PRIVACY POLICY
Effective date: 2026-02-14
Website: battlecraft.eu

1. Controller(s)
The controller(s) responsible for data processing under the GDPR are:

Edis Schmuck
Barnefeldstr. 30a
31515 Wunstorf
Germany

Jan Heinrich
Obere Straße 21
37124 Rosdorf
Germany

Contact: support@battlecraft-forum.eu

2. Overview: what data we process
Depending on how you use our services, we may process:

A) Website access data (server logs)
- IP address
- date/time of access
- requested pages/resources
- user agent (browser/device information)
- referrer URL (if provided)
- error logs (technical diagnostics)

B) Account and profile data
- username
- email address
- profile details (optional)
- avatar/profile images (if uploaded)

C) Community content
- forum posts and comments
- private messages (if enabled)

D) Support / ticket data
- ticket content and communication history
- file uploads (e.g., screenshots, logs)

E) Shop / order data (digital goods)
- order details and purchase status
- delivery/fulfillment information
Payment processing is handled by Tebex (see “Recipients”).

F) Minecraft server data (BattleCraft)
- Minecraft username and UUID
- IP address and connection data
- chat/server logs (partly, e.g., for moderation and server security)
- punishments/moderation records
- anti-cheat and proxy network logs

3. Purposes and legal bases
We process personal data for the following purposes and legal bases under the GDPR:

- Providing the Website and accounts (Art. 6(1)(b) GDPR — contract / pre-contract)
- Support and communication (Art. 6(1)(b) GDPR)
- Operation, security, abuse and fraud prevention, moderation (Art. 6(1)(f) GDPR — legitimate interests)
- Optional integrations/cookies/analytics (Art. 6(1)(a) GDPR — consent, if used)
- Legal obligations (Art. 6(1)(c) GDPR — where applicable)

4. Server logs (website access)
When you access our Website, our web server (Apache2) processes server logs for technical delivery, error analysis, and security (e.g., attack detection).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).
Retention: server logs are stored temporarily for security and troubleshooting and are regularly deleted, unless retention is required for security or legal reasons.

5. Accounts, profiles, community features
If you register an account, we process your registration data (username, email) and optional profile data.
If you use community features (forum, comments, private messages), we process and display the content you submit.
Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (moderation and platform security).

6. Support tickets and uploads
If you contact support via our ticket system, we process the information you submit and any attached files (e.g., screenshots/logs).
We may send email notifications about ticket updates.
Legal basis: Art. 6(1)(b) GDPR (support/contract) and Art. 6(1)(f) GDPR (abuse prevention, security).

7. Shop, orders, and payments (Tebex)
If you purchase digital goods, checkout and payment processing is handled by Tebex.
Depending on the selected payment method, Tebex may process data such as billing details, payment data, transaction data, and anti-fraud signals.
We typically receive order and status information necessary for fulfillment (e.g., automated in-game delivery).
Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR where legal retention obligations apply.

8. Discord link and possible server stats display
Our Website links to Discord. A display of Discord server statistics (e.g., member count) may be present depending on configuration/integration.
Depending on the technical implementation, your IP address may be transmitted to Discord or the service used to retrieve/display those stats.
Legal basis: Art. 6(1)(f) GDPR (community information) or Art. 6(1)(a) GDPR (consent) if the integration requires consent.

9. Minecraft server processing (BattleCraft)
When you play on our Minecraft server, we process data required for operation and security, including username/UUID, IP address, connection data, logs, punishments, and anti-cheat/proxy logs.
DDoS/Bot protection: TCPShield (see “Recipients”).
Retention: logs and punishments may be stored permanently for moderation, security, and documentation of enforcement actions.
Legal basis: Art. 6(1)(f) GDPR (security, abuse prevention, enforcement of rules) and Art. 6(1)(b) GDPR (service provision).

10. Cookies and consent
We use a consent banner. Necessary cookies are required to operate the Website (e.g., login/session/security).
Optional services (analytics/marketing/embeds) are only enabled after consent, if we use them.

11. Recipients / service providers
Depending on configuration and usage, personal data may be processed by the following recipients / service providers:

- Hosting (Germany): Hetzner Online GmbH
- DNS and possibly proxy/CDN (depending on configuration): Cloudflare
- Email delivery/provider: STRATO AG
- Backups (if used): Microsoft OneDrive
- Payments/checkout: Tebex
- Community link/integrations (if enabled): Discord
- Minecraft DDoS/bot protection: TCPShield

12. International data transfers
Some providers (e.g., Cloudflare, Microsoft, Discord, payment providers via Tebex) may process data outside the EU/EEA.
Where required, appropriate safeguards such as Standard Contractual Clauses (SCCs) are used.

13. Your rights
Under the GDPR, you have the right to:
- access (Art. 15 GDPR)
- rectification (Art. 16 GDPR)
- erasure (Art. 17 GDPR)
- restriction of processing (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- objection (Art. 21 GDPR)
- withdraw consent at any time (Art. 7(3) GDPR), where processing is based on consent

14. Supervisory authority / complaints
You have the right to lodge a complaint with a supervisory authority.
For Lower Saxony (Germany), this is typically:

The State Commissioner for Data Protection Lower Saxony (LfD Niedersachsen)
Prinzenstraße 5
30159 Hannover
Germany
Email: poststelle@lfd.niedersachsen.de
Phone: +49 511 120 4500