Privacy Policy

Off The Beaten Track is an international entertainment company specialized in video games. We create and publish video games for PC and consoles, as well as solutions for other developers and custom software solutions for our partners.

The purpose of this policy is to provide you with all the important information and explanations about how and why some of your data may be collected and processed by us when you browse on our website. This privacy policy governs and details the main principles that we apply to the data we collect and process. This policy also aims to remind you about your rights and to provide you with all the elements you need to exercise them.

Should you have any questions related to this policy or our practices around privacy and data protection in general, please don’t hesitate to contact our Data Protection Officer as indicated in the contact section of this policy.

Owner and Data Controller in accordance with § 5 DDG

Off The Beaten Track UG (haftungsbeschränkt)
c/o Wissenschaftszentrum Kiel
Fraunhoferstr. 13
24118 Kiel
Germany

Owner contact email: support@otbtgames.com
Person responsible for content: Jens-Uwe Bahr
Data Protection Officer: Jens-Uwe Bahr

Why does Off The Beaten Track collect data?

  • To make our website and services work properly – certain technical data is necessary for the website to function correctly.
  • To understand how visitors interact with our website in order to continuously improve it. For example, we analyze which pages are visited most frequently so we can provide better content. Our analytics solution (Sparrow Simple Analytics) works without cookies and without storing personal data.
  • To process your inquiries when you contact us via our contact form or email.

Data collected on our website

Like on most websites, when you browse on otbtgames.com certain information about your connection and device(s) are automatically collected for the website to operate properly.

Hosting

Our website runs on a dedicated server rented from netcup GmbH, Emmy-Noether-Straße 1, 76131 Karlsruhe, Germany. The server is located in Germany and is fully managed and administered by Off The Beaten Track. netcup provides only the physical server infrastructure and has no access to any data stored on or processed by the server, including server log files and website data.

When you access our website, the web server automatically collects and stores information in so-called server log files, which your browser transmits to us. These include:

  • IP address of the requesting device
  • Date and time of the request
  • Name and URL of the requested page
  • Referrer URL (the page from which our site was accessed)
  • Browser type and version, operating system
  • HTTP status code and transferred data volume

This data is processed for the following purposes: ensuring the proper functioning and security of the website, system administration, and detection and prevention of abuse. Server log files are automatically deleted after 14 days, unless longer retention is required for the investigation of specific security incidents.

The legal basis for this processing is Art. 6 Para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in providing a secure and functional website.

Cookies

Our website is designed to minimize the use of cookies. We have disabled WordPress emoji scripts and commenting functionality, so WordPress does not set any cookies for visitors who are not logged in. The only cookie set on our website is the klaro consent management cookie (see section on consent management below). Additional cookies may be set by third-party services (such as YouTube or Vimeo) only after you have given your explicit consent. Detailed information about which cookies are set by each service is available in the Klaro consent banner, which you can access at any time via the cookie settings link on our website.

You can control the use of cookies in your browser settings, but if you choose to disable cookies it may affect certain website functionalities, such as saving your consent preferences.

What data does Off The Beaten Track collect from its website?

For the purposes listed above the data that we collect is limited to:

  • Server log data as described in the hosting section above (IP addresses are only stored in server logs and automatically deleted after 14 days)
  • Aggregated, anonymous page view statistics collected by Sparrow Simple Analytics (no personal data)
  • Your consent preferences stored in the Klaro cookie
  • Information you provide us with voluntarily when you contact us

Analytics

Off The Beaten Track uses Sparrow Simple Analytics, a self-developed, self-hosted analytics solution to collect information related to the web traffic on our website. This solution runs entirely on our own server, situated in Germany. All collected data remains on our servers and is not shared with any third party.

Sparrow Simple Analytics is designed to be privacy-friendly by default. It works without cookies and without storing personal data. It does not use tracking pixels, session identifiers, fingerprinting, or any mechanism to identify or re-identify individual visitors. Each page view is simply counted as an aggregate number — no unique visitor tracking is performed.

The data collected by Sparrow Simple Analytics is limited to:

  • The page URL that was visited (cleaned of tracking parameters such as UTM tags)
  • The date of the visit (aggregated per day)
  • Whether the page returned a 404 error
  • Optionally, the referrer domain (if this feature is enabled)
  • Optionally, basic technical data such as device type, operating system family, browser family, and screen resolution (if this feature is enabled). This data is collected in aggregate and cannot be used to identify individual users.

IP addresses are not stored by Sparrow Simple Analytics. Logged-in users (such as administrators) are excluded from tracking.

Since Sparrow Simple Analytics does not set cookies and does not process personal data, it operates without requiring user consent under Art. 6 Para. 1 lit. f GDPR (legitimate interest in understanding how our website is used to improve it) and does not fall under the consent requirement of § 25 TDDDG, as no information is stored on or read from the user’s device for tracking purposes.

