Privacy Policy
Last updated: 12 June 2026
Legal notice (German version prevails):
This Privacy Policy is governed by German law and the applicable EU data protection regulations as
implemented and applied in Germany. The following English version is provided for convenience only and
is a non-binding translation of the German Privacy Policy. In the event of discrepancies,
inconsistencies, or translation errors, the German version shall prevail. References to sections,
articles, and legal provisions in this document refer to the German-language version and the relevant
legal framework applicable in Germany.
We are delighted about your interest in our association.
Data protection is of particular importance to the Executive Board of Unknown Forces eSports e. V. The
use of the websites of Unknown Forces eSports e. V. is generally possible without providing any personal
data. However, if a data subject wishes to use special services offered by our association via our
website, processing of personal data may become necessary. If the processing of personal data is
necessary and there is no legal basis for such processing, we generally obtain the consent of the data
subject.
The processing of personal data, for example the name, address, email address or telephone
number of a data subject, is always carried out in accordance with the General Data Protection
Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to
Unknown Forces eSports e. V. By means of this Privacy Policy, our association would like to inform the
public about the nature, scope and purpose of the personal data we collect, use and process.
Furthermore, data subjects are informed about their rights by means of this Privacy Policy.
Unknown
Forces eSports e. V., as the controller responsible for processing, has implemented numerous technical
and organisational measures to ensure the most complete protection possible of personal data processed
via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so
absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit
personal data to us via alternative means, for example by telephone.
1. Definitions
The Privacy Policy of Unknown Forces eSports e.V. is based on
the terminology used by the European legislator when adopting the General Data Protection Regulation
(GDPR). Our Privacy Policy is intended to be easy to read and understand for the public as well as for
our guests and members. To ensure this, we would like to explain the terminology used in advance.
In
this Privacy Policy, we use, among other things, the following terms:
1 a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a membership number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1 b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller.
1 c) Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1 d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
1 e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
1 f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
1 g) Controller or controller responsible for processing
Controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States.
1 h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1 i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union law or the law of the Member States shall not be regarded as recipients.
1 j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
1 k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
Controller within the meaning of the General Data Protection
Regulation, other data protection laws applicable in the Member States of the European Union and other
provisions of a data protection nature is:
Unknown Forces eSports e. V.
P.O. Box 86
58286 Wetter
Germany
Email: info@unknown-forces.com
Website:
https://unknown-forces.com/
3. Cookies and consent management
Our website uses cookies and similar technologies. Cookies are
small text files or comparable information that are stored on or accessed from your device via your
browser. Some of these technologies are technically necessary to provide the website, ensure its
security and enable basic functions. Other cookies ortechnologies may be used for analytics, statistics,
performance measurement or the integration of external content and services.
The use of
technically necessary cookies and similar technologies is based on § 25(2) TDDDG and,
where personal data is processed, on Art. 6(1)(f) GDPR. Our legitimate interest lies in
the secure, stable and user-friendly provision of our website.
The use of optional cookies and
similar technologies, in particular for analytics or other non-essential purposes, only takes place if
and to the extent that you have given your prior consent via our consent banner. The legal basis for
this is § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You may
grant, refuse or withdraw your consent at any time with effect for the future via our consent
settings.
Further information on the individual services used, the purposes of processing, the
categories of data concerned, possible recipients and retention periods can be found in the relevant
sections of this Privacy Policy. You can also configure your browser to block or delete cookies. Please
note, however, that in this case some functions of the website may no longer be available or may only be
available to a limited extent.
3 a) Cookie Settings
You can change or withdraw your consent at any time.
3 b) Consent Management with CCM19
We use the consent management tool CCM19 to obtain, manage, and document consent for the use of optional cookies and similar technologies, and to enable users to withdraw their consent. In doing so, we may process, in particular, the consent status, the date and time of the decision, browser and device information, and technical connection data. This processing is carried out to obtain verifiable consent where required by law and to ensure that our website is provided in compliance with data protection regulations. The legal basis is Article 6(1)(c) of the GDPR, to the extent that documentation is required by law, as well as Article 6(1)(f) of the GDPR for the technically reliable management of consent. To the extent that the use of CCM19 involves accessing information on the user’s device or storing information there, such activities are governed by Section 25 of the TDDDG. Further information regarding the duration of storage and the specific technologies used can be found in the Cookie Policy or the cookie settings.
