Privacy Policy

Privacy Policy

Introduction

With this privacy policy we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Last updated: April 16, 2026

Table of Contents

Controller

Tobias Theel / Noobygames
Henkelstr. 6
34127 Kassel

Authorized representative: Tobias Theel

E-mail address: info@noobygames.de

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data (e.g., names, addresses).
  • Payment data (e.g., bank details, invoices, payment history).
  • Contact data (e.g., email, phone numbers).
  • Content data (e.g., inputs in online forms).
  • Contract data (e.g., subject matter, duration, customer category).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

  • Prospective customers.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and customer service.
  • Contact requests and communication.
  • Security measures.
  • Office and organizational procedures.
  • Management and response to inquiries.
  • Feedback.
  • Marketing.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Applicable Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.

  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Security Measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, securing availability and separation of the data.

TLS encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Deletion of Data

The data processed by us will be deleted in accordance with the statutory provisions as soon as its permitted consents are revoked or other permissions cease to apply (e.g. if the purpose for processing this data has ceased to apply or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes.

Provision of the Online Offering and Web Hosting

We process users' data to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices); security measures.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is only processed for the purposes of the publication medium to the extent necessary for its presentation and for communication between authors and readers or for security reasons.

  • Types of data processed: Inventory data; contact data; content data; usage data; meta/communication data.
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service; feedback; provision of our online offering and user-friendliness; security measures; management and response to inquiries.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing procedures, methods and services:

  • DISQUS comment function: We use the DISQUS comment service on the basis of our legitimate interests in efficient, secure and user-friendly comment management. To use the DISQUS comment function, users can log in via their own DISQUS user account or an existing social media account (e.g. OpenID, Facebook, Twitter or Google). Service provider: DISQUS, Inc., 301 Howard St, Floor 3, San Francisco, California 94105, USA; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://disqus.com/; Privacy policy: https://help.disqus.com/terms-and-policies/disqus-privacy-policy; Opt-out: https://disqus.com/data-sharing-settings.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary for responding to the contact inquiries and any requested measures.

  • Types of data processed: Contact data; content data; usage data; meta/communication data.
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication; management and response to inquiries; feedback; provision of our online offering and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process data of users in this context in order to communicate with the users active there or to offer information about us.

We point out that users' data may be processed outside the European Union. This may result in risks for users because, for example, enforcement of the rights of users could be made more difficult.

  • Types of data processed: Contact data; content data; usage data; meta/communication data.
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback; marketing.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

  • Types of data processed: Usage data; meta/communication data.
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing procedures, methods and services:

  • YouTube videos: Video content; YouTube videos are embedded via a special domain (recognizable by the component "youtube-nocookie") in the so-called "extended data protection mode", whereby no cookies for user activities are collected to personalize the video playback. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy.

Amendment and Update of the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
  • Right to withdraw consent: You have the right to withdraw consents granted at any time.
  • Right to access: You have the right to request confirmation as to whether the data in question is being processed and to receive information about this data as well as further information and a copy of the data in accordance with the statutory provisions.
  • Right to rectification: You have the right, in accordance with the statutory provisions, to request the completion of data concerning you or the rectification of incorrect data concerning you.
  • Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data concerning you be deleted immediately, or alternatively to demand restriction of the processing of the data in accordance with the statutory provisions.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the statutory provisions, or to demand its transfer to another controller.
  • Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Definitions

This section provides an overview of the terms used in this privacy policy.

  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Controller: The "controller" is the natural or legal person, authority, institution or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

Generated with free privacy policy generator by Dr. Thomas Schwenke