# Data Privacy Statement for the Use of the Coin Pop App, Version: 01.12.2020

This Data Privacy Statement applies for the offering and use of the “Coin Pop” app (hereinafter referred to as “Coin Pop”), which is provided to you by justDice GmbH, 22769 Hamburg (hereinafter referred to as “we” or “us”) for use on your mobile device.

When using Coin Pop, personal data will be collected, processed and used by us. Because the protection of your privacy when using Coin Popis important to us, we would like to inform you with the following information about what personal data we collect when you use Coin Pop and how we handle this data.

You can access this Data Privacy Statement at any time under the “Datenschutz” (data privacy) heading within the app or at https://coinpop.online/legal/v1/privacy/company.coinpop.coinpop.

Data Controller

justDice GmbH, 22769 Hamburg (you will find exact contact details in the legal notice in the app or at https://coinpop.online/legal/v1/imprint/company.coinpop.coinpop) is the “controller” in accordance with the applicable data protection law, in particular the EU General Data Protection Regulation (GDPR).

Should you have any questions or comments about data privacy when using Coin Pop, please feel free to contact us by post (justDice GmbH, An der Alster 42, 20099 Hamburg) or send us an email to [email protected].

What is Personal Data?

“Personal data” is information, or parts thereof, by means of which you can be identified either directly (e.g. by your name) or indirectly (e.g. by pseudonymised data such as a unique ID). This means that personal data includes, for example, email addresses, addresses, mobile phone numbers, user names, profile pictures, personal preferences and use behaviour regarding the apps used on your end device, user content, financial information and health-related information. However, this could also include one-time identifiers such as the IP address of your end device or the browser you use, and other specific information about your mobile device.

This Data Privacy Statement covers all personal data that is stored and processed by you when using Coin Pop.

Collection and Use of Your Data

In some cases, you will provide us with immediate access to the data (e.g. when creating a user account and contacting us) and in some cases we will collect the data automatically during the use of Coin Pop (e.g. in order to offer our services and understand how you use our services and your apps).

We will use your data to perform and process the contract on the use of Coin Pop. Within this framework, we will use your data primarily for the calculation and payment of the bonuses acquired by you in the course of your use of Coin Pop and inform you about apps participating in Coin Pop. Other use will only take place due to other statutory obligations or authorisation, if you have granted us permission, or if the use is for legitimate interests of justDice GmbH as the provider of Coin Pop.

The legal basis for the processing of your data may be the following:

What Rights Do You Have Regarding Your Data?

You have the right at any time to receive free information about the extent and content of the processing of your personal data by us. You also have the right to request from us the rectification, restriction of processing, or erasure of your personal data.

In the event of data privacy violations, you also have the right to lodge a complaint with the competent supervisory authority.

Further information can be found further down in this Data Privacy Statement, in the following section: “Your Rights as a Data Subject”.

In particular, your personal data will be used as follows during the use of Coin Pop:

Registration

In order to use Coin Pop, you must register for Coin Pop.

Consent to the Processing of Personal Data for the Use of Coin Pop

When using Coin Pop for the first time, you first have to accept our terms and conditions of use (GTC) during the registration and agree to the processing of your personal data by Coin Pop. For this purpose, you have to confirm the following declaration of consent by clicking on the “ACCEPT” button underneath (if you do not want to give consent, please click on “REJECT”; the use of Coin Pop will then not be possible):

I hereby agree that by using Coin Pop may use the following personal data:
Registration data (email address, date of birth, gender)
Installed apps (including the use duration and use history)

The data is linked to your device via the device ID (GAID or IDFA) ransmitted to our servers in encrypted form. So that app providers can finance our app proposals, your device ID must be transferred to them for billing purposes. In order to measure the usage time as well as the installed apps, users can voluntarily upload screenshots from their mobile phone via the Coin Pop, after which they will be automatically processed, evaluated, and stored in our system for your membership.

The processing of the above data is required in order to be able to suggest apps available in the Coin Pop that match your interests, propose their installation via system notifications, and allow the bonuses earned from using said apps to be calculated. I am aware that the above data results in an interest profile, which, depending on the type of apps I use, may contain particularly sensitive personal data (such as health data or data on my sexual orientation as well as any other data from special categories defined in Art. 9 para. 1 of the European General Data Protection Regulation (GDPR).

If necessary, a selfie is required (only with bonus payment)

I understand that for reasons of fraud prevention, bonuses that I earn through the use of Coin Pop will only be possible after additional user verification via a selfie taken with my device's camera when I first request a bonus. My consent to the processing of my personal data therefore already applies to the processing of these photos. I acknowledge that selfies are also special-category personal data per Art. 9 para. 1 GDPR and expressly consent to the processing described below.

