This privacy policy ("Privacy Policy") informs the user in what way, to what extent and for what purpose the processing of personal data by the controller Deca Live Operations GmbH, Unter den Linden 21, 10117 Berlin, Germany or Deca Games EOOD, 53 B Stefan Stambolov Str., 5000 Veliko Tarnovo, Bulgaria (hereinafter together referred to as "Deca") takes place. You can access, save and print this Privacy Policy in the current version at any time via our website https://decagames.com/.
Deca collects, processes or uses personal data exclusively within the applicable legal framework. Therefore, the high data protection level of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG) applies.
In the following we inform you about the processing of personal data when using our website, services offered on our websites, and forums (collectively our "Websites"). Insofar as individual services of Deca have different privacy policies, these apply.
Likewise, third-party services to which the Websites may refer by so-called links are excluded from the field of application. Deca is generally not responsible for content therein or compliance of these third parties with any data protection regulations, unless otherwise stated in the respective privacy policy of the content linked. This includes, for example, links to social networks such as LinkedIn. Information on the use and protection of the user's personal data on these platforms can be found in the privacy policy of the respective platform.
Controller according to Art. 4 (7) of the GDPR is Deca Live Operations GmbH, Unter den Linden 21, 10117 Berlin, Germany or in case of the following websites and forums: castleageforums.com, celtic-heroes.com, godsandglory.com, godsandglory.decagames.com, underworldempireforums.com, almostahero.com, blog.almostahero.com, knightsanddragons.decagames.com the controller is Deca Games EOOD, 53 B. Stefan Stambolov Str., 5000 Veliko Tarnovo, Bulgaria. For the assertion of your rights, as well as for suggestions and complaints regarding the processing of your personal data, you can contact us at privacy@decagames.com or via our postal address. Our DPO for Deca Live Operations GmbH (Data Protection Officer) is Susanne Klein, c/o Beiten Burkhardt Services GmbH, Ganghoferstraße 33, 80339 Munich, Germany.
Each time a user accesses our Websites for technical reasons the internet browser of the user will automatically transmit data about this. Deca will store this data as server log files. The following data will be logged:
This data is not stored together with other personal data. The legal basis for the temporary collection of data is Art. 6 (1) lit. f) GDPR. This data will be stored separately from personal information on secure systems and does not allow the identification of an individual person. Furthermore, the IP address of your computer will only be stored for the period of time in which you use the Website and will subsequently be deleted immediately or rendered anonymous by an abbreviation. The other data will be stored for a limited period of time.
The collected data will be used for statistical evaluation for the purpose of operating, securing, adapting and optimizing the Websites, which are considered legitimate interests of Deca within the meaning of Art. 6 (1) lit. f) GDPR. To the extent not mentioned otherwise in this Privacy Policy, the data will not be compared with other data files or shared with third parties, not even in excerpts and/or will not be evaluated for marketing purposes either. However, please note that our Websites might use cookies and analysis services. Detailed explanations of this are given in points 6 and following below. Nevertheless, Deca reserves the right to review the log data retroactively if there is a specific indication of illegal use. The data will be deleted automatically as soon as they are no longer necessary to achieve the purpose for which they were collected.
The use of certain services on the Websites may require registration or the submission of personal data by the user. In such cases we will only collect the personal data necessary to fulfill the services you have requested including, for example, your email address, user name and password, if you register for a forum. The collection, processing and use of personal data are solely for the purpose of providing the user with the information and services requested based on Art. 6 (1) lit. b) GDPR. The data will be deleted automatically as soon as they are no longer necessary to achieve the purpose for which they were collected.
If you make contact with Deca through the contact options provided, your contact data (e.g. name, email address) and any further information you provide in your request (e.g. subject, issue type, message, files) will be stored and processed to document and respond to your request. Deca will generally not share the data with third parties without your consent. The processing of this data is based on Art. 6 (1) lit. f) GPDR, whereby our legitimate interest is the proper processing and answering of your request. Upon request such data will be removed immediately from the web server. Otherwise, the data will be automatically deleted as soon as it is no longer required to answer your request.
Cookies and similar technologies (collectively "Cookies") are used to enhance the user-friendliness of websites. Cookies are small text files that are stored on your terminal device. Your browser accesses these files. The use of cookies improves the user-friendliness and security of our Websites. Many browsers offer the setting option not to allow cookies or at least limit their use. However, please note that if you do this you may not be able to use the full functionality of our Websites. Cookies are used to store information that is related to the specific device used. However, this does not mean that we are immediately aware of your identity.
Regarding the storage period, Cookies used on our Websites can be distinguished as follows:
Regarding their purposes and legal bases, Cookies used on our Websites can be distinguished as follows:
We use the consent manager Cookiebot of the provider Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich ("Usercentrics") on our Websites. The use of the Usercentrics consent manager enables us to obtain, manage and document the consent of website users to the storage of or access to information on their end device and to the subsequent data processing. For this purpose, Usercentrics places Cookies on the website visitor's device. In particular, the date and time of the website visit, device information, browser information, anonymized IP address, opt-in data and opt-out data are collected.
