Privacy Policy

Please note that all mentions to „Facebook“ apply the same to Facebook’s new company name „Meta“. Oculus belongs to Meta as well.

Data protection information 
Protecting your data is very important to us. To ensure transparent cooperation, we draw your attention to important processing activities and special features. To be able to use our services, please purchase and download our apps, once available, from the Oculus Store and/or App Lab from Meta. Data processing and payment procedures are carried out exclusively via Oculus/Facebook. We do not collect or receive any personal data from you here. Further information on data protection from Oculus can be found at and       

Purpose and legal basis of data processing 
Data processing at XR Consulting Rücker is carried out to provide apps and services in accordance with Article 6 (1) (b) of the GDPR for pre-contractual or contractual measures. These include: 
• answering enquiries 
• administration
• offer preparation, contract processing and order processing 
• providing the platform 
• maintaining business relationships      

  As a company, we are subject to different legal obligations. In order to fulfil these obligations, it may be necessary to process personal data in the public interest pursuant to Article 6 (1c) of the GDPR or Article 6 (1e) of the GDPR. 
• control and reporting obligations 
• creditworthiness, age and identity checks 
• prevention of criminal acts   

  Controller pursuant to Article 4(7) EU General Data Protection Regulation (GDPR)

Fabian Rücker
XR Consulting Rücker
Burgstrasse 4
60316 Frankfurt am Main
If you have any questions about our data protection, please email us.   

These data protection information shall apply to the following offers and relevant subpages:

– whenever reference is made to this data protection information from one of our services, regardless of how you access or use it.    

Collection of personal data in our app: MR Chess and future apps
We are working with Meta’s Oculus Store and Meta’s App Lab. We collect, process and store the following data from you and use it for the purpose of improving our apps, e.g. fixing a bug or creating a better user experience. In our apps, you can submit an internal developer log file with a current screenshot of the usage of our app to us, e.g. in the case a failure happens inside the app and you want to notify us about it. The legal basis is Article 6 (1) (b) of the GDPR.  
• IP address, for the purpose of knowing if the report comes from the same user within keeping the same IP address    
• submission date, time and time zone for the purpose of knowing when incidents/bugs happened
• System memory statistics like the total amount of reserved memory, texture memory, texture count, frame rate, frame time, draw call, number of triangles, amount of mesh memory, CPU and GPU levels over time and the status of the internal garbage collection can be included in the log files for giving the developers an overview of the system status and resources.
• the screenshot shows what the user is currently seeing, e.g. a photo, for the purpose of having a visual representation of what the user saw during the bug/incident

During run-time, the app itself is not using user-specific data by itself. However, the requried call to the Oculus Entitlement check might internally use user data to verify the entitlement status. We do not have access to that user-specific data, please refer to the Oculus Store, Oculus Terms and Conditions and Oculus Privacy Policy for further information.

In the case where we have user-specific data from you, you can request that data by contacting us at the address (see email above or postal address) above while providing evidence of your user identity. Furthermore, you can request that your user-specific data is deleted through contacting us through the email address mentioned above.

As determined by the Oculus Store, Oculus Terms and Conditions and Oculus Privacy Policy, Oculus/Facebook/Meta might collect data from you automatically while using our app. We do not have influence on this and cannot enable or disable this. Data might include: user ratings of the app, time spent in the app, if user has been using the app within the last 28 days, averaged data over multipe users regarding age, gender, country, region and similiar properties. Furthermore, crash statistics might be automatically created by Oculus/Facebook/Meta and include information about the used devices (e.g. Quest, Quest 2), regions of the user and so on. We do not have influence on this and cannot enable or disable this. 

For Meta Quest devices, we may use platform features such as User ID (grants an app access to the user id to enable various features), User Profile (grants an app access to the Oculus username and profile photo) and Avatars (grants an app access to Oculus Avatars, a persistent identity across the Oculus ecosystem. With Oculus avatars, users can bring their own visual identities into our app). These will be used in accordance with the Oculus Developer Data Use Policy (

Our virtual reality apps are based on the Unity game engine. We do not have influence on this or access to the data, but Unity might do the following: Unity has collected some or all of the following information about your device: unique device identifiers (e.g., IDFV for iOS devices and Android ID for Android devices); IP address; country of install (mapped from IP address); device manufacturer and model platform type (iOS, Android, Mac, Windows, etc.) and the operating system and version running on your system or device; language; CPU information such as model, the number of CPUs present, frequency, and instruction set support flags; the graphics card type and vendor name; graphics card driver name and version (e.g., “nv4disp.dll”); which graphics API is in use (e.g., “OpenGL 2.1” or “Direct3D 9.0c”); amount of system and video RAM present; current screen resolution; version of the Unity Editor used to create the game; sensor flags (e.g., device support for gyroscope, touch pressure or accelerometer); application or bundle identification (“app ID”) of the game installed; unique advertising identifiers provided for iOS and Android devices (e.g., IDFA or Android Ad ID); and a checksum of all the data that gets sent to verify that it transmitted correctly.

