Privacy

I. General Information

1. Responsible Body & Data Protection Officer

Below we explain to you which personal data is collected and processed by us when using our services and offers.

simulogics GmbH
Wilhelm-Leuschner-Straße 55
64380 Roßdorf

Phone: +49 (0)6154 6290458
E-mail: contact@simulogics.games

Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person, this means all information that relates to a person.

As far as a legal basis is mentioned in this Privacy Policy, they relate to the General Data Protection Regulation. This comes into effect from May 25, 2018. Prior to this, the corresponding provisions of the Federal Data Protection Act apply without us naming them.

We collect and process personal data based on the following statutory regulations:

  • Consent according to Article 6 paragraph 1 (a) General Data Protection Regulation (GDPR). Consent is any voluntary expression of intent, in an informed and unequivocal manner, in the form of a statement or other unambiguous confirmatory act, which indicates that the data subject consents to the processing of his personal data.
  • Necessity to fulfill the contract or carry out preparatory actions in accordance with Article 6 para. 1 (b) GDPR, this means that the data is required so that we can fulfill the contractual obligations to you or we need the data to prepare a contract closure with you.
  • Processing to fulfill legal obligations under Article 6 para. 1 (c) GDPR, this means that a processing of the data is required by law or other regulations.
  • Processing for the protection of legitimate interests in accordance with Article 6 para. 1 (f) GDPR, this means that processing is necessary to safeguard legitimate interests on our part or by third parties, unless the interests or fundamental rights and freedoms on your part that require the protection of personal data prevail.

3. Rights of affected

You are entitled to the following rights with regard to the processing of data by us in accordance with the respectively listed articles of the General Data Protection Regulation:

  • Right of access by the data subject to Art. 15 GDPR
  • Right to rectification according to Art. 16 GDPR
  • Right to erasure (“right to be forgotten”) in accordance with Art. 17 GDPR
  • Right to restriction of processing according to Art. 18 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to object according to Art. 21 GDPR

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data is violating the GDPR.

4. Data Erasure and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the processor is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

II. Data processing

1. Website visits

i. Scope of data processing

We run several websites, namely www.simulogics.net, www.simulogics.games, www.airportsim.aero, www.airlinesim.aero, and prosperousuniverse.com. During the visit of those websites, our web server registers and stores the following data:

  • Information on the type and version of the browser used
  • The user’s operating system
  • The user’s ISP
  • The user’s IP address
  • Date and time of the access
  • Websites from which the user’s system was directed to our website
  • Websites the user’s system reaches via our website
  • The volume of transmitted data
  • The http protocol version

The data is stored in our system’s log files. It is not stored in conjunction with the user’s personal data. The saving process is performed on the servers of a hosting partner registered in the United States of America.

The legal basis of this data processing is article 6, section 1, subsection f of GDPR. The legitimate interest is thereby constituted by the functioning of our website and its availability. The legal basis of data transmission to the hosting provider is constituted by article 28 sections 3, 6, and 7, article 46 section 2 c) GDPR. The EU commission’s standard data protection clauses are being applied in the contractual relationship with the provider.

iii. Purpose of data processing

Temporarily storing the address in the system is required to deliver the website to the user’s computer. The user’s IP address has to be saved for this purpose for the duration of the session. Beyond that, the IP address is registered to prevent attacks on the website. The data is saved to ensure the website’s operability. Additionally, the data serves the website‘s optimization and to ensure the safety of our IT systems. The data is not evaluated for marketing purposes in this context.

iv. Duration of storage

Log files are deleted after a maximum of seven days, unless concrete events necessitate storing the data for the aforementioned purpose. The IP address is stored for 30 days to prevent attacks on the website and then deleted. Any storage beyond that is not possible. In this case, the users’ IP addresses are deleted or falsified to render the attribution to a concrete user impossible.

v. Possibility of objection and removal

The storage of data for the purpose of providing the website and the storage of data in log files are imperative for the operation and protection of the website. Therefore, the user cannot object to this.

