Back to home page

Privacy Policy

Legal notice (German version prevails):
This Privacy Policy is governed by German law and the applicable EU data protection regulations as implemented and applied in Germany. The following English version is provided for convenience only and is a non-binding translation of the German Privacy Policy. In the event of discrepancies, inconsistencies, or translation errors, the German version shall prevail. References to sections, articles, and legal provisions in this document refer to the German-language version and the relevant legal framework applicable in Germany.

We are delighted about your interest in our association. Data protection is of particular importance to the Executive Board of Unknown Forces eSports e. V. The use of the websites of Unknown Forces eSports e. V. is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our association via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to Unknown Forces eSports e. V. By means of this Privacy Policy, our association would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about their rights by means of this Privacy Policy.
Unknown Forces eSports e. V., as the controller responsible for processing, has implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.

1. Definitions

The Privacy Policy of Unknown Forces eSports e.V. is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the public as well as for our guests and members. To ensure this, we would like to explain the terminology used in advance.
In this Privacy Policy, we use, among other things, the following terms:

1 a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a membership number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1 b) Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

1 c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1 d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

1 e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

1 f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1 g) Controller or controller responsible for processing

Controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States.

1 h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1 i) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union law or the law of the Member States shall not be regarded as recipients.

1 j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1 k) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Unknown Forces eSports e. V.
P.O. Box 86
58286 Wetter
Germany

Email: info@unknown-forces.com
Website: https://unknown-forces.com/

3. Cookies and consent management

Our website uses cookies and similar technologies. Cookies are small text files or comparable information that are stored on or accessed from your device via your browser. Some of these technologies are technically necessary to provide the website, ensure its security and enable basic functions. Other cookies ortechnologies may be used for analytics, statistics, performance measurement or the integration of external content and services.

The use of technically necessary cookies and similar technologies is based on § 25(2) TDDDG and, where personal data is processed, on Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and user-friendly provision of our website.

The use of optional cookies and similar technologies, in particular for analytics or other non-essential purposes, only takes place if and to the extent that you have given your prior consent via our consent banner. The legal basis for this is § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You may grant, refuse or withdraw your consent at any time with effect for the future via our consent settings.

Further information on the individual services used, the purposes of processing, the categories of data concerned, possible recipients and retention periods can be found in the relevant sections of this Privacy Policy. You can also configure your browser to block or delete cookies. Please note, however, that in this case some functions of the website may no longer be available or may only be available to a limited extent.

3 a) Cookie Settings

You can change or withdraw your consent at any time.

Open cookie settings

3 b) Consent Management with CCM19

We use the consent management tool CCM19 to obtain, manage, and document consent for the use of optional cookies and similar technologies, and to enable users to withdraw their consent. In doing so, we may process, in particular, the consent status, the date and time of the decision, browser and device information, and technical connection data. This processing is carried out to obtain verifiable consent where required by law and to ensure that our website is provided in compliance with data protection regulations. The legal basis is Article 6(1)(c) of the GDPR, to the extent that documentation is required by law, as well as Article 6(1)(f) of the GDPR for the technically reliable management of consent. To the extent that the use of CCM19 involves accessing information on the user’s device or storing information there, such activities are governed by Section 25 of the TDDDG. Further information regarding the duration of storage and the specific technologies used can be found in the Cookie Policy or the cookie settings.

Please enable JavaScript to see the list of all declared cookies and similar technologies.

4. Erfassung von allgemeinen Daten und Informationen

When this website is accessed, technical information is automatically processed by our hosting provider STRATO GmbH in server log files in order to ensure the security, stability and proper provision of the website and to detect and resolve technical errors. This may include in particular the IP address, date and time of access, requested page or file, referrer URL, browser type and browser version, operating system and HTTP status code.
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and technically reliable provision of our website and in the defence against misuse and attacks.
Server log data is stored only for as long as necessary for these purposes and is then deleted unless further retention is required for security-related investigation or legal defence purposes. The specific retention period depends on the technical settings of the hosting environment.