3 c) Cookies and storage technologies currently used
site_lang(LocalStorage): stores the language actively selected by the user; until deleted by the user.ukf_shop_cart_v1(LocalStorage): provides the shopping cart for an order request; until deleted or completion of the request.ukf_shop_voucher_v1(LocalStorage): stores an applied voucher code in the shopping cart; until deleted or completion of the request.ukf_order_request_numberandukf_order_request_time(SessionStorage): displays the order confirmation after a successful request; at most for the browser session or two hours.ukf_order_submission_token(SessionStorage): prevents duplicate order requests when resubmitting or reloading while processing; until completion of the request or the end of the browser session.uf_popup_closed_<campaign>(Cookie): prevents a notice or promotional banner from being shown again after it has been actively closed; duration according to the respective campaign setting, seven days by default.PHPSESSID(Cookie): session cookie solely for login, protected administration areas and protected write operations; duration: session.
discord_dashboard_actor_id (SessionStorage), marketing.activeTab and shop.order.changed (LocalStorage).Optional services are only activated after consent: the Discord widget is loaded as external content via CCM19. Google Analytics is only used if this service is activated in CCM19 and the user has consented; in that case, in particular the cookies _ga and _ga_<measurement-id> may be set.
4. Collection of general data and information
When this website is accessed, technical information is
automatically processed by our hosting provider STRATO GmbH in server log files in order to ensure the
security, stability and proper provision of the website and to detect and resolve technical errors. This
may include in particular the IP address, date and time of access, requested page or file, referrer URL,
browser type and browser version, operating system and HTTP status code.
The legal basis for this
processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and technically
reliable provision of our website and in the defence against misuse and attacks.
Server log data is
stored only for as long as necessary for these purposes and is then deleted unless further retention is
required for security-related investigation or legal defence purposes. The specific retention period
depends on the technical settings of the hosting environment.
If Google Analytics is activated in our cookie settings and you have given your prior consent, we
use this service to analyse the use of our website, improve our content and optimise language and website
performance. Google Analytics is only loaded after your active consent.
The legal basis for the use of Google Analytics is Art. 6(1)(a) GDPR in conjunction with Section
25(1) TDDDG. Consent may be withdrawn at any time with effect for the future.
In this context, usage
data, device and browser information, online identifiers, page views, interaction data and approximate
location data may be processed. Recipients may include Google Ireland Limited and Google LLC. Data may
also be transferred to third countries. Such transfers take place on the basis of the applicable legal
safeguards. Further information on retention within Google Analytics depends on the settings configured
in the respective Google Analytics property.
4 a) Google Fonts
The fonts used on this website are hosted locally on our own server. Therefore, when you visit this website, no connection is established with Google Fonts servers solely for the purpose of loading the fonts.
4 b) Google Sheets API
For the provision and updating of certain team, association or
organisational information on this website, we access content from Google Sheets server-side via the
Google Sheets API. In this context, our server processes the technical data required for the retrieval
as well as the content stored in the spreadsheets. Based on our current implementation, merely visiting
the website does not establish a direct connection between the user's browser and the Google Sheets API;
the retrieval is performed server-side by us.
The legal basis for this processing is Art. 6(1)(f)
GDPR. Our legitimate interest lies in the efficient, up-to-date and consistent provision of information
on our website. To the extent that personal data is processed within the scope of the API use,
processing by Google may take place. Data may also be transferred to third countries.
4 c) Twitch API
To display live status information or comparable
channel-related information, we use the Twitch API, in particular the Twitch Helix API. The retrieval is
performed server-side by our website or our server. In this context, Twitch processes the technical data
required for the API request as well as, where applicable, API credentials and request-related metadata.
