Privacy Policy
1. Data Protection at a Glance
General Information
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data with which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy set out below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the site’s legal notice (Imprint).
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can, for example, be data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipients and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. For this as well as for further questions about data protection, you can contact us at any time at the address given in the Imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Details can be found in the Privacy Policy under “Right to restriction of processing”.
2. General notes and mandatory information
Data protection
The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We point out that data transmission over the internet (e.g., when communicating by e-mail) may have security gaps. Complete protection of data from access by third parties is not possible.
Information about the data controller
The controller responsible for data processing on this website is:
Pascal Flachsenberg
Gladbacher Str. 118
47805 Krefeld
Phone: [On request]
E-mail: support[AT]whitedragons-gc.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, e-mail addresses or similar).
Hosting by Webtropia / myLoc managed IT AG
Our website, as well as all other services, are operated on servers of myLoc managed IT AG, Am Gatherhof 44, 40472 Düsseldorf, Germany (Webtropia).
The use is based on Art. 6 (1) lit. f GDPR (legitimate interest in the secure and efficient provision of our online offering).
A data processing agreement pursuant to Art. 28 GDPR has been concluded with the provider.
Storage duration
Unless a more specific storage period is specified within this Privacy Policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you make a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur after these reasons cease to apply.
General information on the legal bases of data processing on this website
If you have given consent to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR and Art. 9 (2) lit. a GDPR if special categories of personal data according to Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or to access information on your device (e.g., via device fingerprinting), processing is additionally based on Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. The relevant legal basis in each individual case is explained in the following sections of this Privacy Policy.
Notice regarding data transfers to the USA and other third countries
We use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these third countries. We point out that these countries may not guarantee a level of data protection comparable to that in the EU. For example, US companies are obligated to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be excluded that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. An informal e-mail to us is sufficient for this. The legality of the data processing carried out up to the revocation remains unaffected by the revocation.
Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)
If data processing is based on Art. 6 (1) lit. e or f GDPR, you have the right at any time, on grounds relating to your particular situation, to object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of infringements of the GDPR, data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data which we process on the basis of your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will be done only insofar as it is technically feasible.
Right of access, blocking, deletion and rectification
Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectification, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the Imprint.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the Imprint. The right to restriction of processing exists in the following cases:
- If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data occurred/occurs unlawfully, you may request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you require it for the establishment, exercise or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
- If you have objected pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
3. Data collection on our website
Cookies
This website uses cookies. Cookies do not harm your computer and do not contain viruses. Cookies help make our offering more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit ends. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are necessary to carry out the electronic communication process or to provide certain functions you have requested (e.g., shopping cart function) are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g., cookies to analyze your surfing behavior) are stored, these are treated separately in this Privacy Policy.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data will not be combined with data from other sources.
The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this, server log files must be collected.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 (1) lit. a GDPR). You can revoke this consent at any time. An informal e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been dealt with). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Registration on this website
You can register on our website to use additional functions on the site. The data entered for this purpose will be used only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
For important changes, for example in the scope of the offer, or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.
The processing of the data entered during registration is based on Art. 6 (1) lit. b GDPR (performance of a contract or pre-contractual measures).
The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data on the use of our internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill for it.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of contracts for services and digital content
We transfer personal data to third parties only if this is necessary as part of the contract processing; for example, to the credit institution commissioned with payment processing.
No further transmission of the data will take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent for purposes such as advertising.
The basis for data processing is Art. 6 (1) lit. b GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures.
4. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 (1) lit. a GDPR). You can revoke the consent given to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you cancel the newsletter. Data stored by us for other purposes remains unaffected.
5. Plugins and tools
Spreadshirt / Spreadshop (Print-on-Demand & Shop Integration)
We offer merchandise products through the services of the Spread Group (“Spreadshirt/Spreadshop”). The responsible entities are sprd.net AG and Spreadshirt Print On Demand GmbH, Gießerstraße 27, 04229 Leipzig, Germany.