Subject to your prior consent, we also use Google Analytics to analyse the use of our website, improve our content and optimise language and website performance. Google Analytics is only loaded after you have actively consented to its use.
The legal basis for the use of Google Analytics is Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Consent may be withdrawn at any time with effect for the future.
In this context, usage data, device and browser information, online identifiers, page views, interaction data and approximate location data may be processed. Recipients may include Google Ireland Limited and Google LLC. Data may also be transferred to third countries. Such transfers take place on the basis of the applicable legal safeguards. Further information on retention within Google Analytics depends on the settings configured in the respective Google Analytics property.

4 a) Google Fonts

The fonts used on this website are hosted locally on our own server. Therefore, when you visit this website, no connection is established with Google Fonts servers solely for the purpose of loading the fonts.

4 b) Google Sheets API

For the provision and updating of certain team, association or organisational information on this website, we access content from Google Sheets server-side via the Google Sheets API. In this context, our server processes the technical data required for the retrieval as well as the content stored in the spreadsheets. Based on our current implementation, merely visiting the website does not establish a direct connection between the user's browser and the Google Sheets API; the retrieval is performed server-side by us.
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient, up-to-date and consistent provision of information on our website. To the extent that personal data is processed within the scope of the API use, processing by Google may take place. Data may also be transferred to third countries.

4 c) Twitch API

To display live status information or comparable channel-related information, we use the Twitch API, in particular the Twitch Helix API. The retrieval is performed server-side by our website or our server. In this context, Twitch processes the technical data required for the API request as well as, where applicable, API credentials and request-related metadata. Based on our current implementation, merely visiting the website does not establish a direct connection between the user's browser and Twitch solely because of this status query.
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the up-to-date and technically efficient presentation of our streaming status and our online presence. To the extent that personal data is processed within the use of the Twitch API, this is carried out under Twitch's responsibility. Data may also be transferred to third countries, in particular the United States.

4 d) Discord Widget

On certain pages of our website, in particular in the community area, an official Discord widget may be embedded via iframe. When such a page is accessed, your browser establishes a direct connection to Discord servers in order to load the widget. In this context, technical data, in particular your IP address, browser information, device information, referrer data and the date and time of access, may be transmitted to Discord and processed there. If you are logged in to Discord at the same time, Discord may be able to associate the page access with your user account.
The legal basis for the integration of the Discord widget is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. You may withdraw any consent you have given at any time with effect for the future.

4 e) Font Awesome

This website uses icons from the Font Awesome library. The files are provided locally on our own server. When the relevant pages are accessed, no connection to external Font Awesome or Cloudflare content delivery networks is established solely for loading these icons.

7. Contact option via the website

Our website includes information on how to contact us electronically, as well as a contact form. If you contact us by email or through the contact form, we will process the data you provide—specifically your name, email address, category, subject, and message—to handle your inquiry and for any follow-up communication.
To prevent misuse and ensure the technical security of the contact form, we also process technical connection data, specifically the IP address or proxy-related IP information, as part of rate limiting. Messages are sent via our SMTP infrastructure. Depending on the selected category, the inquiry may be forwarded internally to various relevant contact points.
The legal basis is Article 6(1)(b) of the GDPR, insofar as the inquiry relates to the initiation or performance of a contract or membership, and otherwise Article 6(1)(f) of the GDPR. Our legitimate interest lies in the efficient processing of inquiries, system security, and the prevention of misuse.
Contact inquiries are generally stored for up to 24 months after the completion of the respective process, unless longer retention is required.

7 a) External forms via Jotform

Our website may provide links to external forms of the Jotform service, for example for membership applications, applications or other enquiries. Merely visiting our website does not initially transmit any form data to Jotform through such links. Only if you actively click such a link will you leave our website and access a page provided by Jotform. In this context, Jotform may process technical data such as your IP address, browser and device information as well as referrer data. In addition, Jotform processes the data you enter into the respective form under its own data protection responsibility or within the framework of the respective contractual integration.
Insofar as the processing of the entered data serves the initiation or performance of a membership, application or other contractual relationship, the legal basis is Art. 6(1)(b) GDPR. Otherwise, the use of voluntarily provided information is based on Art. 6(1)(a) GDPR. Please also note Jotform's privacy information.

