Privacy- en cookieverklaring
”misterjackpot“ (hereinafter also referred to as the ”portal” or ”website”) is a partnership-based games and marketing portal between WHOW Games GmbH (”WHOW” / ”we” / ”us” / ”our”) and Italiaonline S.p.a. (”Italiaonline”), both hereinafter collectively also referred to as the ”party” or ”parties”.
The portal is operated by WHOW. We are responsible for the hosting, technical provision and maintenance of the portal. Italiaonline, on the other hand, provides the domain that hosts the site and establishes the generation of traffic on the portal.
We take your data privacy seriously. As such, we are committed to making it easy for you to understand what we do with your data. We use the term "personal data" in the sense of Article 4 European General Data Protection Regulation (”GDPR”) pursuant to EU-Regulation No. 2016/679.
Who the parties are
WHOW develops and operates social games and social gaming portals and is an authorized publisher and distributor of third-party browser-based and mobile social casino games that are integrated into websites in such a way that they appear as native website/mobile content to the user. Users can participate in WHOW's games for free but have the option to voluntarily purchase virtual currency for special features, functionality or virtual goods.
WHOW’s place of business is located under the following address:
WHOW Games GmbH
If you have any questions specifically pertaining to data privacy, you can contact us using firstname.lastname@example.org, or you can reach out to the Data Protection Officer (“DPO”) of either party, who has been appointed in accordance with Articles 37 et seq. GDPR.
WHOW’s DPO is:
SECUWING GmbH & Co. KG
The supervisory authority responsible for WHOW is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22, 7. OG
Phone: +49 40/42854-4040
Fax: +49 40/42854-4000
Italiaonline is an Italian provider of prominent web portals, e-mail, services and directories, as well as a wide range of online communication solutions.
Italiaonline conducts its business at the following address:
Via del Bosco Rinnovato 8
20057 Assago – Milanofiori Nord – Milan
For any request pertaining to the topic of privacy, please feel free to contact Italiaonline via this contact form:
https://privacy.italiaonline.it/Privacy/form.privacy.php or DPO via this contact form:
The supervisory authority responsible for Italiaonline is the Guarantor for the Protection of Personal Data based in Rome, Italy, at Piazza Venezia n. 11, 00187 (http://www.garanteprivacy.it/).
What personal data do we collect?
We collect personal data from you when you register an account with us.
We process the following categories of data:
Data for access management (credentials)
E.g. email address, password (but also e.g. Facebook identifier if you connect your Facebook account)
E.g. your display name, your avatar
Data about your game progress
E.g. your level, quest status, the number of in-game currency you have
Data about your preferences
E.g. whether you subscribed to our newsletter
E.g. device ID, operating system, browser string
Data about your online behavior
E.g. logins, gameplay, clicks
Data about individual payments in our games
E.g. if you buy in-game currency using our shop
E.g. IP address, referrer
E.g. country of origin, language
Personally identifiable data
E.g. address, date of birth
E.g. banner ads you clicked on to reach us
The way we process this data, why and on what legal basis we do this are explained in the section What do we process your data for?
Sensitive GDPR data is the so-called "special categories of personal data”, e.g. on your racial or ethnic origin, your health, or your political opinions. We do not intentionally collect any sensitive data from you.
That said, we cannot control what content you put into messages you write through our website (e.g. to other users, or when you create a support ticket). While we strive to protect any privacy implied by such a transfer, we cannot differentiate a particularly sensitive message from any other kind of message you may choose to write. Please be aware that such messages are not afforded any additional protection.
Data pertaining to children
We do not collect any information on children. You need to be a legal adult to play our games.
Why do we process your data?
We only process a user’s personal data in compliance with the relevant and pertinent data protection regulations. This means that a user’s data shall only be processed if the user has given his or her legal permission for us to do so. In particular, we process:
- when data processing is required in order for us to be able to provide our contractual and online services (Article 6 para. 1 lit. b GDPR)
- when required by law (Article 6 para. 1 lit. c GDPR)
- when we are in possession of the consent of the user, and when it is collected for the sake of our legally legitimate interests (i.e. interest in the analysis, optimization, and economic operation and safety of our online product as per Article 6 para. 1 lit. f GDPR)
- with regard to range measurement, the creation of profiles for advertising and marketing purposes, as well as the collection of access data and the use of the services of third-party providers
- when we use personal data to send newsletters relating to the gaming platform and conduct promotional communication for Italiaonline services, if the user has given us his/her consent (Article 6 para. 1 lit. a GDPR).
