Privacy Policy

Introduction

This Privacy Policy informs you about the type, scope of the processing of data (hereinafter referred to as "data") in the context of the provision of our range of services and on our websites, mobile applications, functions and contents connected with them as well as external online representations, e.g. How to Draw Bikes (hereinafter collectively referred to as "Services").

Fantastic Apps team has adopted this privacy policy ("Privacy Policy") to explain how Fantastic Apps uses the information required in connection with Fantastic Apps’s Services.

BY INSTALLING, USING, REGISTERING TO OR OTHERWISE ACCESSING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY AND GIVE AN EXPLICIT AND INFORMED CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT INSTALL, USE, REGISTER TO OR OTHERWISE ACCESS THE SERVICES. Fantastic Apps reserves the right to modify this Privacy Policy at reasonable times, so please review it frequently. If Fantastic Apps makes material or significant changes to this Privacy Policy. Your continued use of Services will signify your acceptance of the changes to this Privacy Policy.

Non-personal data

The data we collect depends on the context of your interactions with us, the choices you make, including your privacy settings, and the products and features you use. The data we collect can include SDK/API/JS code version, browser, Internet service provider, IP address, platform, timestamp, application identifier, application version, application distribution channel, independent deice identifier, iOS ad identifier (IDFA), Android ad master identifier, network card (MAC) address, and international mobile device identification code (IMEI) The equipment model, the terminal manufacturer, the terminal device operating system version, the session start / stop time, the location of the language, the time zone and the network state (WiFi and so on), the hard disk, the CPU, and the battery use, etc.

Fantastic Apps may use and disclose to Fantastic Apps For Free's partners and contractors the collected non-personal data for purposes of analyzing usage of the Services, investigate, prevent or take action regarding unauthorized use of the services to further develop the Services and other Fantastic Apps services and products.

Use of Personal Data

For purposes of this Privacy Policy, "non-personal data" means information that does not directly identify you. The types of non-personal data Fantastic Apps may collect and use include, but are not limited to: application properties, including, but not limited to application name, package name and icon installed on your device. Your checkin (include like, recommendation) of a game will be disclosed to all Fantastic Apps users.

Fantastic Apps may use collected personal data for purposes of analyzing usage of the Services, providing customer and technical support, managing and providing Services (including managing advertisement serving) and to further develop the Services and other Fantastic Apps services and products. Unless the Law forces us, we will not share any personal data with any unaffiliated third party for any purpose ever.

The personal data and information includes:

1. Your mobile device's unique identifier (UDID)

2. Your email address used to login the social network

3. Your social network or third-party service user identification number (like your Facebook ID number), which is linked to publicly-available information like your name and profile photo (including the social network ID numbers and other public data of your friends)

4. In-game transaction identifiers and purchases

5. Your device types and its OS version

6. The local language and country settings on your device

Disclosure and Transfer of Personal Data

Fantastic Apps collects and processes personal data on a voluntary basis and it is not in the business of selling your personal data to third parties. Personal data may, however, occasionally be disclosed in accordance with applicable legislation and this Privacy Policy.

Fantastic Apps may disclose your personal data to third parties as required by law enforcement or other government officials in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose you or Fantastic Apps to legal liability.

Fantastic Apps may also disclose your personal data to third parties when Fantastic Apps has a reason to believe that a disclosure is necessary to address potential or actual injury or interference with Fantastic Apps's rights, property, operations, users or others who may be harmed or may suffer loss or damage, or Fantastic Apps believes that such disclosure is necessary to protect Fantastic Apps For Free's rights, combat fraud and/or comply with a judicial proceeding, court order, or legal process served on Fantastic Apps For Free. To the extent permitted by applicable law, Fantastic Apps will make reasonable efforts to notify you of such disclosure through Fantastic Apps For Free's website or in another reasonable manner.

Besides, If Fantastic Apps becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Safeguards

Fantastic Apps follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity and privacy of the information in Fantastic Apps For Free's possession.

Other

Please be aware of the open nature of certain social networking and other open features of the Services Fantastic Apps may make available to you. You may choose to disclose data about yourself in the course of contributing user generated content to the Services. Any data that you disclose in any of these forums, blogs, chats or the like is public information, and there is no expectation of privacy or confidentiality. Fantastic Apps is not responsible for any personal data you choose to make public in any of these forums.

If you are under 15 years of age or a minor in your country of residence, please ask your legal guardian's permission to use or access the Services. Fantastic Apps takes children's privacy seriously, and encourages parents and/or guardians to play an active role in their children's online experience at all times. Fantastic Apps does not knowingly collect any personal information from children below the aforementioned age.

