Privacy Policy

Purpose and subject matter of this Privacy Policy
We maintain this corporate internet page for the purposes of informing visitors about Gameforge AG (‘Gameforge’ or ‘we’) and our company group. When visiting our internet pages, information about you and the hardware you use may be collected and saved to serve a number of purposes.

In this Privacy Policy (‘Privacy Policy’) we wish to provide you with a complete picture of how we use your personal data and what rights you have with regard to this data. This Privacy Policy applies to our corporate internet pages and provides comprehensive information regarding the ways in which we process your data, what we do with your data and the legal basis upon which we do this. Should you visit one of the Gameforge 4D GmbH websites, a different privacy policy applies.

Your rights and our obligations regarding how we deal with your data have a very high priority for us. We only process your data where absolutely necessary, doing so in a secure and responsible manner, with the greatest care and attention to the legal requirements.
1. Details regarding data controller and data protection officer
We want to live up to your trust. You can contact us for any questions, suggestions or complaints you may have regarding the way we handle your data in general, or with regards to this Privacy Policy in particular.
1.1 Data controller
The data controller responsible for processing personal data is Gameforge AG, Albert-Nestler-Strasse 8, 76131 Karlsruhe, Germany. We can be contacted for general enquiries regarding data protection at the address provided, by email at or by fax message at +49 (0)721 354 808 152.
1.2 Data protection officer contact details
You may also contact our data protection officer (Dr. Tobias Gräber, LL.M.) in confidence using the contact details provided above, by email at or by fax message at +49 (0)721 354 808 159.
2. General information regarding data we process and how we collect it
In this section we inform you how we collect your data.
2.1 Legal basis for processing data
We ensure from the moment of collecting your data that this is done in a reliable, transparent and appropriate manner. In judging whether we have the right to collect data, and how this data is to be processed, we orientate ourselves on the requirements of applicable law, in particular on the provisions of the EU General Data Protection Regulation (‘GDPR’), the Data Protection Act of the Federal Republic of Germany and other legal provisions relating to the handling of personal data.
2.2 Data automatically collected by us
By using this internet site, certain system and user-related data will be collected automatically without further user intervention. For example, the general specifications of your internet browser (e.g. type and version), time of access and the related IP address (an individual address associated with your internet connection at this time), as well as system configuration details (e.g. screen resolution and operating system version) are collected and recorded in server logs. As a rule, this information is not used to identify a specific internet user.

The data is processed for the purposes of safeguarding the company’s legitimate interests (GDPR Article 6(1)(f)) to ensure the secure and smooth operation of our internet pages, their optimisation, and for the registration, performance or termination of the user agreement with you (GDPR Article 6(1)(b)).
3. Special details regarding scope and purpose
In this section we explain comprehensively in which specific cases we process your data.

The data is processed directly by Gameforge within the territory of the Federal Republic of Germany. Should in individual cases personal data be processed by a different body, such as a company associated with us or a service provider, potentially in a third country (outside of the European Union or the European Economic Area), this will always proceed within the legal framework and on the basis of a contract with the respective third party which stipulates compliance with all relevant data protection regulations.
3.1 Visiting our website without logging in
Our corporate internet pages can be visited anonymously to learned about Gameforge AG and the Gameforge company group. Registering on the website is only required if you wish to make use of the features of the application portal. Irrespective of this, personal data may be collected and processed by us without registration in the following instances.
3.1.2 Server logs
In using our internet pages, server logs are created which log certain connection and usage activities. For example, page views, times of access, the registration of an applicant account and the IP address allocated to your internet connection are recorded for the purposes of identifying and preventing cyberattacks or attempted manipulation, as well as for statistical analysis and the improvement of our internet pages. Where necessary, other technical details such as the MAC address (the network address of your network adapter) or similar identifying features may be recorded.

This data is processed for in pursuit of our legitimate interests (GDPR Article 6(1)(f)) to ensure the smooth and secure operation of our internet pages, as well as their optimisation (GDPR Article 6(1)(b)).
3.1.3 Downloads
We offer certain download options on our internet pages. For example, you may download the contents of this Privacy Policy or information notices to your hard drive via your browser. For this purpose, a connection is made between your system and our download servers. The time of the download, the file downloaded and your IP address and other hardware specifications may be recorded for technical reasons, and for the purposes of guaranteeing IT security and optimising our internet pages.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) to ensure the smooth and secure operation of our internet pages, as well as their optimisation.
3.2 Communication with Gameforge
We are available for contact for all general questions relating to Gameforge and these internet pages. We are also happy to answer questions relating to this Privacy Policy and data protection at Gameforge. There are a number of ways you can contact us. Certain personal data will be recorded when using one of these channels.