The legal bases for the use of the Cookies and subsequent data processing are Section 25 (2) No. 2 TDDDG and Art. 6 (1) lit. c) GDPR, as we thereby comply with our legal obligation to obtain and document consent. You can revoke your consent at any time via the consent manager with effect for the future.
Your personal information will be stored for as long as is necessary to fulfill the purposes described above, i.e. we must be able to prove the existence of any consent you may have given.
Further information on the processing of data by Usercentrics can be found here.
The use of tracking measures on our Websites is to ensure the appropriate design and continuous optimization of our Websites. Tracking is also used to gather statistics about the use of our Websites and evaluate the data for the purpose of optimizing our offerings for you. You find the specific purposes and further information on the data processing in relation to a certain tracking tool below.
Our Websites use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland ("Google"). We want to use the statistics and reports obtained from Google to increase efficiency, to tailor the design and to continuously optimize the Websites.
Google Analytics uses Cookies (see para. 6), which are text files stored on your computer to help the websites analyze how visitors use the websites. The information generated by the Cookies about your use of our Websites is usually transmitted to and stored by Google on servers in the USA. Google uses this information, on our behalf, for the purpose of evaluating your use of our Websites, compiling reports on website activity and providing other services relating to website activity and internet usage for us.
Google Analytics also collects the IP address of your end device in order to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the Websites are used. However, your IP address will be truncated beforehand by Google within member states of the European Union or in other contractual states of the treaty on the European Economic Area (so-called "anonymize_ip feature"). This shortening eliminates the personal reference of your IP address. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and truncated there. The anonymize_ip feature is active on our Websites. The IP address transmitted to us by your browser as part of Google Analytics will not be combined with any other data held by Google.
Google can process the aforementioned data collected via Google Analytics for its own purposes in accordance with its own privacy policy. The data may be stored by Google in user profiles and processed, for example, to improve products, develop new products, measure the effectiveness of certain advertising and market research and to personalize content and advertisements. If you are logged in to Google, your data will be assigned directly to your user account. If you do not want your data to be assigned to your Google user account, you must log out before activating Google Analytics. We have no influence on the further processing of your data by Google. You can find more information on this in Google's privacy policy here and at the following link.
In connection with the above-mentioned functions, Google may also transfer the processed data to servers outside the EU, in particular to Google LLC in the USA, insofar as this is necessary for the provision of these services. For the USA, the EU-U.S. Data Privacy Framework is an adequacy decision of the EU Commission, which attests that certified companies have an adequate level of data protection within the meaning of the GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework and is also entered in the list maintained by the U.S. Department of Commerce (Data Privacy Framework List). A consistently high level of data protection is therefore guaranteed when data is transferred to Google LLC servers in the USA. Insofar as data is transferred to the USA, such a third country transfer is based on Art. 45 (1) sentence 1 GDPR.
We activate Google Analytics only if you consent to the use of Cookies and the processing of your data by Google. The legal basis for data processing in connection with the integration of Google Analytics on our Websites is therefore Section 25 (1) TDDDG and Art. 6 (1) lit. a) GDPR. You can revoke your consents at any time with effect for the future, for example by deselecting the "Statistics" category in the settings of our cookie banner.
You can also prevent the recording of data generated by the Cookies about your use of the Websites (including your IP address) by Google and the processing of this data by Google by downloading and installing the plug-in available at the following link link.
We use the Google Tag Manager, a Google service, on our Websites. Google Tag Manager enables us to manage website tags via an interface. To this end, Google Tag Manager implements the tags and triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. A server connection to Google Tag Manager is established, whereby, among other things, your IP address is transmitted.
Further information on data protection can be found on the following Google websites:
The legal basis is your consent in accordance with Art. 6 (1) lit. a) GDPR, which you have given via our cookie banner.
For information on data transfers to the USA, please see the Google Analytics section above.
We may use Google Fonts on our Websites. Google Fonts is a collection interface for fonts offered by Google. Various manufacturers can store fonts under Google Fonts, which can then be used by website operators. We use Google Fonts to provide you appealing Websites and to make our content visually perceptible through fonts.
The legal basis for the data processing related to the use of Google Fonts is your consent in accordance with Art. 6 (1) lit. a) GDPR. You can withdraw your consent at any time with effect for the future.
To load the fonts, a connection to Google's servers is established so that your IP-Address might be transmitted to Google's servers. The servers may be located in the U.S. so that your data may be transferred to a third country. As explained above, Google LLC is certified under the EU-U.S. Data Privacy Framework, so that an adequate level of data protection is guaranteed in case of data transfers to Google's servers located in the U.S. (cf. Art. 45 (1) sentence 1 GDPR, please see above the Google Analytics section for details).
We use the services of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich ("Cloudflare") on our Websites. We use Cloudflare's content delivery network to accelerate the display of our content and our Websites. This shortens the loading time and improves the performance of the Websites. In addition, we ensure that the Websites can be displayed reliably and stably in the event of increased requests. In this context, the IP address, information on the system configuration of the browser and traffic data as well as network data are passed on to Cloudflare.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the security, stability and improved availability of content and redundancy when accessing our Websites. The retrieval of the IP address by Cloudflare is absolutely necessary according to Section 25 (2) No. 2 TDDDG in order to be able to display our Websites.
