Deutsch English

Privacy Policy

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Goor & Kröger GbR

You may exercise the following rights at any time using the contact details provided:

  • Information about your data stored by us and its processing (Art. 15 GDPR),
  • Correction of inaccurate personal data (Art. 16 GDPR),
  • Deletion of your data stored by us (Art. 17 GDPR),
  • Restriction of data processing, if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data by us (Art. 21 GDPR), and
  • Data portability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us consent, you can revoke it at any time with effect for the future.

You can contact a supervisory authority at any time with a complaint, e.g. the competent supervisory authority in your state of residence or the authority responsible for us.

Collection of General Information When Visiting Our Website

Type and Purpose of Processing:

When you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and similar.

They are processed in particular for the following purposes:

  • Ensuring a smooth connection to the website,
  • Ensuring smooth use of our website,
  • Evaluating system security and stability, and
  • Optimizing our website.

We do not use your data to draw conclusions about you personally. Information of this type may be statistically evaluated in anonymized form to optimize our website and the technology behind it.

Legal Basis and Legitimate Interest:

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage Duration:

Data is deleted as soon as it is no longer required for the purpose of collection. For data serving the provision of the website, this is generally the case when the respective session has ended.

In the case of data stored in log files, this is the case after 14 days at the latest. Storage beyond this is possible. In this case, the IP addresses of users are anonymized so that assignment of the calling client is no longer possible.

Provision Required or Necessary:

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed.

Hosting

Type and Purpose of Processing:

Our websites and services are hosted on servers of DigitalOcean LLC (101 6th Ave, New York, NY 10013, USA). When using our services, personal data (e.g. IP addresses, usage data) is processed and stored on these servers.

Legal Basis:

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the reliable and secure operation of our services.

Third Country Transfer:

DigitalOcean is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection. Servers are located in data centers in the EU (Frankfurt) and the USA (New York). More information at: https://www.digitalocean.com/legal/privacy-policy.

Cookies and Local Storage

Type and Purpose of Processing:

Our services use session cookies and local storage mechanisms (localStorage) for the following purposes:

  • Authentication: An authentication token is stored in your browser's local storage to recognize you on subsequent visits.
  • User preferences: Your language preference, last opened conversation and other settings are stored locally.

We do not use tracking cookies or third-party cookies for advertising purposes.

Legal Basis:

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the technically error-free and user-friendly provision of our services. Where cookies or local storage are not strictly technically necessary, processing is based on your consent (Art. 6 (1) lit. a GDPR).

Storage Duration:

Session cookies are deleted when you close the browser. Authentication tokens and settings remain in local storage until you log out or clear your browser data.

Chat Service / Messaging (chat.knight-manager.com)

Type and Purpose of Processing:

We operate a real-time chat service at chat.knight-manager.com for players of our game "Rittermanager" (Knight Manager). When using this service, the following personal data is processed:

Account data:

  • Player ID and username (taken from the game account)
  • Language setting (German/English)
  • Chat role (user, moderator, administrator)

Communication content:

  • Text messages in public channels, group chats and direct messages
  • Uploaded images
  • Voice messages (audio recordings)
  • Reactions (emoji) to messages
  • Forwards and reply references

Profile information:

  • Profile picture (avatar), if uploaded
  • Game rank and order name (from the game account)
  • Link to public player profile on knight-manager.com

Usage data:

  • Online/offline status (presence)
  • Last read message per conversation
  • Personal notes you write about other users
  • Block list (users blocked by you)

Technical data:

  • WebSocket connection data for real-time communication
  • IP address upon connection

The data is processed to enable communication between players, foster the game community, and ensure moderation of chat content.

Legal Basis:

Processing of communication data is based on Art. 6 (1) lit. b GDPR (performance of contract), as the chat service is part of our game offering. Moderation and enforcement of usage rules (ban system) is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

Recipients:

Messages in public channels are visible to all registered users. Direct messages are only visible to the participants. Group messages are only visible to group members. Data is processed on servers of DigitalOcean LLC and stored in a managed MySQL database at DigitalOcean. Redis is used for caching session data and presence information.

