Privacy Policy

Last updated: 2019-11-06

Table of Contents

  1. Introduction
  2. Contact possibility of the responsible person
  3. General information on data processing
  4. Information collected automatically when using our apps & games
  5. Contact via e-mail
  6. Creation of log files
  7. Usage of cookies
  8. Use of third party analysis and advertising services
  9. Overview of our services including partners
  10. Opt-out Information
  11. Links to partner websites
  12. Your rights regarding data protection

1. Introduction

The following privacy policy applies to all services provided by Phantombox. These include games, apps, and websites, which we will summarize below under the term "Services". The Privacy Policy will be updated periodically depending on the current legal situation. As a result, please review our Privacy Policy from time to time. Your further use of the Services will be subject to the then-current update of the Privacy Policy. If you do not agree to the new version, the services provided by us should no longer be used.

In the following section we would like to introduce you to our privacy policy, which includes, among other things, which data is processed and why exactly this data is used. In addition, we provide information about security measures that are taken for your data, age restrictions and the display of targeted advertising. Which data we collect depends on which products you use and how you use them. You will find further information below.

2. Contact possibility of the responsible person

If you have any questions regarding data protection or requests for solutions to problems with your personal data, please contact us via e-mail so that we can respond to you more quickly.

Name: Sellim Dauti (Phantombox)

Address: Heinrichstra├če 93, 44805 Bochum, Deutschland

E-mail: sellim@hotmail.de or privacy@phantom-box.com

3. General information on data processing

How long is the data stored?

Personal data collected through the services will be stored and deleted in compliance with legal regulations. All data that are no longer required for the above-mentioned purposes will be anonymised or deleted unless their further storage is required by law. If you have any questions about our data retention practices, please contact us using the contact details below.

Why is this data collection necessary?

We collect the above data only with your consent to ensure that your contract with us is fulfilled and that you are satisfied with the services we provide.

This includes the following services:

  • Maintenance and improvement of the services we provide
  • Display of personalized advertising
  • Answering your questions and comment when contacting us
  • Combination and linking with information from others (account link)
  • View messages (updates, administrative messages, and security alerts)
  • Confirmation of identification to protect you from unauthorized access
  • All purposes which support the fulfilment of our legal and official requirements
  • Optimizing the safety precautions
  • Management, analysis, research and optimization

Safety Precautions

In order to guarantee the security of the data that you have provided when using our services, we take numerous security precautions to avoid access by third parties. This includes the regular development and improvement of our physical, administrative and technical security measures. However, the security of Internet transmissions can never be fully guaranteed. For this reason, we cannot guarantee the security of the personal data transmitted.

Also protect yourself and your data from persons who want to have your user name, password or similar. A Phantombox employee would never ask for your password.

Age Restriction

Our policies do not allow us to collect information about a child's name, address, telephone number or e-mail address from children who are older than 13 years of age. This includes that we do not endorse the use of personalized advertising by children under the age of 13 and therefore do not allow the use of our services. If you know someone who is using our services and is before the age of 13, please contact us.

International data transmission

Data collected by us are usually collected, administered and stored in Germany. Due to the global availability of our services, however, data can also be transferred across national borders, i.e. worldwide. Since your personal data should be processed securely even beyond your location, we are careful in the choice of our partners and observe appropriate security precautions for your data.

Social-Sharing-Function

As mentioned above, the services we provide may include social sharing features and similar features that allow users to share successes, actions, events, etc. on social networks. This includes linking these accounts to our services. Who your selected content will be shared with depends on the settings on the social media platform. For this reason, we ask you to obtain further information regarding data protection guidelines directly from the respective data protection declaration of the social media platform.

Third-party Websites

Similar to the social sharing features offered by third parties in connection with our services, there are also links to websites operated by third parties in our services. Therefore, we would like to point out again that this data protection declaration only applies within the scope of our services and we therefore assume no liability for personal data collected, stored and used by the operators of these websites. In this case, we therefore ask you to observe the data protection guidelines of the respective websites you visit.

Download of our apps

When downloading the mobile app, the necessary information is transferred to the respective App Store, in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device code number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.

4. Information collected automatically when using our apps & games

  • Information on game progress and activities
  • General location data
  • Precise location information (GPS, only with your permission)
  • Information about your device (such as device name and operating system, browser Information, including browser type and preferred language)
  • IP address and device identifiers (e.g. device ID, advertising ID, MAC address, IMEI)
  • App version

5. Contact via e-mail

Description and scope of data processing

Phantombox must retain the data provided in this e-mail for the purpose of processing your e-mail until the request has been fully processed. Among other things, you have the right to access and delete this data at any time. More information can be found in the section "Your rights regarding data protection".

Legal Basis

The legal basis for the processing of the data is Art. 6(1)(f) of GDPR. If the e-mail contact is aimed at the conclusion of a contract or serves the execution of a contract, the additional legal basis for the processing is Art. 6(1)(b) of GDPR.

