Privacy Policy (GDPR)

This notice explains how we process personal data for the Grand Theft Mods webshop. It is provided in English and follows German legal requirements (GDPR, BDSG).

Controller

Responsible entity for this website and shop.

Company

Garmingo UG (haftungsbeschraenkt)

Trading Name

Grand Theft Mods

Managing Directors

Lukas Halmschlager
Alexander Neitzel

Address

Hoerder Str. 324
58454 Witten
Germany

support@grandtheftmods.com

Hosting Location

Germany

Data Categories and Purposes

What we collect and why we process it.

Account Data

Account credentials and identifiers provided through Better-auth, plus access logs necessary for security.

Order and Payment Data

Purchase details, pricing, tax information, in-game identifiers, and payment references processed via Tebex.

Support Communication

Messages you send to us for assistance or data subject requests.

Functional Analytics

Self-hosted, cookie-less measurements to keep the site reliable and secure. No third-party tracking, no Google Analytics.

Legal Bases (GDPR Art. 6)

How we justify processing personal data.

Performance of Contract

Art. 6(1)(b) GDPR for account creation, order processing, and delivering digital goods.

Legal Obligations

Art. 6(1)(c) GDPR for tax, commerce, and retention duties under German law.

Legitimate Interests

Art. 6(1)(f) GDPR for fraud prevention, platform security, and minimal functional analytics. Interests are balanced against your rights.

Payments via Tebex

How payment processing works for this shop.

Processor / Provider

Payments are handled by Tebex Ltd. Data exchanged includes order details, pricing, and payment references. Tebex acts as an independent controller for payment processing.

Further Information

See Tebex privacy notice: https://www.tebex.io/terms-creator-agreement/privacy-policy.

Fraud Prevention

Tebex may run fraud checks to protect buyers and us. This is required to complete purchases.

Payment Methods

Card, PayPal, or other methods offered by Tebex. We do not store full payment credentials on our systems.

Cookies and Tracking

Only what is required for core functionality.

Functional Cookies Only

We use strictly necessary cookies for login sessions and cart functionality. No marketing or profiling cookies.

Analytics

Self-hosted analytics without third-party tracking. No Google Analytics and no cross-site tracking.

Control

You can block cookies in your browser. This may limit login and checkout functionality.

Retention

How long we keep data.

Account Data

Stored while your account is active. On deletion requests we remove or anonymize non-legal records.

Order and Payment Data

Retained for statutory periods (typically 10 years) under German commercial and tax law.

Support Communication

Kept as long as needed to resolve the request and to comply with follow-up obligations.

Recipients and Transfers

Who receives data and where it is processed.

Hosting

Infrastructure located in Germany. Technical service providers act under data processing agreements.

Payments (Tebex)

Tebex Ltd operates from the United Kingdom. The UK has an adequacy decision under GDPR; standard safeguards apply if required.

No Unnecessary Sharing

We do not sell or rent personal data. Sharing occurs only when needed for the purposes above or legal obligations.

Data Subject Rights

You can exercise your rights at any time.

Access, Rectification, Portability

Request a copy, correction, or export of your data.

Deletion

Request deletion; we remove data unless legal retention applies. Export and deletion are currently handled via email.

Restriction and Objection

You may restrict processing or object to processing based on legitimate interests.

How to Contact

Email: support@grandtheftmods.com. We handle GDPR requests manually at this time.

Supervisory Authority

You may lodge a complaint with a data protection authority, for example Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen.

Security

Measures to protect your data.

We apply all industry-standard security measures, including HTTPS encryption, secure password hashing, regular software updates, and access controls to protect personal data from unauthorized access, alteration, disclosure, or destruction.

Updates

When this policy changes.

Version

1.0 (English). We will post updates here when required.