top of page

Privacy Policy

> **Trademark notice:** Minecraft® is a registered trademark of > Mojang Synergies AB / Microsoft Corporation. The mod > "Intelligent Villagers / VR Realistic Worlds" (VRRW) is an > independent fan project; it is **not an official Minecraft > product** and has neither been approved nor endorsed by Mojang > or Microsoft. All rights in Minecraft trademarks, textures and > game mechanics remain with their respective holders. This privacy policy applies **both to our website** at [https://www.vrrw.online](https://www.vrrw.online) **and to the Minecraft mod "Intelligent Villagers / VR Realistic Worlds"** (hereinafter: "the mod"). The website and the mod use a common backend and share the same account and rewards system, so we describe the processing for both platformsaa in one document. Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there, as well as for the operation of the mod. Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not. The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control. **Scope:** This Privacy Policy deals exclusively with the processing of personal data. All non-privacy-related provisions (order processing, subscriptions, right of withdrawal, user content, licenses, mod usage rules, VRRW Points, liability) can be found in our **Terms of Use** at [https://www.vrrw.online/agb](https://www.vrrw.online/agb). A detailed overview of the cookies we use can be found in our **Cookie Policy** at [https://www.vrrw.online/cookies](https://www.vrrw.online/cookies). ## Contents - [I. Information about us as controllers of your data](#i-information-about-us-as-controllers-of-your-data) - [II. The rights of users and data subjects](#ii-the-rights-of-users-and-data-subjects) - [III. Information about the data processing](#iii-information-about-the-data-processing) - [III.A Basic website operation](#iiia-basic-website-operation) - [III.B Contact](#iiib-contact) - [III.C Member accounts](#iiic-member-accounts) - [III.D Online shop, subscriptions and payments](#iiid-online-shop-subscriptions-and-payments) - [III.E Community (groups, profiles, events)](#iiie-community-groups-profiles-events) - [III.F Loyalty, challenges and points](#iiif-loyalty-challenges-and-points) - [III.G User-generated content (server directory, Playercreations etc.)](#iiig-user-generated-content-server-directory-playercreations-etc) - [III.H Newsletter, follow-up comments, competitions and general user posts](#iiih-newsletter-follow-up-comments-competitions-and-general-user-posts) - [III.I Intelligent Villagers / VR Realistic Worlds Minecraft mod](#iiii-intelligent-villagers--vr-realistic-worlds-minecraft-mod) - [III.J Task lockers / embedded advertising offers (OGAds)](#iiij-task-lockers--embedded-advertising-offers-ogads) - [III.K Kinetic Hosting affiliate link](#iiik-kinetic-hosting-affiliate-link) - [III.L Hosting and data processing by Wix.com Ltd.](#iiil-hosting-and-data-processing-by-wixcom-ltd) - [III.M Web analytics (Google Analytics and others)](#iiim-web-analytics-google-analytics-and-others) - [III.N Linked external community channels (YouTube, Discord)](#iiin-linked-external-community-channels-youtube-discord) - [III.O Embedded YouTube videos](#iiio-embedded-youtube-videos) - [IV. Final provisions](#iv-final-provisions) --- ## I. Information about us as controllers of your data The party responsible for the website [https://www.vrrw.online](https://www.vrrw.online) **and** for the "Intelligent Villagers / VR Realistic Worlds" Minecraft mod (the "controller") for purposes of data protection law is: **VR Realistic Worlds** Sebastian Elsner Kolonnenstraße 8 10827 Berlin Germany E-mail: vr.realistic.worlds@gmail.com (Full legal notice: see Impressum at [https://www.vrrw.online/impressum](https://www.vrrw.online/impressum).) --- ## II. The rights of users and data subjects With regard to the data processing to be described in more detail below, users and data subjects have the right: - to **confirmation** of whether data concerning them is being processed, **information** about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR); - to **correct** or complete incorrect or incomplete data (cf. also Art. 16 GDPR); - to the **immediate deletion** of data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to **restrict** said processing per Art. 18 GDPR; - to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (**data portability**; cf. also Art. 20 GDPR); - to file **complaints** with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR). The authority competent for us is the Berlin Commissioner for Data Protection and Freedom of Information (*Berliner Beauftragte für Datenschutz und Informationsfreiheit*), Friedrichstr. 219, 10969 Berlin, Germany. In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients. **Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.** If processing is based on your consent (Art. 6 Para. 1 lit. a GDPR), you may withdraw that consent at any time with effect for the future pursuant to Art. 7 Para. 3 GDPR. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. ### Concrete deletion paths Depending on what content you want removed, you can use the following paths: | Content | Path | |---|---| | VRRW account (e-mail, points, all linked content) | **Self-service (new in v4):** Mod "Profile → Privacy → Delete account" or website account area. Backend performs full deletion / pseudonymisation per II.b. A written request to the e-mail in Section I remains an alternative. | | Profile, name, avatar | Wix login → "Account Settings" on the website | | Individual group posts | In the mod directly on the post "⋯ → Delete" **or** via the Wix front-end under "My Groups" → post → "Delete". | | Cancel subscription (Gold / Silver / Copper) | Website → "My Subscriptions" | | Server directory entries (including images) | **In the mod** at "Multiplayer → Manage my Servers → Delete" **or** on the website at "Serverlisting" / "Server entry Informations" / "Server Event management" | | Comments and reviews | Delete yourself via the respective interface; otherwise on request | | Locally stored mod auto-login credentials | Disable "Stay logged in" in the mod and log out (removes the locally stored credentials) | | In-mod embedded browser cookies | Reset the mod's Minecraft instance directory if desired; we will provide the exact path on request | | Browser cookies (website) | Cookie settings in the footer or browser settings | --- ### II.0 Response time (new in v4) We process requests under Art. 15-22 GDPR without undue delay and **within one month** at the latest from receipt (Art. 12 Para. 3 GDPR). For particularly complex or numerous requests this period may be extended by up to two further months; in such a case we will inform you of the extension and the reasons within one month of receipt of your request. Self-service requests via the mod profile (see II.a) are normally **executed within seconds** automatically — the one-month limit is only relevant for manual requests by email. ### II.a Self-service data access + export inside the mod (new in v4) The data-subject rights set out in this Section II (in particular Art. 15 right of access and Art. 20 right to data portability) can now be exercised **directly in the mod as a self-service** — without a separate written request: - **"Download my data"** (profile section): downloads a complete JSON-file copy of all backend-stored data about you and saves it to `intelligentvillagers-mydata-.json`. Content: profile + privacy preferences, consent history (which legal version you accepted, when), purchase history (texture packs, date, price), user-authored content (bug reports, feature requests, tutorials), rewards status (VRRW Points, OG-Ads consent). - **"Purchase history"** (profile section): lists all your purchases inside the mod — without needing a full export — sorted newest first. - **"Delete my account"** (profile section): triggers the deletion described in Section II; a written request is no longer required. Data export format: machine-readable JSON per Art. 20 GDPR. Rate limit: 1 export per hour per account. The request is authenticated (Bearer token) and requires an explicit confirmation in the mod dialog. The same rights are available on the website under "My Account → Privacy". ### II.b Retention despite deletion — what remains pseudonymized (new in v4) When you delete your account under Art. 17 GDPR, most data is erased irreversibly. A small subset of records may still be kept by the controller for legal-retention obligations or for the defence of legal claims (Art. 17 Para. 3 GDPR). We strictly apply data minimisation here: | Record | Retention reason | Method | |---|---|---| | Purchase + invoice data | 147 AO (DE) — 10-year retention | Slot data (pack, price, date) is kept — `memberId` is replaced by HMAC-SHA256 pseudonym | | Bug reports + complaints | Art. 17(3)(e) defence of legal claims | `memberId` → pseudonym; `memberName`/`email` removed | | Unban requests | Art. 17(3)(e) moderation history | as above | | Boost-Rank applications + votes | voting integrity | as above | | Consent proof (legal-acceptance versions + timestamps) | Art. 7(1) burden of proof | PII (user-agent etc.) removed; `legalVersions` map + `legalAcceptedAt` kept | The pseudonym is generated with a **fresh 16-byte salt for every deletion** and our server-side token key `VRRW_TOKEN_KEY` (HMAC-SHA256), and is not reversible. Re-registration with the same memberId would produce a different pseudonym — so a re-link is impossible. **Backup retention (new in v4)**: our backend provider Wix runs rolling automated CMS-database snapshots for disaster-recovery purposes. These snapshots are **technically isolated**, not queryable and only restored in case of disaster (data loss through hardware defect, cyber attack etc.). On account deletion under Art. 17 GDPR your data is **immediately removed or pseudonymised in the live CMS database** (see above). It remains in backup snapshots for **at most 35 days** (Wix standard retention) and is subsequently irrevocably purged by the regular backup rotation. Should a disaster recovery happen within those 35 days, we will **immediately re-delete** any restored data of a previously deleted account and inform you within 72 hours of the incident (analogous to Art. 33 GDPR). ### II.c "Anonymous" posts — pseudonymization rather than anonymization (new in v4) **Legally crucial clarification:** when you publish a post, comment, rating or bug report with the **"anonymous"** option, this is **not anonymization** in the sense of Recital 26 GDPR from a GDPR perspective, but rather **pseudonymization** within the meaning of Art. 4 No. 5 GDPR — with all consequences flowing from that for you as a data subject. **What that means technically:** - **Other users** see "Anonymous" or a random pseudonym instead of your name. They have no access to your memberId, login name, profile picture or other identifying attributes. - **We as controller** store your post internally linked to your memberId (in the CMS column `slotUser` of a GroupMessageBuffer row, or in the `anonymousKeyHash` field for bug reports). We CAN — where legally required — reconstruct your identity. **Why this is so (a protective function for other users and the public):** - **Moderation:** so that our 3-strike system (Terms 9.16) can function, a violation must be attributable to a member — even inside a post marked "anonymous". Otherwise abusive content (insults, hate speech, spam) could not be sanctioned. - **Self-service:** you can edit or delete your own anonymous posts later because the backend knows the link to your account. - **Legal obligation:** in case of justified requests by law- enforcement authorities (Art. 6 Para. 1 lit. c) GDPR in conjunction with 24 BDSG, 113 TKG and the respective applicable legal bases) we may have to disclose the identity behind unlawful content. Full anonymization would render this obligation impossible to fulfil — and effectively turn our platform into a lawless space. **Your rights remain fully preserved:** since your posts remain pseudonymized (= personal) data from a GDPR perspective, ALL data-subject rights from Section II apply unchanged: - **Right of access (Art. 15):** in the data export (see II.a) your anonymously posted contributions are listed — explicitly flagged as such. - **Rectification (Art. 16) + erasure (Art. 17):** you can delete individual anonymous posts at any time or request full account deletion. Anonymous posts are removed from the slot buffers of all recipients on account deletion. - **Data portability (Art. 20):** your anonymous posts are part of the self-service data export. **Legal basis for the backend linkage:** Art. 6 Para. 1 lit. f) GDPR (overriding legitimate interest in anti-abuse measures and evidence preservation) and Art. 6 Para. 1 lit. c) GDPR (compliance with statutory disclosure obligations). Full anonymization would be incompatible with these protective duties towards the other users and the public. **We will NOT disclose your identity** to other members, external third parties or the public — re-identification remains strictly limited to the protective functions above and is subject to our documented internal procedure. In particular, disclosure to other users is also impermissible when those users — e.g. because they feel personally addressed by an anonymous post — request the identity. ## III. Information about the data processing Your data processed when using our website and the mod will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations (in particular under commercial and tax law) and unless otherwise stipulated below for individual processing activities. ### III.A Basic website operation #### a) Server log files For technical reasons, the following data sent by your internet browser to us or to our webspace provider (Wix) will be collected, especially to ensure a secure and stable website. These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site. The data thus collected will be temporarily stored, but not in association with any other of your data. Legal basis: Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website. Retention period: no more than seven days, unless continued storage is required for evidentiary purposes. #### b) Cookies and cookie manager We use cookies on our website and inside the mod's embedded Chromium browser (MCEF, see III.I.6). Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser or location data or your IP address. We distinguish between: - **session cookies**, which are automatically deleted when you close your browser, and **persistent cookies**, which remain stored until the expiry of their lifetime or until actively deleted; - **technically necessary cookies** (e.g. session ID, cart content, cookie preferences, login session) and **technically non-essential cookies** (e.g. web analytics, advertising targeting, third-party cookies). Legal basis for technically necessary cookies: Art. 6 Para. 1 lit. b) GDPR (contract initiation/performance) or Art. 6 Para. 1 lit. f) GDPR (legitimate interest in operating a functional website), as well as 25 (2) TDDDG. Legal basis for technically non-essential cookies: exclusively your consent pursuant to Art. 6 Para. 1 lit. a) GDPR and 25 (1) TDDDG, which you can grant via our cookie manager (consent banner) on your first visit. To obtain and document your consent, we use a **cookie manager / consent banner**. When the website is called up, a cookie with the settings information is stored on your end device so that the request for consent does not have to be made on a subsequent visit. This cookie is required to obtain and document legally compliant user consent and to enable you to manage your choices. You can change or withdraw your consent at any time via the cookie settings on our website. You can also prevent or restrict the installation of cookies by adjusting your browser settings and can delete already-stored cookies at any time; however, this may impair the functionality of our website. Detailed information on the individual cookies we use is available on our cookie page at [https://www.vrrw.online/cookies](https://www.vrrw.online/cookies). ### III.B Contact If you contact us via e-mail or contact form, the data you provide (e-mail address, name, content of the request, any further voluntary information) will be used for the purpose of processing your request and for possible follow-up questions. Without your consent, we do not share this data with third parties. Legal basis: Art. 6 Para. 1 lit. b) GDPR where the request serves to fulfil or initiate a contract, and Art. 6 Para. 1 lit. f) GDPR (legitimate interest in processing requests). Retention period: until your request has been fully answered and there is no further legal obligation to store your data (e.g. from commercial or tax law). ### III.C Member accounts You can create a single member account on our website and inside the mod. The accounts are stored in our Wix-hosted backend (see III.L). Registration is possible both directly on the website at "Account Settings" and inside the mod via the integrated login/registration screen. In both cases the same account is created — you log in to the same account from website **and** mod. #### a) Direct registration with e-mail and password At registration we collect: - **e-mail address** (mandatory, used as login identifier and for communication with you), - **self-chosen password** — the password is hashed directly by our backend provider. We never receive your plain-text password on our own systems, - an internal member identifier assigned by our backend, - timestamp of registration and IP address, - optionally provided profile information (name, display name, avatar, location, description, etc.). #### b) Login via the external login flow (OAuth) As an alternative to direct sign-in you can log in via an externally hosted OAuth flow operated by our backend provider. To do so, the mod opens the embedded browser on the official login page. After successful authentication the login page passes the session data required to access your account to our backend. These session tokens are used to identify your account to our backend and are refreshed periodically as long as you use the mod. #### c) Profiles and account settings Under "Account Settings" and "Profiles" you can view and manage your master data, in particular: - **Display info:** display name, title, profile image (visible to other members), - **Personal info:** first name, last name, phone number, - **Login info:** login email, password (changes are carried out in the account settings of our backend provider), - **Visibility and privacy:** profile URL, profile visibility (public / members only / hidden), - **My Wallet:** overview of already stored payment methods — see III.D.d, - **My Addresses:** delivery and billing addresses for orders. Under the "Profiles" tab you can additionally manage your public community profile (description, cover, location, additional information — all fields are optional). Processing of this data is based on Art. 6 Para. 1 lit. b) GDPR (contract performance of the usage relationship) or Art. 6 Para. 1 lit. a) GDPR (consent, where you provide voluntary additional data). #### d) Notifications We use the notifications feature of our backend provider to inform you about events in your account (e.g. joining a group, replies to your posts, points credits, order status). Processing is for the purpose of contract performance (Art. 6 Para. 1 lit. b) GDPR). You can disable individual notification types in your account settings at any time. #### e) Auto-login in the mod ("Stay logged in") If you select "Stay logged in" at the mod's login screen, your credentials are stored **encrypted on your local computer** inside your Minecraft instance directory. They are never transmitted to us or to any third party. Your plain-text password never leaves your computer. Legal basis: Art. 6 Para. 1 lit. a) GDPR (your explicit consent given by enabling the option). You can withdraw consent at any time by disabling the option in the mod; see also Section II ("Concrete deletion paths") for manual removal. #### f) Retention period All account data is stored until you delete the account yourself (via the account settings or on request by e-mail to the address in Section I). After deletion, the data is irrevocably removed within the statutory deadlines, unless statutory retention obligations (in particular commercial and tax law) prevent this. #### g) Age verification and rewards-program eligibility **(1) Mandatory date of birth at registration.** When you register a VRRW member account — either via the website or via the mod — you are asked to provide your date of birth. The date is used **strictly server-side** to calculate your age and is **discarded immediately after the calculation**; it is **never stored in our database**. Our database only retains two simple yes/no entries, namely whether at the time of the check you were at least 16 and whether you were at least 18. As the site operator we have no technical means of recovering your actual date of birth or exact age from the stored entries. **(2) Minimum age of 16 for account creation.** Creation of a VRRW member account requires you to be at least 16 years old. This threshold follows from Art. 8 GDPR and 8 BDSG, which set the digital consent age in Germany at 16. If you enter an age below 16, registration is rejected with an error message; no account is created, and no personal data is retained. **(3) Additional minimum age of 18 for the rewards program (OGAds).** Access to the rewards program (OGAds offer wall, see III.J) is only available to members who have completed their 18th year. This age gate is enforced technically: the mod client will not load the offer wall unless we hold, for the currently logged-in account, the confirmation of a successful 18+ age check. If you were under 18 at registration you can re-verify at any time via your mod profile; if your actual age is now 18 or over, the 18+ status is unlocked on a one-off basis. **(4) Voluntary opt-in to the rewards program.** Participation in the rewards program is strictly voluntary even for 18+ members. You can enable or disable it at any time via the mod profile. The only thing we store for this purpose is whether you wish to participate in the rewards program. **(5) Legal basis.** Age verification relies on Art. 6 Para. 1 lit. c GDPR in conjunction with Art. 8 GDPR resp. 8 BDSG (legal obligation to observe the digital consent age) and on Art. 6 Para. 1 lit. f GDPR (legitimate interest in complying with the contractual 18+ requirement imposed by the OGAds terms of service). Storing only the derived yes/no entries satisfies the principle of data minimisation (Art. 5 Para. 1 lit. c GDPR). **(6) Retention period.** The age-related entries are deleted together with your account; no separate retention takes place. Please note: since we never store your actual date of birth, a data-subject request under Art. 15 GDPR can only return the two yes/no entries (16+, 18+), your rewards-program opt-in choice and the timestamp of the last age verification — not the original date you entered. **(7) Duty of truthful statement.** Entering your date of birth is a legally binding declaration on your part. We do not perform biometric or document-based age verification; responsibility for giving a truthful answer lies with you. We reserve the right to suspend or delete accounts where it later turns out that the declared age was manifestly untrue. #### III.C.h Detailed registration flow (new in v4) When you register a new account (on the website or in the mod), the processing of your sign-up data proceeds in detail as follows: **(1) Input fields:** you enter e-mail, password, date of birth (day/month/year), and optionally the checkboxes "Stay logged in", "Join VRRW Community" and "Rewards opt-in". **The "I accept the legal texts" checkbox is mandatory** and is enforced server-side as a precondition for registration. **(2) Age check:** the backend computes your age from the date of birth and stores only the derived Boolean flags **`is16plus` and `is18plus`** plus a timestamp (`verifiedAt`) — the **raw date of birth is not retained**. If the age is **Privacy consequence:** since you do not receive a verification > e-mail, the standard process contains no external proof that > the e-mail address actually belongs to you. For security- > relevant events (e.g. account recovery on a forgotten password) > we therefore require additional identity indicators. If you > wish to receive an explicit e-mail confirmation, you can submit > a separate verification request via the contact channel > (see IV). **(5) PlayerFlags slot is created:** subsequently we create an entry in our slot-bucketed PlayerFlags collection containing the fields from step 2 (`is16plus`, `is18plus`, `verifiedAt`), plus the opt-ins you have chosen (`wantsCommunity`, `wantsRewards`) and the chosen language (`lang`). **(6) Auto-OAuth exchange:** so that you can post / comment immediately (with real-name attribution), we exchange your Wix session token server-side for an OAuth access token + refresh token (Wix Headless OAuth — see III.L). This happens automatically without you seeing a separate OAuth-consent screen — your consent is bundled into the registration consent. The refresh token is stored encrypted on your computer (if "Stay logged in" is active) and can be removed at any time via "Logout" or by disabling the option (see III.C.e). **(7) Immediate legal-acceptance recording:** directly after successful registration, your acceptance of the four legal documents (Privacy Policy, Terms of Use, Cookie Policy, Imprint) in the version valid at the time of registration is logged in our backend (collection `LegalHistoryBuckets` plus PlayerFlags slot, see II.b and VI). This record serves as proof of consent pursuant to Art. 7 Para. 1 GDPR. **(8) Optional community activation:** if you ticked "Join VRRW Community", we trigger `joinCommunity` server-side: your Wix Members `privacyStatus` is set to PUBLIC + you are added to the global community area. You can disable this community membership at any time in the profile settings — one click on "Leave community" sets PrivacyStatus back to PRIVATE, removes the `wantsCommunity` flag and hides your profile. **(9) Security measures:** - **Anti-e-mail-enumeration:** in case of failed registration (e.g. e-mail already exists) we return only a generic error ("registration_failed"), never details such as "e-mail already registered". This prevents attackers from using probe registrations to identify your e-mail address as "present at VRRW". - **Rate limiting:** at most 5 registrations / hour / IP, 3 per e-mail / hour, plus persistent lockout on suspicion of automated multi-registration (see III.Q). - **Timing padding:** we equalise the response latency between "e-mail exists" and "e-mail does not exist" via an