Privacy Policy

Privacy Policy of Verve Group SE

Verve Group SE (hereinafter: “we,” “us”, “Verve”) respects the integrity of personal data, protects privacy and ensures the security of its users’ personal data.

In this Privacy Policy we want you to understand what information we collect and process about you when you use our website and for what purpose we collect such data.

In addition, we would like to inform you about the rights you are entitled to if you have entrusted us with your personal data as part of our offers.

1. Controller

Verve Group SE
Stureplan 6
11435, Stockholm
Sweden

We are the controller within the meaning of Article 4 No. 7 of the General Data Protection Regulation (GDPR) and other data protection regulations.

2. Contact Details of the Data Protection Officer

You can reach our external data protection officer, Mr. Jörg F. Smid, by writing a letter to

DPL Consult
Drehbahn 9
20354 Hamburg
Germany

or send an email to privacy@verve.com.

3. Definitions

Decisive for the definitions of the terms used in this Privacy Policy, such as the term personal data, is Art. 4 of the General Data Protection Regulation (GDPR).

4. Handling Personal Data

The provision of personal data on the internet always carries the risk of unauthorized processing by third parties who gain unauthorized access to this data, as no technological system can be fully protected against external attacks. We take technical and organizational measures to protect your data from misuse. We process your data in accordance with the requirements of Maltese and European data protection law and continue to further educate ourselves. The data processing is carried out according to the current state of the art.

5. Origin of Personal Data

We obtain personal data in the following way:

5.1. Information provided by you

We receive personal data from you when you provide it in the course of using our website. Providing this information is always voluntary.

Examples of processed personal data: Name, e-mail address, address.

 

5.2. Automatically collected and generated data

When you use our website, data is automatically collected and generated.

Examples of processed data: Device information, geographical location, browser type, IP address, number of page views

6. Scope and Purpose of the Processing of Personal Data and the Legal Bases for Processing

In the following, we would like to give you an overview of the personal data that we process when you use our website. We have listed the different categories of data and examples of personal data that can be processed.

Personal data is all information about you and your factual and personal circumstances, for example name, address or age. Data that cannot be assigned to a specific natural person is not personal data. For example, this can be statistical data that describes a group.

We treat your personal data always confidential and in accordance with the statutory data protection regulations. We will not share it with third parties without your consent, unless permitted by law.

In the following you can also read on which legal basis the respective processing of the listed data is based.

The main legal bases in scope are regulated in Art. 6 Para. 1 Sentence 1 GDPR. These are, as far as relevant for us, the following cases:

Art. 6 Para. 1 Sentence 1 lit. a) GDPR: Data processing is based on a consent that you have granted us.

Art. 6 Para. 1 Sentence 1 lit. b) GDPR: The data processing is necessary for the performance of a contract to which you are a party or is necessary for the performance of pre-contractual measures taken at your request.

Art. 6 Para. 1 Sentence 1 lit c) GDPR: Data processing is necessary for the fulfillment of a legal obligation to which we are subject.

Art. 6 Para. 1 Sentence 1 lit. f) GDPR: The data processing is necessary to protect our legitimate interests or those of a third party except where such interests are overridden by
your interests or fundamental rights and freedoms which require protection of personal data.

 

6.1. Log files

We use log files to analyze and optimize the functionality of our website, to find errors, to ensure the security of our systems (e.g. to fend off cyberattacks) and to ensure compliance with applicable law.

Examples of processed data: Connection type, IP address, the visited page, hardware features, duration and frequency of use.

The legal basis for this processing is Art. 6 Para. 1 Sentence 1 lit. f) GDPR, because our users and we have a legitimate interest in our website being secure and functional.

 

6.2. Downloads

On our website we may offer you the option to download various documents and/or programs. As part of this, personal data is processed so that we can check whether the download is working, and if not, where there are errors, in order to optimize the quality of our website. Error sources can e.g. originate from a certain region, emanate from a certain internet provider, or result from only the partial transfer of the file.

Examples of processed data: Transferred data quantity, time of download, access status (transfer file, file not found), IP address, hardware features, speed.

The legal basis for this processing is Art. 6 Para. 1 Sentence 1 lit. f) GDPR, as we have a legitimate interest in providing our website safely and reliably, free of technical errors.

 

6.3. Cookies

When you visit our website, we want to make sure that you always get the information that is most relevant to you. For this reason, we use cookies on our website.

Cookies are small text files that are stored on your local device. They ensure that we recognize you the next time you visit our website and that we can offer you a personalized experience on our website.

There are permanent cookies, which remain stored for a longer period of time and so-called session cookies, which are only placed as long as your visit lasts and are deleted as soon as you leave.

Sometimes we place cookies ourselves, other times, however, we use cookies from third parties (so-called third-party cookies).

