Privacy Policy

This Privacy Policy applies to our video games Shakes & Fidget, SoccerStar (aka KickerStar), Bloodmoon, Tiny Island, and Clash of Empires (hereinafter "Games").

It provides you with an overview of how we use data. It shows which data is processed by us for what purpose and on what legal basis. We also explain what rights you have with regard to your data and how you can exercise them.

Identity and contact info of the responsible entity for the data processing:
Playa Games GmbH
Alstertor 9, 20095 Hamburg
Amtsgericht Hamburg, HRB 109725
Managing Director Thorsten Rohmann
Resonsible in the meaning of Art. 4 No. 7 GDPR: Hannes Beuck (no game support)

1. Personal Data
2. Data Security and Disclosure of Personal Data
3. Facebook Login/Steam/Apple Gamecenter Login/Signing in with Twitter/Google Play Games/Social Plug-ins
4. Tracking
5. Additional Content
6. User Rights
7. Storage Period of Personal Data
8. Validity and Amendments to this Policy
9. Additional Information and Data Protection Officer

1. Personal Data

Personal data are information that can, with reasonable effort, be linked to the identity of an individual (Art. 4 No. 1 GDPR). The primary reason why we process the personal data of our players is so that they can use our Games comfortably. The legal basis for this is Art. 6 Para. 1 b) GDPR.

When you create a user account for our Games, we assign it a unique number. We store the username and password you chose as well as your e-mail address unless you sign in via Facebook login (for third-party logins, see section 3 for more information). The provision of this data is a prerequisite for concluding a contract. We use a double opt-in procedure to verify whether the e-mail address you provide really belongs to you. Participation is not a prerequisite for using our Games However, we recommend it because we can only use validated e-mail addresses to send you important messages such as login confirmations, password changes, or occasional information about the Games you play. The legislative basis for the latter direct advertising is Art. 6 f) GDPR. We may also use your hashed e-mail address to advertise our games via social networks so long as the hash method used does not allow for retroactive decryption.

We store the originating IP address and the time at which registration is made. We also store the originating IP address and the time when you validate your e-mail address. This is to comply with our burden of proof, to ward off attacks against our system, and to ensure compliance with the rules of the game.

When you use our Games, your device communicates with our servers. In that context, we record signing in and signing out times as well as any relevant IP addresses. This can be the IP address of your telecommunications connection or of your mobile device. We process this data in order to handle violations of our T&Cs and to comply with the requirements of law enforcement authorities.

You can also communicate with other users in our Games and may divulge personal information. In regards to this, we advise that you exercise caution. If you receive messages from other users, they will be saved to your user account. This allows you to view all the messages you have received in the Game. Deleting messages in the Game will also delete them from your user account.

If you participate in one of our sweepstakes, we store the data you provide (which can also be personal). We process this data to determine the winners, distribute the prizes, and to obtain statistical information about our players. We do not share the data with third parties.

When you send us an e-mail or a message via our support system, we will store this message in order to process your request. In the case of messages via the support system, we also store so-called metadata about your device, such as the browser and operating system, in order to better be able to help you with your problem.

2. Data Security and Disclosure of Personal Data

We process only a few categories of personal data, none of which are particularly sensitive. Nevertheless, we take extensive precautions and are constantly improving these in order to prevent unauthorized access to your personal data and to minimize the corresponding risks. We process personal data exclusively on servers located in Germany. All our employees who regularly handle personal data are obligated by data secrecy and data protection regulations and are instructed in this respect.

Not all processes connected to our Games are provided by us. Some services are provided on our behalf by third parties in accordance with Art. 28 GDPR (“Processor”). This in part concerns the processing of payments via external service providers, such as credit card companies, banks, PayPal etc. (for further information see section 5). We also sometimes employ the services of third parties in the context of statistics, advertising, and e-mail. In cases where we remain responsible for the processing, the external companies are obliged to treat your data confidentially and securely and may only process the data insofar as this is necessary to fulfil their task. Moreover, they may only process personal data in accordance with our instructions. To this end, we have concluded appropriate contracts and regularly verify whether the service providers comply with their contractual obligations.

In the context of the above-mentioned order processing, some data is sent to American companies within the framework of the EU-US Privacy Shield. In accordance with Art. 45 para. 1 GDPR, this transmission of data does not require special approval. In sections 3 and 4, we provide detailed information on the circumstances and the companies to which we send the data.

