Version 2.4 (December 11th, 2025)
- change log to version 2.3: clarified use of synthetic data generation techniques
Contact e-mail: support@gamebus.eu
Introduction
In this Privacy statement, we provide you with information concerning the collection and processing of your personal data by Eindhoven University of Technology (TU/e) in relation to the GameBus digital platform.
We may update this Privacy statement from time to time. The latest changes were made in November 2025.
About TU/e
TU/e is the controller as described in the General Data Protection Regulation for the data processing as described in this Privacy statement. That means that TU/e is responsible for the careful and proper processing of your personal data in relation to the GameBus platform. The TU/e is located at De Groene Loper 3, 5612 AE in Eindhoven.
GameBus can be used by anyone, and thus also by external (non-TU/e) researchers/research institutions for their own, individual research purposes. When this is the case, more information about said party can be found in the corresponding extended privacy statement of that specific study.
Purposes of the processing of your personal data
GameBus is a digital platform that encourages and rewards families and friends to stay active socially, mentally and physically in a personalized gaming experience. The platform collects your data to track your progress towards your desirable lifestyle (changes) and to reward you with points that are the basis of a social-ranking system. Furthermore, it leverages your data to apply other behavior change techniques that are constantly evolving by following the scientific state-of-the-art. Finally, GameBus data is used for scientifically advancing the state-of-the-art in the fields of information systems, persuasion strategies and e-Health.
What personal data do we collect
To provide you the best service possible, GameBus collects and processes a variety of personal data from you. Some of these you may experience as sensitive and/or find (very) personal in view of the delicate nature of the subject. This concerns the behavioral and health data which are essential to provide the services.
As part of the service, you are continuously requested to provide GameBus with personal data regarding your adherence to various behavioral goals, such as following a specific diet or taking a walk to a location nearby. This type of information is part of the core mechanism of gamification in GameBus. Different types of goals and behaviors are transformed to points at an abstract level, so that users can only see your overall compliance rates, e.g., in a social challenge.
Besides specific behaviors (e.g., walking to a particular location), some goals in GameBus may concern more general goals of improving health status, e.g. to lose a certain amount of weight in a month. Furthermore, GameBus may prompt its users to provide additional self-reported data related to self-esteem, self-regulation and general wellbeing.
The GameBus platform is designed to motivate you to achieve your lifestyle goals, so as a result you are encouraged to provide as much as behavioral and health data as possible. However, how often you provide such data, and what specific goal-related behaviors or health information you are willing to provide are completely up to you.
Besides behavioral and health data, the GameBus platform also processes other types of personal data such as account information, images, message data and usage data. For more information about these other types of personal data which we process from you, unfold the below widget:
Personal Data Details
Personal data to create an account
When registering a GameBus user account, the following personal data is collected:
- E-mail name
- Password
- First name and last name.
We do not require a real name; therefore, it is also possible to use a nickname. However, GameBus’ name search function only works well when using names that are known to other users. Because email is the main communication channel between you and GameBus, your account will be suspended for a few weeks when you supply an invalid email address.
Images
Specific challenges can involve sharing uploaded images with the challenge organizer or with the general public. In such cases, the challenge description will clarify that and when joining such a challenge, users explicitly provide their consent. The primary purpose of sharing pictures is to facilitate the promotion of GameBus in order to stimulate its use. Users can also upload a GameBus profile picture and an administrator of a GameBus circle (called a “team leader” in the following) can upload a picture for the circle they manage. Images uploaded for user profiles or for circle profiles are visible to the general public.
Message data
As a social gamification system, GameBus also allows you to send messages to and receive messages from other users. These conversation data are thus collected and stored on the GameBus servers. GameBus personnel adheres to a policy of not checking individual messages. However, all GameBus data, including any type of message is input to research efforts aimed at understanding which user characteristics influence user engagement and health related behaviors. In any case, message data will not be shared to researchers outside the GameBus core research team.
Third-party personal data
When connecting a third-party data provider (such as those listed below), data will be fetched automatically from third-party servers to those of GameBus:
- Apple Health – an American app and central repository for health and fitness data on iPhone and Apple Watch (https://www.apple.com/ios/health/)
- Google Fit – an American health-tracking platform developed by Google for the Android operating system, Wear OS and Apple lnc.’s IOS (https://www.google.com/fit/)
- Runkeeper – an American app that helps people to track their exercise and physical activities (https://runkeeper.com/)
- Selfcare – a Dutch app that enables users to connect health and tracking devices in order to take charge of their wellbeing and vitality (http://www.selfcare4me.com/ & https://www.selfcare4me.com/privacy-en-veiligheid/)
- Fitbit – an American app for the family of Fitbit wearables (https://www.fitbit.com/)
The specific type of data transferred from these third-party applications to GameBus is shown within the GameBus and the respective application, on the screens that requires data integration permission. This involves, but is not limited to, data that is tracked automatically (e.g., automatically recorded walks, runs, bike-rides, sleep episodes, etc.).
GameBus users who use such third-party applications agree to the individual terms of use and privacy statements available from the providers of those applications. They also opt-in for data exchange explicitly, giving specific consent to data being shared from the third-party application(s) to GameBus. Once inside GameBus, the data is subject to the GameBus policies. Data within the third-party applications remains subject to their original policies and are outside the control of GameBus. Specifically, the processes to have data removed from GameBus or the third-party platforms are fully disconnected.
Usage data
These are data automatically collected by GameBus when you connect your device. This Usage data (e.g. your masked IP-address) collected through these automatic tracking processes are anonymous and are used in order to improve the quality of the GameBus platform only. In addition, they could be used for research and scientific publication purposes. For example, in the EUSFLAT 2019 publication entitled “Application of fuzzy modelling to learn personal preferences of mHealth users: a case study”, GameBus researchers have analyzed the relationship between page visits in GameBus and user personality types. The purpose of that study was consistent with the GameBus mission, by aiming to develop more effective health promotion support via personalization.
Please note that GameBus will not implement or allow third-party companies to implement automatic tracking processes (cookies or web beacons) for other purposes than those explained in this Privacy statement, without your prior consent.
Cookies
Cookies are small text files that are created by the websites you visit and may contain information about you as a visitor. These text files are stored on your computer and they often make later visits to the same websites more convenient, for example, by remembering your username and password for you automatically. The GameBus website uses cookies for improving the user experience and for targeting marketing campaigns and offers to our users. Both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for a set period of time or until you delete them) are used.
When you visit the GameBus website using a computer/phone or a web browser for the first time, a pop-up screen will instruct you to read the information about cookies and to choose to accept or reject the use of cookies. You can also modify your choice later by changing the relevant settings of your web browser. You can delete the cookies that have been stored on your computer in the past. In case you choose not to accept cookies, the GameBus website is still usable, but the functionality may be compromised.
Legal basis
We use different legal bases for the data collection within GameBus, depending on the purpose of that data collection.
Contract
To create an account, we need to process your personal data, including your first and last name, email and password. This data is essential for us to process in order to fulfill our contractual obligations with you, which is to provide access to and use of the GameBus platform services as described in our Terms and Conditions. Without this data, we cannot grant you access to the GameBus platform to deliver the services you expect.
Public task
All other data processed within the GameBus platform is used for the purpose of scientific research regarding social gamification and its potential for promoting a healthy lifestyle. GameBus uses data to apply behavior change techniques (which are continually refined based on the latest scientific advancements) to motivate users towards staying active and healthy habits. This research aims to increase society’s knowledge and is considered a public task entrusted to TU/e under the Higher Education and Scientific Research Act (Wet op het Hoger Onderwijs en Wetenschappelijk Onderzoek).
Health data
For processing special categories of personal data, such as the behavioral and health data described above, we need your explicit consent. You can provide your explicit consent on the GameBus registration page.
Personal data of underaged children
TU/e understands the importance of protecting children’s privacy, especially in an online environment. In particular, the default behavior of the GameBus platform is not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16. We urge parents and legal guardians to monitor their children’s use of smartphones and to instruct them not to provide any personal data through GameBus without their permission.
For specific research studies involving children under the age of 16, special data management measures will be put in place. Children and parents/guardians should then have given their explicit additional consent for such studies.
Sharing and transfer of your personal data
Note that the specific behaviors you performed are only known to GameBus, but (by default) not to other users. However, specific challenges may involve sharing images or other personal data with other users (such as other challenge participants or the challenge organizer). When participating to a challenge with a GameBus circle, other circle members can see information relating to the points scored for challenges. When providing additional consent, also other activity details may be shared with such circle members.
For more information about the sharing and transfer of your personal data, unfold the following item:
Data Sharing and Transfer Details
All personal data are stored at the GameBus server, which is within the European Union. Personal data may be shared with the following parties for the purposes of either supporting the operations of GameBus or for scientific research and publications:
Affiliated research teams
The GameBus core team consists of less than five researchers within TU/e. However, this team may collaborate with national and international peers in order to optimize behavior change methods for health and wellbeing. Personal data may be shared with such peers for the purpose of scientific research.
When sharing data openly to the international research community at large, we will always strive to anonymize it. To ensure thorough anonymization, we may collaborate with members of smaller consortia who can assist in identifying and mitigating potential re-identification risks.
Third parties
GameBus services are executed on private virtual servers owned by Host Europe GmbH in Germany. TU/e has a data processing agreement with Host Europe GmbH that stipulates that certain obligations concerning protection of personal data are respected, thus ensuring that data are processed with due regard for the wishes and standards of TU/e.
Security and retention of your personal data
Data Sharing and Transfer Details
All personal data are stored at the GameBus server, which is within the European Union. Personal data may be shared with the following parties for the purposes of either supporting the operations of GameBus or for scientific research and publications:
Affiliated research teams
The GameBus core team consists of less than five researchers within TU/e. However, this team may collaborate with national and international peers in order to optimize behavior change methods for health and wellbeing. Personal data may be shared with such peers for the purpose of scientific research.
When sharing data openly to the international research community at large, we will always strive to anonymize it. To ensure thorough anonymization, we may collaborate with members of smaller consortia who can assist in identifying and mitigating potential re-identification risks.
Third parties
GameBus services are executed on private virtual servers owned by Host Europe GmbH in Germany. TU/e has a data processing agreement with Host Europe GmbH that stipulates that certain obligations concerning protection of personal data are respected, thus ensuring that data are processed with due regard for the wishes and standards of TU/e.
GameBus is committed to the security and integrity of your personal data. We maintain strict security policies to ensure that your data is protected against loss or against any form of unlawful processing.
For more information about the security and retention of your personal data, unfold the following item:
Security and Retention Details
Security
In a general way, we commit to carry out technical and organizational means to protect all personal data against illegal or fortuitous destruction, fortuitous loss, alteration, diffusion or unauthorized access. Nevertheless, we may be required to share any information regarding the user to comply with applicable laws or regulations, or to respond to an administrative or court order.
Despite these means, personal data collected by digital systems cannot be 100% secure, and there is always a risk of data loss or unauthorized access to your personal data. You accept this risk when you register as a GameBus user. On the user’s side, we highly recommend you use a strong password to your GameBus account, and to keep the password in a safe place. You are also advised to restrain access to your browsers, computers, and phones. In particular, we strongly discourage users to use GameBus on devices they cannot control fully (e.g., public computers, shared tablets, …).
Retention period
All personal data within the GameBus platform will be stored in encrypted form for a minimum of 10 years, starting from the date of collection, for the purpose of scientific research regarding social gamification and its potential for promoting a healthy lifestyle. This is critical for the GameBus user experience since the aim of GameBus is to leverage a user’s longitudinal data set to encourage this user to healthier behavior, or otherwise maintain already good health habits.
To further protect privacy, selected datasets may be processed to generate synthetic data. This means that artificial datasets are made that keep the same patterns and relationships as the original data, but do not include personal details that can directly identify someone. The synthetic data is carefully checked for privacy risks to make sure it is safe to use and still useful for research. By combining encrypted storage of original data and the generation of high-quality synthetic datasets, we can apply newly emerging scientific analysis methods to older data while safeguarding participant privacy.
Your rights regarding personal data
Security and Retention Details
Security
In a general way, we commit to carry out technical and organizational means to protect all personal data against illegal or fortuitous destruction, fortuitous loss, alteration, diffusion or unauthorized access. Nevertheless, we may be required to share any information regarding the user to comply with applicable laws or regulations, or to respond to an administrative or court order.
Despite these means, personal data collected by digital systems cannot be 100% secure, and there is always a risk of data loss or unauthorized access to your personal data. You accept this risk when you register as a GameBus user. On the user’s side, we highly recommend you use a strong password to your GameBus account, and to keep the password in a safe place. You are also advised to restrain access to your browsers, computers, and phones. In particular, we strongly discourage users to use GameBus on devices they cannot control fully (e.g., public computers, shared tablets, …).
Retention period
All personal data within the GameBus platform will be stored in encrypted form for a minimum of 10 years, starting from the date of collection, for the purpose of scientific research regarding social gamification and its potential for promoting a healthy lifestyle. This is critical for the GameBus user experience since the aim of GameBus is to leverage a user’s longitudinal data set to encourage this user to healthier behavior, or otherwise maintain already good health habits.
To further protect privacy, selected datasets may be processed to generate synthetic data. This means that artificial datasets are made that keep the same patterns and relationships as the original data, but do not include personal details that can directly identify someone. The synthetic data is carefully checked for privacy risks to make sure it is safe to use and still useful for research. By combining encrypted storage of original data and the generation of high-quality synthetic datasets, we can apply newly emerging scientific analysis methods to older data while safeguarding participant privacy.
You have the right of access to your personal data and, under certain conditions, rectification and/or erasure of your personal data. Furthermore, in certain cases you also have the right to restriction of processing of your personal data, and the right to data portability.
If you wish to exercise your right of rectification and/or erasure, please first use the designated app functionalities:
- Data of individual health activities can be deleted from within the app by (1) clicking the activity details in the app’s Activities section, (2) clicking “Delete Activity” (or the translated variant of that button)
- Your user account can be de-activated completely by (1) navigating to the profile page in GameBus, clicking “Remove Account” (or the translated variant of that button).
In case you have further requests then please contact us at support@gamebus.eu. Note however that we may ask for additional information to verify your identity when exercising these rights.
Note that in case you aim to continue using GameBus, yet want to opt out of a specific GameBus based study, then you should follow the procedures detailed in the corresponding extended privacy statement of that study.
Contact
We have tried to provide all information to you in clear and plain language. If you have any questions concerning our use of your personal data after reading this Privacy Statement, you may contact us via the following methods:
- If you have questions about how we process your personal data, please let us know via support@gamebus.eu. We will be happy to assist you.
- If you believe that the processing of your personal data is not in line with the General Data Protection Regulation, for example if you believe we are not processing your personal data with due care, or if your request for access or rectification has not been answered in time, you may lodge a complaint with the Data Protection Officer (hereafter: DPO) via dataprotectionofficer@tue.nl. The DPO serves as the link between TU/e and the Dutch Data Protection Authority. The DPO acts independently and can discuss your complaint or ask for advice from the Data Protection Authority.
- If you do not agree with the handling of your complaint by the DPO, you may lodge a complaint directly to the Data Protection Authority. The Data Protection Authority will handle the complaint or the request and decide upon it.