1. BASIC INFORMATION ON DATA PROCESSING AND LEGAL BASES

1.1. This privacy policy sets out to clarify the nature, scope and purpose of the processing of personal information within our online offering and the related websites, features and content (collectively referred to as “online offer”, “Clockwork account” or “website”). The privacy policy applies regardless of the domains, systems, platforms, and devices used (e.g. desktop or mobile) on which the online offering is run.

1.2. For the terms used, such as “Personal data” or their “processing”, we refer to the definitions in article 4 of the General Data Protection Regulation (GDPR).

1.3. The term “user” convers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offer and all people with a Clockwork account. The terms used, such as “users” are to be understood gender-neutral.

1.4. We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if there is a legal permit. That is, especially if the data processing for the provision of our contractual services (e.g. processing of orders) as well as online services required or required by law, the consent of the user exists, as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of art. 6 (1) lit. GDPR), in particular in the range measurement, creation of profiles for advertising and marketing purposes and collection of access data and use of third-party services.

1.5. Please note that the legal basis of the consents art. 6 para. 1 lit. a. and art. 7 GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures art. 6 para. 1 lit. b. GDPR, the legal basis for processing in order to fulfull our legal obligations art. 6 para. 1 lit. c. GDPR, and the legal basis for processing in order to safeguard our legitimate interests art. 6 para. 1 lit. f. GDPR.

2. SAFETY MEASURE

2.1. We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. One of the security measures is the encrypted transfer of data between your browser and our server. All our tools and games also use encrypted transmission of personal data.

3. DISTRIBUTION OF DATA TO THIRD PARTIES AND THIRD PARTY PROVIDERS

3.1. A transfer of data to third parties is only within the scope of legal requirements. We will only pass users’ data on to third parties if this is the case, for example on the basis of art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with art. 6 para. 1 lit. b. GDPR on the economical and effective operation of our business operations.

3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.

3.3. If, within the framework of this privacy policy, content, tools or other means are used by other providers (collectively referred to as “third party providers”) and their registered office is located in a third country, it is to be assumed that data will be transferred to the countries of residence of the third party providers. Third countries are countries in which the GDPR is not a directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries occurs either when there is an adequate level of data protection, user consent or other legal authorization.

4. CONTACT

4.1. When contacting us (via e-mail or telephone), the information provided by the user for processing the contact request and its processing acc. art. 6 para. 1 lit. b) GDPR processed.

5. COMMENTS AND CONTRIBUTIONS

5.1. If users leave comments or other contributions, their IP addresses are based on our legitimate interests within the meaning of art. 6 para. 1 lit. f GDPR stored for 7 days.

5.2. This is for our own safety, if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.

6. SURVEY OF ACCESS DATA AND LOGFILES

6.1. Based on our legitimate interests within the meaning of art. 6 para. 1 lit. f GDPR data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of the retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) IP address and the requesting provider.

6.2. Logfile information is stored for security purposes (for example to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

7. COOKIES & RANGE MEASUREMENT

7.1. Cookies are information transmitted from our web server or third-party web server to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

7.2. We use “session cookies” that are only stored for the duration of the current visit to our online presence (for example to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save any other data. Session cookies will be deleted if you have finished using our online offer and you have e.g. log out or close the browser.

7.3. The use of cookies in the context of pseudonymous range measurement informs users in the context of this privacy policy.

7.4. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

7.5. You may opt for the use of cookies for distance measurement and promotional purposes through the Network Advertising Intiative’s opt-out page (http://optout.networkadvertising.org) and the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices).

8. COLLECTED DATA CONNECTED TO CLOCKWORK ACCOUNT

Clockwork Account

The Clockwork account used for all our software with online features requires the mail address of the user. The mail address won’t be shared with others, but we will use it to authenticate the user and send messages for necessary informations like changes to our privacy policies. All marketing usage of mail address will require separate permission by the user.

ClockWatcher

ClockWatcher is a team based time tracking tool running using our server. Though every team, project and time tracked using it is stored on our servers and are connected to your account. In detail this includes the following data:

  • All teams you are part of
  • All teams you have admin rights for
  • All projects you are part of
  • All projects you have admin rights for
  • All time measured for every single time type and every project including the time when this time has been measured

Your personal data is accessible only by Clockwork Origins, you and your team. Detailed informations (times you have been working) won’t be accessible by other team members, only the team and project admins have access to it. Nothing measured via ClockWatcher will be shared with third parties. Clockwork Origins will only use your usage data to improve the quality of our products and isn’t interested in detailed time logs.

Elemental War

All online features bound to the Clockwork account will be stored on our server connected to the account. This includes the following data:

  • Unlocked achievements
  • Highscores
  • All statistics visible in the statistics menu which includes e.g. the time played
  • The region chosen in the ingame settings where the user is located
  • Feedback given via the ingame feedback functionality while being logged into your account
  • The time played during the last 30 days used to display alliance average playtime
  • Alliances, their members and the best scores for each game mode

The data is only visible to the user and Clockwork Origins and won’t be shared with others. It is used for improved user experience and for internal statistics. Highscores will be visible for all others users under the given username. This includes the region for people in the same region.

All other data stored is anonymous and not connected to the user account.

Spine

All online features bound to the Clockwork account will be stored on our server connected to the account. This includes the following data:

  • Unlocked achievements
  • Highscores
  • Play time per modification
  • Last time each modification was played
  • Rated modifications including the rating
  • Spine friends
  • Submitted compatibility reports for modifications
  • The language chosen in Spine
  • Different modification specific data*
  • IP, system dependent hash and MAC address of the currently running machine when starting a game**
  • Resolution and key bindings stored in the Gothic.ini***

The data with some exceptions (see below) is not given to others. It is used to provide the online features and for internal statistics to improve the user experience.

All other data collected by Spine is not connected to a user and just of internal interest to improve our software in the future. No personal data or anything from the machine the user is using is collected, just data related to Spine and the played modifications.

* The data stored can be defined by the mod team and be used in the modification. This also includes the username, the achievements, highscores and some custom statistics for their modifications. Achievements also can be queried for other modifications for the user playing another modification. Clockwork Origins doesn’t share the mail address, but the mod teams can do everything they like with this data.

** The IP and MAC address of the current session of a user are stored and used for authentication of players of some Gothic Multiplayer modifications (currently Jharkendar Online DeathMatch and RP).

*** This data is provided to authorized Gothic Multiplayer modifications to provide better functionality of the modifications. The data is shared together with the Clockwork user id of the account. This id doesn’t automatically lead to further informations about the user.

9. RIGHTS OF THE USERS

9.1. Users have the right, upon request, to receive information free of charge about the personal data we have stored about them.

9.2. In addition, users shall have the right to correct inaccurate data, limit the processing and deletion of their personal data, if applicable, assert their right to data portability and, in the event of unlawful processing, file a complaint with the appropriate regulatory authority.

9.3. Likewise, users can revoke consent, generally with implications for the future as it requires to delete the Clockwork account.

10. DELETION OF DATA

10.1. The data stored with us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the users’ data are deleted because they are required for other and legally permitted purposes, their processing will be restricted. That means the data is blocked and not processed for other purposes. This applies for example for data of users who must be kept for commercial or tax reasons.

10.2. According to legal requirements, storage takes place for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.)

11. RIGHT TO OBJECT

Users may object to the processing of their personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.

12. CHANGES OF THE PRIVACY POLICY

12.1. We reserve the right to change the privacy policy in order to adapt it to changed legal situations, or to changes in the service and data processing. However, this only applies to declarations of data processing. If users’ consent is required or elements of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

12.2. The users are asked to keep up to date with the content of the privacy policy.