Furthermore, we will only disclose your personal data if this is necessary to pursue our rights, to protect other users, to prevent endangerment to the state or public security, or to prosecute criminal offences, and only if it is permissible under the statutory data protection regulations or if you have given your express consent. Your interests worthy of protection will be taken into account in accordance with the legal data protection regulations.

3. Facebook Login/Steam/Apple Gamecenter Login/Signing in with Twitter/Google Play Games/Social Plug-ins

When creating a user account for our Games, you can either enter your information manually or use data already provided to a third party (see section 1 for details).

If you are using Facebook Login, Facebook (Facebook, Inc.) will send the information from your public Facebook profile and your e-mail address to us once you have consented to this data transfer. The public information transferred in such a manner consists of your ID, name, first_name, last_name, link, gender, locale, time zone, updated_time, and verified. This is a one-time data transfer and the information will be used to create a new user account on the game world you selected Of the transferred data, we only save the Facebook Token and the Facebook ID since these are required for logging in to one of our Games. We do not obtain knowledge of your Facebook password. However, Facebook may save data about your use of our Games. Facebook is subject to the EU-US Privacy Shield; for this reason, the transmission of data does not require special approval in accordance with Art. 45, para. 1 GDPR. For more information on Facebook and the GDPR, please visit

You can also create a user account for our Games on Steam (Steam is a product owned by Valve Corporation; for more information, please visit In this case, we do not receive any personal data.

If you use an Apple device, you can create a user account on our servers via the Game Center login. In this case, Apple (Apple, Inc.) will transfer your Apple ID, Game Center name, and e-mail address to us. For more information on Apple's privacy policy, please visit

Verification on Android devices works in a similar manner (“Google Play Games”). In this case, game information will be sent to Google and linked to the user's Google+ identity. It will also be visible in a variety of Google products ( For more information on Google's privacy policy, please visit
Google is subject to the EU-US Privacy Shield; for this reason, the transmission of data does not require special approval in accordance with Art. 45, para. 1 GDPR.

You may also link your user account(s) with Facebook, Google Play Games, and Game Center at a later time. This allows you to import user accounts and use them on additional devices.

Such a retroactive linking can be done via the Facebook logo in the Games. Clicking on the Facebook logo in one of our Games will provide a link that forwards you to the official Facebook App page, a "Like" button, and the option to retroactively connect or disconnect your user account via Facebook Connect. The Twitter logo opens the service’s official Twitter channel but without establishing a permanent connection.

The "Like" button in our Games is not related to the social plugin offered by Facebook, Inc. – in the case of the app and Steam versions of our Games, it is simply a link forwarding you to the official Facebook App page. It is a JavaScript feature in your web browser that only contacts the Facebook servers once you click the button. In this event, you will become a Facebook fan of the respective service and the information will be directly transferred to Facebook and stored there. Furthermore, the plug-in also transfers to Facebook the information that you opened the site of our offer in your browser. If you are logged in to Facebook on the same computer at that time, Facebook can match your use of our website to your Facebook account and link it (this will not be limited to only the page view). For more details about the scope and purpose of data collection, processing, and use by Facebook, please consult Facebook's data protection policy. There, you will also find information on how to protect your personal information and details about the relevant settings on Facebook:

We store Push Tokens in order to be able to send Push Messages to your Android or Apple device. We may also use this technology for other platforms in the future. You can manage Push Messages under “Options” or “Settings” in the mobile app or in your device settings.

4. Tracking

If you are accessing our Games via a web browser, a script by YouTube LLC may be called to allow the playback of YouTube videos on the website. For more information on YouTube's privacy policy, please visit

In order to identify through which advertising channel a user found one of our Games, we utilize unique codes (“CID”) that are transferred to us through media such as ad banners and videos. If this leads to the creation of a user account, the CID will be permanently linked to it.

For this, we use a technology called “fingerprinting”, which allows us to settle fairly with an advertising partner. Clicking on an advertising banner temporarily stores various openly accessible criteria such as browser type, version number, and operating system for comparison with information when registering on our game pages. All this data is fully deleted within a few minutes.

