Data Privacy

Data Privacy Statement

The protection of personal data is one of our top priorities. We would like our users to know when we process which data. In addition, we have established technical and organisational measures to ensure that the data privacy regulations are observed both by us and by our processors.

Using the website and the application “Cyber Mission-Befehlsrecht” is possible without giving away personal data. We only process personal data to the extent that is necessary. Where it is necessary to process personal data, this will be done in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG).

1. What constitutes personal data?

According to Article 4(1) EU GDPR this is any information that refers to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly (especially by means of attributing to them an identifier such as a name, an identification number, positional information or an online handle).

2. Data processing

a) Access to the website

The legal basis for the processing of personal information is Article 6(1)(e) of the EU GDPR in conjunction with Section 3 of the German Federal Data Protection Act.

Anytime the website is accessed and anytime a file is retrieved, data related to this process is processed in a log file for a limited time for statistical and storage purposes. The IP address is deleted automatically after 7 days.

Specifically, for every access / data retrieval, the following data will be processed:

  • Date and time of the request/query
  • Referrer URL (Uniform Resource Locator) / referring website
  • Browser type, version and language
  • Loading time of the website
  • Operating system
  • IP address
  • Requested downloads
  • Number of clicks

This data is used exclusively for statistical purposes and to improve content and will not be analysed in a way that can be traced back to the users.

b) Contact by email

If you contact us by email, the data transmitted by you (particularly name, first name, address, but at the very least your email address and the information / personal data contained in the email) will be processed in line with the time limits applicable to the storage of written documents. This data will be processed on the basis of Article 6(1)(e) EU GDPR in conjunction with Section 3 of the German Federal Data Protection Act. It is necessary to process the personal data transmitted by you in order to contact you and respond to your query.

The IP address is also recorded. The IP address is used exclusively in the context of public criminal prosecution and emergency response measures in line with legal requirements.

c) Using the contact form

If you use the contact form, we will ask you for personal information so we can respond to your query. It is your decision whether you want to submit this data. In addition, the date and time of your query and your IP address will be transmitted.

You must accept this data privacy statement in order to use the form. By accepting it, you agree to the processing of your personal data, of the content, which may also contain personal data transmitted by you, and of the IP address. This data will be processed on the basis of Article 6(1)(a) EU GDPR for the purpose of responding to your query in accordance with Article 17 of the German constitution. The IP address will be used exclusively in the context of public criminal prosecution and emergency response measures in line with legal requirements. If you do not agree, the process will be aborted. In this case the contact form will not be transmitted. If you contact us by means of the contact form, we will assume that we may answer you by email. If you do not wish to receive an answer by email, kindly suggest another form of communication.

No automatic decisions will be made. Your data will be disclosed to the competent agency if necessary for processing your query, and will be disclosed externally only to our processors. Your information will be processed via email. The contents of the contact form will be transmitted via SMTP/TLS encryption. The contact email address will store your data on protected servers in Germany. For technical reasons, encrypted transmission of a confirmation email cannot be ensured. Therefore you will only receive an anonymised confirmation message. Please note that communication via email can always involve security gaps. For instance, emails may be intercepted on the way to the recipient and accessed by other internet users.

Queries in electronic form – and on paper – will be processed and stored in line with the time limits applicable to the storage of written documents.

d) Contact via telephone

If you contact us via telephone, no personal data will be processed. Personal data will only be processed if you request a return call or written message. In these cases, the statements in 2.c) on the processing of data will apply accordingly.

e) Apple App Store / Google Play Store

Whenever the Google Play Store / Apple App Store are used, we receive information about the number of downloads (in total and per user), the region from which the download is carried out and the terminal device platform used (e.g. tablet or smartphone). We will only analyse the transmitted information for statistical purposes.

f) Usage data

Usage data generated in the app, e.g. during exercises, will be stored on the user’s terminal device and their progress saved. This data may thus also be stored in the platform’s cloud services run by Google or Apple.

g) Apple Game Centre

This service is included in the standard version of Apple/iOS. An Apple ID is used to log into and use the service. All personal data is stored together with the Apple ID profile data. The service is subject to the Apple Privacy Policy (German link: As detailed in the privacy policy, personal data submitted via the Game Centre Account is visible to other users and may be read, collected and used by them, for example when participating in rankings / high score lists. Users will be responsible for their voluntarily submitted personal data. Handles, pictures and the complete profile are visible when users become “friends”. If a user’s profile is set to “public”, other users of the service can view their full profile including their full name, activities, scores, and results. For more information, please refer to: (German link)

