Deutsch DE
Menu

Privacy policy

Privacy Policy Gentle Troll Entertainment GmbH

This is the privacy policy of Gentle Troll Entertainment GmbH ("Gentle Troll", "we"). We offer goods and services through our website ("Website") and through mobile applications ("Mobile Apps" or "Apps") (collectively, "Services"). In this privacy policy, we inform you which personal data we collect and process. We also inform you about your rights. The responsibility for the protection and processing of personal data is very important to us. Your data will be protected against unauthorized access and loss by means of various technical and contractual measures. We have taken the necessary technical and organizational measures. If links lead to third-party websites, please note that these companies provide their own privacy policies, which then apply to that extent.

I. Name and address of the responsible person

The person responsible in the meaning of the General Data Protection Regulation (Germany) and other national data protection laws of the member states as well as other data protection regulations is:

Gentle Troll Entertainment GmbH
Juliuspromenade 3
97070 Würzburg
CEO: Michel Wacker
Phone: +49 (0) 93140470833
Email: hello@gentletroll.com

II. Contact for data protection issues

Please write to hello@gentletroll.com, if you have questions about our data protection.

III. General information about data processing

1. Extent of the processing of personal data
We only collect the personal data that you provide when using our services. Personal data are those that contain information about personal or factual circumstances.

Your legitimate concerns will be taken into account in accordance with the legal data protection provisions. In the event of default of payment, we reserve the right, if necessary, to commission a collection agency or a lawyer to collect the claim due and to pass on the necessary data within this framework.

We treat all this data confidentially and in compliance with the legal data protection regulations. In principle, we do not pass on such information to third parties without your permission, unless this is necessary for the execution and execution of the contract, for the processing of your inquiry or for your care or according to the legal data protection regulations.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to process operations required to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

3. Purpose of processing personal data
We collect and process data to enable you to use our Services. This also includes the processing for the purpose of data security as well as the stability and operational safety of our system as well as for billing purposes. We process data to assist you with support requests. Data is also processed to prevent misuse of multiple accounts, e.g. to detect and prevent fraud. Data processing takes place in order to attract new customers and to play advertisements that we believe match your interests.

4. Data deletion and storage time
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted. Storage may also take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a contract conclusion or a contract fulfillment.

5. Data security
We take reasonable measures to prevent unauthorized access to your personal data as well as the unauthorized use or falsification of such data and to minimize the corresponding risks. However, the provision of personal information, whether in person, by telephone or over the Internet, is always associated with risks and no technological system is completely free from the possibility of being manipulated or sabotaged.

We process the information you collect in accordance with German and European data protection laws. All employees are committed to the data secrecy and privacy policy and instructed in this regard. For payment transactions, your data is encrypted using the SSL method.

IV. Provision of services and creation of logfiles

1. Description and scope of data processing
Each time our services are accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:

  • IP address
  • URL of the referring website from which the file was requested
  • Date and time of access
  • Browser type and operating system as well as hardware information
  • the page you visited
  • The amount of data you have transferred
  • Access status (file transfer, file not found, etc.)
  • Duration and frequency of use

The data are also stored in the log files of our system.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

3. Zweck der Datenverarbeitung
The temporary storage of the IP address by the system is necessary to enable the delivery of the services to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the services. In addition, the data is used to optimize the services and to ensure the security of our information technology systems. Storage for the duration of the session is for anti-fraud purposes (e.g., payment fraud, violation of the Laws of the Game by use of multiple accounts by the same person) and for the purpose of IT security (e.g., protection against DDoS attacks). Only a statistical evaluation of the data records takes place. For monitoring compliance with the Terms of Use, we reserve the right to save IP addresses and log files for a certain period of time even after the services have been used.

In particular, this procedure is used to prevent any cases of abuse or to educate them and to pass on the data for this purpose in individual cases to investigative authorities or to fix bugs. Incidentally, any other analysis of data is done as far as possible in an anonymous form. After the end of this period, the IP address and logfiles will be completely deleted, unless there are compulsory statutory retention requirements or specific prosecution and abuse investigation proceedings are pending. For these purposes, our legitimate and predominant interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection.

5. Possibility of objection and elimination
The collection of the data for the provision of the services and the storage of the data in log files is absolutely necessary for the guarantee of an interruption-free operation of the services. There is consequently no contradiction on the part of the user.

V. Email contact

1. Description and scope of data processing
It is possible to contact the provided e-mail address. In this case, the user's personal data transmitted by e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the request.

2. Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of the data processing
The processing of personal data serves us only for the processing of the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the purpose of fighting fraud and improving support, the data is stored for six months.

5. Possibility of objection and elimination
If the user contacts us, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data saved in the course of contacting will be deleted in this case.

VI. Cookies, web beacons, etc.

Our website uses so-called session or flash cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. In addition, we also use so-called persistent cookies, which are used beyond the session ("cross-session cookies"). In particular, these cookies are used to make the Internet offer of user-friendly, effective and secure and is required, for example, for the shopping cart in an online store. The user data collected through technically necessary cookies will not be used to determine your identity. We require cookies for the following applications:

  • Acceptance of language settings

The user data collected through technically necessary cookies are not used to create user profiles. The processing of personal data is governed by Art. 6 para. 1 lit. f DSGVO required for the protection of our legitimate interests. Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies and these cookies are deleted when the browser is closed. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled, it may not be possible to use all features of the website.