We also use cookies in several places. Cookies are small text files that are stored on your computer and make it technically possible to recognize your internet browser. They help us to create more user-friendly, efficient, and safe services. For example, some of your settings are stored so that you do not have to select them every time you visit our websites. We write cookies for certain game-related events, for example when a certain game progress has been achieved.

Only with your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use cookies to call pixels from our advertising partners. Otherwise, the processing takes place solely for the fulfillment of the contract and based on our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. b and f GDPR.

If you already play our games, it is part of our services to guarantee you unobstructed and easy access to our games as far as possible and to store the decisions you made in the game, such as the selection of the game world. In this context, we also have a legitimate interest in the processing of cookies for the above-mentioned purposes to round off our external image and our market presence with a state-of-the-art website. By using cookies, we can provide visitors and existing users with the best possible website experience by adapting our offers to their respective interests and needs. Our cookies do not contain any personal data that would require special protection pursuant to Art. 9 GDPR. We therefore assume that our interest in being able to offer an attractive website and service matches your interest in visiting an attractive website and that this common interest outweighs your interest in not receiving cookies. How long the cookies are stored on your device greatly depends on the standard or custom settings of your Internet browser. By changing these settings, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

Google Analytics, a web analysis service of Google Inc., also uses cookies. The information generated in this way may contain IP addresses and is transmitted to Google servers in the USA. The USA is a third country without an adequate level of data protection. The appropriate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy decision of the Commission pursuant to Art. 45 para. 9 GDPR. The adequacy decision (EU-US data protection shield, i.e., Privacy Shield) requires self-certification of the US companies subject to this decision. Google has self-certified accordingly. On our behalf, Google processes the above information to evaluate the use of our websites and compile statistics. We have a legitimate interest in this pursuant to Art. 6 para. 1 clause 1 lit. f GDPR, as this allows us to provide offers targeted to the market. Since you visit our offers and we assume that you do so out of interest in our offers, our interest outweighs your interest in not receiving cookies. You can prevent the collection and transfer of data to Google by downloading and installing the following browser plugin: You can specify how cookies are to be treated in general in the settings of your web browser. If you are using the Flash version of one of our Games, local Flash data will also be stored on your device. We have concluded a contract with Google for the processing of order data and fully implement the strict requirements of the German data protection authorities.

Furthermore, there are several "pixels" from Facebook (until 2016, Conversion Tracking Pixel, now officially Facebook Pixel) and Google on our websites and in the apps. Pixels are small sections of code that generate a specific tracking code, which will then be stored as a cookie on the end device. This is how we count the number of users of our games to determine whether promotional activities are successful. For more information on how Facebook processes data and what options you have to protect your privacy, please visit

We use Google AdWords Conversion Tracking to measure the success of our advertising efforts. Once certain targets have been achieved on our website ("conversions"), such as downloading an app, completing an order, or subscribing to our newsletter, this target achievement is recorded by Google. Google can then measure the number of target achievements for us. In addition, Google will use previously stored cookies to determine which advertisements were clicked on before and were therefore decisive for the achievement of the target. Google processes this data on servers in the USA, but will not associate it with personal data from your Google account. Explanations on data transmission to the USA, the legal basis for data processing, and the corresponding weighing of your and our interests as well as the possibility of excluding data transmission can be found in the information on Google Analytics.

The Google Tag Manager is used to embed tracking and remarketing codes. However, it does not store any personal data.

We use the Dynamic Remarketing feature of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in conjunction with the cross-platform features of Google DoubleClick and DoubleClick Exchange Buyer. This feature is used to present interest-based advertisements to visitors to the site as part of the Google advertising network. When you visit our website, your browser stores so-called cookies. The cookies used in this context are text files saved to your computer that recognize visitors when they access websites that are part of Google's advertising network. These websites may then display advertisements that relate to content previously viewed by the visitor on websites that use Google's remarketing feature. According to Google, no personal data is collected during this process. However, if you wish to deactivate Google's remarketing feature, you can always do so by changing the relevant settings at Alternatively, you can use the advertising network initiative to deactivate the use of cookies for interest-based advertising by following the instructions at: Explanations on data transmission to the USA, the legal basis for data processing, and the corresponding weighing of your and our interests as well as the possibility of excluding data transmission can be found in the information on Google Analytics.

