The data controller within the meaning of the German Basic Data Protection Ordinance and other national data protection laws of the Member States as well as other data protection laws is:
Otto von Bahrenpark
22761 Hamburg, Germany
Fax: +49 (0)40 30 99 495 123
Managing Director: René Korte
Commercial Register: Hamburg Local Court
VATID No.: DE253775299
The Data Protection Officer for the data controller is:
Attorney at law and specialist attorney for information technology law
Dr. Christian Rauda
GRAEF Rechtsanwälte Digital PartG mbB
In principle, we only collect the personal data that you provide when using services within the scope of your registration and, if necessary, when purchasing goods or using chargeable services. Personal data are data that contain information about personal or factual circumstances.
You can create an account with your email address and password. When registering for ROCCAT WORLD, the following information is required: country, nickname, email address and password. Passwords are stored in encrypted form, which at no time allows any conclusion to be drawn about the actual password. Within the scope of a purchase of goods or the paid services you have chosen, it may be necessary to provide additional data, such as your full name, address, bank account details, credit card numbers, etc. The data will not be passed on to third parties. Sometimes it is also necessary to ask you for personal data such as name, address, email address and telephone number in order to process your enquiries or for your support.
We also collect data in the course of voluntary participation in inquiries and surveys. We only disclose personal data to cooperating companies or external service providers, as far as this is legally prescribed or legally permissible, in particular for the performance of the contract, for payment processing and for the protection of other users or to avert dangers for state or public security or for prosecution of criminal offences.
Your concerns worthy of protection are considered in accordance with the legal data protection regulations. In the event of a delay in payment, we reserve the right, if necessary, to hire a collection agency or a lawyer for the collection of the due claim and to pass on the necessary data within this framework.
We treat all this data confidentially and in compliance with the legal data protection requirements. As a matter of principle, we fundamentally do not provide such information to third parties without your permission, unless this is necessary for the execution and processing of the contract, for processing of your inquiry or if it is necessary for your support or is permissible according to the legal data protection regulations.
Insofar as we obtain the consent of the data subject for processing personal data, Art.
6 para. 1 (a) EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.
In the processing of personal data necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 6(1)(b) GDPR serves as a legal basis. This also applies to processing operations that are necessary for pre-contractual measures.
As far as the processing of personal data for the fulfilment of a legal obligation is required to which our company is subject, Art. 6 para. 1 (c) GDPR serves as a legal basis.
In the event that the vital interests of the data subject or any other natural person requires processing of personal data, Art. 6 para. 1 d) GDPR applies as the legal basis.
If the processing is necessary for the protection of a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR applies as the legal basis for processing.
We collect and process data to enable you to use the services. This also includes processing for the purpose of data security and stability and operational reliability of our system and for billing purposes. We process your information to support you with support requests. Data shall also be processed in order to detect misuse of multiple accounts, e.g. for fraudulent purposes, and to prevent it. Data processing takes place in order to win new customers and to present advertising that we believe suits your interests.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage can occur then if this is required by European or national lawmakers in EU regulations, laws or other regulations under EU law to which the data controller is subject to. Blocking or deleting data also takes place if a storage period prescribed by the aforementioned standards passes, unless a requirement for further storage of the data for a conclusion of the contract or performance of the contract exists.
We take reasonable precautions to prevent unauthorised access to your personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. Nevertheless, the provision of personal data, whether in person, by telephone or via the Internet, is always associated with risks and no technological system is completely free of the possibility of manipulation or sabotage.
The data collected from you is processed according to German and European data protection laws. All employees are aware of the data secrecy and the data protection regulations and instructed in this regard. For payment transactions, your information is transferred encrypted using the SSL process
Every time our services are called up, our system automatically collects data and information from the computer system of the calling computer.
In doing so, the following data is collected:
The data is also stored in the log files of our system.
The legal basis for temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.
Temporary storage of the IP address by the system is necessary for delivery of the services to the user's computer. For this purpose, the IP address of the user must be stored for the duration of the session.
The data are stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. Data is stored beyond the duration of the session for the purpose of combating fraud (e.g. payment fraud, violation of the game rules by the same person using several accounts) and for the purpose of IT security (e.g. protection against DDoS attacks). Only one statistical evaluation of the data records is conducted.
