Privacy Policy

Purpose and subject matter of this Privacy Policy
We maintain this corporate internet page for the purposes of informing visitors about Gameforge AG (‘Gameforge’ or ‘we’) and our company group. When visiting our internet pages, information about you and the hardware you use may be collected and saved to serve a number of purposes.

In this Privacy Policy (‘Privacy Policy’) we wish to provide you with a complete picture of how we use your personal data and what rights you have with regard to this data. This Privacy Policy applies to our corporate internet pages and provides comprehensive information regarding the ways in which we process your data, what we do with your data and the legal basis upon which we do this. Should you visit one of the Gameforge 4D GmbH websites, a different privacy policy applies.

Your rights and our obligations regarding how we deal with your data have a very high priority for us. We only process your data where absolutely necessary, doing so in a secure and responsible manner, with the greatest care and attention to the legal requirements.
1. Details regarding data controller and data protection officer
We want to live up to your trust. You can contact us for any questions, suggestions or complaints you may have regarding the way we handle your data in general, or with regards to this Privacy Policy in particular.
1.1 Data controller
The data controller responsible for processing personal data is Gameforge AG, Albert-Nestler-Strasse 8, 76131 Karlsruhe, Germany. We can be contacted for general enquiries regarding data protection at the address provided, by email at or by fax message at +49 (0)721 354 808 152. Please submit your deletion requests (as per 6.3) at or via email at .
1.2 Data protection officer contact details
You may also contact our data protection officer (Dr. Tobias Gräber, LL.M.) in confidence using the contact details provided above, by email at or by fax message at +49 (0)721 354 808 159.
2. General information regarding data we process and how we collect it
In this section we inform you how we collect your data.
2.1 Legal basis for processing data
We ensure from the moment of collecting your data that this is done in a reliable, transparent and appropriate manner. In judging whether we have the right to collect data, and how this data is to be processed, we orientate ourselves on the requirements of applicable law, in particular on the provisions of the EU General Data Protection Regulation (‘GDPR’), the Data Protection Act of the Federal Republic of Germany and other legal provisions relating to the handling of personal data.
2.2 Data automatically collected by us
By using this internet site, certain system and user-related data will be collected automatically without further user intervention. For example, the general specifications of your internet browser (e.g. type and version), time of access and the related IP address (an individual address associated with your internet connection at this time), as well as system configuration details (e.g. screen resolution and operating system version) are collected and recorded in server logs. As a rule, this information is not used to identify a specific internet user.

The data is processed for the purposes of safeguarding the company’s legitimate interests (GDPR Article 6(1)(f)) to ensure the secure and smooth operation of the internet pages and their optimisation.
3. Special details regarding scope and purpose
In this section we explain comprehensively in which specific cases we process your data.

The data is processed directly by Gameforge within the territory of the Federal Republic of Germany. Should in individual cases personal data be processed by a different body, such as a company associated with us or a service provider, potentially in a third country (outside of the European Union or the European Economic Area), this will always proceed within the legal framework and on the basis of a contract with the respective third party which stipulates compliance with all relevant data protection regulations.
3.1 Visiting our website without logging in
Our corporate internet pages can be visited anonymously to learned about Gameforge AG and the Gameforge company group. Registering on the website is only required if you wish to make use of the features of the application portal for which we provide an independent privacy policy. Irrespective of this, personal data may be collected and processed by us without registration in the following instances.
3.1.1 Server logs
In using our internet pages, server logs are created which log certain connection and usage activities. For example, page views, times of access and the IP address allocated to your internet connection are recorded for the purposes of identifying and preventing cyberattacks or attempted manipulation, as well as for statistical analysis and the improvement of our internet pages. Where necessary, other technical details such as the MAC address (the network address of your network adapter) or similar identifying features may be recorded.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) to ensure the smooth and secure operation of our internet pages, as well as their optimisation.
We offer certain download options on our internet pages. For example, you may download the contents of this Privacy Policy or information notices to your hard drive via your browser. For this purpose, a connection is made between your system and our download servers. The time of the download, the file downloaded and your IP address and other hardware specifications may be recorded for technical reasons, and for the purposes of guaranteeing IT security and optimising our internet pages.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) to ensure the smooth and secure operation of our internet pages, as well as their optimisation.
3.2 Communication with Gameforge
We are available for contact for all general questions relating to Gameforge and these internet pages. We are also happy to answer questions relating to this Privacy Policy and data protection at Gameforge. There are a number of ways you can contact us. Certain personal data will be recorded when using one of these channels.

In processing this data, we exercise our legitimate interests for the purposes of remaining in contact with you (GDPR Article 6(1)(f)). In as far as a message aims at the conclusion of a contract between us and the enquiring person, or for clarifying contractual issues, processing this data may serve as the basis for initiating, executing or terminating a corresponding contract (GDPR Article 6(1)(b)). In individual cases this may be necessary to fulfil a legal obligation we are subject to (GDPR Article 6(1)(c)).
3.2.1 Contacting us by email
We receive the sender’s email and IP address and the contents of the message when an email is sent to us.
3.2.2 Contacting us by fax
When contacted by fax, we receive the sender’s fax number, in addition to the contents of the message.
3.2.3 Contacting us by post
You can of course also contact us by post. In this case we receive the contents of the message and the postal address provided by the sender.
3.2.4 Contacting us via social networks
We also have a presence on social networks such as Facebook and other external platforms. It is generally possible to contact us via the channels provided there (e.g. private messages). In so doing we receive the information which is typically visible when using such messages (e.g. the username used on the social network). We recommend that you read the privacy policy and terms of use of the relevant platform before using this contact method.
3.3 Coverage analysis, tracking and analysis
We have no interest in monitoring the surfing behaviour of our page visitors, nor do we track what you do on the internet after visiting these internet pages.

We are however interested in optimising and improving our internet pages to suit our users’ needs. This includes information regarding how these internet pages are used and from which external pages users find their way to us. We also want to learn about which pages are viewed, how often, how long the page takes to display in your browser and how much time is spent viewing a page, so that we can identify errors and further improve our internet pages.

Out internet pages also use a variety of cookies for these purposes, explained in more detail in section 3.4.

As a rule, the relevant information is aggregated. This means we can extrapolate results from the collection of individual data points, which in most cases cannot be traced back to individual users. When information is not aggregated, your data is generally processed in a pseudonymised form.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in the optimisation and smooth operation of our internet pages.
3.4 Cookies
We use cookies on our internet pages and use a cookie manager which offers you additional information about this topic upon accessing a web page.

Cookies are saved on your system for their respective lifespans when you visit our internet pages in your browser. They are not executable applications and do not contain any elements that can cause damage; instead they hold a sequence of characters relevant to their function. Simply put, cookies are small text files in which information in connection to the opened website is saved.

These enable certain basic features of our internet pages. Cookies allow your browser to be recognised when revisiting the site, for example. This makes it easier and more secure to log into an applicant account, and allow settings you choose, such as the display language or screen size and orientation, to be loaded automatically. Cookies thus help us to present our internet pages to you in a functional and user-friendly format and in a manner that suits your requirements.

Alongside these technically-required functions (necessary cookies), cookies also enable us to collect and analyse data regarding the use of our internet pages (analysis cookies). This allows us to see how frequently an internet page is visited, how often specific page functions are used, or whether and at what stage errors occur.

Cookies are also used to deliver interest-targeted advertisements (marketing cookies). The information associated with Gameforge cookies is generally saved in a pseudonymised form however, which prevents us from linking it directly to an individual user without the enlistment of further information.

Cookies will be automatically removed from your system regularly, once you leave Gameforge websites or if you end your session by logging out. Some cookies may, however, remain stored on your system. To prevent this, you can change your particular browser settings to block all cookies, permit only specific cookies, or delete all stored cookies completely when the browser is closed. If you wish to make use of these settings, please follow the respective directions provided by your browser. Please note, however, that for technical reasons visiting the Gameforge websites with such settings may make them partially or wholly inoperable, or otherwise limit the service provided.

In as far as personal data is processed by cookies, this activity related to the necessary cookies is carried out in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in offering and optimising our services. With regard to the remaining cookies and the associated processing, this is done on the basis of your consent, which can be revoked at any time free of charge, which can be provided to us or revoked by making a corresponding selection in our cookie manager (GDPR Article 6(1)(a)).
3.5 Integration of external services and plug-ins
To extend the scope of functions and optimise user comfort in some areas of our internet pages, we use third-party services and related plugins which make the selected functions of these services available.

In particular, we have integrated plugins that allow videos to be played without you having to leave our internet pages.

