Under Article 4 of the General Data Protection Regulation ("GDPR"), we use the "personal data" term.
In case you want to get information how to opt-out of Web analytics see the “Objection right” section below:
About Our Company
COIN-CARNIVAL Social Casino is fun based social casino. You can contact us with email [email protected]
What personal information do we gather?
We require personal information from you when you create an account on our website. We collect the following data aspects:
- Data for creating an account, for example, email address, password;
- Data of customization, such as avatar, name on display;
- Your preferences, such as the subscription for our newsletter;
- Personal identification information, such as the date of birth, address, gender;
- Game progress details, such as your quest status, your number of in-game currency, level;
- Online behavior data, such as clicks, gameplay, logins;
- Individual payments details, for instance, for buying in-game currency using our shop;
- Location data, such as language, origin country;
- Affiliate information, such as blogs, ads you clicked on to find our website.
Why and on what legal basis do we process this data is clarified in the section of What do we store your data for?
Sensitivity of Data
We do not deliberately collect any sensitive data from you, such as political views, racial or ethnic origin, health status. We cannot check all the time what information you put into messages that you share through our platform. We struggle to protect any privacy implied by transfer while we cannot differentiate a particularly sensitive message from any other form of message you want to write. We would like to inform you that no additional protection is provided to these sensitive messages.
Data from kids
We don't collect any information from kids. To play our games you must be at least 18 years old.
What do we store your data for?
We use the personal details of the user only in accordance with the applicable and necessary data protection regulations. This means that a user’s data shall only be operated on the basis of his/her legal permission for us to do so. Notably, when data operating is demanded to provide our online agreed services, or required by law, we are in control of the agreement of the user, and when it is collected for the safety of our rightfully legal interests (such as analysis interest, to make the best effectiveness and economic process and safety of our online item, especially with consideration to range measurement, the registration of accounts for marketing and advertisement purposes, as well as the collection of access details and the use of the services of third-party providers).
It is considered appropriate to state that Article 6(1)(a) and Article 7 of the GDPR serve as the legal basis for consent, Article 6(1)(b) of the GDPR serves as the legal basis for the execution of contractual measures and the provision of services, Article 6(1)(c) of the GDPR serves as the legal basis for processing in order to accomplish our legal obligations and Article 6(1)(f) of the GDPR serves as the legal basis for processing to safeguard legal interests.
Enabling gameplay process
Without certain data, our game platform cannot operate. We need to be able to discriminate you effectively from other users of our website by asking you to register an account so that you can make some noticeable progress in your game zone. When logging in, we compare your login credential against the data we have in the file and provide your game progress and configuration data.
Certain aspects of your progress (for example, your avatar, display name) are made available in our game zone (for example, to broadcast some victories, or in-game leaderboards). You are able to change your nickname and your avatar whenever you want.
In addition, your language and country are used to keep you localized in our website - so we'll try to serve you in your language and our in-game shop will be in your local currency.
Payments and invoices
When purchasing in-game currency from our in-game store, your interaction will usually be with third-party payment processors. In any case, if payment has been successful, we will obtain this information as a digital invoice that we hold in order to maintain legal specifications, keep it in the event of legal disputes, and optimize our website. (legal interest; Article 6.1.f GDPR)
Such invoices contain information about the item you purchased, what method you used to pay with and how much you paid for the item. We do not keep information that could be used to make a payment on your behalf unless you have given us a certain permission to make your payment process much more simple.
(legal interest; Article 6.1.f GDPR)
To keep our players up to date with current events, we give our players the opportunity to subscribe to our newsletter.
We also submit ads for other COIN-CARNIVAL goods that COIN-CARNIVAL Social Casino Games runs and operates. You can easily unsubscribe at any time, either by pressing the unsubscribe button in our newsletters or by adjusting your email preferences.
Security and fraud prevention
(legal interest; Article 6.1.f GDPR)
In order to enhance the security of our website and to avoid fraud, we keep data such as your device details and IP address when you sign up and interact with our website.
Your IP address and device information details are stored and logged to allow for juridical investigation and abuse of data protection. Your IP address information is also processed automatically by our network devices – this infrastructure is necessary to help our website, but also to prevent access to IP addresses known to be used by malicious users.
Due to the complexity of this problem, we can not recommend a way of preventing this processing, as that would negate its purpose (and in some situations an opt-out is not technically feasible – for example, we can not remove your IP address from our network devices being processed).
If you oppose to this operation, we kindly ask you not to use our website.
Website optimization and campaign
(Legal interest; Article 6.1.f GDPR)
In order to optimize our website and marketing strategies, we follow information about your needs and your expectations. These data are pseudonymized and kept separated from the details of your account. Although collected on a personal basis, these data are only available to workers who need to deal with these data and are reported in aggregate only.
