Privacy Policy

1. General Information

This privacy policy explains how we collect, process, and protect your personal data when you visit our website or use our online shop.
We process personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).

2. Controller

WarZ DayZ C/o WPmates
Christian Czopnik
Holzmühlenstraße 60
22041 Hamburg
Email: admin@warzdayz.com

3. Data Collection on Our Website

We collect data either directly from you (e.g., during registration, checkout, or contact inquiries) or automatically via our systems (e.g., IP address, browser type, operating system, timestamp).

Purposes of processing:

  • User registration and account management
  • Discord and Steam authentication
  • Order and payment processing
  • Customer service
  • Website optimization and security
  • Compliance with legal obligations

Legal bases: Art. 6(1)(b), Art. 6(1)(f), and Art. 6(1)(a) GDPR.

4. Discord Login

If you log in using Discord, we receive:

  • Discord ID
  • Username and avatar
  • Email address (If shared)

This information is used exclusively for authentication and linking your Discord account to your shop account.
Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.
You may remove the connection at any time via Discord or by contacting us.

5. Steam Account Linking

When linking your Steam account, we receive your Steam ID and public profile information (e.g., username, avatar).
This is used solely for account linking and verification.
Legal basis: Art. 6(1)(b) GDPR.

6. Customer Account

Creating a customer account allows you to manage orders and linked profiles.
Processing is based on Art. 6(1)(b) and Art. 6(1)(a) GDPR.
You can delete your account at any time.

7. Orders and Payments

When placing an order, we process your name, address, contact details, order data, and payment information to fulfill contracts (Art. 6(1)(b) GDPR) and comply with legal obligations (Art. 6(1)(c) GDPR).

Payment Processing
Payments are handled by certified third-party providers (“Payment Processors”) using encrypted, PCI-compliant systems. Only data required for transaction processing, refunds, or related inquiries is shared.

Depending on your selected payment method, data may be transmitted to:

  • Stripe Payments Europe Ltd. (Ireland)
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg)
  • Klarna Bank AB (Sweden)
  • Apple Distribution International Ltd. (Ireland)
  • Google Ireland Ltd. (Ireland)
  • Amazon Payments Europe S.C.A. (Luxembourg)
  • Tencent Holdings Ltd. (WeChat Pay) (China)
  • Stripe Link (Ireland)

Each provider acts as an independent data controller for its processing. Please refer to their respective privacy policies.
For recurring payments, your financial information may be securely stored in encrypted form on the processor’s servers, subject to your prior consent.

8. Data Processing Roles

We act as both data controller and data processor, depending on context:

  • Controller: when collecting personal data directly (e.g., registration, login, checkout) to operate our website and services.
  • Processor: when processing data provided through integrations or hosted systems.

If a Data Processing Agreement (DPA) exists, you are the controller and we process data strictly according to your documented instructions.

Legal bases: consent (Art. 6(1)(a)), performance of a contract (Art. 6(1)(b)), legal obligation (Art. 6(1)(c)), or legitimate interest (Art. 6(1)(f)).

9. Data Processing Agreements (DPAs)

WPmates has concluded GDPR-compliant DPAs with all service providers that process personal data on our behalf, including:

  • Hosting and IT infrastructure partners
  • Payment processors (e.g., Stripe, PayPal, Klarna)
  • Analytics and CDN providers

These agreements ensure that data is processed only according to our instructions, with adequate technical and organizational measures (TOMs) and, where applicable, Standard Contractual Clauses (SCCs) for international transfers.

10. International Data Transfers

Some of our service providers (e.g., WeChat Pay, operated by Tencent Holdings Ltd., China) may process data outside the European Economic Area (EEA).
In such cases, we ensure that:

  • Transfers occur only when necessary for contract fulfillment (Art. 49(1)(b) GDPR), and/or
  • Standard Contractual Clauses (SCCs) as approved by the European Commission (Art. 46 GDPR) are in place, and
  • Appropriate technical and organizational safeguards (e.g., encryption, minimization) are implemented.

When using WeChat Pay or similar services, you explicitly consent to the necessary international data transfer (Art. 49(1)(a) GDPR).
You may withdraw this consent at any time.

11. Cookies and Consent Management

We use cookies and comparable technologies.
Essential cookies are used for website functionality (Art. 6(1)(f) GDPR).
Non-essential cookies are used only with your consent (Art. 6(1)(a) GDPR and §25 TTDSG).
You can manage or withdraw your consent at any time through the cookie banner or browser settings.

12. Server Log Files

Our host automatically records log data (IP address, browser type, operating system, referrer URL, time of access).
This data is processed to ensure security and system stability.
Legal basis: Art. 6(1)(f) GDPR.

13. Contact Form & Email

When you contact us, we store your provided data to process your inquiry.
Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.
Data will not be shared without your consent.

14. SSL/TLS Encryption

To protect your data, our website uses SSL/TLS encryption.
Encrypted connections are indicated by the lock icon in your browser bar.

15. Data Retention

We retain personal data only as long as necessary to fulfill contractual or legal purposes.
After that, data will be deleted unless statutory retention periods (e.g., tax laws) apply.

16. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority.

17. Supervisory Authority

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 20459 Hamburg
Website: https://datenschutz-hamburg.de