In processing this data, we exercise our legitimate interests for the purposes of remaining in contact with you (GDPR Article 6(1)(f)). In as far as a message aims at the conclusion of a contract between us and the enquiring person, or for clarifying contractual issues, processing this data may serve as the basis for initiating, executing or terminating a corresponding contract (GDPR Article 6(1)(b)). In individual cases this may be necessary to fulfil a legal obligation we are subject to (GDPR Article 6(1)(c)).
3.2.1 Contacting us by email
Email provides a convenient method of contact. We receive the sender’s email address and the contents of the message when an email is sent to us. The sender’s IP address will also be transmitted.
3.2.2 Contacting us by fax
When contacted by fax, we receive the sender’s fax number, in addition to the contents of the message. Should the fax be sent like an email, the details regarding contacting us by email also apply.
3.2.3 Contacting us by post
You can of course also contact us by post. In this case we receive the contents of the message and the postal address provided by the sender.
3.2.4 Contacting us via social networks
We also have a presence on social networks such as Facebook and other external platforms. It is generally possible to contact us via the channels provided on these platforms (e.g. private messages). In so doing we receive the information which is typically visible when using such messages (e.g. the username used on the social network). We recommend that you read the privacy policy and terms of use of the relevant platform before using this contact method.
3.3 Coverage analysis, tracking and analysis
We have no interest in monitoring the surfing behaviour of our page visitors, nor do we track what you do on the internet after visiting these internet pages.

We are however interested in optimising and improving our internet pages to suit our users’ needs. This includes information regarding how these internet pages are used and from which external pages users find their way to us. We also want to learn about which pages are viewed, how often, how long the page takes to display in your browser and how much time is spent viewing a page, so that we can identify errors and further improve our internet pages.

For these purposes we use tools such as Google Analytics described in section 3.3.1 below. Our internet pages also use a variety of cookies for these purposes, explained in more detail in section 3.4 and in our Cookie Policy.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in the optimisation and smooth operation of our internet pages.
3.3.1 Google Analytics
Our internet pages use Google Analytics in various places, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google is certified under the EU-US Privacy Shield Framework and guarantees adherence to European data protection regulations.

Google Analytics uses cookies (see also section 3.4 and our Cookie Policy). The information generated by this cookie about your use of Gameforge’s internet pages is transmitted to Google’s servers in the United States of America and stored there. By activating IP anonymisation on the affected websites, however, your IP address is abbreviated by Google from within the European Union member states or other signatories to the agreement via the European Economic Area. The full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional circumstances.

As part of an agreement on the processing of personal data on behalf of Gameforge, Google may use this information to evaluate your use of our internet pages, to compile reports on the website activities and to provide Gameforge with further services associated with the use of the website and the internet. The IP address transmitted from your browser via Google Analytics will not be associated with any other data held by Google. You may prevent the use of cookies by selecting the appropriate setting in your browser software; however, please note that in this case you may not be able to use all functions of the Gameforge web pages to their full extent (see also section 3.4). You may also prevent the collection and processing of the data generated by the cookie and relating to your use of our internet pages (including your IP address) by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further information regarding how Google uses your data can be found on Google’s internet pages, in particular in their privacy policy (https://policies.google.com/privacy).
3.3.2 Tracking and analysis
In order to provide the optimal user experience on our internet pages, we need to understand how they are used.

As a rule, the relevant information is aggregated so that we can extrapolate results from the collection of individual data points, which in most cases cannot be traced back to individual users. When information is not aggregated, your data is generally processed in a pseudonymised form. 
3.4 Cookies
We use cookies on our internet pages. A cookie banner informs you about our use of cookies when visiting our internet pages, and links to our Cookie Policy which contains further information about our cookies.

Cookies are saved on your system for their respective lifespans when you visit our internet pages in your browser. They are not executable applications and do not contain any elements that can cause damage; instead they hold a sequence of characters relevant to their function. Simply put, cookies are small text files in which information in connection to the opened website is saved.

These enable certain basic features of our internet pages. Cookies allow your browser to be recognised when revisiting the site, for instance, making it easier and more secure to log into an applicant account, and allowing settings you choose, such as the display language or screen size and orientation, to be loaded automatically. Cookies thus help us to present our internet pages to you in a functional and user-friendly format and in a manner that suits your requirements.

Alongside these technically-required and useful functions (necessary cookies and functionality cookies), cookies also enable us to collect and analyse data regarding the use of our internet pages (analysis cookies). This allows us to see how frequently an internet page is visited, how often specific page functions are used, or whether and at what stage errors occur (performance cookies).

Cookies can also be used to deliver interest-targeted advertisements (advertising cookies), however the information associated with Gameforge cookies is generally saved in a pseudonymised form, which prevents us from linking it directly to an individual user without further information.

In addition to our cookies (first-party cookies), cookies from third-party providers (third-party cookies) may also be set. For more information regarding these cookies, we recommend you read the data protection policies of their respective providers.

