Privacy Policy


— 1. General Information —

The protection of your personal data is a top priority for ShoulderByte GmbH (hereinafter referred to as “us” or “we” for convenience). For this reason, it is particularly important for us that you know exactly what happens to your personal data when you play one of our games, visit our website or contact us and what rights you have under the General Data Protection Regulation (hereinafter “GDPR”).

Despite the fact that we do our best to protect your data and treat it in accordance with the statutory data protection regulations and this data protection declaration, we must point out that data transmission over the Internet (e.g. when communicating by e-mail) can always have security gaps. A complete protection of data against access by third parties is not possible on the Internet.

— 2. What information does this Privacy Policy contain? —

In this privacy policy you will find information about the following aspects concerning the processing of your personal data:

– What personal data we collect when you play our games, visit our website or contact us by e-mail, phone or contact form.
– On the basis of which laws or which ordinances or regulations we collect and process this data.
– Why we collect this data.
– What exactly happens with your data.
– The duration of the storage of your personal data
– What rights you have in relation to your personal data.

— 3. Information about the responsible party —

The responsible party in the sense of Art. 4 No. 7 GDPR for the collection, processing and use of your personal data is:

ShoulderByte GmbH
Pestalozzistraße 25
22305 Hamburg
E-Mail: info@shoulderbyte.com

Should you have any questions or suggestions regarding our data protection policy, you are welcome to contact us at any time.

— 4. Data processing by using our games —

— 4.1 Data processing by third-party services —

In order to improve the functionality of our games and the statistical processing and data collection within our games, we make use of the services of some third-party providers. Below is a description of these services so that you know which third party providers we work with and what data they use.

— 4.1.1 TelemetryDeck —

Our games use the “TelemetryDeck” service from TelemetryDeck GmbH (Von-der-Tann-Str. 54, 86159 Augsburg, Germany) to collect analysis data in our games. Through our implementation of this service, only anonymized data and no personal information is collected and processed. The following information is processed by the service:

– Version of the game
– Information about the platform on which the game is played and the operating system
– Information about the decisions made in the game (e.g. waves reached, upgrades used, enemies defeated, etc.)
– A so-called TimeStamp that informs you when you made a decision in the game

We use the data collected via TelemetryDeck exclusively to analyze how our games are used and to improve our games based on this information (e.g. to improve certain cards or weaken opponents). If one of our games uses this service, you have the voluntary choice of whether you would like to support us with your anonymous game data in the development of this game. You can also change your decision at any time for the future in the options menu of the respective game.

For information on data processing by TelemetryDeck GmbH, please visit: https://telemetrydeck.com/privacy/

— 5. Data processing by using our website —

— 5.1 Collection of general information when visiting our website —

When you access our website, i.e. when you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes:

– The version and type of your browser
– The operating system used
– The referrer URL
– The host name of the accessing computer
– The time and date of the server request
– The IP address

These data are processed in particular for the following purposes:

– To ensure that the website can be accessed without problems,
– Ensuring a smooth use of our website,
– Evaluation of system security and stability and
– for other administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, in order to optimize our Internet presence and the technology behind it. We use the IP address only for the duration of your visit and save the data for logging purposes only in anonymised form by shortening the IP address so that it can no longer be assigned. Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. To ensure this, the server log files must be recorded.

— 5.2 Inquiries by e-mail, telephone or contact form —

If you contact us by e-mail, telephone or contact form, your name, your request and a communicated communication channel (e.g. your e-mail address) will be stored and processed for the purpose of communication with you. This data helps us to classify your request and to answer your inquiry. The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, a contact option (e.g. your e-mail address) and the reason for the inquiry.

The processing of the data provided by you is carried out on the legal basis of art. 6 para. 1 sentence 1 letter f GDPR (legitimate interests) and in our interest, in order to be able to answer your request. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions. If you contact us to request an offer, the data you provide will be processed for the purpose of implementing pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

The data that you send us by telephone, e-mail or contact form will be stored until your request has been processed, you revoke your consent for data storage or you request us to delete the data. Legal retention periods (e.g. according to HGB) are not affected by this. If we are legally obliged to store the data, the data will be deleted after the expiry of these periods.

— 5.3 Plugins and Tools —

— 5.3.1 Google Fonts —

In order to present our content in a consistent, correct and graphically appealing manner, we use the “Google Fonts” service on this website.

In accordance with the Google Terms of Use (as of 31. March 2020), the Google Fonts service is provided to you by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) if you are a resident of the European Economic Area or Switzerland. If you are habitually resident in another country, the Google Fonts service is provided instead by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

When you visit our website, your browser loads the required web fonts into the browser cache to display text and fonts correctly. To do this, the browser you are using must connect to Google’s servers. Therefore, when you visit our website, the Google company responsible for your location (Google LLC or Google Ireland Limited) receives the information that you have called up the corresponding page on our website. In addition, the data mentioned in section 5.1 of this declaration is transmitted.

Google LLC has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement that aims to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission determined the adequacy of the guaranteed level of data protection under the EU-U.S. Privacy Shield Agreement in its decision of July 12, 2016 (Ref. C(2016) 4176).