We use cookies so that we can show you our website, you can take advantage of comfort functions, we can carry out statistical evaluations and for marketing purposes. These cookies are divided into so-called essential and non-essential cookies. We only set non-essential cookies if you have given us your prior consent. We ask you for it when you visit our website.

For essential cookies, the legal basis for the processing of your personal data results from Art. 6 Para. 1 Sentence. 1 lit. f) GDPR, because we have a legitimate interest in making our offer available to you. For non-essential cookies, the legal basis for processing results from Art. 6 Para. 1 Sentence 1 a) GDPR.

 

6.4. Newsletter

We inform you by newsletter about all offers, services and other activities by us or the other companies in the Verve group and about all other offers, services and other activities by third parties in connection with the offers, services and other activities of one or more companies in the Verve group (so-called Verve group newsletter) if you have previously consented to this newsletter being sent to you. You can unsubscribe from receiving further newsletters at any time using the link contained in the newsletter (“Unsubscribe button”).

Newsletters are sent at our request by our service provider. Your e-mail address, which receives our newsletter, and other personal data are temporarily stored on the service provider’s servers. This information is used to send and evaluate the newsletter. For this purpose, so-called tracking pixels are used, i.e. in our newsletter there is a non-visible image file which transmits technical information to the service provider when the newsletter is opened (e.g. whether the newsletter has been opened). Your data will not be used by the service provider independently to send the newsletter.

Examples of processed data: IP addresses, the language used, hardware, how the newsletter was handled, i.e. when it was read and which links were clicked on.

The legal basis for this processing is Art. 6 Para. 1 Sentence.1 lit. a) GDPR if you have consented to the Verve group newsletter being sent to you. We base the use of the pixel-code on Art. 6 Para. 1 Sentence 1. lit. f) GDPR, as we have a legitimate interest in customizing our information according to the recipient.

 

6.5. Contact with us

You have the possibility to contact us by e-mail, by contact form or by phone. If you contact us, we use the personal data that you voluntarily provide us with in this context solely for the purpose of contacting you and processing your request.

Examples of processed data: E-mail address, Phone number

The legal basis for this processing is Art. 6 Para. 1 Sentence 1 lit. b) GDPR and/or Art. 6 Para. 1 Sentence 1 lit. f) GDPR, since users as well as we have a legitimate interest in being able to answer the respective requests.

 

6.6. Social Media Plugins

We use social plugins on our website. We use these to make our company better known. The responsibility for the data protection compliant operation is to be guaranteed by our respective partners.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by the respective social media plugin.

We use social media plugins based on Art. Art. 6 Para. 1 Sentence 1 lit. f) GDPR. The promotional purpose to promote the publicity of our company is our legitimate interest.

Here you can find an overview of our partners in the “Social Plugins” section:

7. Storage Duration and Deletion of the Collected Data

We store personal data only as long as there is a concrete purpose for this. The duration of the storage depends on the purpose of the processing, the requirements of the processing, as well as on your and our interests and rights and, if applicable, the interests and rights of third parties. We always store personal data as briefly as possible (principle of data economy data/minimization), but at the same time we observe the statutory requirements which stipulate in certain cases a minimum retention period.

In any case, the following shall apply: If the purpose of processing has ceased to exist or if data is no longer required to achieve this purpose and there are no further statutory storage obligations to the contrary, we delete the relevant data.

8. Recipient of Personal Data

To achieve the processing purposes described above, we pass on personal data to various categories of recipients.

We share personal data with the following categories of service providers as processors: to our service provider for sending newsletter as well as to subsidiaries and affiliated companies within the meaning of Sec. 15 AktG (German Stock Corporation Act). The transfer of the personal data to the respective recipient as processor is lawful under Art. 28 GDPR.

We pass on personal data to the following categories of service providers as independent controllers: Lawyers, authorities, the police, and providers of “social media plugins.”

9. Transfer to Third Parties Outside of the EU or the EEA

Compliance with Art. 44 et seq. GDPR is ensured if data is transferred to a third country, i.e. before any personal data is transferred to third parties in a country outside the EU or the EEA (Norway, Iceland, Liechtenstein), we check whether these countries offer an adequate level of protection. This can be ensured by the fact that an adequacy decision by the EU Commission has been made or that third country transfers are permitted under other instruments regulated in Art. 46 et seq. GDPR.

