Privacy Policy

Bytro respects your right to control your privacy. We have put in place security measures for your personal data and manage your personal data in accordance with applicable data protection and data privacy regulations. This Privacy Policy explains how we handle and treat your data when you (i) register or visit our site, www.bytro.com or associated sites or pages (the ”Website”), (ii) use our Services, Games and their associated products, or (iii) engage or communicate with us. It also provides information about your rights relating to your Personal Data.

Throughout this Privacy Policy the following terms have the following meanings:

”Data Privacy Laws” means applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (2016/679) (the ”GDPR”).

“Processing” and “Process” means all activities involving your Personal Data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information.

“Services“ means our games, applications and other products, the Website, email communications, social media accounts and any related services or properties we control.

“Personal Data” means Personal Data that relates to you as an identified or identifiable individual.

All capitalised terms not specifically defined herein shall have the meaning ascribed to such terms in the GDPR.

While operating the Services, Personal Data will be shared with partners we work with. Some of these partners are Controllers independently of us and, therefore, independently determine how and why they process your data. For more information on these partners and the ways in which they may process your data, please refer to section 4 of this Privacy Policy. Under certain circumstances we will transfer your Personal Data to countries outside the European Economic Area. Such transfers will be done in accordance with section 5 of this Privacy Policy.

Our Services are not directed to children, and we do not knowingly collect Personal Data from children under 16 years of age.

1. Who we are

Controller

The Controller responsible for your Personal Data for the purposes of the GDPR is:

Bytro Labs GmbH

Zirkusweg 2, 20359 Hamburg

[email protected]

www.bytro.com

here in after referred to as the “Company”, ”we”, ”us” or “our”.

The principles set out in this Privacy Policy apply to all instances in which the Company processes your personal data as a Controller for the purposes described in this Privacy Policy. The Company is part of the Stillfront Group, a global group of gaming studios with its parent company, Stillfront Group AB (publ), incorporated in Sweden and listed on Nasdaq Stockholm.

Data protection Officer

The data protection officer of the Controller for the purposes of the GDPR is:

Name: Peter Birgersson, Deloitte AB

Contact details: [email protected]

2. What information do we collect from you?

As a rule, we only collect personal data that you share when making use of the Services while logging in or registering and when utilising fee-based Services, as needed. Personal data means data relates to you as an identified or identifiable individual that includes information on personal or factual circumstances. Below are examples of the personal data we collect:

Source	The information collected includes the following data
Information you provide voluntarily when using our Services.	Your name, contact information, email address, or other contact information communicated to us, Your related account information such as user name, password, email-address and userID. All passwords are stored in an encrypted format.
Any Personal Data provided in and through communication channels available in our Services.
If you have subscribed to our communications, your content preferences, language, contact information or other information you submit to us.
Payment information when making a purchase such as chosen fee-based Services
If you participate in our surveys or other research, any comments, answers, feedback, responses, or other information you provide to us when doing so.
Any other information you choose to submit to us through our Services or otherwise.
Directly from you and/or your device by automatic means. For more information on how we use cookies or other information accessed and stored on your device see our Cookie Policy	Your device and browser: Certain information is collected by most browsers or automatically through your device, such as your device type, model, manufacturer, operating system, language, display, processor, the Internet browser type you are using your IP address (including your coarse location).
Your use of our Services: We track and collect usage data, such as the date and time you access our Services, access status, duration of use of our Services, the site you visited, the information and files that have been downloaded. We collect your device id, cookies, and clicks during your usage of the Services.
Crash logs or other information related to bugs, errors, or other issues in our Services.
Inferences we make based on your activity in our Services.

Source

The information collected includes the following data

Information you provide voluntarily when using our Services.

Your name, contact information, email address, or other contact information communicated to us,
Your related account information such as user name, password, email-address and userID. All passwords are stored in an encrypted format.

Any Personal Data provided in and through communication channels available in our Services.

If you have subscribed to our communications, your content preferences, language, contact information or other information you submit to us.

Payment information when making a purchase such as chosen fee-based Services

If you participate in our surveys or other research, any comments, answers, feedback, responses, or other information you provide to us when doing so.

Any other information you choose to submit to us through our Services or otherwise.

Directly from you and/or your device by automatic means.
For more information on how we use cookies or other information accessed and stored on your device see our Cookie Policy

Your device and browser: Certain information is collected by most browsers or automatically through your device, such as your device type, model, manufacturer, operating system, language, display, processor, the Internet browser type you are using your IP address (including your coarse location).

Your use of our Services: We track and collect usage data, such as the date and time you access our Services, access status, duration of use of our Services, the site you visited, the information and files that have been downloaded.
We collect your device id, cookies, and clicks during your usage of the Services.

