Preamble
Welcome to Epity. This Privacy Policy explains which types of personal data we process, for which purposes and to what extent in connection with our website, mobile games and apps, and other digital services.
This Privacy Policy applies to the website www.epity.de and to mobile games and apps provided by Epity, in particular the game "Chicken Shooter: Galaxy Invader".
We process personal data lawfully, fairly, transparently and for specified purposes. We limit processing to data that is appropriate, relevant and necessary for the respective purposes.
Table of Contents
- Controller
- Personal data we process
- Purposes and legal bases of processing
- Hosting and technical provision of the website
- Contact and contact form
- Cookies and consent management
- Google Analytics and Google Consent Mode
- Google Ads
- Mobile games, Google Play and app services
- Google Play Games Services
- Google AdMob
- Children and young users
- Disclosure of personal data
- International data transfers
- Data security and retention
- Rights of data subjects
- External platforms and links
- Changes to this Privacy Policy
- Contact
- Definitions
1. Controller
Controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws:
- Name
- Thomas Tomasyan
- Project / Name
- Epity
- Address
- Gemarkenstr. 82, 45147 Essen, Germany
- Email address
- epitydevelopement@gmail.com
- Authorised representative
- Thomas Tomasyan
No telephone number is provided. For privacy-related requests and general enquiries, the email address above is available.
2. Personal data we process
The following overview summarises the categories of personal data we process. The specific data processed depends on whether you visit our website, contact us, or use our mobile games and apps.
2.1 Data you provide to us
When you contact us, in particular through a contact form or by email, we process the data you provide. This includes in particular your name, email address, subject, message content and any additional information you provide in connection with your request.
2.2 Data automatically processed on the website
When you access our website, technical data may be processed. This includes in particular IP address, date and time of access, pages accessed, referrer URL, browser type and version, operating system, device information and technical status messages.
2.3 Data automatically processed in apps and games
When using our mobile games and apps, technical and usage-related data may be processed. This includes in particular device information, operating system, app version, language settings, approximate location information such as city, region or country, app usage data, session duration, technical events, advertising and analytics identifiers, and crash or diagnostic data.
2.4 Sensitive personal data
Our website and games are not designed to collect special categories of personal data within the meaning of Art. 9 GDPR, such as health data, religious or philosophical beliefs, political opinions or biometric data. If such data is accidentally submitted in individual cases, we process it only where there is a legal basis or where it is strictly necessary to handle the respective request.
3. Purposes and legal bases of processing
We process personal data for the purposes and on the legal bases described below.
Website and communication
| Processing | Data categories | Purpose | Legal basis |
|---|---|---|---|
| Provision of the website | Technical access data, device information, usage data | Secure and stable provision of the website | Art. 6(1)(f) GDPR |
| Contact requests | Contact data, content data, communication data | Handling requests and communication | Art. 6(1)(b) and (f) GDPR |
| Consent management | Consent data, technical identifiers, browser and device information | Obtaining, managing and documenting consent | Art. 6(1)(c) and (f) GDPR |
| Web analytics | Usage data, technical data, approximate location data | Reach measurement and optimisation of the website | Art. 6(1)(a) GDPR |
Apps, advertising and legal obligations
| Processing | Data categories | Purpose | Legal basis |
|---|---|---|---|
| App operation | Device and app data, usage data, diagnostic data | Provision, stability and improvement of our games and apps | Art. 6(1)(b) and (f) GDPR |
| In-app advertising | Advertising ID, device information, app usage data, ad interaction data | Delivery, measurement and limitation of advertisements | Art. 6(1)(a) GDPR where consent is required |
| Legal obligations | Data required depending on the matter | Compliance with statutory retention, documentation and cooperation obligations | Art. 6(1)(c) GDPR |
Where we rely on legitimate interests, these interests are in particular the secure, stable, user-friendly and economic provision of our digital services, the handling of requests and the protection of our rights.