We use Google DoubleClick Floodlight, a conversion tracking system for the Google Marketing Platform. It consists of tags that record activity on our website and reporting features that add conversion data to our reports. Floodlight uses a cookie to capture repeat visits from a specific browser. You can disable Google Tracking in the Google AdSettings: or use the Network Advertising Initiative's cross-vendor opt-out page: Explanations on data transmission to the USA, the legal basis for data processing, and the corresponding weighing of your and our interests as well as the possibility of excluding data transmission can be found in the information on Google Analytics.

Our apps for Android and iOS end devices include the Google SDK. We do not collect personal data with this SDK – we use it solely to collect general information in order to get an insight into user flows into and within our apps so that we may improve our advertising activities. Such information includes the language of the browser installed on your device, the region settings of the end device and the time zone. In the future, we may also collect additional general information, such as the duration of your stay and the number of clicks in the app. Determining your identity from such information is impossible, and the data is analyzed anonymously and solely for statistical purposes. For more information on Google Analytic's privacy policy, please visit

Our "Tube" allows players to watch commercials. This feature will show videos from changing third-party providers, in particular those of Fyber N.V., Wallstraße 9-13, 10179 Berlin, Germany. By default, the Tube is deactivated and no data is transferred to third parties. A transfer will only occur after consent in accordance with Art. 6 para. 1 a) GDPR. If players decide to watch a commercial, we will send the player's IP address and an advertising ID to the third-party provider. Once a video has been watched, the provider sends us a confirmation so we can credit the player the respective ingame bonus ("Lucky Coins" for Dr. Abawuwu's wheel). For more information on how Fyber protects your data, please visit We may transfer your personal data to the USA in the course of use. The USA is a third country without an adequate level of data protection. The appropriate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy decision of the Commission pursuant to Art. 45 para. 9 GDPR. The adequacy decision (EU-US data protection shield, i.e., Privacy Shield) requires self-certification of the US companies subject to this decision. According to Fyber (, the collected data is stored in the Amazon Web Services (AWS) cloud, which is Privacy Shield certified. You can deactivate the Tube in the ingame settings, thereby revoking your consent.

An SDK from AppsFlyer Ltd. is embedded in our apps in order to manage the above-mentioned pixel accesses. AppsFlyer is subject to the EU-US Privacy Shield; for this reason, the transmission of data does not require special approval in accordance with Art. 45, para. 1 GDPR. You can find out more about the features and privacy policy of AppsFlyer at

Most of our static game content (e.g. graphics) is stored with Akamai Technologies GmbH from where it is sent to your device whenever you play. Your IP address may be stored when you access game content from Akamai. Some of our websites display fonts from Adobe Systems Incorporated. These are accessed from servers in the United States and Adobe may determine that you have visited our website.

You may be able to turn off or reset the tracking of your mobile device – Please refer to your end device’s manual under the keywords “Ad Tracking” or “Google Advertising ID” to find out more.

5. Additional Content

Our Games are strictly free to play. However, we also offer additional services with costs. If you decide to purchase such services, the financial transaction will be carried out by the service provider you select, such as PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal
L-2449, Luxembourg) or Paymentwall (PW Inc., a Nevada corporation), facilitated by Wirecard AG (Einsteinring 35, 85609 Aschheim, Germany) and also by Goodgame Studios (Altigi GmbH, Theodorstr. 42-90, Haus 9, 22761 Hamburg, Germany)), who will then be responsible for the technical side of processing the payment. In this event, we may transfer data to other service providers to the extent necessary to determine the price, for billing, and for payment collection. Specifically, this data includes your alias, the game world on which you created your user account, the language settings and your pre-selection (if any). Any personal data that you provide to the service provider, in particular your name, address and payment information, will not be forwarded to us.

After payment has been processed, we receive and store an acknowledgement from the respective service provider. This acknowledgement contains information that allows us to verify the status of the respective transaction. This is necessary in order to provide the agreed and paid for service and, if necessary, provide customer service.

6. User Rights

The processing of personal data generally occurs so that we can fulfil the user agreement pursuant to Art. 6 para. 1 b) GDPR. However, the data may only be processed if the user is at least 16 years of age (13 years in some countries). For this reason, our games may only be played by individuals who have reached the age at which data processing is permitted in their country of origin. Children who currently have a user account must prove the consent of their legal guardian by May 25, 2018. Children who want to create a new user account must also first prove the consent of their legal guardian. If you or your legal guardian(s) have consented to the processing of your personal data, you have the right to revoke this consent at any time without reason, as pursuant to Art. 7 para. 3 GDPR. This will not affect the lawfulness of any processing on the basis of the consent that is carried out previous to such a revocation. You can use our Support-Tool for this purpose.

