Important Notice — Legal Validity: This English version is a translation of our German Privacy Policy, provided for convenience only. Only the German version is legally binding. In the event of any discrepancy or differing interpretation between this English translation and the German original, the German version shall prevail.

With this Privacy Policy we wish to inform you about the type, scope and purpose of the processing of personal data (hereafter also referred to as "data"). Personal data means any data with a personal reference to you, e.g. name, address, e-mail address or your usage behaviour. This Privacy Policy applies to all data processing activities carried out by us, both within our core business and for the online media we maintain.

Who is responsible for data processing

The controller responsible for data processing is:

Paintbucket Games UG (haftungsbeschränkt)
Managing Director:
Jörg Friedrich
Sebastian St. Schulz
Normannenstraße 1-2
10367 Berlin
Germany
+4915221371513
info@paintbucket.de
https://paintbucket.de/impressum

We have not appointed a Data Protection Officer, as we are not legally required to do so. For data protection inquiries, please contact us using the details listed above.

Processing of your data within our core business

If you are our customer or business partner or are interested in our services, the type, scope and purpose of the processing of your data is governed by the contractual or pre-contractual relationship existing between us. The data we process includes all data provided by you for the purpose of using contractual or pre-contractual services and which is required to handle your enquiry or the contract concluded between us. Unless stated otherwise in this Privacy Policy, the processing of your data and its transfer to third parties is limited to data necessary and appropriate to answer your enquiries, fulfil the contract between you and us, safeguard our rights, and comply with legal obligations. We will inform you which data is required either before or during data collection. Where we use third-party providers to deliver our services, the privacy notices of those providers apply.

Affected data:

• master data (e.g. names, addresses)
• payment data (e.g. bank details, invoices)
• contact data (e.g. e-mail address, phone number, postal address)
• contract data (e.g. subject matter and duration of contract)

Affected persons: prospective customers, business and contractual partners

Purpose of processing: handling of contractual services, communication and answering contact enquiries, office and organisational procedures

Legal basis: contract performance and pre-contractual measures, Art. 6(1)(b) GDPR; legal obligation, Art. 6(1)(c) GDPR; legitimate interests, Art. 6(1)(f) GDPR

Your rights under the GDPR

Under the GDPR you have the rights set out below, which you may exercise at any time vis-à-vis the controller named in the section "Who is responsible for data processing" above:

• Right of access: you have the right to obtain confirmation as to whether and which data we process about you.
• Right to rectification: you have the right to obtain rectification of inaccurate data and the completion of incomplete data.
• Right to erasure: you have the right to request the erasure of your data.
• Right to restriction: you have the right, in certain cases, to request that we restrict processing of your data.
• Right to data portability: you have the right to request that we transmit your data to you or another controller in a structured, commonly used and machine-readable format.
• Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. The competent authority is that of your usual place of residence, your place of work, or our place of business. For our place of business this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Friedrichstraße 219, 10969 Berlin (https://www.datenschutz-berlin.de/).

Right to withdraw consent

You have the right to withdraw any consent you have given to data processing at any time.

Right to object

You have the right to object at any time to the processing of your data based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. If you exercise your right to object, we ask you to state the grounds. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests and rights.

Notwithstanding the foregoing, you have the right at any time to object to the processing of your personal data for the purposes of advertising and data analysis.

Please direct your objection to the controller's contact address stated above.

No automated decision-making

Automated decision-making within the meaning of Art. 22 GDPR, including profiling, does not take place. Decisions affecting you are always made with human involvement.

When do we erase your data?

We erase your data when we no longer need it or when you instruct us to do so. This means that — unless otherwise stated in the individual data protection notices of this Privacy Policy — we erase your data:

• when the purpose of processing has ceased and the legal basis no longer exists, e.g.
  • after termination of the contractual or membership relationship between us (Art. 6(1)(a) GDPR), or
  • after our legitimate interest in further processing or storage has ceased (Art. 6(1)(f) GDPR);
• when you exercise your right to withdraw consent and no other legal basis under Art. 6(1)(b)–(f) GDPR applies;
• when you exercise your right to object and no compelling legitimate grounds exist that override erasure.