artificial additional CMS query, so e-mail enumeration via timing measurements is also prevented. **Legal basis for the entire registration process:** - Art. 6 Para. 1 lit. b) GDPR — contract initiation + performance, - Art. 6 Para. 1 lit. a) GDPR — consent for the optional features (community joining, rewards opt-in, "stay logged in"), - Art. 6 Para. 1 lit. c) GDPR + Art. 8 GDPR + 8 BDSG — legal obligation to comply with digital consent age (minimum age 16). ### III.D Online shop, subscriptions and payments On our website we offer paid content and subscriptions, in particular the three membership tiers **Gold**, **Silver** and **Copper** as well as individual items via our online shop. > **Note:** The contractual and commercial provisions governing the > purchase process, the right of withdrawal, warranty, subscription > tiers and termination are set out in our Terms of Use, in particular > in ** 3** (Purchase of products and subscriptions), ** 4** (Right > of withdrawal including Annexes 1-4) and ** 5** (Warranty for > products) at [https://www.vrrw.online/agb](https://www.vrrw.online/agb). The present section > describes exclusively the **processing of personal data** associated > with those commercial activities. #### a) Cart and orders When you add items to your cart ("Cart" page), we process anonymised cart data via a cart cookie (Art. 6 Para. 1 lit. b) GDPR). When you place an order, we additionally collect: - billing and, if applicable, delivery address, - name and contact data (mandatory), - order and invoice data (items, quantity, price, tax, order time), - payment processing information (see III.D.c), - history available under "My Orders" and "My rewards". Legal basis: Art. 6 Para. 1 lit. b) GDPR (contract performance). Retention period: order and invoice data is subject to commercial and tax law retention obligations (generally six or ten years pursuant to 257 HGB, 147 AO) and will be deleted after the end of these periods. #### b) Gold / Silver / Copper subscriptions The Gold, Silver and Copper membership tiers are managed in our backend. For active subscribers, we store the booked tier, the billing period, the status (active / cancelled / expired) and the data required for payment. When you log in on the website or in the mod, we check your current subscription status in order to unlock the corresponding content (e.g. texture packs, exclusive sections) for you. The tier hierarchy is: **Gold** unlocks all tiers, **Silver** unlocks Silver and Copper, **Copper** unlocks only Copper. You can cancel your subscription at any time under "My Subscriptions" on the website. Legal basis: Art. 6 Para. 1 lit. b) GDPR. #### c) Payment via PayPal If you choose the online payment service provider PayPal during your order, your contact data will be transmitted to PayPal as part of the order thus triggered. PayPal is an offer of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider and trustee and offers buyer protection services. The personal data transmitted to PayPal is usually first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as the number of items, item number, invoice amount and tax percentage, billing information, etc. This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship. Transmission is based on Art. 6 Para. 1 lit. b) GDPR. Please note: PayPal may transfer the personal data to service providers, subcontractors or other affiliated companies, to the extent necessary to fulfil the contractual obligations arising from your order or to process the data in order on your behalf. Depending on the payment method selected via PayPal (e.g. invoice or direct debit), the personal data transmitted to PayPal may be forwarded by PayPal to credit agencies. This transmission is used to check your identity and creditworthiness in relation to the order you have placed. For details on the credit agencies involved and what data is collected, processed, stored and forwarded by PayPal, please refer to PayPal's privacy statement at [https://www.paypal.com/de/webapps/mpp/ua/privacy-full](https://www.paypal.com/de/webapps/mpp/ua/privacy-full). #### d) Stored payment methods ("My Wallet") In the member area, under "Account Settings → My Wallet", you can store a preferred payment method for future orders. The payment data is stored directly with the respective payment service provider in accordance with applicable industry standards (e.g. PCI DSS). We ourselves do not receive access to full card numbers or bank data; the website only displays a shortened indicator (e.g. the last four digits of your card). You can remove a stored payment method at any time under "My Wallet". Legal basis: Art. 6 Para. 1 lit. a) GDPR (your explicit consent given by actively storing the payment method) in conjunction with Art. 6 Para. 1 lit. b) GDPR (contract performance for future orders). #### e) Stored addresses ("My Addresses") Under "Account Settings → My Addresses" you can store delivery and billing addresses so that you do not have to re-enter them for future orders. The addresses are used exclusively for processing orders and can be deleted or modified by you at any time. Legal basis: Art. 6 Para. 1 lit. b) GDPR. ### III.E Community (groups, profiles, events) Our website and the mod provide access to the **VRRW Community Groups** (our backend's built-in groups feature). In groups, members can publish posts with text and optionally attached **photos, videos or GIFs**, comment on and react to posts by others, and view member profiles. #### a) Joining a group When you join a group, your member ID is added to the membership list of the group. Private groups require approval by the group administration. #### b) Posts, comments, reactions When you publish a post in a group, we process: - your member identifier (author), - the identifier of the target group, - the post text, - optionally media attached by you (photos, videos, GIFs); such media is stored in our backend and served via a public content delivery network, - timestamp, - reactions (likes), comments by other members and a view counter. These posts are visible to **all other members** of the respective group. In public groups they are additionally visible to every visitor of the website and to every mod user. Legal basis: Art. 6 Para. 1 lit. a) GDPR (consent given by actively publishing) and Art. 6 Para. 1 lit. f) GDPR (legitimate interest in operating a community platform). Retention period: until deletion by you, by the group administration, or until the account is deleted. **Deleting your own posts:** on the website under "My Groups" or directly in the respective post; in the mod currently on request to the e-mail address in Section I. #### c) Member profiles Your public member profile (display name, avatar, join date, optional description) is visible to other logged-in members unless you have restricted this in your profile privacy settings. #### d) Events > **Note (clarification as of v4)**: the Events feature is provided through the Wix-native Events component. There is **no separate mod or Velo-backend implementation** for event RSVPs; data processing for registrations happens entirely on the Wix platform per III.L. The mod itself displays events read-only via the public server directory. Under "Events" we offer public or internal events. When you register for an event we process your name, e-mail address and optional additional information as per the respective event form. Legal basis is Art. 6 Para. 1 lit. b) GDPR (performance of event participation) or Art. 6 Para. 1 lit. a) GDPR (consent). ### III.F Loyalty, challenges and points In our backend we operate a loyalty and points system ("VRRW Points") as well as programs and challenges (e.g. currently "VRRW Overhaul: Nations & Villagers"). #### a) Points balance As a logged-in member you can earn points through various activities, including completing advertising offers via OGAds (see III.J), participating in and completing programs and challenges, registering for events, and signing up on the website. The exact, currently valid points table is published on our Loyalty page at [https://www.vrrw.online/loyalty](https://www.vrrw.online/loyalty). Your points balance is stored in our backend and linked to your member identifier. On the website you can see your balance under "My rewards"; in the mod it is displayed in the reward shop and on the profile. Points can be redeemed for rewards (e.g. discounts on memberships, texture packs, exclusive content) — the currently available redemption options and point prices are also listed on the Loyalty page. #### b) Challenges / programs When you participate in a program or challenge (e.g. "VRRW Overhaul: Nations & Villagers"), we process your participation data according to the respective program (progress, completed tasks, completion time, linked to your member ID). Some challenges reward with points, badges or exclusive content. #### c) My Orders, My Programs, My Rewards Under "My Orders", "My Programs" and "My rewards" on the website you can view your order history, ongoing challenge participation and your points balance. Legal basis: Art. 6 Para. 1 lit. b) GDPR (performance of the membership relationship) and Art. 6 Para. 1 lit. a) GDPR (your consent given by active participation in the program). Retention period: until you end participation, until the account is deleted, or until points are redeemed/expire. ### III.G User-generated content (server directory, Playercreations etc.) Several features let logged-in members publish content that is subsequently visible on the website and/or in the mod. The text entries as well as any uploaded files are stored in our Wix-hosted backend (see III.L for the data-processing relationship); uploaded images and other media are delivered via a public content delivery network so that they can be displayed on the website and in the mod. > **Note:** The **contractual** requirements for user-generated content > (license grant, content standards, user representations, removal for > violations), in particular for server directory entries, are set out > in our Terms of Use in ** 10** (User content and license) and > ** 11** (User-published server entries). The present section > describes exclusively the **privacy-relevant processing** of the > personal data involved. #### a) Server directory, server info, server events Via the website sections "Serverlisting", "Server entry Informations" and "Server Event management", as well as via the mod under "Multiplayer → Manage my Servers", you can create and manage your own Minecraft server entries. These entries are then visible both on the website and in the mod's multiplayer menu to **all other users worldwide**. A server entry in particular contains the following fields, all of which are entered by you yourself: - **server name** and **server address** (IP or hostname — these are published deliberately so that other players can reach your server), - an **info description** (rules, welcome text), - an **entry popup** with title and description that can be shown to players as they join, - up to **five join buttons**, each of which you can label with your own text and optionally configure so that the player is disconnected before the connection is actually made, - **events** (event name, date and description), - an internal **link to your member identifier** so that only you as the creator can edit or delete the entry. Up to **four images** can be uploaded per server entry via the Wix Media Manager: 1. **Server icon**, 2. **Info hero image**, 3. **Entry popup image**, 4. **Event banner**. **These images are publicly visible.** Please do not upload images you do not own the rights to or that show personal content of third parties without their consent. Image material that violates applicable law (e.g. copyright, personality rights, prohibitions under 86 et seq. StGB — the German Criminal Code) will be removed upon notice. Legal basis: Art. 6 Para. 1 lit. a) GDPR (consent given by actively creating or editing an entry) in conjunction with Art. 6 Para. 1 lit. f) GDPR (legitimate interest in operating the server directory). Retention period: until deleted by you or until the account is deleted. You can delete your entries yourself at any time: - **Website:** "Serverlisting" / "Server entry Informations" / "Server Event management" → select entry → delete. - **Mod:** "Multiplayer → Manage my Servers" → select entry → "Delete". Deletion irrevocably removes both the text fields and the linked images from our backend. #### b) VRRW Files, Playercreations, Portfolio, Features, Roadmap In the sections "VRRW Files", "Playercreations", "Portfolio", "Features" and "Roadmap" we present content from our backend. Where users can submit their own content (e.g. their own creations in the Playercreations section), the same principles as in III.G.a apply: publicly visible content, consent given by actively submitting, deletion by the creator or on request. #### c) Workarea of VRRW Team, VR profiles, News Under "Workarea of VRRW Team" and "News" we publish our own content. No independent user data processing takes place there, apart from the possibility to comment on posts — in which case the rules from III.E.b apply. ### III.H Newsletter, follow-up comments, competitions and general user posts #### a) Newsletter > **Note (clarification as of v4)**: the Newsletter feature is provided through the Wix-native newsletter tool (Wix Get Subscribers). There is **no separate mod or Velo-backend implementation** for newsletter sending; data processing happens entirely on the Wix platform per III.L. If you are not currently subscribed to a newsletter, this section is not relevant to your data. If you register for our free newsletter, the data requested from you (i.e. your e-mail address and, optionally, your name) will be sent to us. We also store the IP address of your internet connection and the date and time of your registration. During the registration process we will obtain your consent to receive this newsletter, explain its contents, and refer to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be forwarded to third parties. Legal basis: Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect at any time. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter. #### b) Follow-up comments If you make posts, comments or reviews on our website, we also offer you the opportunity to subscribe to any subsequent follow-up comments made by third parties. In order to be able to inform you about these follow-up comments, we need to process your e-mail address. Legal basis: Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent to this subscription under Art. 7 Para. 3 GDPR with future effect at any time. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each notification e-mail. #### c) Competitions and giveaways We offer you the opportunity to take part in competitions on our website (e.g. on event pages or as part of special promotions). If you take part in one of our competitions, the data you enter at the time of participation will be processed without your further consent, but only for the purpose of carrying out and processing the respective competition. As part of the processing of the competition, we will pass on your data to the transport company commissioned to deliver the goods or to a financial service provider if the transfer is necessary for the delivery or payment of your prize. If your data is published in the event of a win, you will be informed about this as part of the declaration of consent. Legal basis for the processing and any necessary disclosure: Art. 6 Para. 1 lit. b) GDPR. If processing is based on consent, you can revoke your consent at any time with future effect under Art. 7 Para. 3 GDPR. #### d) User posts, comments and ratings (general) We offer you the opportunity to post questions, answers, opinions, and ratings on our website, hereinafter referred to jointly as "posts". If you make use of this opportunity, we will process and publish your post, the date and time you submitted it, and any pseudonym you may have used. Legal basis: Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect at any time. In addition, we will also process your IP and e-mail address. The IP address is processed because we might have a legitimate interest in taking or supporting further action if your post infringes the rights of third parties and/or is otherwise unlawful. In this case the legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in any legal defence we may have to mount. This general provision applies **in addition to** and **complementing** the processing of posts in the VRRW Community Groups (III.E.b) and the processing of user-published server entries (III.G.a). ### III.I Intelligent Villagers / VR Realistic Worlds Minecraft mod We provide a Minecraft mod that adds a community platform, a server directory, a rewards system and advertising offers to Minecraft. The mod runs on your own computer and only communicates with our servers, with Wix and — when you actively open content — with the servers of the advertising and content partners embedded there, in the situations described below. > **Note:** The **usage-related** rules for the mod (requirements, > reverse engineering, misuse, fraud protection, free-of-charge use) > are set out in our Terms of Use in ** 9** (Use of the Minecraft mod) > and ** 12** (VRRW Points, rewards and the OGAds offer wall). The > present section describes exclusively the **processing of personal > data** by the mod. **The mod uses the same account and rewards system as the website.** When you log in or register inside the mod, you use the same Wix member account as on [https://www.vrrw.online](https://www.vrrw.online). Points that you earn in the mod via OGAds offers also appear on the website under "My rewards" — and vice versa. #### III.I.0 Core rule: no data traffic during active gameplay **Whenever you are actively playing in a world (that is: world loaded, no menu open, no pause menu visible), the mod performs no data transfers to our servers or to any third party for privacy reasons.** This restriction is technically enforced inside the mod by a central "Gameplay Network Gate". Data transfers by the mod only take place in the following moments: - on Minecraft startup (title screen, before a world is loaded), - when opening a menu (multiplayer menu, Server Manager, profile, reward shop, embedded browser) while no world is loaded, - when leaving a world (after "Disconnect" or "Save and quit to title", the mod invalidates all caches and fetches fresh data the next time you open a menu), - in response to explicit user actions inside a mod screen (e.g. logging in, creating a post, saving a server entry), - inside the embedded browser during active user interaction. Opening the inventory or a chest while playing does **not** trigger any communication either — only the explicit pause menu enables menu-style actions. #### III.I.1 Automatic login See III.C.e. The "Stay logged in" option stores your credentials encrypted locally on your computer and transmits them neither to us nor to any third party. Your plain-text password never leaves your computer. #### III.I.2 Access to groups, posts and profiles In the mod you can browse VRRW groups, read posts and create your own posts (with text and optionally images). Such posts — as described in III.E.b — are stored in the Wix backend and appear both on the website and to other mod users. #### III.I.3 Server directory directly from inside the game The mod provides a complete Server Manager under "Manage my Servers" that lets you create, edit and delete the entries described in III.G.a (including up to four images per server) directly from Minecraft. The same data then also appears on the website and is linked to your account. #### III.I.4 Points and texture pack downloads Your VRRW Points balance is shown in the mod's reward shop and profile screens and is retrieved from our backend. When you redeem points for a texture pack — or if you are the holder of a corresponding membership tier (III.D.b) — the mod receives a time-limited download reference for the package stored in our backend. The file is then downloaded directly from our content delivery network to your computer and installed into your Minecraft resource packs folder. #### III.I.5 Premium tier detection (Gold / Silver / Copper) At login and when opening the reward shop, the mod asks our backend whether you hold an active subscription (see III.D.b). The retrieved data (active tier, status, expiry) is not persistently stored inside the mod and serves only to unlock the corresponding content for the current session. #### III.I.6 Embedded Chromium browser (MCEF) The mod includes an embedded browser component based on "Minecraft Chromium Embedded Framework" (MCEF), which in turn is based on Chromium. This browser is used to display certain web content directly in-game, in particular: - the external login flow (OAuth) of our backend provider, - the VRRW community hub at [https://www.vrrw.online](https://www.vrrw.online), - this privacy policy (when you click "Privacy Policy" inside the mod), - the Kinetic Hosting affiliate link (see III.K), - OGAds partner offer pages (see III.J). When a page is loaded in the embedded browser, the same data is transferred that an external browser would send — in particular IP address, user agent, referrer URL, and the cookies for the respective site. These cookies are stored locally in a subfolder of your Minecraft instance folder that is dedicated to the embedded browser and persist across sessions until you delete them (see Section II, "Concrete deletion paths"). Legal basis: Art. 6 Para. 1 lit. a) GDPR (your active interaction by opening the respective page inside the mod) in conjunction with Art. 6 Para. 1 lit. f) GDPR (legitimate interest in displaying content directly in-game without having to switch between applications). **Important:** We have no influence over the content, scripts or data processing of the third-party sites loaded in the embedded browser. The respective providers are independently responsible for their own handling of personal data. We recommend reading the privacy policies of the respective providers before filling in forms or entering sensitive data. The mod automatically suppresses certain security-relevant interactions (e.g. URLs identified as sensitive are redirected to your external system browser instead). #### III.I.7 Voice calls (WebRTC, friend-to-friend) (new in v4) The mod includes a voice-call system for 1-to-1 voice calls between befriended members. We use WebRTC — the **audio data flows directly between the two players (peer-to-peer)** and is neither recorded by us nor routed through our servers. We process exclusively: - **Signalling data** (SDP offer/answer, ICE candidates): temporarily held in an in-memory buffer for at most 30 minutes, used solely to establish the connection. After connection establishment this data is purged. Not persistent. - **Anti-spam counters** per member to prevent mass-call spam (short-lived internal counters, no personal information beyond the memberId). - **Visibility setting** (`callVisibility`: nobody / friends / anyone) as a profile privacy preference. - **HMAC-signed participant tokens** with a 5-minute TTL — held in memory only, never persisted. **Audio content is at no point stored or analysed by us.** We have no technical access to the audio signal itself. **Third-party STUN servers (NAT traversal):** when establishing a connection your mod client performs a STUN round-trip (Session Traversal Utilities for NAT, RFC 5389) against the following public STUN servers in order to determine its own public IP address + port: - **Google LLC** — `stun.l.google.com:19302` (and `stun1-stun4.l.google.com`) - **Cloudflare, Inc.** — `stun.cloudflare.com:3478` STUN packets contain **no audio data, no identification tokens, no memberId** — only your public IP address, the UDP port used and a random transaction ID. According to their own statements, the providers do not log STUN requests, or only briefly for security purposes. Both providers are based in the USA. Transmission is based on the **EU-US Data Privacy Framework** (adequacy decision Art. 45 GDPR; both Google and Cloudflare are DPF-certified) and additionally on Standard Contractual Clauses. You can disable the voice-call feature in the profile settings at any time — no STUN lookup will then take place. Legal basis: Art. 6 Para. 1 lit. f) GDPR (legitimate interest in a functional voice system) for signalling; Art. 6 Para. 1 lit. a) GDPR (your consent) for activating the "accept incoming calls" option in the profile settings. You may withdraw this consent at any time. Retention period for signalling data: max. 30 minutes in memory per call. #### III.I.8 Friend system (new in v4) You can add other members as friends. We store three lists containing the memberIds of the respective members: - **`friends`** — confirmed friends (you and the other person have both accepted) - **`pendingFriendRequestsIn`** — incoming, not-yet-confirmed requests - **`pendingFriendRequestsOut`** — outgoing, not-yet-confirmed requests sent by you - **`blockedMembers`** — members you have blocked Anti-spam: you may send at most a context-dependent number of requests per day (internal rate-limit counters). On account deletion your memberId is surgically removed from the aforementioned lists of **all other members**; the remaining friend relationships of those other members are not affected (see Section II deletion paths + II.b). Legal basis: Art. 6 Para. 1 lit. b) GDPR (performance of the community service contract). Retention: as long as the account exists. On account deletion, immediate removal. #### III.I.9 Direct messages (DM) (new in v4) Logged-in members may send each other 1-to-1 messages ("DM"). We store the text and optionally a Wix image link per message in a slot-based format on our backend servers. **The backend can read the cleartext** — this is technically required for anti-spam, moderation interventions, and the anti-pseudonym filter (see III.E.b). **However, no editorial analysis of your private messages takes place** — the messages are only accessible to you and your respective conversation partner. Anti-spam limits: - minimum interval between DMs (seconds) - maximum DMs per hour - the recipient may disable "receive DMs" (privacy preference `allowPrivateMessages`) — you are then blocked. On your account deletion, all DMs you have sent or received are removed from the corresponding slot buffers; no memberId trace remains. Legal basis: Art. 6 Para. 1 lit. b) GDPR (performance of the messaging service contract); Art. 6 Para. 1 lit. f) GDPR (legitimate interest in anti-spam / anti-abuse measures). Retention: as long as the account exists or until the respective DM is self-deleted. On account deletion, immediate. #### III.I.10 PIN protection / session lock (new in v4) In the mod you can set up a **local