1. General Information
This Privacy Statement delineates the parameters, extent, and intent of personal data processing activities within the ambit of our applications, encompassing associated functionalities and content. We are committed to ensuring that our Privacy Policy is accessible and comprehensible to all. To achieve this, we predominantly utilize the standard terminology as set forth by the General Data Protection Regulation (GDPR). For clarity and precision, the official terminologies are elucidated as per the stipulations in Article 4 of the GDPR.
1.1 Controller within the meaning of data protection law
In the context of data protection legislation, ClassyPlay SRL (hereafter referred to as 'the Controller') actively collaborates to offer our users game applications and an associated rewards program. This collaboration extends to the handling of personal data, including your own. The Controller bears the responsibility for safeguarding the personal data processed, as delineated in the subsequent sections (2.1 – 2.5).
Contact Information
ClassyPlay SRL has appointed a dedicated chief data protection officer to oversee and manage data privacy matters.
ClassyPlay SRL Data Protection Officer
Fetesti 4, Bucharest, Romania
Email: [email protected]
In compliance with their obligations under data protection laws, the Controller has entered into a formal agreement to uphold the provisions of the General Data Protection Regulation (GDPR). The fundamental terms of this agreement are accessible via the following link: [here] (link to the agreement).
1.2 Chief data protection officer
ClassyPlay SRL has appointed a dedicated chief data protection officer to oversee and manage data privacy matters.
ClassyPlay SRL Data Protection Officer
Fetesti 4, Bucharest, Romania
Email: [email protected]
For correspondence with our chief data protection officer, kindly indicate the specific company associated with your inquiry. We advise against including sensitive data, such as copies of identification documents, in your communications for security reasons.
2. Data acquisition related to the usage of our applications
At ClassyPlay SRL, we prioritize the security and confidentiality of your personal data. Our handling of personal data is strictly confidential and aligns with the legal data protection mandates and the stipulations of this privacy policy. The act of downloading, registering, logging into, and utilizing our applications involves the processing of specific personal data. Personal data refers to information that can be used to personally identify you. This privacy policy delineates the nature of data we collect, the purposes for its collection, and the manner in which it is utilized, all while emphasizing the underlying intent of these processes.
2.1 Authorization and retention of data on end-user devices
Our applications, when used, may require accessing and retaining information (such as IP addresses) or storing data (like cookies or similar technologies) on your device. This practice of accessing or retaining information may involve additional processing of personal data, which is carried out in strict compliance with the General Data Protection Regulation (GDPR).
In situations where such access to, or storage of, information is essential for the smooth and error-free delivery of our services, these activities are conducted in accordance with the provisions of the Romanian laws relevant to data protection and electronic communications. This includes compliance with the GDPR, as well as national laws like Legea nr. 190/2018, which implements GDPR in Romania.
Furthermore, when these processes are used for secondary purposes, such as enhancing the user experience of our applications, they are undertaken only with your explicit consent, in line with the requirements of Art. 6 para. 1 lit. a of the GDPR. Please be aware that your consent is completely voluntary and can be rescinded at any time. The revocation of consent is effective immediately and will be respected in all future interactions.
For a more detailed understanding of how your personal data is processed and the specific legal bases applicable in these scenarios, please consult the subsequent sections that detail the specific processing activities within our applications.
2.2 Data acquisition during application download
Upon the initiation of the application download process, specific mandatory data is transmitted to the chosen application distribution platform (such as Google Play Store or Apple App Store). This data includes, but is not limited to, the IP address, a unique identifier for the device, geographical location, the date and time of the request, the time zone offset from Greenwich Mean Time (GMT), details of the specific request (e.g., the requested page), the status of access as indicated by the HTTP status code, the volume of data transferred, application usage information, the operating system, and the language of its interface. Our control over this data transmission is limited, and we bear no responsibility for it. The agreement for app acquisition is established directly with the respective store provider and is governed by their terms and conditions, as well as their privacy policies. In relation to your use of these platforms, our processing is confined to the analysis of user reviews and associated data pertaining to our applications. We also receive anonymized statistical data from these platforms, which may include information on download counts, uninstallation rates, and application crashes.
2.3 Data processing in app usage context
In the course of utilizing our applications, we engage in the collection of specific data essential for the facilitation and operational use of the apps. This encompasses processing of data including but not limited to internal device identifiers, operating system version, access timestamps, IP addresses, content and country of access. The primary objective of gathering this information is to deliver the service with its associated functionalities while preemptively addressing any potential misuses or technical irregularities.