7 b) Withdrawal form

Our website provides a dedicated withdrawal form allowing consumers to exercise their statutory right of withdrawal. When you submit this form, we process your name, email address, order or contract reference, the scope of withdrawal, and any optional message you provide. This processing is strictly necessary to legally process your withdrawal request and handle the reversal of the contract.
To prevent misuse, protect our infrastructure against spam (rate limiting), and to fulfill our legal burden of proof regarding the timely receipt of your withdrawal declaration, your request including a precise timestamp and your IP address is logged in a server-side audit file.
The legal basis for processing the contract data is Art. 6(1)(b) and (c) GDPR. The legal basis for the security logging and proof of receipt is our legitimate interest pursuant to Art. 6(1)(f) GDPR. Data from the withdrawal process is stored in accordance with statutory commercial and tax law retention periods, typically up to ten years.

8. Routine erasure and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or insofar as this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with the legal provisions.

9. Rights of the data subject

9 a) Right to confirmation

Each data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.

9 b) Right of access

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller, free of charge, information about the personal data stored about him or her at any time and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

Furthermore, the data subject has a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of access, he or she may contact an employee of the controller at any time.

9 c) Right to rectification

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may contact an employee of the controller at any time.

9 d) Right to erasure (right to be forgotten)

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller the erasure without undue delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:

If one of the aforementioned grounds applies and a data subject wishes to request the erasure of personal data stored by Unknown Forces eSports e. V., he or she may contact a member of the management team of the controller at any time. The member of the management team of Unknown Forces eSports e. V. will ensure that the erasure request is complied with without undue delay.
If the personal data have been made public by Unknown Forces eSports e. V. and our association, as the controller, is obliged pursuant to Article 17(1) GDPR to erase the personal data, then Unknown Forces eSports e. V., taking into account available technology and the cost of implementation, shall take reasonable measures, including technical measures, to inform other controllers processing the published personal data that the data subject has requested erasure by such controllers of any links to, or copies or replications of, those personal data, insofar as processing is not required. The member of the management team of Unknown Forces eSports e. V. will arrange the necessary measures in individual cases.

9 e) Right to restriction of processing

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

If one of the aforementioned conditions applies and a data subject wishes to request the restriction of personal data stored by Unknown Forces eSports e. V., he or she may contact a member of the management team of the controller at any time. The member of the management team of Unknown Forces eSports e. V. will arrange the restriction of processing.

9 f) Right to data portability

Each data subject affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning him or her, which was provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising the right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and where doing so does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject may contact a member of the management team of Unknown Forces eSports e. V. at any time.

9 g) Right to object

Each data subject affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
Unknown Forces eSports e. V. will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
If Unknown Forces eSports e. V. processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to Unknown Forces eSports e. V. to the processing for direct marketing purposes, Unknown Forces eSports e. V. will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by Unknown Forces eSports e. V. for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may contact any member of the management team of Unknown Forces eSports e. V. or another member of the management team directly. The data subject is also free to exercise his or her right to object, in connection with the use of information society services, by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

9 h) Automated individual decision-making, including profiling

Each data subject affected by the processing of personal data has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is based on the data subject's explicit consent, Unknown Forces eSports e. V. shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights concerning automated decisions, he or she may contact a member of the management team of the controller at any time.

9 i) Right to withdraw a data protection consent

Each data subject affected by the processing of personal data has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may contact a member of the management team of the controller at any time.

