This is the privacy policy of the app. You can find the website’s privacy policy here.
Privacy Policy
1. General Provisions
1.1 What Constitutes Personal Data
Personal data refers to information that discloses or may disclose the user's identity. We adhere to the principle of data minimization, avoiding collection of personal data wherever possible.
1.2 Handling of Personal Data
Personal data serves exclusively for contract initiation, substantive design, performance, or settlement of the contractual relationship (Art. 6(1)(b) GDPR).
Beyond this scope, we process personal data only when we have obtained your consent (Art. 6(1)(a) GDPR) or when processing is necessary for our legitimate interests, provided that balancing reveals no overriding interests, fundamental rights, or freedoms on your part (Art. 6(1)(f) GDPR).
While we may use data processors for processing your personal data, we generally will not transfer personal data to third parties beyond such arrangements.
Processing of your personal data occurs within the EU and in countries classified by the EU as safe or adequate. Should processing of personal data occur in the USA, we ensure that the services we use are certified under the Data Privacy Framework.
1.3 Usage Data and Permissions
When you install our mobile application, certain necessary data is transmitted to the store you use. This includes your username, download timestamp, your unique device identifier, and the device's unique identifier. You also have the option to rate our app in the respective store. We have no influence over this data collection and processing and assume no responsibility for it. Additional information can be found in the privacy policy of the respective store you use.
When you use our mobile app, we process the following data that is technically required for us to provide you with our mobile app's functions and ensure stability and security. The legal basis is Art. 6(1)(f) GDPR:
- IP address,
- Date and time of request,
- Time zone difference to Greenwich Mean Time (GMT),
- Request content,
- Access status,
- Respective data volume transferred,
- End device type,
- Operating system,
- Language and version of browser software.
The app additionally requires the following permissions:
- Internet access (technically necessary): Enables the app to access the internet for online features such as cloud storage of game progress, potential download of new puzzle motifs, and app updates.
- Network status access (technically necessary): Allows the app to verify internet connection availability before activating online features.
- Advertising ID: Necessary for personalized advertisements if you use the ad-supported app.
- In-app purchases (technically necessary): Enables in-app purchases for virtual coins and goods or additional features.
- Protection of internal communications (technically necessary): The app ensures that important internal notifications can only originate from the app itself and cannot be disrupted by other apps.
- Enhanced privacy for advertising: Through new Google advertising tools, the app receives only general information about your interests so you continue to see relevant advertisements without unnecessary sharing of your personal data (from Android 14, https://developer.android.com/privacy-sandbox).
- Automatic continuation after restart (technically necessary): After a phone restart, the app automatically restarts certain background tasks (such as reminders or synchronizations) without your action.
- Support for important background processes (technically necessary): To prevent interruption of downloads, updates, or other background tasks, the app keeps the device active when necessary, even when the screen is off.
- Persistent services with notification (technically necessary): Functions intended to run continuously (such as music or navigation services) display ongoing notifications so you always know the app is active in the background.
- Camera (optional): Enables taking your own photos to use directly as puzzle motifs.
- Access to photos and media (optional): Allows the app to directly open existing images on your device and use them as puzzle motifs. Permission request occur only when the app independently wants to access media – no additional consent is required when using the share function.
- Notifications (optional): Enables the app to inform you about important communications and news directly on your device, ensuring you don't miss relevant information.
Please note that the technically necessary permissions listed above cannot be deactivated, as this would completely restrict app functionality. However, you may deactivate use of the advertising ID for personalized advertisements through corresponding Android settings at any time without impairing app functionality.
The legal basis for technically necessary permissions is Art. 6(1)(b) GDPR (contract performance) or § 25(2)(2) TTDSG (unconditional necessity). The pseudonymized advertising ID is used only after your active consent (Art. 6(1)(a) GDPR).
For all optional permissions, the app obtains your express consent. If these are declined, only the respective functions become unavailable; the app's remaining functionality remains fully intact.
The permissions listed here also refer to functions that may only become available in later app versions.
1.4 In-App Purchases
When you make in-app purchases, we do not process any of your personal data in this connection. Such data, particularly data relevant for electronic payment processing, is exclusively collected and processed by the respective App Store. Please observe the App Store's privacy provisions when using it.
Should you have questions about the processing of your personal data by the respective app store, please contact the app Store through which you made the download or in-app purchase.
1.5 Storage Duration
Following termination of the purpose for which data was collected, we store your personal data only as long as required by legal (particularly tax law) provisions.
