Privacy Policy

Purpose and subject matter of this Privacy Policy
Gameforge AG (‘Gameforge’ or ‘we’) provides this application platform to allow you to apply for a workplace, internship or job as a working student at a company in the Gameforge group. While using this platform, information about you and the hardware you use may be collected and saved to serve a number of purposes.

In this Privacy Policy (‘Privacy Policy’) we wish to provide you with a complete picture of how we use your personal data and what rights you have with regard to this data. This Privacy Policy applies exclusively to our application platform and provides comprehensive information regarding the ways in which we process your data, to what purposes, and the legal basis upon which we do this. Should you visit our corporate pages or one of the Gameforge 4D GmbH websites, different privacy policies apply.

Your rights and our obligations regarding how we deal with your data have a very high priority for us. We only process your data where absolutely necessary, doing so in a secure and responsible manner, with the greatest care and attention to the legal requirements.
1. Details regarding data controller and data protection officer
We want to live up to your trust. You can contact us for any questions, suggestions or complaints you may have regarding the way we handle your data in general, or with regards to this Privacy Policy in particular.
1.1 Data controller
The data controller responsible for processing personal data is Gameforge AG, Albert-Nestler-Strasse 8, 76131 Karlsruhe, Germany. We can be contacted for general enquiries regarding data protection at the address provided, by email at or by fax message at +49 (0)721 354 808 152.
1.2 Data protection officer contact details
You may also contact our data protection officer (Dr. Tobias Gräber, LL.M.) in confidence using the contact details provided above, by email at or by fax message at +49 (0)721 354 808 159.
2. General information regarding data we process and how we collect it
In this section we inform you how we collect your data.
2.1 Legal basis for processing data
We ensure from the moment of collecting your data that this is done in a reliable, transparent and appropriate manner. In judging whether we have the right to collect data, and how this data is to be processed, we orientate ourselves on the requirements of applicable law, in particular on the provisions of the EU General Data Protection Regulation (‘GDPR’), the Data Protection Act of the Federal Republic of Germany (‘BDSG’) and other legal provisions relating to the handling of personal data.
2.2 Data automatically collected by us
By using this internet site, certain system and user-related data will be collected automatically without further user intervention. For example, the general specifications of your internet browser (e.g. type and version), time of access and the related IP address (an individual address associated with your internet connection at this time), as well as system configuration details (e.g. screen resolution and operating system version) are collected and recorded in server logs. As a rule, this information is not used to identify a specific internet user.

The data is processed for the purposes of safeguarding the company’s legitimate interests (GDPR Article 6(1)(f)) to ensure the secure and smooth operation of the application platform and its optimisation.
2.3 Data generated by us
In the process of registering an applicant account, and during its subsequent use, we generate an individual username for the user. This identification serves the purposes of pseudonymisation and is required for technical reasons, for example for logging into and using the applicant account, and processing a submitted application. With regards to the data generated by us, this also includes data which may be created by the human resources department or other company departments for the purposes of reviewing your application.

This activity is also carried out in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in making the application portal available, and for deciding about justifying an employment contract (GDPR Article 6(1)(b), BDSG Section 26(1) 1).
2.4 Data provided by you
The majority of the personal data we process is provided directly by our users. Basic information is collected when registering an applicant account (generally your email address and other contact details you enter). It is also possible for you to save application documents on our system and submit your application to start the application process. The details you provide are collected and processed for the purposes of the application procedure.

This activity is likewise carried out in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in making the application portal available, and for deciding about justifying an employment contract (GDPR Article 6(1)(b), BDSG Section 26(1) 1).
2.5 Voluntary provision and processing
The provision of personal data and the associated use of the application portal is entirely voluntary. Using the portal, however, requires the provision of the data stipulated in 2.3, as we would otherwise be unable to contact you and review your application.

Equally certain rights may be exercised in individual cases which lead to us being unable to process your application. Should this occur, we will inform you of the consequences in each individual case.
3. Special details regarding scope and purpose
In this section we explain comprehensively in which specific cases we process your data.

The data is processed directly by Gameforge within the territory of the Federal Republic of Germany. Should in individual cases personal data be processed by a different body, such as a company associated with us or a service provider, potentially in a third country (outside of the European Union or the European Economic Area), this will always proceed within the legal framework and on the basis of a contract with the respective third party which stipulates compliance with all relevant data protection regulations.
3.1 Visiting our website without logging in
Our internet pages and the application portal can be visited anonymously. Registering on the website is only a requirement if you wish to create and use an applicant account. Irrespective of this, personal data may be collected and processed by us without registration in the following instances.
3.1.1 Server logs
In using our internet pages and application portal, server logs are created which log certain connection and usage activities. For example, page views, times of access, the registration of an applicant account and the IP address allocated to your internet connection are recorded for the purposes of identifying and preventing cyberattacks or attempted manipulation, as well as for statistical analysis and the improvement of our internet pages and application portal. Where necessary, other technical details such as the MAC address (the network address of your network adapter) or similar identifying features may be recorded.