In the context of campaign optimization, we share some of these datasets with third party trackers by embedding a tracking pixel on our webpage.
Please visit the Web and App Analytics section for more information about these trackers and how you can opt-out of them.
Is the sharing of your personal information with COIN-CARNIVAL Social Casino required?
There are some data which we request from you:
Data required to perform our contractual duties and related services
The data that you obviously make available: personal identification details (where it is applicable). Access management data, your preferences data (opt-in or opt-out).
Data you provide by browsing our webpage: Data about progress on your game, Network data.
Data that we are legitimately required to store
Data you submit by purchasing: Personal payments data in our games.
Data required for protection
Data you give by visiting our website: Network data, Device data We can not provide our services to you without these personal details.
In any specific automated decision-making process, we will not use your personal details that would have legal or otherwise serious effects on you.
Any effect on our game platform is limited to automated decisions based on your personal data. For example, we can use your purchase details (periodicity and amount) to give you in-game automatic and customizable discounts.
Data storage duration
We keep the data which we store for legal purposes as long as we are legally allowed (up to 10 years).
We keep the data that we carry as long as legally permissible in the context of legal disputes. This can be no more than 30 years.
For logs that store network data, we delete the data at regular intervals – the exact period varies depending on the configuration rules (which can prune logs by size, rather than a set time period), if the data was part of a snapshot that landed in a backup, and if the logs are part of log sets that are periodically forwarded to a central log repository which do not exceed 2 years.
Data storing and sharing
Your personal data within COIN-CARNIVAL Social Casino
Your personal information is processed only by the people important for us to obey our legitimate interests, or to follow our legal or contractual obligations.
User’s personal information outside of COIN-CARNIVAL Social Casino
We share your information only where it is legally permitted to do so, either when you are required to conclude agreements with us (Article 6.1.b GDPR) or based on a legitimate interest (Article 6.1.f GDPR).
We can share your personal information only if you gave us permission to do so in an aggregate or anonymous form (preventing data from being related to other data that you might have received elsewhere) or if you have agreed with providers to process your data carefully.
In the following types, we share data with providers:
- Distribution of content and hosting providers. Although these do not have direct access to our networks, they have a network infrastructure that will eventually use the IP address to convey our assets.
- Payment processors. When you make a payment through a payment processor, we will get the invoice details from the providers. Any payment details that are currently needed to make a payment on your behalf will only be provided by payment providers, not by us.
- Debt information. When you cancel your payment, we can share with the debt collectors the details available to us so that they may contact you on our behalf.
- Email marketing services. We can share your display name, email address, location information, and whether or not you have already subscribed to our newsletter with our email marketing service providers, so that they can send on-topic emails to you.
- Single providers of sign-on services. These are only important if you play our games through their websites or directly select one-sign choices, in which case our access to them enables you to sign up for our game platform. When you change your mind about using these, providers usually provide a way to disconnect your single sign from our account website (with canceling our access to your metadata); please refer to the provider's documentation for more information.
- Business intelligence. We use services to help us by sifting through our own tracking data.
- Game developers. They create our casino games and maintain them for us. Since these applications are typically autonomous and can be easily integrated into our website's "plug-and-play" design, we'll share very little details about you with these providers — your IP address, display name, device information, and the amount of in-game currency you possess.
- Crash report. Our mobile games have features for reporting crashes. Reports of the crash include only nameless data. Nonetheless, you can cancel this in the application settings.
- Address verification. Before we submit prizes to a physical address, we first check that the address is correct by allowing the address verification service to be processed.
- Geolocation. We receive data from geolocation services about the approximate geographical location of IP addresses. (We do not share data with these providers, we are the only users of that information.)
- Support ticket system. For us, we use an external supplier to manage our ticketing support system. This provider will store every support ticket that you contact us via official channels.
- Video streaming. We use video streaming services in the cases to show advertisements to you. These services record your reaction to these videos.
The providers we use are either within the European Union, in a country that is formally considered safe by the European Union's data privacy standards or contractually bound to treat your data with extreme care. Whenever the system allows, we pseudonymise or anonymize your data.
Despite any circumstance, we do not sell the data to third parties.
Your rights regarding users
COIN-CARNIVAL is a company based in the European Union. We are committed to following the General Data Protection Regulation (GDPR). It gives you several intrinsic rights to your personal information.
You've got the right to do that ...
- send a complaint with a supervisory authority (Article 77 GDPR);
- demand for the correction of your personal data (Article 16 GDPR);
- demand limitation of the processing of your personal data (Article 18 GDPR);
- demand access to your personal data (Article 15 GDPR) in a portative format (Article 20 GDPR);
- withdraw consent of your processing of data, when we do this in compliance with a legal interest (Article 7.3 and Article 21 GDPR);
- demand for the deletion of your personal data (Article 17 GDPR).