Collection of personal data upon contact  
If you email us or contact us via the contact form, we process and store the following data from you and use it to answer your enquiry. The legal basis is Article 6 (1) sentence 1 (b) of the GDPR: 
• first name, surname 
• email address 
• email receipt date 
• time zone difference to Greewich Mean Time    

Collection of personal data upon visit to our website 
(1) When using the website merely for information purposes, i.e. if you do not register or otherwise provide us with information, we shall collect only the personal data that your browser sends to our server. If you would like to look at our website, we will collect the following data, which are technically necessary for us to notify you of our website and to ensure stability and security (the legal basis is Article 6 (1) sentence 1 (f) of the GDPR): 
– IP address 
– date and time of the request 
– time zone difference to Greenwich Mean time (GMT) 
– content of the request (specific page) 
– access status/HTTP status code 
– data transferred in each case 
– the website from which the request originates 
– browser 
– operating system and its surface 
– language and version of browser software. 
(2) We do not use cookies for our website. 
(3) We do not use tracking technologies. 
(4) No automated decision-making, known as profiling, takes place during the visit to our website. 
(5) We process your personal data only for the purpose specified here. Any further processing for other purposes requires your prior consent.       

  Collection of personal data in the application procedure 
Personal data you submit to us as part of an application will be collected and processed for the purpose of processing the application procedure. Your personal data will only be processed for processing your application and not for other purposes. Processing is carried out for the purpose of fulfilling the contract or for legitimate reasons pursuant to Article 6 (1) sentence 1 (b) or (f) of the GDPR. Should you voluntarily inform us of special categories of personal data pursuant to Article 9 of the GDPR, such as severely disabled status, processing will be carried out on the basis of Article 9(2)(b) of the GDPR, as the processing of such data is necessary for the exercise of the profession. If we ask you for special categories of personal data pursuant to Article 9 of the GDPR, the processing will be carried out on the basis of your consent pursuant to Article 9(2)(a) of the GDPR. Electronic processing is possible, especially for applications received by electronic means such as e-mail or the contact form on the website. If the application is transferred to an employment relationship, the application documents will be stored for the purpose of processing the employment contract. In the event of no employment relationship, the application documents shall be automatically deleted three months after the application procedure has been completed, unless justified interests under Article 6 (1) sentence 1 (f) of the GDPR preclude their erasure. Such a legitimate interest exists, for example, where proceedings are pending under the General equal treatment Act (AGG). In this case, we will store the data until the procedure is completed. You can also give us your consent for an extended storage period for your applicant data so that we can take you into account for the future when awarding a job.   

Transmission of data 
Our hosting provider Hetzner, based in Germany, and those divisions and employees of XR Consulting Rücker will receive the data they need to fulfil their contractual and statutory obligations and legitimate interests. In addition, processors commissioned by us (especially it service providers) receive your data if and to the extent that they need the data to perform their respective services. Where there are legal obligations or legitimate interests, public bodies (e.g. courts, authorities) may be recipients of their personal data. Recipients may also be third parties to whom we have referred to the above. Your data will only be passed on to third parties on the basis of the above legal basis. Furthermore, no data will be passed on to third countries. 

   Recipients of personal data 
Recipient category: 
External content providers providing content (e.g. images, videos, embedded posting from social networks, promotional banners, fonts, updates) required to display the service 
Data concerned: access data 
Legal basis: Article 6(1)(f) of the GDPR 
Legitimate interest: proper function of services; (accelerated) presentation of content 

Recipient category: 
IT security service providers 
Data concerned: access data 
Legal basis: Article 6(1)(f) of the GDPR 
Legitimate interest: Preventing attacks by exploiting security gaps/vulnerabilities    

Facebook / Meta / Instagram 
Name and address of controllers pursuant to Article 26 of the GDPR 
Jointly responsible for the operation of this Facebook page are in the interests of the EU, Basic data Protection Regulation and other data protection provisions: ​Meta Platforms Ireland Ltd. (referred to as „Meta“, “Facebook” or „Oculus“), 4 Grand Canal Square, Grand Canal Harbour in Dublin 2 Ireland and XR Consulting Rücker, Burgstrasse 4, 60316 Frankfurt am Main/Germany, Fabian Rücker – email address mentioned above. 

