Privacy Policy

InstantPlay GbR
Represented by its partners: Sebastian Lo Manto, Tayfun Tevi
Adam-Gräf-Straße 4
65618 Selters (Taunus)
Germany

Online: Contact form
Email: contact@instantplay.net
Phone: +49 156 / 78 3300 59

A data protection officer is not legally required for us and has not been appointed.

We process your personal data in strict compliance with applicable data protection laws, in particular the GDPR and the Federal Data Protection Act (BDSG) as well as the Telecommunications Digital Services Data Protection Act (TDDDG). Personal data is any information relating to an identified or identifiable natural person. The processing of your personal data is always purpose-bound and only occurs if there is a legal basis for it (e.g., your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests, provided your interests or fundamental rights and freedoms do not override them).

Our services are generally not directed at children under 16 years of age. The use of our services is only permitted from the age of 16. If the processing of personal data is based on consent (e.g., for certain cookies in accordance with Section 4.2), we will obtain the consent of the legal guardians or ensure that it has been provided.
For the use of our services within the framework of a contractual relationship (e.g., creation of an account in accordance with Section 3.2), users under 18 years of age require the consent of their legal guardians to conclude the contract. By creating an account, you confirm that you are either 18 years of age or older, or that you have the consent of your legal guardians to use our services and for the associated data processing within the scope of the user agreement.
We do not knowingly collect personal data from children under 16 years of age. Should we discover that we have collected data from children under 16 years of age without the necessary consent, we will take steps to delete this data immediately. If you, as a legal guardian, discover that your child has provided us with personal data without your consent, please contact us using the contact details provided in Section 1.1.

In the following, we explain in detail which data we process in various usage scenarios of our services.

Use of our services (server log files)
Every time you use our services, your browser or app automatically transmits information to our server, which temporarily stores it in so-called log files.

• IP address of your device
• Date and time of access
• Name and URL of the retrieved file/page
• Website from which the access is made (referrer URL)
• Browser used and the operating system of your device
• Device type, operating system version, app version

• Ensuring a smooth connection setup and comfortable use of our services.
• Delivering the contents of our services correctly to your device.
• Evaluating system security and stability.
• Investigating and preventing cases of abuse or illegal activities.
• Other administrative purposes.

The legal basis for the processing of this data is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person, unless this is necessary to investigate cases of abuse.
The log file data is stored for a period of 14 days and then automatically deleted, unless longer retention is necessary to prosecute legal violations or secure our systems.

Registration and management of your account
To use the interactive functions of our services (e.g., uploading content, sending messages), the creation of an account is required.

• Account name
• Player name
• Email address
• Password (stored encrypted)
• Profile picture
• Profile text

• Setting up and managing your account.
• Authentication and enabling login.
• Communicating with you in connection with your account (e.g., password reset, important information about the service).
• Providing the contractually agreed services in accordance with our Terms of Service.

The legal basis for the processing of this data is Art. 6 Para. 1 lit. b GDPR (performance of the user agreement with you).
Your account data will be stored as long as your account is active. After the deletion of your account, your data will be deleted or anonymized in accordance with statutory retention periods and our internal deletion concepts (see Section 10).

Uploading content (images, texts)
When you upload and publish content such as images or texts in our services, we process this content as well as the associated metadata (e.g., time of upload, possibly location data if included in the images and not removed by you).

• Storing and displaying the content you uploaded according to your settings and the functionalities of our services.
• Enabling the sharing of this content with other users (depending on the function).

The legal basis for the processing of this data is Art. 6 Para. 1 lit. b GDPR (performance of the user agreement, which enables you to upload and share content).
The content you uploaded remains stored as long as you do not delete it yourself or your account exists, unless we have to remove it due to legal violations or violations of our Terms of Service.

Sending messages (including guest use)
If you use the messaging function of our services, we process the messages (content) sent and received by you, the participating users, and timestamps.