Storage Duration:

  • Messages (text, images, voice messages): Stored for the duration of the respective channel or conversation. Upon account deletion, your messages are anonymized or deleted.
  • Profile picture / avatar: Until changed or deleted by the user.
  • Presence status: Processed in real-time only and not permanently stored (volatile cache).
  • Personal notes: Until deleted by the user.
  • Bans: Become ineffective after the ban duration expires. The ban information is no longer displayed afterwards.
  • Block list: Until removed by the user.

Provision:

Use of the chat service is voluntary. Use is not possible without logging into the game. Username and player ID are automatically taken from the game account.

AI-Powered Features (OpenAI):

The chat service uses AI features from the OpenAI API (OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA) for the following purposes:

  • Translation: Message texts are transmitted to OpenAI when using the translation feature. Usage is based on your consent (Art. 6(1)(a) GDPR) by actively triggering the function.
  • Moderation: Message texts are transmitted to OpenAI for automated detection of insults and spam. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining respectful conduct within the game community.
  • Spell Correction: Message texts are transmitted to OpenAI for automatic correction of spelling and grammar errors, if this feature has been enabled by the administrator.
  • Image Description and Image Moderation: Uploaded images are transmitted to OpenAI (Vision API) to generate automatic image descriptions for accessibility (alt text) and optionally to detect inappropriate image content.

Additionally, OpenAI is used in our Alexa skills for automated checking of player names for inappropriate content.

OpenAI processes the transmitted data in accordance with their privacy policy: https://openai.com/policies/privacy-policy. When using API services, OpenAI states that the data is not used to train their models.

Link Previews:

When you share a link in a message, the linked website is accessed server-side to display a preview (title, description, image). A connection is established from our server to the linked website. Your IP address is not transmitted to the linked site.

Chat Apps (Desktop and Android)

Type and Purpose of Processing:

The chat service is available as a desktop application (Windows, based on Electron) and as an Android app (based on Trusted Web Activity) in addition to the web version. Both apps access the same web platform (chat.knight-manager.com) and do not process any additional personal data beyond those mentioned under "Chat Service / Messaging".

The desktop app periodically checks for updates via our server. Only the currently installed version number is transmitted.

Legal Basis:

As described under "Chat Service / Messaging".

Push Notifications

Type and Purpose of Processing:

Upon request, you can activate push notifications to be informed about new messages in the chat. Upon activation, a subscription (push subscription) is created containing a technical endpoint URL and encryption keys. These are stored on our server to send you notifications.

Legal Basis:

Processing is based on your explicit consent (Art. 6 (1) lit. a GDPR), which you give by activating push notifications.

Revocation:

You can deactivate push notifications at any time in your browser or app settings. The stored subscription data will be deleted accordingly.

Amazon Alexa Skills

Type and Purpose of Processing:

We offer various skills (applications) for the Amazon Alexa voice assistant. When using these skills, the following data is processed:

Data Collected:

  • Amazon Alexa User ID — a pseudonymous identifier assigned by Amazon, stored on first use of the skill
  • Alexa Device ID — used in certain skills to provide visual content (APL widgets)
  • Language setting and timezone — automatically transmitted by Amazon
  • Player name — collected via voice input in some skills (e.g. Rittermanager, Quizkönig, Wikinger, Schätze den Preis)
  • Game progress and statistics — level, points, achievements, inventory and other game-relevant data
  • Registration and activity timestamps

All skills are delivered through the Amazon Alexa platform. Communication between the Alexa device and our servers occurs through Amazon's infrastructure. For processing by Amazon, please refer to Amazon's Alexa Privacy Notice.

Legal Basis:

Processing is based on Art. 6(1)(b) GDPR (performance of contract — provision of the game service) and Art. 6(1)(f) GDPR (legitimate interest in technical functionality).

