Data protection

1. General information

1.1 What is personal data?

Personal data is information that reveals or could reveal the identity of the user. We adhere to the principle of data avoidance. We refrain from collecting personal data as far as possible.

1.2 Handling of personal data

Personal data is used exclusively for the establishment, content, execution, or processing of the contractual relationship (Art. 6 para. 1 sentence 1 lit. b GDPR).

Furthermore, personal data will only be processed if we have obtained your consent (Art. 6 (1) (a) GDPR) or if the processing of such data is necessary for our legitimate interests and if, after weighing up the interests involved, there are no overriding interests or fundamental rights or freedoms on your part that preclude such processing (Art. 6 (1) (f) GDPR). fundamental rights or freedoms on your part (Art. 6 (1) (f) GDPR).

We may use processors to process your personal data, but we will not disclose your personal data to third parties beyond this.

The data will only be passed on to the shipping company responsible for delivery to the extent necessary for the delivery of the goods ordered. For the purpose of processing payments, the necessary payment data will be passed on to the credit institution responsible for the payment and, if applicable, to the commissioned and selected payment service provider.

Your personal data will be processed exclusively within the EU, unless otherwise specified below.

1.3 Usage data

When you visit the website, general technical information is collected. This includes the IP address used, the time, the duration of the visit, the browser type, and, if applicable, the referring website. For technical reasons, this usage data is recorded in a log file and may be used and stored for the purpose of statistical analysis of this website. This usage data is not linked to your other personal data.

1.4 Registration data

Registration is required to make full use of the functions of our website. The registration data is collected through your corresponding entries and used for the specific purpose stated in accordance with your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

1.5 Duration of storage

Once the purpose for which the data was collected has been fulfilled, we will only store your personal data for as long as is required by law (in particular tax law).

1.6 Age restriction / Minors

Our offer is aimed exclusively at adults (aged 18 and over). We do not knowingly process personal data of children within the meaning of Art. 8 GDPR. The processing of personal data may only be carried out with the verifiable consent of the parents/legal guardians in accordance with Art. 8 GDPR; without this proof, registration is not possible.

2. Your rights

2.1 Information

You may request information from us as to whether we process your personal data and, if so, you have the right to obtain information about this personal data and the further information specified in Art. 15 GDPR.

2.2 Right to rectification

You have the right to have inaccurate personal data concerning you corrected and, in accordance with Article 16 of the GDPR, you may request that incomplete personal data be completed.

2.3 Right to erasure

You have the right to request that we delete your personal data immediately. We are obliged to delete it immediately, especially if one of the following reasons applies:

• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
• You revoke your consent on which the processing of your data was based, and there is no other legal basis for the processing.
• Your data has been processed unlawfully.

The right to erasure does not apply if your personal data is required for the assertion, exercise, or defense of our legal claims.

2.4 Right to restriction of processing

You have the right to request that we restrict the processing of your personal data if

• You dispute the accuracy of the data and we therefore verify its accuracy,
• the processing is unlawful and you oppose the erasure and request the restriction of use instead,
• we no longer need the data, but you need it to assert, exercise, or defend legal claims,
• You have objected to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.

2.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by us using automated procedures.

2.6 Right of withdrawal

If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.

2.7 General information and right of appeal

The exercise of your above rights is generally free of charge for you. You have the right to contact the supervisory authority responsible for us, the state data protection officer, directly with any complaints.

3. Data security

3.1 Data security

All data on our website is secured against loss, destruction, access, modification, and distribution by technical and organizational measures.

3.2 Sessions and cookies

We use cookies and server-side sessions in which data can be stored to operate our website. We ensure that no personal data from sessions or cookies is transferred without your express consent and that cookies are only used if this is technically necessary for the website and if, after weighing up the interests involved, it is determined that there are no overriding interests on your part that would prevent this (Art. 6 (1) (1) (f) GDPR) or you have given your express consent (Art. 6 (1) (1) (a) GDPR; e.g. for statistics/marketing).

Site-specific cookies
Domain – Name – Duration

• .grind-games.en – tk_lr – 1 month
• .grind-games.en – woocommerce_cart_hash – Session
• .grind-games.en – woocommerce_items_in_cart – Session
• .grind-games.en – wp_woocommerce_session_* – 2 days
• .grind-games.en – wordpress_logged_in_* – Session

Third-party cookies
Depending on the integrated service, these are only set after consent has been given (e.g., Google/YouTube, Vimeo, Instagram). For details, see section 5.

Note: The specific cookie names may change for technical reasons; the purposes (essential shop/login functions vs. statistics/marketing) remain the same. The scope and duration may vary depending on usage.

3.3 Access Data & Authentication

When you create a customer account or log in, we process your access data for the purpose of fulfilling the contract (Art. 6 (1) (b) GDPR) and to ensure the security of our service (Art. 6 (1) (f) GDPR).

