Privacy Policy

This English version is provided for your convenience only. The legally binding version of this Privacy Policy is the German original (Datenschutzerklärung), available at dyhntastic.net/de/privacy-policy. In the event of any discrepancy, the German version prevails. Statutory references (e.g. GDPR, TDDDG) refer to the applicable German and European legislation.

1. Data Protection at a Glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy below this text.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the section "Information on the responsible party" in this Privacy Policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us, e.g. data you enter into a form. Other data is collected automatically or with your consent when you visit the website by means of our IT systems. This is primarily technical data (e.g. internet browser, operating system or time of the page request).

What do we use your data for?

Part of the data is collected to ensure that the website is provided without errors. Other data serves to handle your requests, to protect against abuse and to moderate the community.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipients and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data, to revoke consent for the future, to request restriction of processing under certain circumstances, and to lodge a complaint with the competent supervisory authority.

2. Hosting

Hosting (Hetzner)

Our main infrastructure (website, API, game servers, voice server, newsletter, ticket system) is operated on a dedicated server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner.

  • Data processed: server and security logs (IP address, timestamp, requested URL/resource, user agent, status/error codes) and possibly form contents.
  • Purpose/legal basis: provision of the online services, stability and security (Art. 6(1)(f) GDPR); where necessary for the usage relationship/support, additionally Art. 6(1)(b) GDPR.
  • Storage period: server logs as a rule 7–30 days.
  • Recipient: Hetzner (processor). Processing in EU data centers.

Email hosting (IONOS)

Our email infrastructure is operated via a self-hosted mail server instance on a separate VPS of IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place with IONOS. Insofar as IONOS exceptionally transfers personal data to a third country, this is done exclusively in compliance with appropriate safeguards pursuant to Art. 44 et seq. GDPR (e.g. EU standard contractual clauses).

  • Data processed: email contents, sender/recipient addresses, timestamps, IP addresses, attachments — insofar as necessary for email operation.
  • Purpose/legal basis: provision of email communication (Art. 6(1)(b) and (f) GDPR).
  • Storage period: until manually deleted or until statutory retention periods expire.
  • Recipient: IONOS (processor). Processing in EU data centers.

Minecraft and TeamSpeak proxy (OVH)

To operate the Minecraft and TeamSpeak servers, an upstream proxy VPS of OVH GmbH, Christophstraße 19, 50670 Cologne, Germany, is used. This VPS acts solely as a network proxy and forwards connections to our server at Hetzner, completely shielding it from the public internet. A data processing agreement pursuant to Art. 28 GDPR is in place with OVH GmbH.

  • Data processed: IP addresses of players/users (technically necessary connection data), connection metadata (port, timestamp). No content processing takes place.
  • Purpose/legal basis: network security, DDoS protection and shielding of the main infrastructure (Art. 6(1)(f) GDPR).
  • Storage period: connection logs as a rule 7–30 days.
  • Recipient: OVH GmbH (processor). Processing in EU data centers.

Cloudflare CDN

We use Cloudflare's Content Delivery Network (CDN) and DDoS protection. The European point of contact is Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich. The parent company and data controller is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. As all website traffic is routed through Cloudflare, it processes technically necessary personal data on every page request. A data processing agreement / DPA pursuant to Art. 28 GDPR is in place with Cloudflare.

  • Data processed: IP address, timestamp, requested URL, HTTP method, user agent, referrer, HTTP status code and possibly further connection metadata.
  • Purpose/legal basis: provision, acceleration and protection of our website and protection against DDoS attacks (Art. 6(1)(f) GDPR).
  • Storage period: connection logs as a rule up to 30 days, security logs possibly longer.
  • Recipient: Cloudflare (processor).
  • Third-country transfer (USA): Safeguarding is based on the EU standard contractual clauses (SCCs) and the EU-US Data Privacy Framework (DPF), which Cloudflare joined in July 2023. Further information: cloudflare.com/trust-hub/gdpr.

3. General Information and Mandatory Information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy. We point out that data transmission over the internet (e.g. when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Information on the responsible party

The party responsible for data processing on this website is:

Raphael Wiener
c/o IP-Management #2011
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Impressum-Privatschutz (IP-Management)

For the management of mail sent to us, we use the services of Impressum-Privatschutz GmbH, Ludwig-Erhard-Str. 18, 20459 Hamburg. This constitutes our legitimate interest within the meaning of Art. 6(1)(f) GDPR. We have concluded a data processing agreement with Impressum-Privatschutz. Further information: impressum-privatschutz.de/datenschutzerklaerung

Technical and organizational measures

We protect your data through appropriate technical and organizational measures, in particular: end-to-end TLS encryption, a self-operated consent mechanism, multi-factor authentication or passkeys for administrative access, virus scanning of uploaded files (ClamAV), storage of uploads on non-public storage areas, and masking of email addresses in log files.