2. Contact via e-mail or contact form

i. Scope of data processing

You may contact us using the e-mail addresses indicated on the websites. In that case, the personal data transmitted to us in your e-mails is stored.

The legal basis for processing the data transmitted to us in the process of an e-mail transmission or via a contact form submission, is article 6, section 1 subsection f of GDPR. Should the contact be established for the purpose of concluding a contract, article 6, section 1 subsections b and c of GDPR constitute an additional legal basis. The legitimate interest within the scope of article 6 section 1 subsection f of GDPR lies in the response to a customer request or the response to any request pertaining to other subjects.

iii. Purpose of data storage

The purpose of data storage is to establish contact at your request.

iv. Duration of storage

The data is stored for as long as it is required to handle the request. In the case of business letters which are subject to retention according to commercial law and fiscal law, they will be stored in compliance with the legally mandated deadlines.

v. Possibility of objection and removal

You have the possibility of objecting to further usage at any time. You may object via e-mail to: contact@simulogics.games. Deletion can only be undertaken if it does not go against any legal obligation of preservation; however, in this case, the data can be locked from being used for other purposes. In the case of objection, the conversation cannot be continued.

3. Newsletter

i. Scope of data processing

On our websites, we offer the possibility of signing up to a newsletter, which regularly provides the recipients with news updates. Registration is possible via an input mask on the website. It requires the input of your e-mail address. By clicking the sign-up button, the entered data is transmitted to us. Beyond that, the time and date of your registration for the newsletter as well as the IP address used are saved. When confirming the newsletter registration in the course of the so-called double opt-in procedure, we also store the time and date at which the confirmation link was clicked as well as the IP address used in the process. The newsletter is sent out via the third-party provider “MailChimp”. For that purpose, your e-mail address is transmitted to MailChimp, which then sends out the newsletter on our behalf. This provider does not use your data any further. Its head office is registered in the United States of America.

The legal basis for processing the data transmitted to us in the process of signing up to our newsletter is article 6, section 1 subsection a of GDPR. The legal basis for the transmission of data to MailChimp is constituted by article 28 section 3 and article 45 section 3 of GDPR. The provider is certified under the Privacy Shield Framework and thus complies with the adequacy decision (Implementing Decision 2016/1250) of the EU Commission, i.e. the quality of data protection applied by the provider is equal to the GDPR despite their place of business being registered in the USA.

iii. Purpose of data processing

The purpose of storing the e-mail address is the possibility of getting into contact to inform the recipient. The date and IP address used in the sign-up process as well as the confirmation of the registration are registered to evidentially document the consent to receiving the newsletter and to prevent misuse. The transmission to the service provider is carried out for the purpose of mass sending the newsletter.

iv. Duration of storage

If you have expressed your explicit consent to receiving the newsletter, we will only delete or block out your e-mail address for advertising purposes once you revoke your consent. The data on your confirmation of ordering the newsletter will be saved just the same amount of time. Sent e-mails that are regarded as business letters will be stored for the appropriate duration in accordance with the retention deadlines and tax code specified in the code of commerce. All other e-mails are deleted as soon as a reaction from the user is no longer to be expected.

v. Possibility of objection and removal

You may object to the reception of our newsletter, i.e. revoke your consent at any time, without any cost exceeding the fees of your standard rate for communication. In every e-mail sent to you within the scope of our newsletter, you are given the possibility to click a link which immediately disables future usage of the newsletter. You may also revoke your consent to receiving future newsletters via e-mail to contact@simulogics.games. In the case of objection via e-mail, the deletion or suspension may take up to 5 business days; further newsletters may be sent out during that period.