Based on our current implementation, merely visiting the website does not establish a direct connection
between the user's browser and Twitch solely because of this status query.
The legal basis for this
processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the up-to-date and technically
efficient presentation of our streaming status and our online presence. To the extent that personal data
is processed within the use of the Twitch API, this is carried out under Twitch's responsibility. Data
may also be transferred to third countries, in particular the United States.
4 d) Discord Widget
An official Discord widget may be displayed on our community page. The widget is technically integrated in such a way that its iframe is only loaded after prior consent to the “Discord Widget” integration via CCM19. Before this consent, the widget does not establish a connection to discord.com.
After consent, the browser establishes a direct connection to Discord servers. In this context, in particular your IP address, browser and device information, referrer data and the time of access may be processed. If you are logged in to Discord at the same time, Discord may be able to associate the access with your user account.
The legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. You may withdraw consent at any time for the future via the cookie settings.
4 e) Font Awesome
This website uses icons from the Font Awesome library. The files are provided locally on our own server. When the relevant pages are accessed, no connection to external Font Awesome or Cloudflare content delivery networks is established solely for loading these icons.
4 f) Gamertransfer logo and link
On our teams page, we embed a linked logo of the Gamertransfer platform. The image file is loaded directly from gamertransfer.com when the teams page is accessed. Consequently, a connection to Gamertransfer is established when the logo is loaded; in this context, in particular your IP address, browser and device information, the accessed page, referrer information and the time of access may be processed. If you additionally click the logo, you leave our website and access Gamertransfer directly.
The legal basis for providing the linked logo is Art. 6(1)(f) GDPR. Our legitimate interest lies in presenting our recruiting partnership and maintaining the related association/recruiting functions.
5. Newsletter
We currently do not offer newsletter delivery or newsletter registration through our website. Consequently, no personal data are collected or processed through the website for newsletter purposes. If a newsletter is offered in the future, this Privacy Policy will be updated before activation.
6. Newsletter tracking
As no newsletter is currently offered through our website, we do not use newsletter tracking, tracking pixels in newsletters or any analysis of newsletter openings or link clicks.
7. Contact option via the website
Our website includes information on how to contact us
electronically, as well as a contact form. If you contact us by email or through the contact form, we
will process the data you provide—specifically your name, email address, category, subject, and
message—to handle your inquiry and for any follow-up communication.
To prevent misuse and ensure the
technical security of the contact form, we also process technical connection data, specifically the IP
address or proxy-related IP information, as part of rate limiting. Messages are sent via our SMTP
infrastructure. Depending on the selected category, the inquiry may be forwarded internally to various
relevant contact points.
The legal basis is Article 6(1)(b) of the GDPR, insofar as the inquiry
relates to the initiation or performance of a contract or membership, and otherwise Article 6(1)(f) of
the GDPR. Our legitimate interest lies in the efficient processing of inquiries, system security, and
the prevention of misuse.
Contact inquiries are generally stored for up to 24 months after the
completion of the respective process, unless longer retention is required.
7 a) External forms via Jotform
Our website may provide links to external forms of the Jotform
service, for example for membership applications, applications or other enquiries. Merely visiting our
website does not initially transmit any form data to Jotform through such links. Only if you actively
click such a link will you leave our website and access a page provided by Jotform. In this context,
Jotform may process technical data such as your IP address, browser and device information as well as
referrer data. In addition, Jotform processes the data you enter into the respective form under its own
data protection responsibility or within the framework of the respective contractual
integration.
Insofar as the processing of the entered data serves the initiation or performance of a
membership, application or other contractual relationship, the legal basis is Art. 6(1)(b) GDPR.
Otherwise, the use of voluntarily provided information is based on Art. 6(1)(a) GDPR. Please also note
Jotform's privacy information.
7 b) Withdrawal form
Our website provides a dedicated withdrawal form allowing consumers to exercise their statutory right of withdrawal. When you submit this form, we process your name, email address, order or contract reference, the scope of withdrawal and any optional message you provide. This processing is necessary to process your withdrawal request and reverse the contract where required.