In your account settings, you can easily delete your data. For any other requests, please contact us by email or by using the help widget on our website. ( [email protected]) If you contact us using a means other than help widget, please understand that we will need to ask you to verify your identity – in the end, you would not want an accidental stranger to have access to your details, and neither do we.
Please notice that, it can take us up to a month to complete your submission. If there is a delay, we will, of course, let you know.
Additional legislative information can be found in Articles 7.3, 15 – 21 and 77 of the GDPR.
Personal data correcting, accessing and erasing right
(Articles 15, 16, 17 and 20 GDPR)
You may request information at any time as to whether or not your personal data is being processed by COIN-CARNIVAL, the conditions for such processing, and to obtain a copy of your personal information. For more details, you can ask information about:
- purposes for which the data is processed;
- the types of personal data that are processed;
- the groups of receivers with whom the data has been shared;
- the estimated period of storage;
- your rights about this data (correction, limitation, erasure, withdrawal of consent, and submission a complaint with the supervisory authority);
- source of data in cases where we have not received it from your direct interactions with us;
- And the essence of any automated decision-making, including profiling, based on this data and your rights to request purposeful information on the algorithms involved.
If you send this request electronically, the information will be given in a widely used electronic form. If you submit this request a few times, COIN-CARNIVAL will ask you to make a payment to cover the administrative costs.
You do have the right to inform us to correct any personal data that is inaccurate. Ultimately, you are entitled to ask us to delete your personal data if there are no legitimate grounds for us to maintain it (such as legal requirements, freedom of expressing, public interest or, if required as proof of legal disputes) and one of the following reasons is as follows:
- Your personal details are no longer sufficient for the purposes for which they have been processed or acquired;
- you want to revoke the consent on which the processing was based because there is no other justifiable reason for such processing;
- your personal information has been the object of illegitimate processing;
- your personal information should be removed based on a legal obligation.
When we remove data that we have exchanged with third parties, we will also contact third parties to ensure that the data is erased there as well.
Once we delete the data that we have made available in the process of supplying our services to you, we will contact, as far as possible, any third-party providers who might have stored this information to forward your request to them.
Right to limit the processing of personal data
(Article 18 GDPR)
You can demand your right to restrict the processing of your personal data when:
- you disprove the accuracy of your personal information during the time required to confirm the correctness of those data;
- the processing of your personal data is illegal, but you are opposed to the deletion of your personal data and instead claim a processing restriction.;
- when your personal data is no longer needed, except to establish, practice or defend legal claims, you need those personal data.
Right of personal data portability
(Article 20 GDPR)
You have the right to obtain personal information that you have sent to us in a structured, commonly used and machine-readable format, and to transmit these data from COIN-CARNIVAL to another controller without hindrance.
Whenever this is technically feasible, you can require that your personal data be transmitted directly to other data controllers by COIN-CARNIVAl.
Right of consent revoking
(Article 7.3 and 21 GDPR)
We will only process your personal information with your permission if otherwise processing of data is required. (see section Is the sharing of your personal information with COIN-CARNIVAL Social Casino required?).
You can revoke your consent at any time if you have a registered account with us by adjusting the settings associated with your account (or you can delete your account if you want). If you do not have an account with us, please visit the Web and App Analytics section for the opt-out means for other data collection.
Please consider that a revocation of your agreement does not affect the legality of the pre-revocation procedures.
The right to make a complaint with your supervisory authority
(Article 77 GDPR)
If you believe your rights have not been respected despite our attempts to protect the privacy of your personal data, you have the right to make a complaint with your country's national data protection authority.
Dissent against the processing of your data for direct marketing
When you create an account with us you have the option to subscribe to our newsletter. You can opt-out of our newsletter whenever you need by using the unsubscribe links given in your account settings or in your email footers.
Web and App Analytics
In order to develop our apps and website, fix errors, improve the website and our programs used to promote it, we keep pseudonymized data about the behavior of our users on our website and use a variety of tracking services to assist us (based on Article 6.1.f GDPR).
Such services either use device IDs (mobile) or device cookies (desktop) to suit the behavioral data they collect (for example, how high a percentage of users who visited our site had an account with us or to tell us how long the average period of time user spent on our site).
Data exchanged could be information about when you registered an account with us, where you came from (which banner you clicked on or on which gaming website you play our games), your device settings (e.g. model, operating system), your user ID in our games, page experiences (site ID and time) or payments you make to us.