Cloudflare mainly uses servers in the European Economic Area or within the USA. In this respect, the aforementioned data may also be transferred by Cloudflare to servers in the USA. For data transfers to the USA, the EU-U.S. Data Privacy Framework applies as an adequacy decision pursuant to Art. 45 (1) sentence 1 GDPR. Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework and entered in the list maintained by the U.S. Department of Commerce (Data Privacy Framework List). This ensures a consistently high level of data protection when data is transferred to Cloudflare servers in the USA.
Further information on data processing by Cloudflare can be found here.
We use Breezy HR from Breezy HR, Inc., 434 Fayetteville Street, 9th Floor, Raleigh, NC 27601, US ("Breezy HR") to embed job listings directly on our Websites. Breezy HR provides widgets that allow us to display job openings in our company on our Websites.
In order to use this function, Breezy HR establishes a server connection. Personal data, in particular the IP address and browser settings, may be transmitted to the Breezy servers. In addition, Breezy sets Cookies on the user's end device in order to be able to display the job offering widgets.
The legal basis for the use of cookies is Section 25 (2) No. 2 TDDDG because we can hereby communicate an essential piece of information as part of our basic conception about our company. The subsequent data processing is based on our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR to advertise job offerings on our Websites and to reach out for applicants.
We may share your personal data with our third-party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. We have concluded corresponding data processing agreements with these service providers in accordance with Art. 28 GDPR so that your data is processed only on our behalf in accordance with our instructions. Before forwarding any personal data, of course we ensure that service providers have taken the necessary technical and organisational measures to ensure an adequate level of protection. Our main service providers are currently: Discourse, Fragnet, GoDaddy, Heroku, Amazon Web Services, Google Cloud, Helpshift, Zendesk, Splunk, DataDog, Suraway Ltd., Unity Technologies.
Otherwise, data will only be shared with third parties with your consent or insofar as this has been described elsewhere in this Privacy Policy. In individual cases, data may also be transmitted to the following recipients:
Information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our third party service providers outside the country in which you reside, where data protection and privacy regulations may not offer the same level of protection as in the country in which you reside or in other parts of the world.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. This includes the use of the EU-U.S. Data Privacy Framework for transfers to the USA as well as the European Commission's Standard Contractual Clauses. Further details can be provided upon request.
We process personal data of the user as long as it is necessary to achieve the purposes of the processing, or is prescribed by a legal obligation to store the data. Subsequently, the data is deleted in accordance with statutory laws. Data that we store for legal reasons, however, is stored for as long as this is required by law. Upon end of a statutory retention period, the data will be deleted without undue delay, unless there are other reasons within the meaning of Art. 17 (3) GDPR opposing the deletion.
Data that we have processed on the basis of consent will generally be erased or made anonymous immediately after consent is revoked.
Deca takes technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, misuse or access by unauthorized persons or against unauthorized disclosure. Our security measures are regularly reviewed and adapted in line with technological developments. Data transmitted between our server and the terminal is encrypted (HTTPS protocol). Please note, however, that no internet transmission is ever 100% secure or error-free, please take this into account when using the services of Deca.
Our Websites do principally not include an automated decision-making process, including profiling, pursuant to Art. 22 (1) and (4) GDPR. Should this change and individual, special features of our Websites in individual cases include also an automated decision-making process, we will provide you with relevant information about the logic involved and the scope of such processing.
As a person subject to data processing, you are entitled to the following rights, in each case under the requirements and to the extent stipulated by the GDPR. Please contact us if you wish to exercise your rights.
You have the right to request free information about the nature, extent and source of the data stored about you, the categories of recipients to whom your information has been or will be disclosed and the purpose and intended duration of the storage.
You have the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about you, unless Deca is legally obliged to retain such data. Insofar as this includes such personal data that is necessary for the provision of services to you, the deletion or restriction of the processing of this data can only take place when you no longer use Deca's services.
If you provide data relating to you and Deca processes such data on the basis of your consent or in order to fulfil the contract, you may request to receive such data in a structured, current and machine-readable format from Deca or to make Deca transmit such data to another person responsible, insofar as this is technically possible (so-called right to data portability).
You have the right to object, on grounds relating to your particular situation, at any time to the processing of the personal data concerning you, which is based on Art. 6 (1) lit. e) or f) GDPR, in accordance with Art. 21 GDPR; this also applies to profiling based on these provisions. Deca will no longer process the personal data concerning you unless Deca can demonstrate compelling legitimate grounds for processing which outweigh your interests, rights and freedoms or the processing is intended to assert, exercise or defend legal claims. If the personal data concerning you are processed for direct advertising purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
You have the right to revoke your consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state where you reside, work or the alleged infringement occurred, if you believe that the processing of the personal data concerning you is contrary to the GDPR.
Due to the further development of our Websites or due to changed legal or regulatory requirements, it may be necessary to change this Privacy Policy from time to time. The current Privacy Policy can be viewed and printed at any time via our website www.decagames.com.