Dungeon Club

Privacy Policy

Dungeon Club takes data protection seriously and respects your privacy. In this privacy policy, we provide information about what data we collect as part of our Internet offer at dungeonclub.net and how we process this data. With regard to the terminology used, e.g. "personal data" or its "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

What data do we collect from you?

Categories of persons affected by the processing:

In this privacy policy, we also refer to all data subjects collectively as "users".

What do we use your data for?

How do we protect your data?

We take appropriate technical and organisational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise.

Furthermore, we take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).

Your data is protected against unauthorised access and loss by a variety of electronic, technical, contractual and administrative measures. We use security techniques (e.g. SSL encryption, cryptographic procedures) to protect your data against access by unauthorised third parties.

Is your data passed on to third parties?

If, in the course of our processing, we disclose data to other persons and companies, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission, e.g. if a transmission of the data to third parties, such as to service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). Our server is provided by Amazon Web Services and located in Frankfurt, Germany.

In order to be able to offer you our service in the best possible way, we use, among others, service providers who work on our behalf. If this is the case, corresponding agreements on commissioned processing pursuant to Art. 28 GDPR have been concluded with the service providers.

Shared with your consent or at your direction

If you consent or ask us to, we will share your information (campaign invite, name, nickname, email address, profile picture) as described at the time of consent with the user you are inviting to participate in your Dungeon Club campaign.

Likewise, when you message other users during your Campaign as a part of the Campaign you are playing and using our messaging service. This includes profile, name, names of any other guests and your message), and any other information you submit and they agree to share.

If you, as a Game Master, invite another user to assist you, you authorise that person to access and if necessary, update your information and content, including but not limited to certain information such as your name, nick name, and messages.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services this will only occur if it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

What are your rights?

We would like to inform you that you have a right to free information about your stored data at any time, as well as a right to correction, deletion or blocking of data and objection as well as data portability. For this purpose, as well as for further information or for the assertion of revocation rights, please contact: theoretically.online@gmail.com. You also have the right to lodge a complaint with a supervisory authority.

When will your data be deleted?

The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations or justified interests. A justified interest exists, for example, with regard to the assertion, exercise or defence of legal claims or to prevent cases of fraud, i.e. for your protection. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes.

Provision of contractual services

We process inventory data, contract data (e.g., services used) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR.

Within the scope of registration and use of our online services, we store the IP address and the time of the respective user action. The storage is mandatory and is carried out to protect the user from misuse or unauthorised use by other users, as well as on the basis of our legitimate interests. As a matter of principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c GDPR.

The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after the expiry of the respective legally prescribed periods; information in the customer account remains until its deletion.


You should never disclose your password for accessing our portal to any third party and you should change it regularly. If you want to leave your account, you should press the logout and close your browser to prevent anyone from gaining unauthorised access to it.

Messages and Profile Data

Within Dungeon Club you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, messages and view relevant content. Content and data is not publicly viewable. You have choices about the information on your profile. You don’t have to provide additional information on your profile or in your message; however, some information helps you to get more from your game. It's your choice whether to include sensitive information on your profile or in your message and to make that information public. Please do not post, share or disclose or add personal data to your profile or in your message that you would not want to be available. The legal basis for the storage is Article 6 lit. f) GDPR.

Contacting Us

When contacting us, the user's details are processed for the purpose of processing the enquiry and handling it in accordance with Art. 6 para. 1 lit. b) GDPR or in accordance with the consent given by the user in accordance with Art. 6 para. 1 lit. a) GDPR. The user's details may be stored in our systems.

We delete the information if it is no longer required. We review the necessity every two years; we store requests from users who have a customer account permanently and refer to the above information under "Provision of contractual services" on the customer account for deletion. In the case of legal archiving obligations, deletion takes place after the expiry of the respective legally prescribed periods.

Collection of access data and log files

We collect data on every access to our website on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the date and time of access, the page accessed, the browser type and version, the user's operating system, any error data, the user ID (internal customer number) and the requesting provider.

Log file information is stored for security reasons (e.g. for the verification of errors and troubleshooting or for the clarification of acts of abuse or fraud) for as long as it is necessary for the fulfilment of its purpose and then deleted or anonymised. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Protection of minors

Dungeon Club and our services are intended exclusively for adults. We do not knowingly collect age-identifying information, nor do we knowingly collect personal information from children under the age of 13. We remind all users under the age of 13 not to disclose or provide any personally identifiable information through our service.

Changes and updates to the privacy policy

We reserve the right to change, update or amend this privacy policy at any time. Any revised privacy policy will only apply to personal information collected or modified after the effective date of the revised privacy policy.

Name and address of the data controller

The responsible party within the meaning of the GDPR and other national data protection laws as well as other data protection regulations is:

Theo Wiese
PO Box 26 04
72016 Tübingen

E-mail: theoretically.online@gmail.com


If you have any further questions, please do not hesitate to contact us.