Football LegacyFootball Legacy
Start your club

Legal

Privacy policy

Below we explain how we process personal data in connection with using Football Legacy.

1. Data controller

Johannes Haller
Nobistor 16
22767 Hamburg

Phone: 0159-01956353
Email: johanneshaller96@gmail.com

Whenever this policy refers to "we" or "us", it refers to the controller named above.

2. What data do we process?

2.1 Server and usage data

When you visit our website or play the game, server logs are generated automatically (IP address, date/time, URL, referrer, user agent, status codes). This data is technically necessary to provide the service, detect abuse, and ensure stability.

2.2 Account and game data

We process username, email address, fictional club names, logos/graphics, game statistics, progress and settings data to manage your account and save game progress.

2.3 Communication data

If you contact us, we process the content and contact details you provide solely to handle your request.

2.4 Cookies

We use technically necessary cookies (e.g. session/login cookies, CSRF protection). The main cookie keeps you logged in for up to 14 days so you do not have to log in on every visit. We only set non-essential tracking cookies with your consent; currently we use Google Analytics 4 for this.

2.5 External services

For hosting and infrastructure we use, among others, Render and IONOS. Email delivery runs via IONOS SMTP servers. We may use additional IT service providers (e.g. CDN/fonts). All partners have data processing agreements under Art. 28 GDPR; for transfers to third countries we rely on EU Standard Contractual Clauses or equivalent safeguards.

3. Purposes and legal bases

  • Providing the game, registration, account management, saving game progress -> Art. 6(1)(b) GDPR (contract performance).
  • Security, stability, abuse prevention, error analysis -> Art. 6(1)(f) GDPR (legitimate interest).
  • Communication with you (support, follow-up questions) -> depending on context Art. 6(1)(b) or Art. 6(1)(f) GDPR.
  • Processing based on your consent (e.g. optional cookies/newsletters) -> Art. 6(1)(a) GDPR. You can revoke consent at any time.

4. Retention

We store personal data only as long as required for the respective purpose or as required by law.

  • Server logs: typically 7-30 days, longer only in case of security-related events.
  • Account/game data: as long as your user account is active; upon deletion we anonymize or remove data unless retention obligations apply.
  • Support/communication data: until final processing and, if commercial obligations apply, up to 6 or 10 years.
  • Cookies: session cookies until end of session, persistent cookies according to their defined lifetime (e.g. 14 days for the login cookie).

5. Recipients and data sharing

We only share data when required to fulfill the contract, due to legal obligations, or with your consent. Recipients may include our hosting, infrastructure, and email providers (Render, IONOS, etc.) and authorities where required by law. For transfers outside the EEA, we ensure adequate safeguards (e.g. EU Standard Contractual Clauses).

6. Cookies & tracking

We may set technically necessary cookies under Sec. 25(2) TTDSG / Art. 6(1)(f) GDPR because they are required to operate the game. Non-essential cookies or tracking technologies are used only with your consent. You can delete or block cookies in your browser settings, which may limit the manager experience.

6.1 Google Analytics 4

We use Google Analytics 4 (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to measure reach and analyze usage. The legal basis is your consent under Art. 6(1)(a) GDPR and Sec. 25(1) TTDSG. This includes usage data (page views, interactions), technical information (browser, device type, referrer), and approximate location data. According to Google, IP addresses are truncated and not stored permanently.

Transfers to third countries (in particular the USA) cannot be ruled out. Google uses EU Standard Contractual Clauses or equivalent safeguards. You can withdraw your consent at any time via the cookie settings.

7. Rights of data subjects

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection (Art. 15-21 GDPR). You can revoke consent at any time with effect for the future. To exercise your rights, contact us using the details above.

8. Right to lodge a complaint with a supervisory authority

You may lodge a complaint with a data protection authority at any time. For Hamburg, the competent authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 20459 Hamburg
Phone: +49 40 428 54 4040
Email: mailbox@datenschutz.hamburg.de (more information).

9. Data security

We implement appropriate technical and organizational measures, including TLS/HTTPS encryption, access restrictions, backups, and regular security updates. However, data transmission over the Internet may have security gaps, so absolute protection cannot be guaranteed.

We reserve the right to update this privacy policy in the future. The current version applies.

Last updated: 2025-12-07