1. Controller

The controller responsible for data processing within the meaning of the GDPR is:
John Bernhard
Lausitzer Str. 7
03046 Cottbus
Germany
Email: johnbernhard95@gmail.com

2. Purposes and Legal Bases

We process personal data to provide the platform, to handle orders (creation of a world database) and to communicate with you. The legal bases are Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interest in IT security and fraud prevention) and Art. 6(1)(c) GDPR (legal retention obligations).

3. Categories of Processed Data

• Master data: player name, world and team affiliation
• Usage data: logins, actions within the tools, IP address, browser information
• Payment and transaction data: order number, payment status, payment provider and, where applicable, partial information about the payment method used (token)
• Communication data: content of your inquiries and the contact information you provide

4. Cookies and Local Storage

We use only technically necessary cookies and comparable technologies (for example local storage) to manage sessions and provide security functions. Analytics services or tracking involving personal data are not used.

5. Payment Processing via Stripe and PayPal

To process paid orders, we use the payment service providers Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland, and PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

During a payment, the data required to carry out the transaction (including name, email address, invoice amount, payment information and IP address) is transmitted to the selected payment service provider. Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (fraud prevention).

Stripe and PayPal may transfer data to third countries (especially the USA) to fulfill legal obligations or prevent fraud. Where a transfer to countries without an adequate level of data protection takes place, this is done on the basis of appropriate safeguards, in particular the EU standard contractual clauses pursuant to Art. 46 GDPR. Further information can be found in the providers' privacy notices:

• Stripe privacy policy
• PayPal privacy policy

6. Recipients and Processors

In addition to the payment service providers mentioned above, we use hosting and infrastructure partners that operate our servers and are contractually obliged as processors in accordance with Art. 28 GDPR. Data is disclosed to other third parties only if we are legally required to do so or if you have expressly consented.

7. Storage Period

Technical log data is deleted after no later than 90 days. Payment and transaction data is generally retained for ten years due to commercial and tax law requirements. Support requests are deleted as soon as they are no longer required.

8. Your Rights

You have the right to information, rectification, deletion, restriction of processing, data portability and objection to the processing of your personal data. You can also revoke any consent you have given at any time with effect for the future.

Please send your inquiries to johnbernhard95@gmail.com. You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR).