Privacy Policy

1. About the Operator

The controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data in connection with the website and the game “Funfair Tycoon” is:

Benedict Sobotta
Am Nordbahnhof 2B
85049 Ingolstadt
Germany

Email: via the email address provided in the legal notice (Imprint)

The Operator is a sole proprietor based in Germany.

A data protection officer has not been appointed, as there is no legal obligation to do so.


2. Subject of this Privacy Policy and general information

2.1 This Privacy Policy provides information about the processing of personal data in connection with the use of the website and the game “Funfair Tycoon”, regardless of whether registration takes place.

2.2 Personal data means any information relating to an identified or identifiable natural person. This includes, in particular, email addresses, IP addresses, usernames, communication content, and usage data.

2.3 Personal data is processed exclusively on the basis of the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).
Depending on the type of use, processing is carried out in particular on the basis of:

  • Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures),
  • Art. 6(1)(f) GDPR (legitimate interest in the secure and functional provision of the game),
  • Art. 6(1)(a) GDPR (consent, e.g. for newsletter distribution),
  • Art. 6(1)(c) GDPR (legal obligations).

2.4 Where external providers are integrated as part of individual services (e.g. payment service providers or email service providers), data processing is carried out either within the framework of data processing agreements pursuant to Art. 28 GDPR or under the independent data protection responsibility of the respective provider.


3. Protection of minors

3.1 The game is generally intended for persons aged 13 and older.

3.2 Persons under the age of 16 may only use the game with the consent of their legal guardians where consent is required for individual processing activities.

3.3 The Operator does not knowingly process personal data of children without the required consent of their legal guardians. If it becomes known that personal data of children has been processed without appropriate authorization, such data will be deleted without undue delay.

3.4 Legal guardians may contact the Operator via the contact details provided in the legal notice (Imprint) with any questions regarding the processing of their child's data.


4. Collected personal data

4.1 Registration and user account

When creating a user account, the following data is processed:

  • Username
  • Email address
  • Password (stored in encrypted form)

This data is processed for the provision of the user account and for the performance of the user agreement.

The legal basis is Art. 6(1)(b) GDPR.


4.2 Guest use

Technical access data is also processed when using the game without registration (see 4.3).


4.3 Server log data

When accessing the website, the following data is automatically processed:

  • IP address
  • Date and time of access
  • Accessed page
  • Browser type and version
  • Operating system
  • Amount of data transferred
  • Any error messages

Processing is carried out to ensure the security, stability, and functionality of the website as well as to prevent misuse and fraud.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest).

Server log data is generally stored only for a short period and deleted no later than 14 days, unless further evaluation is required for security-related reasons.


4.4 In-game data and communication content

In the course of using the game, game progress, game activities, in-game logs, and communication content (e.g. chat messages, private messages, status posts, comments, and forum posts) are processed.

This processing serves to provide game functions, moderation, prevention of misuse and fraud, and the technical stability of the game.

The legal basis is Art. 6(1)(b) GDPR as well as Art. 6(1)(f) GDPR.

Communication content is stored for varying periods depending on the type of content:

  • Private messages are generally stored only for a short period and deleted after several weeks at the latest.
  • Status posts and comments are generally stored for a period of up to six months.
  • Forum posts generally remain visible permanently. Upon deletion of the account, the link between the post and the user account is removed. The user profile is no longer accessible and no personal contact data is displayed.
  • In-game log data is stored for varying periods depending on the purpose, generally between a few weeks and up to a maximum of one year, and is deleted at the latest upon account deletion, unless statutory retention obligations apply.
  • Game-related account data is completely removed upon deletion of the account.

4.5 Payment processing

Paid purchases are processed via external payment providers or platform operators (e.g. payment service providers or app store operators), who are independently responsible under data protection law.

For the purpose of carrying out the purchase, only the data required for processing the transaction is transmitted to the respective provider. This may include in particular:

  • Account or transaction ID
  • Username
  • Email address
  • Information about the purchased service

The legal basis for data transmission is Art. 6(1)(b) GDPR (performance of contract).

Further processing of payment data (e.g. payment information, invoicing, settlement) is carried out exclusively by the respective payment provider or platform operator in accordance with their own privacy policies.

If payment providers or platform operators are located outside the European Union, data may be transferred to a third country. In this case, the transfer takes place on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR.


4.6 Contact

If users contact the Operator (e.g. by email or via a support function), the transmitted data is processed for the purpose of handling the request.