Storage period

Unless a more specific storage period has been stated within this Privacy Policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent, your data will be deleted, provided we have no other legally permissible reasons for storing it (e.g. retention periods under tax or commercial law).

Information on minors

Our offerings are not directed at children under 13 years of age. Use requires a minimum age of 13 years. Users under 16 require the consent of a legal guardian for consent-based processing (e.g. the newsletter) (Art. 8 GDPR). Should we become aware that personal data of a person below the minimum age, or without the required consent, is being processed, we will delete it without undue delay. Legal guardians can contact us at info@dyhntastic.net at any time.

Information on data transfer to the USA

Our website includes tools from companies based in the USA. When these tools are active, your personal data may be passed on to the US servers of the respective companies. We point out that the USA is not a safe third country within the meaning of EU data protection law. The transfer takes place on the basis of appropriate safeguards (e.g. EU standard contractual clauses or the Data Privacy Framework).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, lda.bayern.de.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place insofar as it is technically feasible.

SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" in the address line and the lock symbol in your browser.

Information, deletion and correction

Within the framework of the applicable statutory provisions, you have the right at any time to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction or deletion of this data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data, in particular if you dispute the accuracy of your data, if the processing was unlawful, if we no longer need the data but you need it to assert legal claims, or if you have lodged an objection pursuant to Art. 21(1) GDPR.

Objection to advertising emails

The use of contact data published within the framework of the imprint obligation to send unsolicited advertising and information materials is hereby objected to.

4. Data Collection on This Website

Cookies

Our website uses cookies. Cookies are small text files and do not cause any damage to your device. Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR and Section 25(2) TDDDG. Consent-requiring cookies are set exclusively on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG); this can be revoked at any time.

Your consent is managed via a self-developed, server-side consent banner (no external service, no third-country transfer for this purpose); see Section 9. Cookies actually used:

  • dyhntastic_session — technically necessary (session/login), session cookie.
  • XSRF-TOKEN — technically necessary (protection against cross-site request forgery).
  • locale — preference (language selection), duration approx. 1 year.
  • dyhntastic_consent — stores your cookie consent, duration approx. 1 year.
  • cf_clearance — Cloudflare Turnstile (bot protection), duration approx. 30 minutes.

Server log files

The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us: browser type and version, operating system, referrer URL, host name, time of the server request and IP address. This data is collected on the basis of Art. 6(1)(f) GDPR and is not merged with other data sources. Note: 404 error logs are stored without IP address and user agent.

Forms in the support area

Several forms are available in the support area at dyhntastic.net/support (incl. contact, bug report, unban request, player report, general support). Depending on the form, we process:

  • the contents you enter (e.g. name, email address, message, affected account),
  • files you optionally upload (attachments), which are stored on non-public storage and scanned with a virus scanner (ClamAV),
  • technical data: IP address, selected language and timestamp.

Before submitting, mandatory consent to the Privacy Policy and the Terms of Use is required. The forms are protected against automated entries by Cloudflare Turnstile (see Section 9). Requests are forwarded for processing to our self-hosted ticket system (Zammad, see Section 7).

Legal basis: Art. 6(1)(b) GDPR (contractual/pre-contractual processing) or Art. 6(1)(f) GDPR (effective handling of requests) or your consent (Art. 6(1)(a) GDPR). Storage period: as a rule 90 days after the request has been completed, unless statutory retention obligations apply.

Inquiry by email

If you contact us by email, your inquiry including all resulting personal data will be stored and processed for the purpose of handling your request. We do not pass on this data without your consent. Legal basis: Art. 6(1)(b) GDPR insofar as your inquiry relates to the performance of a contract; otherwise Art. 6(1)(f) GDPR or your consent (Art. 6(1)(a) GDPR).

5. Newsletter

Newsletter dispatch

If you would like to subscribe to our newsletter, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. The processing is based exclusively on your consent (Art. 6(1)(a) GDPR). Before submitting the newsletter registration, mandatory consent to the Privacy Policy and the Terms of Use is required. You can revoke your consent at any time, e.g. via the "unsubscribe" link in the newsletter.