Fantastic Apps regularly reviews its compliance with this Privacy Policy. If Fantastic Apps receives a formal written complaint from you, it is Fantastic Apps For Free's policy to attempt to contact you directly to address any of your concerns. Fantastic Apps will cooperate with the appropriate governmental authorities, including data protection authorities, to resolve any complaints regarding the collection, use, transfer or disclosure of personal data that cannot be amicably resolved between you and Fantastic Apps.

Legal Basis for Data Processing

International Transfers of Personal Data

Your Rights

Subject to limitations in applicable law, you are entitled to object to or request the restriction of processing of your Personal Data, and to request access to, rectification, erasure and portability of your own Personal Data.

Where the use of your information is based on consent, you can withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected. You may lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes applicable law.

We retain your Personal Data as long as needed to provide services or products to you, or as required or permitted by applicable laws, such as tax and accounting laws.

Web analytics, online marketing and technology partners

In this section we inform you which services of technology partners are used for web analytics and online marketing purposes. Their application is based on Art. 6 (1) letter f GDPR and our interest in increasing user convenience, optimizing our services and their economic efficiency. The processed data includes in all cases the usage data and the metadata. Further explanations can be found in the definitions of terms, in particular on the functions and security measures, at the end of this Privacy Policy. The retention of the data is determined, unless otherwise stated, in accordance with the Privacy Policies of the technology partners.

Google Tag Manager

Google Tag Manager is a tool that allows us to manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online serviced,). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, reference is made to the following information on the Google services. Usage guidelines:https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

We use Google Analytics for purposes of web analytics/ measurement and target group building.

Data processed: Usage data, metadata.
Type, scope and mode of operation of the processing: Universal analytics, cross-device-tracking, permanent cookies, third party cookies, tracking, interest based marketing, profiling, custom audiences, remarketing.
Special security measures: pseudonymisation, IP masking, conclusion of order processing contract, opt-out.
Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=en (browser add-on), https://adssettings.google.com/ (setting for advertisements).
External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://policies.google.com/privacy.
Processing in third countries: USA.
Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Retention of data: 14 months.

Google AdWords

We use Google AdWords to place ads to measure the success of the ads we place on Google's and Google partner's websites.

Data processed: Usage data, metadata.
Type, scope and mode of operation of the processing: Universal analytics, permanent cookies, third party cookies, tracking, conversion measurement, interest based marketing, profiling, cross-device-tracking.
Special security measures: Pseudonymisation, IP masking, conclusion of order processing contract, opt-out.
Opt-Out: https://adssettings.google.com/.
External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://policies.google.com/privacy.
Processing in third countries: USA.
- Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Retention of data: The data may be processed by Google for up to two years before it is anonymised or deleted.

Google Doubleclick

We use Google Doubleclick to place ads and to measure the success of the ads we place on Google's and Google partner's websites.

Data processed: Usage data, metadata.
Type, scope and mode of operation of the processing: Universal analytics, permanent cookies, third party cookies, tracking, conversion measurement, interest based marketing, profiling, cross-device-tracking.
Special security measures: Pseudonymisation, IP masking, conclusion of order processing contract, opt-out.
Opt-Out: https://adssettings.google.com/.
External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://policies.google.com/privacy.
Processing in third countries: USA.
- Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Retention of data: The data may be processed by Google for up to two years before it is anonymised or deleted.

Facebook Pixels and Custom Audiences

We use the Facebook pixel to form target groups and measure the success of the ads we place on Facebook and to build target groups for ads.

Data processed: Usage data, metadata; if users are registered with Facebook, the data is linked to their Facebook profiles and data belonging to them (in particular inventory data).
Type, scope and mode of operation of the processing: Permanent cookies, third party cookies, tracking, conversion measurement, interest based marketing, profiling, custom audiences from website, cross-device-tracking.
Special security measures: Encrypted communication between Facebook and our website.
Opt-Out: https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ (EU),http://www.aboutads.info/choices (US).
External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.facebook.com/policy.php.
Processing in third countries: USA.
Guarantee when processing in third countries: Privacy Shield www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Retention of data: The data will be deleted by Facebook and will be deleted if the user's data is deleted as part of the termination.

Section IV - Definitions

This section provides an overview of the terms used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are sorted alphabetically.

A/B Tests - A/B Tests are designed to improve the usability and performance of online services. For example, users are shown different versions of a website or its elements, such as input forms, on which the placement of the content or labels of the navigation elements can differ. Subsequently, it is possible to determine which of these websites or elements are more suited to the needs of the users on the basis of the users' behaviour, e.g. longer stays on the website or more frequent interaction with the elements of the website.
Affiliate Links - Affiliate links are links that are used to refer users to websites with product or other offers. The operators of the respective linking websites can receive a commission if users follow the affiliate links and then take advantage of the offers. For this it is necessary that the providers can track whether users who are interested in certain offers subsequently purchase them at the initiative of the affiliate links. Therefore, the functionality of affiliate links requires that they be supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the initial website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as tracking specific values such as, for example, advertising material ID, partner ID and categorisations.
After-Sales - "After Sales" is a marketing procedure in which, for example, customers of an online shop are presented with advertising offers from other companies (which are usually based on the services or products purchased in the online shop). Furthermore, the functionality of after-sales corresponds to the functionality of affiliate links.
Aggregated Data - Aggregated data is pooled data that cannot be traced back to a person and is therefore not personal. For example, visit times on a website can be saved as median values.
Anonymous data - Anonymity occurs when a person cannot at least be identified by the controller using the reasonable means at his disposal on the basis of data. In particular, aggregated data may be anonymous.
Clicktracking - "Clicktracking" allows to track the movements of users within an entire website. Since the results of these tests are more accurate if the user interaction can be monitored over a certain period of time (e.g. if a user likes to return), cookies are usually stored on the user's computers for these test purposes.
Consent – „consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Conversion - "Conversion", or "Conversion measurement" refers to a procedure with which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on the user's devices within the websites on which the marketing activities take place and then retrieved again on the target website (e.g. this enables us to trace whether the ads we placed on other websites were effective).
Cookies - Cookies are small files that are stored on the user's computer. Different data can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an website. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an website and closes his browser. In such a cookie, for example, the content of a shopping basket in an online shop or a login status within a community can be stored. Cookies are referred to as "permanent" or "persistent" if they are stored even after the browser is closed. For example, the login status can be saved permanently. Likewise, the interests of users used for web analytics or marketing purposes (see e.g. "Remarketing") may be stored in such a cookie. As a "third party cookie", cookies are offered by providers other than the operator of the website (otherwise, if they are only the operators cookies, they are referred to as "first party cookies").
Cross-Device-Tracking - Cookies and fingerprints are device-related. Cross-device tracking is required to evaluate the interests of users using smartphones for advertising on desktop PCs. Logins in social networks such as Facebook, for example, can be used for this purpose. Alternatively, location data, IP addresses and user behavior are used to achieve up to 98% more precise user restriction. Cookies and web beacons are usually used for cross-device tracking purposes.
Custom Audiences - Custom audiences are people who are targeted for advertising purposes, e.g. the display of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it may be concluded that the user is interested in advertisements for similar products or the online shop in which he has viewed the products. "Lookalike audiences" are users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences. "Custom Audiences from Website" means that the target groups are formed on the basis of visitors of the own website. "Custom Audiences from File" means that, for example, a list of e-mail addresses is uploaded to the respective advertising network or platform to form the target group.
Data subject - See "Personal data".
Demographic Data - Demographic data are general information about groups of people or persons, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected within the scope of web analytics and in online marketing for the purposes of online behavioural marketing or for business analyses that are used, for example, to determine the target groups.
Embedding - Embedding involves integrating external content or software functions (see "Plug-ins") into one' s own website in such a way that they are displayed or executed on this website. No copy of the content is created because it is called from the original server (e.g. videos, images, posts on social networks, widgets with ratings). With embedding, it is technically necessary for the provider of the content to obtain the IP address of the user in order to display the embedded content in the user's browser. Furthermore, the content provider may, for example, store cookies on the user's devices.
Advanced matching - The "advanced matching" is a Facebook pixel option, which means that inventory data such as phone numbers, email addresses or Facebook IDs of users are transmitted to Facebook in encrypted form to form target groups for Facebook ads and are used only for this purpose.
Error tracking - During error tracking, e.g. incorrectly executed program code is detected in order to eliminate it and thus guarantee the functionality and security of websites.
Fingerprints and other online identifiers - "Fingerprints" correspond in their function to cookies, whereby the storage of a file on the user's device is not required. These digital fingerprints can be individually created as cross sums of individual factors of devices, e.g. computing power or browser plug-ins for devices, and thus used for web analytics, profiling, remarketing, online- and behavioral advertising.
First-Party Cookies – See „Cookies”.
Heatmaps - "Heatmaps" are mouse movements of the users, which are combined to an overall picture, with the help of which e.g. it is possible to recognize which website elements are preferred and which website elements users prefer less.
