Privacy policy website/web application
1. Data protection
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection information.
This data protection notice applies to the processing of personal data by us on our website (“Website”) as well as for our web application (hereinafter referred to as “Web Application” or “Application”). They explain the type, purpose and scope of data processing within the framework of the website and the web application.
We would like to point out that data transmission over the Internet may have security gaps. It is not possible to completely protect data from access by third parties.
2. Controller
“Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Controller:
Dr. Christian Rauda
Jungfrauenthal 8
20149 Hamburg
Email: rauda@graef.eu
Phone: +49 40 80600090
3. General information on data processing
a. Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide our Applications, our content and our services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
b. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
c. Data deletion and storage period
The personal data of the user will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
4. Provision of the website and creation of log files
Whenever our Website (including the Application) is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected for a limited time:
IP address of the user
Date and time of access
The data is stored in the log files of our system. This data is only needed for the analysis of possible errors and will be deleted within 30 days after the end of an event at the latest. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. The temporary storage of the IP address by the system is necessary to enable the Website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context and no conclusions are drawn about your person. The collection of data for the provision of the Website and the storage of the data in log files is absolutely necessary for the operation of the Website. Consequently, there is no possibility of objection on the part of the user.
5. Data processing while using web-application
When you use our Application, the following personal data is collected from you:
– User ID
– user name
– e-mail address
– Password (bcrypt hash)
Optionally (if specified by the user), we also record
– Company
– Job Title
– Country
– City
– Profile Picture
– Avatar customization (e.g. head, color)
We also process the following technical data:
– IP addresses
– Browser type and version
– Operating system used
– Referrer URL
– Hostname of the accessing computer
– Time of the server request
– metadata
– Device IDs
– Login information for third-party services
– Language settings
– Installed App Version
The processing of this data is carried out for the purpose of implementing the contract of use between us and you (Art. 6 para. 1 p. 1 lit. b GDPR). This data will be deleted within 30 days after the end of an event at the latest. If there are mandatory statutory retention periods, however, the data in question will only be deleted after the statutory periods have expired (e.g. tax retention period for invoice data).
6. Contact
You can contact us during an event e-mail. Your details from the inquiry, including the contact details you provide there, will be stored by us solely for the purpose of processing the inquiry and in the event of follow-up questions. The data will not be passed on to third parties in this context.
The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. Our interest in answering your inquiry outweighs your interest; since you are writing to us, an answer is also in your interest and you are aware that we must process your data in order to answer your inquiry.
If the e-mail contact aims at the conclusion of a contract, the legal basis for processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
7. Use of cookies
We use so-called session or flash cookies on our Website and in our Application. Cookies are text files that are stored in or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified the next time the website is accessed. Some functions of our Website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected with technically necessary cookies is not used to determine the identity of the user or to create user profiles. The legal basis for the processing of personal data by means of technically necessary cookies is Art. 6 para. 1 lit. f) GDPR.
We use these technically necessary cookies:
- Name of the cookie: cookie-consent
- Recipient (of the data passed on by the cookie): online.gamesconference.com
- Purpose of the cookie: Ensures that the cookie settings are saved
- Storage period of the cookie: session
8. Analysis tools and third-party cookies
If you access our services, your behavior can be statistically evaluated with the help of certain analysis tools and analyzed for advertising and market research purposes or to improve our services. When using such tools, we ensure that the legal regulations are observed. When using external service providers, we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
We use the following tools to analyze user behavior:
a. Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and which enable an analysis of your use of the application. The information generated by a cookie about your use of this application is usually transferred to a Google server in the USA and stored there. Google has concluded EU standard contract clauses with its group companies in the USA and thus offers sufficient guarantees for appropriate data protection within the meaning of Art. 46 GDPR.
The Application uses the “demographic characteristics” feature of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of site visitors. This data is derived from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can disable this feature at any time in the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the “Opting out of data collection” section.
Google processes the following cookies:
- Name of the cookie: _ga
- Recipient (of the data passed on by the cookie): Google Analytics
- Purpose of the cookie: Registers a unique ID that is used to generate statistical information about how the visitor uses the site.
- Storage period of the cookie: 2 years
- Name of the cookie: _gid
- Recipient (of the data passed on by the cookie): Google Analytics
- Purpose of the cookie: Registers a unique ID that is used to generate statistical information about how the visitor uses the site.
- Storage period of the cookie: 24 hours
- Name of the cookie: gat
- Recipient (of the data passed on by the cookie): Google Analytics
- Purpose of the cookie: Used by Google Analytics to reduce the number of requests.
- Storage duration of the cookie: session
- Name of the cookie: r/collect
- Recipient (of the data passed on by the cookie): doubleclick.net
- Purpose of the cookie: Used to send data about the visitor’s device and behavior to Google Analytics. Tracks the visitor across devices and marketing channels.
