Last Updated: July 2020
The App processes data for the purpose of:
- operating the service;
- sending you e-mail with information about your game progresses and activity;
- sending you, with your prior consent, e-mail newsletters for marketing promotions performed by Ferrero and our affiliates;
- improving the service; and
- to follow up on abuse reports and cooperate with law enforcement.
We do not sell or otherwise distribute your personal data to third parties and will not send you any commercial proposals unless expressly authorized to do so. Even when you authorize us to send you our proposals, you are free to opt out at any time. To evaluate the use of our service as well as for statistical purposes, only anonymised data shall be used.
- When processing data for the purpose of operating the service, we rely on Art. 6(1)(b) GDPR –this means in we need to process your personal data in order to perform a service you have requested from us.
- When processing data to send you e-mail newsletters, we rely on your consent, under Art. 6(1)(a) GDPR. This is expressed by the preferences you set on the App, and for marketing promotions it is turned off by default.
- When processing data for the purpose of improving the service, we rely on Art. 6(1)(f) GDPR – this is in other words, our legitimate interests in further developing our service.
- When processing data for the purpose of following up on abuse reports and cooperating with law enforcement, we will either rely on Art. 6(1)(c) GDPR – where we are legally obliged to process certain kinds of data – or on Art. 6(1)(f) GDPR – to meet our legitimate interests in ensuring that abuse reports are correctly addressed.
You can ask us for more information on our assessments concerning our legitimate interests by reaching out to us at firstname.lastname@example.org.
What information does the App obtain and how is it used?
User Provided Information
The App obtains the information you provide when you download and register within the App. No personal information is requested through the registration process as mandatory in order to be able to use the basic features of the App. Further information shall be requested as optional upon registration or after parent verification, in order to allow you to use some of the features offered by the App (such as information about your game progresses and activity). The registration process is currently intended for and directed to parents/grown-ups within the parent section of the App and utilizes Children's Online Privacy Protection Act (COPPA)-compliant procedures to allow for the collection of certain account information from parents with verification of a parent email address. When you register with us and use the App, you generally provide (a) your name, year of birth, email address, and other registration information; (b) information you provide us when you contact us for help. We may also use the information you provided us to contact you from time to time to provide you with important information, required notices and, with your prior consent expressed during registration, marketing promotions.
Please note that certain sections of the App will ask for access to parts of your device – namely, the camera and the storage. When you access these sections, a pop-up will ask you to allow the App permission to access the relevant parts of your device. You can adjust permissions given within the settings of your device itself – for more information, click here for iOS and here for Android. If you deny or remove this access, those sections of the App may not work fully as intended.
Certain sections of the App also allow photographs to be taken, which may capture personal data related to the user of the device, or to third parties. This is true also of drawings which may be created on the App, though it is less likely that these will contain any personally identifiable information.
Automatically Collected Information
In addition, the App may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile unique device ID, the IP address of your mobile device, your mobile operating system and language, the type of mobile Internet browsers you use, and information about the way you use the App (such as information about your game progresses and activity). The App may access certain device information and/or components automatically. This collection is only for the purpose of providing the services within the App you choose to use. This information is not linked to personal information about the user. A push notification token will be used to send push notifications to your mobile device with updates and suggestions upon request (e.g. through scanning QR codes) or automatically (e.g. by mean of audio watermarks). These notifications would only be activated from the parent section of the App and directed to parents
Does the App collect and track any personal data such as face data through the use of TrueDepthAPI?
The App uses the device’s TrueDepthAPI camera system to track the movement of the face. This allows for a unique user experience –embody your favourite character by wearing a digital mask. In order for this functionality to be possible, the app requires access to your device’s camera. This access can be toggles on or off at any time in your device’s settings. We do not collect, store or share data used by software for depth of facial mapping information, TrueDepthAPI locally or remotely. In addition, we do not disclose this information to any third parties.
Does the App collect precise real time location information of the device?
This App does not collect precise information about the location of your mobile device.
Do third parties see and/or have access to information obtained by the App?
On a normal basis, only aggregated, anonymized data is periodically transmitted to external services to help us improve the Website and our service, e.g. maintenance and hosting services. We will share your information with third parties only in the ways that are described in this privacy statement.
We may disclose User Provided Information and/or User Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.
If Ferrero is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via a prominent notice on our Website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
Other than the above, limited internal staff at Ferrero may have access to personal data collected via the App, as necessary to perform their duties regarding the operation of the App. These data will only be accessed on a need-to-know basis, and all staff members with access to the data are bound to confidentiality.
