This is a translation of the original document. The original document in German language is valid. We assume no liability for errors in the translation. See the orignal document in German (Datenschutzerklärung)

Data protection As of August 13th, 2022

With the following data protection declaration we would like to inform you which types of your personal data we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites and on external online presences, such as our social media profiles.

1.      Data controller

Groth & Miersch GbR

Robert-Bosch-Straße 12

64293 Darmstadt

Email: support@clickfight.net

2.      Overview

We are providers of online games and mobile games (hereinafter: services) under the domain www.clickfight.net and the associated sub-pages (hereinafter: Domain) and with the help of the mobile apps available for download for various operating systems (hereinafter: App).

Your data will be collected, processed and used in accordance with the provisions of the Telemedia Act (TMG) and data protection law, in particular the Federal Data Protection Act (BDSG) and, from May 25, 2018, the General Data Protection Regulation (GDPR).

This data protection declaration explains the handling of personal data. Personal data refers to any information concerning the personal or circumstantial situation of an identified or identifiable natural person This includes, for example, name, birthday, telephone number, but also e-mail address and usage data, such as the IP address. The data protection declaration also provides information about which data is collected, stored and processed and how we guarantee the protection and security of personal data.

We do not require a real name. Instead of a name, the user can also enter a pseudonym. For tax reasons, it may be necessary for individual parts of the services to provide us with your name, address and nationality. We will point this out to you separately in these casesdown.

3.      How will my data be collected, processed and used when the app is downloaded?

When the app is downloaded, the information required for this is transferred to the respective app store operator. Depending on the app store, these are, for example, the email address or the customer number of the app store user of the respective app store, the time of the download and an individual device code number. However, we have no influence on this data collection and are not responsible for processing. The corresponding data protection declarations/settings of the respective app store operator apply.

We process the data provided by the respective app store operator insofar as this is necessary for downloading the app to the device.

For the technical functionality of the app and to provide the services offered with the app, we need various access options and information. Depending on the operating system, permission to access individual functions and information is requested during the installation process. The access authorizations include the location, the notifications and the mobile data. Some of these authorizations can be withdrawn manually under the settings of the end device. However, it must be taken into account that the app can only be used to a limited extent or not at all without corresponding approvals. Depending on the app version, authorizations are requested before or after the installation.

4.      How will my data be collected, processed and used when visiting the domain or the app without creating a user profile?

We use the personal data that the user provides or that arises when using the services without creating a user profile, without separate consent, exclusively for the implementation of the user relationship and out of our legitimate interest in accordance with this data protection declaration.

When you simply visit the domain (on a so-called landing page/start page) or install the app without creating a user profile, we collect the following data transmitted by the user's device or browser:

●       IP address

●       Name of the accessed website, file, date and time of the request

●       The amount of data transferred

●       Browser type and version

●       Referrer URL (URL of origin) from which the user came to the accessed page

●       Accessed provider

●       UserAgent

As well as the following data transmitted by the device used by the user when simply installing the app without registering or creating a user profile:

●       Push Handle (for sending push messages)

●       Location data (GPS Location), provided that the user has given the app authorization in their device

●       Country code

●       Language

●       Device data, such as manufacturer, device type, advertising ID, operating system and version.

This data is required for the use of the domain or for installing the app or is used for analysis for statistical purposes and to optimize the services. The data is processed and used to prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of the services. For this purpose, we save the collected data in full for up to 90 days.

We also use cookies, analysis services and tracking providers.

5.      How will my data be collected, processed and used after creating a user profile and when using the app or domain?

We use the personal data that the user provides or that arises when using the services without creating a user profile, without separate consent, exclusively for the implementation of the user relationship and out of our legitimate interest in accordance with this data protection declaration. For the full use of the services, it is necessary for the user to create a user profile. For this purpose, the user must provide further personal data that we use to provide the respective service.

1. Required disclosures

When creating the user profile and registering, the following information must be provided:

●       Email address

●       Password

●       Username (pseudonym)

The data provided are collected, processed and used for the purpose of using the services. Among other things, the information is used for addressing, for authentication, for age verification, for personalizing the profile and in pseudonymous form for advertising purposes.

We delete this data when you delete your user account. The legal basis for this processing of personal data is Art. 6 Para. 1 (b) GDPR or Art. 6 para. 1 lit. f) GDPR.

