Contact Us
We're always excited about the feedback or hearing ideas for partnerships

Privacy policy

1. General information

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our apps and the functions and content associated with it. Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
1.1 Controller within the meaning of data protection law
During the data processing described in this Privacy Policy, Gimica GmbH (Gimica) and JustPlay GmbH (JustPlay) (hereinafter “the Controllers”) work closely together to provide our users with Gimica’s game apps and JustPlay’s associated rewards program. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible (Art. 26 GDPR) for the protection of the personal data they process to the extent described below (2.1 – 2.5).

Contact details:
Gimica GmbH/ JustPlay GmbH
Monbijouplatz 5, 10178 , Berlin, Germany
 email: [email protected]
Within the scope of their joint responsibility under data protection law, the controllers have agreed which one of them fulfils which obligations under the GDPR and have specified this in a written agreement. The essence of this agreement can be found here.
​1.2 Data Protection Officer 
Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstraße 21
80802 Munich
[email protected]
When contacting our Data Protection Officer, please specify the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.

2. Data collection regarding the use of our apps

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you download our apps, register, or log in to the apps and use the apps, certain personal data is processed.
Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
2.1 Access to and storage of information in terminal equipment 
By using our apps, access to information (e.g., IP address) or storage of information (e.g., cookies or similar technologies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done based on § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.  
In cases where such a process serves other purposes (e.g., the needs-based design of our apps), this will only be carried out based on § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. 
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities in our apps.
2.2 Information collected during download of the apps.
When you download the apps, certain required information is transmitted to the app store you have selected (Google Play Store, Apple App Store). In particular, IP address, unique device ID, location, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, app usage data, operating system and its interface language. We have no influence on this data collection and are not responsible for it. The contract is concluded with the respective provider of the store and is handled in accordance with their terms and conditions as well as their privacy policy. Within the scope of your use of the stores, we only process the reviews and associated data published by you on our apps and receive anonymous statistics via the stores, e.g., on download figures, uninstalls and crashes.
2.3 Data processing when using the apps.
As part of your use of the apps, we collect certain data that is required for the provision and use of the apps. The following data is processed for these purposes: internal device ID, version of your operating system, time of access, IP address, content of access, country of access.
This data is collected in order to provide you with the service and related functions and to prevent and resolve misuse and malfunctions. To do so we use our service provider IPQualityScore, LLC to estimate fraud risks and our service provider Ipregistry: PSI IPV Ltd, Oxford, UK to determine the country from which a user logs in based on the IP address. 
If you use the JustPlay app, we collect information on your progress in the different game apps of Gimica as well as your advertising data (see below) and connect this data with you via identifiers (GAID / Google App Set ID/ IDFA / IDFV / JustPlay User ID). To do so we use our service provider AppLovin Corporation, 1100 Page Mill Road, Palo Alto, CA 94304. 
This data processing is justified by the necessity of the processing for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the apps and by our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in ensuring the functionality and error-free operation of the apps.
Our apps are hosted by an external service provider (hoster). We use Google Cloud Services as a hosting service provider that processes data on servers in several global locations. Personal data collected through the apps is stored on the hoster’s servers. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which they commit to protect the data of our customers and not to pass them on to third parties.
For using more functions of the apps, you are asked to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective submit button within the apps.
If you are using additional payment options in our apps we may ask for your full name and address details and pass this information to the external payment service provider. The payment providers are either PayPal: 2211 N 1st St, San Jose, CA, USA, Tangocard: 4700 42nd Ave SW #430, United States or Tremendous: 592 Union St Ste 502, San Francisco, California, 94123, United States. However, please note that we do not process your payment data and bank account details but use external providers that handle the payments.
For the purpose of managing our customers, we may process user data in internally used systems. We base this data processing on Art. 6 para. 1 lit. b. and f. GDPR. We use our service providers Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Metabase, Inc 9740 Campo Rd. Suite 1029, Spring Valley, CA 91977 for this purpose.
You may request the deletion and change of entered data any time via message to [email protected]. Please note that this might not apply to data whose processing is needed for legitimate needs. This is in accordance with the “right to erasure” of GDPR.
If the data processed for providing the apps services are considered personal data, such data processing is based on Art. 6 (1) b. or f. GDPR for the purpose of providing our service and analysing those data based on our legitimate interests of improving our product and research purposes.