Cookies will be automatically removed from your system regularly, once you leave Gameforge websites or if you end your session by logging out (session cookies). Some cookies may, however, remain stored on your system. To prevent this, you can change your browser settings to block all cookies, permit only specific cookies, or delete all stored cookies completely when the browser is closed. If you wish to make use of these settings, please follow the respective directions provided by your browser. Please note, however, that for technical reasons visiting the Gameforge websites with such settings may make them partially or wholly inoperable, or otherwise limit the service provided.

In as far as personal data is processed by cookies, this activity is carried out in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in offering and optimising our services.
3.5 Integration of external services and plug-ins
To extend the scope of functions and optimise user comfort in some areas of our internet pages, we use third-party services and related plug-ins which make the selected functions of these services available.

In particular, we have integrated plug-ins that allow videos to be played without you having to leave our internet pages.

By using the corresponding functions you connect to servers of the respective third-party provider. Personal data such as the IP address, the website currently being accessed and the time of use may be transmitted to the third-party provider. We therefore recommend that you read the data protection regulations of the third-party provider carefully before using the respective function.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in providing and optimising our services.
3.6 IT security measures
Guaranteeing the security of our internet pages is an important matter to us at all times. To this end we use standard hardware and software solutions for monitoring the security status of our systems, in order to identify malicious activity such as DDoS attacks, malware or unauthorised login attempts and other attempted manipulation. In addition to such measures, we also review our server and system logs.

Executing these IT security measures constitutes pursuit of our legitimate interests (GDPR Article 6(1)(f)) for the purposes of ensuring the availability of our services and the security and protection of our internet pages.
3.7 Processing for statistical purposes
In certain areas of our internet pages we collect data such as the operating system and version, browser and version, IP address and other system data. We use this information for statistical evaluations, in particular for the purpose of adapting our internet pages to our visitors’ needs. Where possible, the data is anonymised and aggregated; otherwise the data is pseudonymised. None of this information is disclosed to third parties.

We process this information for statistical purposes in line with our legitimate interests (GDPR Article 6(1)(f)) for the optimisation of our services.
3.8 Improving our internet pages
In many cases, personal data is processed for the purposes of improving our internet pages, for identifying and correcting errors, improving security and improving usability.

We do so in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in terms of providing and optimising our services and the security of our internet pages.
3.9 Safeguarding other legal interests
In individual instances, we may process personal data to serve other legal interests, such as in cooperation with relevant authorities, or the enforcement, establishment or defence of legal claims.

We act here in line with our legal obligations (GDPR Article 6(1)(c)) or in line with our legitimate interests (GDPR Article 6(1)(f)) for the enforcement, establishment or defence of legal claims.
3.10 No change of purpose
In order to ensure that the purposes stipulated in this Privacy Policy can be pursued sustainably, we reserve the right to change the way in which data is processed to conform to legal or company requirements, for example by optimising our data processing activities, or implementing new processes. This will always be done with the greatest attention and under strict adherence to the legal provisions. Changes of purpose in the true sense are otherwise not planned.
3.11 Balance of interests
In as far as we process personal data on the legal basis of Article 6(1)(f) of the GDPR, that being in pursuit of our legitimate interests, we firstly determine our interest in processing the data in question. This is then weighed against the expectable interests of the affected persons, taking into consideration the desired purpose, the form of data processing and the associated risks to the rights and freedoms of the affected persons. At the same time we consider whether the technical and organisational measures taken are sufficient to meet the necessary level of protection. We only process data on this basis where this is the case, and the data processed is limited to that which is indeed required.
4. Forwarding and transferring personal data
As a rule, your data is only processed directly by us within the territory of the Federal Republic of Germany, and always for the purposes listed in this Privacy Policy. This section details how and why personal data may in certain instances be forwarded or transferred.
4.1 Reasons for forwarding and transferring personal data
Your data will only be internally forwarded or externally transferred where necessary in achieving one of the aims outlined in this Privacy Policy. Any data forwarded or transferred is limited to the amount absolutely necessary.
4.2 Internal and external recipients of personal data
As a rule, your data is passed on internally to the department responsible for the respective processing, which is then processed only by the employee(s) responsible. Our employees are trained in the field of data protection, are bound by obligations of confidentiality and data privacy, and are committed by company guidelines and instructions to handle your data in accordance with legal requirements and the contents of this Privacy Policy.

For technical, legal or business reasons it may also be necessary in certain cases to pass your data on to third parties. For instance, it may be necessary that we forward your data to a company associated with us as per Section 15 of the German Stock Corporation Act (currently Gameforge 4D GmbH and Palado GmbH, both reachable at the address provided above) for the purposes set forth in this Privacy Policy.

Furthermore, carefully selected service companies make their data centres available to use.