VII. Online presence in social media

1. Links to social media platforms

Facebook
We have set a link to “Facebook” which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. When using the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators. Unless otherwise stated in our privacy policy, we process users' data as long as they communicate with us within social networks and platforms, e.g. write posts on our online plattforms or send us messages. The privacy policy of Facebook can be found here: https://www.facebook.com/privacy/explanation

Instagram
We have set a link to “Instagram” which is part of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. When using the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators. Unless otherwise stated in our privacy policy, we process users' data as long as they communicate with us within social networks and platforms, e.g. write posts on our online plattforms or send us messages. The privacy policy of Instagram can be found here: https://help.instagram.com/519522125107875

Twitter
We have set a link to “Twitter” which is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). When using the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators. Unless otherwise stated in our privacy policy, we process users' data as long as they communicate with us within social networks and platforms, e.g. write posts on our online plattforms or send us messages. The privacy policy of Twitter can be found here: https://twitter.com/en/privacy.

Xing
We use buttons of “Xing” which is operated by Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When one of our pages is called up with a corresponding button, contents of Xing are called up. To the best of our knowledge, no personal data is collected and no surfing behavior is evaluated. The privacy policy of Xing can be found here: https://www.xing.com/app/share?op=data_protection.

LinkedIn
We use buttons from “LinkedIn” which is operated by LinkedIn Corp., 2029 Stierlin Court, Mountain View, CA 94043, United States. When you visit one of our pages with an appropriate button, content is called by LinkedIn servers. When you're signed in with your LinkedIn account, LinkedIn has the ability to combine your browsing experience with other data. The use of LinkedIn buttons is in the interest of sharing and improving our services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The privacy policy of LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy.

Discord
We use buttons from “Discord” which is operated by Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107. When using the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators. Unless otherwise stated in our privacy policy, we process users' data as long as they communicate with us within social networks and platforms, e.g. write posts on our online plattforms or send us messages. The privacy policy of Discord can be found here: https://discordapp.com/privacy

VIII. Google Maps

Our websites use maps from Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, United States. When you visit one of our sites with an appropriate map, map content from Google servers is accessed. When you're signed in with your Google Account, Google has the ability to match your browsing behavior with other data. The use of Google Maps takes place in the interest of a clear representation of our services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Google's Privacy Policy applies: ttps://policies.google.com/privacy?hl=en&gl=en

IX. Data protection in applications and in the application process

We collect and process the personal data of applicants for the purpose of processing the application process. The data will be used to verify your suitability for the position (or other vacancies in our companies) and to complete the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. Then the further procedure is tuned. In principle, only those persons in the company have access to your data, who need this for the proper execution of our application process. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents will be deleted after the rejection decision has been announced, provided that deletion does not prejudice any other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG). The legal basis for processing is Art. 6 (1) lit. b DSGVO. If the data may be required for legal prosecution after completing the application process, data processing based on the requirements of Art. 6 GDPR, in particular for the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defense against claims. We will erase the data after six months of cancellation unless you have agreed to longer storage. If you have been awarded the contract for a job as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

X. Rights of the data subject

If personal data is processed by you, you are i.S.d. DSGVO and you have the following rights to the responsible person:

1. Duty of disclosure
You can ask the person in charge to confirm if personal data concerning you is processed by us. If such processing is available, you may request information from the controller about the following information:

  1. the purposes for which the personal information is processed;
  2. the categories of personal data that are processed;
  3. the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data if the personal data are not collected from the data subject;
  8. You have the right to request information about whether the personal data relating to you are transferred to a third country or an international organization. In this regard, you can request the appropriate warranties in accordance with Art. 46 GDPR to be informed in connection with the transfer.

2. Right of rectification
You have a right of rectification and / or completion to the controller, provided that the personal data you process is incorrect or incomplete. The person in charge must make the correction without delay.

3. Right to restrict processing
You may request the limitation of the processing of your personal data under the following conditions:

  1. if you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  3. the person responsible no longer needs personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims,
  4. or if you object to the processing pursuant according to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State. If the limitation of the processing according to the o.g. If conditions are restricted, you will be informed by the person in charge before the restriction is lifted.

4. Right of deletion
You may require the controller to delete your personal data without delay, and the controller is obliged to delete the data without delay, if any of the following is true:

  1. Your personal information is for the purposes for which they were collected or otherwise processed are no longer necessary.
  2. You revoke your consent to the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
  3. You object to the processing according to Art. 21 para. 1 DSGVO and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 DSGVO objection to the processing.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Information to third parties
If the person responsible has made the personal data relating to you public and is in accordance with Article 17 (1) of the GDPR, it shall take appropriate measures, including technical ones, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Person requested by them to delete all links to such personal data or to make copies or replicas of such personal data.

Exceptions
The right of cancellation does not exist insofar as the processing is necessary

  1. for the exercise of the right to freedom of expression and information;
  2. to fulfill a legal obligation which requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  4. to assert, exercise or defend legal claims.

5. Right of information
If you have asserted the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data relating to you have been corrected or deleted or restricted unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

6. Data Transferability
You have the right to receive personal data relating to you provided by the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, insofar as

  1. the processing is based on a consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract according Art. 6 para. 1 lit. b DSGVO
  2. and processing is done using automated procedures.

In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Right of objection
You have the right at any time, for reasons arising from your particular situation, against the processing of personal data concerning you, which, on the basis of Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications. You can send an email to our data protection officer.

8. Right of revocation of the data protection consent declaration
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which will have legal effect or similarly affect you in a similar manner. This shall not apply if:

  1. the decision to conclude or to execute a contract between you and the controller is required
  2. by Union or Member State legislation to which the controller is subject, and that legislation is adequate to safeguard your rights and freedoms as well as your legitimate interests
  3. or with your express consent. However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.

10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you consider that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.