Data protection is an important concern for us at couchgames.wtf. That is why we always act according to the principle of data economy and only collect as little data as necessary to be able to offer you our services and games.
couchgames.wtf processes personal data on the basis of the GDPR. In addition to the provisions of the GDPR, national data protection regulations may apply wherever you live.
The following legal bases are relevant
- Consent (Art. 6 (1) p. 1 lit. a DSGVO) – The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request.
- Legitimate interests (Art. 6 (1) p. 1 lit. f. DSGVO) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
National data protection regulations in the Federal Republic of Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states of the Federal Republic of Germany may apply.
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The data subject is any identified or identifiable natural person whose personal data are processed by the controller (here couchgames.wtf).
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller or person responsible for the processing
The controller or controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member-State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
More info about your rights can be found at the end of this statement!
- couchgames.wtf is committed to data economy and basically only processes data that you as a user voluntarily provide when using the games and the couchgames.wtf portal or data that must be stored for technical reasons, for example to be able to technically operate the underlying servers.
The following data are processed
– E-mail – address
– IP addresses
– Registration date and last login
– One time password /One time access code
Thereby, publicly only such data is visible for third parties if you release this yourself. When entering a game through which you are invited by another player or where you invite another player, the username and/or email address is visible.
- Data is only stored to the extent that this is technically necessary or permitted by law. The data automatically sent by your browser is only collected for statistical purposes and evaluated with the help of the Matomo tool installed on the servers of couchgames.wtf. Matomo does not set any cookies.
- In the case of the purchase of premium services via the app store providers, couchgames.wtf processes the payment data and the data communicated in the course of the payment process strictly in accordance with the specifications of the app store providers and on the basis of legal permissions for the fulfillment of the contract or the legitimate interest. Data will only be stored as long as you as a user have claims against couchgames.wtf or as long as couchgames.wtf has legal obligations to store data according to the German Tax Code (AO).
- The app store providers offer their own privacy statements for the processing of data, about which you will be informed when you use the payment options of the app store providers. In the context of payment via the app store, additional payment providers may be involved to the extent that your data is processed. It is relevant which payment method you use. At any time, couchgames.wtf will use data in the context of the purchase of premium services only for the performance of the contract with you, i.e. in particular for the provision of the purchased premium service. As a rule, couchgames.wtf does not receive any direct payment data or account information from the app store operators, but only information about which customer has purchased which premium service. This information is kept strictly confidential by couchgames.wtf and is stored only in accordance with legal archiving requirements. Data will only be disclosed to third parties who are legally bound to secrecy or with whom couchgames.wtf has concluded an order data contract (for example, tax advisors, accountants, or lawyers).
- Cookies are only stored on your PC and evaluated by couchgames.wtf to the extent that this is technically necessary (so-called session cookies). Neither on the website couchgames.wtf, nor in the game apps, cookies from third-party providers, from social media networks or for advertising tracking are set.
- In no case will data be sold or disposed of to third parties or not only for the purpose of offering the services. Third party providers to analyze the data are not used.
- In the case of contacting couchgames.wtf, for example for support services, the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures. The response to the contact inquiries in the context of contractual or pre-contractual relationships is carried out to fulfill the contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of the legitimate interests in responding to the inquiries.
- couchgames.wtf will, upon request, delete personal data without undue delay if the deletion does not conflict with legitimate interests or applicable data protection law or legal requirements. couchgames.wtf will indicate when a request for deletion would result in the discontinuation of Services to you as a User or to the invalidation of a license to use an App.
- In order to be able to provide the games and the couchgames.wtf portal securely and efficiently, couchgames.wtf uses the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, couchgames.wtf may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services. Where necessary and required by data protection law, couchgames.wtf will enter into appropriate commissioned data processing agreements with those providers.
- The data processed as part of the provision of the hosting offer may include all information relating to the users of the apps and the portal www.couchgames.wtf, which is generated as part of the use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.
- The web hosting services used by couchgames.wtf also include the sending, receiving and storing of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the sending of the e-mails and the contents of the respective e-mails are processed. The aforementioned data may also be processed for SPAM detection purposes. couchgames.wtf expressly states that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. wtf can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on its servers.
- couchgames.wtf uses the provider Sendinblue to send newsletters. This allows couchgames.wtf to see, for example, whether a message has been opened and which links have been clicked. Sendinblue makes it possible to subdivide newsletter recipients based on various categories. Information on all functions can be found at https://de.sendinblue.com/informationen-newsletter-empfaenger/. The data processing will be carried out only on the basis of explicit consent from you (registration to the newsletter) and including a double verification of this consent. For the purpose of data processing, couchgames.wtf has concluded a contract with Sendinblue, in which the provider is obligated to protect the data and not to disclose it to third parties.
- couchgames.wtf collects data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
- The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.
- couchgames.wtf takes reasonable precautions to ensure the security of stored data and has also instructed employees regarding data protection and precautions. Support staff have access to individual game and customer data. They can view IP, date of birth, and email address and payment transactions with the app stores to detect duplicate accounts or provide support. These individuals have been briefed on privacy practices. However, couchgames.wtf can only be held responsible for potential damages if unexpected data protection violations in the case of gross negligence.
- The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, entry into, disclosure of, assurance of availability of and separation of the data. Furthermore, couchgames.wtf has established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to the compromise of data. Additionally, couchgames.wtf considers the protection of personal data already during the development or selection of hardware, software as well as procedures according to the principle of data protection, through technology design and through data protection-friendly default settings.
- The collected and processed data will be stored as long as the purpose of the contract requires it or as long as it is technically and legally necessary or as long as the respective legal retention period (e.g. commercial and tax retention periods) exist. Billing data for payment transactions are thus stored until the expiry of these legal retention periods and then deleted or destroyed. Data required for the pursuit of legal claims will be stored until these legal claims have been settled. Data may be used in legal disputes if necessary and permissible.
After expiry of all periods, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract and/or no legitimate interest in the continued storage exists.
The applicable data protection law grants you, vis-à-vis couchgames.wtf, comprehensive data subject rights (rights of access and intervention) regarding the processing of your personal data, about which couchgames.wtf informs you below:
Right of access in accordance with Art. 15 DSGVO: In particular, you have the right to obtain information about your personal data processed by couchgames.wtf, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the intended storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, to object to processing, to lodge a complaint with a supervisory authority, the origin of your data if it has not been collected from you by couchgames.wtf, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about the safeguards pursuant to Article 46 of the GDPR in case of onward transfer of your data to third countries;
Right to rectification pursuant to Art. 16 DSGVO: You have the right to have any inaccurate data relating to you and/or any incomplete data stored by couchgames.wtf rectified without undue delay;
Right to erasure pursuant to Art. 17 DSGVO: You have the right to request the erasure of your personal data if the requirements of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
Right to restriction of processing pursuant to Art. 18 DSGVO: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defense of legal claims after couchgames.wtf no longer needs this data after the purpose has been achieved or if you have filed an objection on grounds of your particular situation as long as it has not yet been determined whether legitimate reasons of couchgames.wtf prevail;
Right to information pursuant to Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing against couchgames.wtf, it is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 DSGVO: You have the right to receive your personal data that you have provided to couchgames.wtf in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, to the extent that this is technically feasible;
Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In case of revocation, couchgames.wtf will delete the data concerned without undue delay, unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to complain under Article 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
IF couchgames.wtf PROCESSES YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF AN OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, couchgames.wtf WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF couchgames.wtf CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY couchgames.wtf FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, couchgames.wtf WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
Status: May 2021