Should it be required by law, we also forward data to the relevant authorities to the extent necessary. In as far as we require external advice from third parties, in particular legal advice, for the purposes of enforcing or defending legal claims, we may also transfer the necessary data to these recipients.

Any transfer is performed exclusively for the purposes detailed in this Privacy Policy with the greatest attention and under strict adherence to the legal provisions, in particular the conclusion of an agreement for processing data by contract as per Article 28(3) sentence 1 of the GDPR.
4.3 Recipients in third countries
Before any personal data is transferred, we check first of all whether the legal requirements for the transfer in question are met. This includes ensuring that we only forward personal data to recipients who can guarantee a sufficiently high level of protection for personal data. For this reason, we only transfer data to recipients in third countries when this level of protection for personal data is provided in the country. This is the case where the European Commission has made a decision confirming the country in question meets the standards of data adequacy. Such a level of data adequacy may also be present when a service provider from the United States of America is certified according to the EU-US Privacy Shield, or the transfer is concluded on the basis of the European Commission’s standard contractual clauses.
5. Data retention
In this section, we explain how long we store the personal data we collect.

We do not retain personal data without purpose. Any data we store is done for a specific purpose and is bound to this purpose. The length of time data is retained is primarily linked to the basic purpose and necessity of storing it. Personal data is therefore only stored in as far as it is required for a specific purpose.

The first thing we check is the minimum necessary period for retention for the specific purposes detailed in this Privacy Policy. If the data need only be saved for technical reasons for a short time (for example, during your current session), this data will only be stored for the period of use and a maximum of 30 days.

Finally, we check whether any legal retention periods apply, particularly in terms of taxation law (Section 147(3) of the Fiscal Code of Germany) or commercial law (Section 257(4) of the German Commercial Code), which may for example require documents to be stored for a period of six to ten years.

If there is no cause to process the data, the data is no longer required for this purpose, and there are no legal requirements to store the data, we delete it.
6. Your rights
In this section we inform you about the rights individuals have in regard to the processing of their data.
6.1 Right of access
You have the right to demand confirmation from us regarding whether we are processing your data. If this is the case, you also have the right to demand comprehensive information, a free copy of the data and more information from us.
6.2 Right to rectification
Should the data relating to your person be incorrect or incomplete, you have the right to demand that the data be corrected or completed.
6.3 Right to erasure
You have the basic right to demand the immediate deletion of your data. Legal reasons may however stand in the way of this, in particular legal data retention requirements. In individual cases your data may also be required for the establishment, exercise or defence of legal claims. In such instances we will process the affected data strictly in accordance with this purpose, followed by immediate deletion as soon as the relevant reasons for retention no longer apply. We will inform you in such instances accordingly.
6.4 Right to restriction of processing
As an alternative to the deletion of your data, you have the basic right to demand restrictions in how we process your data. If you make use of this right, we are essentially restricted to storing the associated data. Processing the data in other ways is only permissible with your consent, or for the purposes of establishing, exercising or defending legal claims, or to protect the rights of other natural persons or legal entities.
6.5 Right to object
On grounds relating to your situation, you have the right to object to the processing of personal data associated with you, in as far as the specific processing is pursuant to our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Should you have and exercise your right to object, we will no longer process the affected data.

In exceptional cases your right to object may not be exercised, where we have a compelling legitimate reason for processing the data which overrides your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. This exception does not apply, however, when you object to the processing of your data for direct marketing purposes, including marketing-related profiling. You may exercise your right to object to these purposes at any time.
6.6 Withdrawal of consent
If we are processing data on the basis of the consent you have provided, you can withdraw your consent effective for the future at any time. We will cease processing your data upon receiving withdrawal of your consent and until such time as your consent has been granted once more.
6.7 Right to data portability
If we are processing your data with your consent, or for the purposes of justifying, executing or terminating a contract with you, you have the right to receive the data you have made available to us. The data is provided in a structured, accessible and machine-readable format. In exercising this right, you also have the right to request that your personal data be transferred directly to another controller, so far as this is technically feasible.
6.8 Right to appeal
You have the right to appeal to a supervisory authority if you believe that your personal data is being processed by us in violation of the legal provisions.
7. Data protection information
In handling personal data, we have made appropriate technical and organisational measures to maintain data security and reduce the risks to the rights and freedoms of the affected persons. This includes limiting the personal data collected and stored to the minimum required, and encrypting it where possible. Finally, all our employees are informed and trained to maintain data confidentiality and privacy obligations. 
9. Version and changes to this Privacy Policy
This Privacy Policy was last updated on 25th May 2018. We reserve the right to change its contents in order to correct mistakes, improve understandability, provide supplemental information, or for legal reasons. In cases where they are adjusted, the principles outlined in this Privacy Policy and the protection of your personal data will be preserved.