Additionally, any other evaluation of data is carried out as far as possible in anonymous form. After the end of this period, the IP address and log files will be completely deleted, unless there are mandatory legal storage obligations or specific criminal prosecution and abuse investigation proceedings pending. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 para. 1 (f), GDPR.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
The collection of data for the provision of services and the storage of data in log files is absolutely necessary to ensure the uninterrupted operation of the services. Consequently, there is no option to object on the part of the user.
We can send push notifications to your device to notify you of updates for services, news and other relevant messages.
The legal basis for the processing of the data in the case of a contract in accordance with Art. 6 is para. 1 b GDPR.
You can prevent this from happening by making the appropriate settings in your system. Please refer to the documentation of the system you are using.
On our website there is a contact form, which can be used for making electronic contact. If a user accepts this option, the data entered in the input screen will be transmitted to us and stored. This data includes:
Type of enquiry
Browser, hardware and operating system data
Alternatively, you can contact us via the provided email address. In this case, the user's personal data that is transmitted along with the email will be stored.
Alternatively, you can also contact us as part of our game.
This data shall not be disclosed to third parties in this context. The data are used exclusively for processing the request.
The legal basis for processing the data if the user's consent has been obtained is Art. 6 para. 1 a GDPR.
Legal basis for the processing of data which is collected in the course of the transmission of an email is Art. 6 para. 1 (f), GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 b GDPR.
We only use personal data provided on contact forms for processing of contact. If you contact us by email, processing also occurs in the necessary legitimate interest in the processing of the data.
Other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the purpose of fighting fraud and improving support, the data is stored for six months.
The user has the possibility at any time to withdraw his consent to the processing of personal data. If the user contacts us, he can revoke consent to the storage of his personal data at any time. In such a case, It will not be possible to continue saving data. In this case, all personal data stored when establishing contact with us shall be deleted.
There are permanent cookies that are stored on your display device for a longer period of time, and session cookies that are temporarily stored on your display device and that are deleted after the services are closed.
We use necessary cookies, function cookies, performance cookies, targeting and advertising cookies, conversion tracking cookies.
These cookies are necessary for the use of the services. Without these necessary cookies, it is possible that we may not be able to provide you with certain services or features or that the presentation of the services is not error-free.
Function cookies allow us to recognise your preferences and provide you with advanced and more customised features e.g. personal adaptation of the services, recognition, or whether or not we have asked you certain things or you have requested other services. All these features help us to improve our services for you.
Performance cookies are sometimes also referred to as analytics cookies and collect information about your use of the services and enable us to improve the functioning of the services. For example, performance cookies show us which pages are most frequently used, what the entire usage pattern for the services are and help us to identify problems with the use of the services.
We and our service providers can use targeting or advertising cookies to show you advertising that is better suited to your interests and preferences. We may use targeting or advertising cookies to limit the number of identical ads you see in the services or to determine the effectiveness of our marketing campaigns. These cookies record, for example, what you have viewed within the scope of the services and we share this information with other organisations. The display of advertising supports the operation and further development of the services.
In order to provide our users with the best possible experience, we constantly try to add new users to the community. We use conversion tracking in the process of billing and outsourcing of marketing measures. With our help, a marketing partner records when a user has completed a registration or a predefined action. On the web, this is done by automatically contacting the marketing partner's server. The data transmitted by us is limited to the most necessary.
The following data will be transmitted to us:
The legal basis for the processing of personal data using cookies is Art. 6 par. 1 (f) GDPR.
On our website, you have the possibility to post articles in a forum. Here, too, registration with a user name and your e-mail address, entering a password, is required. The registration can be done under a pseudonym. These data are stored on our part only for the purpose of the log-in possibility. The forum is operated by phpBB Deutschland e. V., Sandweg 17, 70771 Leinfelden-Echterdingen. Further information about the use of your data by the operator can be found under the following link: https://www.phpbb.com/community/ucp.php?mode=privacy.
We offer you the opportunity to sign up for our services with Facebook Connect. This is a service provided by Facebook Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An additional registration is therefore not necessary. You will be redirected to the Facebook page where you can log in with your user data. This will link your Facebook profile and our service. Through the link we automatically receive from Facebook Inc. The following information will be sent to us: Email address, first name, last name.
This information is mandatory for the conclusion of the contract in order to be able to identify you. For more information about Facebook Connect and the privacy settings, please see the privacy notices on https://de-de.facebook.com/about/privacy/update and https://www.facebook.com/legal/terms of Facebook.