Where we still need to retain (parts of) your data for other purposes — for example, statutory retention obligations (typically 6 years for business correspondence and 10 years for accounting records under German law), or for the assertion, exercise or defence of legal claims arising from contractual relationships (up to four years), or where the data is needed to protect the rights of another natural or legal person — we erase (those parts of) your data only after these periods have expired. Until then, we restrict processing of such data to those purposes (compliance with retention obligations).

Cookies

Our website uses cookies. Cookies are small text files consisting of a series of numbers and letters that are placed and stored on the device you use. Cookies primarily serve to exchange information between the device you use and our website. This includes, among other things, language settings on a website, login status, or the position at which a video was watched.

Two types of cookies are used when visiting our website:

• Temporary cookies (session cookies): these store a so-called session ID with which various requests from your browser can be assigned to a common session. Session cookies are deleted when you log out or close your browser.
• Persistent cookies: these remain stored after you close your browser. As a result, our website recognises your computer when you return. These cookies store, for example, language settings or login information. They can also be used to document and store your browsing behaviour. Such data may be used for statistics, marketing and personalisation purposes.

In addition to the above classification, cookies can also be distinguished by their purpose:

• Necessary cookies: these are cookies that are strictly required to operate our website, e.g. to store login or shopping-cart data for the duration of your session, or cookies set for security reasons.
• Statistics, marketing and personalisation cookies: these are cookies used for analytics or reach measurement. Such "tracking" cookies may store information about search terms entered or the frequency of page views. They may also store an individual user's browsing behaviour (e.g. viewing of certain content, use of features, etc.) in a user profile. Such profiles are used to display content matching potential interests. Where we use services that store cookies for statistics, marketing and personalisation purposes on your device, we inform you separately in the following sections of this Privacy Policy or when obtaining your consent.

Affected data:

• usage data (e.g. access times, pages clicked)
• communication data (e.g. information on the device used, IP address).

Affected persons: users of our online services

Purpose of processing: delivery of our websites, ensuring operation of our websites, improvement of our online offering

Legal basis:
For strictly necessary cookies required for the operation and proper display of our website: § 25(2) No. 2 TDDDG (German Telecommunications-Digital-Services-Data-Protection Act) and our legitimate interest in the secure and functional operation of our website, Art. 6(1)(f) GDPR.
For all cookies that are not strictly necessary (in particular for statistics, marketing and personalisation purposes): your consent pursuant to § 25(1) TDDDG, Art. 6(1)(a) GDPR. We obtain such consent via our cookie banner; you may withdraw your consent at any time via the banner settings.

You may also use your browser's settings to determine whether you accept cookies in general, only after confirmation, or have them automatically deleted when closing the browser. If cookies are fully disabled for our website, not all functions of the website may be fully available.

Consent, Art. 6(1)(a) GDPR
Where, before your visit to our website, we ask your permission to set certain cookies on your device and you consent, that consent is the legal basis. As part of the consent process we inform you about which cookies we set in detail. If you do not give such consent, only the technically necessary cookies required for proper operation and display of our websites in your browser are set. Where you have consented to cookies being set, you may withdraw your consent at any time.

Cookie consent management

To obtain, manage and document your consent for non-necessary cookies and tracking services, we use the open-source tool "Cookie Consent" by Orest Bida. The tool is delivered exclusively from our own servers; no data is transmitted to the software's provider or any other third party.

Cookie Consent stores your consent decision in a strictly necessary cookie (typically cc_cookie) on your device, so that the cookie banner is not shown to you on every page load and your selection can be recorded server-side. Only your selection of cookie categories and a timestamp are stored.

You may withdraw or adjust your consent at any time via the banner settings.

Categories in our cookie banner:

• Strictly necessary cookies (always active, no consent required): storage of your cookie decision itself (Cookie Consent) and error logging (Sentry Error Logging) to ensure the stable and secure operation of our website.
• Functional cookies (only after consent): delivery and playback of embedded videos via Bunny.net.
• Analytics cookies (only after consent): pseudonymous reach measurement via Umami Analytics, and Session Replay for diagnostic purposes (Sentry).

The respective services are activated only after your active consent to the relevant category. Refusal does not impair the basic functions of our website.

