ME/CFS Awareness

Privacy Policy

Data Protection at a Glance

General Information

The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on data protection can be found in our full Privacy Policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the Controller" in this privacy policy.

How do we collect your data?

  • Data provided by you: Your data is collected, on the one hand, by you providing it to us. This may include, for example, data you transmit when registering via Twitch.
  • Automatic collection: Other data is collected automatically or with your consent when you visit the website by our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data is used for:

  • Authentication via Twitch OAuth.
  • Providing game-related features.
  • Managing your account and game characters.
  • Communication in security-relevant processes (e.g., account deletion).
  • Processing bot commands in authorized Twitch channels.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

For this and other questions on the subject of data protection, you can contact us at any time.

Hosting

IONOS VPS

Our website is operated on servers of IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). IONOS provides us with virtual private servers (VPS) for this purpose within the framework of a commissioned data processing agreement in accordance with Art. 28 GDPR.

Processed Data: The personal data collected on this website is processed on these servers. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, website access, and other data generated via the website.

Legal Basis:

  • The hosting serves the purpose of fulfilling the contract with our potential and existing users (Art. 6 para. 1 lit. b GDPR).
  • In the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

We have concluded a Data Processing Agreement (DPA) with IONOS SE. This ensures that IONOS processes the personal data of visitors to this website only according to our instructions and in compliance with the GDPR. The server location is in a data center within Germany. No data transfer to third countries takes place.

General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

Security Notice: We point out that data transmission on the Internet (e.g., communication by e-mail) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the Controller

The controller for data processing on this website is:

Patrik Witzke
Otto-Nuschke-Str. 8
19370 Parchim, Germany
Email: loabeta@insanestudios.de

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on this Website

If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data according to Art. 9 para. 1 GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), data processing is additionally based on Section 25 para. 1 TDDDG (German Telecommunications and Telemedia Data Protection Act). Consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary for the fulfillment of a legal obligation based on Art. 6 para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The respective applicable legal basis in each individual case is informed in the following paragraphs of this privacy policy.

Recipients of Personal Data

Within the scope of our business activities, we work together with various external bodies. In some cases, the transmission of personal data to these external bodies is necessary. We only transmit personal data to external bodies if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transmission of data to tax authorities), if we have a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the transmission, or if another legal basis permits the data transfer. When using processors, we only pass on personal data of our customers on the basis of a valid Data Processing Agreement. In the case of joint processing, an agreement on joint processing is concluded.

The IONOS SE (Montabaur, Germany) acts as hosting service provider and technical processor. A corresponding Data Processing Agreement in accordance with Art. 28 GDPR has been concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

  • Based on Art. 6 para. 1 lit. e or f GDPR: YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
  • Direct Marketing: IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint exists irrespective of other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place insofar as it is technically feasible.

Information, Rectification, and Deletion

You have the right at any time within the framework of the applicable legal provisions to receive free information about your stored personal data, its origin and recipient, and the purpose of the data processing and, if necessary, a right to rectification or deletion of this data. For this and further questions on the subject of personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need them to assert, exercise, or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your and our interests. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Collection on this Website

Cookies

Our website uses so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device.

  • Session cookies: Are automatically deleted after the end of your visit.
  • Permanent cookies: Remain stored on your end device until you delete them yourself or an automatic deletion is carried out by your web browser.
  • First-party cookies: Come from us.
  • Third-party cookies: Come from third-party companies.

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Legal Basis for Cookies:

  • Necessary Cookies: Stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services.
  • Other Cookies (with consent): If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. The functionality of this website may be restricted if cookies are deactivated.

Cookie Overview

Necessary Cookies (always active):

Cookie Name: connect.sid
Content: Encrypted Session ID to identify your session
Storage Duration: 30 days
Purpose: Authentication and Session Management
Legal Basis: Art. 6 para. 1 lit. b GDPR (Fulfillment of contract)

This cookie does not contain personal data in plain text. It is technically necessary and cannot be deactivated without impairing the website's login function.

