supervisory authority), simply send an e-mail to [email protected].

    8. Necessity of providing personal data 

    Providing personal data to allow for a decision on entering into a contract, the fulfilment of such contract or for the implementation of pre-contractual measures is voluntary. However, you will only be able to collect coins and use the payout functions if you provide your personal data.

    9. Automated decision making / profiling.

    For the purpose of fraud detection and prevention, certain criteria such as IP addresses, email-adresses and gaming behaviour are evaluated automatically. If several criteria apply that indicate fraudulent behaviour, players may be partially or completely excluded from using the app. This data processing is necessary to properly process the contract concluded with the user (Art. 6 para. 1 lit. b GDPR, Art. 22 para. 2 lit. a GDPR) and in order to pursue our legitimate interest in preventing fraudulent behaviour (Art. 6 para 1 lit. f GDPR). Data resulting from such processing will in general be deleted after the automated evaluation has been completed.

    10. Certain data processing activities not related to our apps

    Data processing for statistical purposes using Page Insights

    Meta provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights.

    This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created based on user behavior and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR and our legitimate interest lies in the optimized presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Meta. As a result, we cannot provide any access about where, for how long and to which extent Meta retains the data. Furthermore, we cannot make any statements about the extent to which Meta complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Meta, please contact us by other means.

    Data processing through making contact

    We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide, and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without a legal basis in accordance with Art. 6 para 1 GDPR. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion or performance of a contract. Unless there are legal reasons, your data will be erased after final processing. We assume the processing is finalised, when the regarding circumstances are clarified.

    B. Additional Provisions for California users

    These additional provisions for California consumers supplement the other parts of our privacy  policy and applies only to individuals who reside in California. This section outlines how we collect, use, and share your data, including the use of the Unified ID 2.0 (“UID2.0”) and the RampID (“RampID”) framework, and how we comply with the California Consumer Privacy Act and its implementing regulations (“CCPA”).

    1. Personal Information We Collect 

    We may obtain the personal information listed in “Data collection regarding the use of our apps” from California residents through our apps. For further information please see the table below. 

    Some of the ways in which we disclose personal information are considered “sales” or “sharing” under the CCPA. Listed below are the categories of personal information we disclose for purposes cross-context behavioral advertising or otherwise sell:

  • Identifiers
  • Internet or other electronic network activity information
  • Geolocation data
  • The types of third parties to which personal information is sold or shared for cross context behavioral advertising may be third-party advertisers and analytics providers. The purposes for which we disclose this personal information includes showing you relevant ads, marketing, advertising, certain types of analytics, optimizing our services, personalizing content or to serve ads that may be more relevant to your interests, to perform other advertising-related services such as reporting, attribution, analytics and market research, or similar purposes. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. 

    Category of Personal Information Purposes for Collection, Use, and Disclosure
    Identifiers such as a name, telephone number, email address, mailing address, third-party accounts, unique personal identifier, online identifier, IP address.
    Customer Records, including any personal information described in subdivision (e) of Section 1798.80 of the California Civil Code such as your name, signature, address, employment-related information, financial information.
    To communicate with you, including to respond to your questions, market to you, and provide customer service To operate our business To conduct marketing, personalization, and advertising For research purposes To design, develop, and improve our apps To conduct business analytics and to analyze trends To track the effectiveness of our advertising To personalize your experience, on our apps For safety and security purposes To improve how we do business, products and services, and customer experience For other internal business purposes To fulfill our legal obligations
    Internet or other electronic network activity information, such as browsing history, search history, operating system, and information regarding your interactions with our applications, or advertisements.To provide you with our apps To operate our business To conduct marketing, personalization, and advertising For research purposes To design, develop, and improve our apps  To conduct business analytics and to analyze trends To track the effectiveness of our advertising To personalize your experience For safety and security purposes To improve how we do business, products and services, and customer experience For other internal business purposes To fulfill our legal obligations
    Geolocation data, including your approximate location derived from your IP address or mobile device.To provide you with our apps To operate our business To conduct marketing, personalization, and advertising For research purposes To design, develop, and improve our apps To conduct business analytics and to analyze trends To track the effectiveness of our advertising To personalize your experience For safety and security purposes To improve how we do business, products and services, and customer experience For other internal business purposes To fulfill our legal obligations To verify your identity
    Inferences from personal information collected such as a profile about a consumer reflecting the consumer’s preferences, characteristics, and interests.To provide you with our apps To operate our business To conduct marketing, personalization, and advertising For research purposes To design, develop, and improve our apps  To conduct business analytics and to analyze trends To personalize your experience To improve how we do business, products and services, and customer experience For other internal business purposes To fulfill our legal obligations To verify your identity
    Sensitive personal information Please see our Facial Mapping Notice and Consent Policy below. For other internal business purposes To fulfill our legal obligations

    2. California  Privacy Rights

    Under the CCPA, you have several rights regarding your personal information:

    2.1 Right to Know

    You have the right to know what personal information we have collected about you, including:

  • The categories of personal information we have collected about you; 
  • The categories of sources from which the personal information was collected;
  • Our business or commercial purposes for colleting, selling, sharing, or disclosing personal information;
  • The categories of recipients to which we disclose personal information;
  • The categories of personal information that we sold or shared, and for each category identified, the categories of third parties to which we sold or shared that particular category of personal information;
  • The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of personal information; and
  • The specific pieces of personal information we have collected about you.
  • 2.2 Right to Delete

    You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions. 