Enabling gameplay (contractual fulfillment; Article 6 para. 1 lit. b GDPR)
Our game platform cannot function without certain data. In order for you to have any meaningful progress in your gameplay, we need to be able to reliably differentiate you from other users of our website, which is why we ask you to register an account. When you log in, we compare your login credentials against those we have on file and maintain your customization data and game progress. Your display name, avatar, and certain elements of your progress are made public within our game platform (e.g. for in-game leaderboards, or to broadcast certain wins). You can change your display name and avatar at any time. Additionally, your country and language are used to provide you with a localization of our website - we will try to serve you content in your language and our in-game shop in your local currency.
Payments and invoices
If you wish to buy in-game currency in our in-game shop, your transaction will usually be with third-party payment processors. In any case, once a payment is successful, we get this information in the form of a digital invoice, which we store to fulfil legal requirements (Article 6 para. 1 lit. c GDPR), to retain them in the case of legal dispute (legitimate interest, Article 6 para. 1 lit. f GDPR), and to optimize our web presence for you (legitimate interest, Article 6 para. 1 lit. f GDPR).
These invoices contain the following data: the product/service you purchased, how much you paid for the item and the payment method you used. We do not store any type of information that can be used to make a payment unless you yourself have activated the QuickPay service (contractual fulfillment; Article 6 para. 1 lit. b GDPR).
We do not have access to credit card numbers or card verification codes (CVC). As such, it is not possible for us to process such information or pass it along to a third party. At our website, we use the services of the it-security-provider Risk.Ident GmbH. Every form of communication between us and Risk.Ident only takes place for the sake of preventing cases of fraud whilst using our website.
Risk.Ident collects and processes specific data from our users, via cookies and tracking technology, about the features of the device used by the customer (“device related data”), raw data out of the TCP/IP connection and data about the usage of our website. Thereby Risk.Ident also collects and processes the user's IP address. However, this is encrypted within a few seconds at Risk.Ident. The information will be saved in a database by Risk.Ident for risk prevention purposes.
Once a user has signed a contract that entails risk-related terms at one of our websites e.g. by creating a user account for the purchase of certain items, we retrieve a risk score from the Risk.Ident database. The risk score has been deposited there for the device used by the customer. The risk score is inter alia based on information about
a) whether the user’s device has communicated or communicated, current or past, via a proxy connection.
b) whether the device recently has dialed in via various internet service providers.
c) whether the device has shown or showed a frequently changing geo reference.
d) how many internet transactions have been executed via the device in the recent past (we cannot detect which kind of transaction it was).
e) how probable it is that the device, deposited in the Risk.Ident database, actually belongs to the respective user.
The outcome of this risk score supports us in preventing fraud attempts.
In addition, we transmit data to Risk.Ident to the extent of our knowledge that a user may have committed or attempted to commit fraud. Risk.Ident is provided with information about such an attempt as well as the specific device-related data of the user. As part of our fraud protection measures (also known as anti-fraud measures), all person-related master data, communication information, contractual master data, customer histories, contract billing data, and payment information are provided to the Risk.Ident GmbH for processing.
Security and fraud prevention (legitimate interest; Article 6 para. 1 lit. f GDPR)
To help secure our website and to prevent fraud, we store data such as your IP address and certain device information when you access our website and interact with it.
Your device data and IP address information is stored and logged to allow fraud and data security forensic investigation. Your IP address information is also processed automatically by our network devices - this infrastructure is needed to serve our website, but also to deny access to IP addresses known to be in use by malicious actors.
Due to the nature of this interest, we cannot offer you a means to opt-out of this processing, as this would undermine its purpose (and in some cases, an opt-out is technically impossible - e.g. we cannot exempt your IP address from processing by our network devices).
If you object to this processing, we ask that you please do not use our website.
Optimization of website and campaigns (legitimate interest; Article 6 para. 1 lit. f GDPR)
To optimize our marketing campaigns and our website, we track information about your behavior and preferences. This data is pseudonymized and stored separately from your account data. While they are stored on an individual basis, this data is only available to the employees that must work with this data, and they are reported on only in aggregate.
Over the course of campaign optimization, we share some of this data with third-party trackers by embedding a tracking pixel on our website.
Please refer to the section “Web Analytics” for further information about these trackers and how you can opt out of them.
How long do we store your data?
For data that we store for legal reasons, we retain the data as long as legally required of us (up to ten years).
For data that we store in consideration of legal disputes, we retain the data as long as legally permissible. This may be up to 30 years.
For logs storing network data, we delete the data in regular intervals - the exact time varies based on configuration rules (which may prune the logs based on size rather than a fixed time), on whether the data was part of a snapshot that landed in a backup, and on whether the logs are part of a set of logs that are routinely forwarded to a central log repository but will not exceed 2 years.