Double opt-in

The newsletter is sent using the double opt-in procedure. After registering, you will receive an email asking you to confirm your registration. Registrations are logged in order to prove the registration process (time of registration and confirmation, IP address).

Self-hosted newsletter system

The newsletter is operated via a self-developed and self-hosted newsletter system running on our own infrastructure at Hetzner Online GmbH (EU data centers). Your data is not passed on to external newsletter service providers. After unsubscribing, your email address may be stored in a blocklist in order to prevent future mailings.

6. Social Media

External links to social networks

This website contains links to our profiles on social networks (Instagram, TikTok, Threads and YouTube). These links are merely references to external sites; there is no embedding of content and no integration of social media plugins that would automatically transmit data upon merely visiting the page. A direct connection to the providers' servers is only established when a link is clicked. The privacy policies of the respective providers apply.

7. Data Protection for Applications and in the Application Procedure

Applications for team positions can be submitted via the following channels:

  • primarily via the application area at dyhntastic.net/jobs (on-site application with optional file upload, e.g. CV),
  • via the application portal at apply.dyhntastic.net,
  • by email to apply@dyhntastic.net.

For the on-site application, we process the data entered and files you optionally upload. Attachments are stored on non-public storage and scanned with a virus scanner (ClamAV); additionally, IP address and timestamp are processed. Before submitting, mandatory consent to the Privacy Policy and the Terms of Use is required. Legal basis: Art. 6(1)(b) GDPR and — where consent has been given — Art. 6(1)(a) GDPR.

Self-hosted ticket system (Zammad)

Support and application requests are forwarded for processing to a self-hosted Zammad system operated on our own infrastructure at Hetzner (EU). Your email address is created as a customer, and the message and attachments are stored. No transfer to Zammad GmbH or other external third parties takes place; the software's telemetry is disabled. Legal basis: Art. 6(1)(b) and (f) GDPR.

Storage period

Data from the on-site application is stored as a rule for up to 180 days after the application procedure has been completed and then deleted, unless a statutory retention obligation applies. Support cases are deleted as a rule 90 days after completion.

8. Translation Platform (translate.dyhntastic.net)

At translate.dyhntastic.net, interested parties can register as translators and submit translations (language keys) for the Dyhntastic.net network. The platform is self-hosted on our server at Hetzner; no transfer to external third parties takes place.

Data processed

  • Username
  • Email address
  • Password (stored encrypted, no plain text)

In addition, submitted translation contributions are stored and assigned to the respective account. Legal basis: Art. 6(1)(b) GDPR (contract/usage relationship) and Art. 6(1)(f) GDPR (legitimate interest in quality assurance). Upon deletion of the account, personal data is deleted; submitted contributions may continue to be used in anonymized form.

Automatic translation suggestions (DeepL)

In the translation portal, an automatic translation suggestion can optionally be generated. For this, we use the translation API of DeepL SE, Maarweg 165, 50825 Cologne. What is transmitted to DeepL is exclusively the non-personal source text specified by us and the selected target language. No personal data of yours is transmitted to DeepL. The call is made server-side via our own infrastructure; only our server appears towards DeepL. Processing by DeepL takes place on servers within the EU; no third-country transfer takes place.

9. Plugins and Tools

Consent management (self-developed consent banner)

To manage your consents, we use a self-developed, server-side consent banner. No external consent management platform is used; for the consent management itself, no transfer to third parties or third countries takes place. Your selection is stored in the cookie dyhntastic_consent (duration approx. 1 year) and can be changed at any time via the banner. Legal basis: Art. 6(1)(f) GDPR and Section 25 TDDDG.

Cloudflare Turnstile

To protect against automated access (bots/spam), we use Cloudflare Turnstile on our interactive forms. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA; the European point of contact is Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich.

Turnstile is generally used on all forms as well as login and registration processes, in particular the forms in the support area, the newsletter registration, the registration in the translation portal and the application. It checks whether an entry is made by a human or an automated program; for this, Turnstile analyzes the behavior on the basis of various characteristics (e.g. IP address, dwell time, mouse movements, device and browser information). The cookie cf_clearance is set.

The legal basis is Art. 6(1)(f) GDPR. As Cloudflare is a US company, personal data may be transferred to the USA; safeguarding is based on the EU standard contractual clauses (SCCs) and the EU-US Data Privacy Framework (DPF). Further information: cloudflare.com/cloudflare-customer-dpa.

Locally hosted fonts

To display fonts consistently, the portal uses exclusively the operating system's system font stack (system-ui). No web fonts are loaded and no font CDNs (e.g. Google Fonts) are integrated. Therefore, no transmission of your IP address to third parties for the purpose of providing fonts takes place.

