Privacy Policy (Apps)

1. Data protection

General information

We take the protection of your personal data very seriously and treat it confidentially and in accordance with statutory data protection regulations and this privacy policy. This privacy policy applies to our apps. It explains the type, purpose and scope of data collection when using an app. We would like to point out that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible. Please do not hesitate to contact us at any time if you have questions about any data protection related issues.

Data Controller (Business)

MiMuX Software UG (haftungsbeschraenkt) is the data controller within the meaning of the GDPR (General Data Protection Regulation). Our contact details:

MiMuX Software UG (haftungsbeschraenkt)
George-Marshall-Strasse 7
D-65197 Wiesbaden
Germany

The contact details can be found in the legal notice

Rejection of unsolicited e-mails: We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in our Legal Notice to send us promotional and information material that we have not expressly requested. The operators of the apps and this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

We process data only for the purpose of conducting our business and improving our software. The processing of personal data does not constitute our main activity. We are not a public body, do not process critical categories of data and our processing does not require regular and systematic monitoring. For this reason, we are not obliged to appoint a data protection officer pursuant to Article 37 (1) of the GDPR.

Legal basis for data processing

The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or to the access to information on your end device the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 (1) (c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 (1) (f) GDPR.

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Recipients of personal data

In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so, if we have a legitimate interest in the disclosure pursuant to Art. 6 (1) (f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.

Information on the data transfer to third-party countries that are not secure under data protection law and the transfer to US companies that are not DPF-certified

Your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area. Such processing takes place exclusively for the fulfilment of contractual and business obligations. Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard.

We use, among other technologies, tools from companies located in third-party countries that are not safe under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are enabled, your personal data may be transferred to and processed in these countries. We would like you to note that no level of data protection comparable to that in the EU can be guaranteed in third countries that are insecure in terms of data protection law. We would like to point out that the US, as a secure third-party country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional assurances.

Encryption

Our apps use encryption for security reasons and to protect the transmission of confidential content. This encryption prevents the data you transmit from being read by unauthorized third parties.

Age Limits

If you are under 16, we do not knowingly collect personal information from you. If we discover that we have collected or processed data from users under the age of 16, we will delete that data.

Automated decision-making

We do not use automated processing to make decisions or profiling.

2. Your rights

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

In the event that data are processed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to at any time object to the processing of your personal data based on grounds arising from your unique situation. This also applies to any profiling based on these provisions. To determine the legal basis, on which any processing of data is based, please consult this data protection declaration. If you log an objection, we will no longer process your affected personal data, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms or if the purpose of the processing is the claiming, exercising or defence of legal entitlements (objection pursuant to Art. 21 (1) GDPR).

If your personal data is being processed in order to engage in direct advertising, you have the right to object to the processing of your affected personal data for the purposes of such advertising at any time. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21 (2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the person responsible.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated.

You are entitled to demand deletion of your personal data if one of the following applies:

The personal data is no longer required for the purposes for which it was collected.
You withdraw your consent that the processing was based on, and there are currently no valid legal grounds for processing.
You submit an objection to the processing of your data pursuant to Art. 21 (1) GDPR and there are no overriding justifiable grounds for the processing.
You submit an objection to the processing of your data pursuant to Art. 21 (2) GDPR.
The personal data was processed unlawfully.
The deletion of the personal data is required to fulfil a legal obligation in accordance with EU law or the law of individual member states, to which we are a member.

The right to deletion does not exist if the processing is necessary to assert, exercise or defend legal claims. The lawfulness of the data processing for the period between the consent and the withdrawal of this consent shall remain unaffected.

If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
If the processing of your personal data was / is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data instead of demanding the eradication of this data.
If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
If you have raised an objection pursuant to Art. 21 (1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data - with the exception of their archiving - may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

Right to information

If you have exercised your right to correction, deletion or limitation of processing, we are obliged to notify all recipients of this data, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

3. Recording of data

When downloading an app

Our apps can be downloaded from various app stores. When the app is downloaded, data is collected from the relevant app store. All relevant information can be found in the privacy policy of the respective app store. These include the following app stores (among others):

Google Play Store (https://policies.google.com/privacy)
Apple App Store (https://www.apple.com/legal/privacy/)
Valve Steam (https://store.steampowered.com/privacy_agreement/english/)

When using an app

Our apps are developed using products ("Unity" game engine) from Unity Technologies (Unity Technologies, 30 3rd Street, San Francisco, CA 94103, USA).

Depending on the app, the following Unity services can be used:

Unity Analytics (User behavior)
Unity Ads (In-App Advertising)
Unity IAP (In-App Purchase)
Unity Multiplayer

Depending on the software used, Unity may collect some or all of the following information:

IP address
Personal identifiers (randomly generated unique installation ID)
User ID (user- or account-level ID, defaults to the installation ID)
Authentication User ID (obtained if the Authentication SDK is used)
Device ID (unique advertising identifiers, IDFV, IDFA, or other device-level ID)
Device information (manufacturer, operating system, language, CPU model, graphics card, etc.)
Usage data (product interaction, app launches, etc.)
Diagnostic and performance data (launch time, energy use, etc.)
Approximate location (with lower resolution than latitude and longitude with three or more decimal places)
Purchase history (IAP plugin)
Advertising data (information about the advertisements the user has seen, click or tap an ad, etc.)

Purposes of data collection:

App functionality
Third-party advertising
Service provision, maintenance, and optimization
Responding to inquiries
Securing services, investigating cyber intrusions, fraud, and abuse
Protecting of operations, rights, safety, or property
Complying with legal obligations

Storage duration: By default, personal data is retained for 13 months.

Depending on the software used, Unity may share data with third-party providers:

Developers
Advertising and publishing partners (Ad IDs)
Affiliates (including ironSource)
Vendors & service providers
Law enforcement or similar parties

All relevant information can also be found in Unity Technologies' privacy policy:
https://unity.com/legal/game-player-and-app-user-privacy-policy
https://unity.com/legal/game-player-and-app-user-privacy-faq
https://unity.com/legal/privacy-policy

Requests by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6 (1) (b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 (1) (f) GDPR) or on the basis of your consent (Art. 6 (1) (a) GDPR) if it has been obtained. The consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

This Privacy Policy has been updated in January 2024.