The protection of your personal data is an important concern for us at Loot4All. In this privacy policy, we provide comprehensive information about the processing of personal data on our giveaway platform "Loot4All" ( https://loot4all.org ). We process your data exclusively based on legal regulations, particularly the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
In this privacy policy, we use certain terms that are defined in the sense of the GDPR. To avoid misunderstandings, we explain some of these terms here:
The controller for data processing on this website in terms of the GDPR is:
Lucas Dittmann
Straße der Einheit 18
04567 Kitzscher
Germany
Contact Person: Lucas Dittmann
Email: [email protected]
The controller decides on the purposes and means of processing your personal data. If you have any questions or concerns regarding data protection, you can contact the above-mentioned contact person at any time.
To participate in giveaways on our platform, registration is required. During this process, we collect the following personal data:
The processing of this data is carried out to fulfill the usage contract between you and Loot4All in accordance with Article 6(1)(b) of the GDPR.
IP Address: Your IP address is not stored by our system but is temporarily recorded in the log files of our web server. This storage is for security reasons and to detect cases of misuse (legitimate interest according to Article 6(1)(f) of the GDPR). However, if you register via a third-party provider (e.g., social media platforms), your IP address will be forwarded to the respective provider.
Our website collects a range of general data and information with each access by users or automated systems:
This information is needed to provide necessary information to law enforcement authorities in the event of a cyber attack.
The anonymized log file data is stored separately from any personal data provided by an affected person and serves to protect against misuse and ensure an optimal level of protection for the processed personal data.
In addition to traditional email registration, we also offer you the option to register with Loot4All via social media platforms. In this process, you will be redirected to the respective platform where you can log in with your credentials. We support the following social media platforms:
When you register via one of these social media platforms, we receive certain information from the respective provider such as your username or email address. The processing of this data is based on your consent according to Article 6(1)(a) of the GDPR.
Automatic Linking of Social Media Account: When you register via a social media platform, your social media account is automatically linked to your Loot4All account. This linking allows you to participate in certain giveaways later and fulfill participation conditions (e.g., by following a social media account). The linking can only be removed by request via support ticket or email.
You have the option to link your Loot4All account with your social media accounts (X (formerly Twitter), Discord, Twitch, and Steam). This linking is intended to fulfill certain participation conditions in giveaways (e.g., following an account or liking a post).
The linking can only be removed by request via support ticket or email. This serves to protect against manipulation through multiple account creations and multiple entries in giveaways (legitimate interest according to Article 6(1)(f) GDPR).
For certain participation conditions related to social media platforms like Instagram, TikTok, or Google (YouTube), it is not necessary to directly link your social media account with your Loot4All account. Instead, you are simply redirected to the respective website where you perform actions such as following an account or liking a post—without a direct link between your Loot4All account and the respective social media account. During this process, certain information such as your IP address may be transmitted to the respective platform (Article 6(1)(a) GDPR), as this transmission occurs within the scope of your voluntary access to these websites. Affected social media platforms include Instagram, TikTok, and Google (YouTube).
We offer a support ticket system to assist you as quickly as possible with questions or issues and to manually distribute prizes if necessary (e.g., when automatic prize distribution is not possible).
In this process, we process the following data:
The processing of this data is carried out to fulfill the contract in accordance with Article 6(1)(b) GDPR.
Once a support ticket reaches the status "closed," it is automatically deleted with all its content (messages and files) after a period of 30 days.
To participate in our giveaways and collect "entries" (i.e., tickets for the giveaway), you must fulfill certain participation conditions. These conditions may include the following actions:
Participation conditions vary depending on the giveaway and are transparently displayed on our platform.
The processing of your personal data within the framework of participating in giveaways is based on your consent according to Article 6(1)(a) GDPR.
If you wish to subscribe to our newsletter, we require your email address and your explicit consent for sending the newsletter according to Article 6(1)(a) GDPR. The newsletter is sent exclusively based on your consent, which you give us through the registration process. Your email address is used solely for sending the newsletter and is not shared with third parties.
As part of the registration process, we use the double opt-in procedure. This means that after signing up, you receive a confirmation email asking you to confirm your registration. Only after this confirmation will your email address be added to the mailing list. This ensures that no one can unauthorizedly register your email address for the newsletter. Unconfirmed registrations are automatically deleted after 60 days to ensure no unnecessary data is stored.
You can unsubscribe from the newsletter at any time—either by clicking on the corresponding link in each newsletter email or by sending us an email message. After unsubscribing, your email address will be removed from the mailing list and will no longer be used for sending newsletters. Your data will be stored as long as you are subscribed to the newsletter. Once you unsubscribe, we will promptly delete your data unless there are statutory retention obligations.
