English
 Hungarian
 Spanish
 Romanian
 Turkish
 German
 Polish

Privacy Policy

The operator of the www.landofheroes.eu website (the "Website") and the Land of Heroes online game (the "Game"), as service provider and data controller, hereby informs the visitors of the Website and the users who access the service through the Website (the "Users") about its data processing practices.

We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). By registering and using the Website and the Game, the User acknowledges that they have read and understood this Privacy Policy.

Last updated: 10 June 2026

1. THE DATA CONTROLLER

The details of the data controller are:

Company name: Vibestro Interactive - FZCO
Registered address: Building A1, Dubai Silicon Oasis, Dubai Digital Park, Dubai, United Arab Emirates
E-mail: [email protected]
Phone: +971 58 541 9922

Hereinafter: the "Controller". Privacy-related requests may also be sent to our support team at [email protected]. Full operator details are available on our Imprint page.

2. PURPOSE, SCOPE AND DURATION OF DATA PROCESSING

The Controller processes the personal data of Website visitors and Users that are necessary for contact and communication, for providing information about the service (i.e. participation in the Game and its conditions), and for the performance of the legal relationship that arises between the Controller and the User in connection with this service.

Use of the Website and participation in the Game require registration, during which the User provides certain personal data. By registering, the User consents to the recording and processing of the data provided during registration. The User also consents that, for the purpose of monitoring the operation of the Website and the Game and preventing abuse, the Controller may record login data, the amount of time spent in the Game, and data relating to transactions involving items obtained during the Game. For quality-assurance purposes, the Controller may also record messages sent by the User to other users or to the Controller.

The personal data processed by the Controller fall into the following categories:

  • registration data (username, e-mail address, password — passwords are stored only in hashed form);
  • transaction data (Dragon Coins purchases and top-ups);
  • login and logging data (IP address, an anonymised device fingerprint, in-game activity);
  • customer-support requests (the support portal at portal.landofheroes.eu and e-mail);
  • hardware and system information (device identifier, operating system, performance parameters, crash/error reports) for development, debugging and system-stability analysis.

Personal data are processed by the Controller and by the processors engaged by the Controller, only for as long as necessary to fulfil contractual or legal obligations, to enforce claims arising from the contract, or to achieve the relevant processing purpose. Personal data are deleted from the Controller's records, or appropriately anonymised, once they are no longer needed.

The User has the right to request that the Controller erase their personal data without undue delay where the data are no longer necessary or where any other ground under Article 17(1)(b)–(f) GDPR applies. Where the User has used a paid service, taken part in trading between users, or where this is necessary to investigate a user issue, and in view of accounting and tax legislation, the Controller retains the data for the limitation period prescribed by law.

Erasure or modification of personal data may be requested primarily through the support portal at portal.landofheroes.eu or via [email protected].

In the event of unlawful or deceptive use of personal data, a criminal offence committed by the User, or an attack against the Controller's IT systems, the Controller is entitled to delete the personal data concerned without delay; however, where required for an official or judicial procedure, the Controller retains the data for the period ordered by the authority or court.

This Privacy Policy does not extend to services and/or data processing carried out by third parties other than the Controller named herein, which may appear on or be linked from the Website. Such processing is governed by the privacy policies of the third parties operating those services, for which the Controller accepts no responsibility.

3. COOKIES

During the operation of the Website the Controller uses cookies to improve the user experience, to ensure the proper functioning of the Website, and for statistical analysis. A cookie is a small data file that the Website stores on the User's device and that contains certain information about the visit.

Non-essential cookies are used on the basis of the User's prior, express consent, which can be given through the Website's cookie banner and withdrawn at any time. The types of cookies used are session cookies, persistent cookies, and third-party cookies. The third-party services that may set cookies or process technical data include:

  • Google Analytics and Google Tag Manager — for the statistical analysis of Website usage;
  • TikTok Pixel — for measuring the effectiveness of advertising;
  • Cloudflare Turnstile — for protecting forms (such as registration) against automated abuse.

Most browsers accept cookies automatically, but cookies — including their deletion and blocking — can be managed in the browser settings. For full details, see our Cookie Policy.

4. AUTOMATED DECISION-MAKING AND PROFILING

The Controller does not apply automated decision-making — including profiling — based solely on automated processing that produces legal effects concerning the User or similarly significantly affects them.

The Controller may analyse user behaviour (e.g. time spent in the Game, items obtained, messaging habits) solely for statistical purposes or to improve service quality, but these processing operations do not lead to a decision that individually affects the User. Should the Controller apply automated decision-making or profiling in the future, it will provide separate prior information and ensure the appropriate rights under Article 22 GDPR.

5. LEGAL BASES FOR PROCESSING
  • Contract — processing is necessary for the performance of a contract to which the User is a party, or to take steps at the User's request prior to entering into a contract (Article 6(1)(b) GDPR).
  • Legal obligation — the processing of certain personal data (primarily for tax and accounting purposes), as well as official or judicial requests, may be mandatory for the Controller (Article 6(1)(c) GDPR).
  • Consent — the Controller always requests express consent for processing related solely to marketing communications (e.g. newsletters, advertisements, promotions) (Article 6(1)(a) GDPR).
  • Legitimate interest — the processing of certain data may be necessary for the legitimate interests of the Controller or a third party, except where the User's interests or fundamental rights and freedoms override those interests (Article 6(1)(f) GDPR).
6. PRINCIPLES OF PROCESSING

The Controller carries out processing in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

Providing personal data to the Controller is voluntary, but in the absence of certain data, or in the case of inaccurate data, the Controller may be unable to maintain proper contact and/or to conclude and perform a contract; Users are therefore asked to provide the requested data accurately and completely. The Controller does not verify the personal data provided by the User; responsibility for the accuracy of the data rests solely with the person providing it, while the Controller takes all reasonable steps to erase or rectify inaccurate or unnecessary data without delay.