Purpose of processing: compliance with the legal obligation to obtain and document consent under the GDPR and § 25 TDDDG

Legal basis: legal obligation, Art. 6(1)(c) GDPR; legitimate interests, Art. 6(1)(f) GDPR

Open-source project: https://cookieconsent.orestbida.com/

Web hosting

To make our website available online, we use a provider on whose servers our website is stored and made accessible (hosting). The provider may process all data transmitted via your browser when using our website. This includes, in particular, your IP address, which the provider needs to deliver our online offering to your browser, as well as all entries you make on our website. In addition, the provider may collect:

• the date and time of access to our website
• time-zone difference from Greenwich Mean Time (GMT)
• access status (HTTP status)
• amount of data transferred
• internet service provider of the requesting system
• browser type and version you use
• operating system you use
• the website from which you came to our website (referrer)
• the pages or sub-pages you visit on our website.

The above data is stored as log files on our provider's servers. This is necessary to ensure the stability and security of the operation of our website.

Affected data:

• content data (e.g. posts, photos, videos)
• usage data (e.g. access times, pages clicked)
• communication data (e.g. information on the device used, IP address)

Affected persons: users of our online presence

Purpose of processing: delivery of our websites, ensuring their operation

Legal basis: legitimate interests, Art. 6(1)(f) GDPR

Web host engaged by us:

Hetzner Online

Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Website: https://www.hetzner.de/
Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz
Data Processing Agreement (DPA): https://www.hetzner.com/AV/AV_de.pdf

A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner Online GmbH. Data processing takes place exclusively in data centres within the EU.

Content Delivery Network and video streaming

We use a Content Delivery Network (CDN) to deliver our websites and embedded video content. A CDN is a network of regionally distributed servers connected via the internet. The CDN provides scalable storage and delivery capacity. This optimises the loading times of our websites and ensures optimal data throughput even during high-load peaks. User requests to our websites and the streaming of embedded videos are routed through CDN servers. Statistics are generated from these data streams to detect potential threats from malware at an early stage and to continuously improve our offering and make our websites more user-friendly. Within the scope of delivery, technically necessary cookies (e.g. for video playback control or load balancing) may be set.

Because CDNs deliver content via globally distributed edge servers, technical reasons may cause data transfers to countries outside the EU/EEA. For such third-country transfers, EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are agreed with the respective provider as appropriate safeguards. Details of the provider used are given below.

Affected data:

• usage data (e.g. access times, pages clicked)
• communication data (e.g. information on the device used, IP address)

Purpose of processing: technical optimisation of our online presence, analysis of errors and user behaviour; delivery of embedded videos after consent

Legal basis:
For the delivery of our websites and their technically necessary components: § 25(2) No. 2 TDDDG and our legitimate interest in the secure and performant operation of the website, Art. 6(1)(f) GDPR.
For the delivery and playback of embedded videos: exclusively your consent pursuant to § 25(1) TDDDG, Art. 6(1)(a) GDPR. Video content is loaded and played only after your active consent via our cookie banner.

CDN providers used:

Bunny.net (CDN and video streaming)

Service provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 4290 Tržič, Slovenia
Website: https://bunny.net/
Privacy policy: https://bunny.net/privacy
Data Processing Agreement (DPA): https://bunny.net/dpa

Bunny.net is operated by a provider based in the European Union (Slovenia). A data processing agreement pursuant to Art. 28 GDPR is in place with BunnyWay d.o.o. Data processing takes place within an edge network of our choice; depending on the region, processing may also occur outside the EU/EEA for technical reasons. For such third-country transfers, the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are incorporated as appropriate safeguards in the DPA concluded with BunnyWay.

Contacting us

If you contact us by e-mail, social media, telephone, fax, post or any other means and provide us with personal data such as your name, telephone number or e-mail address, or other information about yourself or your enquiry, we process this data to respond to your enquiry within the scope of the pre-contractual or contractual relationship existing between us.

