The protection of your data is our top priority. The collection as well as the processing of your personal data is therefore carried out in strict compliance with applicable regulations. The privacy policy described in detail below applies to the use of SPL Fantasy - on our website www.spl-fantasy.app as well as the apps for iOS and Android. In the following, these are referred to as “offers”.

RESPONSIBLE

Responsible for the collection, processing and use of your personal data is Saudi Pro League. This is represented by NAMEHERE. You can contact us at any time at support@spl-fantasy.app.

If you wish to object to the collection, processing or use of your personal data by Saudi Pro League in whole or in part, you can address your objection to the person responsible.

GENERAL PURPOSES OF DATA PROCESSING

Your personal data will be used by us for the purpose of operating our offers. It is not necessary to provide an email address to use our Offerings.

However, you can upload a profile photo in the apps for iOS and Android, whereby our apps access the library data of your mobile device. However, permission is requested for this by default. The image files of your mobile device - with the exception of the selected profile photo - are not stored or processed in any other form by Saudi Pro League. Your profile photo is visible in the apps for all members of your group, but also only for them.

CONCRETE USE OF DATA

Access data

We collect information about you when you use our offers. Your accesses generate so-called “access logs”, as small text files, with the following data:

  • URL of the retrieved data
  • date and time of the retrieval
  • amount of data transferred
  • Message about successful retrieval (HTTP response code)
  • IP address

This data is not evaluated automatically and is used solely to ensure the proper operation of the platform.

You can read detailed information here. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-log-entry-syntax

Hosting

We use a hosting service provider for our offers. The services used by this service provider serve to ensure the provision of: Infrastructure and platform services, computing capacity, storage space, database services, security services and technical maintenance services. Explicitly not processed by the hosting service provider of our offers are: Inventory and contract data, contact data, content data, usage data, so-called metadata and communication data of users of our offers.

Cookies

We do not use cookies in our apps. However, the apps generate a unique ID for each mobile device. This is used exclusively to load the correct game state for the device. If you have activated the “GameCenter” application as a user, we also store your so-called “GameCenter ID” for the game score.

Google Tag Manager

The Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of the users in the process. With regard to the processing of users’ personal data, we refer to the following information on Google services.

Usage guidelines: https://marketingplatform.google.com/intl/en/about/analytics/tag-manager/use-policy/

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by selecting the appropriate settings on their browser software and prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?

For more information on data usage by Google, setting and objection options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) as well as the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

The personal data of the users will be deleted or anonymized after 14 months.

Facebook SDK

The SPL Fantasy app uses the Facebook SDK. The Facebook SDK logs the following information:

  • Explicit events - information from events that are tracked because the advertiser has specifically configured their app to do so, such as “AddtoCart” or “logPurchase”, as well as additional parameters provided by the app.
  • Implied Events - Information from events that are implicitly logged when an advertiser uses other features of the Facebook SDK, such as integration with Facebook Login or the “Like” button.
  • Automatically logged events - Basic interactions in the app (e.g. app installs, app launches) and system events (e.g. SDK loading, SDK performance) that are automatically logged.
  • Facebook App ID - A unique ID assigned by Facebook to the advertiser’s website and mobile app.
  • Mobile ad ID - the iOS IDFA or Android ad ID.
  • Metadata from the request - mobile OS type and version, SDK version, app name, app version, device opt-out setting, user agent string, and client IP address. The SDK also collects the following device metrics: Time zone, device operating system, device model, vendor, screen size, processor cores, total memory, free space.

Data for the fulfillment of our contractual obligations

We process data that is necessary for the fulfillment of our contractual obligations. These are, among others, the username or the profile picture. The collection of this data is necessary for the conclusion of the contract. The deletion of the data takes place after the expiration of warranty periods and possible legal retention periods. Data that is linked to a user account is retained for the duration of the management of this account.

We store the following of your user data:

  • Nickname you have chosen
  • User picture uploaded by you
  • Group membership
  • Game results
  • All actions relevant to the player’s history (e.g. change lineup, buy a player, buy cards like change or wizard)
  • For so-called “in-app purchases”, i.e. real-money purchases in the Google Play and Apple App Store stores, we store the “receipt data” generated by the stores (unique ID, product, price, date and time)
  • Date and time of “logins”.

This data is stored solely to ensure the operation of the game.

Contact us by e-mail

If you contact us by e-mail, your details will be processed for the purpose of processing the inquiry (e.g. support) and for possible further follow-up questions associated with the contact. If the data processing is carried out for the implementation of pre-contractual measures, which are carried out in response to your inquiry, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing. We only process further data if you consent to this or if we have a legitimate interest in processing your data.

Right of withdrawal

The website operator takes data protection very seriously and treats your personal data confidentially and in accordance with the statutory provisions. Please bear in mind that data transmission on the Internet can always be subject to security vulnerabilities. A full protection against access by third parties is therefore not feasible. As a user, you can request free information about what data has been stored about you. Provided that your request does not conflict with a legal obligation to retain data (e.g. data retention), you have the right to have incorrect data corrected and to have your personal data blocked or deleted.

STORAGE PERIOD

Unless specifically stated, we store data only as long as necessary to fulfill the purposes pursued. In some cases, the legislator provides for the retention of personal data, such as in tax or commercial law. In these cases, we only continue to store the data for these legal purposes, but do not process it in any other way and delete it after the legal retention period has expired.

DATA SECURITY

To protect your data, we maintain technical and organizational security measures, which we constantly adapt to the state of the art. We do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.

TRANSFER OF DATA TO THIRD PARTIES

In the event that we outsource certain parts of data processing (“commissioned processing”), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the individual concerned.