2.4 Technical functions of the apps
Only if further functions of the apps are to be used in addition to the basic functions, the following accesses can be requested: 
Push Notifications: Push notifications are sent to keep you informed about various aspects of the app. Specifically, you will receive notifications regarding:
Status changes in your earnings.
Reminders related to your account or activities.
Updates to the app or its features.
Promotions and offers that may be of interest to you.
The permissions to access the above function are explicitly requested and can be confirmed or denied. Please be aware that with older OS versions explicit requests for push notifications might not occur, but are allowed by default.
If you have granted the individual permission, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. A granted authorization can be cancelled in the settings of the device in most cases at any time (however, this depends on the device and the operating system, which we have no influence on). The lawfulness of the data processing already carried out remains unaffected by the revocation. Please note that permissions that have not been granted may restrict the use of the apps.
2.5 Contact via contact form, e-mail. 
If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. 
You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
We may also contact you via app/email for purposes related to the use of the Apps or similar services based on Art. 6 (1) b. or f. GDPR.
In this context, we use our service providers Gmail, 1600 Amphitheatre Parkway in Mountain View, California Twilio Ireland Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland and Zendesk, Inc, 1019 Market Street San Francisco California 94103.
2.6 JustPlay payout functionality
Please note that JustPlay GmbH is the sole controller for the data processing described below.
You can download our apps from the app store without registering with us. Personal data is not collected for us in the course of downloading the apps. Nor is any personal data passed on to us by the apps store provider. If you want to use pay out functionalities, further details are required to process the payment. The processing of the payment is handled by external payment service providers. The user payment data is transferred to the payment provider. 
The data entered during the payout is processed for the fulfilment of a contract with the user or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).  Additional voluntary information is processed on the basis of your voluntarily given consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent with effect for the future at any time. For this purpose, an informal e-mail to the contact details of the controller mentioned at the beginning of this privacy policy is sufficient. The lawfulness of the data processing already carried out remains unaffected by the revocation.
If you register via Facebook (facebook.com) or Google (Google login) we process your email address and name from your user profile on Facebook after you have clicked the respective button. For further details on data processing on Facebook please refer to: https://www.facebook.com/full_data_use_policy
You have the right to change the email address via message to  [email protected] at any time.
Technical functions
Only if further functions of the JustPlay app are to be used in addition to the basic functions, the following accesses can be requested:  
Camera Access: 
The app requests access to your device’s camera for security purposes. To ensure that users do not create multiple accounts or use bots, we ask users to create a facemap using the selfie functionality. This is facilitated through technology provided by FaceTec, which helps us verify the authenticity of accounts.
Location Access: 
The app requires access to your location data to determine your market for a more tailored user experience. Additionally, location data is used for security and fraud prevention purposes to ensure the integrity of user accounts and transactions.
The permissions to access the above functions are explicitly requested and can be confirmed or denied.
If you have granted the individual permission, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. A granted authorization can be cancelled in the settings of the device in most cases at any time (however, this depends on the device and the operating system, which we have no influence on). The lawfulness of the data processing already carried out remains unaffected by the revocation. Please note that permissions that have not been granted may restrict the use of the apps.


3. Data transfer and recipients

Your personal data is not transferred to third parties, unless
we have explicitly pointed this out in the description of the respective data processing.
you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. 
the transfer pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms. 
there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern app-hosting services, the dispatch of emails and IT updates and maintenance. 
When you use our apps, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA) without an adequate level of data protection, e.g., in the U.S., especially if you have consented to a transfer of your data to our advertising partners.
To ensure an adequate level of data protection when transferring your data to third countries, standard contractual clauses of the European Commission are concluded in accordance with Art. 46 (2) lit. c DSGVO. They oblige the recipient of the data to process it in accordance with the European level of protection. A copy of the standard contractual clauses can be requested via the contact channels indicated above.
If the standard data protection clauses alone are not sufficient to ensure the level of protection, additional technical, contractual or organisational measures are taken to safeguard the transfer of data. Furthermore, it is regularly reviewed and evaluated whether these additional measures continue to ensure a sufficient level of data protection or whether further supplementary measures may need to be taken.

