At Max2Play, we are keenly aware of the trust you place in us and our responsibility to protect your privacy. To better protect your privacy we provide this notice explaining of our online information practices, including how we collect and use the information you may provide to us on the website, and the choices you can make about the way your information is collected and used. We comply with the data protection regulations of the European Union regarding your personal data.
Personal data are single details about personal or factual circumstances of a certain or a definable natural person. Information that can identify a person or make him identifiable.
Hereafter, we will explain what information is collected and for what purpose.
Data Collection and Processing
We hereby confirm that the collection, processing and use of personal data is done in compliance with all data protection regulations and is in adherence with the laws mentioned above, specifically the GDPR Art. 6 s. 1 a. This means we only process data in case of legitimate interest according to Art. 6 s. 1 f GDPR (e.g. for analysis, optimization and protection of the Max2Play online offerings) or under permission of processing by the user (e.g. accepting requests).
We have technical (e.g. SSL encryption), contractual (e.g. data processing agreement) and organizational measures (e.g. access restrictions) in place to ensure that the rules of the GDPR are abided by and that data is secure from access and manipulation.
It is possible to access our website without offering any personal information. We have also taken measures to anonymize (see paragraph Google Analytics), i.e. an analysis data acquisition only serves to improve our offerings and does not allow for any inferences about individuals.
We process the following categories of data which are relevant for using the Max2Play website and services or are necessary for contacting:
– master data (e.g. name)
– contact data (e.g. phone number, email)
– content entry data (e.g. text/ comment entry, access times)
– meta data (e.g. IP address)
We collect and save information in log files in accordance with Art. 6 s. 1 f GDPR (e.g. to resolve cases of misuse or scamming), that your browser automatically transfers to us after requests. The following data is collected:
– Referrer URL (the page from which Max2Play was accessed)
– Browser type/ -version
– Used operating system
– Web pages viewed during the visit at Max2Play
– IP address (host name of the accessing computer)
– Date and time of server request
– Transferred data volume
– Requesting provider
All of this data is subject to a special protection in accordance with the regulations under data protection law, which we at Max2Play and its corresponding applications guarantee through technical and obligatory measures. This data cannot be assigned to any particular person. Merging of this data with other data sources will not be done.
For security reasons, log file information is stored for a maximum duration of 7 days and then deleted. If further retention of the data is required for evidence, these will be exempt from the cancellation until the final clarification of the incident.
We use so-called cookies to allocate your requests from the internet. These small files are automatically stored on your hard drive by your browser for the duration of your stay on our website and are necessary for the accurate use of our website. You can delete the cookies after finishing your stay at our website with certain configurations in your browser. They serve to make our website more user-friendly, effective and secure.
You can find further information on the subject of cookies here
Our online offerings are also usable under exclusion of cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
The option to have many online advertising cookies from companies is given via the US website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad- choices/.
Use of Google Analytics
Max2Play uses Google Analytics, which is a web analysis service provided by Google Inc., (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Web analysis is the collection, storage and analysis of data about the behavior of visitors to websites. A web analysis service collects data including from which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of online advertising.
We only use Google Analytics with active IP anonymization. This means that the IP address of the users Google within member states of the European Union or in other contracting states of the Agreement from the European Economic Area will be shortened. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
Google is certified under the Privacy Shield Agreement and therefore provides a guarantee to comply with European privacy legislation: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google Analytics uses so-called “cookies”, which are text files that are stored on your computer and make it possible for us to analyse your use of this website. The information about your use of this website that is generated by means of a cookie is, in most cases, transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website and you are located in a member state of the European Union or in another contracting state to the Agreement on the European Economic Area, your IP address will first be shortened by Google.
Only in exceptional cases will your complete IP address be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website in order to analyze your use of this website, compile reports on website activities, and render further services related to website and internet usage for the operator of this website.
The IP address provided by your browser in the context of Google Analytics will not be merged by Google with other data. You can prevent storage of cookies by means of a setting in your browser software; however, we must advise you that in this case you might not be able to use all the functions of this website to their full extent.
Beyond this, you can also prevent collection of the data that is generated by cookies and related to your use of this website (including your IP address) by Google as well as processing of this data by Google by downloading and installing the browser plugin available under the following link. http://tools.google.com/dlpage/gaoptout. We like to point out, however, that in this case you might not be able to use all the website’s functions to their full extent. By using our website, you agree to the processing of the compiled data by Google in the aforementioned manner and for the aforementioned purpose.
For more information about Google’s use of data, opt-out and other options, please visit Google’s websites:
Conversion Tracking Pixel of Facebook and Facebook Custom Audience
With your permission, Max2Play uses the “conversion tracking pixel” of the Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). With this tool we can follow actions of the users after they saw or clicked a Facebook advertisement. Therefore we can record the efficiency of Facebook advertisements for statistical and market research purposes. The collected data is anonymous, which means we cannot see the personal data of the user. To our knowledge and your information, Facebook will store and process these data.
Facebook users should note that Max2Play uses the Website Custom Audience communication tool from Facebook. For this purpose, so-called Facebook pixels are built into our websites. If you are a Facebook user, Facebook is thus able to assign your visit of our website pages to your Facebook user account. Further, Facebook can subsequently find out whether a particular Facebook ad was effective. The Facebook pixel also enables us to distribute ads to defined recipients via Facebook. For this purpose, we exclusively receive statistical data from Facebook that is not related to actual persons. The purpose of this measure is to optimize our website in terms of advertising appeal, market research, and demand-driven design. The pixel-based tracking activities are performed in a way that does not enable us to identify you personally and only marks users as visitors of our website in anonymized form for us.