This data is processed for in pursuit of our legitimate interests (GDPR Article 6(1)(f)) to ensure the smooth and secure operation of our internet pages and the application portal, as well as their optimisation (GDPR Article 6(1)(b)).
We offer certain download options on our internet pages and the application portal. For example, you may download the contents of this Privacy Policy or information notices to your hard drive via your browser. For this purpose, a connection is made between your system and our download servers. The time of the download, the file downloaded and your IP address and other hardware specifications may be recorded for technical reasons, and for the purposes of guaranteeing IT security and optimising our application platform.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) to ensure the smooth and secure operation of our internet pages and the application portal, as well as their optimisation.
3.2 Communication with Gameforge
We are available for contact for all general questions relating to Gameforge, these internet pages, as well as for questions relating to job vacancies and your application. We are also happy to answer questions relating to this Privacy Policy and data protection at Gameforge. There are a number of ways you can contact us. Certain personal data will be recorded when using one of these channels.

In processing this data, we exercise our legitimate interests for the purposes of remaining in contact with you (GDPR Article 6(1)(f)). In as far as a message aims at the conclusion of a contract between ourselves and the applicant, or for clarifying contractual issues, processing this data may also serve as the basis for initiating an employment contract (GDPR Article 6(1)(b), BDSG Section 26(1) 1). In individual cases this may be necessary to fulfil a legal obligation we are subject to (GDPR Article 6(1)(c)).
3.2.1 Contacting us by email
We receive the sender’s email and IP address and the contents of the message when an email is sent to us.
3.2.2 Contacting us by fax
When contacted by fax, we receive the sender’s fax number, in addition to the contents of the message.
3.2.3 Contacting us by post
You can of course also contact us by post. In this case we receive the contents of the message and the postal address provided by the sender.
3.2.4 Contacting us via social networks
We also have a presence on social networks such as Xing, LinkedIn, Facebook and other external platforms. It is generally possible to contact us via the channels provided there (e.g. private messages). In so doing we receive the information which is typically visible when using such messages (e.g. the username used on the social network). We recommend that you read the privacy policy and terms of use of the relevant platform before using this contact method.
3.3 Coverage analysis, tracking and analysis
We have no interest in monitoring the surfing behaviour of our page visitors, nor do we track what you do on the internet after visiting our internet pages and application portal.

We are however interested in optimising and improving our internet pages and application portal to suit our users’ needs. This includes information regarding how these internet pages and the application portal are used and from which external pages users find their way to us. We also want to learn about which pages are viewed, how often, how long the page takes to display in your browser and how much time is spent viewing a page, so that we can identify errors and further improve our internet pages and application portal.

We use various tools for these purposes. The Gameforge web pages also use a variety of cookies for these purposes, explained in more detail in section 3.4.

As a rule, the relevant information is aggregated. This means we can extrapolate results from the collection of individual data points, which in most cases cannot be traced back to individual users. When information is not aggregated, your data is generally processed in a pseudonymised form.

This data is processed in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in the optimisation and smooth operation of our application portal.
3.4 Cookies
We use cookies on our internet pages and application portal and use a cookie manager which offers you additional information about cookies upon accessing a web page.

Cookies are saved on your system for their respective lifespans when you visit our internet pages and application portal in your browser. They are not executable applications and do not contain any elements that can cause damage; instead they hold a sequence of characters relevant to their function. In simple terms, cookies are small text files which store information related to the web pages viewed (including the application portal).

These are essential to enable certain basic features of our internet pages and application portal. Cookies allow your browser to be recognised when revisiting the site, for example. This makes it easier and more secure to log into an applicant account. Your preferences and settings, such as chosen language and the orientation and size of your screen, can also be saved. Cookies thus help us to present our internet pages and application portal to you in a functional and user-friendly format and in a manner that suits your requirements.

Alongside these technically-required functions (necessary cookies), cookies also enable us to collect and analyse data regarding the use of our internet pages and application portal (analysis cookies). This allows us to see how frequently an internet page is visited, how often specific page functions are used, or whether and at what stage errors occur.

Cookies are also used to deliver interest-targeted advertisements (marketing cookies). The information associated with Gameforge cookies is generally saved in a pseudonymised form however, which prevents us from linking it directly to an individual user without the enlistment of further information.

Cookies will be automatically removed from your system regularly, once you leave our internet pages and application portal, or if you end your session by logging out. Some cookies may, however, remain stored on your system. To prevent this, you can change your particular browser settings to block all cookies, permit only specific cookies, or delete all stored cookies completely when the browser is closed. If you wish to make use of these settings, please follow the respective directions provided by your browser. Please note, however, that visiting our internet pages and application portal with such settings may make them partially or wholly inoperable, or otherwise limit the service provided.