Purpose of data processing

The processing of the data serves us alone for the treatment of the establishment of contact. The other personal data processed during the transmission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Storage Period

The data will be deleted as soon as the purpose of their collection is no longer necessary.

Dissension

You have the possibility at any time to object to the processing of your personal data after contacting us, regardless of whether this was done via a contact form or e-mail. In such a case, the conversation cannot be continued and your request may not be finally processed. All personal data stored in the course of contacting you will be deleted in this case. Something else applies if mandatory legal retention periods contradict this.

6. Creation of log files

Description and scope of data processing

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • browser types and versions used
  • the operating system used by the accessing system
  • the website from which an accessing system accesses our website (so-called referrer)
  • the subsites that are accessed via an accessing system on our website
  • the date and time of access to the website
  • an Internet protocol address (IP address)
  • the Internet service provider of the accessing system
  • other similar data and information used to avert dangers in the event of attacks on our information technology systems

Legal Basis

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) of GDPR.

Purpose of data processing

When Phantombox uses this general data and information, it does not draw any conclusions about the person concerned. This information is necessary to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) maintain the functionality of our information technology systems and the technology on our website, and (4) provide law enforcement authorities with the information they need to prosecute a cyber attack. This anonymous data and information is therefore evaluated by Phantombox both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.

Storage Period

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended.

Log files that contain personal data are generally deleted after seven days at the latest. A storage going beyond this is possible in the case of so-called error logs, which enable us to correct errors. These error logs are deleted after a maximum of 30 days; IP addresses collected are anonymised after 30 days.

Dissension

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

7. Usage of cookies

Description and scope of data processing

Cookies are small text files that are usually stored in a folder of your browser. Cookies can contain all kinds of information, depending on their purpose. If cookies do not contain an exact expiration date, they are only temporarily stored and automatically deleted as soon as you close your browser or restart the terminal. Cookies with an expiration date are also stored when you close your browser or restart the end device. Such cookies are only removed on the specified date, or if you delete them manually. You also have the option of deactivating cookies in your browser. However, this could mean that both our services and the services of others no longer function properly.

Phantombox does not require cookies to use the website and therefore does not store any information in cookies. As a result, the Phantombox website does not have a cookie notification.

Phantombox is not responsible for cookies used by our advertisers, partners and third parties, so please be aware of cookie notifications when you are redirected to other websites. For more information about partners who provide services to us or how you can disable these features in your device settings, please see the "Use of third party analysis and advertising services" section.

However, when you use our other services, such as apps & games, the situation is different due to the involvement of third party services. The integration of advertising services of our partners requires cookies.

Further information on the special cookies can be obtained here, depending on the product:

Legal Basis

The legal basis for the processing of personal data using cookies is Art. 6(1)(f) of GDPR.

Purpose of data processing

Cookies are used by our partners to provide you with suitable advertising.

Storage Period

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

Dissension

In our games / apps you have the possibility to opt out for Unity Ads. The button provided for this is located directly in the main menu of our service.

For Google Admob advertising you will find the opt out here: https://www.google.com/settings/ads

8. Use of third party analysis and advertising services

In order to provide analysis and advertising services, personal data may be passed on to third parties or collected by third parties in order, for example, to display advertisements tailored to specific individuals.

For more information about third party partners and services, we encourage you to read the sections entitled "Third Party Websites", "Social Sharing Function", "Usage of Cookies" and "International Data Transfer.

The information collected for these analysis and advertising services is subject to the respective privacy policies of the partners and is therefore outside our responsibility. We therefore recommend that you read the privacy statements of each partner if you have any questions. You can find out how to deactivate these services, which partners are used by our services and a reference to the respective data protection guidelines at the following links.

In order to adapt personal advertisements to your needs as far as possible, you can, depending on the device, edit your settings.

For Apple devices, see the following link for instructions:

https://support.apple.com/en-asia/HT202074

For Android devices there is a manual under the following link:

https://support.google.com/ads/answer/2662922?hl=en

9. Overview of our services including partners

In the following you will find a clear listing of our services including the third party services used there and all other important information regarding personal data.

Website

Phantom Smash

Rise of Horizon

10. Opt-out Information

Unity Ads (Advertisement)

  • If Unity Ads is used, you can click on the small data protection icon as soon as the advertisement is displayed and opt-out there.

Unity Ads may collect information such as IP address, device ID, and information about the delivery of ads and your interaction with them, which may all be shared with advertisers and attribution companies. For the sake of clarity, Unity collects the following information: whether you click or tap on an ad for a new game, whether you view the ad or play a game frequently, whether other players who are playing a game like the one you are currently playing have downloaded a particular new game, and whether you download and install the new game you are watching. All this is to predict the type of new games you want to download.

More detailed information can be found in Unity's Privacy Policy: https://unity3d.com/de/legal/privacy-policy

Unity Analytics (Analytics)

  • If Unity Analytics is used, the opt-out button is located in the main menu of the game / app.
  • Unity collects, among other things, device information such as IP address and device ID as well as completed events or actions within the game, including level, number of credits, time you have taken to earn them, metadata about the communication in the game and the value and details of purchases.

    Further details on Unity Analytics can be found at https://unity3d.com/de/legal/privacy-policy

    Google Admob (Advertisement)

    Admob collects personal data such as device IDs, GPS data, demographic data, etc. in order to be able to display advertisements that are relevant to you. For more details about the information Google Admob collects, please see Google's privacy policy at https://policies.google.com/privacy

    Google Firebase & Google Analytics (Analytics)

    • If Firebase is used, the opt-out button is located in the privacy options of the game / app.

    Phantombox uses Google Analytics, a web analytics service provided by Google LLC ("Google"), on the basis of your consent pursuant to Article 6 (1 a), Article 7 GDPR).

    The information generated by the use of our services by users is usually transferred to a Google server in the U.S. and stored there.

    Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    Google will use this information on our behalf for the purpose of evaluating the use of our services by users, compiling reports on activities relating to such services and providing other services to us relating to the use of such services and the internet. Pseudonymous user profiles can be created from the processed data.

    Phantombox uses Google Analytics only with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

    The personal data of the users are already deleted or anonymized after 2 months.

    The type of information collected through the Google Analytics for Firebase default implementation includes:

    • Number of users and sessions
    • Session duration
    • Operating systems
    • Device models
    • Geography
    • First launches
    • App opens
    • App updates
    • In-app purchases

    See a full list of the default events and user properties collected by Google Analytics for Firebase.

    Find more information about everything being collected here.

    11. Links to partner websites

    Data protection provisions about the application and use of YouTube

    On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

    The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

    With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/ . During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

    If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

    YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

    YouTube's data protection provisions, available at https://www.google.com/intl/en/policies/privacy/ , provide information about the collection, processing and use of personal data by YouTube and Google.

    Data protection provisions about the application and use of Facebook

    On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

    A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

    The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

    With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plugins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/ . During the course of this technical procedure, Facebook is made aware of what specific subsite of our website was visited by the data subject.

    If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject?and for the entire duration of their stay on our Internet site ? which specific subsite of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

    Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

    The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/ , provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

    Data protection provisions about the application and use of Instagram

    On this website, the controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.

    The operating company of the services offered by Instagram is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

    With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.

    If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject?and for the entire duration of their stay on our Internet site?which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.

    Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.

    Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ .

    12. Your rights regarding data protection

    You can contact us at any time if you have any questions about your rights with regard to data protection or if you wish to assert any of your subsequent rights:

    1. Right of confirmation

    Every data subject shall have the right, granted by the European directive and regulation maker, to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.

    2. Right of access

    Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

    • the purposes of the processing
    • the categories of personal data concerned
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
    • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing
    • the existence of the right to lodge a complaint with a supervisory authority
    • where the personal data are not collected from the data subject, any available information as to their source

    the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

    Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

    If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

    3. Right to rectification

    Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

    If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

    4. Right to erasure (Right to be forgotten)

    Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

    The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

    The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

    The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

    The personal data have been unlawfully processed.

    The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

    The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

    If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by Phantombox, he or she may, at any time, contact any employee of the controller. An employee of Phantombox shall promptly ensure that the erasure request is complied with immediately.

    Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of Phantombox will arrange the necessary measures in individual cases.

    5. Right of restriction of processing

    Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

    The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

    The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

    The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

    The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

    If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by Phantombox, he or she may at any time contact any employee of the controller. The employee of Phantombox will arrange the restriction of the processing.

    6. Right to data portability

    Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

    In order to assert the right to data portability, the data subject may at any time contact any employee of Phantombox.

    7. Right to object

    Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

    Phantombox shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

    If Phantombox processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Phantombox to the processing for direct marketing purposes, Phantombox will no longer process the personal data for these purposes.

    In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by Phantombox for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

    In order to exercise the right to object, the data subject may contact any employee of Phantombox. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

    8. Automated individual decision-making, including profiling

    Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.

    If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, Phantombox shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

    If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of Phantombox.

    9. Right to withdraw data protection consent

    Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

    If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of Phantombox.

    We will process all requests within a reasonable period of time. If you continue to have concerns about privacy or data use, or believe that we have not adequately addressed them, please contact your local data protection authority.

    Contact details for data protection authorities within the EU can be found at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

    In the event that you do not wish to provide your personal data, or you wish to have the personal data already collected deleted, we cannot guarantee that you will be able to use all the features in the services we provide.

    13. Final Provisions

    Phantombox may change this Privacy Policy at any time. Phantombox will notify you of such changes by appropriate means.