10. Data protection for applications and in the application process

10 a) Processing of applicant data for analysis purposes

The controller collects and processes applicants' personal data not only to manage the application process, but also for internal analysis of membership development. This analysis serves to optimise association structures, improve recruitment processes and evaluate success rates during the tryout phase. In particular, data relating to applicants' strengths, weaknesses, online times, prior experience, positions and ranking placements, as well as other relevant information in connection with the application, such as age or nationality, are recorded. These are used for detailed analysis and improvement of the recruitment process.
In addition, anonymised applicant data is used in aggregated form to create statistics on reach, age distribution, success rates and similar key figures. These statistics may be used in sponsorship and partner negotiations to document the growth and attractiveness of the association. No personal data is passed on to third parties; only aggregated, anonymised statistics are used.
Processing is carried out pursuant to Article 6(1)(f) GDPR on the basis of the association's legitimate interest in optimising internal processes and ensuring the financial and organisational development of the association. Applicants have the right to object to the processing of their data for these purposes. However, we would like to point out that an objection to the processing of the data may mean that admission to our teams is not possible, as this data is necessary for participation in the selection process and for organising the team.

10 b) Electronic processing and retention of application documents

Processing may also be carried out by electronic means. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by email or via a web form on the website.
For volunteers and applicants who sign a confidentiality agreement (NDA), additional specific data such as an image of a valid photo ID is collected in order to verify the applicant's identity and ensure the correct execution of the NDA. This data is required to ensure trust-based cooperation and compliance with the confidentiality agreement.
The transmitted data is stored in compliance with statutory provisions insofar as it is necessary for the performance of the voluntary activity and the confidentiality agreement. If the applicant is not selected for a voluntary activity, the application documents will be deleted automatically no later than two months after notification of the rejection decision, unless other legitimate interests of the controller oppose erasure. A legitimate interest may be, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG) or compliance with the confidentiality agreement.

11. Data protection provisions regarding links to Instagram

Our website may contain links to our presence on Instagram. At present, no Instagram components, plugins, buttons or embedded feeds are integrated on our website. Therefore, merely accessing our website does not automatically transmit any data to Instagram. Only if you actively click an Instagram link will you leave our website and access Instagram's service. From that point onwards, personal data is processed by Instagram under its own data protection responsibility. In particular, your IP address, browser and device information, referrer data and further account-related data may be processed if you are logged in to Instagram.
The legal basis for providing the link is Art. 6(1)(f) GDPR. Our legitimate interest lies in the public presentation of our association and communication via social networks.

13. Data protection provisions regarding links to X

Our website may contain links to our presence on X. At present, no X components, share buttons, widgets or embedded feeds are integrated on our website. Therefore, merely accessing our website does not automatically transmit any data to X. Only if you actively click such a link will you leave our website and access X's service. From that point onwards, personal data is processed by X under its own data protection responsibility. In particular, your IP address, browser and device information, referrer data and further account-related data may be processed if you are logged in to X.
The legal basis for providing the link is Art. 6(1)(f) GDPR. Our legitimate interest lies in the public presentation of our association and communication via social networks.

14. Payment processing, shop orders, donations and membership-related payments

For purchases in our shop, payment processing is carried out via external payment service providers and the checkout infrastructure used on our website, in particular Snipcart, PayPal and Stripe. Depending on the selected payment method and transaction type, personal data such as name, billing and shipping address, email address, order details, transaction amount, payment status, order number and technical transaction-related metadata may be processed.
The processing is carried out for the purpose of handling orders, processing payments, preventing fraud, documenting transactions and fulfilling legal accounting and tax obligations.
The legal basis is Art. 6(1)(b) GDPR insofar as the processing is necessary for the performance of a contract or the implementation of requested pre-contractual measures, Art. 6(1)(c) GDPR insofar as retention and accounting obligations apply, and Art. 6(1)(f) GDPR for fraud prevention, IT security and internal transaction management.

For donations made via our website, payment may also be processed via PayPal and Stripe. In this context, we process the data necessary to handle the donation, document the transaction and, where applicable, issue donation receipts or other accounting documentation. The legal basis is Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR and, where applicable, Art. 6(1)(f) GDPR.

Membership-related payments may be processed via bank transfer and, where introduced, via direct debit or other payment procedures. In this context, we process the data necessary for payment allocation, membership administration, accounting and, where applicable, debt collection or reminder procedures. The legal basis is Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR and, where applicable, Art. 6(1)(f) GDPR.

