Privacy Policy

Last updated: 26 May 2026

Scope: This Privacy Policy applies to all websites operated by TopWare Interactive, including corporate websites, game websites and the linked online shop, insofar as those websites refer to this Privacy Policy.
Language note – optional:
This English version is provided for convenience. In the event of discrepancies between the German and English versions, the German version shall prevail.

1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
TopWare Interactive – AC Enterprises e.K.
Am Erlengraben 4
76275 Ettlingen
Germany
Email: legal@topware.com

2. General information on data processing
We take the protection of your personal data very seriously. We process personal data only to the extent necessary to provide our websites, content, online shop, support, newsletters, security measures and further development of our services, or where you have consented to such processing.
Personal data means any information relating to an identified or identifiable natural person, such as name, email address, postal address, user ID, IP address, order and payment data or communication content.
Processing is carried out in particular on the following legal bases:

The storage of information on your device or access to information stored on your device is also subject to the German Telecommunications Digital Services Data Protection Act (TDDDG), in particular Section 25 TDDDG.

3. Accessing our websites and server log files
When you access our websites, technically necessary data is processed to deliver the pages, ensure secure operation and analyse errors. This may include in particular:

Processing is carried out for the technical provision of the websites, to ensure system stability and security, to analyse errors and to detect and prevent misuse, attacks and other unlawful activity.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and functional provision of our websites. Where processing is necessary for the use of contractual services, the additional legal basis is Art. 6(1)(b) GDPR.
Server log files are stored only for as long as necessary for the purposes stated above. Longer storage may occur if this is necessary to investigate security incidents, misuse or legal violations, or if statutory retention obligations apply.

4. Hosting, own servers, CDN and WAF
Our websites are operated on our own servers in Germany. To provide our websites quickly, securely and reliably, we use CDN and WAF services provided by MojoHost.
A content delivery network (CDN) is used to speed up the delivery of website content. A web application firewall (WAF) is used to protect against attacks, abusive access and other security-relevant events. In this context, IP addresses, technical access data, browser and device information, timestamps, requested URLs and security-relevant event data may be processed.
Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, performant and reliable provision of our websites and in the prevention of attacks and misuse. Where MojoHost processes personal data on our behalf, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.

5. Cookies and similar technologies
Our websites may use cookies and similar technologies. Cookies are small text files stored on your device. Similar technologies may include local storage, session storage or comparable technical storage mechanisms.
According to the current configuration, we do not use analytics, marketing or tracking services such as Google Analytics, Google Ads, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel or IVW/AGOF audience measurement. According to the current configuration, we also do not use a cookie consent management tool.
Technically necessary cookies and similar technologies may, however, be required to provide individual functions, in particular when visiting the online shop, using the shopping cart, completing the ordering process, setting language preferences, using security functions or submitting forms. Such technically necessary cookies are used on the basis of Section 25(2) TDDDG. Where personal data is processed in this context, processing is based on Art. 6(1)(f) GDPR or, where required for contractual services, Art. 6(1)(b) GDPR.
Non-essential cookies and similar technologies, in particular for analytics, advertising, remarketing, external media or marketing pixels, are used only if you have given your prior consent. In such cases, the legal basis would be Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.

6. Contact, legal department and support
If you contact us by email or by other means, we process the data you provide in order to handle your enquiry. This applies in particular to enquiries sent to legal@topware.com and support@topware.com.
The following data may be processed in particular:

Support is handled through our own email inboxes, in particular support@topware.com. No external ticketing system is used.
The legal basis is Art. 6(1)(b) GDPR where your enquiry relates to a contract or pre-contractual measures. In all other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in handling your enquiry, documenting communication and improving our support. Where you voluntarily provide additional information or give consent, Art. 6(1)(a) GDPR may additionally serve as the legal basis.
Support and contact enquiries are stored for as long as necessary to handle the enquiry and any follow-up questions. Statutory retention obligations and legitimate interests in documentation, legal prosecution or legal defence remain unaffected.

7. Online shop and orders
Our websites may link to our online shop at www.topwareshop.com. The online shop uses PrestaShop as its shop system.
When you purchase products, digital content or services through our online shop, we process the data required for contract conclusion, contract performance, invoicing, payment, delivery, provision of digital content and customer service. This may include in particular:

The legal basis is Art. 6(1)(b) GDPR. Where we are required to retain data due to commercial, tax or accounting obligations, the legal basis is Art. 6(1)(c) GDPR.

8. Payment processing
In the online shop, we offer payment by PayPal and bank transfer.
8.1 PayPal
If you choose PayPal as your payment method, the data required for payment processing will be transmitted to PayPal. This may include in particular name, email address, invoice amount, order information, payment status and other data required for the payment. PayPal processes payment data partly under its own responsibility. PayPal’s privacy notices also apply to PayPal’s processing of data.
The legal basis for transmission to PayPal is Art. 6(1)(b) GDPR, as processing is necessary to carry out the payment method selected by you.
8.2 Bank transfer
If you pay by bank transfer, we process the data required to allocate and record the payment, in particular the name of the account holder, payment amount, payment reference, invoice number and bank transaction data.
The legal basis is Art. 6(1)(b) GDPR. Where statutory retention obligations apply, the legal basis is Art. 6(1)(c) GDPR.