- Storage duration of the cookie: session
The storage of Google Analytics cookies and the use of this analysis tool is based on your consent (e.g. consent to the storage of cookies; Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time by leaving the Game. The legality of the data processing procedures already carried out remains unaffected by the revocation.
We have activated the function IP-anonymization. As a result, your IP address will be shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the application, to compile reports on the application activities and to provide further services to the operator in connection with the use of the application and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of the application to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the application (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
User and event-level data stored at Google that is linked to cookies, usage IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. You can see the details of this under the following link: https://support.google.com/analytics/answer/7667196?hl=de
b. Games Analytics
Our website uses functions of the game analysis service GameAnalytics. The provider is GameAnalytics Ltd., Hardwick Street, London Ec1R 4RB (“GameAnalytics”).
GameAnalytics may collect the following information from your devices: IP address, device events, hardware settings, browser type, browser language, the date and time of request and referral URL. This information is used by us to analyze and improve the gameplay. This legitimate interest justifies the use of data; Art. 6 para. 1 lit. f GDPR.
The information may be transferred to a server of a service provider located in the USA. GameAnalytics has concluded EU standard contract clauses with its service providers and thus offers sufficient guarantees for appropriate data protection within the meaning of Art. 46 GDPR.
You can at any time request GameAnalytics to cease the collection and processing of data, see Clause 6.1 of the privacy policy of GameAnalytics on how to do this https://gameanalytics.com/privacy/, where you will also find more information about data processing at GameAnalytics.
9. Embedded Links
a) Imgur
We include videos from Imgur. Imgur is a service of Imgur, Inc. 600 California Street, 11th floor, San Francisco, Ca 94108, USA.
When you use the Imgur plugin (e.g. to play a video embedded in our website), personal information about you (e.g. your IP address) is sent to Imgur, Inc. It is in our legitimate interest to create a Website that provides easily accessible and visually appealing video content, and to enable the processing that Imgur, Inc. requires to provide such service to us. The legal basis for the processing of data based on this legitimate interest is Art. 6 para. 1 letter f) GDPR.
For further details, in particular the scope of processing, recipients and storage period, we refer to the Privacy Policy of Imgur, Inc.: https://imgur.com/privacy
b) YouTube
Our Website incorporates videos from YouTube. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Once you launch a YouTube video through the Website, a connection is established to the YouTube servers. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to the Website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your terminal device until you delete them. The information generated by a cookie about the use of the website by the user is usually transferred to a server of Google LLC in the USA and stored there. Google processes the data in the USA on the basis of EU standard contract clauses and thus offers sufficient guarantees within the meaning of Art. 46 para. 1, para. 2 lit. c) GDPR.
YouTube/Google processes the following cookies:
- Name of the VISITOR_INFO1_LIVE
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Tries to estimate the users’ bandwidth on pages with integrated YouTube videos.
- Storage period of the cookie: 179 days
- Name of the YSC
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
- Storage period of the cookie: Session
- Name of the yt.innertube::nextId [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Recipient (of the data passed on by the cookie): Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
- Storage duration of the cookie: persistent
- Name of the yt.innertube: requests [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Recipient (of the data passed on by the cookie): Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
- Storage duration of the cookie: persistent
- Name of the cookie: yt.innertube: yt-remote-cast-installed [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Stores the user’s video player preferences using embedded YouTube video
- Storage duration of the cookie: session
- Name of the cookie: yt-remote-connected-devices [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Stores the user’s video player preferences using embedded YouTube video
- Storage duration of the cookie: persistent
- Name of the cookie: yt-remote-device-id [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Stores the user’s video player preferences using embedded YouTube video
- Storage duration of the cookie: persistent
- Name of the cookie: yt-remote-fast-check-period [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Stores the user’s video player preferences using embedded YouTube video
- Storage duration of the cookie: session
- Name of the cookie: yt-remote-session-app [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Stores the user’s video player preferences using embedded YouTube video
- Storage duration of the cookie: session
- Name of the cookie: yt-remote-session-name [x2]
- Recipient (of the data passed on by the cookie): Youtube
- Purpose of the cookie: Stores the user’s video player preferences using embedded YouTube video
- Storage duration of the cookie: session
It is in our legitimate interest to create a Website that provides easily accessible and visually appealing video content, and to enable the processing that YouTube requires to provide such service to us. The legal basis for the processing of data based on this legitimate interest is Art. 6 para. 1 letter f) GDPR.
After the start of a YouTube video, it is possible that further data processing processes may be triggered, over which we have no influence. The use of YouTube is based on your consent to YouTube (e.g. consent to the storage of cookies), Art. 6 para. 1 lit. a GDPR. Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de
10. Videocall
We embed our video calls to matchmaking and open video call tables using Agora. Agora is a service provided by Agora Lab, Inc. 2804 Mission College Blvd, Suite 110, Santa Clara, CA 95054, United States.