By using the corresponding functions you connect to servers of the respective third-party provider. Personal data such as the IP address, the website currently being accessed and the time of use may be transmitted to the third-party provider. We therefore recommend that you read the data protection regulations of the third-party provider carefully before using the respective function.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in providing our services.
3.6 IT security measures
Guaranteeing the security of our internet pages is an important matter to us at all times. To this end we use standard hardware and software solutions for monitoring the security status of our systems in order to identify and defend against malicious activity such as DDoS attacks, malware or unauthorised login attempts and other attempted manipulation. In addition to such measures, we also review our server and system logs.

Executing our IT security measures constitutes pursuit of our legitimate interests (GDPR Article 6(1)(f)) for the purposes of ensuring the availability of our services and the security and the effectiveness of protection of our internet pages.
3.7 Processing for statistical purposes
In certain areas of our internet pages we collect data such as the operating system and version, browser and version, IP address and other relevant system data. We use this information for statistical evaluations, in particular for the purpose of adapting our internet pages to our visitors’ needs. Where possible, the data is anonymised and aggregated; otherwise the data is pseudonymised. None of this information is disclosed to third parties.

We process this information for statistical purposes in line with our legitimate interests (GDPR Article 6(1)(f)) for the optimisation of our services.
3.8 Improving our internet pages
In many cases, personal data is processed for the purposes of improving our internet pages, for identifying and correcting errors, improving security and improving usability.

We do so in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in terms of providing and optimising our services and the security of our internet pages.
3.9 Safeguarding other legal interests
In individual instances, we may process personal data to serve other legal interests, such as in cooperation with relevant authorities, or the enforcement, establishment or defence of legal claims.

We act here in line with our legal obligations (GDPR Article 6(1)(c)) or in line with our legitimate interests (GDPR Article 6(1)(f)) for the enforcement, establishment or defence of legal claims.
3.10 No change of purpose
In order to ensure that the purposes stipulated in this Privacy Policy can be pursued sustainably, we reserve the right to change the way in which data is processed to conform to legal or company requirements, for example by optimising our data processing activities, or implementing new processes. This will always be done with the greatest attention and under strict adherence to the legal provisions. Changes of purpose in the true sense are otherwise not planned.
3.11 Balance of interests
In as far as we process personal data on the legal basis of Article 6(1)(f) of the GDPR, that being in pursuit of our legitimate interests, we firstly determine our interest in processing the data in question. This is then weighed against the expectable interests of the affected persons. This includes taking into consideration the desired purpose, the form of data processing and the associated risks to the rights and freedoms of the affected persons. At the same time we consider whether the technical and organisational measures taken are sufficient to meet the necessary level of protection. We only process data on this basis where this is the case, and the relevant data is limited to that which is indeed required.
4. Forwarding and transferring personal data
As a rule, your data is only processed directly by us within the territory of the Federal Republic of Germany, and always for the purposes listed in this Privacy Policy. This section details how and why personal data may in certain instances be forwarded or transferred.
4.1 Reasons for forwarding and transferring personal data
Your data will only be internally forwarded or externally transferred where necessary in achieving one of the aims outlined in this Privacy Policy. Any data forwarded or transferred is limited to the amount absolutely necessary.
4.2 Internal and external recipients of personal data
As a rule, your data is passed on internally to the department responsible for the respective processing, which is then processed only by the employee(s) responsible. Our employees are trained in the field of data protection, are bound by obligations of confidentiality and data privacy, and are committed by company guidelines and instructions to handle your data in accordance with legal requirements and the contents of this Privacy Policy.

For technical, legal or business reasons it may also be necessary in certain cases to pass your data on to third parties. For instance, it may be necessary that we forward your data to a company associated with us as per Section 15 of the German Stock Corporation Act (currently Gameforge 4D GmbH, reachable at the address provided above) for the purposes set forth in this Privacy Policy.

Furthermore, carefully selected service companies make their data centres available to use.

Should it be required by law, we also forward data to the relevant authorities to the extent necessary. In as far as we require external advice from third parties, in particular legal advice, for the purposes of enforcing or defending legal claims, we may also transfer the necessary data to these recipients.