4. Registration & user account

i. Scope of data processing

In order to use our games, you need to register a user account on the respective website. We collect the following data during sign-up: e-mail address and user name. Alternatively, you may sign up using your Facebook account. In that case, you allow Facebook Inc. to transmit your name and e-mail address to us. The consent is based on Facebook’s Terms of Use, and registration using Facebook is only possible if you are have an active Facebook account. The extent to which Facebook collects data when using your account is dependent on your contract with Facebook. The data is stored in a database with Hetzner Online GmbH on servers within the European Union. Your registration is confirmed via e-mail. The e-mail is sent out by our service provider Mailgun Technologies Inc. from servers within the European Union or the United States of America.

The legal basis for processing the above mentioned data is article 6, section 1 page 1 subsection b and GDPR. The registration process is the execution of a pre-contractual measure, namely the formation of a contract with us. The permanent registration as a client makes the fulfillment of the contract, i.e. the execution of contractual duties, possible.

If registration e-mails constitute business letters, legally mandated retention deadlines apply. The transmission to the hosting provider is carried out on the basis of article 28 of the Federal Data Protection Act.

The legal basis fort he transmission of data to Mailgun are article 28 section 3 and article 45 section 3 GDPR.

The provider is certified under the Privacy Shield Framework and thus complies with the adequacy decision (Implementing Decision 2016/1250) of the EU Commission, i.e. the quality of data protection applied by the provider is equal to the GDPR despite their place of business being registered in the USA.

iii. Purpose of data processing

Data processing takes place for the purpose of performing pre-contractual measures as well as fulfilling the contract. The data enables you to sign up for the games and to continuously play your own game.

iv. Duration of storage

The data is stored until you delete your user account.

v. Possibility of objection and removal

There is no right to object to data processing within the scope of the registration process and while possessing a user account because data processing is required in the preparation and formation of a contract with you. Objection therefore automatically leads to the termination of the contractual relationship at the basis of your possession of the user account. Registration e-mails are business letters which will be retained according to the legal retention deadline and then deleted.

5. Usage of our games

i. Scope of data processing

Different kinds of data are collected and saved in the process of using our games, which are required to keep the games running. This especially includes the moves you made in the game, possible purchases, play times (insofar the game charges you for play time), communication with other players, your language settings, an internal user number, credit, purchase history, and save data. Your IP address as well as for example your language settings are also stored on the server-side and coupled to a so-called “Session ID” – a text file (“Cookie”) on your computer.

The data is stored on the servers of Hetzner Online GmbH within the European Union.

The legal basis for the processing of the above mentioned data is article 6 section 1 page 1 subsections b, c, and f GDPR. The transmission to the hosting provider is based on article 28 GDPR.

iii. Purpose of data processing

The processing of data on our part is executed for the fulfillment of the contract made between you and us. Beyond that, we are obligated by commercial and fiscal law to archive business letters.

The storage of data in so-called session cookies serves to purpose of facilitating the usage of the game for you and us. Single actions inside the game, but also the IP address are also stored to make sure that the game’s rules are adhered to and to uncover attempts of cheating.

iv. Duration of storage

The data will be stored in our active database system until the legal statute of limitation for statutory rights is over.

If registration e-mails constitute business letters according to commercial and fiscal law, they will be archived according to the legally mandated retention deadlines.

Session cookies are only saved for the duration of a play session and either deleted after 24 hours or when actively signing out of the game. The data stored to prevent cheating attempts and ensure compliance with the game rules is saved for a month.

Communication between players in public chatrooms is stored for as long as the chatroom remains open. Sent messages are stored until deleted by the recipient.

v. Possibility of objection and removal

It is not possible to object against data processing in the context of using the game because usage would otherwise not be possible. By deleting your account, you can have your personal data get deleted, although they may still be used in an anonymized way. Between the termination of your account and the deletion of your data, the data may be retained for as long as it is required for the processing of the contractual relationship.