Storage Duration:

Game data is stored for the duration of use. After inactivity, accounts are deleted after several months depending on the skill. Deletion can be requested at any time by emailing info@kroegoor.com.

Amazon Profile Data (Quiz des Tages):

The skill "Quiz des Tages" requests the Alexa permission alexa::profile:given_name:read to use your first name for personalized interaction. This permission is granted in the Alexa app and can be revoked there at any time. Processing is based on your consent (Art. 6(1)(a) GDPR).

In-Skill Purchases (Amazon ISP)

Type and Purpose of Processing:

Some of our Alexa skills offer optional in-skill purchases (e.g. premium content, virtual items). Payment processing is handled exclusively by Amazon — we never receive your payment data (credit card, bank details, etc.).

On our servers, we only store the purchase status (whether a premium product was acquired) and the purchase date in order to unlock the purchased content.

Legal Basis:

Processing is based on Art. 6(1)(b) GDPR (performance of contract — provision of purchased content).

Recipients:

Payment processing is handled by Amazon. Information on data processing by Amazon: Amazon Privacy Notice.

Amazon Web Services — Speech Synthesis (AWS Polly)

Type and Purpose of Processing:

For some Alexa skills (Rittermanager, Paket-Held), we use Amazon Polly (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA) to generate speech output. Game content (not personal user data) is transmitted as text to Amazon Polly, and the generated audio files are stored on our servers.

Legal Basis:

Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing high-quality speech output.

Third Country Transfer:

AWS is certified under the EU-US Data Privacy Framework. Data processing takes place in the EU region (eu-west-1, eu-central-1). More information: https://aws.amazon.com/privacy/.

Discord Integration

Type and Purpose of Processing:

For the skill "Rittermanager", we operate a Discord server linked to the game. When certain game events occur (e.g. achievements), the player name and event description are automatically posted to public Discord channels. Processing is carried out by Discord Inc. (444 De Haro Street, Suite 200, San Francisco, CA 94107, USA).

Legal Basis:

Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in fostering the game community.

Recipients:

Discord Inc. Information on data processing by Discord: https://discord.com/privacy.

Automated Mail Delivery

Type and Purpose of Processing:

For the delivery of automated mails for certain skills, we collect personal data that the user shares through the Amazon Alexa app and which is transmitted to us in this way.

For effective registration, we require a valid email address. To verify that a registration is actually made by the owner of an email address, we use the "double opt-in" procedure. For this purpose, we log the newsletter registration, the sending of a confirmation email and the receipt of the requested response. No further data is collected.

Legal Basis:

Based on your explicitly given consent (Art. 6 (1) lit. a GDPR), we regularly send you our information by email to the email address you provided.

You can revoke your consent to the storage of your personal data and its use for sending mails at any time with effect for the future. Each newsletter contains a corresponding link. You can also unsubscribe at any time by email to info@kroegoor.com.

Recipients:

For automated mail delivery, we use the Gmail service in the data protection-compliant version "Google Workspace", operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). The sent mails are sent via a Google SMTP server and are temporarily stored in this service. More information about data processing when using Gmail services can be found in Google's privacy policy: https://www.google.com/intl/en/policies/privacy/.

Storage Duration:

Data is deleted no later than 6 months after dispatch.

Provision:

The provision of your personal data is voluntary, based solely on your consent. Without existing consent, we unfortunately cannot send you our mailing.

Revocation of Consent:

You can revoke your consent to the storage of your personal data and its use for mailing at any time with effect for the future. Unsubscription can be requested via the link contained in each email or by email.

Account Linking

Type and Purpose of Processing:

For the optimization of skills, some skills for Amazon Alexa offer so-called "Account Linking". The user shares selected data such as their name or email address in the Alexa app, which is made available to us via an interface. This data is used, for example, to restore game saves linked to the account or to send automated mailings in accordance with this declaration.

Legal Basis:

Based on your explicitly given consent (Art. 6 (1) lit. a GDPR), we process your data, for example, for the restoration of game saves.

