Privacy Policy

Last updated: 08/08/2025

This Policy explains how we process personal data when you visit https://ronkad.com (the “Website”) and when you subscribe to our mailing list operated at https://mail.ronkad.com (“Sendy”). It applies to visitors, newsletter subscribers, and people who contact us.

Categories of data, purposes and legal bases

Server logs (website hosting)

  • Data: IP address, date/time, request URL, referrer, user agent, HTTP status code, bytes transferred.
  • Purpose: Operate the Website, ensure security and troubleshoot.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Retention: Typically 7–14 days unless needed longer due to an incident.

Contact via email / forms

  • Data: Email address, name (if provided), message content, timestamps; technical metadata.
  • Purpose: Handle and respond to your request; record-keeping.
  • Legal basis: Contractual/pre-contractual communications (Art. 6(1)(b)) or legitimate interests (Art. 6(1)(f)).
  • Retention: Until the request is completed and statutory obligations expire.

Newsletter / mailing list

We operate our newsletter using Sendy (self-hosted at mail.ronkad.com) and send emails through Amazon Simple Email Service (SES) in the EU (Frankfurt) region.

  • Data: Email address; optional name; subscription time/IP (consent log); list membership; campaign interactions (delivery events, opens, link clicks if enabled), unsubscribes/bounces/complaints.
  • Purpose: Send news about our games (dev updates, beta invites, release announcements); maintain list hygiene.
  • Legal basis: Consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time via the unsubscribe link.
  • Tracking: We may use tracking pixels and tracked links to measure opens and clicks to improve the newsletter. You can opt out by unsubscribing at any time.
  • Retention: We store subscriber data until you withdraw consent. We may keep a suppression (block) list to prevent future emails to unsubscribed, bounced, or complained addresses (legitimate interests, Art. 6(1)(f)).
  • Double opt-in: Subscriptions require confirmation via email; we log the process for proof of consent.

Cookies & consent

  • We use cookies that are necessary to operate the site (e.g., to remember your consent).
  • Any non-essential cookies (e.g., analytics, embedded media that set cookies) are only used with your consent.
  • Legal basis: Consent for non-essential cookies (Art. 6(1)(a) GDPR / §25 TTDSG where applicable); legitimate interests for essential cookies (Art. 6(1)(f)).
  • Consent management: We use [your banner/tool, e.g., “Complianz”]. You can change or withdraw your consent at any time via the cookie settings link in the footer.

Processors and recipients

We rely on carefully selected service providers who process data on our behalf:

  • Hosting (Website & Sendy): Hetzner Online GmbH (Germany/EU).
    Purpose: Website and application hosting; server logs.
  • Email delivery: Amazon Web Services EMEA SARL (Amazon SES, region EU-Frankfurt).
    Purpose: Transactional and marketing email delivery; bounce/complaint handling via SNS.
  • Domain/DNS & optional forwarding: Namecheap, Inc. (if you use Namecheap’s Email Forwarding for addresses like info@ronkad.com).
    Purpose: DNS management; email forwarding to your chosen inbox.

We have data processing arrangements in place with our processors, and we only disclose data to third parties where necessary for the purposes above or where we are legally obliged to do so.

International data transfers

We use EU hosting and Amazon SES in the EU (Frankfurt) region. If, in rare cases (e.g., support), data is accessed from outside the EEA, such transfers occur under appropriate safeguards such as the EU Standard Contractual Clauses (SCCs).

Retention

We retain personal data only for as long as necessary for the stated purposes or as required by law. Typical periods:

  • Server logs: 7–14 days.
  • Contact emails: duration of correspondence plus statutory limitation periods.
  • Newsletter data: until withdrawal of consent; suppression data retained to honor opt-out.

Security

We use technical and organizational measures appropriate to the risk, including TLS/HTTPS encryption, hardened server configuration, access control, and regular updates.

Obligation to provide data

You are not legally obliged to provide personal data. However, without certain data (e.g., your email address) we cannot send the newsletter or respond to your inquiries.

Changes to this Policy

We may update this Policy to reflect changes in our processing or legal requirements. The effective date appears at the top. Material changes will be highlighted on this page.