For proof of receipt, the withdrawal declaration, including an exact timestamp, is logged server-side. To prevent misuse and spam, the IP address is processed in pseudonymised form solely as part of limited rate limiting; it does not become part of the long-term withdrawal record.
The legal basis for processing the contract and proof data is Art. 6(1)(b) and (c) GDPR. The legal basis for technical rate limiting is our legitimate interest pursuant to Art. 6(1)(f) GDPR. Data from the withdrawal process is retained only for as long as necessary to process and evidence the withdrawal or to comply with applicable statutory retention obligations.
7 c) Clip submissions
If you submit a video clip through our clip submission form, we process the selected game, your in-game name, optionally your Discord ID, the uploaded video file, technical upload metadata, the time of submission and proof of the consent text accepted by you. The purpose is to review the clip, contact you if necessary and, if approved, use the clip for association communication, social media, streams, videos, websites or similar public relations formats.
The legal basis for processing the clip and the consent proof is Art. 6(1)(a) GDPR. Technical security processing, including rate limiting, temporary staging, file validation and virus scanning, is based on Art. 6(1)(f) GDPR; our legitimate interest is the secure operation of the upload function and protection against misuse. Where a clip is later used in association communication, the underlying usage is based on the consent given in the form.
Uploaded clips and associated metadata may be stored in Google Drive / Google Workspace for internal review. Access is limited to authorised association staff. Clips rejected or no longer required should be deleted within a reasonable review period, generally no later than 12 months after submission, unless further retention is required for proof, legal defence or documented publication use. Published clips may remain available for as long as the respective publication is used by the association.
You may withdraw your consent with effect for the future at any time by contacting info@unknown-forces.com. A withdrawal does not affect processing that took place before the withdrawal. If a clip has already been published, we will review removal or blocking in the individual case, taking into account technical feasibility, existing publication channels and legal retention or evidence interests.
8. Routine erasure and blocking of personal data
The controller processes and stores personal data of the data
subject only for the period necessary to achieve the purpose of storage or insofar as this has been
provided for by the European legislator or another legislator in laws or regulations to which the
controller is subject.
If the storage purpose no longer applies or a storage period prescribed by
the European legislator or another competent legislator expires, the personal data are routinely blocked
or erased in accordance with the legal provisions.
9. Rights of the data subject
9 a) Right to confirmation
Each data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.
9 b) Right of access
Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller, free of charge, information about the personal data stored about him or her at any time and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject: any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has a right to obtain
information as to whether personal data are transferred to a third country or to an international
organisation. Where this is the case, the data subject also has the right to be informed of the
appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of
access, he or she may contact an employee of the controller at any time.
9 c) Right to rectification
Each data subject affected by the processing of personal data
has the right granted by the European legislator to obtain from the controller without undue delay the
rectification of inaccurate personal data concerning him or her. Furthermore, taking into account the
purposes of the processing, the data subject has the right to have incomplete personal data completed,
including by means of providing a supplementary statement.
If a data subject wishes to exercise this
right to rectification, he or she may contact an employee of the controller at any time.
9 d) Right to erasure (right to be forgotten)
Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller the erasure without undue delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws consent on which the processing is based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.
If one of the aforementioned grounds applies and a data
subject wishes to request the erasure of personal data stored by Unknown Forces eSports e. V., he or she
may contact a member of the management team of the controller at any time. The member of the management
team of Unknown Forces eSports e. V. will ensure that the erasure request is complied with without undue
delay.
If the personal data have been made public by Unknown Forces eSports e. V. and our
association, as the controller, is obliged pursuant to Article 17(1) GDPR to erase the personal data,
then Unknown Forces eSports e. V., taking into account available technology and the cost of
implementation, shall take reasonable measures, including technical measures, to inform other
controllers processing the published personal data that the data subject has requested erasure by such
controllers of any links to, or copies or replications of, those personal data, insofar as processing is
not required. The member of the management team of Unknown Forces eSports e. V. will arrange the
necessary measures in individual cases.
9 e) Right to restriction of processing
Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions applies and a data subject wishes to request the restriction of personal data stored by Unknown Forces eSports e. V., he or she may contact a member of the management team of the controller at any time. The member of the management team of Unknown Forces eSports e. V. will arrange the restriction of processing.
9 f) Right to data portability
Each data subject affected by the processing of personal data
has the right granted by the European legislator to receive the personal data concerning him or her,
which was provided by the data subject to a controller, in a structured, commonly used and
machine-readable format. He or she also has the right to transmit those data to another controller
without hindrance from the controller to which the personal data have been provided, where the
processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract
pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided that the
processing is not necessary for the performance of a task carried out in the public interest or in the
exercise of official authority vested in the controller.
Furthermore, in exercising the right to
data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal
data transmitted directly from one controller to another, where technically feasible and where doing so
does not adversely affect the rights and freedoms of others.
To exercise the right to data
portability, the data subject may contact a member of the management team of Unknown Forces eSports e.
V. at any time.
9 g) Right to object
Each data subject affected by the processing of personal data
has the right granted by the European legislator to object, on grounds relating to his or her particular
situation, at any time to processing of personal data concerning him or her which is based on Article
6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
Unknown Forces
eSports e. V. will no longer process the personal data in the event of an objection, unless we can
demonstrate compelling legitimate grounds for the processing which override the interests, rights and
freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal
claims.
If Unknown Forces eSports e. V. processes personal data for direct marketing purposes, the
data subject has the right to object at any time to processing of personal data concerning him or her
for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If
the data subject objects to Unknown Forces eSports e. V. to the processing for direct marketing
purposes, Unknown Forces eSports e. V. will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to
object to processing of personal data concerning him or her by Unknown Forces eSports e. V. for
scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR,
unless the processing is necessary for the performance of a task carried out for reasons of public
interest.
To exercise the right to object, the data subject may contact any member of the management
team of Unknown Forces eSports e. V. or another member of the management team directly. The data subject
is also free to exercise his or her right to object, in connection with the use of information society
services, by automated means using technical specifications, notwithstanding Directive 2002/58/EC.
9 h) Automated individual decision-making, including profiling
Each data subject affected by the processing of personal data
has the right granted by the European legislator not to be subject to a decision based solely on
automated processing, including profiling, which produces legal effects concerning him or her or
similarly significantly affects him or her, provided that the decision (1) is not necessary for entering
into, or performance of, a contract between the data subject and the controller, or (2) is authorised by
Union or Member State law to which the controller is subject and which also lays down suitable measures
to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the
data subject's explicit consent.
If the decision (1) is necessary for entering into, or performance
of, a contract between the data subject and the controller, or (2) is based on the data subject's
explicit consent, Unknown Forces eSports e. V. shall implement suitable measures to safeguard the data
subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention
on the part of the controller, to express his or her point of view and to contest the decision.
If
the data subject wishes to exercise rights concerning automated decisions, he or she may contact a
member of the management team of the controller at any time.
9 i) Right to withdraw a data protection consent
Each data subject affected by the processing of personal data
has the right granted by the European legislator to withdraw consent to the processing of personal data
at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may
contact a member of the management team of the controller at any time.
10. Data protection for applications and in the application process
10 a) Processing of applicant data for analysis purposes
The controller collects and processes applicants' personal
data not only to manage the application process, but also for internal analysis of membership
development. This analysis serves to optimise association structures, improve recruitment processes and
evaluate success rates during the tryout phase. In particular, data relating to applicants' strengths,
weaknesses, online times, prior experience, positions and ranking placements, as well as other relevant
information in connection with the application, such as age or nationality, are recorded. These are used
for detailed analysis and improvement of the recruitment process.
In addition, anonymised applicant
data is used in aggregated form to create statistics on reach, age distribution, success rates and
similar key figures. These statistics may be used in sponsorship and partner negotiations to document
the growth and attractiveness of the association. No personal data is passed on to third parties; only
aggregated, anonymised statistics are used.