10. Processing by Google

10.1. Google Universal Analytics 

Google Universal Analytics is a widely used web analytics service from Google Ireland Ltd. in Dublin. The methods provided by Google Universal Analytics enable a cross-device analysis of website usage by placing cookies. The information generated while using the website is usually transferred to a Google server in the United States of America and also stored there. Google uses the collected information to analyze the use of websites as our processor, to create reports and to provide services for the purposes of market research and website optimization. The anonymous IP address automatically transmitted to Google is not combined with other Google data and is only used by us for statistical analysis. Cookies for the operation of Google Analytics are only set if you have expressly agreed to them. The processing of the data by Google can generally be prevented by a suitable browser add-on. If you use a mobile device, it is possible to deactivate  Link Google Analytics using the following link. This prevents activity data from being shared with Google Universal Analytics via the JavaScript (gtag.js, ga.js, analytics.js and dc.js) executed on websites. For more information about Google Universal Analytics, please consult the Google privacy policy.

The legal basis for this processing, if personal data are processed, is Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

 

10.2. Google “Remarketing and similar target groups function”

We use the remarketing feature of Google Ireland Ltd. in Dublin, which allows us to target visitors to a website with personalized and interest-based advertising as soon as they visit another Google Display Network site. For this purpose, Google uses cookies if you have given your consent to this. Those Cookies perform an analysis of website usage, which forms the basis for creating interest-based online advertising. To carry out this process, Google places a short file with an identification number on your end device, through which website visits and anonymized data on the use of the respective websites are recorded. To the extent that visitors have agreed to have their web and app browsing histories linked by Google to their Google Account, and information from their Google Account is used to personalize ads displayed, Google will use data from these logged-in users along with Google Analytics data to create and define target audience lists for cross-device remarketing. This allows visitors to the website to be addressed with personalized, interest-based advertising across devices. Subsequent visits to other sites on the Google Display Network will display advertisements that most likely reflect the product and information areas previously viewed by the site visitor. Google’s remarketing function can be deactivated by adjusting the corresponding settings at http://www.google.com/settings/ads. Google’s use of cookies can also be permanently disabled by accessing the following links to the cookie management settings:

http://www.google.com/policies/technologies/managing/

http://www.google.com/policies/technologies/ads/

 

For more information about Google Remarketing, please consult the Google privacy policy.

The legal basis for this processing of personal data is Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

 

10.3. Additional Google Analytics functions for display advertising

The following Google Analytics functions are used on our websites to display advertising if you have given your consent to this:

  • Report editor in Google Display Network
    • Integration of Double Click Campaign Manager,
    • Google Analytics reports on performance by demographic features and interests

The aforementioned reporting functions serve to evaluate and use the data collected by Google in the context of interest-based advertising as well as visitor data from third-party providers in Google Universal Analytics, such as age, gender and interests. The end customer can deactivate Google Analytics for display advertising at any time and adjust the ads in the Google Display Network under the display settings at https://www.google.de/settings/ads.

For more information about functionalities of Google analytics for display advertising, please consult Google’s privacy policy.

The legal basis for this processing of personal data is Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

11. Your Rights

In this section, we inform you about the rights you have in relation to the processing of your data. You will find the exact scope of the law mentioned in each case in the corresponding article of the General Data Protection Regulation (GDPR). To exercise your rights, please email us at privacy@verve.com.

11.1. Right of access by the data subject to Art. 15 GDPR

You have a right to access your personal data stored by us pursuant to Art. 15 GDPR.

 

11.2. Right to rectification pursuant to Art. 16 GDPR

You have a right pursuant to Art. 16 GDPR to have incorrect personal data rectified or correct personal data completed.

 

11.3. Right to erasure pursuant to Art. 17 GDPR

Pursuant to Art. 17 GDPR, you have the right to have your personal data stored by us erased. Please note that we cannot undo an erase, i.e. all your game scores and progress are permanently lost.

 

11.4. Right to restriction of processing pursuant to Art. 18 GDPR

You have the right to restrict the processing of your data pursuant to Art. 18 GDPR if you dispute the accuracy of the data, if the processing is unlawful but you refuse to erase it, if we no longer need the data but you need it for the assertion, exercise or defense of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

 

11.5. Right to data portability pursuant to Art. 20 GDPR

You have the right to data transfer pursuant to Art. 20 GDPR, i.e. the right to receive selected data stored by us about you in a common, machine-readable format, or to request the transfer to another controller,

 

11.6. Right to object pursuant to Art. 21 GDPR

You have a right to object processing of data pursuant to Art. 21 GDPR.

 

11.7. Right to withdraw the granted consent under data protection law

If we process data on the basis of a consent given by you, you have the right to withdraw the consent given at any time. The withdrawal of consent does not render invalid the data processed on the basis of the consent until the time of withdrawal.

 

11.8. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. To consult the contact details of the supervisory authorities in Sweden, please access the following link:

https://www.imy.se/en/about-us/contact-us/

12. Final Provisions

This Privacy Policy is merely to inform you and does not require your agreement. We can and must adapt the Privacy Policy in the event of a change in circumstances, i.e. other data protection processes, and will inform you thereof by appropriate means.

 

Version: October 2024