PRIVACY POLICY
Effective Date: 30.01.2025
1. Introduction
We, Gilinberg, Pfalzgraf, Rifert & Würzler GbR (hereinafter “the Company,” “Us,” or “We”), take the protection of your personal data very seriously. This Privacy Policy (hereinafter “Policy”) describes how we collect, use, share, and protect your personal data in connection with our games (including “Starship Battlegrounds”), sites, store, and related services (collectively the “Service”). Use of the Service is also governed by our Terms of Service (“ToS”), which are incorporated herein by reference.
2. Controller
The Controller responsible for processing your personal data within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is: Gilinberg, Pfalzgraf, Rifert & Würzler GbR Seestraße 64 78354 Sipplingen, Germany Email: support@ampere-lab.com
3. What Data We Collect and How
We collect personal data in various ways to provide and improve the Service.
3.1. Data You Provide to Us Directly:
Contact Data: When you contact our support (e.g., via email), we process the information you provide (e.g., name, email address, content of your inquiry).
Account Information: If you register an account with us (if applicable), we collect data such as your chosen username, email address, and password.
Payment Data: When you make in-app purchases, transactions are processed by third-party providers (e.g., Apple App Store, Google Play Store). We do not receive direct payment information, such as your credit card number, but only transaction confirmations necessary to validate the purchase.
User Content: As defined in our ToS (Section 3), we may process content you upload, such as chat texts or forum posts.
3.2. Data We Collect Automatically (When You Use the Service):
Usage Data: Data about your gameplay activities (e.g., game progress, session duration, in-game interactions, crash reports).
Device and Technical Data: Device model, operating system and version, IP address, language settings, and unique device identifiers.
Advertising IDs: We collect your device’s advertising ID (e.g., IDFA on iOS, GAID on Android). These IDs are resettable and are used, as described in Section 5, primarily for advertising purposes.
Data from Advertising Networks: We use third-party advertising services such as Unity Ads. These services may collect their own data about you to display personalized advertising.
4. Purposes and Legal Bases for Data Processing
We process your data based on the following legal grounds under the GDPR:
4.1. For the Performance of a Contract (Art. 6(1)(b) GDPR)
We process the necessary data to fulfill our contract (the ToS) with you. This includes :
Creating and managing your Account (including guest accounts).
Providing and maintaining the game’s functionalities.
Processing in-app purchases and providing Virtual Items.
Responding to your support inquiries related to the contract.
4.2. Based on Your Consent (Art. 6(1)(a) GDPR & § 25 TTDSG)
For certain purposes, we ask for your explicit consent. We obtain this consent via a Consent Management Platform (CMP), which is displayed to you when you first launch the Service. As we use Google’s advertising infrastructure (via Unity Ads), we are required to use a Google-certified CMP that integrates with the IAB TCF 2.2 standard . Failure to use a certified CMP will result in Google disabling personalized and non-personalized ads for your EU/EEA users . Your consent is required for the following purposes:
Accessing/Storing Information on Your Device (§ 25 TTDSG): German data protection law (§ 25 TTDSG) requires your explicit consent for any access to or storage of information on your device that is not strictly necessary for providing the service. This specifically includes accessing device identifiers like the Advertising ID (GAID/IDFA) for any purpose, including analytics or advertising .
Personalized Advertising (Art. 6(1)(a) GDPR): If you consent, we and our partners (like Unity Ads) process data (e.g., your advertising ID and usage data) to show you personalized, relevant ads .
Analytics and Improvement (Art. 6(1)(a) GDPR): If you consent, we use partners (e.g., Unity Analytics, Google Firebase) to analyze Service usage, fix bugs, and improve the user experience . (This processing is based on consent, not legitimate interest, due to the § 25 TTDSG requirement mentioned above).
You can withdraw your consent at any time. You can typically do this via a persistent link or button in the game’s settings (e.g., “Privacy Settings”) that re-surfaces the CMP . A withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
4.3. To Protect Our Legitimate Interests (Art. 6(1)(f) GDPR)
We process certain data to protect our legitimate interests, provided your interests or fundamental rights do not override them. This includes:
Security and Fraud Prevention: To ensure the security of our Service, enforce our ToS (Section 1.1.3 “Use Limitations”), and detect and prevent fraud or abusive behavior (e.g., cheating).
