Version 2.2 (October 6th, 2019)
Personal Data Controller
Company name: Eindhoven University of Technology
Corporate identity no: 51278871
Address: Groene Loper 3, 5612AE Eindhoven, The Netherlands
Data Protection Officer
Annuska van den Eijnden (firstname.lastname@example.org).
1. Purpose of the Data Collection
GameBus is a digital platform that encourages and rewards families and friends to stay active socially, mentally and physically in a personalized gaming experience. The platform collects your data to track your progress towards your desirable lifestyle (changes) and to reward you with points that are the basis of a social-ranking system. Furthermore, it leverages your data to apply other behavior change techniques that are constantly evolving by following the scientific state-of-the-art. Finally, GameBus data is used for scientifically advancing the state-of-the-art in the fields of information systems, persuasion strategies and e-Health.
2. Personal data collected by GameBus
To provide you the best service possible, GameBus collects a variety of personal data from you. The types of personal data and their intended uses are listed:
2.1 Personal information for creating account and communication
When registering a GameBus user account, the following personal information is collected:
- E-mail address,
- First name surname.
Remarks about these data types:
- When supplying an invalid e-mail address, your account will be suspended after a few weeks. E-mail is also the main channel of communication between you and GameBus, for example, to send you links to recover your password.
- We strongly encourage GameBus users to use a unique password for each online service they use. Furthermore, we recommend using a password manager to help users in generating strong passwords without making it complicated to memorize them.
- We do not force our users to use their real name. However, GameBus users can only find each other well using name search functionalities when names are used that are known to other users.
2.2 Behavioral and health data that are essential to the services
As part of the service, you are continuously requested to provide GameBus with personal data regarding your compliance (or the lack of compliance) to various behavioral goals, such as following a specific diet or taking a walk to a location nearby. This type of information is part of the core mechanism of gamification in GameBus. Note that the specific behaviors you performed are only known to GameBus, but (by default) NOT to other users. Different types of goals and behaviors are transformed to points at an abstract level, so that users can only see your overall compliance rates, e.g., in a social challenge. Users who join a GameBus challenge together (via groups/teams, called “circles” in the following) can see when their circle peers have scored points, along with the name of the game rule associated with those points.
Besides specific behaviors (e.g., walking to a particular location), some goals in GameBus may concern more general goals of improving health status, e.g., to lose a certain amount of weight in a month. Furthermore, GameBus may prompt its users to provide additional self-reported data related to self-esteem, self-regulation and general wellbeing. All such data is handled in the same way as the behavioral data.
It is the responsibility of each GameBus user to be aware of which circles are in which GameBus challenges, and which circle members can therefore see information related to the points scored for such challenges.
Specific challenges can involve sharing uploaded images with the challenge sponsor or with the general public. In such cases, the challenge description will clarify that and when joining such a challenge, users explicitly provide their consent. The primary purpose of sharing pictures is to facilitate the promotion of GameBus in order to stimulate its uptake. Users can also upload a GameBus profile picture and an administrator of a GameBus circles (called a “team leader” in the following) can upload a picture for the circle they manage. Images uploaded for user profiles or for circle profiles are visible to the general public.
2.4 Message data
As a social gamification system, GameBus also allows you to send messages to and receive messages from other users. These conversation data are thus collected and stored on the GameBus servers. GameBus personnel adheres to a policy of not checking individual messages. However, all GameBus data, including any type of message is input to research efforts aimed at understanding which user characteristics influence user engagement and health related behaviors. In any case, message data will not be shared to researchers outside the GameBus core research team.
2.5 Third-party personal data
When connecting a third-party data provider (like Google Fit, or Strava, see below), or when enabling location tracking capabilities (within the Android/iOS version of GameBus), data will be collected via a Dutch third-party system named Actev (https://actev.app/ & https://actev.app/policy).
Actev will temporarily store your activity data only (not your email and/or name) in order to merge low-level data into more meaningful timeline views. Actev stores all such data exclusively on servers in European data centers. GameBus-based activity data will be removed from Actev servers within one year.
Through Actev, GameBus enables you to pull in your data from third-party applications, such as:
- Apple Health, an American app and central repository for health and fitness data on iPhone and Apple Watch (https://www.apple.com/ios/health/).
- Google Fit, an American health-tracking platform developed by Google for the Android operating system, Wear OS and Apple Inc.’s IOS (https://www.google.com/fit/)
- Runkeeper, an American app that helps people to track their exercise. This application collects data related to users physical activities (https://runkeeper.com/).
- Selfcare, a Dutch app that enables users to connect health and tracking devices in order to take charge of their well-being and vitality. This application collects data related to user’s physical activity and performance (http://www.selfcare4me.com/ & https://www.selfcare4me.com/privacy-en-veiligheid/).
- Fitbit, an American app for the family of wearables from the same named wearable device provider (https://www.fitbit.com/).
The specific type of data that is transferred from these third-party applications to GameBus is shown within the GameBus and the third-party application, on the screens to establish the data integration. This involves, but is not limited to, data that is tracked automatically (e.g., on automatically recorded walks, runs, bike-rides, sleep episodes, etc.).
2.6 Usage data
These are data automatically collected by GameBus when you connect your device (usually called `Usage data’). This Usage data (e.g. your IP Address for example) collected through these automatic tracking processes are anonymous and are used in order to improve the Application’s quality only. In addition, they could be used for research and scientific publication purposes. For example, in the EUSFLAT 2019 publication entitled “Application of fuzzy modelling to learn personal preferences of mHealth users: a case study”, GameBus researchers have analyzed the relationship between page visits in GameBus and user personality types. The purpose of that study was consistent with the GameBus mission, by aiming to develop more effective health promotion support via personalization.
3. Consent and legal ground
The legal ground for all data collection by GameBus is that its users opt in and give informed consent explicitly. Furthermore, all GameBus users can opt-out at any time.
4. Data storage and sharing
All personal data are stored at the GameBus server, which is within the European Union. Anonymous data derived from the personal data are shared to the following parties for the purposes of either supporting the operations of GameBus or for scientific research and publications:
4.1 GameBus affiliated research teams
The GameBus core team consists of less than five researchers within Eindhoven University of Technology. However, this team collaborates with national and international peers in order to optimize behavior change methods for health and wellbeing. Before sharing anonymized data openly to the international research community at large, it may be shared with members of smaller consortia. Such members then help in identifying and remedying potential threats to re-identification. See https://www.healthgoal.eu/?page_id=5 for a specific such smaller consortium and https://blog.gamebus.eu/?page_id=1066 for a more complete overview.
4.2 Third-parties within EU
GameBus services are executed on private virtual servers owned by Host Europe GmbH in Germany. Eindhoven University of Technology has a separate data processor agreement with that company in order to safeguard that no employee nor subcontractor of Host Europe ever accesses GameBus data without explicit instruction by the GameBus core team.
4.3 Third-parties outside EU
Encrypted data backups may be stored on cloud infrastructure outside the European Union, on user accounts held exclusively by the GameBus core team. In such cases, decryption keys are managed carefully on other infrastructure.
5. Retention of data
GameBus data is preserved until the GameBus user who has generated it, requests to have it removed. This is critical for the GameBus user experience since the aim of GameBus is to leverage a user’s longitudinal data set to persuade this user to healthier behavior, or otherwise preserve already good health habits. By preserving original data, we ensure specifically that we can apply newly emerging scientific data analysis methods also on older data. If we would only preserve models of data (rather than original data) then we could not optimally support scientific progress and validation.
GameBus holds the security and integrity of your personal data with high regard. In a general way, we commit to carry out technical and organizational means to protect all personal data against illegal or fortuitous destruction, fortuitous loss, alteration, diffusion or unauthorized access. Nevertheless, we shall be required to divulgate any information regarding the user to comply with any applicable law or rules, or to respond to any administrative or judiciary order.
Despite these means, personal data collected by digital systems cannot be 100% secure, and there is always a risk of data loss or unauthorized access to your personal data. You assume this risk when you register as a GameBus user. On the user’s side, we highly recommend you use a strong password to your GameBus account, and to keep the password in a safe place. You are also advised to restrain access to your browsers, computers, and phones. In particular, we strongly discourage users to use GameBus on devices they cannot control fully (e.g., public computers, shared tablets, …).
Children under the age of 13 are by default not allowed to submit any personal data through GameBus. We urge parents and legal guardians to monitor their children’s uses of smartphones and to instruct them not to provide any personal data through GameBus without their permission. If you notice that a child under thirteen has submitted personal data to GameBus, please contact us at email@example.com. Special-purpose data management measures may be foreseen for specific studies involving younger children. Children and parents/guardians should then have given their explicit additional consent for such studies.
8. Your rights as a data subject
According to the EU General Data Protection Regulation (GDPR), you as a data subject are the owner of your personal data. Therefore, you have the rights to oppose the collection of any type of personal data by GameBus. Opposing certain types of data collection will negatively influence the services provided to you. For example, opposing the collection of personal information for creating account and communication would imply that you cannot create an account and thus decline to be a GameBus user. Also, if you supply an invalid e-mail address, you will not be able to restore your password in case you forget it.
The GameBus services are designed to motivate you to achieve your lifestyle goals, so as a result you are encouraged to provide as much as behavioral and health data as possible. However, how often you provide such data, and what specific goal-related behaviors or health information you are willing to provide are completely up to you.
There are some types of data collected that can be opposed but the oppositions have negligible influences on the services. The Service Provider may collect and process geolocation data when using the Application with your Mobile phone. You are informed that you can disable the geolocalisation system in the settings of your mobile device. Other automatic tracking features of third-party applications are disabled by default and can be (de-)activated from the profile settings page in GameBus.
In accordance with relevant regulations, you have the right to access the personal data you provided to GameBus, provided that your request does not infringe the rights and freedoms of others. If you wish to receive your personal data submitted to GameBus, please contact us at firstname.lastname@example.org.
8.3 Rectification and deletion
For the data already provided, you have the right to request rectification or deletion of these data processed by GameBus. Note that if a rectification or deletion request involves data that are necessary for the functionality of the GameBus services, such requests imply the invalidation of your account and the termination of you being a user of GameBus.
If you wish to exercise this right, please first use the designated app functionalities:
- Data of individual health activities can be deleted from within the app by (1) clicking the activity details in the app’s Activities section, (2) clicking “Delete Activity” (or the translated variant of that button).
- Your user account can be de-activated completely by (1) navigating to the profile page in GameBus, clicking “Remove Account” (or the translated variant of that button).
In case you have further requests then please contact us at email@example.com. An application shall be made in writing and must be signed by you. Alternatively, you can also erase your personal data by deleting your GameBus account.
Note that in case you aim to continue using GameBus yet want to opt out of a specific GameBus based study, then you should follow the procedures detailed in the corresponding extended policy related to that study (see https://blog.gamebus.eu/?page_id=1066).
9. E-Mail and Push Notification Policy
We will communicate with you via e-mails and notifications sent from the GameBus application. For some e-mails, we use a transactional e-mail platform such as MailChimp. In such cases, you can unsubscribe from future e-mails by leveraging the opt-out functionalities of these platforms. If you do not wish to receive notifications on your mobile device, you can turn it off by not allowing notifications from GameBus in the settings of your device. You can also use our built-in app functionality to disable notifications (in the profile settings section of the app).
If you have any complains about how your personal data are processed by GameBus, you can do so by contacting us at firstname.lastname@example.org or email@example.com. You also have the right to issue a complaint through a supervisory authority such as the Dutch AP.
11. Updates of the Policy