Privacy Notice


Effective: November 2025 – replaces earlier versions

1. Controller and Contact


The controller responsible for processing your personal data is:

Caseking GmbH
Gaußstr. 1
10589 Berlin
Germany
Email: datenschutz@caseking.de

sim-verse.com is an offering of Caseking GmbH.

2. Data Protection Officer


For questions about data protection, please contact our Data Protection Officer:

Caseking GmbH – Data Protection Department
Mr. Achim Groeling
Gaußstr. 1, 10589 Berlin
Email: datenschutz@caseking.de

3. Scope of this Notice


This notice applies to the following offerings:

  • Our online offering (webshop) at https://www.sim-verse.com, including the business customer area, as well as our blog.
  • Partner offerings: https://de.endgamegear.com and https://de.noblechairs.com.
  • Our telephone services (hotlines “Consulting & Ordering”, “Customer Service & Support”, “Business Customers”).
  • Our business premises (outlet store, logistics center) – see section on video surveillance.
  • Contractual relationships with manufacturers/suppliers.
  • Job postings including electronic applications.

4. Data Security


We implement appropriate technical and organizational measures to protect your data against manipulation, loss, destruction, or unauthorized access (Art. 32 GDPR). These include, among others, access restrictions, authorization concepts, encryption (TLS/SSL with 256-bit), and regular evaluations.

Our employees are bound to confidentiality and to comply with data protection requirements.

5. General Information on Processing


Where certain fields are marked as mandatory at the point of collection, they are required for the respective purpose. Without such information, contracts may not be concluded and services may not be provided.

Processing based on consent is voluntary; consents can be withdrawn at any time with effect for the future.

Unless stated otherwise, we share data with service providers (e.g., data centers, logistics, payment services, analytics providers) that process personal data on our behalf (Art. 28 GDPR).

5.1 International Data Transfers

Where data is transferred to recipients in countries outside the EU/EEA, this occurs only if an adequacy decision of the European Commission exists (e.g., United Kingdom, Japan, South Korea, Switzerland, or the EU-US Data Privacy Framework (DPF) for suitably certified U.S. recipients), or based on appropriate safeguards under Art. 46 GDPR, in particular EU Standard Contractual Clauses (SCCs) including a Transfer Impact Assessment (TIA) and supplementary measures.

5.2 Hosting

We use hosting providers for infrastructure and platform services. Processing takes place in the EU/EEA or—if third-country involvement applies—according to section 5.1.

5.3 Disclosures to Authorities

Data is disclosed to public authorities only where legally required (Art. 6(1)(c) GDPR) or to establish, exercise, or defend legal claims (Art. 6(1)(f) GDPR).

5.4 Retention Periods

We process personal data only as long as necessary for the respective purpose. Thereafter, we delete the data regularly unless statutory retention periods (e.g., secs. 238, 257 HGB; sec. 147 AO) prevent deletion or you have consented to longer storage.

6. Purposes of Processing

6.1 Contact Inquiries

Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual communications) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Storage typically up to 6 months or according to statutory retention duties.

6.2 Registration / Customer Account

We process your registration details to set up and provide your account (Art. 6(1)(b) GDPR). We store the data until the account is deleted, unless legal obligations require longer retention.

6.3 Orders and Payment Processing

Processing to handle/fulfill orders including shipping, payment processing, and invoicing (Art. 6(1)(b) GDPR). Commercial and tax documents are retained per statutory periods (generally 6 or 10 years).

6.4 Marketing and Newsletters

  • Postal marketing based on our legitimate interests (Art. 6(1)(f) GDPR); you may object at any time.
  • Email marketing: with consent (Art. 6(1)(a) GDPR; double opt-in). Without consent, potentially under Sec. 7(3) UWG (Germany) for existing customers regarding similar products, with notice of the right to object at collection and in every email.
  • Review requests by email after a purchase constitute advertising; therefore based on consent or Sec. 7(3) UWG.

6.5 Product Reviews (Yotpo)

We use Yotpo Ltd., New York, USA, as a processor (Art. 28 GDPR) to collect and display product reviews. Publication occurs with first name and initial of the last name; your email address is not published.