Non-personalized Advertising: If you do not consent to personalized advertising, we (or our partners) may show you contextual (non-personalized) ads.
Right to Object: You have the right to object to the processing of your data based on our legitimate interests at any time (see Section 8).
(Note: “Analytics and Improvement” has been moved from this section to 4.2 “Consent” to comply with § 25 TTDSG) .
4.4. Based on Legal Obligations (Art. 6(1)(c) GDPR)
We may be required to process data to comply with legal obligations (e.g., commercial or tax laws) or to respond to requests from public authorities.
5. Sharing of Data with Third Parties
We only share your personal data with third parties when necessary for the purposes outlined in this Policy :
Advertising Partners: We share data (esp. advertising IDs, IP address, device data) with our advertising partners, such as Unity (Unity Ads), to enable the delivery of personalized or non-personalized ads.
Analytics Providers: We use partners (e.g., Unity Analytics, Google Firebase) to analyze Service usage and for debugging.
Payment Providers: As mentioned, payments are processed via platforms like the Apple App Store or Google Play Store.
Hosting and Backend Providers: Our servers and databases may be hosted by external service providers (e.g., cloud providers) acting on our behalf (Data Processors).
Public Authorities: If we are legally required to do so or to protect our rights.
6. Data Transfers to Third Countries (Outside the EU/EEA)
Our Service is global, and your personal data may be transferred to and processed by our partners in countries outside the EU/EEA, particularly in the USA. We ensure an adequate level of data protection for these transfers using the following legal mechanisms:
6.1. Transfers to Google LLC (Google Firebase, Google Play)
Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF) . Data transfers to Google in the U.S. are based on the European Commission’s Adequacy Decision (Art. 45 GDPR) for the DPF . No separate Transfer Impact Assessment (TIA) is required for these specific transfers .
6.2. Transfers to Unity Technologies (Unity Ads, Unity Analytics)
Our partner Unity Technologies (San Francisco, CA) is, according to our review of the official DPF list, not certified under the EU-U.S. Data Privacy Framework . Therefore, data transfers to Unity in the U.S. are based on Standard Contractual Clauses (SCCs) issued by the EU Commission (Art. 46 GDPR) . As required by the “Schrems II” ruling of the EU Court of Justice, we also conduct and document a Transfer Impact Assessment (TIA) for these transfers to assess if U.S. law (e.g., FISA 702) impacts the effectiveness of the SCCs and if supplementary measures are needed .
7. Data Storage and Retention Periods
We store your personal data only for as long as necessary to fulfill the purposes for which it was collected.
Account Data: We store your account data as long as your Account is active. As set forth in our ToS (Section 1.2), we reserve the right to terminate any Account that has been inactive for 180 days. In this event, the associated personal data will be deleted or anonymized.
Support Inquiries: Data from support inquiries will be retained for a reasonable period after the inquiry is closed (e.g., 12 months) to handle follow-up questions and will then be deleted.
Legal Retention Periods: Data subject to legal retention periods (e.g., invoicing data under German commercial or tax law) will be retained for the prescribed duration (typically 6 to 10 years).
8. Your Rights as a Data Subject
Under the GDPR, you have comprehensive rights regarding your personal data :
Right of Access (Art. 15 GDPR): You can request information about what data we hold about you.
Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
Right to Erasure (Art. 17 GDPR): You can request the deletion of your data (“Right to be Forgotten”).
Right to Restriction of Processing (Art. 18 GDPR): You can, under certain conditions, request that we restrict the processing of your data.
Right to Data Portability (Art. 20 GDPR): You have the right to receive data that we process automatically based on a contract or your consent in a common, machine-readable format.
Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent (e.g., personalized ads), you can withdraw it at any time.
Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority (e.g., the State Commissioner for Data Protection in Baden-Württemberg).
Right to Object (Art. 21 GDPR) You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (legitimate interest). We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
To exercise your rights, please contact us at: support@ampere-lab.com.
9. Data Security
We take appropriate technical and organizational measures (TOMs) to protect your data from unauthorized access, loss, misuse, or alteration. This includes, for example, data encryption (where appropriate) and access restrictions.
10. Age Restrictions and Children’s Privacy (GDPR & COPPA)
We are committed to protecting the privacy of children. Our Service is not directed to children, and we do not knowingly collect personal information from children. However, as our Service may appeal to a mixed audience, we implement a neutral “Age-Gate” upon first launch of the Service to determine the user’s age. This gate is not designed to encourage users to misrepresent their age.