When using the Agora plugin (e.g., to participate in match making video calls in the X5 Framework), you provide us with information such as your device information, including model, manufacturer and brand (but specifically excluding IMEI or device UUID), user ID, channel mode, SDK version, network type, App ID, call detail record, general call information (including timestamp and duration of the call), quality of services information (including network quality metrics), quality of experience information (including video and audio resolution), device status changes and device runtime metrics (including CPU usage).
It is in our legitimate interest to create a Website that provides easily accessible and visually appealing video calls, and to enable the processing that Agora requires to provide such service to us. The legal basis for the processing of data based on this legitimate interest is Art. 6 para. 1 letter f) GDPR.
Data transfers to the United States will be made pursuant to the EU-Standard Contractual Clauses, as updated, amended, replaced or superseded from time to time by the European Commission, the approved version of which in force at present is that set out in the European Commission’s Decision 2004/915/EC of 27 December 2004, available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915
For further details, in particular on the scope of processing, recipients and storage period, please refer to the Privacy Policy of Agora Lab, Inc: https://www.agora.io/en/privacy-policy
11. User Login
Our user login is done through the service of MeetToMatch of MeetToMatch B.V., Europalaan 400, 3526 KS Utrecht, The Netherlands. In this process, the data required for the login (e-mail address and name) are forwarded to MeetToMatch. Additional data can be voluntarily entered at MeetToMatch, which MeetToMatch can forward to us.
It is in our legitimate interest to easily login and access our services, and to enable the processing that MeetToMatch requires to provide such service to us. The legal basis for the processing of data based on this legitimate interest is Art. 6 para. 1 letter f) GDPR.
For further details, in particular on the scope of processing, recipients and storage period, please refer to MeetToMatch’s privacy policy: https://www.meettomatch.com/terms-and-use-privacy-eng/
12. Rights of the data subject
If your personal information is processed, you have the following rights.
a) Right of access
You have the right to obtain from us confirmation as to whether or not personal information concerning you are being processed, and, where that is the case, access to the personal data and the following information:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal information or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from you, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
b) Right of rectification
You have the right to obtain from us within undue delay the rectification of inaccurate or incomplete personal information. Taking into account the purposes of the processing, you shall have the right to have incomplete personal information completed, including by means of providing a supplementary statement.
c) Right to restriction of processing
You shall have the right to obtain from us restriction of processing where one of the following applies:
(1) the accuracy of the personal data is contested by yourself, for a period enabling us to verify the accuracy of the personal data;
(2) the processing is unlawful and the data subject opposes the erasure of the personal information and requests the restriction of their use instead;
(3) we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(4) You have objected to processing pursuant to Art. 21 para. 1 pending the verification whether the legitimate grounds override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing pursuant to the above, you shall be informed by us before the restriction of processing is lifted.
d) Right to erasure (‘right to be forgotten’)
You shall have the right to obtain from us the erasure of personal information concerning without undue delay and we shall have the obligation to erase personal information without undue delay where one of the following grounds applies:
(1) the personal information is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to Art. 6 para.1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para 2 GDPR;
(4) the personal information has been unlawfully processed;
(5) the personal information has to be erased for compliance with a legal obligation in the European Union
(6) the personal information has been collected in relation to the offer of information society services referred to in Article 8 para.1.
Where we have made the personal information public and is obliged pursuant to the above to erase the personal information, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by the European Union or for the performance of a task carried out in the public interest
(3) for reasons of public interest relating to public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the DPA;
(4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to make it impossible or seriously impede the attainment of the objectives of such processing, or
(3) for the establishment, exercise or defence of legal claims.
e) Notification regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing carried to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it.
f) Right to data portability
You have the right to receive the personal information, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal information have been provided, where:
(1) the processing is based on consent pursuant to Art. 6 para 1 lit. a or Art. 6 para 1 lit. b or Art. 2 para 2 lit. a
(2) the processing is carried out by automated means.
The right shall not adversely affect the rights and freedoms of others.
In exercising your right to data portability you shall have the right to have the personal information transmitted directly from one controller to another, where technically feasible.
The exercise of this right shall be without prejudice to the right of erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 para. 1 lit e) or lit. f). We shall no longer process the personal information unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal information is processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal information shall no longer be processed for such purposes.
At the latest at the time of the first communication with you, the right referred to above shall be explicitly brought to your attention shall be presented clearly and separately from any other information.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise his or her right to object by automated means using technical specifications.
h) Right to revoke the declaration of consent
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
i) Automated individual decision-making
The you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you
This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and us
(2) is authorised by European Union law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
We shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express our point of view and to contest the decision.
Decisions shall not be based on special categories of personal data referred to in unless Art. 9 para.2 lit. a) or lit g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
j) Right of complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the European Member State where you reside, work or suspect of infringement, if you believe that the processing of personal information concerning you is not in compliance with GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Stand: März 2021