2. Information we receive as a result of your use of the services

The IP addresses and the associated network data (e.g. the country in which the IP is registered) the users are recorded for security and testing purposes. This is to prevent misuse of the service. The data is processed and used to prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of the services. For this purpose, we store the collected data in full for up to 90 days, then until your profile is deleted. The legal basis for this processing of personal data is Art. 6 Para. 1 f) of the GDPR. The IP address is also passed on to advertising partners when advertising is displayed. This transfer is due to technical reasons and cannot be prevented. When selecting its advertising partners, we made sure that your privacy is protected by contractual and legal regulations.

When using the app or the website, we receive information about the devices used, such as the manufacturer, operating system, advertising ID. The data is processed and used to prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of the services. For this purpose, we store the collected data in full for up to 90 days and delete this data when you delete your user account. The legal basis for this processing of personal data is Art. 6 Para. 1 f) of the GDPR.

When using the app or the platform, we receive information about your action in the app or on the platform, the data provided will be stored, processed and used by us for the purpose of using the services. This is particularly useful for the functionality of the services. The data is processed and used to prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of the services. We delete this data when you delete your user account. The legal basis for this processing of personal data is Art. 6 Para. 1 lit. b) GDPR or Art. 6 Para. lit. f) GDPR.

3. Payment data

If you make in-app purchases via the services, in particular buy virtual currency or game advantages, this is done via external payment providers. We do not collect or process any payment data for a purchase. The input and processing of the payment data takes place directly with the payment providers. Technical data (including the transaction ID) is exchanged between us and the payment providers to validate purchases. We save this data until your user account is deleted or until the data is no longer subject to tax, commercial or other statutory retention requirements.

For the use of PayPal, all transactions are subject to the PayPal data protection declaration, available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

This applies accordingly to payouts for Satoshis earned via FaucetPay. In this respect, their data protection declaration applies, available at https://faucetpay.io/legal/privacy-policy.  

The legal basis for this processing of personal data is Art. 6 Para. 1 lit. b) GDPR.

6. Which cookies, tracking providers and analysis services do we use?
1. Cookies

We use cookies for the operation of our website in order to ensure the technical functionality of our website, to understand how visitors use our website and to save the preferences that a user has made in his browser. We also use this to control our advertising measures.

A cookie is a small text file that is stored on your device by your browser when you visit our website. If you visit our website again later, we can read these cookies again. Cookies are stored for different lengths of time. You have the option at any time to set which cookies it should accept in your browser, but this can result in our website no longer functioning properly. Furthermore, the user can delete cookies independently at any time. If he does not do this, we can specify how long a cookie should be stored on the user's computer when saving. A distinction must be made here between so-called session cookies and permanent cookies. Session cookies are deleted from the user's browser when he leaves our website or closes the browser. Persistent cookies are stored for the duration that we specify when saving them.

We use cookies for the following purposes:

●       Technically required cookies that are absolutely necessary for the use of the functions of our website (e.g. detection of whether the user has logged in). Without these cookies, certain functions could not be provided.

●       Functional cookies that are used to technically perform certain functions that the user wants to use.

●       Analysis cookies, which are used to analyze user behavior.

●       Third party cookies that we use for advertising purposes.

Most browsers that our users use allow you to set which cookies should be saved and allow you to delete (certain) cookies. If you restrict the storage of cookies on certain websites or do not allow cookies from third-party websites, it may result that our website can no longer be used in full. Here you will find information on how you can adjust the cookie settings for the most common browsers:

●       Google Chrome

●       Internet Explorer

●       Firefox

●       Safari

2. Tracking providers, analysis services and security services

In order to optimize our services and to be able to offer them in the best possible way, we carry out analyzes of visitor behavior. For this we use analysis methods with which visitors to the domain or app can be analyzed. Tracking tools from third-party providers are also used, which can be used to analyze the range of different advertising campaigns and marketing campaigns. When using third-party tools, personal data can also be transmitted. The purpose of data processing in addition to troubleshooting is mainly in order to optimize XYZ regarding the requirements of XYZ users. In the web analytics process we include figures regarding the number of visitors and their temporal distribution, popular content, the length visitors stay on the site, etc. If necessary, it can be traced whether a user profile was created due to an advertising measure. The data is processed and used to prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of the services. To carry out the analysis, user data is transmitted to various third-party providers. We currently use the following analysis and tracking providers:

●       Google Analytics

We use Google Analytics, a service of GoogleLLC ("Google"), Amphitheater Parkway, Mountain View, CA 94043, USA, as part of order processing via the Google Tag Manager. As a processor, Google uses a so-called "cookie" for this. This is a small text file that is stored on the user's computer by the user's browser. By means of this cookie, Google receives information about which website was accessed by the user and, in addition, the following information in particular: browser type/version, operating system used, technical information about the operating system and browser, and the public IP address of the computer used by the user. We use Google Analytics in such a way that the IP address is only used in anonymized form. This anonymization takes place after notification from Google in the European Union or a member state of the EEA. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. According to Google, the anonymization takes place before the IP address is stored on a permanent data carrier for the first time. For details, we refer to Google's privacy policy, available at https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics allows us to create usage statistics for our website as well as demographic data about visitors and their user behavior in a non-personal manner. Statistics are also created to help us better understand how our website is found in order to improve our search engine optimization and our advertising measures. With this processing, we are pursuing the legitimate interest in being able to improve our website and our advertising measures. The legal basis of processing is Art. 6 para. 1 f) of the GDPR.

At https://tools.google.com/dlpage/gaoptout?hl=de, the user can find information on how to object to the use of Google Analytics.

Google is a member of the PrivacyShield Agreement and has concluded an order processing agreement with us for Google Analytics. The pseudonymous data will be deleted after 26 months.

7. How is data disclosed or passed on

We do not forward personal user data to third parties unless the user has given their consent, the transmission is required or permitted by law.

1. General information

We are allowed to pass on user data for contract execution to external service providers and representatives as well as affiliated companies for order data processing, which we can commission with the processing of user data. The legal basis for this is Art. 28 GDPR.

We are also allowed to pass on user data to affiliated companies as the responsible body within the group of companies for internal administrative purposes. The legal basis for this is art. 6 para. 1 lit. f GDPR.

Furthermore, we may use user data in the event of changes in the business structure (e.g. Mergers, acquisitions, bankruptcy proceedings, dissolution, restructuring, disposal of any or all of our assets, financing or similar transactions and preparatory acts) or as required by law (to comply with regulations, governmental requirements, in response to lawful inquiries, court orders and legal process ), as part of the enforcement of our rights (to prevent fraud and ensure security, as well as defense of property).

In addition, we may use data that has been cleared of personal characteristics for any purpose (e.g. to partners, business purposes, analyzes) and pass it on in pseudonymised form to advertising partners and analysis and tracking services.

2. Categories of data recipients

We only pass on personal user data to third parties if this is necessary for the fulfillment of our own business purposes (i.e. in particular to provide the services we owe to the user), if the user has given his consent for this, it is covered by our legitimate interest or we are obliged to do so by law or due to a judicial or administrative order.

We work together with external service providers in the context of data processing. This is usually done on the basis of so-called order processing, in which we remain responsible for data processing. We check each of these service providers beforehand for the measures they have taken for data protection and data security and thus ensure the statutory contractual provisions for the protection of personal data.

The following categories of recipients currently receive personal data from us:

●       State agencies and courts

●       Technical service providers

●       Hosting service provider

●       E-mail delivery service provider

●       Email Marketing Service Provider

●       Services to provide customer support

●       Advertising and sales partner

●       Collaboration partner

●       Other platform providers in the context of so-called "social plugins"

●       Analysis and tracking services

●       Affiliated Companies

Depending on the type of services provided, we may also use affiliated companies as data processors to provide some or all of the services offered to the customer.

3. Third-party countries

Data transfers to third countries take place, but only in compliance with the legally regulated admissibility requirements. The data is transmitted to the following countries, taking into account the respective legal admissibility requirements:

●       USA (EU-US Privacy Shield Agreement or EU Standard Contractual Clauses)

●       Israel (Appropriate level of data protection recognized by the EU Commission)

●       India (EU Standard Contractual Clauses)

The Privacy Shield Agreement, the adequacy decision and the EU standard contractual clauses are available on the website of the EU Commission (https://ec.europa.eu/info/law/law-topic/data-protection_en) visible.