Affected data:

• master data (e.g. names, addresses)
• contact data (e.g. e-mail address, phone number, postal address)
• content data (texts, photos, videos)
• contract data (e.g. subject matter and duration of contract)

Affected persons: prospective customers, customers, business and contractual partners

Purpose of processing: communication and answering of contact enquiries, office and organisational procedures

Legal basis: contract performance and pre-contractual measures, Art. 6(1)(b) GDPR; legitimate interests, Art. 6(1)(f) GDPR

Job applications

If you apply for an advertised position or send us a speculative application, we process the data submitted as part of your application for the purpose of conducting the application procedure and deciding on the possible establishment of an employment relationship. We accept applications exclusively by e-mail.

We ask you to refrain from including special categories of personal data (Art. 9(1) GDPR) — such as health, religion, severe disability or ethnic origin — in your application unless they are required for the position advertised. Where you nevertheless voluntarily provide such information, we process it on the basis of Art. 9(2)(b) GDPR in conjunction with § 26(3) of the German Federal Data Protection Act (BDSG).

Affected data:

• master data (e.g. name, address, date of birth)
• contact data (e.g. e-mail address, phone number)
• application documents (cover letter, CV, certificates, work samples/portfolio)
• any other information you voluntarily provide as part of your application

Affected persons: applicants

Purpose of processing: conducting the application procedure, deciding on the establishment of an employment relationship

Legal basis: § 26(1) BDSG in conjunction with Art. 6(1)(b) GDPR (initiation of an employment relationship); for special categories of personal data, Art. 9(2)(b) GDPR in conjunction with § 26(3) BDSG; otherwise legitimate interests, Art. 6(1)(f) GDPR (defence against possible claims under the German General Equal Treatment Act, AGG)

Recipients: within our company, only persons involved in the application process have access to your application data. No transfer to third parties takes place.

Storage period: in case of rejection, we erase your application documents at the latest 6 months after completion of the application procedure. This period takes account of the two-month limitation period under § 15(4) AGG plus a reasonable buffer for defence against possible claims. Longer storage takes place only if you have expressly consented (e.g. for inclusion in a talent pool for future positions) or if statutory retention obligations preclude erasure. In case of hiring, your application documents are transferred to your personnel file.

Withdrawal: you may withdraw your application at any time. Please contact us using the details listed under "Who is responsible for data processing".

Newsletter

We send a newsletter at regular intervals to inform our customers, business partners and prospective customers about our offers and related news. You have the option of subscribing to our newsletter on our website and consenting to its receipt as part of subscription. When subscribing, you must provide your e-mail address. We store the e-mail address to send you the newsletter. Once you subscribe, you receive a confirmation e-mail to the address you provided as part of a so-called double opt-in procedure. This e-mail contains a link. By clicking it, you confirm that you wish to receive the newsletter. This ensures that your e-mail address has not been misused by a third party at sign-up. For the same reason, we store the date and time of subscription and the IP address assigned to you at the time. We do not pass on the above data to third parties.

Analysis of user behaviour

If you have consented, we evaluate your user behaviour when sending the newsletter. To this end, our newsletter contains tracking pixels and tracking links. These allow us to recognise whether and when you opened the newsletter and whether and which links in the newsletter you clicked.

Purpose: we evaluate the newsletter as described in order to measure its success or failure statistically.

Legal basis: the legal basis for processing is Art. 6(1)(a) GDPR.

Prevention: you may withdraw your consent to receive the newsletter at any time using the options indicated above.

Erasure: we erase your data after withdrawal.

Affected data:

• content data (e.g. posts, photos, videos)
• usage data (e.g. access times, pages clicked)
• communication data (e.g. information on the device used, IP address)

Affected persons: users of our online presence

Purpose of processing: sending of editorial newsletters with information on our offers, products and news; direct advertising; customer retention and information

Legal basis: consent, Art. 6(1)(a) GDPR; for tracking, exclusively consent, Art. 6(1)(a) GDPR

Erasure: we erase your e-mail address either if you have not clicked the confirmation link in the double opt-in procedure within 1 month after the confirmation e-mail was sent, or immediately after you unsubscribe from our newsletter.