Any transfer is performed exclusively for the purposes detailed in this Privacy Policy with the greatest attention and under strict adherence to the legal provisions, in particular the conclusion of an agreement for processing data by contract as per Article 28(3) sentence 1 of the GDPR.
4.3 Recipients in third countries
Before any personal data is transferred, we check thoroughly that all the legal requirements for the transfer in question are met for the particular case. For this reason, we only transfer data to recipients in third countries when this level of protection for personal data is provided in the country and we are convinced that the respective recipient will handle the received data in compliance with the data protection standard laid out this Privacy Policy. An adequate level of data protection can be expected, for example, where the European Commission has made a decision confirming the country in question meets the standards of data adequacy or the transfer is concluded on the basis of the European Commission’s standard contractual clauses.
5. Data retention
In this section, we explain how long we store the personal data we collect.

We do not retain personal data without purpose. The length of time data is retained is primarily linked to the basic purpose and necessity of storing it. Personal data is therefore only stored in as far as it is required for a specific purpose.

The first thing we check is the minimum necessary period for retention for the specific purposes detailed in this Privacy Policy. If the data need only be saved for technical reasons for a short time (for example, during your current session), this data will only be stored for the period of use and a maximum of 30 days.

Finally, we check whether any legal retention periods apply, particularly in terms of taxation law (Section 147(3) of the Fiscal Code of Germany) or commercial law (Section 257(4) of the German Commercial Code), which may for example require documents to be stored for a period of six to ten years.

If there is no cause to process the data, the data is no longer required for this purpose, and there are no legal requirements to store the data, we delete it.
6. Your rights
In this section we inform you about the rights individuals have in regard to the processing of their data.
6.1 Right of access
You have the right to demand confirmation from us regarding whether we are processing your data. If this is the case, you also have the right to demand comprehensive information, a free copy of the data and more information from us.
6.2 Right to rectification
Should the data relating to your person be incorrect or incomplete, you have the right to demand that the data be corrected or completed.
6.3 Right to erasure
You have the basic right to demand the immediate deletion of your data. Legal reasons may however stand in the way of this, in particular legal data retention requirements. In individual cases your data may also be required for the establishment, exercise or defence of legal claims. In such instances we will process the affected data strictly in accordance with this purpose, followed by immediate deletion as soon as the relevant reasons for retention no longer apply. We will inform you in such instances accordingly.
6.4 Right to restriction of processing
As an alternative to the deletion of your data, you have the basic right to demand restrictions in how we process your data. If you make use of this right, we are essentially restricted to storing the associated data. Processing the data in other ways is only permissible with your consent, or for the purposes of establishing, exercising or defending legal claims, or to protect the rights of other natural persons or legal entities.
6.5 Right to object
On grounds relating to your situation, you have the right to object to the processing of personal data associated with you, in as far as the specific processing is pursuant to our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Should you have and exercise your right to object, we will no longer process the affected data.

In exceptional cases your right to object may not be exercised, where we have a compelling legitimate reason for processing the data which overrides your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. This exception does not apply, however, when you object to the processing of your data for direct marketing purposes, including marketing-related profiling. You may exercise your right to object to these purposes at any time.
6.6 Withdrawal of consent
If we are processing data on the basis of the consent you have provided, you can withdraw your consent effective for the future at any time. We will cease processing your data upon receiving withdrawal of your consent and until such time as your consent has been granted once more.
6.7 Right to data portability
If we are processing your data with your consent, or for the purposes of justifying, executing or terminating a contract with you, you have the right to receive the data you have made available to us. The data is provided in a structured, accessible and machine-readable format. In exercising this right, you also have the right to request that your personal data be transferred directly to another controller, so far as this is technically feasible.
6.8 Right to appeal
You have the right to appeal to any European supervisory authority, in particular the one in your place of permanent residence, if you believe that your personal data is being processed by us in violation of the legal provisions. You can find contact information at You may also contact the supervisory authority responsible for us, that being the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information. These contact details can be found at
7. Data protection information
In handling personal data, we have made appropriate technical and organisational measures to maintain data security and reduce the risks to the rights and freedoms of the affected persons. This includes limiting the personal data collected and stored to the minimum required, and encrypting it where possible. Finally, all our employees are informed and trained to maintain data confidentiality and privacy obligations. 
9. Version and changes to this Privacy Policy
This Privacy Policy was last updated on 21st September 2022. We reserve the right to change its contents in order to correct mistakes, improve understandability, provide supplemental information, or for legal reasons. In cases where they are adjusted, the principles outlined in this Privacy Policy and the protection of your personal data will be preserved.