8. How is data processed and used to prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of our services?

To combat fake profiles, illegal actions (fraud, extortion, prostitution, etc.), SPAM (third-party advertising) and to ensure the integrity and stability of our services, personal data is used as follows:

●       IP and email addresses are saved to detect spam and illegal activities as long as the user is active.

●       Messages are automatically checked for keywords, but are not saved for this purpose.

●       Personal data such as gender, age and location are stored for active users and used in combination with other, non-personal data to identify abnormalities.

●       Telephone numbers that have already been used are saved for the verification of suspicious profiles via SMS, but cannot be associated with the verified user.

Legal basis

We base the aforementioned data processing on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in keeping its platform stable and free from SPAM, legal violations and fake profiles.

9. How does the data deletion and the creation of backups work?

With the deletion of the user profile (attention: not by deleting the app!) Or a corresponding notification to us, all collected data of the user will be deleted or anonymized. In addition, the user can delete individual data in the profile at any time or request a notification from us.

Excluded from the deletion are data that have to be kept due to legal regulations, for contract processing or for contract fulfillment with other users. In the event of deletion, we therefore do not delete the following data immediately, but only after a period has expired:

●       Payment data and data for redeeming rewards, which we have to save for tax reasons. (After the statutory retention periods have expired)

●       Data that the user has shared with other users in chats, such as messages or images (see below.)

When do we delete data that a user has shared with other users?

We delete data that is publicly accessible in the user profile, e.g. profile pictures, pictures in the stream and the profile data, as soon as immediately according to the above standards.

We cannot simply delete data that a user has shared non-publicly with other users on our services without interfering with the rights of other users. Therefore, chat content is only deleted once both users have deleted each other.

When will it be deleted?

A deletion from the databases and thus from the surface of our services takes place immediately; However, until it is deleted from all server layers, cache memories and backup databases of our services, this can take up to 14 days.

If deletion is not possible, the data will be anonymized or blocked.

We reserve the right to check profile files before deleting them and, if necessary, to back them up if, due to certain facts, there is a suspicion that they are using our services in violation of the law or contract. This serves to protect the users of our offers.

Regardless of the deletion of the data triggered by the user deleting the profile, we automatically delete historical data that are no longer required to fulfill the contract (e.g. historical location data and IP data) at regular intervals.

To secure the data, we create so-called backups, which are overwritten after 14 days and thus permanently deleted. If these data backups contain log files, these will also be deleted. If a user profile is completely deleted, the log files are also deleted.

10. What data security measures do we have?

We use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. The transmission of a single page of our website in encrypted form is indicated on our website by the display of a closed key or lock icon in the bottom status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are improved continuously in order to meet state-of-the-art requirements.

11.  Change and update of the data protection declaration

We ask you to inform yourself regularly about the contents of our privacy policy. We will adapt the data protection policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

12.  Rights of the user: Consent and revocation, information, correction, deletion, transfer

As a data subject, the user has various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

1. The right to object

The user has the right to object at any time, for reasons arising from his particular situation, to the processing of personal data concerning him, which is carried out in accordance with art. 6, par. 1 lit. e or f  GDPR, including profiling based on those provisions. Where personal data relating to the user are processed for the purpose of direct marketing, the user shall have the right to object, at any time, to the processing of personal data relating to him for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.

2. Right of revocation of consent

The user has the right to revoke given consents at any time. This can be done at the specified locations in the app or domain within the user profile or by email or letter to our contact details mentioned above.

3. The right to information

You have the right to request confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copying of the data in accordance with legal requirements.

4. Right to correction

In accordance with the legal requirements, the user has the right to request the completion of the data concerning him or the correction of incorrect data concerning him.

5. Right to deletion and restriction of processing

In accordance with the statutory provisions, the user has the right to demand that data concerning him/her be deleted immediately, or alternatively, in accordance with the statutory provisions, to demand that the processing of the data be restricted.

6. The right to data portability

The user has the right to receive data relating to him that he has provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request its transmission to another person responsible.

7. Complaint to the supervisory authority:

The user also has the right to lodge a complaint with a supervisory authority, in particular in the member state of his habitual residence, his place of work or the place of the alleged infringement, if he is of the opinion that the processing of the personal data concerning him is against the GDPR violates.

The supervisory authority responsible for us:

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1 65189 Wiesbaden

Telephone: 0611-1408 0 Fax: 0611-1408 611

Email: poststelle@datenschutz.hessen.de