4. Storage period 

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g., from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection. Your profile and account data are deleted after you deleted such data in your apps account or deleted the entire account via the respective button in the apps, which is more or less immediately after such deletion according to our deletion routines.​

5. Cookies 

Our apps use so-called “cookies” and similar technologies. 
Cookies and similar technologies have various functions. They are technically necessary, as certain apps functions would not work without them. Some are used to evaluate user behaviour or display advertising.
The processing of data using strictly necessary cookies or similar technologies is based on § 25 para. 1 s. 1, para. 2 no. 2 TTDSG and a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free delivery of our services. 
The processing of personal data using other cookies or similar technologies is based on consent in accordance with § 25 para. 1 TTDSG, Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. 
You can find more information about processing purposes and our advertising partners below.
Purposes:
01 – Store and/or access information on a device
02 – Select basic ads
03 – Create a personalised ads profile
04 – Select personalised ads
05 – Create a personalised content profile
06 – Select personalised content
07 – Measure ad performance
08 – Measure content performance
09 – Apply market research to generate audience insights
10 – Develop and improve products
List of partners:
Ad Colony: 901 Mariners Island, Blvd, Suite 250, San Mateo, CA94404, United States
AD4Game: Ad4Game Inc on behalf of Liquid Media SARL, Ile Bizard, Quebec, Canada
AdJoe GmbH:  An der Alster 42, 20099 Hamburg, Deutschland
Amazon: A9.com inc, 130 Lytton Ave Ste 300 Palo Alto, CA 94301, USA
AppLovin: Applovin Corporation, 849 High Street, Palo Alto CA 94301, United States
BidMachine: 1640 Boro Place, 4th Floor McLean, Virginia 22102, USA
Criteo: 32 Rue Blanche, Paris, France
Digital Turbine: 110 San Antonio St #160, Austin, Texas, USA
Doit (Google cloud reseller): 6 Liberty Square #2305 Boston, MA 02109, USA
Facebook A: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
FaceTec: 707 Village Center Cir Ste 250, Las Vegas, Nevada, 89134, United States
Fyber Germany: Fyber GmbH, Wallstr. 9-13, 10179 Berlin
Fyber Israel: Fyber MONETIZATION, 4 Hapsagot Street, St. Petach, Tikva na 49551447 Israel
Google Ads: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Ad Mob Network: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland
Google In App Purchases (PlayDox Games): Google Payment Ireland Ltd. 70 Sir John Rogerson’s Quay
Dublin 2, Ireland
Index: 20 California St 6th Floor, San Francisco, United States
Inmobi: Cecil Street 19-08, PRUDENTIAL T SINGAPORE”
Ironsource (=SuperSonic Network): Azrieli Sarona Tower, Derech Menachem Begin 121, Tel Aviv 6701318 Israel
Kayzen: Ackerstraße 29, 10115 Berlin, Deutschland
LINE: Shibuya, 27F, Shibuya Hikarie, 2-21-1, Japan
Liftoff: 900 Middlefield Rd 2nd Floor, United States
LoopMe: 32-38 Saffron Hill, London, United Kingdom
MediaNet: 2505 2nd Ave. Suite 410 Suite 300 Seattle, Washington, 98121, United States
Mintegral (=Adlogic): 6 EU TONG SEN STREET 11-20 THE CEN, SINGAPORE
Mobilfuse: PO Box 37, Stirling, NJ 07980, USA
MOLOCO: 601 Marshall St #5th, Redwood City, United States
Ogury: Classic House, Martha’s Buildings, 174-180 Old St, United Kingdom
OpenX: 177 E. Colorado Blvd. #3039. Pasadena, CA 91105 USA
Pangle: 13929 34th Rd Apt 6C, Flushing, New York, 11354, United States
PubMatic:  601 Marshall St, Redwood City, United States
Reklamup: Arsus Technologies Ltd., Free Port and Region, Mersin 10, Turkey
SEON Technologies Kft., Rákóczi út 42, 1072 Budapest
Sharethrough: 5455 Av. de Gaspé #730, Montreal, Canada
Smaato: San Francisco, 240 Stockton St, 9th Floor, San Francisco, CA 94108, USA
Start.io: 584 Broadway, New York City, USA
Tapjoy: 353 Sacramento St 6th Floor, San Francisco, United States
Tappx: Carrer de Rosselló i Porcel, 21, 15B, 08016 Barcelona, Spain
Triplelift: 53 W 23rd St 12th Floor, New York, NY 10010, USA
Unity Ads: Unity Technologies SF, 30 3rd Street, San Francisco, Califonia 94103, USA
Verve / PubNative: Verve Group Europe GmbH , Karl-Liebknecht-Str. 32, 10178 Berlin, Deutschland
Vungle / Liftoff: Vungle Inc., 1255 Battery Street, Suit 500, San Francisco, CA 94111, USA
Xandr: 1 Rockefeller Plaza, New York City, United States
 
