The Controller, as this term is defined by the General Data Protection Regulation, other national data protection laws of the Member States, and other data protection regulations, is:
GIANTS Software GmbH
Jan-Hendrik Pfitzner, GIANTS Software Entertainment GmbH, Nägelsbachstraße 33, 91052 Erlangen, Germany
As a matter of principle, we only collect the personal data you provide when you use the Services and, as applicable, when you use fee-based services. Personal data is data that contains information on personal or factual circumstances. When you place an order through our website, you are required to provide your name, address, e-mail address and payment information.
Sometimes we also need to ask you for personal data like your name, address, e-mail address and telephone number in order to process your inquiries or to provide support to you.
In addition, we collect data in the context of a voluntary participation in inquiries and surveys. We only disclose personal data to cooperating companies or external service providers where this is required or permitted by law, in particular for the performance of contracts, for processing payments, for protecting other users, or for the prevention of threats to national or public security, or for the prosecution of criminal offences.
Your legitimate interests will be considered in accordance with the statutory data protection regulations.
We treat all of this information confidentially and in compliance with the statutory data protection regulations. As a matter of principle, we do not disclose such information to third parties without your consent unless this is required for the performance and execution of the contract, for processing your inquiry, or for providing support services to you, or unless it is permitted pursuant to the statutory data protection regulations.
Where we obtain data subjects’ consent for processing operations involving personal data, the processing of personal data is based on Art. 6 (1)(a) of the EU General Data Protection Regulation (GDPR).
The legal basis for processing personal data which is necessary for the performance of a contract to which the data subject is a party, is Art. 6 (1)(b) GDPR. This also applies to processing operations that are necessary for taking steps prior to entering into a contract.
Where the processing of personal data is necessary to comply with a legal obligation to which our company is subject, processing is based on Art. 6 (1)(c) GDPR.
In the event that personal data needs to be processed in order to protect the vital interests of the data subject or another natural person, processing is based on Art. 6 (1)(d) GDPR.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests or the fundamental rights and freedoms of the data subject do not override that legitimate interest, processing is based on Art. 6 (1)(f) GDPR.
We collect and process data in order to enable your use of the services. This also includes processing personal data for the purpose of data security, the stability and operational safety of our system, and for billing purposes. We process data in order to assist you with support inquiries. Data is also processed to detect and prevent a misuse of the Services, e.g. a use for fraudulent purposes. Data is processed to acquire new customers and to present advertising that we believe matches your interests.
The personal data of data subjects is erased or blocked when the purpose of storing it no longer exists. Data can also be stored beyond such time if the European or national legislator provided for this in Union law regulations, laws or other legal regulations to which the Controller is subject. Data is also blocked or erased when a storage period required by the aforementioned regulations expires unless data needs to be stored beyond such time in order to execute or perform a contract.
We have taken the steps that can reasonably be expected of us to prevent unauthorised access to your personal data and the unauthorised use or alteration of this data and minimise the related risks. Nevertheless, the provision of personal data, whether in person, by phone or over the internet, always involves risks, and the possibility of a manipulation or sabotage of technical systems cannot be excluded.
We process the information collected from you in accordance with national and European data protection law. All employees are subject to the obligation to preserve data confidentiality and comply with data protection regulations, and have been trained in this respect. Your data is transmitted in encrypted form using the SSL method.
Every time our Services are requested, our system automatically collects data and information from the system of the requesting computer. In this context we collect the following data:
The data is also stored in the log files of our system.
The legal basis for the temporary storage of the data and the log files is Art. 6 (1)(f) GDPR.
The system needs to temporarily store the IP address in order to enable the provision of the Services to the user's computer. For this purpose, the system must store the user's IP address for the duration of the session. Data is stored in log files to ensure the operability of the Services. In addition, the data is used to optimise the Services and to ensure the security of our IT systems. Data is stored beyond the session for the purpose of fraud prevention (e.g. payment fraud, a violation of the rules of the game where one person uses multiple accounts) and for the purpose of IT security (e.g. protection against DDoS attacks). Data sets are only analysed for statistical purposes.
We delete log files after a period of fourteen days. We reserve the right to continue to store IP addresses and log files for a certain period of time even after users have used the services. This is done, in particular, to be able to prevent or investigate any cases of misuse and, in this context, to disclose such data to investigating authorities in individual cases, or to be able to fix bugs. All other data analyses use data in anonymised form where this is possible. After the expiry of this period, the IP address and the log files are deleted completely unless this information must be retained to comply with compulsory legal obligations or unless specific investigations by law enforcement authorities or misuse investigations are pending. These purposes also reflect our legitimate and overriding interest in data processing in accordance with Art. 6 (1)(f) GDPR.
Data is erased when it is no longer needed to achieve the purpose of its collection.
