Privacy Policy

The protection of your data is of the utmost importance to us. Therefore, dealing with your information is strictly confidential and bound by European and German data protection legislations. Thus, we would like to tell you in this privacy policy how we handle the data we receive, and which security measures are taken on our part to protect your data.

1. General information

1.1 The usage of this site is usually possible without providing personal data. If personal data is compiled, such as names, addresses, or e-mail addresses, it always happens voluntarily and is used to fulfill our contractual agreements with the people concerned. This data will not be shared with third-party organizations without your explicit permission. However, some data might be compiled indirectly through different means. This collection of data happens through the usage of cookies, which are discussed subsequently. Please note that you will be informed accordingly.

1.2 The site's operator may change this privacy policy from time to time without an announcement to be in accordance with the European and German legislation and latest jurisdiction. Please check this privacy policy frequently to stay informed about our measures to protect your data and its usage.

2. Scope of this privacy policy

2.1 The European General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz (BDSG) and the Telemediengesetz (TMG) address the protection of personal data. This protection encompasses data that can be associated with your person (e.g., your name, telephone number, or e-mail address). These laws do not protect information that cannot be used to identify your identity (e.g., contents you share on this website).

3. Elicitation and usage of personal data

3.1 Upon arrival and further visit, we are saving the following data by default:

• your IP address
• the website you came from (referrer)
• the sites you have visited during your session
• the date and duration of your visit
• your browser
• your browsers settings
• your operating system

This data is solely used to ensure that our website is operating correctly and without malfunctions. Furthermore, it helps us to troubleshoot and to fight bots and provide a secure browsing experience while you stay. This data is deleted automatically after 60 days.

3.2 Aforementioned, this site uses cookies to determine the user's preferences and to ensure a more pleasant stay. This includes, for example, the avoidance of repetitively inputting your data.

3.3 Please note that we only save and store personal data (e.g., your name and e-mail address) if you submit this data yourself. This submission primarily happens through our contact form or registration service. These services require specific information to be used to their fullest functionality.

3.4 Mandatory information in line with Art. 13 GDPR:

In initial contact cases, we are obliged by Art. 12, 13 GDPR to provide you with the following information: If you contact us, we will only process your data

• if there is a justified interest in processing (Art. 6 para. 1 lit. f GDPR); and
• if you have consented to the processing of your data (Art. 6 para. 1 lit. a GDPR); and
• if the processing is necessary for the initiation, establishment, content, or modification of a legal relationship between you and us (Art. 6 para. 1 lit. b GDPR); or
• if another legal norm permits processing.

This data will remain on our servers until you request its deletion, revoke your consent of its storage, or the reason for its storage becomes obsolete (e.g., in cases of resolved matters). Mandatory legal provisions remain unaffected in these cases, especially in cases of safekeeping in regards to tax and commercial retention periods.

4. User account creation

The user can register an account to access additional features offered by this site. The data submitted by the user during the registration process is used only for this particular service for which the user has registered. Moreover, the data requested during registration is mandatory and must be provided in full. Otherwise, the registration will be rejected.

Furthermore, the data entered during registration is processed to establish a contractual agreement between the user and the site's operator and, if necessary, for initiating further contracts, based on Art. 6 para. 1 lit. b GDPR.

Note that we will store the data collected during registration for as long as the user is registered on this website. If the user chooses to delete their account or the site's operator has to terminate the user's account due to a contractual breach, the user's data will be deleted. Legal retention periods remain unaffected.

For significant changes or additions made to this online offer that exceeds the registration's agreement's initial scope, the site's operator will use the user's provided e-mail address to inform about the occurring changes.

5. Disclosure to third parties and transfer abroad

5.1 Aforementioned, compiled private data (such as names and addresses) will not be shared with third-party organizations without your explicit permission. However, in exceptional cases, such as legal obligations to hand over information to a court, we will share compiled information about specific individuals after receiving an adjudication order.

5.2 Your data will only be saved and used in the Federal Republic of Germany. A transfer to non-European countries will only take place if necessary for the fulfillment of a contract or if the service providers engaged by us carry out such processing. However, this presupposes that the EU Commission has decided on an appropriate level of protection for the country concerned or that we have concluded contracts in accordance with the EU data protection laws that adequately protect and guarantee your rights and freedoms.

5.3 We have integrated tools and software developed by companies based in the US into our website. If active, these tools may transfer your data to the respective companies' servers located in the US. We want to point out that the US is not considered a safe third country in the sense of EU data protection laws, as US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g., intelligence services) process, evaluate, and permanently store your data located on US servers for monitoring purposes. Note that we do not have any power over nor can we influence these processing activities.