4. Hosting and technical provision of the website
We use technical service providers to provide our website. The domain is managed through STRATO. The technical creation, provision and delivery of the website is carried out through Lovable and the technical infrastructure used by Lovable.
Each time the website is accessed, technical access data is processed in order to provide the website securely, stably and functionally, to detect attacks or disruptions, to analyse errors and to ensure user-friendliness. The legal basis is Art. 6(1)(f) GDPR.
Where providers act as processors in connection with the technical provision of the website, they are engaged on the basis of appropriate data protection agreements where legally required.
5. Contact and contact form
When you contact us, in particular via contact form, email or other communication channels, we process the information provided by the requesting person to the extent necessary to respond to the request and carry out the requested measures.
This includes in particular contact data, content data and meta, communication and procedural data, such as name, email address, message content, time of contact and accompanying technical information.
Processing is carried out to handle the respective request. The legal basis is Art. 6(1)(b) GDPR where the request relates to contractual or pre-contractual measures. Otherwise, processing is based on legitimate interests pursuant to Art. 6(1)(f) GDPR.
6. Cookies and consent management
Our website uses cookies and similar technologies. Some cookies are technically necessary to provide the website. Other cookies and similar technologies, in particular for analytics purposes, are used only after consent has been given.
Users can give, refuse, change or withdraw their consent via the cookie settings provided on the website.
Consentmanager
We use Consentmanager to obtain, manage and document consent for the use of cookies and similar technologies.
Service provider: consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden.
The data processed includes in particular consent data, IP address, browser and device information, time of consent, CMP ID, technical identifiers and information about the selected consent options.
Processing is carried out to obtain, manage and document consent and to technically control services requiring consent. The legal bases are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.
7. Google Analytics and Google Consent Mode
Google Analytics
We use Google Analytics to measure and analyse the use of our website. Google Analytics is activated on our website only after consent has been given through Consentmanager.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The data processed includes in particular page views, time spent on pages, scroll behaviour, interactions with content, technical device and browser information, referrer information and approximate location information.
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR.
According to Google, Google Analytics does not log or store individual IP addresses of users from the EU. Analytics may provide approximate geographic location data derived from IP address metadata. For EU traffic, IP address data is used only to derive geolocation data and is then discarded, according to Google.
Google Consent Mode
We use Google Consent Mode to technically communicate users' consent decisions to Google services. This controls whether and to what extent Google services may process analytics or marketing data. Without consent, analytics and advertising functions are restricted accordingly.
8. Google Ads
Google Ads is not active on our website. No Google Ads remarketing tags, Google Ads conversion tracking functions or personalised advertising functions via Google Ads are used on the website.
9. Mobile games, Google Play and app services
Epity develops mobile games and apps. Our offering includes in particular the game "Chicken Shooter: Galaxy Invader". In connection with the provision and use of our mobile games and apps, personal or device-related data may be processed.
The data processed includes in particular approximate location information such as city, region or country, device information, operating system, app version, language settings, app usage data, session duration, technical events, crash and diagnostic data, and advertising and analytics identifiers where required for the integrated services.
Our apps do not use their own user account, their own login or in-app purchases. We do not collect or process payment data.
The information in the Google Play Data Safety section corresponds to this Privacy Policy.
10. Google Play Games Services
We use Google Play Games Services in our apps. Google Play Games Services may provide functions such as player profiles, achievements, leaderboards, game progress or comparable platform functions.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The data processed by Google Play Games Services depends on the enabled functions and the user's settings in the Google account or on the device. In particular, device information, user identifiers, game progress, achievements, leaderboard information and interaction data may be processed.
11. Google AdMob
We use Google AdMob in our apps to display advertisements.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When AdMob is used, device information, IP addresses, advertising IDs, app usage data, approximate location information and information about ad impressions and interactions may be processed.