In as far as personal data is processed by cookies, this activity related to the necessary cookies is carried out in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in offering and optimising our services. With regard to the remaining cookies and the associated processing, this is done on the basis of your consent, which can be revoked at any time free of charge, which can be provided to us or revoked by making a corresponding selection in our cookie manager (GDPR Article 6(1)(a)).
3.5 IT security measures
Guaranteeing the security of our internet pages and application portal is an important matter to us at all times. To this end we use standard hardware and software solutions for monitoring the security status of our systems in order to identify and defend against malicious activity such as DDoS attacks, malware or unauthorised login attempts and other attempted manipulation. In addition to such measures, we also review our server and system logs.

Executing our IT security measures constitutes pursuit of our legitimate interests (GDPR Article 6(1)(f)) for the purposes of ensuring the availability of our services and the security and the effectiveness of protection of the application portal.
3.6 Processing for statistical purposes
In certain areas of our internet pages and the application portal we collect data such as the operating system and version, browser and version, IP address and other relevant system data. We use this information for statistical evaluations, in particular for the purpose of adapting our internet pages and the application portal to our visitors’ needs. Where possible, the data is anonymised and aggregated; otherwise the data is pseudonymised. None of this information is disclosed to third parties.

We process this information for statistical purposes in line with our legitimate interests (GDPR Article 6(1)(f)) for the optimisation of our services.
3.7 Improving our internet pages and application portal
In many cases, personal data is processed for the purposes of improving our internet pages and application portal, for identifying and correcting errors, improving security and improving usability.

We do so in pursuit of our legitimate interests (GDPR Article 6(1)(f)) in terms of providing and optimising our servers and the security of the application portal.
3.8 Safeguarding other legal interests
In individual instances, we may process personal data to serve other legal interests, such as in cooperation with relevant authorities, or the enforcement, establishment or defence of legal claims.

We act here in line with our legal obligations (GDPR Article 6(1)(c)) or in line with our legitimate interests (GDPR Article 6(1)(f)) for the enforcement, establishment or defence of legal claims.
3.9 No change of purpose
In order to ensure that the purposes stipulated in this Privacy Policy can be pursued sustainably, we reserve the right to change the way in which data is processed to conform to legal or company requirements, for example by optimising our data processing activities, or implementing new processes. This will always be done with the greatest attention and under strict adherence to the legal provisions. Changes of purpose in the true sense are otherwise not planned.
3.10 Balance of interests
In as far as we process personal data on the legal basis of Article 6(1)(f) of the GDPR, that being in pursuit of our legitimate interests, we firstly determine our interest in processing the data in question. This is then weighed against the expectable interests of the affected persons. This includes taking into consideration the desired purpose, the form of data processing and the associated risks to the rights and freedoms of the affected persons. At the same time we consider whether the technical and organisational measures taken are sufficient to meet the necessary level of protection. We only process data on this basis where this is the case, and the relevant data is limited to that which is indeed required.
4. Forwarding and transferring personal data
As a rule, your data is only processed directly by us within the territory of the Federal Republic of Germany, and always for the purposes listed in this Privacy Policy. This section details how and why personal data may in certain instances be forwarded or transferred.
4.1 Reasons for forwarding and transferring personal data
Your data will only be internally forwarded or externally transferred where necessary in achieving one of the aims outlined in this Privacy Policy. Any data forwarded or transferred is limited to the amount absolutely necessary.
4.2 Internal and external recipients of personal data
The standard case involves your application being forwarded to the employee(s) responsible for the respective company department and the company’s human resources department. Our employees are trained in the field of data protection, are bound by obligations of confidentiality and data privacy, and are committed by company guidelines and instructions to handle your data in accordance with legal requirements and the contents of this Privacy Policy.

For technical, legal or business reasons it may also be necessary to pass your data on to third parties. For instance, it may be necessary, depending on the position you’ve selected, that we forward your application to the respective company associated with us as per section 15 of the German Stock Corporation Act (currently Gameforge 4D GmbH and Palado GmbH, both reachable at the address provided above) for the purpose of reviewing your application for the vacancy concerned.

Furthermore, carefully selected service companies make their data centres available to use.

Should it be required by law, we also forward data to the relevant authorities to the extent necessary. In as far as we require external advice from third parties, in particular legal advice, for the purposes of enforcing or defending legal claims, we may also transfer the necessary data to these recipients.