We use users' selfies exclusively for the purpose of fraud prevention and to ensure that bonuses have not been earned through the automated, fraudulent use of software. For this purpose, a photo (“selfie”) is saved when your face is recorded using your device's camera. We use the recording to create an individual and anonymous digital user ID (in the form of a hash value) that is not linked to your account and is used to check whether the bonus has actually been earned by a real person and whether this person has already requested or received a bonus with another account. For reasons of data economy, this is only necessary if you want to receive bonuses. If you do not want to receive bonuses, you can use Coin Pop fully without providing any selfies. The selfies will not be used by us for any other purposes and we will delete them 4 weeks after your bonus has been disbursed.

Information about Withdrawing Consent

The withdrawal of your consent and the termination of the use of Coin Pop is possible at any time with future effect, and can be sent to justDice GmbH via email at [email protected] or by post to justDice GmbH, An der Alster 42, 20099 Hamburg. Special fees (beyond the regular transmission fees of your telephone or internet service provider, or letter postage) do not apply for the withdrawal of consent. If you withdraw your consent, your data will be deleted from the Coin Pop database; if deletion is not possible, the processing of your data will be restricted instead of its being deleted. Further use by Coin Pop is no longer possible after the withdrawal of your consent.

Registration and Registration via Facebook or Google Login

For the registration, in the next step after accepting, you have to decide whether you would like to register via email or with the user data of your Facebook or Google account.

If you decide to register via email, you have to enter the following details:

This information is absolutely necessary to be able to identify you. We will collect and use this data to set up and provide Coin Pop on your mobile end device. We require your date of birth to check that you are of legal age, because the use of Coin Pop is only permitted for people from the age of 18 years.

Your data will be sent encrypted in the SSL process and will therefore be safely transmitted. If you decide, by activating the corresponding checkbox, to be automatically logged in in the future for the use of Coin Pop, the password will be stored with SHA encryption in order to protect your data.

As an alternative to logging in via email, you can log in with your Facebook or Google login. Additional registration for Coin Pop will then not be necessary. For the registration, you will be directed to the Facebook or Google page where you can register with your user data and therefore link your Facebook or Google profile to our app. We will hereby automatically receive the following information from Facebook or Google:

This information is absolutely necessary to be able to identify you. We will collect and use this data to set up and provide Coin Pop on your mobile end device. We require your date of birth to check that you are of legal age, because the use of Coin Pop is only permitted for people from the age of 18 years.

We will store the profile image used by you on Facebook or Google and use it to personalise the display within Coin Pop on your end device.

Your data will be sent encrypted in the SSL process and will therefore be safely sent from the servers of Facebook or Google. If you decide, by activating the corresponding checkbox, to be automatically logged in in the future for the use of Coin Pop, the password will be stored with SHA encryption in order to protect your data.

Further Information:

The provider of social network “Facebook” is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Facebook profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.

Google's services are provided by Google, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Google profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://policies.google.com/privacy?hl=de&gl=de.

The use of the Facebook or Google login can lead to your personal data being collected by Facebook or Google and potentially sent outside the EU/EEA, and being stored and used there. This data collection and use is within the area of responsibility of Facebook or Google. The precise use of the data by Facebook or Google is not known to us and we have no influence on what data is collected by Facebook or Google and how it is used by Facebook or Google.

Please see the above privacy policy and terms of use of Facebook and Google you agreed to when you registered with them.

Registration/Setting Up a User Account

To be able to use all functions of Coin Pop and in particular to benefit from the bonus payments, you have to register for the use of Coin Pop by setting up a user account. The registration therefore serves to provide the services of Coin Pop and calculate the bonuses generated by you.

During the registration process, we will collect and store certain other personal data about you for the setting up of a customer account, if necessary. This includes (if we have not already collected and stored this in accordance with the steps described above, see above) the following information:

This data is processed on the basis of the consent you have given (see above) and is used to fulfil the contract for you to use Coin Pop.

If you do not provide this information or data, you may not be able to use Coin Pop at all or only to a limited extent and will, in particular, not be eligible for any bonus payments.

Use Data

During the use of Coin Pop, we log and store certain data automatically.

Data Processing for the Recommendation of New Apps

To be able to recommend to you other apps that participate in Coin Pop based on your current app preferences, a list of apps currently installed on your end device, as well as apps that you have already installed (but that you have deinstalled) in the operating system installed on your end device, including a use history of all these apps, will be sent to us during the installation of Coin Pop.

In order to know your long-term preferences and continue to offer you interesting apps, after the installation of Coin Pop and permanently during the use of Coin Pop, other apps installed by you on your end device will be automatically recognised by Coin Pop and the name of each newly installed app will be sent to us.

In addition, we will log data about the use of the apps running in the foreground of your end device and the temporal extent of the use (date, time and duration of the use of all apps).

For the logging of the use data within Coin Pop, we measure the so-called “customer journey”. For this purpose, each click or typing of a key within Coin Pop will be logged and linked to your profile or stored on the server.

The processing of this data takes place based on the consent granted by you (see above) and serves to perform the contract on the use of Coin Pop by you.

Data Processing for the Calculation of Bonus Payments

We also use the data about your use of the apps running in the foreground of your end device to calculate the bonuses generated by you, if you have obtained and installed these apps via Coin Pop. For this purpose, we also log and use data about your purchases of services and virtual items within the framework of the apps used by you (in-app purchases), and about relevant in-app occurrences relevant for the calculation of the bonuses, such as level increases.

The processing of this data takes place based on the consent granted by you (see above) and serves to perform the contract on the use of Coin Pop by you.

Use Data about the End Device Used by You

In order to be able to identify you beyond any doubt during the use of Coin Pop and allocate you for the purpose of the recommendation of new apps, and the calculation and payment of the bonus payments, we store other data about the use of Coin Pop and the end device used by you for this purpose. This includes the so-called Google Advertiser ID (“GAID” for Android) and the so-called Apple Identifier for Advertisers (“IDFA” for Apple iOS), the Widevine ID, the model and product name of your end device, the version of the operating system, the browser type used and its display resolution, as well as the IP address allocated to your end device and information about when which content from our offering was accessed, the names of the files requested, and their dates and times of access. We require this data to determine the content requested by you (e.g. text, images, games and product information as well as files provided for download etc.), in order to enable the offering of our services in accordance with the terms and conditions of use, and for the optimal display of Coin Pop on your end device. In order for app providers to finance our app suggestions, they must be sent the device ID for billing purposes.

The processing of this data takes place based on the consent granted by you (see above) and serves to perform the contract on the use of Coin Pop by you.

If our server logs also automatically log your IP address, this will take place solely for the purpose of guaranteeing the security of our systems, or for fraud prevention, and the IP address will be automatically erased after 30 days at the latest.

The processing of this data therefore takes place to safeguard legitimate interests of justDice GmbH as the provider of Coin Pop.

Anonymised Use Data to Improve Our Services

Otherwise, the above-mentioned use data will be prepared, and we will process it in a general and anonymised manner in order to generally analyse the use of Coin Pop. This data includes the models and product names of the end devices employed for the use of Coin Pop, the version of the operating system, the browser types used and their display resolutions, as well as general details about when which content from our offering is accessed, the names of the files requested or which data is accessed most frequently, and their dates and times of access. This data is solely for the needs-based design of Coin Pop and therefore to constantly improve our services, and detect and rectify any security flaws.

This data does not enable matches to be made to you personally.

The processing of this data will take place to safeguard legitimate interests of justDice GmbH as the provider of Coin Pop.

Note: Authorisation to Access Functions and Data on the End Device

In order to be able to use all functions of Coin Pop, you may have to grant Coin Pop permission to access certain functions and data on your device (such as access to your camera or your app library), but this depends on your device and the operating system, over which we have no influence. We will use all authorisation granted by you solely for the above-named purposes, even if authorisation granted (e.g. for technical reasons) theoretically enables other possible uses. You can normally (in other words, depending on your device and the installed operating system) cancel granted authorisation in your device settings at any time.

Contact Section

In the contact section of the app, you can contact us via email using our contact form. Your email address will thereby be collected by us. You can decide yourself which data you provide to us within the framework of the contact.

In this case, we will only use your data to respond to your query.

The processing of this data takes place based on your permission and to safeguard legitimate interests of justDice GmbH as the provider of Coin Pop.

Storage Duration of Your Data

We will only store your personal data for as long as we need it for the performance of the contract on the use of Coin Pop, for the fulfilment of your wishes, or for our legitimate interests for the purposes of which we have logged your personal data, or for as long as is permitted or required by law:

When we no longer require your personal data, we will erase it from our systems and records, or anonymise it so that it can no longer be identified.

We can retain certain personal data in order to comply with our statutory and regulatory obligations, and to enable us to manage our rights (e.g. the assertion of our rights in court), or for statistical purposes.

Forwarding of Data

The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:

Security Measures to Protect the Data Stored by Us

We are obliged to protect your privacy and treat your personal data confidentially. Your data will be stored in our databases, which are only accessible to us and employees specifically trained in data protection.

If we use support from third-party service providers who process your data on our behalf in order to provide our web services, we have ensured that they are subject to the strict conditions of this Data Privacy Statement, and that the use of your data beyond the cases described in this Data Privacy Statement will not take place. All contractors, service providers and their employees are subject extensively to our instructions and are also in particular legally obliged to observe, and trained in, the protection of your data.

In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organisational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorised information.

However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.