In detail, the following retention periods apply, for example:
| Type of data | Retention period |
|---|---|
| Tax Data | 10 years |
| Commercial or business letters (including e-mails and faxes) and other documents insofar as these are relevant for taxation purposes. | 6 years from the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting voucher was created, the record was made, or the other documents were created. |
| Transaction and registration data | 10 years from the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting voucher was created, the record was made, or the other documents were created. |
| Consent to data processing under data protection law | For the duration of the possibility of the assertion of rights by the data subject(s). |
| (Electronic) correspondence that has no relevance under tax law | As long as this is necessary to fulfill the task, unless the processing serves the assertion, exercise or defense of legal claims. |
| Usage data in accordance with section 1.3 of this privacy policy | max. 30 days |
2. Your Rights
2.1 Information
You may request information from us about whether we process personal data concerning you, and if so, you have a right to information about this personal data and the additional information specified in Art. 15 GDPR.
2.2 Right to Rectification
You have the right to rectification of inaccurate personal data concerning you and may request completion of incomplete personal data according to Art. 16 GDPR.
2.3 Right to Erasure
You have the right to request that we immediately delete personal data concerning you. We are obligated to delete it immediately, particularly if one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which data processing was based, and no other legal basis exists for processing.
- Your data was unlawfully processed.
The right to erasure does not exist when your personal data is necessary for asserting, exercising, or defending our legal claims.
2.4 Right to Restriction of Processing
You have the right to request restriction of processing of your personal data when:
- You contest the accuracy of the data, and we must therefore verify accuracy.
- Processing is unlawful, and you decline deletion, instead requesting restriction of use.
- We no longer need the data, but you require it for asserting, exercising, or defending legal claims.
- You have objected to the processing of your data, and it has not yet been determined whether our legitimate grounds outweigh your grounds.
2.5 Right to Data Portability
You have the right to receive personal data concerning you that you provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided processing is based on consent or a contract and processing by us occurs through automated procedures.
2.6 Rights of Withdrawal and Objection
When processing of your personal data is based on consent (Art. 6(1)(a) GDPR), you have the right to withdraw this consent at any time. This does not affect the lawfulness of processing performed based on consent before withdrawal.
When processing of your personal data is based on Art. 6(1)(e) GDPR or Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to processing of personal data concerning you at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or processing serves to assert, exercise, or defend legal claims.
2.7 General Provisions and Right to Complaint
Exercise of your aforementioned rights is generally free of charge. You have the right to lodge complaints directly with the supervisory authority responsible for us, the State Data Protection Officer.
3. Anonymous Usage Analysis
We collect and process anonymized data about use of our app to improve functionality and optimize user experience. In this context, the following data is processed:
- Interactions with app functions (without personal reference)
- Frequency of use of individual features
- Technical performance data
- Anonymized crash reports
Processing of this data serves general improvement of app functionality, error analysis and correction, optimization of user guidance, and development of new features.
Processing occurs based on our legitimate interest in continuous improvement of our app according to Art. 6(1)(f) GDPR.
The collected data is anonymized such that identification of your person is excluded. Technical tracing back to individual users is not possible.
4. Third-Party Services
4.1 Google Ads API
The app uses the Google Ads API (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to display affiliate links and advertising banners leading to external providers. These links serve to generate advertising cost reimbursements when you make transactions or visit target sites through these links. Integration serves primarily to finance the app and provide product-relevant purchase recommendations as a service. In this context, the following personal data is processed:
- IP addresses
- Device ID (Android Advertising ID)
- Click behavior and interaction times
- HTTP header data (including referrer URL)
Google processes this data in pseudonymized form to assign conversions and prevent abuse. Google also employs cookies and device fingerprinting to track user activities across sessions. This enables assignment of commissions for transactions.
Processing occurs based on Art. 6(1)(f) GDPR (legitimate interest in cost-covering operation). For tracking technologies, additional consent under Art. 6(1)(a) GDPR is required, obtained through a Consent Management Tool.
Clicks on affiliate links directly transmit data to the advertised third-party providers. Google functions as a Joint Controller according to Art. 26 GDPR, with data protection responsibility for subsequent processing steps lying with the respective advertising partners.
You can view Google's privacy policy here: https://policies.google.com/privacy
4.2 Use of Google Play Games Services
Our app also uses Google Play Games Services from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for extended gaming functions. These include:
- Cloud storage of game progress
- Leaderboards
- Player achievements
In this context, the following (personal) data is processed:
- Game progress and achievements
- Leaderboard entries and scores
- Google account information (as required for gaming functions)
- Device identifiers
Processing of your (personal) data serves synchronization of game progress between different devices, provision of leaderboards and comparison functions, and securing of game progress.
Stored game progress is placed in your personal Google Drive storage and occupies part of your available storage quota. Google manages this data according to Google's privacy provisions.
Use of Google Play Games Services occurs based on your consent according to Art. 6(1)(a) GDPR, which you provide upon first use of the corresponding functions.
Detailed information about privacy at Google can be found at: https://policies.google.com/privacy
Information about Google Play Games Services: https://developers.google.com/games/services
5. Contact
For contact regarding data protection, you may reach us using the following contact options. Data Controller under GDPR:
Udo Reiss
c/o IP-Management #24278*
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
Email: contact@panotium.com
Phone: +49 17622947565