Facebook is certified under the Privacy Shield Agreement and therefore provides a guarantee to comply with European privacy legislation: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Use of the Facebook-Plugin
On these websites, the plugins of the social network facebook.com are utilized, which are run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“). If you open a website of our web presence with such a plugin, a connection to the Facebook servers is established and the plugin is shown through a message to your browser. Hereby, the Facebook server is signalled about which websites of ours you have visited. If you are logged in as a member of Facebook at that time, Facebook will assign this information to your Facebook user account. By using the plugin functions (e.g. click on the „like“-buttons, writing of comments), this information is also attributed to your Facebook user account, which you can only prevent by logging out before using the plugins.
If you are not a member of Facebook, there is still the possibility that Facebook will find out and save your IP address. In Germany, according to Facebook, only an anonymized IP address is stored. Further information on the gathering and usage of data by Facebook and your respective rights and possibilities to protect your privacy can be found in the privacy section on Facebook.
Facebook is certified under the Privacy Shield Agreement and therefore provides a guarantee to comply with European privacy legislation: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Max2Play uses SSL encryption for security and to protect the transmission of sensitive content, such as the requests you send to the site operator. You can recognize an encrypted connection by changing the address line of the browser from „http://“ to „https://“ and the lock symbol in your browser bar.
If SSL encryption is enabled, the data you submit to us cannot be read by third parties.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/intro/android.html
Google Library for Ajax and jQuery
This Website uses the “Akismet” service offered by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. The use is based on our legitimate interests within the meaning of Art. 6 s. 1 f GDPR. With this service, comments of real people are distinguished from spam comments. All comment information is transferred to a server in the US, where it is analysed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will be stored after this time. This information includes the pseudonym entered, the e-mail address, the IP address, the comment content, the referrer, information on the browser used, the computer system and the time of entry. You can completely prevent the transfer of data by not using our commenting system. You may object to the use of your data for the future at [email protected], subject „Deletion of Data stored by Akismet“ stating / describing the stored data.
Automattic is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law
Gravatar Profile Picture
Our website uses the service Gravatar provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA.
Gravatar is a service where users can log in and store profile pictures and their e-mail addresses. If users leave contributions or comments with the respective e-mail address on other websites (especially in blogs), their profile pictures can be displayed next to the comments. For this purpose, the e-mail address provided by the users is transferred to Gravatar in encrypted form for the purpose of checking whether a profile has been saved for it. This is the sole purpose of the transmission of the e-mail address and it will not be used for other purposes, but will be deleted thereafter.
The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 s.1 f GDPR, as we offer, with the help of Gravatar, the possibility to personalize the authors of contributions and comments with a profile picture.
Automattic is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active
We want to point out that it is also possible to use an anonymous one or no e-mail address if users do not wish their own e-mail address to be sent to Gravatar. If users do not want a user image associated with their email address to appear in Gravatar’s comments, you should use a non-Gravatar email address for commenting. Users can completely prevent the transfer of data by not using our comment system.
Your data will therefore be transferred to rapidmail GmbH. rapidmail GmbH is not allowed to use your data for purposes other than sending the newsletter. A passing on or a sale of your data is not allowed to rapidmail GmbH. rapidmail is a German, certified newsletter software provider, which was carefully selected according to the requirements of the GDPR and the BDSG. You can object to receiving the newsletter at any time by sending us an e-mail or using the unsubscribe link within the newsletter.
Comments in the Forum
When you post a comment in the forum, your IP address will be stored. This is a security measure, in case someone publishes illegal content (insults, prohibited political propaganda, etc.). In this case, tellows could be prosecuted for the content. Therefore, we are interested in the identity of the comment author.
It is possible to subscribe to the number pages. To do so, you must enter your e-mail address. You will receive a confirmation email to verify that you are the owner of the entered email address. You can unsubscribe from the notifications at any time. The confirmation email contains instructions.
Collection and processing using the contact form
When using the contact form, we collect personal data (details about personal or factual circumstances of a specific or identifiable natural person) only in the scope provided by you. We only use your e-mail address to process your request. Your data will then be deleted, unless you have consented to the further processing and use.
Right of Information
Right to Erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point a of Art. 6 s. 1, or point a of Art. 9 s. 2, and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Art. 21 s. 1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 s. 2;
- the personal data has been unlawfully processed;
- the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data has been collected in relation to the offer of information services referred to in Art. 8 s. 1.
Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy, or replication of, those personal data.
This right shall not apply to the extent that processing is necessary for erasure (“right to be forgotten”). This includes the following requirements:
- exercising the right of freedom of expression and information;
- compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- the establishment, exercise or defence of legal claims.
Right to Restriction of Processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Art. 21 s. 1 pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted under s. 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
In order to allege the right to restriction of processing, the data subject can contact us at any time under datenschutzATtellows.de (replace AT with @).
Right to Data Portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
- the processing is based on consent pursuant to point a of Art. 6 s. 1 or point a of Art. 9 s. 2 or on a contract pursuant to point b of Article 6 s.1 GDPR; and
- the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to s. 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right of removal shall be unaffected. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to Object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e or f of Art. 6 s. 1, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Please contact datenschutzATtellows.de for an objection (replace AT with @).
Automated Individual Decision-Making, Including Profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- is based on the data subject’s explicit consent.
In these cases, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
This right can be exercised by the affected person at any time by addressing himself to the responsible person.
Right to Complain to a Regulating Authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a regulating authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if the person in subject considers that the processing of the personal data infringes this Regulation.
Right to Effective Legal Remedy
Without prejudice to any available administrative or non-legal remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77, each data subject shall have the right to an effective legal remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Questions about Privacy
If further questions or suggestions regarding the subject of privacy might arise, please contact our data privacy officer at [email protected]