Data Storage Abroad

We consistently ensure the strict data protection made legally binding in the European Union. In some cases, particularly for technical reasons, it may transpire that your data entrusted to us is stored on servers outside of your country (even outside of the European Union) in which you originally entered your data. In this case and in the case of a risk that countries to which your data are sent are not subject to data protection law that is just as strict as that in your home country and in the country from which you use our services, we ensure that your data is handled in accordance with the provisions of this Data Privacy Statement.

Data processing by processor

For the operation of our services we are partly dependent on third party suppliers (called processors). For these companies to be able to carry out their services, your data must be transferred to them. We have entered into a processing contract with these contract processors in accordance with Art. 28 GDPR and they implement the strict requirements of the data protection authorities when using your data. We ensure that all third party service providers, who assist us in the provision of our services, comply with data protection law by this agreement and strict controls that your data will be treated according to our instructions and will not be disclosed to third parties. In addition, we take further measures to guarantee the protection and safety of your data. Data will only be processed outside the EEA if the service provider guarantees that we comply with the requirements of European data protection law.

The following service providers (processors) work with us for the following purposes:

  1. Amazon Web Services, Inc., P.O. BOX 81226, Seattle, WA 98108-1226, USA - Server hosting provider for storage.

    The data required to send the newsletter will be stored on Amazon Web Services servers within the European Union. We outsource some of our data processing to Amazon Web Services; this falls under the rules provided in Art. 28 GDPR on the basis of standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council and have thus obliged Singtaper to process the data only according to our instructions and to implement the strict data protection rules of the European Union. Further information can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=DE

    For more information, see the Amazon Web Services privacy statement at: https://aws.amazon.com/en/compliance/data-privacy/.

  2. adjoe GmbH, Neuer Pferdemarkt 1, 22359 - Software Service provider for optimized advertising and fraud prevention.

    We have concluded an order processing contract with adjoe in accordance with Art. 28 DSGVO, in which adjoe is bound by agreement to protect the data of our users and not to pass the data on to third parties.

  3. Singtaper Technologies F_ZCO, DTEC, DSO-THUB-1-D-FXD-G035, Dubai Silicon Oasis, U.A.E - SMS Shipping Service Provider.

    We have concluded a contract processing contract with the partner pursuant to Art. 28 GDPR based on the EU standard contractual clauses for the transfer of personal data to processors in third countries under Directive 95/46 / EC of the European Parliament and of the Council and have thereby obliged Singtaper to do so to process the data only according to our instructions and to implement the strict data protection rules of the European Union.

    More information can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN.

Your Rights as a Data Subject

As a data subject in the data processing by Coin Pop, you have the following rights listed in this section.

If you would like to exercise one of your rights named below, please contact us using the contact details named in the following “Contact” section.

Please note that we may request proof of your identity and extensive information about your query before we can process it.

Information, Restriction of Processing and Erasure

Within the framework of the applicable statutory provisions, you have the right at any time to obtain free information about the data stored about you personally, its origin and recipients, and the purpose of the data processing. On presentation of the respective prerequisites, you may also have the right to the rectification of incorrect data, the restriction of the processing, and the erasure of data.

Withdrawal of Your Consent to Data Processing

Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.

Right to Data Portability

Regarding the data that we process automatically on the basis of your consent or in the performance of a contract, you generally have the right to access it yourself or have it provided to a third party in a customary, machine-readable format. If you require the direct transfer of this data to a third party, this will only take place if this is technically possible with reasonable effort.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of data privacy violations caused by us, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for justDice GmbH in data protection law matters is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), the contact details of which can be found in the following link: https://www.datenschutz-hamburg.de/wir-ueber-uns-kontakt/wie-erreichen-sie-uns.html.

Contact

Should you have any questions or comments about the handling or use of your personal data, should you require information about the personal data stored about you, or should you wish to exercise your other rights named above, you can contact us via this support form, by post at justDice GmbH, An der Alster 42, 20099 Hamburg) or by sending an email to [email protected].

Operational Data Protection Officer of justDice GmbH

As legally stipulated, we have appointed a data protection officer for our company:

Mr Rechtsanwalt Stephan Krämer, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Köln

Links to Third-party Websites

On our website, there are links to websites of other service providers. When activating these links, you will be forwarded directly to the websites of the other service providers. You will notice this by the change of URL, amongst other things.

We cannot accept any responsibility for the confidential handling of your data on these websites of third-party companies, as we have no influence on the compliance of these companies with the data protection regulations. Please inform yourself about the use of your personal data by these companies directly on these websites.

Changes to this Data Privacy Statement

We always keep this Data Privacy Statement up-to-date. Therefore, we reserve the right to change it from time to time and update it with changes during the collection, processing and use of your data. Therefore, please read through this Data Privacy Statement regularly. You can access the current version of this Data Privacy Statement at any time under the “Datenschutz” (data privacy) heading within the app or at https://coinpop.online/legal/v1/privacy/company.coinpop.coinpop.