For pinpointing the geographical location of a user's log-in based on IP address, we utilize the services of ip-api: Artia International SRL, based in Bucharest, Romania.
We accumulate data regarding user progression across various ClassyPlay SRL game apps and advertising information. This data is linked to users through unique identifiers such as GAID, Google App Set ID, IDFA, IDFV, and ClassyEarn User ID. In this regard, our service provider AppLovin Corporation, located at 1100 Page Mill Road, Palo Alto, CA 94304, plays a crucial role.
The rationale for this data processing is twofold: firstly, it is requisite for the execution of the contract between the user (as the data subject) and our entity as per Article 6(1)(b) of the General Data Protection Regulation (GDPR) for app usage. Secondly, it aligns with our legitimate interest in accordance with Article 6(1)(f) of the GDPR, focusing on maintaining the apps' functional integrity and error-free operation.
Our apps are hosted externally, with Hetzner Online GmbH being our chosen hosting service provider. The personal data collected via the apps is stored on these servers, and in alignment with Article 28 of the GDPR, we have established a Data Processing Agreement with our provider, ensuring the safeguarding of customer data and prohibiting its disclosure to third parties.
The usage of additional app functionalities necessitates the provision of specific data by the users. This data transmission to our systems is initiated only upon the user's engagement with the respective submission button within the apps.
For those utilizing additional payment options in our apps, we may request personal details like full name and address, which are then shared with external payment service providers. It is important to note that we do not directly handle payment data and bank account details but rely on these external entities for payment processing.
In managing our customer base, user data may be processed in internal systems, based on Article 6(1) (b) and (f) of the GDPR. Here, our service providers are Google Ireland Ltd. and Metabase, Inc. Users reserve the right to request the alteration or deletion of their data at any time via [email protected], in line with the GDPR's "right to erasure." However, this does not extend to data processed for legitimate operational needs.
Users reserve the right to request the alteration or deletion of their data at any time via [email protected], in line with the GDPR's "right to erasure." However, this does not extend to data processed for legitimate operational needs.
If the data processed for the provision of app services is classified as personal data, such processing is grounded in Articles 6(1)(b) and (f) of the GDPR, with the dual aim of service provision and data analysis for the enhancement of our product and for research endeavors.
2.4 Advanced technical capabilities within the applications
In scenarios where users opt to engage with functionalities beyond the core offerings of our applications, the following permissions may be solicited:
Push Notifications
These notifications serve as a communication tool to keep users apprised of various app-related elements. More specifically, users can expect to receive alerts concerning:
- Modifications in the status of their earnings.
- Reminders pertinent to their account or activities within the app.
- Announcements about updates to the app or its features.
- Information on promotions and special offers that could be of interest.
Consent for accessing these functions is sought explicitly, and users have the discretion to either grant or deny such permissions.
On older operating systems, explicit consent for push notifications might not be solicited, as they are enabled by default.
Upon granting specific permissions, the corresponding data processing activities are predicated on the user’s consent, in compliance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). This consent may be retracted at any future point. Typically, such authorizations can be rescinded via the device's settings, although this is contingent upon the specific device and operating system, over which we exert no control. It is important to acknowledge that the lawfulness of data processing actions conducted prior to the withdrawal of consent remains unaffected.
Users should be cognizant that the absence of granted permissions may result in a limited experience in the utilization of the applications.
2.5 Communication through contact form and e-mail
When you engage with us via our contact form or email, the information provided therein, including your contact details, is retained for the purpose of addressing your inquiry and any subsequent correspondence. We assure you that this data is treated with the utmost confidentiality and will not be disclosed without your explicit consent.
The processing of this information is grounded in our legitimate interest in responding to your inquiries, as delineated in Article 6(1)(f) of the General Data Protection Regulation (GDPR), and, where relevant, under Article 6(1)(b) of the GDPR if your inquiry is related to the initiation of a contractual relationship.
Should you wish to object to the processing of your personal data, particularly under the provisions of Article 6(1)(f) GDPR, you are at liberty to do so at any time.
Furthermore, we may initiate contact with you via app/email for matters pertaining to the usage of our Apps or similar services. Such communications are based on the stipulations of Article 6(1)(b) or (f) GDPR.
In these interactions, we rely on the services of ProtonMail, located in Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland.
2.6 ClassyEarn Payout Functionality
Please note that ClassyPlay SRL is the sole controller for the data processing described below.
