Privacy Policy
Last Updated: 20th January 2026
This Privacy Policy explains the nature, scope, and purpose of how we process personal data when you use this website and its functions (collectively, the “online offering”). Terms such as “controller” and “processing” are used as defined in Article 4 of the EU General Data Protection Regulation (GDPR).
Controller
We are not required to appoint a Data Protection Officer, but you may contact us using the details above for all privacy-related matters.
Purposes and legal bases of processing
We process data only to operate, secure, and improve this website. We do not track individuals, create behavioural profiles, or use personal data for advertising.
Processing based on legitimate interests is supported by a documented Legitimate Interest Assessment (LIA) in which we evaluated necessity, proportionality, and user expectations.
2.1. Website analytics (via Framer)
We use Framer B.V. as our hosting provider and analytics processor. When you access our site, Framer processes limited technical data necessary to generate aggregated, non-identifying usage statistics. These include:
IP address (pseudonymised immediately using a daily rotating salt)
browser and device information
timestamps and requested pages
Framer processes these values only to produce aggregated metrics such as total page views, referrers, and unique visitor counts.
We receive only aggregated statistics, not raw personal data. Due to the aggregation and pseudonymisation methods used, we cannot identify individual visitors from these analytics data.
Legal basis:
Legitimate interest in operating, maintaining, and improving the website (Art. 6(1)(f) GDPR).
TTDSG note:
Framer does _not_ store or access information on your device beyond what is technically necessary for providing the website. Therefore, processing falls under § 25(2)(1) TTDSG and does not require consent.
2.2 DNS resolution (Strato)
When you visit our domain, your device performs a DNS query. This is handled by:
Strato AG, Pascalstraße 10, 10587 Berlin, Germany
DNS requests are logged only temporarily for security and operational reasons and are automatically deleted after short retention periods defined by Strato.
Strato processes:
the requester’s IP address
the requested domain
technical metadata required to perform DNS resolution
This is necessary to technically deliver the website.
Legal basis:
Legitimate interest in ensuring technical accessibility and stability of the site (Art. 6(1)(f) GDPR).
TTDSG note:
This processing is technically necessary to provide the website and therefore falls under § 25(2)(1) TTDSG.
2.3 Server and security logs
Framer and its hosting partners generate short-term server logs that may include:
pseudonymised or (in edge cases) raw IP addresses
timestamps
request details
error and diagnostic data
These logs are used solely for security, error detection, and ensuring the operational stability of the service. Temporary storage of IP addresses in server logs is necessary to detect attacks, prevent abuse, and diagnose technical faults. Logs are never used for analytics or profiling.
Legal basis:
Legitimate interest in ensuring technical accessibility and stability of the site (Art. 6(1)(f) GDPR).
2.4 Contact by e-mail (Strato)
When you contact us at contact@gemeingames.com, your message is processed by our email provider Strato AG.
Strato processes:
your e-mail address
message content and attachments
routing and metadata (timestamps, mail server information)
We use this information solely to respond to your enquiry.
Security:
Email transmission is secured by TLS (transport encryption). End-to-end encryption is not used unless you initiate it using PGP or S/MIME.
Legal basis:
Legitimate interest in responding to user communications (Art. 6(1)(f) GDPR).
Recipients and processors of personal data
We rely on the following service providers to operate this website:
Framer B.V.
Willem Fenengastraat 4, 1096 BN Amsterdam, Netherlands
Role:
hosting provider and analytics processor
Processing is based on a Data Processing Agreement (Art. 28 GDPR).
Framer may use subprocessors, including providers located outside the EEA.
A list of subprocessors is available in Framer’s published DPA documentation.
-
Strato A.G.
Pascalstraße 10, 10587 Berlin, Germany
Role:
domain registrar, DNS provider, email hosting
Processing is based on a Data Processing Agreement (Art. 28 GDPR).
Strato processes DNS and mail server data within Germany/EU.
We do not share personal data with third parties for advertising or profiling, nor do we use third-party social media plugins or embedded trackers.
Cookies and tracking
This website does not use cookies, persistent identifiers, or comparable technologies for analytics or tracking.
We do not store information on your device or access information on your device except as technically necessary to provide the website, in accordance with § 25(2)(1) TTDSG.
If this changes in the future, we will implement a GDPR- and TTDSG-compliant consent mechanism and update this Privacy Policy accordingly.
International data transfers
Framer may transfer data to subprocessors outside the European Economic Area, including the United States.
Such transfers rely on:
EU Standard Contractual Clauses (SCCs) under Art. 46 GDPR
Additional technical and organisational measures (e.g., pseudonymisation, data minimisation)
Despite these safeguards, there remains a residual risk that authorities in third countries may access personal data under local laws.
We have assessed this risk as low due to the minimal and pseudonymised nature of the processed data.
Strato processes data exclusively within Germany and the EU.
Retention periods
Aggregated analytics data: Framer retains analytics data according to its internal operational requirements. This data is available to us for 30 days. Raw telemetry used for security or diagnostics is retained only as long as technically necessary.
Server/security logs: Retained only for operational stability and security purposes. Log retention is typically limited to a few days, and only extended temporarily during security incidents.
Contact inquiries: We retain e-mails only as long as necessary to process the inquiry. Routine correspondence is deleted once the inquiry is resolved, unless legal retention periods (e.g. commercial or tax law) require longer.
We do not retain any personal data for longer than is necessary for the purposes described above.
Your rights under GDPR
You have the following rights regarding personal data we process as the controller:
Access: Request information about whether we process your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of data we control (where permitted).
Restriction: Request limited processing.
Objection: Object to processing based on legitimate interests.
Data portability: Receive your data in a structured, commonly used format (where applicable).
Because we typically receive only aggregated, non-identifying analytics, we may be unable to identify you in these datasets, and deletion or access may therefore not apply. In accordance with Art. 11 GDPR, we do not undertake additional processing solely to identify individual visitors.
To exercise your rights, contact us at contact@gemeingames.com
If you believe our processing violates data protection law, you may lodge a complaint with the supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin
Germany
Website: www.datenschutz-berlin.de
Security measures
We and our processors implement appropriate technical and organisational measures under Art. 32 GDPR, including:
pseudonymisation of analytics input data
TLS encryption for data transmission
strict access controls
server hardening and monitoring
minimisation of log files and retention periods
secure hosting in the EU (Strato and Framer’s EU infrastructure)
We do not use personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR.
Third-party changes
Where we rely on external service providers (e.g. Framer), we base our policy on their publicly available privacy documentation. Their practices may evolve; we will update this policy whenever we are informed of changes that affect your rights or our obligations.
Changes to this policy
We may update this policy to reflect changes in our data practices, legal requirements, or the technologies we use. The “Last updated” date at the top will always reflect the most recent version.