Privacy Policy

The party responsible for data processing on this website is the website operator named in our Legal / Imprint. Below we explain what data we process and why.

Data access and hosting

You can visit our website without giving any personal information. Each time the website is called up, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. We process this access data on the basis of Art. 6 (1) (f) GDPR to ensure the stability, security, and operability of our website. Server log files are stored only as long as required for these purposes and are then deleted or anonymized.

Hetzner

We host our website at Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter: Hetzner).
Details can be found in Hetzner's data protection declaration.

Cloudflare

We use Cloudflare to distribute our services and protect them from malicious use and attacks. The provider is Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA. Cloudflare, Inc. is certified under the EU-US Data Privacy Framework; transfers to the USA are based on the corresponding adequacy decision (Art. 45 GDPR).
Details can be found in Cloudflare's data protection declaration.

Bunny CDN

We use Bunny CDN to distribute our services and protect them from malicious use and attacks. The provider is BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia.
Details can be found in Bunny's data protection declaration.

Wasabi

We use Wasabi for cloud object storage. The provider is Wasabi Technologies LLC, 111 Huntington Avenue, Boston, MA 02199, USA. Insofar as personal data is transferred to the USA, the transfer is safeguarded by standard contractual clauses (Art. 46 (2) (c) GDPR).
Details can be found in Wasabi's data protection declaration.

Brevo

We use Brevo (formerly Sendinblue) to manage our newsletter. The provider is Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Details can be found in Brevo's data protection declaration.

Order Data Processing

We have concluded contracts on order processing (AVV, Art. 28 GDPR) with Hetzner, Cloudflare, Bunny, Wasabi, Brevo, and Umami. This is a contract required under data protection law, which ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

Data Collection and Use for Contract Processing

We collect personal data if you provide it to us as part of your order or when you contact us (e.g. using the contact form or email). Mandatory fields are marked as such because in these cases we need the data to process the contract or your request, and you cannot complete the order or send the message without providing them. Which data is collected can be seen from the respective input forms. We use the data you provide for contract processing and for handling your requests in accordance with Art. 6 (1) (b) GDPR.

Payments

For payment processing, we pass the data required for the payment (e.g. name, email address, IP address, billing information) to our payment service providers on the basis of Art. 6 (1) (b) GDPR:

  • Stripe: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Data may be transferred to Stripe, Inc. in the USA; Stripe, Inc. is certified under the EU-US Data Privacy Framework. Details can be found in Stripe's privacy policy.
  • PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Details can be found in PayPal's privacy policy.

These payment providers take care of secure payment processing; depending on the payment method, they act on our behalf or as independent controllers.

Storage Period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax law or commercial law); in the latter case, the deletion will take place after these reasons have ceased to exist.

Registration

You need to register with us to use our products. We save personal login details (e.g. email, password) within the registration process. The legal basis is Art. 6 (1) (b) GDPR (performance of a contract).

Newsletter

If you register for our newsletter, we will use the data required for this or separately provided by you in order to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR). Unsubscribing from the newsletter is possible at any time, either by sending a message to our contact mail or via a link provided in the newsletter.

Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. Cookies are small text files that are automatically saved on your device. Insofar as cookies are strictly necessary for operating the website, their use is based on § 25 (2) No. 2 TDDDG and Art. 6 (1) (f) GDPR (legitimate interest in a functional and secure website). Cookies that are not strictly necessary are only used with your consent (§ 25 (1) TDDDG, Art. 6 (1) (a) GDPR). Some of the cookies we use are deleted again at the end of the browser session (session cookies); other cookies remain stored until they expire or you delete them. You can delete or block cookies at any time in your browser settings.

If you visit our website via a referral link (URL parameter "ref"), we store a cookie named "ref" on your device for 7 days. It contains the ID of the referring user and is used solely to attribute a subsequent purchase to the referrer as part of our referral program. The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest lies in operating the referral program.

Web Analytics (Umami)

We use Umami Cloud, a privacy-focused web analytics service, to measure how our website is used (e.g. pages visited, buttons clicked, referrer, browser type). Umami does not use cookies and does not store complete IP addresses or persistent identifiers. The provider is Umami Software, Inc., USA. The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest lies in analyzing and improving our website. Insofar as personal data is transferred to the USA, the transfer is safeguarded by standard contractual clauses (Art. 46 (2) (c) GDPR).
Details can be found in Umami's data protection declaration.

Google reCAPTCHA

We use Google reCAPTCHA to protect forms against abuse (e.g. spam, bots). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; data may also be transferred to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework. reCAPTCHA analyzes various information about visitors (e.g. IP address, mouse movements) to determine whether input is made by a human being or a bot. Insofar as information is stored on or read from your device, this takes place in accordance with § 25 TDDDG; where consent is required, the legal basis is Art. 6 (1) (a) GDPR, otherwise Art. 6 (1) (f) GDPR based on our legitimate interest in protecting our web offers and third parties against abuse.
Details can be found in Google's privacy policy.

Usage Statistics

We gather anonymized statistics from all VyHub instances for internal use. Data may include, but is not limited to, player statistics, usage statistics, and revenue statistics.

SSL or TLS Encryption

This site uses SSL or TLS encryption to protect the transmission of confidential content, such as login data, orders, or payment information. When SSL or TLS encryption is active, the data that you transmit to us cannot be read by third parties.

Contact and Your Rights

As a data subject, you have the following rights:
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent specified therein.
In accordance with Art. 16 GDPR, you have the right to immediately request the correction of incorrect personal data or the completion of your personal data stored by us.
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing applies.
In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data. For this purpose you can contact us at any time.
In accordance with Art. 20 GDPR, you have the right to data portability. You have the right to have the data processed by us handed over to you or a third party in a common machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place insofar as it is technically feasible.

Right to object (Art. 21 GDPR)

Insofar as we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation. We will then no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where processing is based on your consent, you can withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR). The lawfulness of the processing carried out until the withdrawal remains unaffected.

Right to lodge a complaint

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The supervisory authority responsible for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.

For consent or objection to a specific use of data, you can also contact us directly at any time using the contact details in our imprint.