    2.3 Right to Correct

    You have the right to request that we correct any personal information we maintain about you that you believe is inaccurate. 

    2.4 Right to Opt-Out of Sales and Sharing 

    You have the right to opt-out of the sale of your personal information and to request that we do not share your personal information for cross-context behavioural advertising. If you would like to opt out of sales and sharing you can do so by clicking on the respective opt-out link in the Settings section of our apps. You may also exercise your right to opt-out of certain sales and sharing via an opt out preference signal on our websites. If you choose to use the Global Privacy Control (“GPC”) browser signal, you will need to turn it on for each browser you use. 

    2.5  Right to Non-Discrimination

    We will not discriminate against you for exercising your rights.

    2.6 Exercising Your Rights

    To exercise your rights, please submit a request by email to  [email protected] with the subject line “CCPA and Covered State Rights Request.” We may need to verify your identity before processing your request. To verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. In certain circumstances, we may decline a request where we are unable to verify your identity.

    If you have any questions or concerns, please email us at [email protected]. In certain circumstances, you are permitted to use an authorised agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorised agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us.

    We will respond to your requests within the time period permitted under applicable law. If we require more time, we will inform you of the reason and extension period in writing.

    2.7 California “Shine the Light” Law

    California’s “Shine the Light” law permits California residents to request certain information regarding our disclosure of certain personal information to third parties for their own direct marketing purposes. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us at [email protected] Any such request must include “California Shine the Light Request” in the subject line and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each calendar year.

    ​​C. Additional Provisions for Individuals Who Reside in Covered States

    These additional provisions supplement the other parts of our privacy policy and applies only to individuals who reside in states that have comprehensive privacy laws to which we are subject (“Covered States”). If you are a resident of California, please review our California-specific disclosures, above.

    1. Privacy Rights

    Residents of Covered States may have certain rights relating to your personal data, as described below. To exercise any of these rights, please submit a request by emailing us at [email protected]. Please note that we may need to authenticate your identity before your request can be processed. For authentication, you will be asked to verify your identity in accordance with the law. 

    1.1.Right to Know

    You have the right to confirm whether we are processing your personal data, access your personal data, and obtain a copy of the personal data you provided to us in a portable format.

    Oregon residents may also request a list of third parties to which we disclose personal data. 

    If you live in Delaware, you have the right to request a list of the categories of third parties with whom we disclose your personal data.

    1.2.Right to Delete

    You have the right to request that we delete your personal data. Please note that we may retain certain personal data as permitted by applicable law. 

    1.3.Right to Correct

    You have the right to request that we correct inaccuracies in your personal data.

    1.4.Right to Opt-Out

    You have the right to opt out of the sale of your personal data, and the use of your personal data for targeted advertising. If you would like to opt out of sales and targeted advertising you can do so by clicking on the opt-out links in the Settings section of our apps. You may also exercise your right to opt-out of certain sales and targeted advertising on our websites via an opt out preference signal. If you choose to use the GPC browser signal, you will need to turn it on for each browser you use. 

    1.5.Right to Appeal

    You have the right to appeal our decision by emailing us at [email protected].

    1.6.Authorized Agents

    Depending on your state of residency, you may have the right to designate an authorized agent to make certain privacy rights requests on your behalf. 

    2. Miscellaneous 

    Please note that if you make a privacy rights request, we will retain the personal data submitted in connection with your request for recordkeeping purposes. 

    You will not be discriminated against for exercising these rights. We will not deny you any services, nor charge you different prices, in retaliation for exercising your privacy rights. 

    3. Usage of certain marketing identifiers (only in the US)

    3.1 Marketing Identifiers

    In order to provide our users with the best experience when using our app and/or games we also use further marketing identifiers like UID2.0 and RampID:

  • UID2.0 is a privacy-focused identity framework that allows for secure, encrypted identifiers to deliver relevant advertising. This system uses email addresses or other forms of identity to create an anonymized identifier that enables us and our partners to provide personalized advertising, while protecting your privacy.
  • RampID is an identity resolution service that helps us match our data with online and offline information to create a consistent and secure user profile. We receive hashed or pseudonymized identifiers, which are referred to as “RampID Envelopes,” allowing us to maintain privacy while delivering relevant and customized services.
  • 3.2 Information Categories

    When you interact with our services, we may collect the following types of personal data that can be used for and within the marketing identifiers:

  • Personal Identifiers: such as your email address or phone number, which may be encrypted and converted into an anonymized identifier.
  • Device Information: such as your browser type, IP address, and operating system.
  • Usage Data: such as your interactions with our apps.
  • We collect this information to improve your experience, deliver relevant advertising, and support business operations.