• Passwords (email/password login): Passwords are never stored in plain text, but exclusively as cryptographic hashes (e.g., Argon2id or bcrypt) with individual salt; optionally, an additional "pepper" is used on the server side.
• Transport & storage: All transfers are TLS-encrypted. Access data and auth tokens are only stored in systems within the EU; backups are encrypted.
• Password reset: Reset links can only be used once and are time-limited (e.g., 60 minutes).
• Sessions & cookies: We use technically necessary session cookies for the login process; these do not contain any passwords. (For details, see the cookie overview.)
• Access controls: Access to login data is strictly restricted based on roles; security-related access is logged.
• Deletion: When an account is deleted, the associated access data, including tokens, is immediately deleted or rendered unusable; encrypted backups are overwritten as part of the regular deletion cycle after 30 days at the latest.

3.4 Social logins (Google, Facebook, Amazon)

If you log in via a third-party provider, we do not receive any information about your password there. We only process the data required for login (e.g., a provider ID, name and email address if applicable, and an OAuth token). Tokens are stored in encrypted form, renewed regularly, and immediately invalidated upon revocation or account deletion. The legal basis is Art. 6 (1) (b) GDPR (implementation of pre-contractual/contractual measures) and Art. 6 (1) (f) GDPR (IT security). You can revoke the link at any time in your customer account or directly with the respective provider.

4. Presence on social media platforms

We use the following social media platforms for corporate presentation and communication (express reference is made to the privacy policies and opt-out options linked below).

• Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
  Privacy policy and opt-out: http://instagram.com/about/legal/privacy/
• YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
  Privacy policy: http://www.youtube.com/t/privacy/

These social media platforms may process personal data outside the EU; in this regard, we refer to the above privacy policies of the social media platforms. The respective platforms may create usage profiles based on your usage behavior and store cookies on your device. If you have an account there and are logged in, your usage behavior may even be stored independently of your device. Your usage profile may be used, for example, to place advertisements that are presumed to correspond to your interests.

We process personal data exclusively for the purpose of communicating with you via your chosen social media platform and for optimizing our online presence, and we ensure that none of your interests are affected in a way that outweighs our legitimate interest (Art. 6 (1) (f) GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data will also be based on this consent (Art. 6 (1) (a) GDPR).

5. Third-party services

5.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies that enable an analysis of the use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server outside the EU (including the USA) and stored there.

IP anonymization (IP masking) is enabled; your IP address will be truncated within the EU/EEA. Only in exceptional cases will the full IP address be transmitted to a Google server and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Usage profiles will not be merged with personal data without separate consent. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

You can prevent cookies from being stored by adjusting your browser software settings accordingly; however, this may mean that not all functions of this website will be fully usable. In addition, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on data protection at Google can be found at http://www.google.de/intl/de/policies/privacy/ and on Analytics at http://www.google.com/analytics/terms/de.html and http://www.google.com/intl/de/analytics/privacyoverview.html.

5.2 Social media links and social sharing

We have our own social media pages with third-party providers that can be accessed via links from this website. By using the links, you will be taken to the respective websites of the third-party providers (e.g., Facebook, Instagram, X/Twitter, YouTube) and can also share our content. No data is transferred to the third-party providers when you visit our website. To avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link.

5.3 Logging in with a Facebook account

You can log in using your existing Facebook account. To do so, click on the "Log in with Facebook" button. This will redirect you to www.facebook.com (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). Enter your Facebook account details there and click on "Log in." The use of Facebook services is subject to Facebook's privacy policy and terms of use.

5.4 Logging in with a Google account

You can also log in using your existing Google account. To do so, click on the "Log in with Google" button. This will redirect you to www.accounts.google.com (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Enter your Google account details there and click on "Sign in." Google's privacy policy and terms of use apply to the use of Google services.

5.5 Google Web Fonts

We use web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to display a uniform font on our website. These are automatically stored in your browser cache when you visit one of our pages to enable the desired display. If your browser does not support the web fonts used, a standard font from your computer may be used. No user interests that outweigh this technical necessity are affected here (Art. 6 (1) (f) GDPR). You can view Google's privacy policy here: https://www.google.com/policies/privacy/ Further information on Google web fonts can be found at https://developers.google.com/fonts/faq

5.6 Use of YouTube

This website and the integrated offers contain so-called embeddings of videos on YouTube. These enable the connection to YouTube and the videos stored there. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. There are no user interests that outweigh this technical necessity of embedding the videos (Art. 6 (1) (f) GDPR). For the purpose and scope of data collection and data use by Google, as well as your rights and settings options for protection as a YouTube customer, please refer to YouTube's privacy policy: http://www.youtube.com/t/privacy/

6. Contacting us

If you have any questions regarding data protection, please feel free to contact us using the contact details below. Responsible party within the meaning of the GDPR:

StellarSales Ecommerce Limited

Unit D3, 11/F Luk Hop

Ind Bldg No 8 Luk

Hop St San Po Kong

Hong Kong

E-mail support@grind-games.de

Phone: +49 157 54614385