Embedded Shop Widget:
Our website may include an embedded Spreadshop widget. When loading this widget, technical data (e.g. IP address, date/time, device and browser data) are processed, and cookies may be set to ensure functionality and analyze user behavior. Processing is based on Art. 6 (1) (f) GDPR (legitimate interest in providing an attractive and efficient online offering) and, where applicable, on Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG (consent to cookies/tracking). You may withdraw your consent at any time via the cookie banner.
External Spreadshop:
When you follow our external Spreadshop link, you are redirected to the Spread Group’s website. There, the Spread Group’s privacy policy exclusively applies. In case of an order, Spreadshirt independently collects and processes the required data (order and payment information, delivery and billing data, etc.) for the purpose of fulfilling the contract.
Legal basis: Art. 6 (1) (b) GDPR (contract/order processing), Art. 6 (1) (f) GDPR (legitimate interest), and – where cookies or tracking are used – Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG (consent).
Recipients / Third parties: Depending on the order, data may be shared with payment providers, printing and logistics providers, and customer support services of the Spread Group. Data transfers to third countries (e.g. the USA) are possible; for this purpose, the Spread Group uses safeguards such as EU Standard Contractual Clauses.
Storage period: Corresponds to the statutory retention periods and internal deletion policies of the Spread Group.
For more information, please refer to the Spread Group’s privacy policy:
www.spreadgroup.com/data-protection/
and legal information:
Legal Information.
TeamSpeak
Our website offers the possibility to link your user account with our TeamSpeak server. The provider is TeamSpeak Systems GmbH, Soiernstraße 1, 82494 Krün, Germany.
When linking the forum and TeamSpeak, the data required for synchronization (e.g., your TeamSpeak identity, user ID and, if applicable, your forum ID) is processed. This data is used exclusively for managing rights and groups within our server.
Processing is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke this consent at any time.
Further information can be found in TeamSpeak’s Privacy Policy:
Discord
Our website offers the possibility to link your user account with Discord. The provider is Discord Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA.
When linking the forum and Discord, the data required for synchronization (e.g., your Discord ID, username, avatar, and, if applicable, e-mail address) is processed. This data is used exclusively for managing rights and groups within our Discord server.
Processing is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke this consent at any time.
Further information can be found in Discord’s Privacy Policy:
YouTube
Our website uses plugins of the YouTube site operated by Google. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.
Furthermore, YouTube may store various cookies on your end device. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your end device until you delete them.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
Further information on the handling of user data can be found in YouTube’s Privacy Policy at: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the Google Maps map service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive presentation of our online offers and to make the locations specified by us on the website easy to find. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
More information on the handling of user data can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
Google (Docs / Sheets)
We use Google services to store data, such as Docs and/or Sheets. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Primarily, the service is used to maintain a member list, so no connection between users and the named provider is created. Nevertheless, we provide this notice of use.
In the course of this use, personal data (e.g., IP address, device data) may be transferred to Google servers, including in the USA.
Processing is based on your consent (Art. 6 (1) lit. a GDPR) or on our legitimate interest in functional provision (Art. 6 (1) lit. f GDPR).
Further information can be found in Google’s Privacy Policy:
Datenschutzerklärung – Datenschutzerklärung & Nutzungsbedingungen – Google
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
reCAPTCHA is intended to check whether data entry on our websites (e.g., in a contact form) is made by a human or by an automated program. To this end, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM.
Further information about Google reCAPTCHA and Google’s Privacy Policy can be found at the following links: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.
Spotify
Our website uses plugins from the online service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.
When you visit one of our pages equipped with a Spotify plugin, a connection to the Spotify servers is established. The Spotify server is informed which of our pages you have visited. In addition, Spotify obtains your IP address. This also applies if you are not logged in to Spotify or do not have a Spotify account.
If you are logged into your Spotify account, you enable Spotify to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Spotify account.