6. Consenting to data usage

6.1 Our scripts will show you a consent form on your first visit and every succeeding one after 30 days, asking for permissions regarding tracking and analyzing your usage behavior of this website, as well as the compiling of personal data for advertising purposes. By clicking "Accept" on the corresponding form, you give your consent to this site's operator to process and use personal data to consult, advertise, conduct market research, or design the services according to your needs. However, as a user, you can object to the compiling and use of personal data by clicking the "Reject" button.

7. Cookies

7.1 This website utilizes cookies. Cookies are text documents that are commonly stored on your computer and saved through your browser. They do not damage your computer, nor do they contain viruses. They are solely used to make our website more user friendly and secure to browse.

7.2 Most of our used cookies are so-called session cookies. These will be deleted after you leave our website. Other cookies will remain on your device until a certain amount of time has passed or until you delete them manually. These cookies are called persistent-cookies and allow us to identify your browser upon your next visit and simplify your navigation on our site.

7.3 If you worry about cookies or do not want them to be stored on your device, simply use your browser's help function and change your settings to either disallow every new incoming cookie or be informed about a soon to be set cookie. The latter will give you a choice to either allow or disallow the cookie to be set. Please note that some exciting site features will not or might work differently than they usually do or are expected to when disallowing cookies. Therefore, we advise you to allow cookies to be set on your device.

8. Security

In cases that users send personal data to us, Grindosaur.com offers the possibility of encrypted data transmissions. This encryption provides protection for confidentiality between our users and our web server and helps prevent the abusage of personal data, e.g., interception or manipulation. This protection is achieved by the usage of encryption technology called SSL (Secure Socket Layer). This technology is recognized for its reliability and widely used across the internet.

Based on Art. 32 GDPR, Grindosaur.com chooses in consideration of the currently available technology, its implementation costs and type, scope, circumstances and the purpose of the data processing as well as the seriousness of the risks for the rights and liberties of the individual, suitable technological and organizational measures to ensure a reasonable level of protection of personal data. These measures include safeguarding the confidentiality, integrity, and availability of data through our system. Furthermore, Grindosaur.com implemented processes that allow us to respond to users in concern about their data subject rights (more information about these rights can be found in section 13: 'Disclosure of personal information'). Additionally, principles of data protection and pre-configuration of settings are considered while developing software and internal procedures or choosing hardware for this project (Art. 25 GDPR).

One of these security measures is the encrypted transmission of data between your browser and our server during your login procedure.

9. Google services

9.1 Google Analytics

This website uses Google Analytics, a website analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics utilizes cookies. These are text documents that are commonly stored on your computer and provide an analysis of your usage of this website. The information gathered through cookies is generally saved on Google's servers in the USA.

Google Analytics cookies are stored based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize his website and its advertising.

9.1.1 IP anonymization

We use the function 'Activation of IP Anonymization' on our website. This function assures that Google shortens your IP address in member states of the European Union or other contracting states of the European Economic Zone. Only in exceptional cases will your full IP address be transferred to Google's servers in the USA and shortened there. In the commission of the provider, Google will use this data to analyze your usage of this website, compile reports on your website activity, and supply other information about your website and internet usage to the provider of this website. The IP address relayed by Google Analytics will not be merged with other Google data.

9.1.2 Browser Plugin

Due to certain browser adjustments, it is possible to prevent the storage of cookies; however, consider that you might not be able to use this website to its full extent. Additionally, you can prevent the data collection of personal data (e.g., IP addresses) and your browsing behavior through cookies that are sent to Google via the usage of a browser extension. This extension is provided by Google and may be downloaded from the following source: https://tools.google.com/dlpage/gaoptout?hl=en.

9.1.3 Objecting the data gathering process

As an individual, you can prevent the collection of your data through Google Analytics by clicking on the following link. The link will create an opt-out cookie that will prevent the data acquisition through Google Analytics during future visits of this website: deactivate Google Analytics.

For more information on how Google Analytics handles user data, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

9.1.4 (Commissioned) data processing

Bound by the German data protection legislation, we entered into a contract with Google in regards to Google Analytics' data processing. As a result of this, we declare that we follow the German data protection legislation and implement its regulations accordingly.

9.1.5 Demographics in Google Analytics

This website uses the 'demographic parameters' function of Google Analytics. This function generates reports providing information on the age, gender, and interests of website visitors. The sources of this information are interest-related advertising services by Google and visitor data obtained from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account. Furthermore, you can prohibit the collection of your data by Google Analytics, as shown in section 9.1.3: 'Objecting the data gathering process.'

9.2 Google AdSense (personalized)

Based on our legitimate interests (e.g., the interest in the analysis, optimization and economic operation of our online offer within the scope of Art. 6 para. 1 lit. f GDPR), we use the ad embedding service Google AdSense provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We currently utilize Google AdSense's service in the 'personalized' mode. Personalized ads (formerly known as interest-based adverts) are based on previously collected or historical data that determines or influences any given user's ad selection, including a user's previous search queries, activities, visits to sites, or apps, demographic information, or locations. Furthermore, this would include demographic targeting, interest category targeting, and general remarketing. To learn more about personalized targeting (which is often referred to as 'remarketing'), please click on the following link: https://support.google.com/adsense/answer/9007336.