In addition, supporters may provide financial support via third-party platforms such as StreamElements, Twitch or Discord. These services are operated under the responsibility of the respective platform provider. Where payouts or transaction details are made visible to us via our payment accounts or accounting systems, we process the corresponding data solely for payment allocation, accounting, fraud prevention and, where applicable, donor or supporter communication.

Personal data relating to payments, donations, invoices and accounting processes is stored for as long as necessary for the respective transaction and thereafter in accordance with the applicable statutory retention obligations. Depending on the document type, retention periods may in particular amount to six, eight or ten years under commercial and tax law. Data may be retained for longer where this is necessary for the assertion, exercise or defence of legal claims.

Recipients of the data may include the payment service providers used, checkout and e-commerce service providers, banks, tax advisers, accounting software providers and public authorities where required by law. Depending on the provider used, data may also be transferred to third countries. Where this occurs, the transfer takes place on the basis of the applicable legal safeguards.

15. Discord warning system

A warning system is used on our Discord server to enforce our server rules and to protect the integrity, safety and order of the community. Depending on the type and severity of a violation, the following data may be processed and stored: the reason for the warning, the time of the warning, the Discord user ID of the affected user, an evidence image (screenshot) of the violation and, in ban-related cases, additional game- or platform-related identifiers where necessary for documentation and enforcement.
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in enforcing our community rules, documenting violations, protecting our members and defending the association against misuse and disputes.
Access to this data is limited to authorised persons within management, moderation and administration who require access for the enforcement of rules and sanction procedures. The data is stored for as long as necessary for the enforcement, review, documentation or possible withdrawal of the respective measure. Ban-related information may be retained for as long as the sanction remains relevant or for as long as retention is required for legal defence or documentation purposes.

16. Publication of players in the text channel and on the website

To present our teams and for the public presence of the association, we regularly publish information about players in text channels on Discord as well as on our website. The following information may be published: name/first name (as provided by the player), Discord display name and/or in-game name, role/position, age, nationality, as well as leagues and achievements. We only publish an image if the player actively provides it to us and expressly consents to publication.
Publication on Discord takes place either by mentioning (e.g. @username) or by naming the Discord display name (possibly only in parts), and on the website by displaying it accordingly in the team profile. The legal basis is your consent, which you can revoke at any time with effect for the future.

16 a) Use of MOSS (Monitoring-System) for fair-play and cheat prevention

In order to ensure fair competitive conditions and to protect the integrity of our competitive operations, Unknown Forces eSports e. V. may require the use of the anti-cheat and monitoring tool MOSS for participation in certain PC-related tryouts, scrims, training sessions, leagues, tournaments or other competitive activities. Where the use of MOSS is mandatory under our internal rules or for the respective competition, participation is only possible if MOSS is used properly and the generated MOSS files are submitted to us.
MOSS is used exclusively for the detection, investigation and prevention of cheating, manipulation, unauthorised third-party software and other rule violations. The generated MOSS files are reviewed only by a specifically authorised and restricted internal team on a strict need-to-know basis.

Categories of personal data processed:
Depending on the technical functionality of MOSS and the specific session, the following data may be collected and stored in a MOSS file: automatically generated random screenshots; in-game screenshots triggered by pressing the "Print Screen" key; device- or hardware-related identification data; game-relevant key files; game executable signature/hash data and session start/stop timestamps; indicators of code injections; processor-speed comparisons; active process information including process name, file path, Authenticode signature and SHA2 hash; information related to the detection and logging of macro use (including key patterns, timing, deviations and frequency of use), no-recoil macros, auto-aim actions and mouse-macro settings; as well as detected antivirus software and its status.

The collected data is typically stored by MOSS in a SHA2-secured ZIP archive. This archive serves as a fair-play verification file and may be required as evidence in the event of a review, protest, disciplinary matter or other dispute relating to compliance with the applicable rules.

