Privacy Policy
This privacy policy describes our policies and procedures on the collection, use and disclosure of your information when you visit our website and play our Game, and tells you about your privacy rights and how the law protects you.
If you have any questions about this policy or our data protection practices, please contact us using: [email protected]
Principles of data processing
Personal data
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior.
Special Category Data
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
Processing
The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis.
Legal basis
In accordance with the DPA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: i) you have given your consent, ii) the data is necessary for the fulfillment of a contract / pre-contractual measures, iii) the data is necessary for the fulfillment of a legal obligation, or iv) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Retention
Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.
Data we collect
Provision and use of the website
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. This is technically necessary for us to display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) Date and time of access, iii) name and URL of the file accessed, iv) website from which the access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The legal basis is our legitimate interest.
Hosting
We use the hosting services of OVH Groupe SAS, for the purpose of hosting and displaying our website. OVH does so on the basis of processing on our behalf, and that also means that all data collected on our website and shop is processed on OVH's servers.The basis for processing is our legitimate interest, and the initiation and/or fulfillment of a contract.
Google Fonts
We use Google Fonts from Google on our website to display external fonts. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is called up. Through the connection to Google, which is established when our website is called up, Google can determine from which website your request originates and to which IP address the display of the font should be transmitted. This constitutes a legitimate interest.
Cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies: i) Essential Cookies. Essential cookies are cookies to provide a correct and user-friendly website; and ii) Non-essential Cookies. Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
As set out in Denmark’s Marketing Practices Act (Act No. 426) as amended, and the Act on Electronic Communications and Network Services (Act No. 128) as amended, and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.
Cookie consent
Our website uses a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest.
Economic analyses and market research
For business reasons, we analyze the data we have on business transactions, contracts, enquiries, browsing behavior etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. For this purpose we use Google Analytics and you can find more information about Google Analytics in our Cookie Policy. The legal basis is our legitimate interest and your consent.
Contacting Us
We offer you the opportunity to contact us using various methods. We collect the data you submit such as your name, email address, telephone number and your message in order to process your enquiry and respond to you. The legal basis is both your consent and contract.
Our Community
We process the Personal Data that arises when you use our community services. In particular, this requires you to join our server and community on Discord. If you contact or connect with us via Discord, we and Discord are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a membership, if any.
When playing Void Galaxy
We collect information about you when you play our game. This data may be required to enter into a contractual relationship with you or to perform a contract with you. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfill our legal obligations.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
You agree that, if you have provided us with Personal Data relating to a third party you have in place all necessary appropriate consents and that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
You may provide us with the following Personal and Non-Personal Data:
On registration, the following data is collected:
• Email address
• Username
• IP address
When playing the game, the following data may be collected:
• IP address
• Device hardware information (CPU name, GPU name, available memory etc.)
• Records of the issues you experience to provide customer service
• Player to player interactions (text chat)
We automatically collect the following Personal and Non-Personal Data:
• Device information (including but not limited to, IP address, network type, OS version, time zone settings, etc.),
• Device event information, including crash reports and system activity details (e.g., whether you encountered an error using our services or lost internet access, etc.)
Support ticket
If you create a support ticket, we will request Personal Data and, where applicable, non-Personal Data in accordance with your request, this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket.
Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfill the contract and/or our legitimate interest in processing your support ticket.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
Payment Data
If you make a purchase your payment will be processed via the payment service provider Stripe and payment will solely be processed through the payment system of Stripe. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.
Aggregated Data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose including improving our website and services. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.
Promotional use of your data
We use your data within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.
Data security
We undertake to protect your privacy and to treat your Personal Data and Service Data confidentiality. In order to prevent manipulation or loss or misuse of your data stored with us, we take extensive technical and organizational security precautions which are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognised encryption procedures (SSL or TLS).
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. We have no technical influence on this. It is the user's responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.
Marketing
Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.
Advertising
We would like to show you interesting advertising outside of our website and use various third-party tools and cookies for this purpose. These collect and process information about your activities on our website - for example, which products you are interested in or which pages you visit. By knowing what you are looking for and how you use our website, we can adapt our advertising to your needs. And thus increase the likelihood that you will also be shown suitable and interesting advertising outside our website.
We also analyze this data to evaluate the relevance of the advertisements and to optimize the advertisements for you. Through the tools, your browser regularly establishes a connection to the server of the tool provider when you visit our website. For some tools, we have no direct influence on what data is processed by the providers. The following personal data may be processed by third-party providers i) HTTP header information (e.g., IP address, web browser, website URL, date and time); ii) measuring pixel-specific data (e.g., pixel ID and cookie ID); and iii) additional information about visits to our website (e.g., orders placed, products clicked on). The legal bases for processing are our legitimate interest and your consent in case of cookies. For further information, please refer to our Cookie Policy.
Social media
General
We are present on social media on the basis of our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The Personal Data collected when contacting us is to handle your request and the bases are both your consent and our legitimate interest.
When you visit our profiles and interact with us and others
When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). Which Personal Data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account. The legal basis is our legitimate interest and your consent.
International transfers
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
How we may share your personal data
We may share your Personal Data with our Business Partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customizing our business to better meet your needs. We share your Personal Data only with Business Partners who agree to protect and use your Personal Data solely for the purposes specified by us.
We may also disclose your Personal Data for any purpose with your consent or for law enforcement, fraud prevention or other legal actions as required by law or regulation, or if we reasonably believe that we must protect us, our customers or other business interests. Except as described above of which you will be informed in advance, we will not disclose your Personal Data.
What we do not do
We do not request Personal Data from minors and children;
We do not use Automated decision-making including profiling; and
We do not sell your Personal Data.
Privacy rights
Under the DPA and the GDPR, you can exercise the following rights:
• Right to information
• Right to rectification
• Right to deletion
• Right to data portability
• Right of objection
• Right to withdraw consent
• Right to complain to a supervisory authority
• Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
Updating your information and withdrawing your consent
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing or want to withdraw any consents you have given us, please contact us.
Access request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
Complaint to a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. The Data Protection Agency (“Datatilsynet”) located at Carl Jacobsens Vej 35, DK-2500 Valby, Denmark, www.datatilsynet.dk is the Data Protection Authority for Denmark. However, we would appreciate the opportunity to address your concerns before you contact Datatilsynet.
USA specific provisions
The following applies to all users located in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the nDSG or GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations. As of the day of drafting, the following states had enacted privacy and consumer data protection laws:
• California Consumer Privacy Act (“CCPA”) including its subsequent amendments from the California Privacy Rights and Enforcement Act (“CPRA”);
• Colorado Privacy Act (“CPA”);
• Connecticut Data Privacy Act (“CTDPA”);
• Delaware Online Privacy Protection Act (“DOPPA”);
• Indiana Consumer Data Protection Act (“ICDPA”);
• Iowa Consumer Data Protection Act (“ICDPA”);
• Montana Consumer Data Privacy Act (“MCDPA”);
• Oregon Consumer Privacy Act (“OCPA”);
• Tennessee Information Protection Act (“TIPA”);
• Texas Data Privacy and Security Act (“TDPSA”);
• Utah Consumer Privacy Act (“UCPA”); and
• Virginia Consumer Data Protection Act (“VCDPA”).
Further and under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
Further, the following also apply:
“Shine the Light”
“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
Telephone Consumer Protection Act (TCPA)
If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
Right to complain
Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
Validity and questions
This Privacy Policy was last updated on June 11, 2024, and is the current and valid version. However, from time to time changes or a revision to this policy may be necessary. If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the details provided above.