GDPR Compliance Statement

Last Updated: January 11, 2025

Playabl World AG ("we", "us", "our") is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Our Commitment to GDPR

As a data controller and processor operating within the European Economic Area (EEA), we have implemented comprehensive measures to ensure full compliance with GDPR requirements.

Your Rights Under GDPR

1. Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you and information about how we process it.

2. Right to Rectification (Article 16)

You can request correction of any inaccurate or incomplete personal data we hold about you.

3. Right to Erasure - "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when it's no longer necessary for the purposes it was collected.

4. Right to Restrict Processing (Article 18)

You can request that we limit the processing of your personal data under certain circumstances.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

6. Right to Object (Article 21)

You can object to the processing of your personal data for direct marketing or based on legitimate interests.

7. Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

8. Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Email: dpo@lifeosint.com

Phone: +41 61 123 45 68

Response Time: We will respond to your request within 30 days

Verification: We may request proof of identity to protect your data

Legal Basis for Processing

We process personal data under the following legal bases:

Legal Basis	Purpose	Data Categories
Consent (Art. 6(1)(a))	Marketing communications, analytics	Email, usage data
Contract (Art. 6(1)(b))	Service provision, account management	Account data, messages
Legal Obligation (Art. 6(1)(c))	Tax records, compliance	Financial records
Legitimate Interests (Art. 6(1)(f))	Security, fraud prevention	Security logs, IP addresses

Data Protection Measures

Technical Measures

End-to-end encryption for sensitive data
Regular security audits and penetration testing
Access controls and authentication systems
Secure data centers in the EU (Helsinki, Finland)
Regular backups with encryption
Network security and firewall protection

Organizational Measures

Data Protection Officer appointment
Regular GDPR training for all staff
Data Processing Agreements with all sub-processors
Privacy by Design principles in development
Data Protection Impact Assessments (DPIA)
Incident response procedures

Data Retention

We retain personal data only for as long as necessary:

Account Data: Duration of account plus 30 days
Communication Data: As configured by user (default: unlimited)
Analytics Data: Maximum 26 months
Financial Records: 10 years (legal requirement)
Security Logs: 90 days

International Data Transfers

When we transfer data outside the EEA, we ensure adequate protection through:

EU-approved Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Additional safeguards as required by Schrems II ruling

Data Breach Notification

Our Commitment:

Notify supervisory authority within 72 hours of becoming aware of a breach
Notify affected individuals without undue delay if high risk to rights and freedoms
Maintain detailed records of all data breaches
Implement measures to prevent future breaches

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data immediately.

Third-Party Processors

We work with carefully selected third-party processors:

Hetzner Online GmbH: Infrastructure hosting (EU-based)
Stripe Inc: Payment processing (Privacy Shield/SCCs)
Google LLC: Analytics (SCCs in place)
Cloudflare Inc: CDN and security (SCCs in place)

All processors have signed Data Processing Agreements ensuring GDPR compliance.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority:

Swiss Authority:

Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1, CH-3003 Bern

Website: www.edoeb.admin.ch

EU Users:

You may also contact your local data protection authority

List of authorities: edpb.europa.eu

Privacy by Design

LifeOS implements Privacy by Design principles:

Data minimization - we only collect necessary data
Purpose limitation - data used only for stated purposes
Privacy as the default setting
Full transparency in data processing
User control over personal data
End-to-end security measures

Cookies and Tracking

We comply with the ePrivacy Directive requirements:

Explicit consent for non-essential cookies
Clear cookie policy and management options
Respect for Do Not Track signals
Regular cookie audits

See our Cookie Policy for details.

Contact Our Data Protection Officer

Data Protection Officer

Ivan Glushenkov

Zubastrasse 28

8212 Neuhausen, Schaffhausen

Switzerland

Email: dpo@lifeosint.com

Phone: +41 61 123 45 68

Secure Contact: PGP key available upon request

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in law or our practices. Material changes will be notified via email or prominent website notice at least 30 days before taking effect.

Your Privacy Matters

We are committed to protecting your privacy and ensuring your rights under GDPR. If you have any questions or concerns about how we handle your data, please don't hesitate to contact us.