You can view the decision of the EU Commission here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

The use of Google Fonts is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests) and in our interest of a uniform and attractive presentation of our website. If your browser does not support Web Fonts, a standard font from your computer will be used.

You can find more information about Google Fonts under https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

— 5.3.2 Embedded YouTube-Videos —

We embed YouTube videos on some of our websites.

In accordance with the YouTube Terms of Use (as of 22. July 2019), the YouTube service is provided within the European Economic Area and Switzerland by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). In other countries, the YouTube service is provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”). Google Ireland Limited and YouTube LLC are subsidiaries of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

When you visit one of our sites that has YouTube embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

We use the so-called “extended privacy mode” of YouTube. This means that when you visit our websites, only the technically necessary data is transmitted to the service provider responsible for your area (YouTube LLC or Google Ireland Limited), which your browser must send to retrieve the video from YouTube (retrieved video, date and time, IP address, browser type and settings, operating system).

Only when you call up the video by clicking on it will additional data be transmitted to the service provider responsible for your area. At the same time, YouTube also regularly saves data on your end device using cookies and similar technologies. These cookies enable YouTube to obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve user experience and prevent fraud. The cookies remain on your device until you delete them. If you are logged into your YouTube account, YouTube can personally identify your browsing habits. You can prevent this by first logging out of your YouTube account.

Google LLC has a so-called EU-U.S. Privacy Shield certification, which according to this certification includes the wholly owned subsidiaries of Google LLC in the USA, thus currently also including YouTube LLC. The EU-U.S. Privacy Shield Agreement is a data protection agreement that is intended to ensure an appropriate level of data protection for data transfers to certified U.S. companies. The EU Commission determined the adequacy of the guaranteed level of data protection under the EU-U.S. Privacy Shield Agreement in its decision of July 12, 2016 (Ref. C(2016) 4176).

You can view the decision of the EU Commission here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification of Google LLC according to the EU-U.S. Privacy Shield Agreement can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

The processing of your data through the integration of YouTube videos on our site is based on the legal basis of Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interests) and in our interest of an attractive presentation of our online offers. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of the consent (Art. 6 para. 1 p. 1 lit. a GDPR); the consent can be revoked at any time.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider’s privacy policy. There you will also receive further information on your rights and settings to protect your privacy (https://policies.google.com/privacy).

— 5.4. Hosting —

Our website (https://shoulderbyte.com) is hosted by the external service provider (hereinafter “Hoster”) “ALL-INKL.COM – Neue Medien Münnich” (Hauptstraße 68, 02742 Friedersdorf, Germany). If personal data are collected on our website, they are stored on the servers of the hoster.

This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions regarding this data. In order to ensure that the processing complies with data protection regulations, we have concluded a contract for order processing with our hoster.

The hoster’s data protection information can be viewed here: https://all-inkl.com/datenschutzinformationen/

— 5.5 SSL or TLS Encryption —

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

— 6. Age Limits —

If you are under 16, we do not knowingly collect personal information from you or consent to your use of our games. If we discover that we have collected or processed data from players under the age of 16, we will delete that data.

— 7. Automated individual decision decisions or profiling measures —

We do not use automated processing to make decisions or so-called profiling.

— 8. Storage period of your personal data —

In order to protect your personal data, it will be immediately deleted or made anonymous as soon as it is no longer required for the purposes for which the data was collected and processed. In some cases, the law provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will continue to be stored by us only for these legal purposes, but will not be processed in any other way and will be deleted after the legal retention period has expired.

— 9. Your rights according to the GDPR —

If the legal requirements are met, you have the following rights with regard to the processing of your personal data:

You have the right to obtain confirmation from us as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and of the information specified in Art. 15 GDPR.

You have the right to demand that we immediately correct any incorrect personal data concerning you and, if necessary, complete incomplete personal data (Art. 16 GDPR).

You have the right to demand that personal data relating to you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to deletion).

You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have filed an objection to the processing, for the duration of the examination by us.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of data relating to you which is carried out pursuant to Art. 6, para. 1, sentence 1, letter e or letter f of the GDPR or for direct marketing purposes (Art. 21 GDPR), see in detail below.

You have the right to revoke any consent you have given us at any time with effect for the future (right of revocation).

You have the right to receive from us the data concerning you that you have provided us with in a structured, common and machine-readable format. You may also transmit this data to other parties or have it transmitted by us (right to data transferability).

To exercise your rights, please contact us using the contact details above.

Without prejudicing any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR (Art. 77 GDPR).

The competent supervisory authority in Hamburg:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
www.datenschutz-hamburg.de

— 10. Changes to this privacy policy —

Changes in the law, our internal processes or new technologies may require occasional adjustments to this privacy policy. If we change our privacy policy, this will be indicated on our website (https://shoulderbyte.com/en/privacy-policy/).

Current status of this declaration: December 5th 2023

Note on the right of objection:

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6, paragraph 1, sentence 1, letter e or letter f of the GDPR or for the purposes of direct marketing (Art. 21 GDPR).

We then no longer process the personal data unless we can prove compelling reasons for the processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Under no circumstances will the data be further processed for direct marketing purposes.