o7studios

Privacy Policy

This Privacy Policy explains how o7studios EOOD handles personal data when you visit our website. We have written it to be clear and to reflect the requirements of the EU General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act. Personal data means any information that relates to an identified or identifiable person.

1. Controller

The controller responsible for the processing of personal data on this website is: o7studios EOOD (registered as о7студиос ЕООД) Sredna Gora St. 1, Floor 6, Apt. 66 8217 Aheloy, Bulgaria Phone: +359 88 8839802 Email: [email protected] The controller is the natural or legal person who decides on the purposes and means of processing personal data.

2. Data Protection Officer

Given the nature and scale of our processing, we are not required to appoint a Data Protection Officer under Article 37 GDPR. For any data protection matter you can reach us directly at the contact details above.

3. Data We Collect

Server log files

When you visit our website, our hosting provider automatically records technical information that your browser transmits. This typically includes your IP address, the date and time of the request, the requested page or file, the referring URL, your browser type and version, and your operating system. This data is necessary to deliver the website to you, to keep it stable and secure, and to detect and prevent misuse. We do not combine this data with other sources to identify you. The legal basis is our legitimate interest in the reliable and secure operation of our website under Article 6(1)(f) GDPR. Log data is kept only for as long as needed for these purposes and is then deleted or anonymised.

When you contact us

If you contact us by email or telephone, we process the information you provide, such as your name, your contact details, and the content of your message, in order to handle your request. If your request relates to a contract or to steps taken before entering into one, the legal basis is Article 6(1)(b) GDPR. In all other cases the legal basis is our legitimate interest in responding to enquiries under Article 6(1)(f) GDPR. We keep this correspondence until your request has been dealt with, after which it is deleted unless we are required by law to retain it for longer, for example under tax or commercial law.

Analytics (self-hosted Plausible)

To understand how our website is used, we run our own self-hosted instance of Plausible Analytics. Plausible is privacy-focused: it does not set cookies, it does not track you across websites, and it does not build profiles of individual visitors. It collects only aggregated statistics such as page views, visit counts, referring domains, approximate location derived from an anonymised IP address, browser type, and device type. IP addresses are processed only transiently to generate these aggregated figures and are not stored in a form that can identify you. Because the data is anonymised and the tool is cookieless, no consent banner is required. The legal basis is our legitimate interest in measuring and improving our website under Article 6(1)(f) GDPR.

4. Cookies

We do not use cookies for advertising or for analytics. The only cookies that may be set are strictly necessary cookies placed by our security and content delivery provider (see the Cloudflare section below) to keep the site secure and functioning, for example to distinguish automated traffic from genuine visitors. Strictly necessary cookies do not require consent. Because we set no non-essential cookies, we do not display a cookie consent banner.

5. Hosting

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The data described above is processed on Hetzner's servers, which are located within the European Union. Hetzner acts as our processor and handles personal data only on our instructions under a data processing agreement that meets the requirements of Article 28 GDPR. The use of Hetzner is based on our legitimate interest in reliable hosting under Article 6(1)(f) GDPR.

6. Content Delivery and DNS (Cloudflare)

We use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) to deliver our website quickly and to protect it against attacks, and we use Cloudflare for DNS resolution of our domain. To do this, Cloudflare processes technical data such as IP addresses, request headers, the resources requested, and timestamps. This processing is necessary to operate and secure the website and is based on our legitimate interest under Article 6(1)(f) GDPR. We have concluded a data processing agreement with Cloudflare under Article 28 GDPR.

Cloudflare may process data on servers located in the United States, which is a country outside the European Economic Area. These transfers are safeguarded by Cloudflare's certification under the EU-U.S. Data Privacy Framework, on the basis of which the European Commission has confirmed an adequate level of data protection. As an additional safeguard, Cloudflare also relies on the Standard Contractual Clauses adopted by the European Commission under Article 46 GDPR. You can obtain a copy of these safeguards by contacting us at the address given above.

7. Recipients of Personal Data

We share personal data with third parties only where this is necessary, for example with the hosting and infrastructure providers named above acting as our processors, or where we are required to do so by law, such as a request from a competent authority. Where a provider acts as our processor, we share data only on the basis of a valid data processing agreement. We do not sell personal data.

8. Retention

We keep personal data only for as long as it is needed for the purpose for which it was collected. Once that purpose no longer applies, the data is deleted or anonymised, unless a statutory retention period requires us to keep it for longer. If you ask us to delete your data or withdraw a consent you have given, we will act on that request unless we have a legal obligation or another lawful ground to retain the data.

9. Your Rights

Under the GDPR you have the following rights in relation to your personal data: - Access: you can ask whether we process data about you and request a copy of it. - Rectification: you can ask us to correct inaccurate or incomplete data. - Erasure: you can ask us to delete your data where one of the grounds in Article 17 GDPR applies. - Restriction: you can ask us to limit how we use your data in the cases set out in Article 18 GDPR. - Data portability: you can ask to receive data you provided to us, where processing is based on consent or a contract and carried out by automated means, in a structured, commonly used, machine-readable format. - Objection: where processing is based on our legitimate interest, you can object to it on grounds relating to your situation, and you can object at any time to processing for direct marketing. - Withdrawal of consent: where processing is based on consent, you can withdraw that consent at any time with effect for the future, without affecting the lawfulness of processing before the withdrawal. To exercise any of these rights, please contact us using the details in section 1.

10. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or the place of the alleged infringement. As we are established in Bulgaria, our lead supervisory authority is: Commission for Personal Data Protection (Комисия за защита на личните данни) 2 Prof. Tsvetan Lazarov Blvd. 1592 Sofia, Bulgaria Email: [email protected] Website: www.cpdp.bg

11. Data Security

We use appropriate technical and organisational measures to protect your data. Our website is served over an encrypted connection using TLS, which you can recognise by the https prefix in your browser's address bar. Please note that data transmission over the internet can never be guaranteed to be completely secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our website, our processing, or the law. The current version is the one published on this page and is effective as of June 2026. We encourage you to review it occasionally.

o7studios is in no way affiliated with Mojang Studios, nor should it be considered a company endorsed by Mojang Studios.

© 2026 o7studios. All rights reserved.
Cta