We do not have any advertising in our App. At times, we may promote the App via internet advertising. If you click on such an advertisement on an external web site and navigate directly to the iTunes App Store or other platform, with the use of web cookie and similar technologies (You can refer to our Cookies Policy on kinder.com to learn more about opting out of such technologies) or non-identifying information such as your phone's device ID may be sent to the advertising network, so that they and we may track the effectiveness (i.e., conversions) of our advertising. In addition to conversion events, it might also be used for frequency capping, estimating the number of unique users, debugging, or security and fraud detection. When you use the App, a unique ID (which varies by device manufacturer and operating system) is read from or associated with your device to be used as an anonymous identifier for analytics and performance purposes. We don't store the ID, or share the ID or other unique information collected or used by the app with third parties, except for service providers whose analytics product generates this ID to track and analyze the performance and the quality of our App. We do not use information gathered within the App to serve you targeted advertisements.
You can stop all collection of information by the App easily by uninstalling the App. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. Please note that you may at any time exercise your rights of access, rectification, erasure, opposition, restriction of processing and portability with respect to your personal data by writing to our email address email@example.com. See below for parental rights with respect to children's data.
You can withdraw your consent to receive e-mail newsletters at any time, by adjusting the preferences you set on the App or by clicking on a link available in each communication and newsletter we send you.
You are entitled to file a complaint with the competent supervisory authority, in the event that you deem any aspect of our processing of personal data to be unlawful. For these purposes, you can reach out to:
- The Luxembourg National Data Protection Commission (the supervisory authority within Ferrero’s place of establishment); or
- The competent supervisory authority within your area of residence or place of work, within the EU/EEA.
Ferrero has chosen Amazon Web Services, Inc. (AWS) as the cloud service provider to store your data. The Article 29 Working Party (the independent advisory board made up of representatives from the data protection authorities of all the EU Member States as well as from the European Commission) has approved the AWS Data Processing Agreement, which includes the Model Clauses. The Article 29 Working Party has found that the AWS Data Processing Agreement meets the requirements of the Directive with respect to Model Clauses. For more detail on the approval of the AWS Data Processing Agreement from the Article 29 Working Party, please visit: https://www.cnpd.public.lu/en/actualites/international/2015/03/AWS.html
Ferrero has chosen Google Firebase Crashlytics as crash reporting software to collect insights into the nature of stability problems you may face through some Automatically Collected Information. Analytics information are used to support Ferrero analysis and operations, to enable product development and to improve our APP and services.
Ferrero has chosen Gameloft SE as software developer which for maintenance and for the improvement of the APP; it may therefore have access from time to time to some collected data.
Data Retention Policy, Managing Your Information
- When you register on the App, we will send you an e-mail so that you can confirm your registration. If you do not confirm your registration right away, we will keep the User Provided Data you shared with us during your registration for a period of 14 days, before erasing it (unless you confirm your registration in the meantime).
After you have confirmed your registration, we will retain User Provided Data for as long as you use the App. If your account remains inactive for a consecutive period of 12 months, we will erase the User Provided Data we have on you (unless further retention is needed to meet our legal obligations, or to address legal claims) – we will send you an e-mail notice of this 1 month before deletion is to take place.
- Photographs which are taken using the App are stored locally, on the App’s memory of your device – they will be retained until the App is uninstalled.
Other images which may be generated using the App (such as drawings or images of QR codes) may be stored on the App’s memory (in which case, the above applies) or on your device’s camera roll – in this case, you can delete those images at any time through your device.
- The backup of your Data will be stored on Ferrero’s AWS for as long as you use the App. If your account remains inactive for a consecutive period of 12 months, we will erase the backup of your Data.
- We will retain Automatically Collected information for up to 12 months and thereafter may store it in aggregate form. If you'd like us to delete User Provided Data that you have provided via the App, please contact us at firstname.lastname@example.org.
We do not use the App to knowingly solicit data from or market to people aged under 18. No personal information should be submitted by Children and their real name or any information should never be used in the feature of the App (such as the creation of an avatar). If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com. We will delete such information from our files within a reasonable time. If we were to collect and store personal information from children under the age of 18 in connection with a feature inside the App, we will first take steps to notify and obtain prior consent from a parent or legal guardian in accordance with applicable laws such as the COPPA, unless an exception to these laws apply. We would also give parents the ability to review their children's personal information, stop the further collection or use of such information, or request its deletion. To learn more about COPPA, you may consult this simple one-page informational guide from the kidSAFE Seal Program: https://www.kidsafeseal.com/knowaboutcoppa.html
Information security is important to Ferrero and we are concerned about safeguarding the confidentiality of your information. We have established physical, electronic, managerial and procedural safeguards to protect the information we collect, process and maintain. These safeguards are regularly reviewed to protect against unauthorized access, disclosure and improper processing of your information, and to maintain the accuracy and integrity of that data. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our App. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. For technical and operational reasons, personal data can be transferred through servers which are located outside the European Union, where the European data protection rules are not applicable. Privacy regulations outside the EU might not provide the same high level of protection.
For privacy related questions
(for US only) at (800) 688-3552 FREE or (732) 764-9300
Ferrero International S.A.
Attn. Group Privacy Officer
16, Route de Trèves