You can change your privacy settings or withdraw your consent at any time by opening the menu point Privacy Settings. 

6. Your rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.If you would like to have your personal data deleted please contact [email protected].
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work. ​
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

7. Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection, or any of your other rights, simply send an e-mail to [email protected]

8. Necessity of providing personal data 

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

9. Automated decision making / profiling.

For the purpose of fraud detection and prevention, certain criteria such as IP addresses and gaming behaviour are evaluated automatically. If several criteria apply that indicate fraudulent behaviour, players are partially or completely excluded from using the app. This data processing is necessary to properly process the contract concluded with the user (Art. 6 para. 1 lit. b GDPR, Art. 22 para. 2 lit. a GDPR). The data will be deleted after the evaluation.

10. Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g., the introduction of new services. The most current version applies to your visit.
Status of this privacy policy:  20 July 2023
Facebook fan page
In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.
Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.
If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection, or withdrawal), you can contact both, Facebook and us. 
You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:
https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com 
For further details, please see Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/
You can use Facebook’s online form to contact Facebook’s Data Protection Officer. To access it, please use the following link: https://www.facebook.com/help/contact/540977946302970.

Data processing for statistical purposes using Page Insights
Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created based on user behaviour and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimised presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means.

Data processing for market research and advertising
Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL.  The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data that is gathered from memberships on other platforms.
 
Data processing through making contact. 
We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide, and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalised, when the regarding circumstances are clarified.
 
Data processing for the purpose of performing a contract or entering a contract.
If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contract. Please consider that it may be necessary to store personal data of our contractual partners to comply with contractual or legal obligations even after the conclusion of contract.
Data processing on the legal basis of consent 
If the respective platform providers request you to consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time. 
Specific Provisions for California Consumers
These additional provisions for California consumers apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires “businesses” collecting or disclosing personal information to provide notice and a means to exercise those rights.
Categories of personal information collected in the preceding 12 months.
Business purpose for collection
Third parties with whom we may share your information​.
Right to Know and Right to Delete
For any of the personal information described above, you can request to know what personal information we collected, disclosed, used, and sold, and request that we delete your personal information at any time.
To exercise your right to know and right to deletion, please submit a request by:
Emailing [email protected] with the subject line “California Rights Request.” We will need to verify your identity before processing your request. To verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. In certain circumstances, we may decline a request to exercise the right to know and right to deletion, particularly where we are unable to verify your identity.
Upon verification of your request, we will delete (and direct our service providers to delete) your personal information from our records, unless retaining the information is necessary for us or our service providers to complete the transaction with you, detect security incidents or fraud, fixing errors, exercise free speech or another right provided by law, comply with legal obligations, or other internal and lawful uses.
Right to Opt Out of Sale​
CCPA gives you a right to direct a business that sells your personal information to stop selling your personal information and to refrain from doing so in the future. We do not “sell” information about our users as most people would commonly understand that term.  However, consistent with common practice among companies that operate online, we do “share” information in the sense that we allow certain third-party advertising networks and other third-party businesses to collect and disclose your personal information directly from your browser or device through cookies or tracking technologies when you visit or interact with our websites, use our apps or otherwise engage with us. These third parties use your personal information for purposes of analyzing and optimizing our services and advertisements on mobile apps, or on other devices you may use, to personalize content or to serve ads that may be more relevant to your interests, and to perform other advertising-related services such as reporting, attribution, analytics and market research.  
You also have the right not to be discriminated against for exercising any of the rights listed above.
If you are a California resident seeking to exercise your rights under the CCPA or have any questions or concerns, please email us at [email protected]. In certain circumstances, you are permitted to use an authorised agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorised agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us.
We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