PIN (4–12 digits)** that locks the saved "Stay logged in" token when you "lock yourself out" (profile → "Lock"). **This PIN is at no point transmitted to our servers** — PIN verification is performed exclusively offline on your computer: - PIN + device fingerprint → PBKDF2-HMAC-SHA512 with 600 000 iterations → 32-byte hash - The hash + a 32-byte salt are stored locally in the mod configuration - After 5 wrong PIN entries: **automatic self-protection** — all saved "Stay logged in" data is wiped and you must log in fresh. For this purpose we process **no** PIN-related data on our servers whatsoever. Legal basis: Art. 6 Para. 1 lit. f) GDPR (legitimate interest in an additional local security feature); the entire processing takes place exclusively on your end device. #### III.I.11 Bug reports, feature wishes, boost applications, creator program (new in v4) As a logged-in member, in the mod you can: - **submit bug reports** (with category, title, description, optional screenshots / logs as Wix image uploads). Optionally also **anonymously** via an `anonymousKeyHash` mechanism: only you yourself — using the ticket-secret you keep on your end — can find the report again; not even an admin sees a link to your memberId. - **suggest feature requests** and vote on others (up-vote). Your vote is stored on your AllianceMemberMeta row; the aggregate (`voteCountUp`) is anonymous statistics. - **submit boost-rank applications** for server listings + take part in voting rounds. - **submit creator/YouTuber applications** (channel URL, name, subscriber count + verification screenshot). On approval, we create a YouTuber profile with badge display. On account deletion: - **bug reports + unban requests + boost applications** are pseudonymized (see II.b) to preserve Art. 17(3)(e). - **feature wishes, YouTuber tutorials, group-links, referral codes** are completely deleted. - **boost votes** are pseudonymized (voting integrity). Legal basis: Art. 6 Para. 1 lit. b) GDPR (performance of the application functions); Art. 6 Para. 1 lit. a) GDPR for the anonymous bug-report variant (your active anonymisation choice); Art. 6 Para. 1 lit. f) GDPR for anti-fraud / anti-spam measures. Retention: user-authored content (feature wishes, tutorials) remains as long as the account exists and the content has not been self-deleted. Bug reports + boost applications are kept pseudonymized after deletion per Art. 17(3)(e) (see II.b). #### III.I.12 Blocking other members (new in v4) Inside the mod and on the website you can specifically block other members (endpoints `post_blockMember` / `post_unblockMember` / `get_listBlockedMembers`). A block has the following **effects** on the relationship between you and the blocked person: - **Direct messages (DM)**: the system rejects send attempts from the blocked person to you. Already-delivered DMs are hidden on your side. - **Voice calls**: an incoming or outgoing WebRTC call between you and the blocked person is server-side impossible (signalling endpoints refuse). - **Group posts**: posts by the blocked person appear hidden in your feed view (filter in the `get_groupFeed` endpoint). - **Friend requests**: outgoing as well as incoming requests are rejected between you and the blocked person. - **Visibility to the blocked person**: blocking does NOT make you invisible to the blocked person — the bilateral effect is limited to the interaction classes above. A block is **not a notification** to the blocked person; the other party is not explicitly told you blocked them (only by the absence of replies to DM/call attempts). **Processed data**: the list of blocked `memberId` entries is stored in the `blockedMembers` field of your own profile row (in `AllianceMemberMeta` resp. its slot-bucketed equivalent). No data structures are created on the blocked person's side. **Retention**: as long as you keep the block active, or until full account deletion (FULL_DELETE removes the entire profile slot including the `blockedMembers` list). **Legal basis**: Art. 6 Para. 1 lit. b) GDPR (performance of the community-features contract) plus Art. 6 Para. 1 lit. f) GDPR (legitimate interest in providing effective self-protection mechanisms for members). #### III.I.13 Group creator permissions (new in v4) **Group owners** can grant authorised **VRRW creators** (see III.S) permission to post group links and tutorials in their group, on application. Function and data flow: 1. The creator submits the request via `post_requestGroupCreatorPermission` (fields: `groupId`, automatically added: `memberId` of the requester, timestamp). 2. The group owner sees pending requests via `get_groupCreatorPermissionRequests` and decides via `post_approveGroupCreatorPermission` or `post_revokeGroupCreatorPermission` (or lets the request expire). 3. The creator can review their granted permissions at any time via `get_myCreatorPermissions`. **Processed data** in the `GroupCreatorPermissions` collection: - `groupId`, `memberId` of the creator - `status` (PENDING / APPROVED / REVOKED) - `decidedBy` (memberId of the deciding group owner), `decidedAt` (timestamp) - `requestedAt` (timestamp of the request) - optional `revokedReason` **Retention**: as long as the permission is active; for `REVOKED` 12 months as an audit trail (to protect against repeated request spam), then automatic deletion. On creator account deletion all related `GroupCreatorPermissions` rows are removed; on group-owner account deletion requests are pseudonymised. **Legal basis**: Art. 6 Para. 1 lit. b) GDPR (performance of the creator program — see Creator Terms 1, 2.1) plus Art. 6 Para. 1 lit. f) GDPR (legitimate interest of the group owner in controlling content posting in their group). #### III.I.14 Creator content: tutorials and group links (new in v4) Verified creators (`YoutuberProfiles.tutorialsEnabled = true` resp. `groupLinksEnabled = true`) can publish public content stored in separate CMS collections: **`YoutuberTutorials`** — fields in detail: - `ownerMemberId` (creator) - `title`, `description`, `category` (e.g. tutorial_basics, tutorial_redstone, lets_play, showcase, …) - `videoUrl` (YouTube link), `coverImageUrl` (Wix Media CDN) - `status` (`pending` / `approved` / `removed`) - `approvedBy` (admin memberId), `approvedAt` - `viewCount`, `clickCount` (public aggregate statistic) - Creation / update timestamps **`YoutuberGroupLinks`** — fields in detail: - `ownerMemberId`, `groupId` - `displayName`, `linkUrl`, `thumbnailUrl` - `clickCount` (public aggregate statistic) - Active flag, creation / update timestamps **Click tracking** (`post_trackCreatorClick`): we count aggregate clicks per tutorial and per group link. We do not store any personal data per click — only the incremented counter. **Visibility**: tutorials and group links are **public**, worldwide, search-engine-indexable (see III.T). **Retention**: - Active tutorials / group links: as long as creator status is active and the content has not been set to `removed`. - After creator revoke (auto- or manual): content kept 30 days as `removed` (audit trail), then `ownerMemberId` is pseudonymised (see II.b and Creator Privacy V). - On account deletion: full pseudonymisation of the author field; the content itself can be deleted on request. **Legal basis**: Art. 6 Para. 1 lit. b) GDPR (creator program contract) plus Art. 6 Para. 1 lit. a) GDPR (your active click- consent at publication time). #### III.I.15 Boost-rank system for server listings (new in v4) Server owners can apply for "boost" visibility slots in the server directory. Processed in the collections `BoostRankApplications` and `BoostRankVotes`: - **Application data**: application description, server reference, status fields (NEW / VOTING / APPROVED / REVOKED), voting-phase timestamps (`votingOpensAt`, `votingClosesAt`, `boostExpiresAt`), admin decisions including reasoning. - **Voting data** (public member vote): voter memberId, application ID, vote direction. Aggregate counters (`voteCountUp`, `voteCountDown`) live in the application row. **Visibility of applications**: public to all logged-in members during the voting phase; archived after closing (admin-readable only). Approval status appears in the server directory as a boost mark. **Retention**: application records kept 24 months after closing (for defence of legal claims + voting-integrity audit). Voter records are decoupled from memberId (pseudonymised) after 12 months, leaving only aggregate statistics. **Legal basis**: Art. 6 Para. 1 lit. b) GDPR (performance of the visibility feature); Art. 6 Para. 1 lit. a) GDPR for voting participation; Art. 17 Para. 3 lit. e) GDPR for voting audit retention. #### III.I.16 AI voice models (TTS / Piper / Ollama) (new in v4) The mod can load and run models for **Text-to-Speech (Piper)** and **local language / text models (Ollama)**. **Local processing**: as with AI image generation (III.R), the entire inference runs **exclusively on your computer**. Models are downloaded once on first install — automatically or manually — from public repositories (Piper voice models, Ollama models) into the mod cache directory. We transmit neither input texts nor generated audio data to our servers. **Model download** (one-off): when selecting a model, the mod connects directly to the respective model repository (e.g. `huggingface.co`, `github.com/rhasspy/piper`, `ollama.com`). Those third parties receive your IP address + user-agent (standard CDN behaviour). VRRW is not involved in this transmission. **Input data**: texts that you pass to Piper (TTS) or Ollama (LLM) remain briefly in mod process memory and are discarded after inference. There is no cloud component and no persistence beyond the session. **Legal basis**: for local processing no data-protection legal basis is required (no third-party transmission during inference). For the initial model download: Art. 6 Para. 1 lit. b) GDPR + the privacy policies of the respective model hosters (Hugging Face, GitHub, Ollama). ### III.J Task lockers / embedded advertising offers (OGAds) In the "Rewards" view inside the mod we offer access to rewards (in particular VRRW Points) via task-based unlock mechanisms ("task locker" / "offer wall"). These are provided by the third-party service **OGAds** and its advertising partners. **Important — two-step consent before each load:** The offer wall and the partner pages embedded within it are **never loaded by our mod client until you have given two independent consents**: 1. A **rewards opt-in** ("I wish to participate in the voluntary rewards programme") that you set in the profile section and can withdraw at any time. 2. A separate, specific **tracking consent** for the third-party cookies, web beacons and tracking pixels that OGAds and its advertising partners set when the offer wall is opened. This consent is collected immediately before the first offer wall load via a dedicated consent dialog, is recorded server-side in our VRRW backend together with a timestamp, user-agent and policy version (Art. 7 para. 1 GDPR, proof of consent), and can be withdrawn at any time from the profile section. Without both consents there is **no** network access to the OGAds servers or partner pages. Even the loading of the offer wall URL is gated in the mod client by a prior query to our own backend; only if that backend confirms that your member identifier has a valid and non-withdrawn tracking consent on file does the embedded browser open at all. Withdrawing the tracking consent immediately blocks access to the offer wall and deletes the corresponding consent record from the backend. Details of our consent audit log are set out in III.C.g. > **Note:** The **usage-related** rules for the offer wall > (voluntary participation, credit mechanism, fraud protection, > minimum age of 18, VRRW Points have no cash value) are set out in > our Terms of Use in ** 12** (VRRW Points, rewards and the OGAds > offer wall). **Provider:** OGAds 222 W. Merchandise Mart Plaza, Suite 1212 Chicago, IL 60654 United States E-mail: info@ogads.com OGAds privacy policy: [https://ogads.com/privacy-policy](https://ogads.com/privacy-policy) OGAds terms of service: [https://learn.ogads.com/terms-of-service](https://learn.ogads.com/terms-of-service) **Role:** OGAds operates the offer wall and forwards users to its advertising partners **under its own responsibility**. We and OGAds are **not joint controllers within the meaning of Art. 26 GDPR**. We have no influence over the concrete processing carried out by OGAds or by individual advertising partners. **Data processed (per the OGAds privacy policy):** IP address, browser and device characteristics, operating system, approximate geographic location (IP-based, not GPS), access timestamps, offer pages visited, as well as cookies, web beacons and tracking pixels set by the advertising partners within the respective embedded third-party content. The data is used inter alia for geo-targeting, measuring task completion, and fraud prevention. **Data transferred to us ("postback"):** When you successfully complete a task, OGAds sends us a conversion confirmation. On that basis we credit the agreed number of VRRW Points to your member identifier. The conversion confirmation only contains the fields required to link the reward to your member account and for fraud protection. **Recipients:** OGAds and the advertising partners brokered by OGAds for the individual offers. According to the OGAds privacy policy, OGAds may additionally pass data to its own service providers (in particular data-analytics and sales/marketing services). The URL — and thus the identity — of the currently loaded partner is shown to you in the embedded browser at all times; we recommend consulting the respective partner's privacy policy before entering any personal data there. **Third country transfer:** Processing by OGAds takes place primarily in the **United States**. Further processing by advertising partners may additionally take place in other third countries. Where personal data is transferred to a third country, this is safeguarded in accordance with Art. 44 et seq. GDPR by appropriate safeguards (in particular EU Standard Contractual Clauses). No adequacy decision exists for OGAds itself. **Retention period:** We store the conversion confirmation received from OGAds only for as long as necessary for the points credit and fraud protection. For OGAds' own retention: OGAds states category-specific retention periods in its privacy policy (e.g. 6 months for certain log and usage data); the current version of OGAds' privacy policy is authoritative. **Legal basis:** 25 para. 1 TDDDG in conjunction with Art. 6 Para. 1 lit. a) GDPR — **your prior, active consent exclusively**, granted via the two-step consent flow (rewards opt-in + tracking consent). Legitimate interest is not available as a fallback basis here because the processing involves cookies, web beacons and tracking pixels of third-party providers that process data for their own purposes (see the DSK guidance on telemedia, 2021 edition). You can withdraw either of the two consents at any time and as easily as you gave them, pursuant to Art. 7 Para. 3 GDPR, either via the "Withdraw" button in the Rewards card of the mod profile section or by dismissing the respective consent dialog. Cookies that have already been set can additionally be deleted via the browser settings or the cookie manager of the embedded browser. **Rights against OGAds:** Independently of your rights against us (see Section II), you may assert the rights you are entitled to under Art. 15-21 GDPR with respect to processing by OGAds directly with OGAds at info@ogads.com. For California and certain other US state residents, OGAds additionally acknowledges the CCPA / CDPA rights (access, deletion, opt-out of sale/sharing). **No access for persons under 18:** The offer wall content is intended exclusively for persons who are at least 18 years old (per the OGAds terms of service). Details are set out in our Terms of Use ** 12**. **Note:** The Gameplay Network Gate described in III.I.0 also applies to the OGAds integration. No OGAds communication takes place during active gameplay — neither offer retrieval nor conversion checks. ### III.K Kinetic Hosting affiliate link The mod's multiplayer menu contains a "Create server" button that, when clicked, opens the website of the Minecraft hosting provider **Kinetic Hosting** in the embedded browser with our affiliate identifier `aff=1095` (`https://billing.kinetichosting.com/aff.php?aff=1095`). The same applies to corresponding promotional banners on the website. > **Note:** The commercial framing of the affiliate link and our role > as a mere advertising partner (no contractual relationship with > Kinetic Hosting) are set out in our Terms of Use in ** 13** > (Kinetic Hosting affiliate link). This is a pure referral link — **we ourselves do not store any data on the mere forwarding.** Kinetic Hosting may, however, collect your IP address, user agent, referrer data and cookies when you visit their page. For details please consult the Kinetic Hosting privacy policy at [https://www.kinetichosting.net/privacy-policy](https://www.kinetichosting.net/privacy-policy). If you sign up as a customer with Kinetic Hosting via this link, we receive a commission notification from Kinetic Hosting that does not contain any personal data about you (only our affiliate ID and a contract conclusion indicator). Legal basis for merely displaying the link and the promotional banner: Art. 6 Para. 1 lit. f) GDPR (legitimate interest in identifying an affiliate partner). For any subsequent visit to the Kinetic Hosting website, Kinetic Hosting is the sole controller. ### III.L Hosting and data processing by Wix.com Ltd. Our website backend, database, image/file delivery, login and profile management, community features, loyalty program and subscription management are operated via the **Wix** service of **Wix.com Ltd., Namal 40, 6350671 Tel Aviv, Israel** ("Wix"). Wix is our data processor pursuant to Art. 28 GDPR; a corresponding data processing agreement is in place. Legal basis: Art. 6 Para. 1 lit. b) GDPR (contract initiation and performance) and Art. 6 Para. 1 lit. f) GDPR (legitimate interest in operating a stable online service). **Third country transfer:** Due to the international branches of Wix, it cannot be ruled out that processing will also take place outside the EU (including Israel and the USA). For Israel an EU Commission adequacy decision pursuant to Art. 45 GDPR exists. For other third countries, Wix ensures that processing only takes place where permitted under the GDPR — in particular via EU adequacy decisions, the EU-US Data Privacy Framework, or EU Standard Contractual Clauses. Wix processes the following user data on our behalf in particular: - name, e-mail address, delivery and billing address, payment data, company name, telephone number if applicable, - IP address, information about orders, posts, groups, events, device and browser used, - content you have published via our community features, the server directory or any other input forms (including the user-submitted server entries and associated images described in III.G), - VRRW points balances, challenge progress, subscription status, - mod-specific session data (internal member identifier, OGAds session identifiers, postback confirmations, and the auto-login artefacts stored locally and encrypted on your own computer). Further information on data protection at Wix is available at [https://www.wix.com/about/privacy](https://www.wix.com/about/privacy). ### III.M Web analytics (Google Analytics and others) #### a) Hosting-provider web analytics Our backend provider (see III.L) sets cookies on the website for its own web-analytics feature. Information such as time, location and frequency of website visits is transmitted via these cookies to the provider's server and analysed there. **The legal basis is your consent exclusively**, pursuant to 25 para. 1 TDDDG and Art. 6 Para. 1 lit. a) GDPR, granted via our cookie manager. No analytics cookies are set without your consent. You can withdraw your consent at any time with effect for the future, pursuant to Art. 7 Para. 3 GDPR, by adjusting the cookie settings on our website or by deleting the cookies in your browser. #### b) Google Analytics We use **Google Analytics** on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA — hereinafter "Google"). Google Analytics helps us analyse website usage and measure the effectiveness of our marketing campaigns. Legal basis: Art. 6 Para. 1 lit. a) GDPR (your consent via our cookie manager). You can revoke this consent at any time with effect for the future via the "Cookie Settings" on our website under Art. 7 Para. 3 GDPR. Information such as time, location and frequency of website visits, as well as interactions with the website (e.g. click paths, seen/clicked ads, link clicks) including the user's IP address is transferred to a Google server in the USA and stored there for up to 14 months (corresponding to the default retention period we have selected in Google Analytics 4). Google LLC is certified under the **EU-US Data Privacy Framework**, for which the EU Commission has issued an adequacy decision pursuant to Art. 45 GDPR ([https://www.dataprivacyframework.gov/list](https://www.dataprivacyframework.gov/list)). Google also records "demographic characteristics" and can create statistics that allow statements to be made about the age, gender and interests of site visitors. This is done through the automated analysis of advertising and information from third parties. If the user has activated personalised ads in their Google account and agrees to Google Analytics, Google can analyse usage behaviour across devices. If the user wishes to deactivate this cross-device analysis, they can do so via [https://support.google.com/ads/answer/2662922?hl=en](https://support.google.com/ads/answer/2662922?hl=en). We use Google Analytics with the IP anonymisation function. As a result, Google will shorten the user's IP address within the EU member states or in other contracting states of the EEA Agreement. Further information and opt-out options are available at [https://www.google.com/intl/en/policies/privacy/partners](https://www.google.com/intl/en/policies/privacy/partners) and via the Google Analytics opt-out browser add-on ([https://tools.google.com/dlpage/gaoptout?hl=en](https://tools.google.com/dlpage/gaoptout?hl=en)). ### III.N Linked external community channels (YouTube, Discord) and further profiles We actively operate a **YouTube channel** and a **Discord server** as community channels for our project. Both are linked from the footer of our website and from inside the mod. In addition, we maintain simple personal profiles on **Facebook, Instagram and X**, which we will also link once we publish project updates there on a regular basis. **Important — no joint controllership:** For YouTube, Discord and the linked Facebook / Instagram / X profiles we are **not a joint controller within the meaning of Art. 26 GDPR** together with the respective platform operators (including Meta Platforms Ireland Limited and Twitter International Unlimited Company). We do not use Business Page Insights / audience statistics, no ad / pixel integration and no social plugins on our website. The profiles are embedded exclusively as simple hyperlinks (or static link graphics). Only when you actively click a link are you forwarded to the respective service, and only from that point onwards does the platform operator process your data under its own responsibility. Legal basis for merely displaying the links: Art. 6 Para. 1 lit. f) GDPR (legitimate interest in giving interested visitors access to our project channels). #### a) YouTube channel We publish videos and project updates on our own YouTube channel. We **aspire** to join the YouTube Partner Programme (YPP) and monetise the channel via ad revenue in the future, but at the current status of this policy **participation is not yet active** — no ad revenue is currently generated. Individual videos from this channel are also embedded on our website; for the embedding see the separate Section **III.O**. YouTube is a service of **Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland** (subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When you visit our channel directly on YouTube, Google processes your data under its own responsibility pursuant to the Google privacy policy ([https://policies.google.com/privacy](https://policies.google.com/privacy)). We ourselves only receive aggregate, non-personal channel statistics from Google (e.g. total views, approximate watch time). Processing of your data outside the EU, in particular in the United States, is possible and cannot be ruled out. Google LLC is certified under the EU-US Data Privacy Framework. #### b) Discord server We operate a Discord server as a community channel for our project. Discord is a service of **Discord Netherlands B.V., Schiphol Boulevard 195, 1118 BG Schiphol, Netherlands** (parent company Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA). When you visit our Discord server or join it, Discord processes your data (including messages, user profile, connection data) under its own responsibility pursuant to the Discord privacy policy ([https://discord.com/privacy](https://discord.com/privacy)). We receive the messages you post, your Discord username and the roles assigned to you on the server. Please do not post sensitive personal data on our server. Processing of your data outside the EU, in particular in the United States, is possible. Legal basis for operating the Discord server: Art. 6 Para. 1 lit. f) GDPR (legitimate interest in operating a community channel) and Art. 6 Para. 1 lit. a) GDPR (your consent given by actively joining the server). #### c) Facebook, Instagram and X (linked personal profiles) We maintain simple personal profiles on Facebook, Instagram and X, where we occasionally share project updates. **We do not operate a business "Page", and we do not use any advertising features, audience targeting or Page Insights statistics there.