9. Newsletter and email information
We may send you newsletters or other information by email if you have subscribed to them or have given your consent. We use our own system for newsletter distribution and no external newsletter service provider.
At least your email address is required for registration. Additional information is voluntary unless expressly marked as mandatory. Registration generally takes place using a double opt-in procedure. After registration, you will receive a confirmation email. Your subscription becomes active only after you confirm the link contained in that email.
To document registration, we may store the time of registration, the time of confirmation, the IP address and the registration channel used. This serves to prove consent.
The legal basis for sending the newsletter is Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in each newsletter email or by sending a message to legal@topware.com.
Where we inform existing customers by email about our own similar products or services, processing may be based on Art. 6(1)(f) GDPR in conjunction with the statutory requirements for existing-customer advertising. You may object to this use at any time without incurring any costs other than transmission costs at basic rates.

10. Links to Steam, GOG and other platforms
Our websites may contain links to external platforms such as Steam, GOG or other distribution and gaming platforms. If you click such a link, you leave our website. The respective platform operator is generally responsible for subsequent data processing.
No Steam integration, Steam login or transfer of data from Steam or GOG accounts to us takes place. We therefore do not receive account data, game ownership data or profile data from these platforms merely by placing links to them.
Please refer to the privacy notices of the respective platform operators.

11. Social media links
Our websites may contain links to our profiles on social networks, in particular X and Facebook. These are normal links and not active social media plugins, like buttons, share buttons or embedded feeds.
When you merely access our websites, no personal data is transmitted to X or Facebook through active social media plugins. Only when you click the relevant link do you leave our website. The respective platform operator is responsible for subsequent data processing.
Please refer to the privacy notices of the respective platforms.

12. No forums, comments, reviews or community features
Our websites do not offer forums, comment areas, review functions or other community features. Accordingly, no registration, post, comment or review data is processed in this respect.
If such functions are introduced in the future, this Privacy Policy will be updated accordingly.

13. No active analytics or marketing services
We do not currently use the following services:

If we use analytics, marketing or tracking services in the future, we will update this Privacy Policy accordingly and, where required, obtain your prior consent.

14. No embedded external media or maps
Our websites do not embed YouTube videos, Google Maps or Google Fonts from external Google servers.
If external media, maps, fonts or comparable content are embedded in the future, personal data, in particular the IP address, may be transmitted to the respective provider. Such embedding will take place only on an appropriate legal basis and, where required, only after your consent.

15. No targeted offering to children under 16
Our services are not specifically directed at children under the age of 16. If we become aware that personal data of children has been processed without the required consent of their legal guardians, we will delete such data unless legal reasons prevent deletion.

16. Disclosure of data, recipients and processors
We disclose personal data only if this is necessary for the purposes stated, if a legal basis exists or if you have given your consent. Recipients may include in particular:

Where required, we conclude data processing agreements with processors pursuant to Art. 28 GDPR. Personal data is not disclosed to third parties for their own advertising purposes without your consent.
In the event of restructuring, sale, merger, acquisition or insolvency, personal data may be transferred to legal successors or acquirers where this is legally permissible and necessary for the continuation of business processes.

17. Transfers of data to third countries
Our own servers are located in Germany. Where we use service providers with a registered office or processing operations outside the European Union or the European Economic Area, personal data is transferred only if the requirements of Art. 44 et seq. GDPR are met.
This may be relevant in particular when using international payment, platform or security service providers. A transfer may be based on an adequacy decision of the European Commission, appropriate safeguards such as standard contractual clauses or another permissible legal basis.

18. Retention period
We store personal data only for as long as necessary for the respective purposes. Thereafter, the data will be deleted or anonymised unless statutory retention periods, limitation periods, proof obligations or legitimate interests prevent deletion.
Business and tax-relevant documents may be subject to statutory retention periods. Data that we process on the basis of consent is generally stored until consent is withdrawn or until the purpose no longer applies. Data required for legal prosecution or legal defence may be stored for the duration of statutory limitation periods.

19. Data security
We take technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration and disclosure. These may include in particular transport encryption, access restrictions, role and permission concepts, backups, logging, firewalls, web application firewalls and regular security reviews.
Our websites generally use TLS encryption. You can recognise an encrypted connection, among other things, by “https://” and the lock symbol in your browser’s address bar.
Please note that data transmission over the internet is never completely risk-free. We notify affected persons and supervisory authorities of data breaches in accordance with legal requirements.

20. Rights of data subjects
Subject to the statutory requirements, you have the following rights:

If you have given consent, you may withdraw it at any time. If we process data on the basis of legitimate interests, you may object to the processing on grounds relating to your particular situation. You may object to direct marketing at any time without giving reasons.
To exercise your rights, you may contact us at legal@topware.com.

21. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
The competent authority for Baden-Württemberg is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany

22. No automated decision-making
We do not use solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

23. Changes to this Privacy Policy
We may update this Privacy Policy if our data processing activities, websites, services or the legal situation change. The current version is available on our websites.

24. Contact
If you have any questions about data protection or wish to exercise your rights, you may contact us at any time:
TopWare Interactive – AC Enterprises e.K.
Am Erlengraben 4
76275 Ettlingen
Germany
Email: legal@topware.com