6. Order process

i. Scope of data processing

You can purchase a variety of benefits in our games, e.g. game time (“order transaction”). In the process of the transaction, we collect the following data: first and last name, title, address, e-mail address. We also register your IP address to allocate it to a country of origin. Beyond that, data on your payment method it collected, which may also contain information on your bank or payment provider. The payment data is directly transmitted to the respective payment provider, and only the amounts and transaction numbers are saved on our end. The data is stored on servers of Hetzner Online GmbH within the European Union. Besides that, we send you a confirmation or invoice via e-mail for each order transaction. The e-mails are sent out via our service provider Mailgun Technologies Inc on our behalf from a server within the European Union or the United States. The e-mail, your e-mail address and the shipping data are stored.

The legal basis for the processing of the data mentioned above is article 6 section 1 page 1 subsections b, c, and f GDPR.

The transmission to hosting providers is executed on the basis of article 28 Data Protection Act. The transmission to payment providers is done on the basis of processing the conclusion of the contract.

The legal basis for the transmission of the data to Mailgun are article 28 section 3 and article 45 section 3 GDPR. The provider is certified under the Privacy Shield Framework and thus complies with the adequacy decision (Implementing Decision 2016/1250) of the EU Commission, i.e. the quality of data protection applied by the provider is equal to the GDPR despite their place of business being registered in the USA.

iii. Purpose of data processing

Data is processed for the purpose of executing pre-contractual measures as well as fulfilling the contract. The data makes it possible for us to contact you as a client, to enter a contract with you, and to identify you as a client. At the same time, we can fulfill our contractual duties on the basis of the stored data, e.g. to deliver the purchased services to you and to fulfill our fiscal and commercial duties.

iv. Duration of storage

The data will be stored in our active database system until the legal statute of limitation for statutory rights is over. If registration e-mails constitute business letters according to commercial and fiscal law, they will be archived according to the legally mandated retention deadlines.

v. Possibility of objection and removal

It is not possible to object against data processing in the context of the order process because data processing is required to prepare the formation and to fulfill the contract with you, and afterwards because there is a legal obligation to keep records.

7. Google Analytics

i. Scope of data processing

Our website uses Google Analytics, a web analysis service by Google Inc. (“Google”). This software registers information about how you use the website and generates statistics on that basis. Part of the usage data is a concrete selection of links, the retention time of single pages, the order of accessed pages, and the amount of times a page has been accessed. This data is stored in connection with your IP address. The IP address collected from your browser by Google Analytics is not connected to other data by Google.

Google Analytics uses so-called “Cookies”, text files stored on your computer which make an analysis of the website’s usage for you possible. The data pertaining to your usage of the website generated by the cookie are usually sent to and stored on a Google server in the USA. We have enabled a so-called IP anonymization on our website, meaning that any IP address from inside any EU member state or any other states within the European Economic Area is abbreviated before being transmitted to the USA.

Only in rare cases will the full IP address be transmitted to a Google server in the USA and then abbreviated. Google itself describes its data processing activities here.

The legal basis for processing the data registered during the usage of the website is constituted by articles 6 section 1 subsection f GDPR. The legitimate interest according to article 6 section 1 subsection f GDPR lies in the interest of a consumer-oriented design of the website which satisfies the customers’ needs and preferences. The legal basis for the transmission of data to Google are article 28 section 3, article 45 section 3 GDPR.

The provider is certified under the Privacy Shield Framework and thus complies with the adequacy decision (Implementing Decision 2016/1250) of the EU Commission, i.e. the quality of data protection applied by the provider is equal to the GDPR despite their place of business being registered in the USA.

iii. Purpose of data processing

The processing serves the purpose of analysis of this website and the usage behavior of its visitors.

iv. Duration of storage

The data is anonymized immediately after being registered. Personal data is therefore only registered in the process of transmission and not stored permanently.

v. Possibility of objection and removal

You can prevent the storage of cookies including the generation and transmission of the data on Google’s part by limiting or prohibiting the setting of cookies in your browser. This can lead to some cookies unrelated to Google to not be collected, so some functions of the website cannot be fully utilized.

You can prevent the registration of usage data that was generated from the cookie (including your IP address) and its transmission and processing to Google by downloading and installing the plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=de