Differential D1723 Diff 7177 binaries/data/mods/public/gui/prelobby/common/terms/Privacy_Policy_rdb.txt
Changeset View
Changeset View
Standalone View
Standalone View
binaries/data/mods/public/gui/prelobby/common/terms/Privacy_Policy_rdb.txt
[font="sans-bold-18"]0 A.D. Empires Ascendant Replay Database Privacy Policy[/font] | |||||
[font="sans-bold-14"]Document Date:[/font] 2018-12-24 | |||||
[font="sans-bold-16"]Personal data processed by the replay database and purposes of processing:[/font] | |||||
[font="sans-bold-14"]1. Username[/font] | |||||
The player is identified by a name that the player chooses at the time of registration. | |||||
Having a unique username is a requirement to gain access to the replays in and the ability to upload replay to the replay database. Furthermore, it enables moderators to enforce the Terms of Use. | |||||
The username serves as a pseudoynm. The identity (natural person) of players is not known to the replay database's maintainers, except where personally identifiable information (such as the realname) was disclosed on the replay posts, comment boards, other services of Wildfire Games or elsewhere in the public, or when the IP address is used to bring criminal proceedings. | |||||
[font="sans-bold-14"]2. Password[/font] | |||||
A player is authenticated using a password that the player chooses at the time of registration. | |||||
The replay database only receives an encrypted version of the password, so that the password chosen by the user is not revealed to the replay database's maintainers or others in case of a breach. | |||||
[font="sans-bold-14"]3. IP address[/font] | |||||
The replay database stores players IP addresses and may infer publicly available geolocation and internet service provider data (for example "geolite2") from the IP address in order to: | |||||
1. Enforce the Terms of Use where persons create multiple accounts without the replay database's maintainers' permission, in particular after having been banned from the service for violating the Terms of Use. | |||||
IP addresses will not be saved for longer than three years for this purpose. | |||||
2. Make it possible to bring criminal proceedings in case of a cyberattack (EU Court of Justice Press Release No 112/16). | |||||
The replay database's maintainers will not use the IP address logs for any other purpose, in particular not for marketing, not otherwise disclose IP addresses to the public or third parties and erase IP addresses if they are not relevant for the stated purposes anymore. | |||||
[font="sans-bold-14"]4. Comments and replay posts[/font] | |||||
The replay database's maintainers store a log of the comments and replay posts to meet the following purposes: | |||||
1. Moderators may screen the logs to enforce the Terms of Use. | |||||
2. Wildfire Games and/or the replay database's maintainers may address or resolve bug reports, balancing issues or feature proposals indicated by users in the comments and/or replay posts. | |||||
3. Wildfire Games and/or the replay database's maintainers may assess trends amongst discussed topics, the growth of the active community and use these indicators as feedback to assess, improve and direct development of the game and the service. | |||||
[font="sans-bold-14"]5. Replays[/font] | |||||
The replay database's maintainers store all replays uploaded to the replay database. They will be used for the following purposes: | |||||
1. Moderators may screen the replays to enforce the Terms of Use. | |||||
2. The replays may be provided to third parties and/or released to public access for whatever reasons Wildfire Games and/or the replay database maintainers see fit. | |||||
[font="sans-bold-14"]Security of processing:[/font] | |||||
The transmission of personal data is secured using TLS encryption (GDPR 32). | |||||
Personal data is protected against unintentional loss in encrypted backups for additional time (GDPR 30.1.g, GDPR 32). | |||||
All personal data that the replay database's maintainers process is obtained from the user (GDPR 14). | |||||
The replay database's maintainers reserve the right to delete any service data (including personal data) at any time, except where a user has objected to the erasure of his or her personal data for performance of a legal claim. | |||||
[font="sans-bold-16"]Legal basis for the processing:[/font] | |||||
1. The processing is necessary for the performance of the service defined in the terms (GDPR 6.1.b). | |||||
2. The replay database's maintainers have legitimate interests in providing the service, in the development and improvement of 0 A.D. and the service, in enforcing the Terms of Use and in the protection against cyberattacks (GDPR 6.1.f). | |||||