Consent management

We use Klaro, an open-source consent management tool, to manage your cookie and tracking preferences. When you first visit our website, Klaro displays a consent banner that allows you to accept or decline the use of optional services (such as embedded videos from third-party platforms). Klaro stores your consent choice in a cookie:

  • klaro: This cookie stores your consent preferences (which services you have accepted or declined). It expires after 30 days. This cookie is strictly necessary for the operation of the consent management system and is set on the basis of Art. 6 Para. 1 lit. f GDPR (legitimate interest in complying with consent requirements) and § 25 Abs. 2 Nr. 2 TDDDG (technically necessary).

You can change your consent preferences at any time by clicking the cookie settings link on our website. Third-party services (such as embedded YouTube or Vimeo videos) are only loaded after you have given your explicit consent via the Klaro consent banner, in accordance with § 25 TDDDG.

Embedded content

Our website may embed content from third-party services, such as videos from YouTube or Vimeo. These embeds are blocked by default and only loaded after you provide explicit consent through our consent management tool (Klaro). Once consent is granted, these third-party services may set their own cookies and collect data according to their own privacy policies:

Contact form

If you send us inquiries via our contact form, your details from the contact form, including the contact details you provided there (name, e-mail address, request) will be stored and used for the purpose of processing the inquiry. This also applies if you send us inquiries by e-mail or by other means. Mandatory information is marked in the contact form.

We collect this data in order to be able to receive and process your request, Art. 6 Para. 1 lit. b GDPR. We store inquiries about contracts or of potential legal relevance during the general limitation period, i.e. three years from the end of the year in which we received your enquiries. We store all other inquiries for a period of 36 months. Your inquiries will then be deleted if we no longer need them for legal reasons, in particular to assert, secure or defend claims. The storage takes place on the basis of our legitimate interest, the proper documentation of our business operations and the protection of our legal positions (Art. 6 Para. 1 lit. f GDPR).

Other important information

How long does Off The Beaten Track keep your data?

Personal data collected, received and processed for the purposes described in this policy is not kept longer than necessary. Specifically:

  • Server log files are automatically deleted after 14 days.
  • Analytics data (Sparrow Simple Analytics) does not contain personal data; aggregated statistics are retained for up to 13 months.
  • Consent preferences (Klaro cookie) expire after 30 days.
  • Contact form inquiries are stored for up to 36 months (three years) as described in the contact form section above.

We do not use automated processing to reach a decision or profiling.

Children’s data

We never knowingly or willingly collect any personal data concerning children under 16 years of age.

International transfers

Some of the partners and processors referred to in this policy are located outside of the European Union. In such cases, we ensure that:

  • the personal data is transferred to countries recognized as offering an equivalent level of protection, or
  • personal data is transferred to certified entities under the EU-U.S. Data Privacy Framework, or
  • for personal data transferred outside of countries recognized by the European Commission as having a sufficient level of protection, any of the mechanisms offering appropriate guarantees is used, for which provision is made by applicable regulations, and in particular the adoption of the standard contractual clauses of the European Commission.

Your rights

Under the GDPR, you have the following rights regarding your personal data:

Consent withdrawal and opt-out

You can manage your consent preferences at any time by clicking the cookie settings link provided on the website, which will re-open the Klaro consent banner.

Right to object (Art. 21 GDPR)

Where we process your personal data on the basis of legitimate interest (Art. 6 Para. 1 lit. f GDPR), you have the right to object to such processing at any time for reasons arising from your particular situation. This applies in particular to the processing of server log data for website security purposes. If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. To exercise this right, please contact our Data Protection Officer at support@otbtgames.com.

Access right (Art. 15 GDPR)

Upon request, we will provide you with information about whether we hold any of your personal information. You may request access to or deletion of your personal information by contacting our Data Protection Officer as indicated in the “Contact” section above. We will respond to your request within a reasonable timeframe.

Rectification and erasure (Art. 16, 17 GDPR)

You may request the rectification of inaccurate personal data concerning you, as well as the completion of incomplete personal data. You may also request to erase without undue delay your personal data when it is no longer necessary for us to retain such data. To exercise this right, contact our Data Protection Officer, as indicated in the “Contact” section on this page, in order to have the data previously collected by us permanently erased or anonymized.

Restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data where one of the following applies: you contest the accuracy of the data (for the period needed to verify accuracy), the processing is unlawful and you oppose erasure, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR pending verification of whether our legitimate grounds override yours.

Portability (Art. 20 GDPR)

Upon request, we will provide you with the personal data that you provided to us and, if possible, will communicate this information directly to another data controller of your choice in a portable format when the processing is based on consent or contract.

Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98
24103 Kiel
Germany
https://www.datenschutzzentrum.de

Changes to this privacy policy

We reserve the right to make changes to this privacy policy at any time by giving notice to our users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the user’s consent, we shall collect new consent from you, where required.

Last modified – April 16, 2026

Got a topic that deserves a game? Let's talk!

Tell us about your project idea - together, we’ll explore how it can create impact through play.

Contact us

© Off The Beaten Track UG (haftungsbeschränkt)
Cookie settings

Contact
Imprint
Privacy policy
Jobs