The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.


5. Hosting and technical service providers

5.1 The website, the game, and the integrated forum are operated on servers of Gridscale GmbH, Oskar-Jäger-Straße 173, 50825 Cologne, Germany.

5.2 Gridscale processes personal data within the framework of data processing pursuant to Art. 28 GDPR. The server locations are in Germany.

5.3 Processing is carried out for the purpose of providing and technically securing the game and the website.


6. Use of external services

6.1 PrivateCaptcha

To prevent automated access (e.g. by bots), the service “PrivateCaptcha” is used. The provider is Intmaker OÜ, Estonia.

When integrating the service, technical data such as the IP address and information about the browser used (user agent) are transmitted to PrivateCaptcha’s servers in order to verify the authenticity of a request.

According to the provider, PrivateCaptcha does not use tracking cookies.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in ensuring smooth and abuse-free operation of the game).

Further information on data processing by PrivateCaptcha can be found in the provider’s privacy policy.


6.2 Web analytics with Plausible

For statistical evaluation of website usage, the service “Plausible Analytics” of Plausible Insights OÜ, Estonia, is used.

Plausible operates without the use of cookies or comparable client-side tracking technologies. Processing takes place server-side on the basis of anonymized or aggregated usage data (e.g. pages accessed, referrer, browser used, approximate geographic origin).

According to the provider, no personal user profiles are created.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in analyzing and improving the offering).

Further information on data processing by Plausible can be found in the provider’s privacy policy.


6.3 Email distribution via Brevo

The sending of system and transactional emails (e.g. registration confirmation, password reset, security-related notifications) is carried out via the service “Brevo” (Brevo SAS / Brevo GmbH).

In this context, the email address in particular is processed.

The legal basis is Art. 6(1)(b) GDPR (performance of contract).

Brevo is used as a processor within the meaning of Art. 28 GDPR.

If a newsletter is offered in the future, it will be sent exclusively on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR. Consent can be withdrawn at any time with effect for the future.


7. Cookies and local storage

The website and the game use technically necessary cookies as well as comparable storage technologies (e.g. local storage) to ensure the functionality of the service.

This includes in particular:

  • Login cookies to maintain a session or store login status
  • Language settings
  • Technically required session data

These cookies are necessary for the operation of the website and the game.

The legal basis is Art. 6(1)(f) GDPR in conjunction with Section 25(2) TTDSG (German Telecommunications-Telemedia Data Protection Act).

No tracking or marketing cookies are used.

Users may restrict or disable the setting of cookies via their browser settings. In this case, the functionality of the game may be limited.


8. Storage duration and deletion

Personal data is stored only for as long as necessary for the respective processing purposes.

In addition, transaction or payment confirmation data transmitted by the respective payment provider may be stored for the duration of the user account and beyond within the framework of statutory limitation periods, insofar as this is necessary for documentation, prevention of misuse, or the enforcement or defense of legal claims.

Where no specific storage periods are stated in this Privacy Policy, personal data will be deleted as soon as the purpose of processing ceases to apply and no statutory retention obligations prevent deletion.

Upon deletion of a user account, the associated personal data will generally be removed, unless statutory retention obligations or legitimate interests (e.g. prevention of misuse or enforcement of legal claims) require further storage.

Statutory retention obligations, in particular under tax or commercial law, remain unaffected.


9. Rights of data subjects

Users have the following rights within the framework of the applicable statutory provisions:

  • Right of access to processed personal data (Art. 15 GDPR)
  • Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)
  • Right to erasure of personal data (Art. 17 GDPR), unless statutory retention obligations apply
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR), insofar as processing is based on consent or a contract
  • Right to object to processing of personal data based on Art. 6(1)(f) GDPR (Art. 21 GDPR)

If processing is based on consent, this consent may be withdrawn at any time with effect for the future.

To exercise these rights, users may contact the Operator using the contact details provided in the legal notice (Imprint).

Where technically provided, certain personal data may also be viewed or exported directly within the user account.


10. Right to lodge a complaint with a supervisory authority

Users have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data.

In particular, the supervisory authority of the federal state in which the Operator is based or the supervisory authority at the user’s place of residence is competent.


11. Changes to this Privacy Policy

The Operator reserves the right to amend this Privacy Policy in order to adapt it to changed legal requirements or in the event of changes to the service.

The current version is available on the website.

Users will be informed appropriately of any material changes to data processing.