• Enabling communication between users via our services.
• Delivering and storing messages to display the chat history to you and the recipients.
• Checking for compliance with the Terms of Service and ensuring security (e.g., in the event of reports). Any other content analysis (e.g., for advertising purposes) does not take place.

The legal basis for the processing of this data is Art. 6 Para. 1 lit. b GDPR (performance of the user agreement) as well as Art. 6 Para. 1 lit. f GDPR (legitimate interest in preventing abuse and ensuring security).
The exact storage duration of your messages as well as your ability to delete them yourself depend on the respective messaging function you use. Depending on the function, messages may not be stored at all, only temporarily (e.g., in lobbies and games), or permanently (e.g., friends chat) to display the chat history for the participating communication partners. Whether and how you can delete individual messages or entire conversations will be shown to you within the respective function.

• If you delete your account with InstantPlay, your messages and chat histories will be removed from your view.
• However, the messages you sent will remain visible in the chat history of your communication partners and will not be automatically deleted from their side.
• Processing also takes place if you use our services as part of guest use without a registered account.

Contacting us (e.g., via email, contact/support form)
If you contact us by email or via a contact/support form, we process the data you provide (e.g., name, email address, content of your message) to process and answer your request.
The legal basis for the processing of this data is Art. 6 Para. 1 lit. b GDPR, provided your request is related to the initiation or performance of a contract. In other cases, the legal basis is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in processing requests effectively.
Your request data will be deleted after your request has been finally processed, provided there are no statutory retention obligations to the contrary (e.g., for business-relevant emails).

Friends list, lobbies and gameplay (Social Features)
If you use the friends list function, we store the connection between your account and your friends' accounts.
Your player name and profile picture are generally visible to other users (e.g., on your profile, in lobbies or in games).
To promote social interactions, your current status (e.g., "Online", "In a lobby", "In game") will also be displayed to your friends – depending on your privacy settings.
The legal basis is Art. 6 Para. 1 lit. b GDPR (performance of the contract to provide the services and identify users) as well as your corresponding settings in the account for further status information.

Global leaderboards (Pro Features)
If you participate in the global leaderboards, your player name, profile picture, and game results (points, wins, etc.) will be displayed publicly in the leaderboards of our services. This serves the competitive nature of the game (Art. 6 Para. 1 lit. b and f GDPR).

We use cookies and, where applicable, similar technologies (e.g., local storage) in our services to ensure functionality and make usage more pleasant. Cookies are small text files that your browser automatically creates and that are stored on your device.

Technically necessary cookies/storage
These are essential for the basic operation of our services. They enable, for example, the maintenance of your session while you use our services or the storage of basic settings.

• Purpose: Identification of your current session, e.g., to maintain the login status across different pages.
• Storage duration: Until the end of your browser session (session cookie).

• Purpose: Enabling automatic login upon your next visit.
• Storage duration: 28 days (automatically renewed with each visit).

• Purpose: Storing your individual settings in our services.
• Storage duration: 28 days (automatically renewed with each visit).

• Purpose: Detection and storage of your local time zone.
• Storage duration: 28 days (automatically renewed with each visit).

The legal basis is Section 25 Para. 2 No. 2 TDDDG or Art. 6 Para. 1 Sentence 1 lit. f GDPR (our legitimate interest in providing a functional service).

Non-necessary cookies/storage (consent required)
We currently do not have any cookies/storage that require your prior consent.

Browser settings
Regardless of our consent management, you can set your browser so that it informs you about the setting of cookies, only allows cookies in individual cases, excludes the acceptance of cookies for certain cases or generally, and activates the automatic deletion of cookies when closing the browser. You can find instructions on how to do this in your browser's help function. If cookies are deactivated, the functionality of our services may be restricted.

If you use paid services with us or process payments via our platform, we use external payment service providers.

PayPal
We use the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
If you choose PayPal as your payment method, certain data will be transmitted from you to PayPal to process the payment.