C.  BIPA Notice – Biometric Information Privacy Act Notice

Effective Date: November 08, 2024

Introduction

This Biometric Privacy Policy (“Policy”) explains how Gimica GmbH (“Company,” “we,””our” or “us”) collects, uses, stores, and protects biometric data or information obtained through the FaceTec software (“FaceTec”) when you use our JustPlay App (the “JustPlayApp”), particularly in accordance with the Illinois Biometric Information Privacy Act (BIPA) of 2008, 740 ILCS14. (740 ILCS 14/1) (“BIPA“).

​​​What is Biometric Information?​
Biometric Information is any information, however generated, stored or shared, that is basedon an individual’s biometric identifier, and used to identify that individual.
In case of the JustPlayApp, only face geometry by utilizing facial recognition technology isused as a biometric identifier through facial recognition technology.
We require you undergo a facial recognition scan before we are able to pay out collected coins.

Collection of Biometric Information

We collect and process the following Biometric Information through the camera of yourmobile or handheld during your verification within our payout process:

  • Facial geometric data points and a facial photo to create a unique biometric template.

Prior to using your Biometric Information for the first time, we will require you to consent tothis Policy.

Purpose of Collection

We collect and use biometric data solely for the following purposes:

  • Real person verification: To authenticate and verify that you are a real person
  • Verification of returning customers: To authenticate during the initial payout processes that the same person is requesting a payout
  • Fraud prevention: To prevent unauthorized access and fraud
  • Minor identification: To ensure that users are not underaged minors
  • User experience: To improve and customize user interactions

Storage and Protection of Biometric Information

Your Biometric Information will solely be stored in our rented server space on the servers of Google Cloud Services provided by Google Cloud EMEA Ltd. (70 Sir John Rogerson’s Quay, Dublin 2, Ireland) (please see our general privacy policy in this regard). We implement robust security measures, including encryption and secure storage, to protect your biometric information from unauthorized access, disclosure, or misuse.

Your Biometric Information is stored for up to 4 months to fulfil the purposes outlined in this Policy or as required by law. After this period, the respective data is securely deleted. Your photo is stored up to 1 month, solely to regularly re-test our systems and verify the integrity of the biometric-scan process.

Sharing of Biometric Information

In general, we do not disclose or share your Biometric Information with any third party, but do so only under the following circumstances:

  • Service Providers: With Google Cloud EMEA Ltd. for storage on their servers.

  • Legal Requirements: When required by law, regulation, or legal process, such as acourt order or subpoena.

Your Rights

You have the following rights regarding your biometric data:

  • Access: Request access to your biometric data.
  • Correction: Request corrections to any inaccurate or incomplete biometric data.
  • Deletion: Request the deletion of your biometric data, subject to certain legal exceptions.
  • Withdrawal of Consent: Withdraw your consent to the collection and use of you rbiometric data, noting that this may affect your ability to use FaceTec.

How to Exercise Your Right

To exercise any of your rights or if you have any questions about this Policy, please contact us at:

  • Address: Monbijouplatz 5, 10178 Berlin, Germany

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new Policy on our website or through other communication channels. Your continued use of FaceTec after suchchanges constitutes your acceptance of the revised Policy.

Questions?

For any inquiries and additional questions about processing personal data please contact [email protected]. Our contact details may also be found above or in the imprint under the App’s settings menu.