Based on our rightful interest in the analysis, optimisation and efficient operation of our online offer, we have decided to use the “Facebook pixel”, for our online offerings, provided by the social network, Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, in case you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand canal Harbour, Dublin 2, Ireland (“Facebook”).
The Facebook pixel is a code snippet that is placed on our website.
With the help of Facebook pixels, Facebook is able to determine the visitors of our online offer as a target group for the presentation of advertisements ("Facebook ads"). Accordingly, we use the Facebook pixel to display our Facebook ads only to Facebook users who have shown an interest in our website or who have certain traits (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook ("custom audiences"). The Facebook pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our services after clicking on a Facebook ad ("conversion"), (i.e. to determine which devices a user uses when performing an action), to create lookalike audiences/statistical twins (i.e. to broadcast advertising to target groups that are similar to existing customers) and to obtain comprehensive statistics on the use of the website. The Facebook pixel establishes a direct connection to the Facebook servers when you visit our website. A message is sent to the Facebook server indicating that you have visited this website and Facebook assigns this information to your personal Facebook user account.
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Google has become subject to the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
On our behalf, Google will use this information to evaluate the use of our online offering by the user, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and the internet. Pseudonymous usage profiles of users may be created from the processed data in this respect.
We use Google Analytics only with activated IP anonymisation. This means that the IP address of the user is truncated by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and be trunciated there.
For further information on data usage by Google, setting and blocking options, please see the Google websites: https://www.google.com/intl/de/policies/privacy/partners ("How Google uses information from sites or apps that use our services"), https://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), https://www.google.de/settings/ads ("Control the information Google uses to show you ads").
We continue to use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this to be carried out, you can disable the function via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our online offer within the meaning of Art. 6 para. 1 (f). GDPR), we use marketing and re-marketing services ("Google Marketing Services" for short) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Users' data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.
One of the Google marketing services we use is Google AdWords, an online advertising platform. In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Thus, cookies cannot be tracked using the website of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. AdWords advertisers can find out the total number of users who have clicked on their ad and been redirected to the page with a conversion tracking tag. However, advertisers do not obtain any information that can be used to identify users personally.
We use Google Double Click for Publishers (DFP). This is an ad delivery platform hosted by us or by advertisers that optimises ad management whether ads are delivered to websites, mobile websites, mobile apps, games, or combinations of these elements. DFP provides a comprehensive toolkit with which we can deliver ads to target groups in our multiscreen world.
We can also use the "Google Tag Manager" to integrate Google analysis and marketing services into our website and manage them.
If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: https://www.google.com/ads/preferences.
Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our online offer within the meaning of Art. 6 para. 1 (f) of the GDPR ) social plugins ("plugins") which are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by a Facebook logo (white "F" on a blue tile, the term "Like", or a "thumbs up" sign) or by the phrase "Facebook social plugin". The list and the appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ . We also use Facebook Connect. Connect allows Facebook users to share their account information and friends with other websites or desktop applications. The settings made on Facebook to protect your privacy are also retained on other pages.
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When users access a feature of this online offer that contain such a plugin, their device establishes a direct connection to Facebook's servers. The content of the plug-in is transmitted by Facebook directly to the user's device to be integrated into the online offer. Pseudonymous usage profiles of users may be created from the processed data; therefore, we have no influence on the scope of the data which Facebook collects using this plugin and inform you based on our knowledge.
By including the plugin, Facebook receives the information that a user has accessed the corresponding page of the online offer. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plug-ins, for example by clicking the Like button or writing a comment, the corresponding information is directly transmitted from your browser to Facebook to be stored there. If you are not a member of Facebook, there is still the possibility that Facebook will gain knowledge of your IP address and store it. According to Facebook, only anonymised IP addresses are stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook before using our online offer and delete his or her cookies. More settings and ways to revoke permission to use your data for advertising purposes are available in your Facebook profile settings: https://www.facebook.com/settings?tab=ads oder über die US-amerikanische Seite https://www.aboutads.info/choices/ oder die EU-Seite https://www.youronlinechoices.com/. The settings apply across platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.
By integrating the plugin, Pinterest automatically receives log data that the browser transmits when the website is visited. According to Pinterest, log data may also include the IP address, the address of the website visited, the type and setting of the browser, and the date of the request. In addition, Pinterest can also collect device information, such as the operating system used or the like.