Please note that ClassyPlay SRL is the sole controller for the data processing described below. You can download our apps from the app store without registering with us. Personal data is not collected for us in the course of downloading the apps. Nor is any personal data passed on to us by the apps store provider.
If you want to use pay out functionalities, further details are required to process the payment. The processing of the payment is handled by external payment service providers. The user payment data is transferred to the payment provider.
The data entered during the payout is processed for the fulfillment of a contract with the user or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
Additional voluntary information is processed on the basis of your voluntarily given consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent with effect for the future at any time. For this purpose, an informal e-mail to the contact details of the controller mentioned at the beginning of this privacy policy is sufficient. The lawfulness of the data processing already carried out remains unaffected by the revocation.
If you register via Apple (apple.com), we process your email address and name.
Technical capabilities in the ClassyEarn application
For users who wish to utilize the advanced features of the ClassyEarn app beyond its basic functionalities, the app may request permission for the following accesses:
- Camera access: The application may require access to your device's camera as a part of our security protocol. To prevent the creation of multiple accounts or the use of automated bots, we ask users to generate a facial map using the selfie feature.
- Location access: Access to your location data is imperative for the app to tailor user experience according to your specific market. Moreover, this data plays a crucial role in our security measures and fraud prevention strategies, ensuring the safeguarding of user accounts and the integrity of transactions. The permissions for accessing these features are explicitly sought and can be either granted or denied by the user. Upon granting permission, the subsequent processing of your data is conducted with your consent, in line with Article 6(1)(a) of the General Data Protection Regulation (GDPR).
Your consent can be withdrawn at any future point. Typically, permissions once granted can be revoked via the device's settings, although this capability is subject to variations based on the device and operating system, which are beyond our control. It is important to note that the legality of data processing executed prior to the revocation remains valid. Users should be aware that not granting these permissions may result in a limited functionality of the app. Additionally, you retain the right to modify your registered email address at any time by reaching out to [email protected].
3. Data Transfer and Recipients
Your personal data is not transferred to third parties unless specific conditions are met, as outlined below:
- We have clearly indicated this in the descriptions of the respective data processing activities.
- You have provided explicit consent in accordance with the principles akin to Article 6(1)(a) of the European Union's General Data Protection Regulation (GDPR).
- The transfer is necessary for the assertion, exercise, or defense of legal claims, and such a necessity aligns with our legitimate interests without infringing upon your fundamental rights and freedoms, akin to Article 6(1)(f) GDPR.
- There is a legal mandate for data transfer, as stated in a manner similar to Article 6(1)(c) GDPR.
- The transfer is required for the execution of contractual relationships with you, in a way that corresponds with Article 6(1)(b) GDPR.
Moreover, we engage external service providers for processing our services, which have been meticulously chosen and officially appointed. These providers are obliged to follow our instructions and undergo regular evaluations by us. Agreements related to data processing, resembling those prescribed under Article 28 GDPR, are established before the commencement of services. These agreements mainly involve app-hosting services, email dispatch, and IT maintenance and updates.
When utilizing our apps, your data might be processed in third countries outside the European Union (EU) and the European Economic Area (EEA) that may not offer an adequate level of data protection, for instance, in the U.S., especially if you consent to the data transfer to our advertising partners.
To ensure a satisfactory level of data protection during transfers to third countries, standard contractual clauses as recommended by the European Commission, akin to Article 46(2)(c) GDPR, are implemented. These clauses compel the data recipient to adhere to a level of data protection comparable to European standards. Copies of these clauses are available upon request through the indicated contact channels.
Should the standard data protection clauses prove insufficient to guarantee adequate protection, we employ additional technical, contractual, or organizational measures to secure data transfers. Additionally, the effectiveness of these measures is regularly reviewed and assessed to determine if they continue to provide sufficient data protection or if further supplementary measures are required.
4. Storage Period
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g., from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection. Your profile and account data are deleted after you deleted such data in your apps account or deleted the entire account via the respective button in the apps, which is more or less immediately after such deletion according to our deletion routines.5. Cookies
Our applications employ "cookies" and analogous technologies for various functions. These include technical necessities essential for certain app functionalities, user behavior analysis, and advertising display.
In the context of Romanian norms and regulations, the usage of strictly necessary cookies or similar technologies for data processing is grounded in our legitimate interest to ensure a technically flawless delivery of our services. This interest is analogous to the principles outlined in Article 6(1)(f) of the European Union's General Data Protection Regulation (GDPR).