** The profiles are embedded on our website and inside the mod only as simple hyperlinks (or static link graphics). **No data** is transferred to the platform operators until you actively click the respective link. If you do click such a link and visit the platform, the privacy policy of the respective platform operator applies: - **Facebook and Instagram** — Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policies: [https://www.facebook.com/privacy/policy](https://www.facebook.com/privacy/policy) and [https://privacycenter.instagram.com/policy](https://privacycenter.instagram.com/policy). Additional processing of your data by Meta Platforms, Inc. in the United States cannot be ruled out. - **X (formerly Twitter)** — Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Privacy policy: [https://x.com/en/privacy](https://x.com/en/privacy). Additional processing of your data by X Corp. in the United States cannot be ruled out. We are expressly **not a joint controller within the meaning of Art. 26 GDPR** with these platform operators, because we do not evaluate page insights, do not run advertisements, and do not use any automated reach or audience-targeting features. Legal basis for merely displaying the links is Art. 6 Para. 1 lit. f) GDPR (legitimate interest in giving interested visitors access to our external profiles). ### III.O Embedded YouTube videos We use YouTube on our website, a video service of Google Ireland Limited (see III.N.a), in **advanced privacy mode**. According to YouTube, the advanced privacy mode means that data is only transmitted to the YouTube server if you actually start a video. Without this mode, a connection to the YouTube server in the USA would be established as soon as you access any of our webpages that contain an embedded YouTube video. YouTube records and processes at a minimum your IP address, the date and time the video was viewed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established. If you are logged in to YouTube when you visit our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account. **Legal basis: your consent exclusively**, pursuant to 25 para. 1 TDDDG and Art. 6 Para. 1 lit. a) GDPR, granted via our cookie manager. Without your explicit consent the embedded YouTube video is not loaded and no connection to YouTube/Google servers takes place. Legitimate interest is **not** available as a fallback basis when a third-party service processes data for its own purposes (see the guidance of the German DSK on telemedia, 2021 edition). You can withdraw your consent at any time with effect for the future, pursuant to Art. 7 Para. 3 GDPR, via the cookie settings on our website. Further information on Google's processing: [https://policies.google.com/privacy](https://policies.google.com/privacy). --- ### III.P Image uploads (Wix Media) (new in v4) In several places on the website and in the mod, you can upload images. Specifically: - **Profile picture** on the website / in the mod (see III.C.b), - **Server directory images** (server icon, info hero image, entry popup image, event banner — see III.G.a / III.I.3), - **Posts in the VRRW Community Groups** (see III.E.b), - **Bug-report attachments** (screenshots, log files — see III.I.11), - **Feature-request mockups** (see III.I.11), - **YouTuber program verification screenshot** (see III.I.11), - **Tutorial cover images** (see III.I.11). These images are stored in **Wix Media** — a CDN system operated by Wix.com Ltd. (see III.L). The generated URLs follow the format `https://static.wixstatic.com/media/...` or `wix:image://v1/...`. Images are linked to the respective database entries (member profile, server entry, post, bug report, etc.) and retained for their lifetime. **On account deletion:** images linked to your memberId (e.g. profile picture, server-directory images) are removed together with the corresponding CMS entry. Images that we must retain for legal reasons (e.g. as evidence in a content-violation complaint) are kept in pseudonymized form (see II.b). **Security measures:** - **Size limit** per image (typically 5 MB). - **Magic-byte validation** — only true image formats (PNG, JPG, GIF, WebP) are accepted at upload. Hidden executable code (e.g. PHP webshells inside a JPG) is rejected. - **Antivirus scan** by Wix Media on upload. - **Content standards** in 10(4) of the Terms of Use apply to every image (in particular no pornographic, unlawful or privacy-rights-violating content). Legal basis: Art. 6 Para. 1 lit. b) GDPR (performance of the respective feature's contract); Art. 6 Para. 1 lit. f) GDPR (legitimate interest in a robust image infrastructure). ### III.Q Anti-fraud, suspensions and moderation history (new in v4) To protect our services and other users, we operate several anti-fraud and anti-spam mechanisms. They process the following data: **(1) Rate limits:** for each action (login, registration, DM send, friend request, voice call, post, bug report etc.) we run short-lived counters in our backend (CMS collection `RateLimitBuckets`). Keys are partly anonymised (SHA-256 of e-mail or IP), partly memberId-bound for authenticated actions. Entries are auto-removed after 2 × the window duration (typically a few minutes). **(2) Login brute-force protection:** repeated failed login attempts trigger a 30-minute lockout. The failed-attempt list is kept only in memory (no persistent storage). **(3) Moderation history:** if a member violates the content standards, a warning entry can be created (`UserWarnings` / `AllianceMemberMeta.warningsJson`). After 3 warnings the account is automatically suspended; the affected user can challenge the suspension via an unban request (`UserUnbanRequests`). Moderation history is retained pursuant to Art. 17(3)(e) GDPR for the defence of legal claims; for details see II.b. **(4) Token revocation on logout:** when you log out, your current "stay logged in" token is marked server-side in the `TokenRevocations` list (we store only the SHA-256 hash of the token — never the token itself). Any attempt by a third party to use an expired or revoked token is rejected. Hashes are auto- removed once the underlying token expires (30 days). **(5) Account suspension on suspected fraud:** in case of reasonable suspicion of VPN / multi-account manipulation, automated offer participation, postback manipulation, or other attacks, we reserve the right to suspend or delete the affected account (contractual breach — see Terms of Use 9(7) and 12(8)). **Legal basis:** Art. 6 Para. 1 lit. f) GDPR (legitimate interest in anti-fraud / anti-abuse measures) and Art. 6 Para. 1 lit. c) GDPR (obligation to ensure the integrity of processing per Art. 5 Para. 1 lit. f and Art. 32 GDPR). **Retention period:** rate-limit data: minutes. Login brute-force data: 30 minutes in memory. Token revocations: until the underlying token expires (max. 30 days). Moderation history: until account deletion, then pseudonymized (Art. 17(3)(e) GDPR, see II.b). ### III.R AI image generation in the mod (new in v4) The mod includes a feature for **local AI image generation** (e.g. for textures, server banners, group backgrounds). **Processing location:** the AI models run **exclusively on your computer**. We transmit neither the prompt text you enter nor the resulting image to our servers, unless you actively transfer the result via the upload function to Wix Media (see III.P). When you upload an AI-generated image, the same storage and security rules apply as for normal image uploads. **Input data:** your prompt input is briefly held in mod process memory, passed to the local AI model and discarded after generation. There is no cloud-service provider acting as a processor — the entire inference happens on your end device (e.g. via Hyper3D, Hunyuan3D or comparable local model frameworks). **Storage of generated images:** the AI models store result images in a subfolder of your Minecraft instance directory (e.g. `mod-cache/ai-generated/`). You can delete this folder yourself at any time. **Usage rules:** the legal requirements for AI-generated content (labelling obligation, liability, no depictions of real persons without consent, etc.) are documented in the Terms of Use 9.19. **Legal basis:** for local processing: no data-protection legal basis required (no third-party transmission involved). For an uploaded AI image: Art. 6 Para. 1 lit. b) GDPR (performance of the upload feature's contract) plus the licence grant under 10(2) of the Terms of Use. ### III.S Creator charter — consent trail (new in v4) Verified VRRW creators (see Terms of Use 9.18) bindingly accept the **VRRW Creator Charter** at application time. We store — analogous to the general legal-acceptance history (see II.b and VI) — the following fields in the backend (collection `YoutuberProfiles` or dedicated `CreatorCharter` collection): - `creatorCharterVersion` — version of the accepted charter - `creatorCharterAcceptedAt` — timestamp of acceptance - `creatorCharterUserAgent` — user-agent at the time of acceptance - `creatorCharterHistory` — JSON array of past acceptances (for re-acceptance on updates) **Re-acceptance on updates:** when the charter is updated, on the creator's next login the tutorial / group-link / post functions are blocked until the new charter version has been accepted. The mechanism is technically equivalent to the legal re-acceptance flow (see VI). **Legal basis:** Art. 7 Para. 1 GDPR (burden of proof for consent) in conjunction with Art. 6 Para. 1 lit. b) GDPR (performance of the creator program contract). **Retention period:** as long as the creator profile exists. On account deletion the charter fields are removed together with the YoutuberProfiles entry; the profile is included in FULL_DELETE_NONSTD (see II.b). ### III.T Public visibility, permanence, search engines (new in v4) Certain content you publish on our platform is not only visible to other VRRW members but **publicly available worldwide** — also to search engines (Google, Bing, Yandex, DuckDuckGo, Brave Search), web archives (Internet Archive / Wayback Machine), and any non-logged-in visitor. #### III.T.1 Which content is public? The following content is **publicly published by default**: - **Server directory entries** (all fields: server name, IP / hostname, texturepack mode, info, event data + all uploaded images) — directly accessible at [https://www.vrrw.online/serverlisting](https://www.vrrw.online/serverlisting). - **Events** (event name, date, description, banner image, RSVP statistics in aggregate form) — on the events page. - **Posts in PUBLIC community groups** (also with the "post anonymously" toggle enabled — see II.c: the pseudonym becomes public, but the content remains public). - **VRRW Creator profile** (if you have applied as a creator; channel name, bio, custom links, tutorials, group links — see Terms 9.18). - **Ratings** on public items (if you submit any). **Non-public content:** - DMs (direct messages) — only visible to sender + recipient - Posts in PRIVATE groups — only to group members - Bug reports + feature requests — only to you + admin - Profile data with `privacyStatus = PRIVATE` — not in the community search (see III.C.h(3)) - Voice calls — peer-to-peer, no backend storage (see III.I.7) - Purchases / points balance / rewards status — private #### III.T.2 Search-engine indexing **Content under `vrrw.online`** is in principle reachable by search-engine crawlers and may be indexed there. We do **not** set a general `noindex` meta tag nor a `robots.txt` disallow rule on public areas, since that would significantly limit the discovery value for server listings + events + creator tutorials. **Consequence:** - What you publish publicly may appear on Google and other search engines, with preview + cache. - **If you delete a public post**, it can take a few days to weeks before search-engine caches reflect this state. On Google you can request faster removal via the **Search Console Removal Tool**: [https://search.google.com/search-console/remove-outdated-content](https://search.google.com/search-console/remove-outdated-content). - Web archives (e.g. Internet Archive Wayback Machine) may create snapshots of your public posts, **which we cannot control**. Removal must be requested directly with the archive: [https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org](https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org). #### III.T.3 Permanence and self-protection **Before you publish anything publicly, consider:** - Other users / third parties may take **screenshots or copies** of your posts — once distributed these are **not retractable**. - Content may be **searchable in conjunction with your name** via search engines, if your profile is PUBLIC + the content standards allow appearance in Google. - **Publication of real names, addresses, phone numbers, credit- card / banking data or other sensitive data** in public areas is NOT permitted (see Terms 10(4)) — also not by you yourself via your own account. **Data-minimisation self-protection:** if for personal reasons you wish a smaller visibility footprint: - Set your profile `privacyStatus` to PRIVATE (see III.C.h(3)). - Use the anonymity option (`isAnonymous`) for individual posts (see II.c) — pseudonymization per Art. 4 No. 5 GDPR. - Post sensitive topics only in PRIVATE groups or via DM. - Apply for creator status only if you explicitly want public visibility under your real name (identity lock — see Terms 9.18(2)). #### III.T.4 Self-deletion of public content You can remove public content yourself at any time: - **Server entries:** mod "Multiplayer → Manage my Servers → Delete" or website "Serverlisting / Server entry Informations". On deletion all texts + images are irrevocably removed from our database — the linked wixstatic.com images are also deleted. - **Posts in community groups:** "⋯ → Delete" on the respective post. - **Events:** website "Server Event management". - **Creator profile:** mod profile → "Return creator status" or a written request to the controller (see IV). **On full account deletion** all public content is automatically removed (see II for the complete deletion pipeline; individual records may persist longer in pseudonymized form per II.b for legal-retention obligations). **Legal basis** for the public publication: Art. 6 Para. 1 lit. b) GDPR (performance of the contract for the respective feature you actively used — server-entry creation, group-post sending, etc.) plus Art. 6 Para. 1 lit. a) GDPR (your active click consent at publication time). ### III.U Referral system (referral codes) (new in v4) The mod includes a **voluntary referral system**: you can generate a one-time referral code based on your Minecraft username (`post_createReferralCode`) and pass it to other players. Whoever redeems your code on first login (`post_redeemReferralCode`) is recorded in the CMS collection `AllianceMemberMeta` as your "referee"; you, as the referrer, receive a percentage bonus on all points the referee earns in the OGAds offerwall system. #### III.U.1 Data processed Per user row in `AllianceMemberMeta`, the following are stored for the referral system: - `referralCode` — the referral code you generated (alphanumeric, 8 characters, cryptographically random) - `mcUsername` / `mcUsernameLower` — your Minecraft name (for code uniqueness + anti-squatting) - `mcUuid` — Mojang UUID, verified once by the backend via the Mojang public API (`https://api.mojang.com/users/profiles/...