For users in the European Economic Area, the United Kingdom and Switzerland, required consent for access to local storage technologies, advertising IDs and the processing of personal data for advertising purposes is obtained through a consent solution. Users can withdraw or adjust their consent through the privacy settings provided.
Advertising may be personalised or non-personalised. The specific type of ad delivery depends on the user's consent, applicable legal requirements and the settings of the device and respective platform.
12. Children and young users
Our games and apps may also be used by younger users. For such offerings, we pay attention to data minimisation and compliance with relevant platform requirements, in particular Google Play policies.
For users who are treated as children or as users below the applicable age threshold, personalised advertising is not used. Advertising and analytics functions are configured in an age-appropriate and privacy-conscious manner where required due to the target audience, platform requirements or applicable legal obligations.
Parents or guardians may contact us using the contact details provided in this Privacy Policy if they have questions about data processing in connection with our games or apps.
13. Disclosure of personal data
We disclose personal data only where there is a legal basis. Disclosure may take place in particular to technical service providers, hosting and infrastructure providers, consent management providers, analytics providers, app platforms, advertising service providers or other recipients where this is necessary for the provision, security, analytics, advertising or legal administration of our services.
Disclosure may also take place where we are legally obliged to do so, where this is necessary to enforce our rights or where consent has been given.
We do not sell personal data in the traditional sense in exchange for money. Where advertising-related data is transmitted to advertising partners, this takes place only in accordance with applicable legal requirements and consents.
14. International data transfers
When using certain services, in particular Google services, personal data may be processed outside the European Union or the European Economic Area.
Transfers of data to third countries take place only in accordance with legal requirements. Where necessary, we rely on adequacy decisions, the EU-US Data Privacy Framework, Standard Contractual Clauses of the European Commission or other legally recognised safeguards.
15. Data security and retention
We take appropriate technical and organisational measures in accordance with legal requirements to protect personal data against loss, misuse, unauthorised access, alteration or disclosure.
Our website is transmitted via HTTPS encryption.
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations. Contact requests are deleted once they are no longer required and no statutory retention obligations prevent deletion. Consent data is stored for as long as necessary to demonstrate consent.
Statutory retention periods may exist in particular under commercial and tax law. Where such periods apply, the relevant data is stored for the duration of the statutory periods and then deleted or anonymised.
16. Rights of data subjects
Data subjects have, subject to the statutory requirements, in particular the following rights:
- Right of access to the personal data processed.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure of personal data.
- Right to restriction of processing.
- Right to data portability.
- Right to object to certain processing activities.
- Right to withdraw consent with effect for the future.
- Right to lodge a complaint with a competent supervisory authority.
For users habitually resident in North Rhine-Westphalia, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia may be competent. The competence of other supervisory authorities remains unaffected.
17. External platforms and links
Our website may link to external platforms or profiles, in particular developer platforms such as GitHub. If users follow such a link, they leave our online offering. The respective provider is generally responsible for the processing of data on the external platform.
GitHub is used in particular as a development and code management platform. Where repositories or profiles are not publicly accessible, they do not constitute public presentation to website visitors.
18. Changes to this Privacy Policy
We amend this Privacy Policy when our website, apps, services used, data processing or legal requirements change. The current version is available on our website.
19. Contact
For questions, complaints, feedback or other privacy-related requests concerning the use of our website, games or apps, you can contact us by email:
20. Definitions
Personal data means any information relating to an identified or identifiable natural person.
Processing means any operation relating to personal data, in particular collection, storage, retrieval, transmission, analysis or deletion.
Usage data means information about how users use digital offerings, such as page views, click paths, time spent, technical interactions, app usage or game events.
Device and app data includes technical information about the device used, operating system, app version, language settings, device identifiers and technical events within an app.
Consent is a freely given, informed and unambiguous indication by which a data subject indicates agreement to the processing of personal data for specified purposes.
Cookies are small files or similar storage information that can be stored on or read from the user's device.