For data necessary to send the newsletters and commercial emails, data will be stored until the permission to use them is revoked by the user or the user cancels his account.
Information regarding your rights
WHOW and Italiaonline are headquartered in the European Union. We are committed to complying to the GDPR. This affords you several inherent rights to your personal data.
You have the right to:
- request access to your personal data (Article 15 GDPR) in a portable format (Article 20 GDPR)
- request correction of your personal data (Article 16 GDPR),
- request restriction of the processing of your personal data (Article 18 GDPR),
- request deletion of your personal data (Article 17 GDPR),
- withdraw consent for your processing of data, when we do this in accordance with a legitimate interest (Article 7 para. 3 and Article 21 GDPR),
- lodge a complaint with a supervisory authority (Article 77 GDPR).
You can easily delete your data in the settings for your account. For all other requests, please contact us either through the support widget on our website, or by contacting us via email (service@WHOW.net). If you contact us through a means other than the support widget, please understand that we may need to ask you to verify your identity. After all, you wouldn't want a random stranger to get access to your data, and neither do we.
Note that it may take up to 30 days for us to process a request of yours. Should there be any delay, we will of course let you know.
You can find additional legal information in the Articles 7 para. 3, 15-21 and 77 GDPR.
Instructions for deleting your player data and/or your player account in our web version:
* Log into the respective player account using your player account information.
* Then open your profile by clicking on your profile pic.
* Scroll down until you reach the point "Delete account" and confirm this selection.
* Enter your password to confirm deletion.
Please denote that any and all deletions will require a few days to process. Should you wish to cancel or revoke your deletion request, please proceed step by step through the instructions provided above and object to the respective deletion.
Your right to access, correct, and erase your personal data (Articles 15, 16, 17 and 20 GDPR)
At any time, you can request information as to whether or not your personal data is processed by WHOW and/or Italiaonline, what the conditions of such processing are, and to receive a copy of your personal data.
More specifically, you can request information about:
- the purposes of the processing
- the categories of personal data that is processed.
- the categories of recipients with whom we have shared the data.
- the intended duration of storage.
- your rights in regard to this data (correction, erasure, restriction, withdrawal of consent, and lodging a complaint with the supervisory authority).
- the source of the data in cases where we did not obtain it from your direct interactions with us.
- the existence of any automated decision-making based on this data, including profiling.
- your right to request meaningful information about the algorithms involved.
If you make this request electronically, the information will be provided in a commonly used electronic form. Should you make this request several times, parties may ask a fee of you to cover administrative costs.
You also have the right to instruct us to correct any personal data that is inaccurate.
Lastly, you have the right to ask us to erase your personal data, if there are no legal reasons for us to retain it (such as freedom of expression, legal requirements, public interest or if required as evidence in legal disputes) and one of the following reasons applies:
- Your personal data is no longer necessary considering the purposes for which it was collected or processed.
- You wish to revoke your consent having served as the basis for the processing and there is no other basis justifying such processing.
- Your personal data has been the subject of unlawful processing.
- Your personal data should be erased pursuant to a legal requirement.
When we delete data that we've shared with third parties, we will also contact those third parties and ensure that they too delete your data.
When we delete data that we've made public over the course of offering our services to you, we will, to the degree feasible, contact any third party providers that may have this information cached to forward your request to them.
Right to the restriction of processing of personal data (Article 18 GDPR)
You can assert your right to limit the processing of your personal data when:
- you contest the accuracy of your personal data, during the time necessary to verify the accuracy of such data.
- the processing of your personal data is unlawful, but you oppose the erasure thereof and instead demand the limitation of processing.
- when we no longer need your personal data, but you still need such personal data for the establishment, exercise, or defense of legal claims.
Right to personal data portability (Article 20 GDPR)
You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit such data to another controller without restraint or impediment from WHOW.
Whenever technically feasible, you may request that your personal data be transmitted directly to another data controller by WHOW.
Right to revoke consent (Article 7 para. 3 and 21 GDPR)
WHOW and Italiaonline only process your personal data with your consent, unless the data processing is otherwise required (see section “Are you required to share your personal data with WHOW?”).
If you have a registered account with us, you may revoke your consent at any time by changing the settings associated with your account (or by deleting your account outright, if you prefer). If you do not have a registered account with us, please refer to the Web and App Analytics section for the means of opting-out of other data collection.
Please note that a revocation of your consent does not affect the lawfulness of processing carried out prior to such revocation.