3. The replay database's maintainers do not process any further data for the service and do not ask for consent to process data (GDPR 6.1.a, GDPR 7, GDPR 8, GDPR 13.2.c). | |||||
[font="sans-bold-16"]User rights:[/font] | |||||
1. Contact the replay database's maintainers, by sending an email to zegentzy at protonmail dot com (GDPR 13.1.a, GDPR 13.1.b). | |||||
To exercise any user right, please refer to this contact. | |||||
2. Right of access to personal data concerning him or her (GDPR 15). | |||||
3. Right to obtain personal data in a machine-readable format (GDPR 20). | |||||
4. Right to rectification of inaccurate personal data (GDPR 16). | |||||
5. Right to erasure of personal data where it is not relevant to the stated purposes, if the data was processed unlawfully or if the user objects to the processing and has overriding legitimate grounds (GDPR 17). | |||||
6. Right to restriction of personal data processing where the accuracy of the data is contested by the user, if the data was processed unlawfully or if the user requires the data for a legal claim (GDPR 18). | |||||
7. Right to object to the processing of personal data concerning him or her on grounds relating to their particular situation (GDPR 21). | |||||
8. Right to lodge a complaint with a supervisory authority (GDPR 13.2.d, GDPR 77). | |||||
Requests that are manifestly unfounded or excessive are not responded to or may be charged (GDPR 12.4, GDPR 12.5). | |||||
[font="sans-bold-16"]The replay database's maintainers' obligations:[/font] | |||||
1. The replay database's maintainers demonstrate compliance with GDPR (GDPR 5.2 'accountability'). | |||||
2. The replay database's maintainers document their processing activities appropriately, in particular the categories of processed personal data and security measures to protect it (GDPR 30). | |||||
3. The replay database's maintainers process personal data lawfully, fairly and transparently (GDPR 5.1.a, GDPR 12.1). | |||||
4. The replay database's maintainers inform users of the purposes, legal grounds, legitimate interests and retention periods of personal data processing at the time it is processed, recipients of personal data and where applicable, transfer of personal data to third countries and automated decision-making (GDPR 13.1.c-f, GDPR 13.2.a, GDPR 13.2.e-f, GDPR 15.1, GDPR 15.4). | |||||
5. The replay database's maintainers do not process personal data for purposes other than the specified ones (GDPR 5.1.b, 'purpose limitation', GDPR 13.3). | |||||
6. The replay database's maintainers do not process personal data that is not needed for the specified purposes (GDPR 5.1.c, 'data minimization'). | |||||
7. The replay database's maintainers use a storage form that does not allow identification of natural persons for longer than necessary (GDPR 5.1.e 'storage limitation'). | |||||
8. The replay database's maintainers secure personal data processing to prevent unauthorised or unlawful processing and accidental loss (GDPR 5.1.f. 'integrity and confidentiality'). | |||||
9. The replay database's maintainers inform users of their right to access, to rectify, to erase personal data and the right to restrict, to withdraw consent to, to object to personal data processing and to complain at a supervisory authority (GDPR 13.2.b, GDPR 13.2.c, GDPR 13.2.d). | |||||
10. The replay database's maintainers facilitate the exercise of user rights where possible (GDPR 12.2), without undue delay (GDPR 12.3). | |||||
11. The replay database's maintainers inform the users that to exercise their rights, users might need to provide additional information to identify the natural person or the data (GDPR 12.6, GDPR 13.2.e). | |||||
12. The replay database's maintainers will not knowingly collect personal data from children under the age of 13 (Children's Online Privacy Protection Act). If you believe Wildfire Games received any personal data from or about a child under 13, please contact the replay database's maintainers. | |||||
13. Where the replay database's maintainers process sensitive personal data based on legitimate interests, The replay database's maintainers will consider performing, recording and periodically reviewing Legitimate Interests Assessments and Data Protection Impact Assessments (GDPR 35) to become confident that the individual's interests do not override the replay database's maintainers' legitimate interests, and that the replay database's maintainers are not using personal data in intrusive ways unless there is a very good reason to. | |||||
For further information on Wildfire Games Privacy Policies, visit https://trac.wildfiregames.com/wiki/UserDataProtection |
Wildfire Games · Phabricator