The collection of the data for the provision of the Services and the storage of the data in log files are absolutely necessary to ensure that Services can be operated with as few interruptions as possible. Consequently, users do not have a right to object.
In the context of our Services we provide a support ticket system which can be used to contact us electronically by sending an e-mail to firstname.lastname@example.org. Where users use this option, the data entered is transmitted to and stored by us. This data consists of:
E-mail header (e.g. server from which data is sent, e-mail client (as applicable), etc.)
Content of the message
We also record the time when the message was sent.
Chat record (if the chat feature is used)
The data collected in this context is not disclosed to third parties. The data is exclusively used to process the inquiry.
Where the user has given his/her consent, data processing is based on Art. 6 (1)(a) GDPR.
The processing of data that is transmitted in the context of sending an e-mail is based on Art. 6 (1)(f) GDPR. If the purpose of the contact by e-mail is to execute a contract, data processing is also based on Art. 6 (1)(b) GDPR.
We only process the personal data to process the e-mail. Where users contact us by e-mail, this also reflects our necessary legitimate interest in processing the data. All other personal data processed while the e-mail is being submitted is used to prevent a misuse of the contact form and to ensure the security of our IT systems.
Data is erased when it is no longer needed to achieve the purpose of its collection, but at the latest one month after the inquiry has been taken care of.
Users can revoke their consent to the processing of the personal data at any time. When users contact us, they can object to their personal data being stored at any time. In this case, the correspondence cannot be continued. All personal data that was stored in the context of the user's contacting us will be deleted in this case.
There are permanent cookies, which remain on your display device for an extended period of time, and session cookies, which are stored on your display device temporarily and are deleted after the services have been closed.
We use essential cookies, function cookies and performance cookies.
Essential cookies. These cookies are necessary for using the services. Without these essential cookies, we may not be able to make certain services or features available to you, or the presentation of the Services may not be free of errors.
Function cookies. Function cookies allow us to recognise your default settings and to provide enhanced features which better match your needs. For example, they enable us to personalise the Services and to recognise whether we have asked you about certain things or whether you have requested certain services. All of these features help us improve the Services for you.
Performance Cookies. Performance cookies are sometimes also referred to as analytics cookies and collect information on your use of the Services. They enable us to improve the functioning of the Services. For example, performance cookies show us which pages are used most frequently and what the entire usage pattern for the Services looks like. They also help us to recognise problems relating to the use of the Services and to determine whether our advertising is displayed effectively.
The following is a list of the cookies placed by us:
The following is a list of the cookies placed by third parties:
If you reach our Services through third parties, these third parties may place cookies. This is beyond our control. Please review the privacy notices of these third parties.
The legal basis for processing personal data using cookies is Art. 6 (1)(f) GDPR.
The purpose of using cookies that are technically necessary is to simplify the use. Some features of our Services cannot be offered without using cookies. User data collected through technically necessary cookies is not used to create user profiles. Analysis cookies are used to improve the quality of our Services and their content. Analysis cookies inform us about how Services are used and allow us to continuously optimise our offering. These purposes also reflect our legitimate interest in processing the personal data in accordance with Art. 6 (1)(f) GDPR.
Google is certified under the Privacy Shield agreement and thereby provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyse users’ use of our website, compile reports on the activities carried out within this website and to provide to us further services related to the use of this website and of the internet. The data processed can be used to create pseudonymous usage profiles of users.
We only use Google Analytics with IP anonymisation. This means that the users’ IP address is shortened by Google within Member States of the European Union or in other States party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.
The IP address transmitted by the users’ browser will not be combined with other Google data. Users can prevent cookies from being stored by selecting the respective setting in their browser software; in addition, users can prevent the data generated by the cookie and related to their use of the website from being collected and processed by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information regarding the use of data by Google and the options for stopping such use and objecting to it is available on Google's web pages: https://www.google.com/intl/de/policies/privacy/partners („Use of data by Google when you use our partners’ websites or apps“), https://www.google.com/policies/technologies/ads („Use of data for advertising purposes“), https://www.google.de/settings/ads („Manage information used by Google to display advertising to you“).
This always requires that the third parties who provide this content can see users’ IP address because they cannot send the content to their browser without the IP address. Consequently, the IP address is required to display this content. We strive to only use content which is provided by parties that use the respective IP address solely for purposes of delivering said content. Third-party providers may also use “pixel tags” (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” make it possible to analyse information, such as visitor traffic on the various pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and may contain, for example, technical information regarding the browser and the operating system, information on referring websites and times of website visits, as well as further information regarding the use of our web pages. It may moreover be combined with similar information from other sources.