Objection against the processing of your data for direct marketing
When you create an account with us, you have the option of subscribing to newsletters and commercial emails. You can opt-out of newsletters and commercial emails at any time using the unsubscribe links provided in the email footers, or in your account settings.
Web and app analytics
The trackers use this data either to craft approximate your behavioral profiles (enabling them to supply better marketing targeting to the users of their service) or to permit us to pay for our campaigns via registration events or the acquisition of paying users rather than impressions ("performance marketing").
Right of objection
Should you object to the use of this pseudonymized processing of your data, your opt-out options are:
For web and our online tracking of and to the endpoints we manage, please refer to the cookie preference settings in the following by clicking the “Cookies” button.
Your browser will need to accept cookies for the opt-out process to work.
Since you may also interact with other trackers used on other websites, opting out of the trackers on a single website will probably not lead to the desired result. To better enable you to effectively opt out of tracking services, this section contains an overview of all of the trackers we use and where you can opt out of them.
The opt-out options for many tracking services can also be found at http://youronlinechoices.eu, which provides a unified and central opportunity for you to opt out of various tracking services. This site can also help if you want to review your online choices for other providers that we do not make use of.
Unless otherwise noted (be it here or on our tracking partners opt-out pages), your browser will need to accept cookies for the opt-out process to work.
AppsFlyer - AppsFlyer is based in the US and offers an opt-out at https://www.appsflyer.com/optout
Facebook Analytics - Facebook/Meta is based in the US and offers opt-out instructions at https://www.facebook.com/help/568137493302217
Google Ads (a/k/a Google Remarketing) and AdMob - Google offers opt-out instructions for Google Ads and AdMob at https://adssettings.google.com/authenticated
Google Analytics - Google offers opt-out instructions for Google Analytics at https://tools.google.com/dlpage/gaoptout. Your IP address is masked when it is sent to Google Analytics. For further information, visit https://www.google.com/analytics/terms/
We make use of the widespread SSL (Secure Socket Layer) encryption method to make our site secure when you visit it. This is in conjunction with the highest level of encryption supported by your browser.
You can tell when any single page at our website is transmitted in encrypted form by the closed presentation of the lock (or key) symbol in your browser’s status bar.
We also take the appropriate technical and organizational security measures to protect your data against destruction, accidental and/or intentional manipulation, partial and/or total loss, or against unauthorized access by third parties. Our security measures are continuously being improved in accordance with technological developments.
Information on the Joint Controllership of Data via Italiaonline and WHOW as per Article 26 GDPR
The data processing responsibilities at "misterjackpot" are distributed between Italiaonline and WHOW as follows.
- The collection of your data for the offer of website services, and in the context of registration and participation in games, is carried out exclusively at the website in the joint responsibility of the parties.
- The data collected or used as part of the process of registration for a newsletter as well as the sending out of the newsletters is all subject to the joint responsibility of WHOW. WHOW is responsible for a data-protection-compliant collection of data for the electronic delivery of these newsletters via the processes set up by the system or which we make available.
- The system-side responsibility, i.e. the technical design of the data-processing processes, is held by WHOW. This means that the data-protection-compliant design of the technical measures and established data-processing processes as well as the interfaces necessary to be able to operate the website operationally lie within WHOW’s area of responsibility.
- WHOW is responsible for the proper storage of the data collected via the individual processes of the website in accordance with data protection law. The storage of the data is carried out in compliance with the necessary principles of data security and data separation.
- With the exception of sending newsletters of the respective parties, no advertising measures are established.
- WHOW implements tracking technologies in compliance with data protection laws, which are used on a case-by-case basis in coordination with Italiaonline. The parties are jointly responsible for the information/data obtained from the established tracking measures.
- WHOW is responsible for the implementation of the games offered at the website, the related communication with the data subjects, and customer service, which also includes the data-protection-compliant processing of the data required for this purpose and the implementation of a data-protection-compliant process for the promotion of new products/games.
- Italiaonline shall be responsible for carrying out its own communication and promotional activities with data subjects, which will also include the processing of the data required for this purpose in compliance with data protection laws, as well as the implementation of a process for the promotion of products and/or services in compliance with data protection laws.
- The billing processes, i.e. the processing of your payments, are part of WHOW's area of responsibility.
- The protection of the rights of the data subject according to Article 15 et seq. GDPR as well as the notification obligations as per Article 33 et seq. GDPR are regulated in the section ”Information regarding your rights”. Both compliance and maintenance are the responsibility of the respective parties.
If you have any questions or concerns about data privacy, you can contact us at email@example.com and/or firstname.lastname@example.org.