More information regarding Google's data usage for marketing purposes can be found here: https://policies.google.com/technologies/ads.

Additionally, you can adjust your advertising settings freely in your Google user account. To do so, please click on the following link: https://adssettings.google.com/authenticated.

9.3 Google Web Fonts

This website utilizes free web fonts provided by Google for a consistent presentation.

Please note that no connection between this website and Google's Web Fonts servers is established, as the font files reside on our servers and are served by it.

More information about Google Web Fonts can be found in Google Web Fonts' FAQ and in Google's privacy policy.

10. Affiliate partner programs

Based on our legitimate interests (i.e., interest in the economic operation of our online offer within the scope of Art. 6 para. 1 lit. f GDPR), we are participants in affiliate/partner programs to earn a commission by placing marked links and other advertisements. The respective partner can trace the origin of the orders via user-independent identifiers, such as affiliate ids appended to the individual partner's URL. This allows the partner to recognize that you have clicked on a link served by our web offer. If applicable, the partner may then use their cookies on their website within their area of responsibility to collect and compile data; we have no access to this gathered data.

11. Online presence in social media

We utilize social media to inform and interact with customers, members, and anyone interested in our services. In doing so, we would like to point out that user data may be processed outside the European Union. This might cause risks for the users as their rights might be harder to enforce on these platforms.

Furthermore, this aforementioned compiled user data is usually processed for market research and advertising purposes by these platforms. We would like to note that user profiles can be created from a user's behavior and subsequently determine a user's interests. These user profiles can then be used to place advertisements within and outside the platforms that apparently correspond to the interests of the user in question. This practice is called 'remarketing' and utilizes cookies that get stored on a user's device, in which the behavior and interests of a user are stored. Furthermore, this data may also be stored in the user's profile regardless of the devices used (especially if the user is a member of the respective platform and is logged in to it).

The processing of our users' personal data is based on our legitimate interests in an attempt to effectively communicate with our users in accordance with Art. 6 para. 1 lit. f GDPR. If users are asked by the respective provider to give their consent to data processing (i.e., to give their consent, e.g., by ticking a checkbox or clicking a button), the legal basis for processing is Art. 6 para. 1 lit. a, and Art. 7 GDPR.

If you are interested in how these providers process your data and how you can object this data processing (through opt-out), see our listing down below. In concern about disclosure and enforcement of your rights regarding your data, we advise you to contact these providers directly as they are the only ones with direct access to your data and are, therefore, the only ones capable of acting in regard to your rights. If additional help is needed, please inform us accordingly.

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – privacy policy, opt-out and https://youronlinechoices.com.
• Google / YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – privacy policy, opt-out.
• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – privacy policy and opt-out.
• Reddit (Reddit Inc., 1455 Market Street, Suite 1600, San Francisco, CA 94103, USA) – privacy policy, opt-out.
• Twitch (Twitch Interactive, Inc., 350 Bush Street, Second Floor, San Francisco, CA 94104, USA) - privacy policy, cookie notice.
• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – privacy policy, opt-out.

12. Patreon

We utilize the services of Patreon, 600 Townsend Street, Suite 500, San Francisco, CA 94103, USA.

Patreon is a crowdfunding platform through which users can support their favorite projects, artists, and influencers by making regular financial payments - similar to a subscription. In return for this support, the paying user (or 'Patreon') may receive compensation in the form of exclusive content, early access to content, or an inclusion into the development process.

It should be noted that during your stay on this website, no connection to the Patreon servers is established at any time. Therefore, no private user data (such as an IP address) is shared. Also, currently, no data of Patreon users is processed on this website. Only by clicking on a Patreon link or the static Patreon advertising banner will the user be redirected to the Patreon domain, where the terms, conditions, and data processing policy of Patreon apply.

However, if the respective user decides to support this website financially, Patreon will process the data provided. In addition, to a minimal extent, certain data is shared with our own Patreon profile, such as the Patreon user name and the amount with which we are financially supported.

The use of Patreon is based on our legitimate interest in the economic operation of our online offer within the scope of Art. 6 para. 1 lit. f GDPR.

More information about Patreon's privacy policy and security measures and data protection efforts can be found via their respective links.

13. Disclosure of personal information

On request, we will inform you about whether and which personal data we store about you. Furthermore, we constantly strive to ensure that your data is correct and up to date. If, however, incorrect information has been stored, please contact us to correct it immediately. Additionally, this site's operator would like to inform you that there is currently no possibility to independently query or export this data from the system. But he would also like to point out that there will be a technical solution for this problem in the future.

On further notice: If you make a request, we have one month to respond to you. If you would like to exercise any of your rights, please contact us at our e-mail: info@grindosaur.com.