top of page

PRIVACY POLICY

Last updated: November 2025

Introduction

We (“we”, “us”, “our”) take the protection of the data of users (“users” or “you”) of our website and/or, where available, our mobile app (the “Website” or the “Mobile App”) very seriously and are committed to protecting the information that users provide to us in connection with their use of our website and/or, where available, our mobile app (together, the “Digital Assets”). Furthermore, we are committed to protecting and using your data in accordance with applicable law.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of your data through the use of our Digital Assets (the “Services”) when you access the Services via your devices.

Please read this Privacy Policy carefully and ensure that you fully understand our data practices before using our Services. We process personal data in accordance with the GDPR. We only set non-essential cookies/technologies after obtaining your consent; you can withdraw this consent at any time via [Cookie Settings]. Details on purposes, legal bases, and recipients are set out below.

This Privacy Policy explains:

  • how we collect data,

  • what data we collect,

  • why we collect this data,

  • who we share the data with,

  • where the data is stored,

  • how long the data is retained,

  • how we protect the data,

  • how we handle minors, and

  • updates or changes to the Privacy Policy.

What data do we collect?

Below is an overview of the data we may collect:

  • Non-identified and non-identifiable information that you provide during the registration process or that is collected through your use of our Services (“non-personal data”). Non-personal data does not allow conclusions to be drawn about the individual from whom it was collected. The non-personal data we collect consists primarily of technical and aggregated usage information.

  • Individually identifiable information, i.e., any information by which you can be identified or could be identified with reasonable effort (“personal data”). The personal data we collect through our Services may include information requested from time to time, such as names, email addresses, postal addresses, telephone numbers, IP addresses, and more. When we combine personal data with non-personal data, we treat the combination as personal data for as long as it remains combined.

How do we collect data?

Below are the main methods we use to collect data:

  • Use of the Services: When you visit our Digital Assets and use our Services, we may collect, record, and store usage data, sessions, and related information.

  • Data you provide: For example, when you contact us directly via a communication channel (such as an email with a comment or feedback).

  • Third-party sources: We may collect data from third-party sources as described below.

  • Login via third parties: We collect data that you provide when you sign in to our Services through a third-party provider such as Facebook or Google.

Why do we collect this data?

We may use your data for the following purposes:

  • to provide and operate our Services;

  • to develop, customise, and improve our Services;

  • to respond to your feedback, enquiries, and requests, and to offer assistance;

  • to analyse usage patterns and requirements;

  • for other internal, statistical, and research purposes;

  • to improve our data security and fraud-prevention capabilities;

  • to investigate violations and enforce our terms and policies, and to comply with applicable law, regulations, and governmental orders;

  • to send you updates, news, promotional material, and other information related to our Services. For promotional emails, you can choose whether you wish to continue receiving them; if not, simply click the unsubscribe link in those emails.

Who do we share this data with?

We may share your data with our service providers in order to operate our Services (e.g., storing data via third-party hosting services, providing technical support, etc.).

We may also disclose your data in the following circumstances: (i) to investigate, detect, prevent, or take action against unlawful activities or other wrongdoing; (ii) to establish or exercise our rights of defence; (iii) to protect our rights, property, or personal safety and the safety of our users or the public; (iv) in the event of a change of control at our company or any of our affiliates (by way of merger, acquisition, or purchase of substantially all assets, etc.); (v) to collect, store, and/or manage your data via authorised third-party providers (e.g., cloud service providers) to the extent reasonably necessary for business purposes; (vi) to work with third parties to improve your user experience. For the avoidance of doubt, we may transfer, share, or otherwise use non-personal data at our discretion.

If we offer blog/comments/community features, content published there is generally public. Do not publish information that you do not wish to make public (cache/archive copies may persist). Please note that any content or data you provide in these areas may be read, collected, and used by others. We advise against posting or sharing information that you do not want to be public. If you upload content to our Digital Assets or otherwise provide it in the course of using a Service, you do so at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and confirm that copies of your data may remain accessible even after deletion on cached and archived pages or after third parties have copied/stored your content.

Cookies and similar technologies

We use cookies and similar technologies. Non-essential categories (e.g., analytics/marketing/external content) are only set after consent (Art. 6(1)(a) GDPR / Sec. 25(1) TDDDG). Technically necessary cookies are permitted under Sec. 25(2) TDDDG; their processing is based on Art. 6(1)(f) GDPR (legitimate interest in secure/functional operation). On your first visit you can accept, decline, or customise. You can change your selection at any time: [Cookie Settings] (link in the footer). Details on categories, providers, cookie names, and storage periods can be found there under “Details”.

We will not share your email address or other personal data with advertising companies or ad networks without your consent.

Where do we store the data?

Please note that our company as well as our trusted partners and service providers are located around the world. For the purposes explained in this Privacy Policy, we store and process all non-personal data we collect in different jurisdictions.

