Star Focus - Personal Data Protection and Information on Personal Data Processing for Users of the Game

At Bell Hat Games, we are commited to protecting the privacy of all users of Star Focus application (the “GAME”), and we strive to take due care in compliance with all applicable legal regulations and honor every person's right to be informed about how we process his/her personal data disclosed to us.

Though, given that the Star Focus application is designed for children and that GAME outputs may contain personal data that may fall into the special category of personal data, the GAME's architecture minimizes data processing wherever possible, in accordance with the principles of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”).

1. Data in relation to the relevant Electronic Marketplace (Google Play & App Store)

The GAME is purchased and downloaded via platforms like Google Play and App Store. In the event that you purchase our GAME and related rights (license), all the necessary software is installed directly on your device, such as a smartphone or tablet, where it is paired with the purchasing and/or using account of the respective electronic marketplace - Google Play and/or App Store through which the purchase was made.

We do not request, collect, or store any data that might lead to the identification of a particular user based on any data we have available. The relevant electronic marketplace shares with us very little information, that are being anonymized unless your personal settings of the account with the relevant electronic marketplace allow the electronic marketplace to share further data. If such sharing occurs, depending on the user's electronic marketplace account settings, any other handling of such data by us is excluded. We do not process such data in any way, i.e. we do not store it and we are subsequently unable to assign it to a specific data subject.

In particular, we obtain or may obtain from the relevant electronic marketplace the data below.

In case of Google Play:

- userID - Google Play Games ID userID – Unique Apple ID (App Store)

It is a unique numerical identifier of the authorized account we obtain in connection with the first installation of the GAME. It is not a personal data, as we are unable to pair it with the personal data held by the electronic marketplace. We store this identifier and use it to record information that a specific account, identified by us only through this anonymized userID, has the right to download and play the GAME. We may also use it to identify payments that we charge for the provision of the GAME in accordance with the rules of the electronic marketplace for the total number of licenses provided in a specified period of time.

- userName – Display name

It is a set of characters chosen by a specific user of the relevant electronic marketplace’s account, which may or may not be his/her real name. In connection with the userID and in combination with a situation where the name is used by a the same person elsewhere in a traceable manner, it cannot be ruled out that such information is personal data. If such data is shared with us, it is based on the user's specific personal settings at relevant electronic marketplace’s account. Under no circumstances we do not request, collect, or store such data in any way. Even if we receive it together with the userID, we do not process it further and we are unable to assign it back to the relevant userID.

- image – Profile avatar

It is a picture chosen by a specific user of the relevant electronic marketplace’s account, which may or may not be picture attributable to a specific person. In connection with the userID and in combination with a situation where the picture is used by a the same person elsewhere in a traceable manner, it cannot be ruled out that such information is personal data. If such data is shared with us, it is based on the user's specific personal settings at relevant electronic marketplace’s account. Under no circumstances we do not request, collect, or store such data in any way. Even if we receive it together with the userID, we do not process it further and we are unable to assign it back to the relevant userID.

- location

It is a set of data used for tracking, monitoring and navigating the whereabouts of given device. Location data is used mainly for Bluetooth technology connection. We do not process it further and we do not store it.

In case of App Store:

- userID – Unique Apple ID

- fullName – First and last name

It is a set of characters chosen by a specific user of the relevant electronic marketplace’s account, which may or may not be his/her real name. In connection with the userID and in combination with a situation where the name is used by the same person elsewhere in a traceable manner, it cannot be ruled out that such information is personal data. If such data is shared with us, it is based on the user's specific personal settings at relevant electronic marketplace’s account. Under no circumstances we do not request, collect, or store such data in any way. Even if we receive it together with the userID, we do not process it further and we are unable to assign it back to the relevant userID.

- email – A real or proxy email

It is an e-mail address used by a specific user of the relevant electronic marketplace’s account, which may or may not be his/her real name. In connection with the userID and in combination with a situation where the name is used by the same person elsewhere in a traceable manner, it cannot be ruled out that such information is personal data. If such data is shared with us, it is based on the user's specific personal settings at relevant electronic marketplace’s account. Under no circumstances we do not request, collect, or store such data in any way. Even if we receive it together with the userID, we do not process it further and we are unable to assign it back to the relevant userID.

- location

2. Data related to playing the Game

Any data entered (the profile and/or other data allowed to be filled in by the GAME’s interface) or created (game performance statistics linked with the relevant profile in the GAME) within the GAME remains stored locally on the user’s device. This concerns the following data:

- Profile Data

- Statistical Data from Gameplay

- Game Behaviour Data

This data are intended solely for the user's own use, and may fall into a special category of personal data due to the purpose of the GAME, and its objectives (in particular the statistical and related informational outputs generated about the results achieved by the user of the GAME which may indicate his/her past, current or future health status).

Such personal data is processed through the GAME installed on the user's device, and it is stored locally in a form that may constitute personal data exclusively on the storage of user’s device at which the particular version of the GAME is installed (On-Device local processing solution) We do not have a direct access to this personal data, and the only data that are being shared with us, are automatically anonymized by the GAME itself before being sent to our servers, meaning we do not process such personal data in any way and thus, we are not in the position of a such personal data controller or processor under the GDPR, or only to the extent that we are the creators of the GAME’s architecture.