h) Google Play Services

Google Play is included in the standard version of Google/Android. A Google account is used to log into and use the service. All personal data is stored together with the profile data of the Google account. When starting the game, the user must agree to the sharing of Google+ profile information and to the retrieval and processing of in-game activities. If the user refuses, the service cannot be used. If the user agrees, the user will decide on the type and amount of data to be stored in their Google account and on which data will be used and how. For more information, please refer to: and (German links)

i) Unity Analytics

The app “Cyber Mission – Befehlsrecht” uses the Unity Analytics API by Unity Technologies, 303rd Street, San Francisco, CA 94103, United States. The following data is collected through this API: IP address, device ID / device name, operating system, version, device language, mobile data network, beginning and end of app usage, duration of app usage, country, open product pages, whether product pages were accessed in the 3D environment or the product browser, accessed subpages. For further information on data collection and processing by Unity Analytics, please refer to: and (German link)

We use the data collected by Unity Analytics in order to analyse our app’s usage and to continuously improve it. The statistical information and the reports help us improve our offer and the app’s presentation in order to make it more interesting to you as a user. The legal basis for the use of Unity Analytics is Article 6(1)(1)(f) of the General Data Protection Regulation (GDPR). You may object with future effect to the use of your data by Unity Analytics by clicking the opt-out link at any point. The opt-out must be declared separately each time the app is used.

3. Disclosure of Personal Data to Third Parties

Your transmitted personal data will be disclosed to the competent agency if such disclosure is necessary to process your query. If your data is disclosed externally, it will be to processors only. Data logged in connection with your access to the website will only be disclosed to third parties where we are legally bound to do so or where the disclosure is required for purposes of legal or criminal prosecution in the event of attacks on communication technology at federal level. We will not disclose data under any other circumstances or merge it with other data sources.

4. Statistical Analysis and Use of Cookies

a) Statistical Analysis / Web Analysis

We evaluate user information for statistical purposes subject to Article 6(1)(e) of the EU GDPR in connection with Section 3 of the Federal Data Protection Act. Data collected in this way is anonymised and used to analyse the use of our web presence at and improve it. Whenever details of our website are accessed, the following data is stored:

  • IP address of the accessing system in an anonymised form,
  • accessed website,
  • referrer (website through which the user accessed our website),
  • subpages accessed from the originally accessed website,
  • length of stay on the website,
  • access frequency.

b) Use of Cookies

Within the scope of the demand-oriented provision of information based on Article 6(1)(e) of the EU GDPR, we solely use session cookies on our website. Cookies are small files automatically created by the user’s browser that are stored on the terminal device whenever you visit our website. They store information in connection with the respective terminal device, which does, however, not mean that we gain any insight regarding the user’s identity. Session cookies, which are only valid for the duration of your visit and deleted upon termination of the session, show that the user has visited individual pages on our website and serve to constantly optimise the user experience. Most browsers automatically accept cookies. However, browsers may be configured to never store cookies on the terminal device, to only store them for the duration of the current connection, or to always display a prompt notifying the user before a cookie is created. The complete deactivation of cookies may lead to a limited functionality of our website.

5. Privacy Statement for Social Media

We take the current debate on data privacy in social networks very seriously. There is currently no final legal consensus on the extent to which networks are offering their services in accordance with the European data protection regulations. We would therefore like to draw attention to the fact that services such as YouTube, Facebook, Instagram, Twitter, LinkedIn, and Flickr, which are also used by the BWI GmbH, store user data in accordance with their own data usage regulations and use such data for commercial purposes. The BWI GmbH has no influence on the collection and further use of data by social networks and therefore no information about the scope, location, and duration of data storage, about the extent networks comply with obligations to delete data, about how data is evaluated and connected, or to whom such data may be disclosed.

6. Your Rights

In accordance with the European General Data Protection Regulation (EU GDPR), you have the right to withdraw your consent given in accordance with Article 6(1)(a) of the GDPR at any time and with future effect, but without prejudice to the lawfulness of processing until the time of withdrawal (Article 7(3) of the EUGDPR). You not only have the right to withdraw your consent, but also rights to the following: access to the personal data (Article 15, EU GDPR), right to rectification (Article 16, EU GDPR), right to erasure (Article 17, EU GDPR), right to restriction of processing (Article 18, EU GDPR), right to data portability (Article 20, EU GDPR), right to object against processing (Article 21, EU GDPR), right to individual assessment (Article 22, EU GDPR). Furthermore, you have the right to lodge a complaint with the Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, 53117 Bonn (Article 77, EU GDPR).

7. Official Data-Protection Commissioner

For specific questions concerning the protection of your data, please contact the Commissioner for Data Protection:
Auf dem Steinbüchel 22
53340 Meckenheim
Phone: +49 (0)2225 988 14529