Marketing & Analytics Cookies:

Note: In this version (v0.1.0), we DO NOT use marketing or analytics cookies. No advertising services (Google Ads, AdMob, etc.) or tracking tools (Google Analytics, etc.) are used.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

Legal Basis:

  • If your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
  • In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested; consent can be revoked at any time.

Storage Duration: The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Inquiry by E-mail, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

Legal Basis:

  • If your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
  • In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested; consent can be revoked at any time.

Storage Duration: The data sent to us via contact inquiries will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

Twitch OAuth Login

This website uses the OAuth authentication of Twitch Interactive, Inc. ("Twitch") to enable you to log in.

Purpose of Data Processing

When you log in via Twitch, the following data is transmitted from Twitch to us and stored:

  • Your Twitch User ID (for unique identification).
  • Your Twitch Username.
  • Your Twitch Display Name.
  • Your Email Address (stored encrypted with AES-256-GCM).

This data is used exclusively for authentication, provision of our services, and contact (e.g., in case of account deletion).

Data Security

Your email address is stored encrypted in our database. Your Twitch password is never transmitted to or stored by us. Session management is carried out via encrypted, HTTP-only cookies. All connections are SSL/TLS encrypted (HTTPS).

Legal Basis

Processing is based on your consent (Art. 6 para. 1 lit. a GDPR), which you give by clicking the "Log in with Twitch" button. You can revoke this consent at any time by deleting your account (see below) or contacting us at loabeta@insanestudios.de.

Data Transfer

When logging in, you will be redirected to the Twitch servers. The data transfer between your browser and Twitch is encrypted. After successful authentication, Twitch transmits the above-mentioned data to our server.

Further information on data processing by Twitch can be found in Twitch's privacy policy: https://www.twitch.tv/p/de-de/legal/privacy-notice/

Storage Duration

The data transmitted by Twitch is stored as long as you use our service. You can delete your account at any time via the settings. After initiating the deletion, you will receive a confirmation email. After confirmation, all your data will be irrevocably deleted.

Twitch Bot Integration (VoiceOfArthengard)

For certain features, we use a Twitch bot named "VoiceOfArthengard". This bot is only active in selected Twitch channels whose owners have explicitly authorized us.

Functionality

The bot connects to the Twitch chat and processes commands entered by viewers in the chat. The bot reacts exclusively to predefined commands and does not store chat logs.

Processed Data

  • Twitch channel names of the authorized streamers.
  • Bot access tokens (stored encrypted with AES-256-GCM).
  • Commands entered in the chat (only for processing, no permanent storage).

No private messages or user IPs are processed.

Legal Basis

Processing is based on the consent of the channel owner (Art. 6 para. 1 lit. a GDPR). Streamers can disconnect the bot connection at any time via their account settings.

Data Deletion

If the bot connection is disconnected, all stored bot tokens are deleted within 24 hours.

Email Communication

We send emails exclusively in the following cases:

Account Deletion

Two-step process: If you request the deletion of your account, we will send you a confirmation email with a time-limited link (valid for 1 hour). Only after clicking this link will your account be permanently deleted.

Email content: Confirmation link for account deletion, note on the irrevocability of the deletion, expiration time of the link.

Future Features

In future versions, we may also send emails for the following purposes: Confirmation upon account creation, security-relevant notifications.

Technical Details

Legal Basis: Art. 6 para. 1 lit. b GDPR (Fulfillment of contract) for account deletion; Art. 6 para. 1 lit. a GDPR (Consent) for optional notifications.

Your email address will be used exclusively for the purposes mentioned above and will not be passed on to third parties.

Note on the Development Environment

This website is in active development (beta phase).

Development Logs

For troubleshooting, temporary additional technical logs may be collected, which may contain the following information: Timestamps of requests, HTTP status codes, error messages (without personal data).

These logs are viewed exclusively by the operator, are not passed on to third parties, are automatically deleted after a maximum of 30 days, and do not contain passwords, email addresses, or sensitive data.

Legal Basis: Art. 6 para. 1 lit. f GDPR (Legitimate interest in technical stability and security).