    3.3 Use Categories

    We use the marketing identifiers to:

  • Display personalized advertisements that match your interests.
  • Measure and analyze the effectiveness of our advertising efforts.
  • Enhance your experience by tailoring content to your preferences.
  • We only use your marketing identifier data for lawful purposes and in accordance with this privacy policy.

    3.4 Third Party Categories

    We may share your marketing identifier data with:

  • Advertising Partners: to provide relevant ads across the web.
  • Service Providers: who assist us in analyzing and managing our data and delivering advertising services.
  • Law Enforcement or Regulatory Bodies: when required by law.
  • 3.5 Opt-out Options

    If you prefer not to receive personalized advertisements based on your marketing identifier data, you can also:

  • Use the UID2.0 opt-out page to stop the collection and use of your data in the UID2.0 framework here: https://www.transparentadvertising.com/
  • Use the RampID opt-out page to stop the collection and use of your data in the RampID framework here: https://liveramp.com/opt_out/
  • Please note that opting out of personalized advertising does not mean you will no longer see ads, but they may be less relevant to your interests.

    D. Facial Mapping Notice and Consent Policy

    Effective Date: January 13, 2025

    1. Introduction​​

    This Facial Mapping Notice and Consent Policy (“Policy”) explains how Gimica GmbH and JustPlay GmbH (collectively, “Company“, “we“, “our” or “us“) collect, use, store, and protect facial mapping data obtained through the FaceTec software(“FaceTec“)when you use our JustPlay App (the “JustPlayApp”). To the extent there is any inconsistency between this Policy and the above Privacy Policy, this Policy controls with respect to facial mapping data and photos collected through the FaceTec software. This Policy is intended to comply with any federal, state, or local laws that may apply to the facial mapping data. By proceeding to use the FaceTec software, you confirm that you are not doing so from within a jurisdiction where such use is prohibited.

    2. Collection of Facial Mapping Data​ and Photos

    In order to use the cashout feature within the JustPlayApp for the first time, you will need to use your device’s camera and software provided by FaceTec that is embedded within the JustPlayApp to scan your face and provide us with facial mapping data that is unique to you, as well as a photo of your face. We use the facial mapping data and photo for the following purposes:

  • Real person verification: To verify that you are a real person
  • Fraud prevention: To prevent unauthorized access and fraud. We compare the facial mapping data that you provide with facial mapping data that has been provided by other JustPlayApp users within the last four months to help prevent the same user from creating multiple accounts. We store the facial mapping data that you provide for four months and use your facial mapping data for this purpose as well.
  • Minor identification: To ensure that users are not underaged minors
  • 3. Storage and Protection of Facial Mapping Data and Photos

    Your facial mapping data and photo is stored in our rented server space on the servers of Google Cloud Services provided by Google Cloud EMEA Ltd. (70 Sir John Rogerson’s Quay, Dublin 2, Ireland) (please see our general privacy policy in this regard). We implement robust security measures, including encryption and secure storage, to protect your information from unauthorized access, disclosure, or misuse.

    Your facial mapping data is stored for up to 4 months and then is securely deleted. Your photo is stored for up to 1 month and then is securely deleted. 

    4. Sharing of F​acial Mapping Data and Photos

    Other than as described in this Policy, we do not sell, lease, trade, or otherwise profit from your facial mapping data or photos. The FaceTec software runs within our own environment, and we do not share your facial mapping data or photos with FaceTec. As noted above, the facial mapping data and photos are stored on Google Cloud Services. We may disclose your facial mapping data and photos when required by law, regulation, or legal process, such as a court order or subpoena.

    5. Your Rights

    Depending on the jurisdiction in which you reside, you may have the following rights regarding your Facial Mapping Data:

  • Access: Request access to your Facial Mapping Data, and/or information regarding how and why your Facial Mapping Data was collected, and any parties to whom we have disclosed your Facial Mapping Data.
  • Correction: Request corrections to any inaccurate or incomplete Facial Mapping Data.
  • Deletion: Request the deletion of your Facial Mapping  Data, subject to certain legal exceptions.
  • Withdrawal of Consent: Withdraw your consent to the collection and use of your Facial Mapping Data, noting that this may affect your ability to use FaceTec.
  • 6. How to Exercise Your Rights

    To exercise any of your rights or if you have any questions about this Policy, please contact us at:

  • Email: [email protected]
  • Address: Monbijouplatz 5, 10178 Berlin
  • Questions?

    For any inquiries and additional questions about processing personal data please contact [email protected]. Our contact details may also be found above or in the imprint under the App’s settings menu.

    Final notice

    We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g., the introduction of new services. The most current version applies to your visit.