7. THIRD-PARTY PROCESSING

7.1 Data processors. For its business activities the Controller uses services provided by third parties (e.g. accounting, financial). Under the contracts concluded with these service providers as processors, a defined set of personal data (name, e-mail address, billing data) may be transferred to or made accessible by them for processing purposes. A processor may process such data only in accordance with the Controller's instructions, unless required to act otherwise by EU or member-state law.

7.2 Processing in connection with payment transactions. The financial service providers acting in payment transactions have their own privacy policies regarding the data required to process payments. Personal data entered on a payment interface are processed solely by the payment service provider; the Controller does not have access to these data and, in particular, does not store full card or banking details. Users should review and accept the provider's privacy policy before initiating a transaction. The payment service provider used is Stripe (https://stripe.com/privacy).

7.3 Processing in connection with support and customer-service requests. The Controller handles support and customer-service requests primarily through its support portal at portal.landofheroes.eu and by e-mail. Where the User contacts the Controller through the official Discord server of the Game, the data provided are governed by the Discord Terms of Service (https://discord.com/terms) and Privacy Policy (https://discord.com/privacy); Discord Inc. may store and, where necessary, transfer data on its own servers, including data centres outside the EU/EEA. The Controller itself does not transfer personal data to countries outside the EU/EEA other than as described in this Policy.

8. STORAGE AND SECURITY OF THE DATA

The Controller's IT system, and thus the actual place of processing, is operated on cloud-based servers provided by OVHcloud (OVH Groupe SAS, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com). Notwithstanding the use of the cloud service, the Controller bears full responsibility for the hosting and processing of the data.

The Controller protects the data with appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental loss or damage. The Controller applies technical, organisational and operational measures that provide a level of protection appropriate to the risks of the processing, including server-level and application-level protection. The Controller selects and operates the IT tools used so that the processed data are accessible to authorised persons (availability), their authenticity is ensured, their integrity can be verified, and they are protected against unauthorised access (confidentiality). Security measures include encrypted connections (HTTPS), hashed password storage, optional two-factor authentication (2FA), and access controls.

The Controller informs Users that electronic messages transmitted over the internet are vulnerable to network threats. The Controller takes every reasonable precaution against such threats and monitors its systems in order to record any security incident and to verify the effectiveness of the measures applied.

9. RIGHTS OF THE DATA SUBJECT

Every natural person whose personal data are processed by the Controller has the following rights in connection with the processing:

  • Right to prior information — to be informed of the facts and information relating to the processing before it begins (Article 13 GDPR).
  • Right of access — to obtain confirmation as to whether personal data are being processed and, if so, access to the data and related information (Article 15 GDPR).
  • Right to rectification — to have inaccurate personal data corrected and incomplete data completed without undue delay (Article 16 GDPR).
  • Right to erasure ("right to be forgotten") — to have personal data erased where there is no longer a need for them or another ground under Article 17 GDPR applies.
  • Right to restriction of processing — to obtain restriction of processing in the cases set out in Article 18 GDPR.
  • Right to notification — the Controller communicates any rectification, erasure or restriction to each recipient to whom the data were disclosed, unless impossible or disproportionate (Article 19 GDPR).
  • Right to data portability — to receive the personal data provided to the Controller in a structured, commonly used, machine-readable format and to transmit them to another controller (Article 20 GDPR).
  • Right to object — to object, on grounds relating to the User's particular situation, to processing based on legitimate interest (Article 21 GDPR).
  • Rights regarding automated decision-making — not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR).
  • Right to be informed of a data breach — where a breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller informs the User without undue delay (Article 34 GDPR).
  • Right to lodge a complaint and to judicial remedy — to lodge a complaint with a supervisory authority and to an effective judicial remedy (Articles 77–79 GDPR).
10. APPLICABLE LEGISLATION

In this Privacy Policy the Controller refers to the General Data Protection Regulation — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC — by its abbreviated English name, GDPR.

11. REMEDIES, SUPERVISORY AUTHORITY

If a User considers that the processing of their personal data infringes the GDPR, they have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of their habitual residence, place of work, or the place of the alleged infringement. The User may also bring proceedings before a court against the Controller or a processor if they consider that their rights have been infringed as a result of the unlawful processing of their personal data.

12. QUESTIONS, REQUESTS AND CONTACT

The Controller has not appointed a data protection officer. Questions, comments and requests relating to the processing of personal data may be sent directly to:

Vibestro Interactive - FZCO
E-mail: [email protected]
Support: [email protected]
Phone: +971 58 541 9922

13. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy was finalised on 10 June 2026. The Controller reserves the right to amend this Privacy Policy and, in the event of a change in legislation, to supplement or clarify it in accordance with the applicable legal requirements, and will at all times inform the data subjects of any changes through the Website.

Vibestro Interactive - FZCO — Data Controller