Minecraft avatars (Crafatar) and name resolution

To display Minecraft avatars, our server loads the avatar images server-side via the Crafatar service and caches them. Your visitor IP address is not transmitted to Crafatar — only our server communicates with Crafatar.

An optional name resolution of Minecraft accounts via external services (Java: PlayerDB, playerdb.co, USA; Bedrock: GeyserMC, api.geysermc.org) is disabled by default. If it is enabled, only public Minecraft UUIDs or gamertags are transmitted; no personal data of website visitors is transmitted.

10. Minecraft Server Network

In order to provide you with gameplay on our network, to prevent abuse and to moderate the community, we process personal data.

Legal bases

  • Art. 6(1)(b) GDPR (contract/terms of use: conducting gameplay, support)
  • Art. 6(1)(f) GDPR (legitimate interest: operation, stability, security, fraud/abuse prevention, enforcement of rules)

Categories of data processed

  • Account/connection data: Minecraft UUID and name, IP address, login/logout times, access/server/world events, client/version info
  • Game/usage data: statistics, inventory/economy data
  • Communication & moderation: chat/message contents, reports/appeals, sanction/moderation history incl. evidence
  • Community functions: clan/guild memberships, friend lists, settings

Storage period

  • Operational/security and access logs (incl. IP): as a rule 7–30 days.
  • Statistics & game progress: as long as your account is active.
  • Moderation/sanction data: until the sanction expires; in the case of appeals or serious violations, max. 1 year.

Recipients/processing: hosting (processor): Hetzner Online GmbH (EU). Optional recipients: Discord (for moderation/report notifications via webhooks), TeamSpeak (when you link your account).

11. AI-Assisted Chat Moderation

When you use the chat on our Minecraft servers, we process your chat messages in order to maintain a safe community. We process in particular the content of the message, time/server/instance, player name/UUID, sanction history and system logs on the moderation decision (category, score).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in safe, rule-compliant gameplay); where a sanction is necessary for the performance of the contract, additionally Art. 6(1)(b) GDPR.

Functioning / automated decision

Messages are automatically checked server-side for problematic categories. From configured thresholds, a temporary chat ban (auto-mute, as a rule 6 hours) can be imposed automatically. There is no decision based solely on automated processing with legal effect within the meaning of Art. 22 GDPR, as you can request a human review at any time.

Self-hosted AI moderation — no third-country transfer

The AI-assisted content moderation is operated entirely on our own infrastructure. For this we use a locally operated classification model that runs on our server at Hetzner (EU data center Falkenstein). No transmission of chat content to external third parties or to servers outside the EU takes place. Only the text content is passed to the moderation model; name, UUID or IP address are not transmitted.

Further recipients

In the case of clear violations, a copy (player name, message, category/score, server, time) may be posted via a webhook into our internal, non-publicly accessible moderation log on Discord (Art. 6(1)(f) GDPR). The privacy notices of Discord apply: discord.com/privacy

12. TeamSpeak Server

The TeamSpeak server is operated entirely self-hosted on our server at Hetzner. To provide the service and enforce the server rules, we process: IP addresses, logins, access logs, operating system/platform used, nickname, server and channel groups as well as bans/kicks.

We use the official TeamSpeak server software, which processes transmitted voice content and chat messages exclusively for the intended purpose. No transfer to external third parties takes place. Legal basis: Art. 6(1)(b) and (f) GDPR. Storage period: connection logs as a rule 7–30 days; sanction data until the sanction expires, in the case of serious violations max. 1 year.

13. Discord

We operate our own Discord server, used by both the team and the community. Discord is a service of Discord, Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA. As Discord is a US company, personal data may be transferred to the USA. Safeguarding is based on the EU standard contractual clauses (SCCs). Further information: discord.com/privacy

Discord serves as a community platform, a support channel for general requests, for team-internal communication, and for the automated logging of player sessions via webhook. When using Discord, Discord itself processes personal data (Discord username, Discord ID, message contents, connection metadata).

In addition, as part of the server operation, we transmit moderation notifications (see Section 11) and a session log (in-game username, Minecraft UUID, login/logout timestamps, session ID) into a team-internal, non-publicly accessible Discord channel. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in community operation, support, team coordination and traceability for security and abuse prevention).

The transmission of sensitive personal data by users via Discord (full name, email address, phone number, postal address, payment data) is expressly not desired. For applications and formal contact, only the channels listed under Section 7 and in the support area are available.