Any transfer is performed exclusively for the purposes detailed in this Privacy Policy with the greatest attention and under strict adherence to the legal provisions, in particular the conclusion of an agreement for processing data by contract as per Article 28(3) sentence 1 of the GDPR.
4.3 Recipients in third countries
Before any personal data is transferred, we check thoroughly that all the legal requirements for the transfer in question are met for the particular case. For this reason, we only transfer data to recipients in third countries when this level of protection for personal data is provided in the country and we are convinced that the respective recipient will handle the received data in compliance with the data protection standard laid out this Privacy Policy. An adequate level of data protection can be expected, for example, where the European Commission has made a decision confirming the country in question meets the standards of data adequacy or the transfer is concluded on the basis of the European Commission’s standard contractual clauses.
5. Data retention
In this section, we explain how long we store the personal data we collect.

We do not retain personal data without purpose. Any data we store is done for a specific purpose and is bound to this purpose. The length of time data is retained is primarily linked to the basic purpose and necessity of storing it. Personal data is therefore only stored in as far as it is required for a specific purpose.

The first thing we check is the minimum necessary period for retention for the specific purposes detailed in this Privacy Policy. Your applications are thus stored for the duration of your application process, and for a further five months after this period, should we reject your application. The only exception to this rule is if you wish to remain stored in our pool of applicants voluntarily. This allows us to review your application for later job vacancies, even after an initial rejection. In this instance, we store your application, contact details and other details provided for as long as you wish to remain in our pool of applicants. Should you enter an employment contract with us, your application will remained saved for the duration of the employment relationship.

If the data need only be saved for technical reasons for a short time (for example, during your current session), this data will only be stored for the period of use and a maximum of 30 days.

Finally, we check whether any legal retention periods apply, particularly in terms of taxation law (Section 147(3) of the Fiscal Code of Germany) or commercial law (Section 257(4) of the German Commercial Code), which may for example require documents to be stored for a period of six to ten years.

If there is no cause to process the data, the data is no longer required for this purpose, and there are no legal requirements to store the data, we delete it.
6. Your rights
In this section we inform you about the rights individuals have in regard to the processing of their data.
6.1 Right of access
You have the right to demand confirmation from us regarding whether we are processing your data. If this is the case, you also have the right to demand comprehensive information, a free copy of the data and more information from us.
6.2 Right to rectification
Should the data relating to your person be incorrect or incomplete, you have the right to demand that the data be corrected or completed.
6.3 Right to erasure
You have the basic right to demand the immediate deletion of your data. Legal reasons may however stand in the way of this, in particular legal data retention requirements. In individual cases your data may also be required for the establishment, exercise or defence of legal claims. In such instances we will process the affected data strictly in accordance with this purpose, followed by immediate deletion as soon as the relevant reasons for retention no longer apply. We will inform you in such instances accordingly.
6.4 Right to restriction of processing
As an alternative to the deletion of your data, you have the basic right to demand restrictions in how we process your data. If you make use of this right, we are essentially restricted to storing the associated data. Processing the data in other ways is only permissible with your consent, or for the purposes of establishing, exercising or defending legal claims, or to protect the rights of other natural persons or legal entities.
6.5 Right to object
On grounds relating to your situation, you have the right to object to the processing of personal data associated with you, in as far as the specific processing is pursuant to our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Should you have such a right to object and choose to exercise it, we will no longer process the affected data.

In exceptional cases your right to object may not be exercised, where we have a compelling legitimate reason for processing the data which overrides your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. This exception does not apply, however, when you object to the processing of your data for direct marketing purposes, including marketing-related profiling. You may exercise your right to object to these purposes at any time.
6.6 Withdrawal of consent
If we are processing data on the basis of the consent you have provided, you can withdraw your consent effective for the future at any time. We will cease processing your data upon receiving withdrawal of your consent and until such time as your consent has been granted once more.
6.7 Right to data portability
If we are processing your data with your consent, or for the purposes of justifying, executing or terminating a contract with you, you have the right to receive the data you have made available to us. The data is provided in a structured, accessible and machine-readable format. In exercising this right, you also have the right to request that your personal data be transferred directly to another controller, so far as this is technically feasible.
6.8 Right to appeal
You have the right to appeal to a supervisory authority if you believe that your personal data is being processed by us in violation of the legal provisions.
7. Data protection information
In handling personal data, we have made appropriate technical and organisational measures to maintain data security and reduce the risks to the rights and freedoms of the affected persons. This includes limiting the personal data collected and stored to the minimum required, and encrypting it where possible. This applies accordingly when providing and transferring personal data when registering and using an applicant account. Your data is thus transferred in an encrypted form using SSL. Our SSL transfer is THAWTE-certified. Finally, all our employees are informed and trained to maintain data confidentiality and privacy obligations. 
8. Version and changes to this Privacy Policy
This Privacy Policy was last updated on 13th October 2020. We reserve the right to change its contents in order to correct mistakes, improve understandability, provide supplemental information, or for legal reasons. In cases where they are adjusted, the principles outlined in this Privacy Policy and the protection of your personal data will be preserved.