IP address - The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet. When a user visits a website on a server, he informs the server of his IP address. The server then knows that it must send the data packets containing the content of the website to this address.
IP Masking - IP masking is a method in which the last octet, i.e. the last two numbers of an IP address, are deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing.
Online behavioral advertising (OBA) - online behavioral advertising is the term used when profiling is used to assess the potential interest of users in advertising. Cookies and web beacons are usually used for these purposes.
Lookalike Audiences – See “Custom Audiences”.
Opt-in - The term "opt-in" means, depending on the context, the same as registration or consent.. If a registration (e.g. by entering an e-mail address in an online form field) is confirmed by sending an e-mail with a confirmation link to the owner of the e-mail address, this is referred to as a Double-Opt-In (DOI).
Opt-Out - The term Opt-Out means unsubscription and may be an objection (e.g. against tracking) or a cancellation (e.g. for newsletter subscriptions).
Opt-Out-Cookie - An "Opt-Out-Cookie" is a small file (see "Cookies") which is stored in your browser and in which it is noted that, for example, a tracking service should not process your data. The "opt-out cookie" only applies to the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked.
Permanent Cookies – See „Cookies”.
Personal Data - "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Plugins/ Social Plugins - Plugins (or "Social Plugins" in the case of social functions) are external software functions that are integrated into a website. For example, they can be used to output interaction elements (e.g., a "I like" button) or content (e.g., external commenting function or postings in social networks).
Processor - "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Profiling - "Profiling" means any automated processing of personal data consisting in the use of such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information regarding age, gender, location and movement data, interaction with websites and their contents, shopping behaviour, social interactions with other people) (e.g. interests in certain contents or products, click behaviour on a website or the location). Cookies and web beacons are often used for profiling purposes.
Privacy Shield - The EU-US Privacy Shield is an informal agreement in the field of data protection law negotiated between the European Union and the United States of America. It consists of a number of assurances from the US government and a decision by the EU Commission. Companies certified under the Privacy Shield offer a guarantee to comply with European data protection law (https://www.privacyshield.gov).
Pseudonymisation/ Pseudonyms - "Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; E.g. if an exact interest profile of the computer user is stored in a cookie (a "marketing avatar"), but not the name of the user, then data is processed pseudonymously. If his name is stored, e.g. as part of his e-mail address or his IP address is stored, then the processing is no longer pseudonymous.
Third countries - Third countries are countries in which the GDPR is not directly applicable law, i.e. in general states that do not belong to the European Union (EU) or the European Economic Area (EEA).
Web Analytics - Web Analytics is used to evaluate the visitor flows of a website and can include their behaviour, interests or demographic information, e.g. age or gender. With the help of range analysis, website owners, for example, can see what types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimize the content of the website to the needs of their visitors. Cookies and web beacons are often used for Web Analytics purposes.
Remarketing/ Retargeting - "Remarketing" or "Retargeting" is used when, for example, for advertising purposes is noted which products a user is interested in on a website in order to remind the user on other websites of these products, e.g. in advertisements. Cookies are usually used for retargeting purposes.
Session Cookies – See „Cookies”.
Single-Sign-On - Single-Sign-On" or "Single-Sign-On-Authentication" is a procedure that allows users to log on to an online service, using other online services, they are members with. A requirement for Single-Sign-On authentication is that users are registered with the respective Single-Sign-On provider and enter the required credentials on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID at the respective single sign-on provider and an ID that can no longer be used by us (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the selected data shares as part of authentication and also which data users have authorised in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of users, it can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are asked to note that their data stored with us can be automatically synchronized with their user account with the Single-Sign-On provider, but this is not always possible or actually occurs. If, for example, the e-mail addresses of users change, users must change these manually in their user account at our site. If users decide that they no longer want to use their user account link with the Single-Sign-On provider for the Single-Sign-On procedure, they must cancel this link within their user account held with the Single-Sign-On provider. If users wish to erase their data from our system, they must cancel their registration at our service.
Special categories of personal data - Data identifying racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data relating to a natural person's sex life or sexual orientation.
Third Party - “Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Third-Party Cookies – See „Cookies”.
Tracking - Tracking is defined as when the behaviour of users can be traced across several online offers, e.g. for remarketing purposes. The behavioral and interest information collected with regard to the online services used is stored as user profiles in cookies or on the servers of marketing service providers (e.g. Google or Facebook).
Universal Analytics - "Universal Analytics" is a Google Analytics process in which the user analysis is based on a pseudonymous user ID and a pseudonymous profile of the user with information from the use of various devices is created ("cross-device tracking").
Controller – “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing – “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Tracking pixels – See Web-Beacons.
Web beacons - Web beacons (or "pixels", "measuring pixels" or "tracking pixels") are small, pixel-sized graphics that are integrated into Web pages or HTML e-mails. For example, they allow to determine whether an e-mail has been opened (at least if the image display in e-mails is enabled) or how often a website is accessed by a user.
Widgets – See Embedding.

THIS PRIVACY POLICY WAS UPDATED ON MAY.22TH.2018. According to the General Data Protection Regulation (GDPR) (EU) 2016/679.