You have the right to request confirmation as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data. The content of this right to information results from the provisions of Art. 15 GDPR. You can use our Support-Tool to request such information. If you make an inquiry by e-mail, we are usually only able to provide information about data linked to the e-mail address from which the inquiry is made. For inquiries by fax or letter, please provide the game world, the player name, and the e-mail address with which you registered.

If we or a third party processes personal data concerning you out of public interest according to Art. 6 e) GDPR or out of legitimate interests according to Art. 6 f) GDPR, you have the right, for reasons arising from your particular situation, to object to the processing at any time in accordance with Art. 21 para. 1 GDPR. According to paragraph 2, you can also object to direct advertising for our services. Subsequently, the data will no longer be processed for direct mail. You can object through our Support-Tool or use the corresponding link in any promotional message you have received from us. Subsequently, the data will no longer be processed for direct mail. This also includes retargeting campaigns and the creation of Facebook Lookalike Audiences.

If there are changes to your personal data or if we have stored an incorrect date, you are entitled to have it corrected in accordance with Art. 16 GDPR. Please use our Support-Tool.

Pursuant to the provisions of Art. 17 GDPR, you have the right to have your personal data deleted. This could be the case if you want to delete all your user accounts; the legal obligation to retain data ceases to exist; your data is no longer required for billing purposes; and for asserting, exercising or defending legal claims. In the event of a justified objection to the processing of your data, this data may have to be deleted. In the latter case, you can request the restriction of data processing. It is also possible that it relates to a child's data, which may not be processed. You can use our Support-Tool to request the deletion of your data.

Generally, you have the right to request and receive from us the personal data that you have provided us with, or to have it transferred by us to another responsible person. We are not currently aware of any case in which this could have practical significance in relation to our games.

You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your workplace, or the place of presumed infringement (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Klosterwall 6 (Block C), 20095 Hamburg, Germany, phone: 040/428 54 - 4040, fax: 040/428 54 - 4000, email: if you believe that the processing of your personal data violates the General Data Protection Regulation (GDPR).

7. Storage Period of Personal Data

Personal data will be deleted immediately once the purpose for which it is processed has been achieved. All information mentioned in section 1 will therefore be stored by us for as long as the user agreement exists between you and us, since it is required for the fulfilment of our obligations under this Privacy Policy. Furthermore, such information is retained to the extent that the processing of personal data is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, or to assert, exercise, or defend legal claims pursuant to Art. 17 para. 3 GDPR. These can be, for example, billing purposes, combating abuse, and compliance with legal retention periods. The latter result in particular from the German Commercial Code and generally amount to six years to the end of the calendar year with regard to our user agreement and associated financial transactions. Contractual retention periods may also result from contracts with third parties (e.g. with holders of copyrights and ancillary copyrights). Data subject to a retention period will be blocked until the expiry of this period. Any data the app stored on your mobile device can remain there until you remove the app.

8. Validity and Amendments to this Policy

This Privacy Policy applies exclusively to our Games and websites. If you follow links provided by other users in messages or chat, you may access third party websites or offers. We have no control over such third party content and this Privacy Policy shall not apply to it.

Rapidly changing developments in the Internet and data privacy laws may require amendments to this Privacy Policy pursuant to new legal provisions or due to changes in technology or our Games. We will notify you promptly of any such change.

9. Additional Information and Data Protection Officer

Playing together requires trust in each other. For this reason, we are always available to answer any questions you may have regarding the use and processing of your personal data. Only a small number of our trustworthy employees is involved with such processing. If you have questions that this Privacy Policy cannot answer, if you need further information regarding one of its provisions, or if you wish to provide comments, please contact us by way of the support form (link to Support Tool) or notify our data protection officer directly:

Rechtsanwalt und Fachanwalt für Informationstechnologierecht
Dr. Christian Rauda
GRAEF Rechtsanwälte Digital PartG mbB
Jungfrauenthal 8

April 2020, Playa Games GmbH