Below we will inform you about the processing of personal data specifically for our Facebook page. 
We operate this page to draw attention to our services and products, to have you as visitors and users of this Facebook page, and to enable contact through our website. Further information about us and you can find out more about our activities within the company on our website under As operators of the Facebook page, we have no interest in the survey and further processing of your individual personal data for analysis or marketing purposes. The operation of this Facebook page, including the processing of personal data is provided on the basis of our legitimate interests in contemporary and supportive information and interaction opportunities for and with our users and visitors in accordance with Article 6 (1) (f) of the GDPR. 

Processing of personal data by Facebook 
In its judgment of 5 June 2018, the European Court of Justice (ECJ) ruled that: that the operator of a Facebook page is jointly responsible with Facebook for processing personal data. We know that Facebook uses users’ data for advertising (analysis, production of personalised advertising), user profiling and market research. Facebook sets cookies for storing and further processing this information a, that is to say, small text files which appear on the various user devices be stored. If the user has a Facebook profile and if logged in, storage and analysis will also be carried out across all devices. The Facebook Privacy Policy contains further information on: Data processing: ​ 
Options for objecting (so-called opt-out) can be found here: ​ and set here. Facebook Inc., the US parent company Facebook Ireland Ltd., has been under the EU U.S. Privacy Shield since 2020-07-16 following a ruling by the European COURT of Justice. certified. It cannot be guaranteed that your data will not be transmitted to the United States and that it will be subject to our European level of data protection. We are currently examining the possibilities of other legal bases. The transmission and further processing of users’ personal data in third countries, such as the United States, and the possible risks to the users cannot be excluded from us as operators of the page. Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:, and  

Statistical data 
Statistical data can be found on the Facebook’s „Insights“.  Different categories can be accessed by us. These statistics shall be compiled by: Facebook created and provided. In terms of production and presentation, we Operator of side no influence. We cannot stop this function or prevent the production and processing of the data. The following data relating to our Facebook page will be made available to us by Facebook for an election period and for the categories fans, subscribers, people reached and interacting persons: total number of page calls, “favor me” information, page activities, contribution responses, reach, video views, range of contributions, comments, shared content, responses, proportion of men and women, background to land and city, language, appeals and clicks in the shop, clicks on route planners, clicks on telephone numbers. This also provides data on Facebook groups linked to our Facebook page. The constant development of Facebook is changing the availability and processing of the data, so that we can refer to the above details for further details. Refer to Facebook’s data protection statement. We use this data to make our contributions and activities more attractive to users. For example, we use the distribution by age and gender for an adapted approach and the preferred visiting times of users to optimise the timing of our contributions. Help provide information about the type of terminal equipment used by visitors we are adapting our contributions visually and structurally. In accordance with the Facebook terms and conditions of use to which each user subscribes when drawing up a Facebook profiles approved, we can access the website’s subscribers and fans, identify and view their profiles and other shared information including the total number of page views, “Like” information, Page activities, Post interactions, Range, Video views, Post reach, Comments, Shared content, Responses, proportion of men and women, Country and city origin, Language, Views and clicks in the shop, clicks on route planner, clicks on phone numbers..   

Instagram / Meta 
If you use the Instagram services to view content from our Instagram account, please be aware that Instagram, part of Meta Companies (, might use the same infrastructure and algorithms as other Meta companies (e.g. Facebook). They will store user data (e.g., personal information, IP addresses, web browser used, hardware used, operating system used, when, where and so on) and may use it for their business. The privacy poliy of Instagram is described here: ​​ 

We are not responsible and cannot change what kind of data is collected on Instagram by Meta and how that data is handled. Instagram can be reached through the following physical address: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

  User rights 
Since only Meta / Facebook has complete access to user data, we recommend  to contact Meta / Facebook directly if you have any questions or requests for information to your rights as a user (e.g. right to erasure). You can contact Facebook’s data protection officer via the online contact form provided by Facebook under If you need help or have any other questions, please contact us under at our email address mentioned above.    