For cookies or similar technologies that process personal data beyond strict necessities, user consent forms the basis, mirroring the consent requirements of Article 6(1)(a) GDPR. This consent is revocable at any future point.
Purposes of using cookies and similar technologies
- Storing and/or accessing information on a device.
- Selection of basic ads.
- Creation of a personalized ads profile.
- Selection of personalized ads.
- Creation of a personalized content profile.
- Selection of personalized content.
- Measurement of ad performance.
- Measurement of content performance.
- Application of market research to generate audience insights.
- Development and improvement of products.
List of partners involved
- Ad Colony: 901 Mariners Island, Blvd, Suite 250, San Mateo, CA 94404, United States.
- AD4Game: Ad4Game Inc on behalf of Liquid Media SARL, Ile Bizard, Quebec, Canada.
- AdJoe GmbH: An der Alster 42, 20099 Hamburg, Germany.
- AppLovin: Applovin Corporation, 849 High Street, Palo Alto CA 94301, United States.
- Apple: Apple Inc. 1 Apple Park Way. Cupertino, CA 95014. United States.
- Artia International SRL: Bucharest, Romania.
- Chartboost: 1 Sansome St # 3800, San Francisco, United States
- DT Exchange (Fyber): 10 San Antonio St #160, United States
- Doit (Google cloud reseller): 6 Liberty Square #2305 Boston, MA 02109, USA.
- Meta: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
- Google Ads: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- Google Ad Mob Network: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland.
- Inmobi: Cecil Street 19-08, PRUDENTIAL T SINGAPORE.
- Ironsource (=SuperSonic Network): Azrieli Sarona Tower, Derech Menachem Begin 121, Tel Aviv 6701318 Israel.
- Mintegral (=Adlogic): 6 EU TONG SEN STREET 11-20 THE CEN, SINGAPORE.
- MOLOCO: 601 Marshall St #5th, Redwood City, United States.
- Pangle Ads (TikTok): 5800 Bristol Parkway, Suite 100, Culver City, CA 90230.
- Unity Ads: Unity Technologies SF, 30 3rd Street, San Francisco, California 94103, USA.
- Vungle / Liftoff: Vungle Inc., 1255 Battery Street, Suite 500, San Francisco, CA 94111, USA.
Privacy settings can be altered, and consent can be withdrawn at any time through the 'Privacy Settings' menu option.
6. Your data protection rights
Outlined below are your rights as a data subject under current data protection legislation in relation to the processing of your personal data by the data controller:
- The right, as per Article 15 of the GDPR, to access information about your personal data processed by us.
- The right, under Article 16 of the GDPR, to promptly rectify any inaccurate personal data concerning you.
- The right to request the deletion of your personal data stored by us, in line with Article 17 of the GDPR.
- The right, in accordance with Article 18 of the GDPR, to restrict the processing of your personal data.
- The right, pursuant to Article 20 of the GDPR, to receive your personal data in a commonly used and machine-readable format, and the right to transfer this data to another controller
- The right to revoke any given consent, based on Article 7(3) of the GDPR, at any time with future effect.
- The right to file a complaint with a supervisory authority, as per Article 77 of the GDPR.
To exercise your right of revocation, objection, or any other rights, please send an email to [email protected]
7. Right to Object
If your personal data is processed on the basis of legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right, under Article 21 of the GDPR, to object at any time to the processing of your personal data for reasons related to your specific situation. In cases where the objection is against processing for direct marketing purposes, you possess a general right to object without needing to specify a particular situation.
8. Necessity of Providing Personal Data
The provision of personal data for the decision-making process regarding contract conclusion, contract fulfillment, or pre-contractual measures is voluntary. However, such decisions in the context of contractual measures can only be made if you provide the personal data necessary for the conclusion, execution, or preparation of a contract.
9. Automated Decision Making / Profiling
For fraud detection and prevention, criteria like IP addresses and gaming behavior are evaluated automatically. If several criteria suggestive of fraudulent behavior are met, players may be partially or fully restricted from app usage. This data processing is essential for the proper execution of the contract with the user (Article 6(1)(b) GDPR, Article 22(2)(a) GDPR). This data is deleted following the evaluation
10. Subject to Change
We reserve the right to modify or update this privacy policy as necessary in accordance with applicable data protection laws. This enables us to align it with current legal requirements and reflect changes in our services, such as the introduction of new services. The most recent version of the policy will apply to your visit.