Purposes of processing:
The processing is carried out for the following purposes: ensuring fair competitive conditions; protecting the integrity of our competitive and team operations; verifying compliance with internal rules and external competition rules; investigating and clarifying suspected rule violations; preserving evidence in dispute, protest or disciplinary cases; and, where cheating or manipulation can be sufficiently substantiated or proven, taking internal disciplinary measures and, where necessary, reporting the incident to the respective game developer, publisher, platform operator, league operator, tournament organiser or other competent body and transmitting the relevant MOSS file or relevant extracts thereof for the purpose of review, enforcement and further investigation.

Legal basis:
The processing is based on Article 6(1)(b) GDPR insofar as the processing is necessary for participation in tryouts, scrims, leagues, tournaments or other competitive activities governed by our rules or the rules of the respective competition.
In addition, the processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in preserving fair play, protecting the integrity of competitive play, preventing cheating and manipulation, ensuring equal treatment of all participants, safeguarding our teams and members, and securing evidence for the establishment, exercise or defence of legal or disciplinary claims.

Recipients / categories of recipients:
Access to MOSS files is granted only to a specifically authorised and restricted internal anti-cheat team and, where necessary, to authorised directors or members of the executive board on a strict need-to-know basis.
Data may also be disclosed to league or tournament administrators, referees, protest bodies or arbitration bodies where this is necessary for the clarification of a rule violation or for the conduct of a protest or disciplinary procedure.
Where cheating or manipulation can be sufficiently substantiated or proven, relevant data may also be disclosed to the respective game developer, publisher, platform operator, league operator, tournament organiser or other competent body for the purpose of reporting, enforcement and further investigation.
In documented individual cases, limited identifying information and contextual details regarding suspicious competitive behaviour may be shared with selected responsible persons of other esports organisations solely for the purpose of cheat prevention and independent review. No MOSS files are shared in this context, and any such communication does not constitute a final determination or sanction.

Retention period:
MOSS files are stored only temporarily for the purpose of review. If a submitted file is found to be unremarkable, it is deleted immediately after review; in such cases, only the fact that the review was carried out and its result may be documented internally. If indications of possible cheating or manipulation exist, the relevant files may be retained temporarily for comparison with further submissions, additional internal review and decision-making. If the suspicion is not confirmed and the player is accepted, the files are deleted. If cheating or manipulation can be sufficiently substantiated or proven, relevant files may be retained for as long as necessary for internal measures, possible reporting to the respective game developer, publisher, platform operator or league administration, and the establishment, exercise or defence of legal or disciplinary claims. They are then deleted once no longer required for these purposes.

Requirement to provide the data:
Where MOSS is mandatory for participation, the provision and submission of the relevant MOSS files is a contractual or rule-based requirement for taking part in the respective tryout, scrim, team activity, league or tournament. If the required MOSS files are not provided, participation may be refused or terminated, and inclusion in or continuation on a team may be denied.

No commercial use:
MOSS data is not used for advertising purposes and is not commercially exploited.

17. Legal basis for processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, such as processing operations necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our organisation is subject to a legal obligation requiring the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our premises and their name, age, health insurance data or other vital information would have to be passed on to a doctor, a hospital or other third parties. In that case, the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations may be based on Article 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary for the purposes of the legitimate interests pursued by our organisation or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, sentence 2 GDPR).

18. Legitimate interests pursued by the controller or a third party

Where processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our activities for the benefit and well-being of all our members and stakeholders.

19. Period for which personal data is stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted unless it is still required for contract performance or contract initiation.

20. Statutory or contractual requirements to provide personal data; necessity for concluding a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide such data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information about the contracting party). In some cases, it may be necessary for the conclusion of a contract that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our association concludes a contract with him or her. Failure to provide the personal data would result in the contract with the data subject not being concluded. Before providing personal data, the data subject must contact a member of our management team. Our management team member will clarify in each individual case whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of failure to provide the personal data would be.

21. Existence of automated decision-making

As a responsible association, we refrain from automated decision-making or profiling.

This Privacy Policy was generated using the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as External Data Protection Officer for Leipzig, in cooperation with data protection attorney Christian Solmecke.