Withdrawal: you may withdraw your consent to receive the newsletter at any time and unsubscribe. We offer the following ways to declare withdrawal:

• Click on the link provided for this purpose in the newsletter

Mailchimp

Service provider: The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
Parent company: Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA
Website: https://mailchimp.com
Privacy policy: https://www.intuit.com/privacy/statement/

Mailchimp processes data in the USA. Mailchimp is certified under the EU-US Data Privacy Framework (DPF); in addition, EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR are used with Mailchimp as appropriate safeguards for the third-country transfer. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with Mailchimp.

Web analytics and statistics

To capture and statistically evaluate visitor flows on our online presence, we use web analytics services. Such services collect, among other things, data on which website you came from to our online presence (so-called referrer), which pages of our online presence you accessed, how long you visited our pages, and what interactions you carried out there. They also collect data on your browser, computer system and device type. In addition, demographic information such as age or gender may be recorded as pseudonymous values. If you have consented to the collection of your location data, this may also be processed depending on the provider.

The analytics service we use works pseudonymously and refrains from storing personal identifiers such as names or e-mail addresses. IP addresses are not stored in clear text. Neither we nor the service used know the identity of visitors to our websites. Configuration details (e.g. cookie use, location of data processing) for the respective service are set out below.

Affected data:

• usage data (e.g. access times, pages clicked)
• communication data (e.g. information on the device used, IP address).

Affected persons: users of our online services

Purpose of processing: reach measurement, analysis of use of our website to improve content and functions

Legal basis: where we have asked for your consent before using the respective service, your consent is the legal basis, Art. 6(1)(a) GDPR. Otherwise we use the respective service on the basis of our legitimate interests in analysing visitor flows in order to continually improve functions, offerings and the user experience, Art. 6(1)(f) GDPR.

We use the following web analytics services:

Umami Analytics (self-hosted)

Open-source project: https://umami.is/

We use Umami as a self-hosted web analytics solution exclusively on our own servers. The data collected with Umami is not transmitted to third parties or to the software's provider but remains entirely on our servers. By default, Umami works cookie-free and refrains from personal identifiers; IP addresses are not stored in clear text but are immediately processed into a non-reversible daily hash.

Umami is used exclusively after your prior consent via our cookie banner. Legal basis: your consent pursuant to § 25(1) TDDDG, Art. 6(1)(a) GDPR. You may withdraw your consent at any time via the cookie-banner settings.

Error logging and Session Replay

To detect, reproduce and remedy technical errors and to ensure stable operation of our website, we use Sentry — both for error logging and for Session Replay (recording of anonymised page interactions in the error context). Sentry is operated by us exclusively self-hosted on our own servers; the data collected is not transmitted to the original provider (Functional Software, Inc.) or to any other third party.

Processing takes place exclusively for diagnostic and stability purposes, not for marketing or profiling.

Data collected:

• browser and device information (browser type, operating system, screen resolution)
• URL accessed and referrer
• IP address (truncated or deleted immediately after diagnosis)
• error stack trace and technical diagnostic data
• for Session Replay: masked playback of mouse movements, clicks, scroll behaviour and DOM changes in the error context

Form inputs and potentially sensitive content are automatically masked before storage (Privacy by Default). The data is not intended to identify individual users.

Affected persons: users of our online services

Purpose of processing: detection and remediation of technical errors, ensuring error-free and secure operation of our website

Legal basis:
For pure error logging without Session Replay: legitimate interest in the stable and secure operation of our website, Art. 6(1)(f) GDPR.
For Session Replay (recording of page interactions in the error context): exclusively your consent pursuant to § 25(1) TDDDG, Art. 6(1)(a) GDPR. Session Replay is activated only after your active consent via our cookie banner; you may withdraw your consent at any time via the banner settings.

Open-source project: https://sentry.io/

Our presences on social networks

We maintain online presences on the social networks listed below. When you visit one of these presences, the respective provider collects and processes the data set out below. As a rule, this data is collected for advertising and market-research purposes and is used to create usage profiles. Data may be stored in usage profiles regardless of the device you use, especially if you are a member of the respective platform and logged in. Providers may use these usage profiles to display interest-based advertising. You have the right to object to the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in there when visiting our website, the provider may collect data about your usage behaviour on our website. To prevent your data from being linked, you can log out of the provider's service before visiting our site.