Right to object 
If you no longer want the data processing described here, please remove the link between your user profile and our website by using the functions “I no longer like this page” and/or “no longer subscribe to this page”.   

  Videos and services on TikTok
We operate the TikTok site to pay attention to our services and products to make and with you as a visitor and user of this site, and contact our website. More information about us and about our activities in the company you can find on our website at As the operator of the TikTok site, we have no interest in the collection and further processing of your individual personal data for analysis or Marketing purposes. Further information on our handling of personal data Data can be found in our privacy policy on our website at The operation of this site, including the processing of personal data User data is based on our legitimate interests in up-to-date and supportive information and interaction possibilities for and with our users and visitors pursuant to Art. 6 para. 1 lit. f. GDPR. There is a shared responsibility. Provider is TikTok Technology Limited 10 Earlsfort Terrace, Dublin, D02 T380, Ireland More information can be found at 

Right to object (TikTok) 
If you no longer want the data processing described here, please remove the connection of your user profile to our site by using the functions “I no longer like this page” and/or “No longer subscribe to this page”.  

  Inclusion of YouTube videos 
We may have integrated YouTube videos into our website, which are stored on and can be played directly from our website. These are all included in the extended data protection mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transferred. We have no influence on this data transfer. The legal basis for the inclusion of YouTube videos is Article 6 (1) sentence 1 (f) GDPR. By visiting the website, YouTube will be informed that you have consulted the relevant sub-page of our website. The data mentioned under “visit to our website”, this declaration, will also be transmitted. This is done regardless of whether YouTube provides a user account through which you have been logged or whether there is no user account. Once you have logged in to Google, your data will be allocated directly to your account. If you do not wish to be assigned to YouTube with your profile, you must log in before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for uninvited users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, and you must address this to YouTube in order to do so. Information from the provider: YouTube LLC, 901 Cherry Ave, San Bruno, APPROX. 94066, USA. Google Ireland limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for data processing. Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the Data Protection Declaration. You will also find further information on your rights and employment options to protect your privacy:   

  Chat platform: Discord 
We may offer our community the service of Discord so that our users can get in touch with the developers and other users of our products as easily as possible. Discord stores all entered sentences, images, username, email address and all messages, temporary VoIP data (to enable communication) and other content that you send via the chat function. Furthermore, we collect the IP address, device ID and your activities within the Services. “… this information is used by our services and supplemented with other information to understand, among other things, the number of visitors to our website, the number of messages sent, and the websites that refer their visitors to Discord…” (Discord) Legal basis is based on Art. 6 para. 1 lit f GDPR. Our legitimate interest lies in the fact that our community receives a platform for exchange. More information on data processing by Discord can be found at Currently, we must point out that Discord Inc., based in 444 De Haro St Suite 200, San Francisc, CA 94107, USA, does not operate an adequate level of data protection based on the GDPR. The chats are not end-to-end encrypted and are stored on Discord’s server. If you have any questions, please contact Discord Inc. at or

If you decide to use our Reddit channels, please be aware of the privacy policy of Reddit ( Reddit may use your user information, login data, content you post, actions you take and other information in order to at least provide, maintain, and improve the services; Personalize services, content, and features that match your activities, preferences, and settings, help protect the safety of Reddit and their users, which includes blocking suspected spammers, addressing abuse, and enforcing the Reddit User Agreement and other policies; Provide, optimize, target, and measure the effectiveness of ads shown on their Services; Research and develop new services; Send you technical notices, updates, security alerts, invoices, and other support and administrative messages; Provide customer service; Communicate with you about products, services, offers, promotions, and events, and provide other news and information Reddit thinks will be of interest to you; and Monitor and analyze trends, usage, and activities in connection with Reddit’s services. Reddit, Inc. is located at 548 Market St. #16093, San Francisco, California 94104, USA and Reddit Ireland Limited, Attn: Reddit EU Data Inquiries, Georges Quay Plaza, Floor 2 – 101, Dublin D02 F856, Ireland.