• Your name and address data (billing address, delivery address if applicable)
• Email address
• Phone number (if provided)
• Bank account or credit card details (depending on the payment source selected in your PayPal account)
• Transaction data, such as amount, date, and details of your order/service

• Execution and processing of the payment transaction.
• Fraud prevention and risk management.
• Compliance with legal obligations (e.g., in the context of money laundering prevention).

The legal basis for the transmission of your data to PayPal for the purpose of payment processing is Art. 6 Para. 1 lit. b GDPR (processing to fulfill the contract with you).
We generally do not receive or store full bank account or credit card details when you pay via PayPal, as the payment is processed directly via your PayPal account. We only receive confirmation from PayPal about the success or failure of the payment as well as transaction references.
PayPal processes your data as an independent controller for its services, in particular for purposes such as managing your PayPal account, fraud prevention, improving its services, and complying with regulatory requirements. Please note that PayPal may also transfer your data to countries outside the EU/European Economic Area (EEA) as part of its global business operations. PayPal provides information in its Privacy Policy about the measures taken for this purpose (e.g., Binding Corporate Rules or standard contractual clauses).
In addition, data transmission relies on the EU-US Data Privacy Framework (DPF), provided that the US parent companies are certified under this agreement.
For detailed information on data processing by PayPal, your rights vis-à-vis PayPal, and international data transfers, please refer to PayPal's Privacy Policy, which you can find here: https://www.paypal.com/de/legalhub/paypal/privacy-full
We recommend that you read this PayPal Privacy Policy carefully before deciding to make a payment via PayPal.

Stripe
We use the payment service provider Stripe to process payments (e.g., for paid services or features). The provider for users within the EU/EEA is often Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").
If you process a payment via Stripe, certain data will be transmitted from you to Stripe to execute the transaction.

• Your name and address data (billing address, delivery address if applicable)
• Email address
• Phone number (if provided)
• Payment data, such as credit card number, expiration date, verification code (CVC/CVV), account number, or other information specific to the chosen payment method
• Transaction data, such as amount, date, ordered products/services, order number

• Execution and processing of the payment transaction.
• Fraud prevention and risk management.
• Compliance with legal obligations (e.g., in the context of money laundering prevention).

The legal basis for the transmission and processing of your data by Stripe for the purpose of payment processing is Art. 6 Para. 1 lit. b GDPR (processing to fulfill a contract with you).
We do not receive or store full credit card or bank account details ourselves. These are processed directly by Stripe. We only receive confirmation from Stripe about the success or failure of the payment as well as certain transaction references.
Stripe processes your data as an independent controller for its services, in particular for purposes such as fraud prevention, improving its services, and complying with regulatory requirements. Please note that Stripe may also transfer your data to countries outside the EU/EEA. Stripe provides information in its Privacy Policy about the measures taken for this purpose (e.g., use of standard contractual clauses or reliance on adequacy decisions).
In addition, data transmission relies on the EU-US Data Privacy Framework (DPF), provided that the US parent companies are certified under this agreement.
For detailed information on data processing by Stripe, your rights vis-à-vis Stripe, and international data transfers, please refer to Stripe's Privacy Policy, which you can find here: https://stripe.com/de/privacy (Link to the German version).
We recommend that you read this Stripe Privacy Policy carefully before deciding to make a payment via Stripe.

Our services are hosted by an external service provider. This is necessary to ensure a secure, fast, and reliable provision of our online offerings.
Our hosting provider is ALL-INKL.COM - Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.
The hoster processes the server log files mentioned under Section 3.1 as well as all data that arise in the context of operating our services (e.g., databases with user data, content) on our behalf.
We have concluded a Data Processing Agreement (DPA) with ALL-INKL.COM in accordance with Art. 28 GDPR. This contract ensures that your data is processed only in accordance with our instructions and in compliance with the GDPR. ALL-INKL.COM's servers are located in Germany.
The legal basis for using the hosting service provider is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in the professional and secure provision of our services.
You can find ALL-INKL.COM's privacy information here: https://all-inkl.com/datenschutzinformationen/

You can download our apps via third-party platforms (App Stores).
When downloading and using the App Stores, personal data is processed by the respective operators as independent controllers, over which we have no influence.
You can find information on data processing by these providers in their privacy policies.