This age-gate process is geo-targeted to comply with different international regulations.
1. For Users in the European Union (EU/EEA) (GDPR): In accordance with Art. 8 GDPR, the age of digital consent in Germany is 16 years old. If a user in this region identifies as being under 16 years of age, we will not process their personal data for consent-based purposes. We will disable personalized advertising (Unity Ads) and analytics (Firebase/Unity Analytics) for that user and apply technical measures (such as Google’s “Tag for Under Age of Consent” (TFUA)) to communicate this status to our advertising partners.
2. For Users in the United States (USA) (COPPA): We comply with the Children’s Online Privacy Protection Act (COPPA), which protects children under 13 years of age. If a user in the U.S. identifies as being under 13, we will not collect, use, or disclose their personal information except as permitted by COPPA.
This means for any user identified as under 13 in the U.S.:
We will immediately disable all personalized (behavioral) advertising and analytics.
We will only permit contextual advertising and data collection strictly necessary for the “internal operations” of the Service (e.g., to maintain the game, debug, or perform analytics that are not user-profiling).
We will apply the necessary technical signals (such as TagForChildDirectedTreatment or an equivalent COPPA-signal from Unity) to our advertising partners (like Unity) to ensure they treat this user as a child under COPPA.
This “mixed audience” approach ensures that users under 13 in the U.S. are not served personalized ads, and their persistent personal identifiers (like Advertising IDs) are not collected or used in violation of COPPA.
11. Your California Privacy Rights (CCPA/CPRA)
If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Your Rights You have the following rights regarding your personal information:
Right to Know: The right to know what personal information we have collected about you, including the categories of information, the sources from which it was collected, the purpose for collection, and the categories of third parties to whom we disclose it.
Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions.
Right to Correct: The right to request the correction of inaccurate personal information we hold about you.
Right to Limit Use: The right to limit the use and disclosure of “Sensitive Personal Information” (if we collect any).
Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights.
Do Not Sell or Share My Personal Information The CCPA’s definitions of “Sell” and “Share” are very broad. We do not “Sell” your personal information in the traditional sense (i.e., for money). However, our use of third-party advertising services, such as Unity Ads, may be considered “Sharing” or “Selling” under the CCPA’s definition. This is because these services use personal identifiers (like your Advertising ID) to provide “cross-context behavioral advertising” (i.e., personalized ads).
As a California resident, you have the right to opt-out of this “Sharing” or “Selling” of your personal information.
To exercise your right to opt-out, you must send a request via email to support@ampere-lab.com. Please use a clear subject line, such as “CCPA Opt-Out Request,” so we can process your request.
Minors (CCPA) We do not “Sell” or “Share” the personal information of users we have actual knowledge are under 16 years of age.
How to Exercise Your Rights To exercise your Right to Know, Delete, or Correct, please contact us at support@ampere-lab.com. We will verify your request as required by law before processing.
12. Specific Notices on Third-Party Providers
Unity (Ads & Analytics) We use services from Unity Technologies (Unity Technologies ApS, Denmark, and its affiliates).
Unity Ads: Used to display advertising in the game (see Section 4.2).
Unity Analytics: Used to analyze game behavior and improve the Service (see Section 4.2).
Unity is an independent controller for the data it collects via its SDKs. For more information, please see Unity’s Privacy Policy: https://unity.com/legal/privacy-policy
Google (Firebase, Google Play Store) We use various services from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and for users outside the EEA/Switzerland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
Google Play Store: As mentioned in Sections 3.1 and 5, payments are processed by third-party providers such as the Google Play Store. We do not receive direct payment data.
Google Firebase: We may use Google Firebase for functionalities such as analytics and crash reporting. ****** This processing is based on your consent (Art. 6(1)(a) GDPR and § 25 TTDSG), as described in Section 4.2. ******
For these services, Google acts partly as our data processor and partly as an independent controller. Data transfers are covered by the EU-U.S. DPF (see Section 6.1). Further information on how Google processes data can be found directly in Google’s Privacy Policy: https://policies.google.com/privacy
13. Changes to this Privacy Policy
We reserve the right to change this Policy at any time to adapt it to new legal requirements or changes in our Service. The current version is always available on our website and in the Service. We encourage you to review the Policy regularly.