  Use of Google Adwords Conversion 
We use the offer of Google Adwords Conversion to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We thus pursue the interest to show you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR. These advertising materials are delivered by Google via so-called “Ad Server”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as displaying ads or clicks by users, can be measured. If you reach our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, as a rule, the unique cookie ID, the number of ad impressions per placement (frequency of the insertions), last impression (relevant for post-view conversions, i.e. the number of advertisements before clicking on them) and opt-out information (marking that the user no longer wants to be addressed) are stored as analysis values. These cookies allow Google to recognise your Internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be tracked through the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations provided by Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising material, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will know and save your IP address. You can prevent participation in this tracking procedure in several ways: a) by setting your browser software accordingly, in particular, suppressing third-party cookies will prevent you from receiving third-party advertisements; B) by disabling the conversion tracking cookies by setting your browser to block cookies from the domain “”, where this setting is deleted when you delete your cookies; C) by disabling the interest-based advertisements of the providers that are part of the “About Ads” self-regulatory campaign via , where this setting is deleted when you delete your cookies; D) by permanently deactivating your browsers Firefox, Internet Explorer or Google Chrome under We would like to point out that in this case, you may not be able to make full use of all the functions of this offer. Information from the provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at Google can be found here: and   

Twitter Ads 
We may use the ads for marketing and optimisation purposes in order to serve you relevant and interesting ads and thus to improve our offer, to make it more interesting for you as a user and to avoid annoying ads. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. The provider is: Twitter International Company, One Cumberland Place, Fenian Street, D02 AX07 Dublin 2 in Ireland. More information can be found at 

Facebook Ads 
We may use the ads for marketing and optimisation purposes in order to serve you relevant and interesting ads and thus to improve our offer, to make it more interesting for you as a user and to avoid annoying ads. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. The provider is: Meta-Platforms Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

Reddit Ads and Reddit Conversion Tracking 
We may place advertisements on Reddit (Reddit Ads). We also use Reddit’s analytics and conversion tracking technology to assess the effectiveness of this advertising. Responsible for data processing is: Reddit, Inc., 548 Market St. #16093, San Francisco, California 94104. Reddit places a cookie on your computer if you have accessed our website via a Reddit advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of the website of a Reddit Ads customer and the cookie has not yet expired, Reddit and the customer can recognise that you have clicked on the ad and have been redirected to this page. Each Reddit Ads customer receives a different cookie. Cookies cannot therefore be tracked through the websites of Reddit Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Reddit Ads customers who have opted for conversion tracking. Reddit Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. The purpose of data processing is to inform you about our offer and to make it clear and user-friendly for you. This cookie expires after 30 days and is not used for personal identification. You have the possibility to revoke your consent to data processing at any time. Please contact us under the above data. As a logged in user of reddit, you can object to the storage and use of data in a Reddit cookie by visiting and selecting your preferred settings. If you choose this option, a new cookie (opt-out cookie) is set in your browser, which informs Reddit that no data relating to your browsing behaviour may be stored. Please note that the setting must be made for all browsers you are using. If all your cookies are deleted in a browser, this also affects the opt-out cookie of Reddit. In summary, we would like to say that we do not evaluate user data, IP addresses are always anonymised. We can evaluate search terms, expected age and pages visited. If you have any questions, please contact us. 

  No obligation to provide and consequences of non-provision
The provision of personal data is not legally or contractually prescribed and you are not obliged to provide data. We will inform you in the course of the input process if the provision of personal data is required for the relevant service (e.g. by calling it a “mandatory field”). In the case of necessary data, non-provision means that the service in question cannot be provided.    

Storage time of your data
We process your personal data, where necessary, for the duration of the business relationship and as long as it is necessary for the aforementioned purposes, as well as in accordance with the statutory retention and documentation obligations arising in particular from the fiscal code and the commercial code, which usually amount to 10 years. In addition, personal data may be stored and stored for as long as the data are relevant to pending judicial or administrative proceedings in which the controller has a party status.    

Your rights 
(1) You have the following rights with regard to personal data concerning you: 
• the right to information, 
• the right to rectification or erasure, 
• the right to restrict processing, 
• the right to object to the processing,
• the right to data portability. 
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. Please address this complaint to the competent supervisory authority under If you need help in implementing your rights, please contact us.   

You have the right to object to the processing of your personal data at any time. Please send this in writing by email or by post to the address of XR Consulting Rücker. We kindly point out that the exercise of their rights may, in individual cases, be subject to certain conditions.    

Ensuring data security and data protection 
To ensure the protection and security of your personal data, we are implementing a large number of technical and organisational security measures, the effectiveness of which we regularly review.       

January 2024