Trackers use these data either to create estimated behavioral profiles of you (allowing them to offer better marketing targeting to users of their services) or to allow us to pay users rather than impressions (performance marketing) or to pay for our campaigns through registration events.
If you oppose the use of pseudonymized processing of your data, your opt-out is as follows:
for tracking to end-points regulated by us: https://coin-carnival.com/ In order the opt-out process to work, your browser might need to accept cookies.
for tracking to end-points regulated by us, please refer to the application settings itself. We use Firebase Crashlytics (a Google product) to report errors, and you can also use the settings to opt-out of reporting errors functionality.
Since you can also cooperate with other trackers that we use on other people's websites, it is possible that opting out of the trackers on a single website does not do what you expect. To develop your option to opt out of tracking services effectively, this section provides an overview of all trackers that we use and where you can opt-out of them.
Opt-out options for certain tracking services can also be found on http://youronlinechoices.eu, which offers a central and unified option for you to opt-out from a variety of tracking services. This website will also help if you want to search the online choices for other providers that we do not use.
Except as mentioned (be it here or on the opt-out pages of our tracking partners), cookies will need to be approved by your browser for the opt-out process.
Adality is based in Germany, and offers an opt-out on https://adality.de/privacy.html.
AdCell is based in Germany, and offers an opt-out on https://www.adcell.de/datenschutz (German).
AppNexus is based in the US, and it is committed to the Privacy Shield Framework, it offers an opt-out on https://www.appnexus.com/en/company/platform-privacy-policy#choices.
AppsFlyer (for Mobile)
Bing is based in the US, who is run by Microsoft, and it is committed to the Privacy Shield Framework, it offers an opt-out on https://account.microsoft.com/privacy/ad-settings/signedout.
Crimtan is based in the UK, it offers an opt-out on https://crimtan.com/cookie-opt-out/.
Dynamic Yield is based in the US, and it is committed to the Privacy Shield Framework, it offers an opt-out on https://www.dynamicyield.com/privacy-policy/ (in the section 'Accessing and Modifying Information and Communication Preferences').
Flashtalking is based in the US, and it is committed to the standards imposed by the GDPR , it offers an opt-out on http://www.flashtalking.com/privacypolicy/ (in the section 'Opting out of Interest-Based Advertising').
Google is based in the US, and it is committed to the Privacy Shield Framework.
Google Ads (a/k/a Google Remarketing) and AdMob
Google offers AdMob and Google Ads opt-out instructions on https://adssettings.google.com/authenticated.
Google offers instructions of opt-out for Google Analytics on https://tools.google.com/dlpage/gaoptout.
When it is sent to Google Analytics, your IP address will be masked. For more details, see https://www.google.com/analytics/terms/.
InfoOnline is based in Germany, it offers an opt-out on https://optout.ioam.de/optout.php (German).
ÖWA is based in Austria, it offers an opt-out on https://optout-at.iocnt.net/ (German).
Outbrain is based both in the US and in the UK, has GDPR contract articles between their US and UK branches, and it offers an opt-out on https://www.outbrain.com/legal/privacy#advertising_behavioral_targeting.
Plista is based in Germany, it offers an opt-out instruction on https://www.plista.com/about/opt-out/ (in the section 'Set opt-out').
Seznam.cz is based in the Czech Republic, it offers an opt-out instruction on http://www.imedia.cz/ (Czech).
Simplaex is based in Germany, it offers an immediate opt-out link on https://tracker.simplaex.net/v1/opt-out.
Taboola is based in the US, and it is committed to the principles of the European Interactive Digital Advertising Alliance, it offers an opt-out instruction on https://www.taboola.com/privacy-policy#optout.
The Trade Desk
TradeLab is based in France, it offers an opt-out instruction on http://tradelab.com/en/privacy/ (in the section 'Should You No Longer Wish To See These Personalized Ads').
United Internet is based in Germany, it offers an opt-out instruction on https://www.united-internet-media.de/de/services/optin-optout/ (in the section 'Cookie-Verwaltung'; German).
Voluum is based in Poland, which is being run by Codewise, it offers an opt-out instruction on https://voluum.com/end-user-privacy-policy/ (in the section “Opt-out”).
We use the comprehensive SSL (Secure Socket Layer) encryption method to deliver our site securely when you visit it, along with the highest level of encryption provided by your browser.
You can inform when any single page on our website is transmitted in encoded form by the closed presentation of the lock (or key) sign in the status bar of your browser.
We also take the appropriate organizational and technological security steps to protect your data against damage, total or partial loss, deliberate or accidental manipulation or unauthorized access by third parties. Our safety measures are continuously developed in compliance with technological innovations.
If you have any complaints or questions about privacy, please contact us at: