GameBus
Social Health Games for the entire family
GameBus

GameBus Privacy Policy

Policy as listed on https://blog.gamebus.eu/?page_id=1066, Version 3.0 (October 13th, 2023). For a changelog, please click the arrow below.

Change log to version 2.4:

  • Restructuring
    • Use of mechanisms to hide/show details;
    • Renaming of section headers according to contemporary norms.
    • Removal of section on developer metadata, as it is covered by the general terms and conditions.
  • Simplification;
  • Refinement of information on data retention period;
  • Clarification of obligations to external (non-TU/e) researchers

Change log to version 2.3:

  • Removed references to native builds (Apple Store, Google Play)
  • Removed mentioning of Actev (as it is a formal part of GameBus)

Change log to version 2.2:

  • Added section 10 to clarify that metadata created by developer accounts is public

Personal Data Controller:

Eindhoven University of Technology (TU/e) is the controller as described in the General Data Protection Regulation for the data processing as described in this Privacy statement. That means that TU/e is responsible for the careful and proper processing of your personal data in relation to the GameBus platform. GameBus can be used by anyone, and thus also by external (non-TU/e) researchers/research institutions for their own, individual research purposes. When this is the case, more information about said party can be found in the corresponding extended privacy statement of that specific study.

  • Company name: Eindhoven University of Technology
  • Corporate identity no: 51278871
  • Address: Groene Loper 3, 5612AE Eindhoven, The Netherlands
  • E-mail: support@gamebus.eu

Data Protection Officer: dataprotectionofficer@tue.nl

1. Purposes of the processing of your personal data

GameBus is a digital platform that encourages and rewards families and friends to stay active socially, mentally and physically in a personalized gaming experience. The platform collects your data to track your progress towards your desirable lifestyle (changes) and to reward you with points that are the basis of a social-ranking system. Furthermore, it leverages your data to apply other behavior change techniques that are constantly evolving by following the scientific state-of-the-art. Finally, GameBus data is used for scientifically advancing the state-of-the-art in the fields of information systems, persuasion strategies and e-Health.

2. What personal data do we collect

To provide you the best service possible, GameBus collects and processes a variety of personal data from you. Some of these you may experience as sensitive and/or find (very) personal in view of the delicate nature of the subject. This concerns the behavioral and health data which are essential to provide the services.

As part of the service, you are continuously requested to provide GameBus with personal data regarding your adherence to various behavioral goals, such as following a specific diet or taking a walk to a location nearby. This type of information is part of the core mechanism of gamification in GameBus. Different types of goals and behaviors are transformed to points at an abstract level, so that users can only see your overall compliance rates, e.g., in a social challenge.

Besides specific behaviors (e.g., walking to a particular location), some goals in GameBus may concern more general goals of improving health status, e.g. to lose a certain amount of weight in a month. Furthermore, GameBus may prompt its users to provide additional self-reported data related to self-esteem, self-regulation and general wellbeing.

The GameBus platform is designed to motivate you to achieve your lifestyle goals, so as a result you are encouraged to provide as much as behavioral and health data as possible. However, how often you provide such data, and what specific goal-related behaviors or health information you are willing to provide are completely up to you.

Besides behavioral and health data, the GameBus platform also processes other types of personal data such as account information, images, message data and usage data. For more details, please click the arrow below.

2.1 Personal data to create an account

When registering a GameBus user account, the following personal information is collected:

  • E-mail address,
  • Password,
  • First name surname.

Remarks about these data types:

  • When supplying an invalid e-mail address, your account will be suspended after a few weeks. E-mail is also the main channel of communication between you and GameBus, for example, to send you links to recover your password.
  • We strongly encourage GameBus users to use a unique password for each online service they use. Furthermore, we recommend using a password manager to help users in generating strong passwords without making it complicated to memorize them.
  • We do not force our users to use their real name. However, GameBus users can only find each other well using name search functionalities when names are used that are known to other users.

2.2 Behavioral and health data that are essential to the services

As part of the service, you are continuously requested to provide GameBus with personal data regarding your compliance (or the lack of compliance) to various behavioral goals, such as following a specific diet or taking a walk to a location nearby. This type of information is part of the core mechanism of gamification in GameBus. Note that the specific behaviors you performed are only known to GameBus, but (by default) NOT to other users. Different types of goals and behaviors are transformed to points at an abstract level, so that users can only see your overall compliance rates, e.g., in a social challenge. Users who join a GameBus challenge together (via groups/teams, called “circles” in the following) can see when their circle peers have scored points, along with the name of the game rule associated with those points.

Besides specific behaviors (e.g., walking to a particular location), some goals in GameBus may concern more general goals of improving health status, e.g., to lose a certain amount of weight in a month. Furthermore, GameBus may prompt its users to provide additional self-reported data related to self-esteem, self-regulation and general wellbeing. All such data is handled in the same way as the behavioral data.

It is the responsibility of each GameBus user to be aware of which circles are in which GameBus challenges, and which circle members can therefore see information related to the points scored for such challenges.

2.3 Images

Specific challenges can involve sharing uploaded images with the challenge sponsor or with the general public. In such cases, the challenge description will clarify that and when joining such a challenge, users explicitly provide their consent. The primary purpose of sharing pictures is to facilitate the promotion of GameBus in order to stimulate its uptake. Users can also upload a GameBus profile picture and an administrator of a GameBus circles (called a “team leader” in the following) can upload a picture for the circle they manage. Images uploaded for user profiles or for circle profiles are visible to the general public.

2.4 Message data

As a social gamification system, GameBus also allows you to send messages to and receive messages from other users. These conversation data are thus collected and stored on the GameBus servers. GameBus personnel adheres to a policy of not checking individual messages. However, all GameBus data, including any type of message is input to research efforts aimed at understanding which user characteristics influence user engagement and health related behaviors. In any case, message data will not be shared to researchers outside the GameBus core research team.

2.5 Third-party personal data

When connecting a third-party data provider (such as those listed in the following), data will be fetched automatically from third-party servers to those of GameBus:

  • Apple Health, an American app and central repository for health and fitness data on iPhone and Apple Watch (https://www.apple.com/ios/health/).
  • Google Fit, an American health-tracking platform developed by Google for the Android operating system, Wear OS and Apple Inc.’s IOS (https://www.google.com/fit/)
  • Runkeeper, an American app that helps people to track their exercise. This application collects data related to users physical activities (https://runkeeper.com/).
  • Selfcare, a Dutch app that enables users to connect health and tracking devices in order to take charge of their well-being and vitality. This application collects data related to user’s physical activity and performance (http://www.selfcare4me.com/ & https://www.selfcare4me.com/privacy-en-veiligheid/).
  • Fitbit, an American app for the family of wearables from the same named wearable device provider (https://www.fitbit.com/).

The specific type of data that is transferred from these third-party applications to GameBus is shown within the GameBus and the third-party application, on the screens to establish the data integration. This involves, but is not limited to, data that is tracked automatically (e.g., on automatically recorded walks, runs, bike-rides, sleep episodes, etc.).

GameBus users who use such third-party applications agree to the individual terms of use and privacy statements available from the providers of those applications. They also opt-in for data exchange explicitly, giving specific consent to data being shared from the third-party applications to GameBus. Once inside GameBus, the data copies are subject to the GameBus policies. Data within the third-party applications remains subject to their original policies and they are outside the control of GameBus. Specifically, the processes to have data removed from GameBus or the third-party platforms are fully disconnected.

2.6 Usage data

These are data automatically collected by GameBus when you connect your device (usually called `Usage data’). This Usage data (e.g. your IP Address for example) collected through these automatic tracking processes are anonymous and are used in order to improve the Application’s quality only. In addition, they could be used for research and scientific publication purposes. For example, in the EUSFLAT 2019 publication entitled “Application of fuzzy modelling to learn personal preferences of mHealth users: a case study”, GameBus researchers have analyzed the relationship between page visits in GameBus and user personality types. The purpose of that study was consistent with the GameBus mission, by aiming to develop more effective health promotion support via personalization.

Please note that the Application will not implement or allow third-party companies to implement automatic tracking processes for other purposes than those explained in this Privacy Policy, without your prior consent.

2.7 Cookies

Cookies are small text files that are created by the websites you visit and may contain information about you as a visitor. These text files are stored on your computer and they often make later visits to the same websites more convenient, for example, by remembering your username and password for you automatically. The GameBus website uses cookies for improving the user experience and for targeting marketing campaigns and offers to our users. Both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for a set period of time or until you delete them) are used.

When you visit the GameBus website using a computer/phone or a web browser for the first time, a pop-up screen will instruct you to read the information about cookies and to choose to accept or reject the use of cookies. You can also modify your choice later by changing the relevant settings of your web browser. You can delete the cookies that have been stored on your computer in the past. In case you choose not to accept cookies, the GameBus website is still usable, but the functionality may be compromised.

3. Consent and legal ground

The legal basis for all data collection by GameBus is that its users opt in and give informed consent explicitly. Furthermore, all GameBus users can opt-out at any time.

TU/e understands the importance of protecting children’s privacy, especially in an online environment. In particular, the default behavior of the GameBus platform is not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16. We urge parents and legal guardians to monitor their children’s use of smartphones and to instruct them not to provide any personal data through GameBus without their permission.

For specific research studies involving children under the age of 16, special data management measures will be put in place. Children and parents/guardians should then have given their explicit additional consent for such studies.

4. Data storage and sharing

The activities you performed are, by default, only known to GameBus and yourself, and, by default, not to other users. However, specific challenges may involve sharing images or other personal activity-related data with other users (such as other challenge participants or the challenge organizer). When participating to a challenge with a GameBus circle, other circle members can see information relating to the points scored for challenges. When providing additional consent, also other activity details may be shared with such circle members.

For more information about the sharing and transfer of your personal data, please click the arrow below.

All personal data are stored at the GameBus server, which is within the European Union. Anonymous data derived from the personal data are shared to the following parties for the purposes of either supporting the operations of GameBus or for scientific research and publications:

4.1 GameBus affiliated research teams

The GameBus core team consists of less than five researchers within TU/e. However, this team collaborates with national and international peers in order to optimize behavior change methods for health and wellbeing. Personal data may be shared with such peers for the purpose of scientific research. Before sharing anonymized data openly to the international research community at large, it may be shared with members of smaller consortia. Such members then help in identifying and remedying potential threats to re-identification.

4.2 Third-parties

GameBus services are executed on private virtual servers owned by Host Europe GmbH in Germany. TU/e has a data processing agreement with Host Europe GmbH that stipulates that certain obligations concerning protection of personal data are respected, thus ensuring that data are processed with due regard for the wishes and standards of TU/e.

5. Security and retention of your personal data

GameBus is committed to the security and integrity of your personal data. We maintain strict security policies to ensure that your data is protected against loss or against any form of unlawful processing.

For more information about the security and retention of your personal data, please click the arrow below.

GameBus holds the security and integrity of your personal data with high regard. In a general way, we commit to carry out technical and organizational means to protect all personal data against illegal or fortuitous destruction, fortuitous loss, alteration, diffusion or unauthorized access. Nevertheless, we shall be required to divulgate any information regarding the user to comply with any applicable law or rules, or to respond to any administrative or judiciary order.

Despite these means, personal data collected by digital systems cannot be 100% secure, and there is always a risk of data loss or unauthorized access to your personal data. You assume this risk when you register as a GameBus user. On the user’s side, we highly recommend you use a strong password to your GameBus account, and to keep the password in a safe place. You are also advised to restrain access to your browsers, computers, and phones. In particular, we strongly discourage users to use GameBus on devices they cannot control fully (e.g., public computers, shared tablets, …).

All personal data within the GameBus platform will be stored in encrypted form for 10 years, starting from the date of collection, for the purpose of scientific research regarding social gamification and its potential for promoting a healthy lifestyle. This is critical for the GameBus user experience since the aim of GameBus is to leverage a user’s longitudinal data set to persuade this user to healthier behavior, or otherwise preserve already good health habits. By preserving the data during this period, we ensure specifically that we can apply newly emerging scientific data analysis and anonymization methods also on older data.

6. Your rights as a data subject

You have the right of access to your personal data and, under certain conditions, rectification and/or erasure of your personal data. Furthermore, in certain cases you also have the right to restriction of processing of your personal data, and the right to data portability.  

If you wish to exercise your right of rectification and/or erasure, please first use the designated app functionalities:

  • Data of individual health activities can be deleted from within the app by (1) clicking the activity details in the app’s Activities section, (2) clicking “Delete Activity” (or the translated variant of that button)
  • Your user account can be de-activated completely by (1) navigating to the profile page in GameBus, clicking “Remove Account” (or the translated variant of that button).

In case you have further requests then please contact us at support@gamebus.eu. Note however that we may ask for additional information to verify your identity when exercising these rights.  

Note that in case you aim to continue using GameBus, yet want to opt out of a specific GameBus based study, then you should follow the procedures detailed in the corresponding extended privacy statement of that study.

7. Updates of the Policy

When necessary, changes can be made to this Privacy Policy. Therefore, we reserve the right to modify this Privacy Policy at any time. Please check the latest version of this Privacy Policy on https://www.gamebus.eu/?page_id=1066. Sometimes when major changes are made, you will be prompted to review the updated Privacy Policy when you open the GameBus application, and only after your acceptance of the updated version, you are allowed to continue using the services. The version number and the date of the latest update can be found at the top of this Privacy Policy.

8. Contact

We have tried to provide all information to you in clear and plain language. If you have any questions concerning our use of your personal data after reading this Privacy Statement, you may contact us via the following methods:   

  • If you have questions about how we process your personal data, please let us know via  support@gamebus.eu. We will be happy to assist you.  
  • If you believe that the processing of your personal data is not in line with the General Data Protection Regulation, for example if you believe we are not processing your personal data with due care, or if your request for access or rectification has not been answered in time, you may lodge a complaint with the Data Protection Officer (hereafter: DPO) via dataprotectionofficer@tue.nl. The DPO serves as the link between TU/e and the Dutch Data Protection Authority. The DPO acts independently and can discuss your complaint or ask for advice from the Data Protection Authority.  

If you do not agree with the handling of your complaint by the DPO, you may lodge a complaint directly to the Data Protection Authority. The Data Protection Authority will handle the complaint or the request and decide upon it.