Personal data may be maintained, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and—where necessary for the proper provision of our Services and/or required by law (as further explained below)—in other jurisdictions.

How long is the data retained?

Please note that we retain the data collected for as long as necessary to provide our Services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements.

We may correct, supplement, or delete inaccurate or incomplete data at our sole discretion at any time.

How do we protect the data?

The hosting service for our Digital Assets provides us with the online platform through which we can offer you our Services. Your data may be stored via our hosting provider’s data storage, databases, and general applications. It stores your data on secure servers behind a firewall and provides secure HTTPS access to most areas of its services.

All payment options offered by us and our hosting provider for our Digital Assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) requirements of the PCI Security Standards Council (a joint effort of brands such as Visa, MasterCard, American Express, and Discover). PCI-DSS requirements help ensure the secure handling of credit card data (including physical, electronic, and procedural measures) by our shop and service providers.

Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection or absolute security of the data that you upload, post, or otherwise share with us or others.

For this reason, we ask you to set secure passwords and, where possible, not to transmit to us or others any confidential information whose disclosure you believe could cause you significant or lasting harm. As email and instant messaging are not considered secure forms of communication, please do not share confidential information via either channel.

How do we handle minors?

The Services are not intended for users who have not yet reached the legal age of majority. We will not knowingly collect data from children. If you are not of legal age, you should not download or use the Services and should not provide us with any information.

We reserve the right to request proof of age at any time so that we can verify whether minors are using our Services. If we become aware that a minor is using our Services, we may prohibit and block that user’s access and we may delete all data stored about that user. If you have reason to believe that a minor has provided data to us, please contact us as explained below.

General

We use your personal data only for the purposes set out in this Privacy Policy and only when we believe that:

  • the use of your personal data is necessary to perform or enter into a contract (e.g., to provide the Services themselves or customer service/technical support to you);

  • the use of your personal data is necessary to comply with relevant legal or regulatory obligations; or

  • the use of your personal data is necessary to support our legitimate business interests (provided that this is done at all times in a proportionate manner and with respect for your privacy rights).

If you are an EU resident, you may:

  • request confirmation as to whether personal data concerning you is being processed, and request access to your stored personal data and certain supplementary information;

  • request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format;

  • request the rectification of your personal data stored by us;

  • request the erasure of your personal data;

  • object to the processing of your personal data by us;

  • request the restriction of the processing of your personal data; or

  • lodge a complaint with a supervisory authority.

Please note, however, that these rights are not unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as set out below.

In the course of providing the Services, we may transfer data across borders to affiliates or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. This may involve transfers to third countries (outside the EEA), for example via service providers used by us. In such cases, we rely on recognised safeguards (e.g., EU Standard Contractual Clauses) or adequacy decisions. Details can be found in the consent banner under “Details” and in the providers’ policies.

If you are resident in the EEA, your personal data will only be transferred to locations outside the EEA where we are satisfied that there is an adequate or comparable level of protection for personal data. We will take appropriate steps to ensure that we have suitable contractual arrangements with our third parties to ensure appropriate security measures are in place so that the risk of unlawful use, alteration, deletion, loss, or theft of your personal data is minimised and that these third parties act at all times in accordance with applicable laws.

 

Addendum: California law (CCPA/CPRA) – applies only to California residents

If you use the Services as a resident of California, you may be entitled under the California Consumer Privacy Act (“CCPA”) to request access to and deletion of your data.

To exercise your right to access and deletion of your data, please see below for how to contact us.

We do not sell users’ personal data for the purposes of the CCPA.

Users of the Services who are resident in California and under 18 years of age may request and obtain removal of content they have posted by emailing us at the address provided in the Contact section below. Such requests must be labelled “California Removal Request”. All requests must include a description of the content you wish to have removed and sufficient information to enable us to locate the material. We do not accept notices that are not properly labelled and submitted, and we may be unable to respond if you do not provide sufficient information. Please note that your request does not ensure that the material will be completely or comprehensively removed. Content you posted may, for example, be republished or reposted by other users or third parties.

Updates or changes to the Privacy Policy

We may revise this Privacy Policy at our sole discretion from time to time; the version published on the Website is always the current version (see “Last updated”). We ask you to review this Privacy Policy regularly for changes. In the event of material changes, we will post a notice on our Website. If you continue to use the Services after being notified of changes on our Website, this will be deemed your acknowledgement and consent to the changes to the Privacy Policy and your agreement to be bound by the terms of those changes.

Contact

If you have general questions about the Services or the data we collect about you and how we use it, please contact us at:

 

Name: TAKARA Studio GbR
Address: Lindenstraße 18, 85120 Hepberg, Germany

Email: contact@takara-studio.de

bottom of page