Google Play Store
Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043
Privacy Policy: https://policies.google.com/privacy

Apple App Store
Apple Retail Germany B.V. & Co. KG, Thurn-und-Taxis-Platz 6, 60313 Frankfurt am Main
Privacy Policy: https://www.apple.com/legal/privacy/

Our services may contain links to external third-party websites and services, over whose content and privacy practices we have no influence. If you click on such a link (e.g., a link to social media platforms such as Facebook or WhatsApp to share content), you leave our services. The subsequent data processing is the responsibility and subject to the privacy policies of the respective third-party provider. We recommend that you inform yourself about the privacy practices of third-party providers on their websites.
If you use the sharing functions integrated into our services or your browser/operating system (e.g., the "Share Sheet" of your browser or operating system) to share content with other apps or services, this is done at your request. Which data is transferred to the app or service you have selected depends on your device settings and the privacy policies of the respective app/service with which you share the content. InstantPlay has no influence on this.

We take appropriate technical and organizational security measures (TOMs) in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This includes, for example, the encrypted transmission of data between your browser/app and our servers (SSL/TLS encryption).
However, we would like to point out that data transmission over the Internet (e.g., communication by email) can have security vulnerabilities.
A complete protection of data against access by third parties is not possible.

We only store your personal data for as long as is necessary to achieve the respective processing purposes or as required by statutory retention periods (e.g., under commercial or tax law).

• Data from server log files is stored as described in Section 3.1.
• Your account data is stored until your account is deleted (see Section 3.2).
• Content uploaded by you remains stored until deleted by you or your account is deleted (see Section 3.3).
• Messages are stored as described in Section 3.4.
• Inquiries via contact forms/email are deleted after final processing if there is no retention obligation (see Section 3.5).
• Information on cookie runtimes can be found under Section 4. After the processing purpose ceases to apply or the statutory retention period expires, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

As a data subject affected by data processing, you have various rights. If you would like to assert one of these rights against us, please contact us using the contact details provided in Section 1.1.

• Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have a right to access this data and to further information (e.g., processing purposes, categories of data, recipients, planned storage duration, your rights, origin of the data if not collected from you).
• Right to rectification (Art. 16 GDPR): You have the right to demand the immediate rectification of inaccurate personal data concerning you and the completion of incomplete data.
• Right to erasure ("right to be forgotten") (Art. 17 GDPR): You have the right to request the erasure of your personal data, e.g., if the data is no longer necessary for the original purposes, you have withdrawn your consent (and there is no other legal basis), you have objected to the processing, or the data was processed unlawfully. This right is not absolute, e.g., if statutory retention obligations conflict with it.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data, e.g., if you contest the accuracy of the data (for the duration of the review), the processing is unlawful and you request restriction instead of erasure, we no longer need the data but you need it to assert legal claims, or you have objected (as long as it is not yet clear whether our legitimate grounds override yours).
• Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, provided this is technically feasible and the processing is based on consent or a contract and is carried out by automated means.
• Right to withdraw consent (Art. 7 Para. 3 GDPR): If the processing of your data is based on your consent, you have the right to withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until withdrawal is not affected by this.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

• Case-specific right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 Para. 1 lit. e (public interest) or lit. f (legitimate interests) GDPR; this also applies to profiling based on these provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
• Right to object to direct marketing: If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

If you wish to exercise your right to object, a simple notification sent to the contact details provided in Section 1.1 is sufficient.

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

We reserve the right to amend this Privacy Policy from time to time in order to adapt it to changes in the law or changes to our service and data processing. You will always find the current version on our website. If material changes affect your rights as a user or require new consent for certain processing activities, we will inform you of this in good time by means of a notice within our services or by email to the address you have provided us with.