`) and cached for 24 h. Protects against username squatting on well-known player names. - `referralUsedCode` / `referralReferrerMemberId` / `referralReferrerMcName` — when you, as **referee**, redeemed another's code (one-time per account) - `referralPointsGenerated` — points you, as referee, have so far generated via OGAds (technical accounting) - `referralBonusAwarded` — bonus points your referrer has so far received from your activity - `referralTotalEarned` — aggregate bonus from all referees as referrer - `referralTotalReferrals` — total number of referees (sybil cap 100 lifetime — see III.U.3) - `referralCodeCreatedAt` / `referralRedeemedAt` — timestamps #### III.U.2 Purposes and legal bases - **Function**: performance of the voluntary referral program contract (Art. 6(1)(b) GDPR). - **Mojang UUID verification**: legitimate interest in anti- squatting (Art. 6(1)(f) GDPR) — prevents one person from claiming the username of a well-known streamer to capture referrals from third-party fans. **Third-party transmission**: during verification our backend transmits the Minecraft username you supplied to the public Mojang API (`https://api.mojang.com/users/profiles/minecraft/`, operated by **Mojang AB / Microsoft Corporation, Redmond, USA**). Mojang receives only the username (no VRRW memberId, no email) and returns the UUID. Transmission is based on Microsoft DPF (EU-US Data Privacy Framework — Art. 45 GDPR adequacy decision) and Standard Contractual Clauses. The response is cached server-side for 24 h and is not shared further. - **Sybil cap (100 referrals/code lifetime)**: legitimate interest in anti-fraud (Art. 6(1)(f) GDPR). - **Aggregate statistics (`referralTotalEarned`)**: contract performance (Art. 6(1)(b) GDPR) for crediting in the OGAds point system. #### III.U.3 Anti-fraud — Sybil protection A **lifetime cap of 100 referees** applies per referral code. The backend checks on redeem (`post_redeemReferralCode`) under optimistic locking whether the cap has not yet been reached. Attempts to bypass the cap by creating multiple accounts fall under our anti-fraud mechanisms (see III.Q) — on suspicion the referral account is frozen. **Rollback**: if the referrer hits the cap during a parallel redeem attempt, we transparently roll back the referee entry; you can then redeem a different code. #### III.U.4 Admin configuration of the bonus percentage The **bonus percentage** (`percentBonus`) is centrally managed in the CMS collection `ReferralConfig` and read by the backend with a short-lived cache. The Controller may **adjust this percentage at any time, pause or fully disable** the referral system (e.g. due to anti-fraud measures or changed OGAds conditions). Existing referee links remain; future bonus calculations use the then-current value. **Note**: since the percentage is unilaterally adjustable by the Controller, it is shown to you in the mod profile **live** (via `get_referralStatus`). An already-credited bonus from the past remains untouched. #### III.U.5 Retention and deletion - As long as you are an active account holder, the referral fields remain part of your `AllianceMemberMeta` entry. - On `post_deleteAccount` the entire `AllianceMemberMeta` row is **fully deleted** (FULL_DELETE — see II.b). Your referral code thereby vanishes definitively. - The aggregate counters at your former referees (`referralReferrerMemberId`) point to the pseudonym hash after your deletion; their bonus history remains mathematically correct. - You **cannot** replace an already-redeemed code with another (`referralUsedCode` is final). If you, as referee, want a different code, you can only delete the account and register anew — this is explicitly **not** a permitted sybil bypass (see III.Q). - Self-service regeneration of your own referral code is **not** available (would defeat anti-squatting protection) — write to the Controller with justified reason (e.g. compromised by data leak). **Legal bases for storage**: - Art. 6(1)(b) GDPR — performance of contract - Art. 6(1)(f) GDPR — anti-fraud (lifetime-cap trail) - Art. 6(1)(c) GDPR + 147 AO — where OGAds payouts qualify as tax-relevant business transactions, possibly 10-year retention of the aggregated booking records. ### III.V References to creator-specific and CoC documents (new in v4) In addition to this general privacy notice, **specialised documents** apply to specific functional areas: **Creator program:** - Special Terms of Use for Creators (`CreatorLegalDocs/ docType=creator_agb`) — describes content rules, anti- discrimination, VRRW topic relevance, advertising disclosure, profile maintenance duty, sanctions. - Special Privacy Notice for Creators (`CreatorLegalDocs/ docType=creator_privacy`) — details the additional fields in `YoutuberApplications` / `YoutuberProfiles`, public profile publication, subscriber verification, 5-year audit-trail retention. **General Code of Conduct:** - `CodeOfConduct` — standard rules of conduct for ALL users. Co-accepted at registration (mandatory checkbox in `post_authRegister`). Re-acceptance on a version bump runs via the same mechanism as Privacy/Terms (see VI). **Acceptance in the creator application form**: applicants confirm three separate mandatory checkboxes: 1. Creator Terms (`creator_agb`) 2. Creator Privacy (`creator_privacy`) 3. Code of Conduct (`code_of_conduct`) Version + timestamp + user-agent of each acceptance are stored in the application (`creatorAgbVersion` / `creatorAgbAcceptedAt` / `creatorAgbUserAgent` analogously for the other two documents). These fields form the proof trail per Art. 7(1) GDPR and 5a(4) UWG (competition-law disclosure compliance). ## IV. Final provisions We reserve the right to adapt this privacy policy from time to time in order for it to always meet current legal requirements or in order to implement changes to our services in the privacy policy, e.g. when introducing new services on the website or in the mod. For your next visit, the new privacy policy will then apply. We will communicate any changes affecting you in a timely and appropriate manner. If individual provisions of this privacy policy should be or become ineffective, this does not affect the effectiveness of the remaining provisions. The current version of this privacy policy is always available in the footer of our website at [https://www.vrrw.online/privacypolicy](https://www.vrrw.online/privacypolicy) and in the mod via the "Privacy Policy" link in the main menu. ## V. Right to lodge a complaint with the supervisory authority You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR. The competent authority for us is: **Berliner Beauftragte für Datenschutz und Informationsfreiheit** Friedrichstr. 219 10969 Berlin Germany Phone: +49 30 13889-0 E-mail: mailbox@datenschutz-berlin.de Website: [https://www.datenschutz-berlin.de](https://www.datenschutz-berlin.de) You may equally turn to any other supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. ## VI. Changes to this Privacy Policy and re-acceptance ### VI.1 Changes We reserve the right to update this Privacy Policy from time to time to reflect changes in the law, in our processing operations or in the services we offer. The currently valid version is always available at [https://www.vrrw.online/privacypolicy](https://www.vrrw.online/privacypolicy). ### VI.2 Re-acceptance mechanism for material changes (new in v4) **For material changes** (e.g. new processing purposes, new third- party recipients, new categories of personal data) we will request your renewed consent at the next login — on the website via a banner, in the mod via a dedicated re-acceptance dialog (`LegalReAcceptanceScreen`). Without your renewed consent the affected features remain disabled until you accept (Art. 7 GDPR). **Technical flow:** 1. On login the mod calls the endpoint `get_pendingLegalAcceptances`. This compares for each doc-type (privacy, terms, cookies, impressum, code_of_conduct) the currently published version (`AdminSettings/_id="legal__version"` resp. `_id="codeOfConduct"`) with the latest version accepted by the user (in `LegalHistoryBuckets` / `LegalAcceptances`). 2. If the endpoint returns a non-empty pending list, the mod blocks all logged-in features and displays the re-acceptance dialog. 3. On acceptance the mod calls `post_acceptLegalsBatch` with the new version numbers. The backend writes an atomic acceptance trail to `LegalHistoryBuckets` (bucket slot per user) and only then re-enables the features. 4. For the **Creator Charter** the parallel procedure runs via `get_pendingCreatorCharter` + `post_acceptCreatorCharter`. The version number comes from `AdminSettings/_id="creatorCharter"`. 5. On refusal the account remains active, but all features affected by the changed processing are blocked — you can still delete your account or export your data from inside the mod. ### VI.3 CMS collections for legal versions The following collections hold the version and acceptance trail: - `LegalTexts` — the currently published doc bodies (privacy / terms / cookies / impressum) per language. - `LegalTextVersions` — snapshot history of previous versions. - `LegalAcceptances` — individual consent records (legacy + transitional mix). - `LegalHistoryBuckets` — slot-bucketed acceptance trail per user (scales better for high user counts — see II.b). - `AdminSettings` — keys `legal__version` (NUMBER) as source of truth for the currently published version, plus `creatorCharter` and `codeOfConduct` for the creator and CoC versions. We also use `AdminSettings` for a **mod-binary hash manifest** (SHA-256 hashes of distributed mod JARs) for anti- tampering verification at mod startup (see III.Q.6). ### VI.4 Status and history insight The currently valid version, effective date and the full change history per doc-type are accessible from inside the mod under "Profile → Privacy → Acceptance history" (endpoint `get_legalHistoryForUser`). This satisfies Art. 7(1) GDPR (proof of consent) — see also II.b for retention specifics. ## VII. Security incidents (Art. 33 / 34 GDPR) (new in v4) If, despite our technical and organisational measures (Art. 32 GDPR), a breach of the protection of personal data occurs, we proceed as follows: **(1) Notification to the supervisory authority (Art. 33 GDPR):** where the breach is **likely to result in a risk to the rights and freedoms of natural persons**, we report the incident **without undue delay and where feasible within 72 hours** of becoming aware of it to the competent supervisory authority (see V). **(2) Notification to data subjects (Art. 34 GDPR):** where the breach is **likely to result in a high risk to the rights and freedoms** (in particular if login data, payment information, address data or comparable data categories are affected), we notify you as the data subject **without undue delay, in clear and plain language**, by e-mail to your registered login address. The notification contains: - description of the nature of the breach, - name and contact details of the data protection officer or point of contact, - likely consequences of the breach, - measures taken or proposed, - recommended self-protection actions (e.g. password change). **(3) Documentation (Art. 33 Para. 5 GDPR):** all breaches — including those not subject to mandatory notice — are documented in an internal breach register so that the supervisory authority can verify our compliance with the notice obligations. This documentation is retained for at least 3 years. **(4) Technical security measures (Art. 32 GDPR):** we use, among others, the following measures to prevent breaches: - **TLS 1.2+** for all communications between mod, website and backend. - **AES-256-GCM** encryption of session tokens (backend-signed with `VRRW_TOKEN_KEY`). - **PBKDF2-HMAC-SHA512** with 600 000 iterations for local device-binding of the mod configuration. - **Cold-start fail-closed** for the token revocation cache. - **Optimistic-lock retry** with race detection for CMS writes. - **HMAC tamper detection** for the locally stored mod configuration. - **Rate limits** per action, layered (in-memory + persistent). - **Privacy by default**: DMs / voice calls / community are disabled at registration. **(5) Processor:** our processor Wix (see III.L) is contractually (DPA) obliged to inform us of any breaches affecting it **without undue delay**, so that we can meet our notice obligations.
bottom of page