Processing is carried out pursuant to Article 6(1)(f)
GDPR on the basis of the association's legitimate interest in optimising internal processes and ensuring
the financial and organisational development of the association. Applicants have the right to object to
the processing of their data for these purposes. However, we would like to point out that an objection
to the processing of the data may mean that admission to our teams is not possible, as this data is
necessary for participation in the selection process and for organising the team.
10 b) Electronic processing and retention of application documents
Processing may also be carried out by electronic means. This
is particularly the case if an applicant submits corresponding application documents to the controller
by electronic means, for example by email or via a web form on the website.
For volunteers and
applicants who sign a confidentiality agreement (NDA), additional specific data such as an image of a
valid photo ID is collected in order to verify the applicant's identity and ensure the correct execution
of the NDA. This data is required to ensure trust-based cooperation and compliance with the
confidentiality agreement.
The transmitted data is stored in compliance with statutory provisions
insofar as it is necessary for the performance of the voluntary activity and the confidentiality
agreement. If the applicant is not selected for a voluntary activity, the application documents will be
deleted automatically no later than two months after notification of the rejection decision, unless
other legitimate interests of the controller oppose erasure. A legitimate interest may be, for example,
a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG) or compliance with
the confidentiality agreement.
11. Data protection provisions regarding links to Instagram
Our website may contain links to our presence on Instagram. At
present, no Instagram components, plugins, buttons or embedded feeds are integrated on our website.
Therefore, merely accessing our website does not automatically transmit any data to Instagram. Only if
you actively click an Instagram link will you leave our website and access Instagram's service. From
that point onwards, personal data is processed by Instagram under its own data protection
responsibility. In particular, your IP address, browser and device information, referrer data and
further account-related data may be processed if you are logged in to Instagram.
The legal basis for
providing the link is Art. 6(1)(f) GDPR. Our legitimate interest lies in the public presentation of our
association and communication via social networks.
12. Data protection provisions regarding links to X
Our website may contain links to our presence on X. At present,
no X components, share buttons, widgets or embedded feeds are integrated on our website. Therefore,
merely accessing our website does not automatically transmit any data to X. Only if you actively click
such a link will you leave our website and access X's service. From that point onwards, personal data is
processed by X under its own data protection responsibility. In particular, your IP address, browser and
device information, referrer data and further account-related data may be processed if you are logged in
to X.
The legal basis for providing the link is Art. 6(1)(f) GDPR. Our legitimate interest lies in
the public presentation of our association and communication via social networks.
13. Payment processing, shop orders, donations and membership-related payments
For order requests in our shop, we process cart contents, product variants, quantities, contact and delivery details, optional messages, order numbers, invoice and payment status as well as internal processing and inventory data. The processing is used to review the request, create an invoice, prepare delivery after receipt of advance payment, handle returns or cancellations and respond to queries. No direct online payment is collected through the website; the invoice is created manually and sent by email.
For the customer status portal, the order number, email address and ZIP/postal code are requested. After successful verification, only filtered customer-facing information is displayed, in particular public order status, payment status, item overview and, where applicable, tracking numbers. Internal comments, supplier status, internal notes and other dashboard data are not displayed publicly.
In the shop dashboard, customer profiles, previous orders, internal notes, delivery blocks, supplier information, order forms, inventory movements and statistical evaluations may be managed. Where necessary for processing, data may be shared with suppliers, shipping providers, tax advisers, accounting software providers, banks and public authorities. If shop notifications are enabled, order numbers and internal processing notes may be transmitted to authorised Discord channels of our association. If statistics synchronisation is enabled, aggregated shop metrics may be transferred to a Google Sheets web app configured by us; personal customer data should not be used for this purpose.
The legal basis is Art. 6(1)(b) GDPR insofar as the processing is necessary for pre-contractual measures or the performance of a contract, Art. 6(1)(c) GDPR insofar as commercial, tax or association-law retention and documentation obligations apply, and Art. 6(1)(f) GDPR for internal documentation, abuse prevention, delivery blocks, IT security and efficient processing. Order, invoice and accounting data are stored in accordance with statutory retention periods, generally up to ten years. Pure support or internal processing notes are deleted or anonymised once they are no longer required for the respective purpose.