For the purpose and scope of data collection by the providers, please refer to their respective privacy policies set out below.

Please note that, depending on the provider's place of business, data collected via its platform may be transferred to and processed outside the European Union. In such cases, there is a risk that the level of data protection prescribed by the GDPR is not maintained and that the enforcement of your rights may be impossible or only possible with difficulty.

Affected data:

• master and contact data (e.g. name, address, phone number, e-mail address)
• content data (e.g. posts, photos, videos)
• usage data (e.g. access times, pages clicked)
• communication data (e.g. information on the device used, IP address).

Purpose of processing: communication and marketing, tracking and analysis of user behaviour

Legal basis: consent, Art. 6(1)(a) GDPR; legitimate interests, Art. 6(1)(f) GDPR

Opt-out options: for the respective opt-out options, please refer to the linked information from the providers below.

We maintain online presences on the following social networks:

Facebook

Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Parent company: Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA
Website: https://www.facebook.com/
Privacy policy: https://www.facebook.com/about/privacy/
Privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram

Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Parent company: Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA
Website: https://www.instagram.com/
Privacy policy: https://privacycenter.instagram.com/policy
Privacy policy for Instagram pages (joint controllership): https://www.facebook.com/legal/terms/information_about_page_insights_data

LinkedIn

Service provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA
Office in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich
Website: https://www.linkedin.com/?trk=nav_logo
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

TikTok

Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Parent company: ByteDance Ltd., P.O. Box 31119 Grand Pavilion, Hibiscus Way, 802 West Bay Road, KY1-1205 Grand Cayman, Cayman Islands
Website: https://www.tiktok.com/de/
Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de
Joint Controller Agreement (Art. 26 GDPR): https://www.tiktok.com/legal/page/global/joint-controller-agreement-add/de

YouTube

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://www.youtube.com/
Privacy policy: https://policies.google.com/privacy

We operate a YouTube channel. When our channel is accessed, user data is transmitted to and processed by Google. Within the channel statistics (YouTube Analytics) we receive aggregated, non-personal evaluations.

Bluesky

Service provider: Bluesky Social, PBC (Public Benefit Corporation), USA
Website: https://bsky.app/
Privacy policy: https://bsky.social/about/support/privacy-policy

Bluesky is based on the open AT Protocol. The content of our profile (posts, likes, follow relationships) is generally publicly accessible and is replicated within the AT network.

Discord

Service provider: Discord Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA
Website: https://discord.com/
Privacy policy: https://discord.com/privacy

We operate our own Discord server (guild) as a community platform. When you join our server, Discord processes your account, connection and usage data in accordance with its privacy policy. As server operator, we have access to content you publicly share (messages in public channels, profile name, avatar) and to moderation-relevant metadata (join times and activity times in our channels).

Discord processes data under its own controllership predominantly in the USA. Discord is certified under the EU-US Data Privacy Framework (DPF). We have not concluded a data processing agreement within the meaning of Art. 28 GDPR with Discord; the processing of account, connection and usage data of server members is carried out by Discord on its own legal basis pursuant to its privacy policy. As server operator, we have no influence over this processing.

Mastodon

Mastodon is a decentralised, federated social network based on the ActivityPub protocol. We operate our profile on the instance mastodon.gamedev.place. Responsible for data processing on this instance is the respective instance operator.

Instance: https://mastodon.gamedev.place/
Privacy notices and legal information of the instance: https://mastodon.gamedev.place/about

Due to the federated structure of the Fediverse, content from our profile and interactions (replies, boosts, follow relationships) may also be transmitted to other Mastodon instances and compatible ActivityPub servers as soon as users of those servers interact with our profile or follow us. We have no influence over this further processing by external instances.

Security measures

We otherwise take technical and organisational security measures in line with the state of the art to comply with data-protection law and to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised third-party access.

Currency and amendment of this Privacy Policy

This Privacy Policy is currently valid and dated April 2026. Due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy.

This Privacy Policy was created with the help of the privacy generator of SOS Recht, a service of Mueller.legal Rechtsanwälte Partnerschaft based in Berlin. Additional template text from eRecht24 was used. Source: https://www.e-recht24.de