In this context, however, persons who, in addition to the data subject himself/herself (user, whose personal data is at issue), have access to this data (i.e. legal guardian and/or adult caregiver) and who may therefore be controllers or processors of personal data, are advised to review their legal obligations under the GDPR and to act accordingly.

3. Data processed by Bell Hat Games

The only data we process is anonymized data that cannot be linked to a specific person without additional elements that we do not have at our disposal (in case of userID provided by the relevant electronic marketplace), or data that is completely anonymous.

This anonymous data consists of aggregated anonymous gameplay statistics provided to us by the GAME, independently of the user. However, the GAME automatically anonymizes this data and shares it without any identifiers, meaning that it is no longer specific in any way when it enters the network via an internet connection and does not constitute personal data when received by us. At the moment we receive this statistical information, we are unable to trace it back to a specific person.

We collect and categorize this data (number of active users, length of play, etc.) solely for our own analytical purposes in order to measure the effectiveness of the GAME for the intended purpose and to improve our GAME’s quality.

As described above, regardless of our will, we may be provided with data that meets the criteria of personal data on a one-off basis by relevant electronic marketplaces. Such data (e-mail address, image, etc.) shall be treated as personal data because if we were to monitor it specifically, we could theoretically gain an idea of which specific individuals are using our GAME. Formally, we thus become the controllers of this personal data for an insignificant period of time because it was received by us.

The legal basis for the collection of this data is the contractual relationship between the relevant user or his/her legal guardian, the relevant electronic marketplace, and us.

However, given that we do not require or record this data in any way, and therefore do not process it further, there are no specific purposes for which this personal data would be processed, nor does the data need to be deleted. In practice, given the way our system works, we do not retain this data at all; we may only have access to it. Nevertheless, in view of our obligations under the GDPR, we take the following measures to protect it and prevent its misuse.

All the data are processed by means of suitable technical tools, subject to the corresponding organizational measures taken to secure the data in a due manner. Any communication between your device and our servers, same as between the relevant electronic marketplace and our servers, is carried out on appropriate physical infrastructure, usually provided by our subcontractors, and is encrypted. We keep all data on third-party servers in secure data centres with controlled access restricted to authorized subjects only.

4. Bell Hat Games as Data Controller and your rights

Although we do not process any personal data in connection with the GAME, we consider it important that you have the opportunity to contact us at any time and obtain information about data processing in general. You can address in the matter of data processing through the following contact details:

Name: Bell Hat Games s.r.o.

Address: Písečná 1166, 330 23 Nýřany, the Czech Republic (EU)

E-mail: info@bellhatgames.com

Tel. No.: +420 774 429 518

Given the way how we work with personal data, please find below the individual rights specified in more detail:

· Right of access to your personal data – In general, under the GDPR you can inform yourself whether we have your personal data in our database, what the data are and what ways and purposes we use to handle them. Given that we process all the data as described above, you cannot really exercise of this right, as we do not store any of your personal data.

· Right to have your personal data corrected – In general, you can demand that we update the personal data you have provided to us. Given that we process all the data as described above, you cannot really exercise of this right, as we do not store any of your personal data.

· Right to have your personal data erased – In general, if we would process your personal data in a way contrary to the legal regulations or if we keep them longer than needed for the purposes described above, you can demand its deletion. Given that we process all the data as described above, you cannot really exercise of this right, as we do not store any of your personal data.

· Right to raise an objection against processing – In general, one can raise an objection to restrict the processing of personal data which are processed by us on the basis of a legitimate interest or by law. In such a case, personal data will not be erased automatically but will not be handled further until the moment of verification of the processing and of the decision thereon. Given that we process all the data as described above, you cannot really exercise of this right, as we do not store any of your personal data.

· Right of data portability – you can request the data you have provided to us, from us during the period they are available to us. Given that we process all the data as described above, we do not store any of your personal data, and thus cannot provide you with it. However, in accordance with the principles governing the provision of digital content, we would like to point out that all data, including personal data, contained within the GAME can be downloaded in machine-readable form via the user interface in your GAME and stored independently of the GAME.

· Right to withdraw your processing consent – on the precondition that we process your personal data on the basis of your consent, you can withdraw such consent at any time. If it concerns personal data you have provided to us in an individual case beyond the framework described above, they have likely been processed by us on the basis of your consent and, in such a case, you can withdraw the consent at any time.

Further, you have the right to ask to have the legality of personal data processing verified or to file a complaint while meeting the set particulars if you believe that your right of personal data protection has been violated. The authority competent to settle your request is the relevant authority in the EU member state where you live, and always the Czech Office for Personal Data Protection (ÚOOÚ), which is entitled to verify the legality of personal data processing under your request. The address of the Office for Personal Data Protection is Pplk. Sochora 27, 170 00 Praha 7, Czech Republic (EU).

If you presume that other supervisory body is competent to settle your complaint, you can address us to assist you in identifying this competence. In general, however, it applies that, in relation to data subject complaints, every supervisory body in the territory of its member country of the European Union is competent to fulfil the tasks and perform the authorities assigned to it in compliance with the GDPR.

Download