On our donation page, we also provide external links to payment and support services, in particular PayPal, Stripe, StreamElements and Twitch. These providers are not embedded or automatically loaded when you merely visit our site. Only if you actively click such a link will you leave our website; the chosen provider may then process technical data and the data required for the payment or support under its own data protection responsibility.
14. Discord warning system
A warning system is used on our Discord server to enforce our
server rules and to protect the integrity, safety and order of the community. Depending on the type and
severity of a violation, the following data may be processed and stored: the reason for the warning, the
time of the warning, the Discord user ID of the affected user, an evidence image (screenshot) of the
violation and, in ban-related cases, additional game- or platform-related identifiers where necessary
for documentation and enforcement.
The legal basis for this processing is Art. 6(1)(f)
GDPR. Our legitimate interest lies in enforcing our community rules, documenting
violations, protecting our members and defending the association against misuse and disputes.
Access
to this data is limited to authorised persons within management, moderation and administration who
require access for the enforcement of rules and sanction procedures. The data is stored for as long as
necessary for the enforcement, review, documentation or possible withdrawal of the respective measure.
Ban-related information may be retained for as long as the sanction remains relevant or for as long as
retention is required for legal defence or documentation purposes.
15. Publication of players in the text channel and on the website
To present our teams and for the public presence of the
association, we regularly publish information about players in text channels on Discord as well as on
our website. The following information may be published: name/first name (as provided by the player),
Discord display name and/or in-game name, role/position, age, nationality, as well as leagues and
achievements. We only publish an image if the player actively provides it to us and expressly consents
to publication.
Publication on Discord takes place either by mentioning (e.g. @username) or by naming
the Discord display name (possibly only in parts), and on the website by displaying it accordingly in
the team profile. The legal basis is your consent, which you can revoke at any time with effect for the
future.
16 a) Use of MOSS (Monitoring-System) for fair-play and cheat prevention
In order to ensure fair competitive conditions and to protect
the integrity of our competitive operations, Unknown Forces eSports e. V. may require the use of the
anti-cheat and monitoring tool MOSS for participation in certain PC-related tryouts, scrims, training
sessions, leagues, tournaments or other competitive activities. Where the use of MOSS is mandatory under
our internal rules or for the respective competition, participation is only possible if MOSS is used
properly and the generated MOSS files are submitted to us.
MOSS is used exclusively for the
detection, investigation and prevention of cheating, manipulation, unauthorised third-party software and
other rule violations. The generated MOSS files are reviewed only by a specifically authorised and
restricted internal team on a strict need-to-know basis.
Categories of personal data
processed:
Depending on the technical functionality of MOSS and the specific session,
the following data may be collected and stored in a MOSS file: automatically generated random
screenshots; in-game screenshots triggered by pressing the "Print Screen" key; device- or
hardware-related identification data; game-relevant key files; game executable signature/hash data and
session start/stop timestamps; indicators of code injections; processor-speed comparisons; active
process information including process name, file path, Authenticode signature and SHA2 hash; information
related to the detection and logging of macro use (including key patterns, timing, deviations and
frequency of use), no-recoil macros, auto-aim actions and mouse-macro settings; as well as detected
antivirus software and its status.
The collected data is typically stored by MOSS in a
SHA2-secured ZIP archive. This archive serves as a fair-play verification file and may be required as
evidence in the event of a review, protest, disciplinary matter or other dispute relating to compliance
with the applicable rules.
Purposes of processing:
The processing is carried
out for the following purposes: ensuring fair competitive conditions; protecting the integrity of our
competitive and team operations; verifying compliance with internal rules and external competition
rules; investigating and clarifying suspected rule violations; preserving evidence in dispute, protest
or disciplinary cases; and, where cheating or manipulation can be sufficiently substantiated or proven,
taking internal disciplinary measures and, where necessary, reporting the incident to the respective
game developer, publisher, platform operator, league operator, tournament organiser or other competent
body and transmitting the relevant MOSS file or relevant extracts thereof for the purpose of review,
enforcement and further investigation.