If you click the Pinterest "Pin It" button while you are logged into your Pinterest account, you can link the content of our pages to your Pinterest profile. This allows Pinterest to associate the visit to the website or app with the Pinterest user account.
For more information about Pinterest's data processing and privacy practices, please visit https://pinterest.com/about/privacy/. There you will also find information on the type of data processed and the purpose for which they are used.
It is also possible to post articles, etc., via Twitter. This service and an appropriately configured plugin are provided by Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 ("Twitter"). The Tweet button allows users to share blog articles via Twitter. You can find an overview of Twitter plugins and their appearance here: https://twitter.com/about/resources/buttons. We have no influence on the amount of data retrieved by Twitter.
By integrating the plugin, Twitter automatically receives protocol data which the browser transmits when visiting the website, even if users do not have a Twitter profile or are not currently logged in to Twitter. The log data may also include the IP address, the address of the visited website, type and setting of the browser, date of the tweet. In addition, Pinterest can also collect device information, such as the operating system used or the like.
If users are logged in to Twitter, Twitter can immediately assign their visit to our website to their Twitter user account. If you interact with the plugins, for example by pressing the "Tweet" button, that information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts there.
The purpose and scope of data collection and the further processing and use of data by Twitter as well as the relevant rights and setting options for the protection of privacy can be found in the Twitter data protection information: https://twitter.com/privacy
If users do not want Twitter to associate the data collected via the website directly with their Twitter account, they must log out of Twitter before visiting the website. You can completely prevent Twitter plugins from loading by using browser add-ons, e.g. the script blocker "NoScript"(http://noscript.net/).
We have provided a link to Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
We use Twitter Ads for marketing and optimisation purposes, in particular to analyse the use of our Internet presence and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour we can improve our offer and make it more interesting for you as a user. We have a legitimate interest in being able to fulfil our contractual relationships with the affiliate partners. This is also our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 para. 1 clause 1 (f) GDPR.
You can deactivate the installation of cookies in the settings of your browser. You can also prevent Twitter from collecting the above information on the following pages:
You can register on our website to receive our newsletter. We need your email address for this. In addition, in accordance with the relevant legal regulations, we must verify that you are actually the owner of the email address provided and that you would like to receive the newsletter. For this purpose we will send you a validation email. Our newsletter informs you about our products, events and news around games and eSports as well as the ROCCAT team.
Because your consent is required to send and receive the newsletter, you can revoke your consent to the collection and storage of your data at any time without giving reasons. Please use the unsubscribe link at the end of each newsletter or contact us.
If your personal data is processed, you are a data subject as defined by the GDPR and you have the following rights with respect to the data controller:
You can request that the responsible party confirm whether we will process personal data that concerns you.
If such processing is taking place, you can request to be informed by the responsible party regarding the following information:
You have a right of rectification and/or completion with respect to the responsible party if the personal data processed concerning you is incorrect or incomplete. The responsible party must make the correction immediately.
Under the following conditions, you may request that the processing of personal data concerning you be restricted if:
Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.
If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the responsible party before the restriction has been lifted.
You may request that the responsible party delete the personal data that concerns you immediately, and the responsible party will be obliged to delete this data immediately if one of the following reasons applies:
If the responsible party has made the personal data that concerns you public and if the responsible party is obliged for its deletion pursuant to Art. 17 para. 1 of the GDPR, that responsible party shall take appropriate measures, including technical means, while taking into account available technology and implementation costs, to inform the parties responsible for data processing who process the personal data, that you as the person concerned have requested deletion of all links to such personal data or of copies or replications of such personal data.
The right to deletion does not exist insofar as the processing is necessary
If you have exercised your right to have the responsible party correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
It is your right to have the responsible party inform you regarding such recipients.
You have the right to obtain your personal data, which you have provided to the responsible party, in a structured, conventional and machine-readable format. In addition, you have the right to pass this data on to another responsible party without obstruction by the responsible party to whom the personal data was provided, insofar as
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the responsible party.
You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 Para. 1 (e) or (f) of the GDPR; the same applies to profiling based on these provisions.
The responsible party will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.
In the context of the use of information company services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object using an automated process. You can send an email to our data protection officer.
You have the right at any time to revoke your data protection declaration of consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its revocation.
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 (a) or (g) of the GDPR and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.
In the cases referred to in (1) and (3), the responsible party shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible party, to state his or her own position and to challenge the decision.
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.
The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 of the GDPR.
© 2018 ROCCAT GmbH