The use of Spotify is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
Further information on the handling of user data can be found in Spotify’s Privacy Policy at: https://www.spotify.com/de/legal/privacy-policy/.
Our website uses functions of Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit one of our pages equipped with an Instagram plugin, a connection to the Instagram servers is established. The Instagram server is informed which of our pages you have visited. In addition, Instagram obtains your IP address. This also applies if you are not logged in to Instagram or do not have an Instagram account. The information collected by Instagram is transmitted to Instagram servers in the USA.
If you are logged into your Instagram account, you enable Instagram to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Instagram account.
The use of Instagram is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
Further information on the handling of user data can be found in Instagram’s Privacy Policy at: https://privacycenter.instagram.com/policy.
Twitch
Our website uses functions of the streaming service Twitch. The provider is Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA.
When you visit one of our pages equipped with a Twitch plugin, a connection to the Twitch servers is established. The Twitch server is informed which of our pages you have visited. In addition, Twitch obtains your IP address. This also applies if you are not logged in to Twitch or do not have a Twitch account. The information collected by Twitch is transmitted to Twitch servers in the USA.
If you are logged into your Twitch account, you enable Twitch to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Twitch account.
The use of Twitch is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
Further information on the handling of user data can be found in Twitch’s Privacy Notice at: https://legal.twitch.com/en/legal/privacy-notice/.
Our website uses plugins from Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit one of our pages equipped with a Facebook plugin, a connection to the Facebook servers is established. The Facebook server is informed which of our pages you have visited. In addition, Facebook obtains your IP address. This also applies if you are not logged in to Facebook or do not have a Facebook account. The information collected by Facebook is transmitted to Facebook servers in the USA.
If you are logged into your Facebook account, you enable Facebook to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Facebook account.
The use of Facebook is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
Further information on the handling of user data can be found in Facebook’s Privacy Policy at: https://www.facebook.com/privacy/policy.
UptimeRobot
Our website uses the monitoring service UptimeRobot to monitor the availability of our servers and services. The provider is Uptime Robot Service Provider Ltd., 19-21 Crawford Street, London, UK.
Technical data such as IP address and access timestamps are processed. This is used exclusively for technical analysis and ensuring availability.
Further information can be found in UptimeRobot’s Privacy Policy:
https://uptimerobot.com/privacy-policy/
Steam
Our website offers the possibility to link your user account with Steam. The provider is Valve Corporation, Bellevue, Washington, USA.
When linking the forum and Steam, the required data (e.g., Steam ID, username, if applicable avatar, game information) is transmitted. This data is used exclusively for the setup and management of your account in the forum.
Processing is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke this consent at any time.
Further information can be found in Steam’s Privacy Policy:
Aivor by Darkwood.Design
Our website uses plugins that access the Aivor interface by Darkwood.Design, owned by Daniel Hass. This enables authorized users to submit any text data to a chatbot. Although the plugins do not require or expect personal data, it cannot be ruled out that a user voluntarily enters personally identifying data. This data may be forwarded to the AI-based technology ChatGPT, which automatically generates a response. Please note that Aivor (Darkwood.Design) and ChatGPT (OpenAI) as service providers also have access to the data you provide.
The provider of ChatGPT is OpenAI, L.L.C., 3180 18th St, San Francisco, CA 94110. The provider of Aivor is Darkwood.Design, Daniel Hass, Köpenicker Str. 36, 15754 Heidesee. A data processing agreement (DPA) ensures that the personal data of interface users is processed only in compliance with the GDPR.
Further information can be found in the Darkwood.Design Privacy Policy at: https://darkwood.design/datenschutzerklaerung/
6. Payment provider
PayPal
We offer, among other options, payment via PayPal on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
If you choose to pay via PayPal, the payment data you enter will be transmitted to PayPal.
The transmission of your data to PayPal is based on Art. 6 (1) lit. a GDPR (consent) and Art. 6 (1) lit. b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of data processing operations carried out in the past.