You can revoke your consent to the storage of your personal data at any time with effect for the future. To do this, you can deactivate data transmission in the Alexa app. You can also notify us of your revocation at any time by email to info@kroegoor.com.

Recipients:

The data is processed on our rented servers at DigitalOcean LLC by Goor & Kröger GbR.

Storage Duration:

The data is only processed in this context as long as the corresponding consent exists. It is then deleted.

Provision:

The provision of your personal data is voluntary, based solely on your consent. Without existing consent, we unfortunately cannot offer certain services such as game save backups.

Revocation of Consent:

You can revoke your consent to the storage of your personal data and its use at any time with effect for the future. This can be requested by email.

Contact Form

Type and Purpose of Processing:

The data you enter is stored for the purpose of individual communication with you. This requires a valid email address and your name. This is used to assign the inquiry and to subsequently answer it. The provision of further data is optional.

Legal Basis:

The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 (1) lit. f GDPR).

By providing the contact form, we want to enable you to contact us easily. Your information is stored for the purpose of processing the inquiry and for possible follow-up questions.

Recipients:

The entries of the contact form are transmitted to our mailbox via the "Gmail" service by email. We use the Gmail service in the data protection-compliant version "Google Workspace", operated by Google LLC. More information about data processing when using Gmail services can be found in Google's privacy policy: https://www.google.com/intl/en/policies/privacy/.

Storage Duration:

Data is deleted no later than 6 months after the inquiry has been processed.

Provision:

The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, email address and the reason for your inquiry.

YouTube Embeds

Type and Purpose of Processing:

On some of our web pages (e.g. contest pages on quiz-des-tages.de), we embed YouTube videos. When visiting a page with an embedded YouTube video, a connection is established to the servers of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Personal data (e.g. your IP address) may be transmitted to Google.

Legal Basis:

The embedding is based on your consent (Art. 6(1)(a) GDPR) by actively visiting the respective page.

Third Country Transfer:

Google is certified under the EU-US Data Privacy Framework. More information: https://policies.google.com/privacy.

Contests

Type and Purpose of Processing:

In the context of contests (e.g. on quiz-des-tages.de), we collect a winner code and optionally your email address for contact regarding prize delivery. This data is forwarded to our team via email and is not permanently stored in a database.

Legal Basis:

Processing is based on Art. 6(1)(b) GDPR (performance of the contest).

Storage Duration:

Data is deleted after the contest is completed, at the latest after 6 months.

Use of Script Libraries (Google Web Fonts)

Type and Purpose of Processing:

To display our content correctly and graphically appealing across browsers, we use "Google Web Fonts" by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") for font display on this website.

Legal Basis:

The legal basis for the integration of Google Web Fonts and the associated data transfer to Google is your consent (Art. 6 (1) lit. a GDPR).

Recipients:

Calling script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible - but currently also unclear whether and for what purposes - that the operator Google may collect data.

Storage Duration:

We do not collect personal data through the integration of Google Web Fonts.

Third Country Transfer:

Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection. More information at: https://www.dataprivacyframework.gov/.

Provision Required or Necessary:

The provision of personal data is neither legally nor contractually required. However, the correct display of content with standard fonts may not be possible without it.

Revocation of Consent

The programming language JavaScript is regularly used to display content. You can therefore object to data processing by deactivating JavaScript in your browser or installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

SSL Encryption

To protect the security of your data during transmission, we use encryption methods (e.g. SSL) corresponding to the current state of the art via HTTPS.

Information About Your Right to Object Under Art. 21 GDPR

Right to Object on a Case-by-Case Basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) lit. f GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

Recipient of an Objection

Goor und Kröger GbR
c/o IP-Management #4666
Ludwig-Erhard-Str. 18
20459 Hamburg

Email: info@kroegoor.com

Questions About Data Protection

If you have questions about data protection, please send us an email or contact us via another means: info@kroegoor.com

Changes to Our Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Last updated: February 2026