Legal basis:
The processing is based
on Article 6(1)(b) GDPR insofar as the processing is necessary for participation in tryouts, scrims,
leagues, tournaments or other competitive activities governed by our rules or the rules of the
respective competition.
In addition, the processing is based on Article 6(1)(f) GDPR. Our legitimate
interest lies in preserving fair play, protecting the integrity of competitive play, preventing cheating
and manipulation, ensuring equal treatment of all participants, safeguarding our teams and members, and
securing evidence for the establishment, exercise or defence of legal or disciplinary
claims.
Recipients / categories of recipients:
Access to MOSS files is
granted only to a specifically authorised and restricted internal anti-cheat team and, where necessary,
to authorised directors or members of the executive board on a strict need-to-know basis.
Data may
also be disclosed to league or tournament administrators, referees, protest bodies or arbitration bodies
where this is necessary for the clarification of a rule violation or for the conduct of a protest or
disciplinary procedure.
Where cheating or manipulation can be sufficiently substantiated or proven,
relevant data may also be disclosed to the respective game developer, publisher, platform operator,
league operator, tournament organiser or other competent body for the purpose of reporting, enforcement
and further investigation.
In documented individual cases, limited identifying information and
contextual details regarding suspicious competitive behaviour may be shared with selected responsible
persons of other esports organisations solely for the purpose of cheat prevention and independent
review. No MOSS files are shared in this context, and any such communication does not constitute a final
determination or sanction.
Retention period:
MOSS files are stored only
temporarily for the purpose of review. If a submitted file is found to be unremarkable, it is deleted
immediately after review; in such cases, only the fact that the review was carried out and its result
may be documented internally. If indications of possible cheating or manipulation exist, the relevant
files may be retained temporarily for comparison with further submissions, additional internal review
and decision-making. If the suspicion is not confirmed and the player is accepted, the files are
deleted. If cheating or manipulation can be sufficiently substantiated or proven, relevant files may be
retained for as long as necessary for internal measures, possible reporting to the respective game
developer, publisher, platform operator or league administration, and the establishment, exercise or
defence of legal or disciplinary claims. They are then deleted once no longer required for these
purposes.
Requirement to provide the data:
Where MOSS is mandatory for
participation, the provision and submission of the relevant MOSS files is a contractual or rule-based
requirement for taking part in the respective tryout, scrim, team activity, league or tournament. If the
required MOSS files are not provided, participation may be refused or terminated, and inclusion in or
continuation on a team may be denied.
No commercial use:
MOSS data is not
used for advertising purposes and is not commercially exploited.
16. Legal basis for processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, such as processing operations necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our organisation is subject to a legal obligation requiring the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our premises and their name, age, health insurance data or other vital information would have to be passed on to a doctor, a hospital or other third parties. In that case, the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations may be based on Article 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary for the purposes of the legitimate interests pursued by our organisation or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, sentence 2 GDPR).
17. Legitimate interests pursued by the controller or a third party
Where processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our activities for the benefit and well-being of all our members and stakeholders.
18. Period for which personal data is stored
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted unless it is still required for contract performance or contract initiation.
19. Statutory or contractual requirements to provide personal data; necessity for concluding a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide such data
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information about the contracting party). In some cases, it may be necessary for the conclusion of a contract that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our association concludes a contract with him or her. Failure to provide the personal data would result in the contract with the data subject not being concluded. Before providing personal data, the data subject must contact a member of our management team. Our management team member will clarify in each individual case whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of failure to provide the personal data would be.
20. Existence of automated decision-making
As a responsible association, we refrain from automated decision-making or profiling.
This Privacy Policy was generated using the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as External Data Protection Officer for Leipzig, in cooperation with data protection attorney Christian Solmecke.