Crash logs or other information related to bugs, errors, or other issues in our Services.

Inferences we make based on your activity in our Services.

Your interests worthy of protection are considered in pursuance with statutory data protection regulations. In the event of a default in payment, we hereby reserve the right to commission a collection agency or an attorney to collect the payment due, as needed, and to provide the necessary data within this context.

We treat all of this data in a confidential manner and in consideration of statutory data protection regulations.

We do not expect or intend to collect or otherwise process any special categories of data relating to you. By special categories of data, we mean genetic, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or information about your criminal offences or convictions. Please do not provide this kind of information to us or use the Services to make it available to others.

3. How do we use your Personal Data?

We use your Personal Data for different purposes. We will for example use the Personal Data to provide you with the Services you have requested, to improve and develop our Services, to predict user trends, to make recommendations and marketing activities based on your usage and to customise our Services to you, these include some examples as the following processing activities:

Lawful basis	Purpose of the processing
Processing is necessary to perform our contract with you in respect of our Services.	to enable you to use our Services (to account for data security, to ensure technical uptime and stability as well as operational security of our system) in order to communicate with you and to take care about your requests (including processing tasks related to those)
Performance of a contract	to process payments you make and according accounting
Based on the contract to provide you with a safe and optimal gaming environment	We process your personal data to provide you with a safe and optimal gaming environment and to enforce our Terms and Conditions, this may involve sharing data with authorities or stakeholders when we deem it necessary.
Based on our legitimate interest to safeguard our Services	in order to monitor our cloud infrastructure, alerting us on issues We may provide your personal data submitted through the use of our Services to law enforcement in the event of a criminal in which we see the need to assist
Based on our legitimate interest to optimise our Services	in order to communicate with you and to take care about your requests (including processing tasks related to those) Analyse and make inferences based on usage of the history such as in-game purchases, game formats, connecting history and other relevant in-game usage of the service for the purpose of optimisation and to provide you with a customizable and interest based experience of our Services.
Based on your consent in our Services	to measure the effectiveness of the marketing email campaigns To provide you with interest based advertising. To send you direct newsletters. Tracking and targeting of marketing campaigns
Based on our legitimate interest to prevent policy misuse	we process your data to prevent forum policy violations and spamming
Based on our legitimate interest to moderate customer communication	we process your data to facilitate the alignment and enforce of moderational practices
Based on our legitimate interest to prevent cheating and fraud in our Services and games	The data provided by you through the use of our payment methods to prove its legality and verify your identity and the payment. We use logs and analytics to make inferences based on your use of our Services for the purpose of preventing violations of our Terms of Service or other governing documents. The data provided by your device through automatically collected means is used to identify and provide solutions against cheating, abuse and fraud.
Based on our Legitimate interest to market our services and attract new users.	Account information and device information such as email address and Device ID is used to market our and affiliated services that we believe might interest you. Account information and device information is used to conduct marketing campaigns for our and affiliated services. Information collected and submitted to us is used to operate, optimize and measure the effectiveness of our marketing campaigns. We process your account information to provide you with updates and changes happening in our games.
Based on our legal obligations	We process your data to comply with our legal obligations relating to your exercise of your rights as outlined in this document or under data protection law. Data automatically collected or provided by you may be processed in accordance with commercial regulations applicable to us. We may provide your personal data submitted through the use of our Services to law enforcement in the unlikely event of a criminal obligation in which we are obligated to assist. Your personal data may also be processed and transmitted to relevant authorities in connection with the prevention and detection of a crime where the controller has reasonable grounds to suspect you are in breach of applicable law. These authorities will then investigate in accordance with their procedures and will act as the controller. We process your data to comply with our legal obligations in regards to purchases and payments made for goods or services that we offer.

In addition, we may process your data for additional purposes which are compatible with any of the purposes listed above.

4. Who we share your information with

Your personal data may (for the purposes described in this Privacy Policy) be transferred or disclosed to third parties, for the processing of that personal data on our behalf, such as to:

Other companies in the Stillfront Group will receive access to all available Personal Data, where they help us develop or operate our Services or provide other Services. For information on the entities within Stillfront Group, see the most recent annual report published on https://www.stillfront.com/en/reports-presentations , as updated from time to time.
For analytical purposes, we collect and make inferences based on generated data such as your recent visits to our Services and how you move around different sections, in order to make our Services more intuitive and evaluate user needs and preferences. This data will be shared with a limited group of employees in the Stillfront Group.
Persons or companies that provide Services to us and process data on our behalf when providing those Services (for example, Services that help us develop and operate our Services and professional advisors).
Third parties to whom we outsource certain Services such as, without limitation, document processing and translation services, marketing partnerings, confidential waste disposal, IT systems or software providers, IT Support service providers, documents, and information storage providers. For more information on our processors and third party partners please either contact as at [email protected]
Competent courts of law or other government authorities where we believe disclosure is necessary as a matter of applicable law or regulation.
Any person or entity where we believe disclosure is necessary to exercise, establish or defend our legal rights or to protect your or another person’s vital interests.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.

