Privacy Policy
DIGIDICED UG
www.digidiced.com
(last updated 07.11.2023)

A. Introduction
The information in this declaration applies to the processing of personal data on or via our website and is intended in particular to inform you of the scope of processing, the purposes of processing, the recipients, legal bases, storage periods and your rights. Personal data are all information relating to an identified or identifiable natural person, i.e. a person (hereinafter also referred to as “data subject”), including for example your name, your address or your e-mail address. Processing” of personal data means in particular the collection, storage, use and transmission of such data.

I. Name and Address of the data controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Digidiced UG (limited)
Pettenkoferstraße 3
10247 Berlin
Germany
email: info@digidiced.com
Website: digidiced.com
If you have any questions or you want to delete/get information about your persoanal data please use our contact form or send us your questions via mail.


II. General information data processing

1. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, legal basis is Art. 6 para. 1 lit. a GDPR.
Insofar as the processing of personal data is required for the performance of a contract to which the data subject is a party, legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, legal basis is Art. 6 para. 1 lit. c GDPR.
If processing of data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, legal basis is Art. 6 para. 1 lit. f GDPR.

Camera Images: Our Scoring Apps use the camera to scan playing cards. The images are processed locally on your device and are not stored or transmitted to our servers unless you choose to send a bug report. Bug Reports: When you initiate sending a bug report, the images from the camera (if applicable), error logs, and the device ID are included in the report.

2. Data deletion and storage time
The personal data of the data subject will be deleted or processing restricted as soon as the purpose of storage ceases to apply. In certain cases, data can be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject.

III. Provision of the website and creation of log files

1. Description and extent of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing device (computer, smartphone, tablet, etc.).

The following data is collected:
• Information about the browser type and version used
• The operating system of the accessing device
• The IP address of the accessing device
• Date and time of access
• Websites from which the system of the accessing device reaches our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s device. For this the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website.
In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing also lies in these purposes.

4. Storage time
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this will happen after seven days at the latest. Further storage is possible. In this case, however, the IP addresses of the users are deleted or made anonymous, so that an identification of the accessing client is no longer possible.

IV. Newsletter

1. Description and extent of data processing
If you register on our website for the newsletter we use this for sending you a newsletter in which we inform you at regular intervals about news in connection with Digidiced’s games (e.g. most recent information on all of Digidiced’s games, details on platforms, new games, technical specifications, etc.). The following data from the input mask is transferred to us:
• E-mail address
In addition, the following data is collected upon registration:
• IP address of the accessing device•
• The date and time of registration

2. Legal basis for data processing
The legal basis for sending the newsletter and the related processing of the e-mail address is Art. 6 Abs. 1 lit. a GDPR.
The legal basis for the collection of further personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
In this regard, the collection of the user’s e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. This also constitutes our legitimate interest in the processing.

4. Storage time
The data will be deleted as soon as the purpose of its collection is no longer given. The user’s e-mail address will therefore be stored until the user objects to receiving the newsletter. If we need the user’s e-mail address for further purposes (see further details in this data privacy declaration), the deletion will be replaced by the corresponding restriction on processing, i.e. we will no longer use the e-mail address for sending the newsletter.
The other personal data collected during the registration process will generally be deleted after a period of seven days.

5. Possibility of opposition and elimination
The affected user can object to the dispatch of the newsletter at any time. For this purpose there is a corresponding link in every newsletter. Furthermore, the user can unsubscribe from the newsletter in his account settings. For the contradiction no other costs arise than the transmission costs according to the basic rates.

6. Recipients of the data and transfer to a third country
As part of sending the newsletter, we will forward your e-mail address to The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (provider of the newsletter distribution platform “MailChimp”). The Rocket Science Group, LLC is a newsletter management service provider who takes over the dispatch of our newsletter for us as contract processors (cf. Art. 28 GDPR). Your personal data will be processed by this company in the USA on our behalf within the scope of the newsletter dispatch.
Transmission to The Rocket Science Group, LLC in the USA as a third country within the meaning of the GDPR is permissible according to Art. 44, 45 GDPR, since an appropriate level of data protection is given for the USA in relation to this company.
On the basis of Art 25 para. 6 EU-Personal data directive(1995), the EU Commission has issued an adequacy decision in the form of the so-called EU-US Privacy Shield. The EU-US Privacy Shield is an intergovernmental agreement between the United States and the European Union. This agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. A self-certification procedure by the companies under the supervision of the US authorities ensures that only companies that respect data protection equivalent to that of the EU process personal data from the EU in the USA.
The Rocket Science Group, LLC is certified according to the requirements of the EU-US Privacy Shield. This ensures an adequate level of protection for the designated recipients despite the lack of an adequacy resolution by the EU Commission within the meaning of Art. 45 GDPR.

V. Requests by contact form or e-mail

1. Description and extent of data processing
It is possible to contact us via the contact form and e-mail address provided on our website. In this case, the user’s personal data transmitted via contact form or e-mail will be stored.

2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
Purpose of data processing is the handling of requests and other questions. The processing of personal data serves us solely to handle the contact approach. This is also our legitimate interest in the processing of the data.

4. Storage time
The data will be deleted as soon as the purpose of its collection is no longer given. For the personal data that were sent contact form or by e-mail, this is the case when the respective conversation with the user is finished. The conversation is finished when the circumstances indicate that the matter in question has been solved.
If data is collected in the course of e-mail communication which we are obliged to store due to tax, commercial law or other regulations, it will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.

VI. Other recipients of personal data (EU only)
For the provision of our website and the offered contact possibilities, we make use of other service providers, including host providers and e-mail providers, each based in the European Union, who process the data stored by them exclusively on our behalf as processors according to Art. 28 GDPR.

VII. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller (in the case of the fulfilment of further conditions regulated in the relevant regulations, if applicable):
• The right of access according to Art. 15 GDPR
• The right to rectification according to Art. 16 GDPR
• The right to erasure (“right to be forgotten”) according to Art. 17 GDPR
• The right to restriction of processing according to Art. 18 GDPR
• The right to a notification according to Art. 19 GDPR
• The right to data portability according to Art. 20 GDPR
• The right to object according to Art. 21 GDPR
• The right not to be subject to a decision based solely on automated processing according to Art. 22 GDPR
• The right to withdraw consent to the processing of personal data according to Art. 7 para. 3 GDPR
To assert these rights, please contact our data protection officer.
Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the GDPR.