Our website provides the opportunity to submit contributions to a forum. The forum also requires registration with a user name, your e-mail address and a password. You can use a pseudonym to register. We only store this data to allow users to log in. Your password is encrypted. Nevertheless, we recommend that users do not use the same password on different websites. The password allows users to access their account in the forum, so please keep it in a safe place and do not disclose it to third parties. If you do not remember your password for your account, you can use the “I forgot my password” function of the phpBB software. This process will ask you to enter your user name and your e-mail address, then the phpBB software will generate a new password that will allow you to get your account back.
The forum is operated by the provider phpBB Deutschland e. V., Sandweg 17, 70771 Leinfelden-Echterdingen (“phpBB”). phpBB generates multiple cookies when you visit the forum. Cookies are small text files which the browser stores as temporary files. Two of these cookies contain a unique user number (user ID) and an anonymous session number (session ID) which is automatically assigned to the user by phpBB. A third cookie is generated once a user has visited topics and is used to store information on the contributions read by the user in order to be able to mark any contributions not yet read. Further information is collected when information is sent to the operator. This may include contributions created as a guest, data that is collected in the context of the registration, and the messages created by a user after he/she has registered with the forum. Further information on how your data is used by the operator is available at: https://www.phpbb.com/community/ucp.php?mode=privacy.
The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the forum. Where we or phbBB use the data to improve the Services, this use is justified in accordance with Art. 6 (1)(f) GDPR. There is an overriding interest in improving the Services.
We offer the opportunity to create user-generated content using the GIANTS SDK (“User-Generated Content”). The GIANTS SDK provides access to various tools that allow to create and share User-Generated Content, e.g. an editor (“Tools”). In order to use the Tools, users must register with the GIANTS Developer Network. For this purpose they must provide their e-mail address and a password. We only use this data to administrate the GIANTS Developer Network; it will not be disclosed to third parties. The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the GIANTS Developer Network.
We offer a platform (“ModHub”) for user-generated content created with GIANTS SDK (“User-Generated Content”). The GIANTS SDK provides access to various tools with which to create and share User-Generated Content. Users can upload User-Generated Content created by them using the ModHub. For this purpose they must register by providing an e-mail address and a password. We only use this data to administrate the ModHub; such data will not be disclosed to third parties. The tools transmit the IP address and the users’ access to files to us to enable the user to access the interface (API). The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the ModHub.
Where your personal data is processed, you are the “data subject”, as defined in the GDPR, and you have the following rights vis-à-vis the Controller:
You have the right to demand that the Controller confirm to you whether it is processing personal data concerning you. Where such processing exists, you can request the following information from the Controller:
You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organisation. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
You have the right to have the Controller rectify and/or complete data where the personal data concerning you being processed is inaccurate or incomplete. The Controller must rectify this data without undue delay.
You have the right to demand that the Controller restrict the processing of personal data concerning you if the following applies:
Where processing of the personal data concerning you has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where the processing was restricted in accordance with the aforementioned conditions, you will be informed by the Controller before the restriction of processing is lifted.
You may demand that the Controller erase the personal data concerning you without undue delay where one of the following reasons applies:
Where the Controller has made the personal data concerning you public and is obliged to erase the personal data concerning you in accordance with Art. 17 (1) GDPR, it has the following duty: It must take reasonable steps (including technical measures, taking into account the available technology and the cost of implementation) to notify third-party companies which are controllers that you have requested the erasure of all links to, or copies of, such personal data.
The right to erasure does not apply where processing is necessary
Where you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller has a duty to communicate this rectification or erasure of the data or the restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
You have the right to receive the personal data concerning you which you have provided to the Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit that data to another controller without hindrance by the Controller to which the personal data has been provided, where the processing is based on consent pursuant
When exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where this is technically feasible. This right must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
You have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you that is based on Art. 6 (1) (e or f) GDPR at any time; this also applies to profiling which is based on these provisions. In such an event, the Controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the data is being processed for the establishment, exercise or defence of legal claims. Where personal data concerning you is processed for the purposes of direct marketing, you have the right to object to the processing of personal data concerning you for that purpose at any time; this also applies to profiling where profiling is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to revoke your consent given for data protection law purposes at any time. Revoking your consent does not affect the lawfulness of any processing performed based on the consent until such revocation.
You have the right not to be subject to a decision which is based solely on automated processing – including profiling – and which produces legal effects concerning you or similarly significantly affects you. This does not apply where the decision
a) is necessary for entering into or performing a contract between you and the Controller,
b) is authorised by Union or Member State laws to which the Controller is subject and where these laws also contain suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is made with your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2)(a or g) applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. With respect to the cases mentioned in subsections (a) and (c), the Controller must implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the Controller, the right to express your own point of view and the right to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged violation, if you believe that the processing of the personal data concerning you violates provisions of the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.