Where required by law, your personal data may be disclosed to an applicable governmental, regulatory, sporting or enforcement authority. Your personal data may also be disclosed to any regulatory body in connection with prevention and detection of crime and where we consider that there are reasonable grounds to suspect that you may be involved in a breach of the law. Those bodies may then use your personal data to investigate and act on any such breaches in accordance with their procedures

When Personal Data is shared with our business partners, processors, group affiliates or other trusted entities stated above, we always require them to only use information in accordance with our instructions.

5. Appropriate Safeguards to countries outside the EU/EEA-area

In connection with the processing activities described in this Privacy Policy, your data may be transferred to and/or processed in countries outside of the European Union (“EU”) and the European Economic Area (“EEA”) such as the United States. . When we transfer personal data outside the EU/EEA, we will ensure that Standard Contractual Clauses have been entered into between the transferring entity and the receiving external party. Alternatively, other safeguards will be put in place prior to such transfers. You are under Data Privacy Laws (means applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (2016/679)) upon request entitled to receive a copy of any documentation demonstrating that appropriate safeguards have been taken in order to protect your personal data during a transfer outside the EU/EEA. You can do so by reaching out to our Data Protection responsible via email [email protected]

6. How long do we keep hold of your information?

We will retain your information only for as long as is necessary for the purposes set out in this Privacy Policy. We are using the following criteria to establish our retention period: (i) as long as we have an ongoing relationship with you; (ii) as required by legal obligations to which the Company is subject (such as tax and accounting obligations); and (iii) as advisable in light of our legal position (such as applicable statutes of limitations).

7. Security

We endeavour to take reasonable precautions in order to prevent unauthorised access to your personal data as well as unauthorised use or falsification of this data and to minimise the associated risks. Nevertheless, providing personal data, whether in person, on the telephone, or via the internet, is always associated with risks and no technical system is completely free of the possibility of manipulation or sabotage. We process the data collected from you in accordance with German and European data protection law. All employees are required to protect data privacy and comply with data protection regulation, and are trained accordingly. For payment purposes, your data is transmitted using encrypted SSL processes.

8. Your rights

Providing data to us is not mandatory. However, we are unable to provide the Services, or some parts or features of the Services, without processing your data. If you use our Services, we will collect data relating to you for some or all the purposes described in this Privacy Policy, depending on the Services you decide to use and your choices when using them. You have a number of options to limit or control the extent to which your data is processed. For example, you can choose to not connect your third-party accounts with our Services, use your device settings to reset or limit the use of your Advertising ID, or disable some or all cookies from your browser settings.

In relation to our processing of your Personal Data you have, under certain circumstances, the right to exercise the following rights:

Access
You may request confirmation whether or not Personal Data is processed and, if that is the case, access to your Personal Data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the Personal Data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.

Object to certain processing
You may object to the processing of your Personal Data on the basis of a legitimate interest, on grounds relating to your particular situation and to the processing for direct marketing purposes.

Rectification
You have at any time the right to have inaccurate Personal Data rectified, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed.

Erasure
You may have your Personal Data erased under certain circumstances such as when your Personal Data is no longer needed for the purposes for which it was collected. We offer the option to independently delete or correct your own personal data in game. If you are logged in to your account, you can delete your personal data in the settings of your user account.

Restriction of processing
You may ask us to restrict the processing of your Personal Data to only comprise storage of your Personal Data under certain circumstances, such as when the processing is unlawful, but you do not wish your Personal Data erased.

Withdrawal of consent
You have the right to at any time withdraw your consent to processing of Personal Data to the extent the processing is based on your consent. This does not affect the lawfulness of processing based on consent before its withdrawal.

Data Portability
You may ask to receive a machine-readable copy of Personal Data processed and ask for the information to be transferred to another Controller (where possible). This only refers to such Personal Data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you and only to the extent the Personal Data has been provided to the Company by you (data portability).

Complaints to the supervisory authority
You have the right to lodge complaints pertaining to the processing of your Personal Data to the relevant data protection supervisory authority.

9. Changes to the terms of this Privacy Policy

We may update this Privacy Policy from time to time, for example due to changes in our operations or the legal obligations that apply to us. Updates will be made available here. We will also inform you of any changes by other means as appropriate to the significance of the changes.