In addition, we use tracking technologies within our newsletter to analyze the usage and effectiveness of our newsletters. This is done through so-called tracking pixels or similar technologies embedded in the sent emails. These technologies allow us to determine if and when an email was opened and which links in the email were clicked.
The data collected through tracking includes:
This information helps us tailor our content better to your interests and improve the relevance of our newsletters. The processing of this data is based on your consent according to Article 6(1)(a) GDPR.
If you do not agree to newsletter tracking, you can prevent it by unsubscribing from the newsletter. This can be done either by clicking on the corresponding link in each newsletter email or by sending us an email.
To enhance the security and performance of our website, we use the Content Delivery Network (CDN) and Captcha from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107 USA (Article 6(1)(f) GDPR). Cloudflare temporarily stores your IP address in so-called log files to detect attacks and misuse attempts and to ensure fast delivery of our content worldwide. The use of Cloudflare is based on our legitimate interest in securely providing our services.
Purpose of data processing:
Type and scope of processed data:
Storage duration:
For more information, please refer to Cloudflare's privacy policy.
Additionally, we use Cloudflare's invisible captcha system (Turnstile) to ensure that our website visitors are real humans and not automated bots (Article 6(1)(f) GDPR). This system checks various signals in the background, such as mouse movements or time spent on the page, without requiring users to actively solve a captcha.
Purpose of data processing:
Type and scope of processed data:
Storage duration:
For more information, please refer to Cloudflare's privacy policy.
Our website uses only technically necessary cookies to provide basic functions, such as storing your session while using our platform. These cookies are essential for the operation of the website and are therefore set without your explicit consent (Article 6(1)(f) GDPR). We do not use analytics or tracking cookies.
These cookies are required to ensure the basic functions of the website. These include:
The use of these cookies is based on our legitimate interest in securely and smoothly providing our services (Article 6(1)(f) GDPR).
Since only technically necessary cookies are used, no additional consent is required. However, you can disable or delete the storage of cookies through your browser settings. Please note that this may affect the functionality of the website.
Your personal data will only be disclosed to third parties under specific circumstances, ensuring compliance with data protection regulations:
For example, if you choose to log in through a social media account, we may share certain information with the social media provider to facilitate this process. In all cases, we ensure that any third parties receiving your data are obligated to handle it in accordance with applicable data protection laws and only for the purposes specified by us.
For statistical purposes, we collect and store the following general user data:
When is this Data Collected?
The GeoLite2 ( https://www.maxmind.com/en/home ) database is used to determine the user's country code based on their IP address. It is a widely used tool for geolocation services that helps us understand where our users are accessing our services from without identifying individual users.
The GeoLite2 database is provided by MaxMind and is used under their license. It is important to note that all rights related to this database are owned by MaxMind. For more information on their licensing terms and conditions, please refer to MaxMind's official documentation.
This data collection helps us analyze user behavior and improve our services while ensuring compliance with privacy regulations.
We store your personal data only as long as it is necessary to fulfill the respective purpose or as legally required:
As a data subject, you have the following rights regarding your personal data:
To exercise these rights, you can contact us at [email protected] .
We place great importance on protecting your personal data and employ a variety of technical and organizational measures to safeguard it from unauthorized access, loss, or manipulation. These measures include, for example, encryption of data transmissions via SSL/TLS, regular updates of our security protocols, and the use of firewalls and other protective mechanisms to secure our systems against external attacks. Our security precautions are continuously reviewed and adapted to the current state of technology to ensure the highest possible level of protection.
In certain cases, it may be necessary to transfer personal data to service providers or partner companies outside the European Economic Area (EEA). These third countries may not offer an equivalent level of data protection as the European Union. To ensure an adequate level of protection for your data, such transfers only occur under appropriate safeguards in accordance with Article 46 GDPR.
Service providers to whom data may be transferred include, in particular:
In addition to contractual arrangements, we implement technical and organizational measures to protect your data during transfers to third countries. These include:
Despite these measures, there is a risk that local authorities in third countries may access your personal data without notifying you or allowing you legal recourse. However, we strive to minimize these risks by selecting trusted partners and implementing robust security measures.
If you believe that the processing of your personal data violates the provisions of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a competent supervisory authority in accordance with Article 77 GDPR. This right exists independently of other administrative or judicial remedies and can be exercised particularly if you believe that your rights related to the protection of your personal data have been violated.
Below is an overview of all third-party providers whose services are used on our platform, along with the corresponding links to their privacy policies. These third-party providers process personal data according to their own privacy policies:
This list is regularly reviewed and updated as necessary. Please refer to the respective privacy policies of third-party providers for detailed information on how your personal data is processed.
We reserve the right to modify or update this privacy policy—for example, in response to changes in legal requirements or technical developments on our platform.
This privacy policy was last updated on December 1, 2024.