Legal basis: consent (Art. 6(1)(a) GDPR) for review requests via email, or Art. 6(1)(f) GDPR for displaying reviews you voluntarily submit.

Third-country transfers take place per section 5.1 (DPF/SCCs). You can withdraw consent at any time in the settings or by emailing datenschutz@caseking.de.

7. Cookies, Tracking, Advertising, Plugins


We use cookies and similar technologies (e.g., pixels, local storage). Technically necessary technologies are used under Sec. 25(2) TTDSG and Art. 6(1)(f) GDPR. All other categories (statistics/comfort/marketing) are used only with your consent (Sec. 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR). You can withdraw consent at any time via the cookie settings.

7.1 Google Ads (Conversion Tracking)

Google Ireland Limited. Storing/accessing information on your device only with consent (Sec. 25 TTDSG); processing based on Art. 6(1)(a) GDPR. Possible transfers to Google LLC (USA) per section 5.1.

7.2 Meta Pixel (Facebook)

Meta Platforms Ireland Limited. Used only with consent (Sec. 25 TTDSG/Art. 6(1)(a) GDPR). Possible transfers to Meta Platforms, Inc. (USA) per section 5.1. Objection/withdrawal via cookie settings.

7.3 Google Analytics (GA4)

Google Ireland Limited. We use GA4 with IP anonymization. Legal basis is your consent (Art. 6(1)(a) GDPR). Event data retention in GA4: e.g., 14 months (configurable). Withdrawal at any time via cookie settings. Potential transfers to Google LLC (USA) per section 5.1.

7.4 Salesforce Marketing/Commerce Cloud

Salesforce, Inc., USA. Used for cross-channel customer communications/shop functionality. Legal basis depending on purpose: Art. 6(1)(b) (contract/shop functionality), Art. 6(1)(a) (marketing after consent), or Art. 6(1)(f) (legitimate interests – only without device access). Third-country transfers per section 5.1.

7.5 Custobar

Custobar Oy, Finland. Creation of usage profiles for personalized communications (email, SMS, on-site banners), where corresponding consents (double opt-in) exist. Legal basis: Art. 6(1)(a) GDPR; any device access under Sec. 25 TTDSG only with consent. No automated decision-making with legal effect (Art. 22 GDPR).

7.6 Dynamic Yield

Dynamic Yield Ltd., United Kingdom. Personalization of our web offering. Use of cookies/pseudonymization. Legal basis: consent (Sec. 25 TTDSG/Art. 6(1)(a) GDPR). IP addresses are stored in anonymized form; no direct personal reference.

7.7 Managing Cookies

You can delete or block cookies in your browser. In addition, you can change your preferences in the cookie settings at any time and withdraw any consents given.

8. Video Surveillance in Business Premises


In our business premises (outlet store, logistics center) we use clearly marked video surveillance.

Purposes: protection of persons and property, investigation of criminal offenses, exercise of domiciliary rights.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

Retention: generally 48–72 hours, at most until a specific incident is clarified.

Recipients: in individual cases, security services/law enforcement authorities. No audio recording.

9. Your Rights


Subject to the legal requirements, you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR).

You may withdraw consents at any time with future effect.

To exercise your rights, please contact our Data Protection Officer (see section 2).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

10. Objection to Marketing / Withdrawal of Consent


You may object at any time to the processing of your data for marketing purposes or withdraw consents granted—by email to datenschutz@caseking.de or by post to Caseking GmbH, Data Protection Department, Gaußstr. 1, 10589 Berlin. Emails include an unsubscribe link.

After an objection/withdrawal, we will include your contact details in an internal suppression list (Art. 21(3), Art. 17(3)(b), Art. 6(1)(c), (f) GDPR) to ensure no further marketing is sent.

11. Recipients and Categories of Recipients

  • IT/hosting/data center service providers (processors)
  • Logistics/shipping service providers
  • Payment service providers
  • Analytics providers/marketing platforms (only with consent/section 7)
  • Authorities/public bodies where legally required

12. Updates to this Privacy Notice


We may update this notice to reflect changes in law or technical developments. The current version is available on this page.


As of: November 2025