Transcript of Privacy notice

From Brighter Shores Wiki
Revision as of 03:30, 11 November 2024 by Thingummywut (talk | contribs)
Jump to navigation Jump to search
Full
Privacy Notice
    • (Continues below.)
Children's
Privacy Notice
You can view a printable version of this privacy notice at:

http://www.brightershores.com/privacy_notice.html

Last updated: 24-Oct-2024

1. Who we are and what we do

Who we are

We are Fen Research Ltd ("Fen Research", "Brighter Shores" "us", "we", "our") a limited company registered in England and Wales under registration number 07285955. Our registered office is at the St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS. We are also registered with the UK supervisory authority, the Information Commissioner's Office ("ICO") in relation to our processing of Personal Data, under registration number ZA050029.

What we do

We are game designers and the creators of 'Brighter Shores', a massively multiplayer online role-playing game. We are committed to protecting your privacy and the security of any Personal Data we process about you.

Unless we notify you otherwise, we are the controller of the Personal Data we process about you, where you have provided personal data directly to us. This means that we decide what Personal Data to collect and how to process it.

Please note that Brighter Shores is only available via the Steam store. Steam is a data controller in relation to the personal data they collect from you when you create an account with them and play games in their platform. For all information about what personal data Steam collects about you and how they use it, please see the Steam Privacy Agreement at: https://store.steampowered.com/privacy_agreement

2. Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it, when you browse our website(s), play Brighter Shores, or do both.

This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the 'How to contact us' section.

3. What is Personal Data?

'Personal Data' means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

'Special Category Personal Data' is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone's sex life or sexual orientation.

4. Personal Data we collect

The information we may collect about you will vary depending on how you interact and engage with us.

When you play Brighter Shores it is likely to include the following:

a) General identification information
We will process the ID provided to us by the service you use login to Brighter Shores.
 • If you login using Steam this will be your Steam ID.

b) Device information
We may collect some technical information from devices (e.g. computer, tablet or mobile). This might include your full IP address and other device identifiers.

c) Usage information
We may collect information around how you use our game, such as activity logs, access times and in-game activities and purchases.

d) Communication information
We process information about how you're communicating with other users in the game. If our system detects bullying, harassment or otherwise unsafe/unsuitable content, or you or another player sends an 'abuse report', or we receive a law enforcement request, we may further collect or monitor your communications. If you use the 'community' features of our game, we will process the list of other players you provide. For example the list of your friends.

When you browse our website(s) it may include the following:

a) Device information
We may collect some technical information provided by your web browser. This might include your full IP address, referrer information, and other information your web browser provides when requesting a web page.

5. Lawful basis for processing & Purpose of Processing

Applicable Data Protection legislation requires us to identify appropriate lawful bases to process personal data.

The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:

Lawful Basis Purpose of processing
Contract To facilitate your use of our services, such as processing transaction data to ensure you receive in-game purchases.
Legitimate Interests We rely on this lawful basis for processing activities where your personal data is used to enable us to improve our services, ensure the security of our services and help to prevent in-game cheating, or abuse of the chat facility.
Legal Obligation Under applicable legislation such as the Online Safety Bill, we have a legal obligation to monitor our platform for potentially harmful activities.

6. Sharing your Personal Data

We may share your Personal Data with our carefully selected third parties, including:

Cloudflare - Cloudflare hosts our website, which means if you visit our website they will be able to see things such as your IP address and any other data they process as part of sending the website to you. Cloudflare's privacy policy is available at: https://www.cloudflare.com/privacypolicy/

AWS - Some of the servers and databases used to operate our game are hosted by Amazon Web Services. This means if you play our game, your Personal Data may be stored on or processed by servers which are part of Amazon Web Services. More information on how this is safe-guarded is available at: https://aws.amazon.com/compliance/data-protection/

OVHcloud - Some of the servers used to operate our game may be hosted by OVHcloud. This means if you play our game, your Personal Data may be processed by servers which are part of OVHcloud. More information on how this is safe-guarded is available at: https://www.ovhcloud.com/en-gb/personal-data-protection/

Steam - This is only applicable if you acquire or play our game via Steam. Steam is a data controller in relation to the personal data they collect from you when you create an account with them and play games in their platform. For all information about what personal data Steam collects about you and how they use it, please see the Steam Privacy Agreement at: https://store.steampowered.com/privacy_agreement

7. International Transfers

Your Personal Data may be processed outside your jurisdiction. This is because the organisations we use to provide our services to you are located outside of your jurisdiction.

We have taken appropriate steps to ensure that the Personal Data processed outside your jurisdiction has an essentially equivalent level of protection to that guaranteed in your jurisdiction. We do this by ensuring that:

• Your Personal Data is only processed in a country which the European Commission has confirmed has an adequate level of protection (an adequacy decision); or
• We enter into Standard Contractual Clauses ("SCCs") with the receiving organisations and adopt supplementary measures, where necessary; or
• We enter into an International Data Transfer Agreement ("IDTA") with the receiving organisation and adopt supplementary measures, where necessary.

8. Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data, if you're located outside of the UK and EEA, please select the appropriate dropdown for information relating to your location:

(A selector with the following options is presented, with "UK and EEA Residents" selected by default.)

  • Australian Residents
    • Australian Residents

      • Right to be informed
      You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it.
      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to rectification
      You have the right to have any incomplete or inaccurate information we hold about you corrected.
      • Right to withdraw consent
      If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
      • Right to lodge a complaint
      If you are concerned about the way an organisation is handling your personal data, you can contact the Office of the Australian Information Commissioner at https://www.oaic.gov.au/
  • Canadian Residents
    • Canadian Residents

      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to rectification
      You have the right to have any incomplete or inaccurate information we hold about you corrected.
      • Right to object to processing
      You have the right to object to an organisation processing your Personal Data.
      • Right to withdraw consent
      • If you have provided your consent to a business to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time.
      • Right to lodge a complaint
      You can raise a privacy concern about an organisation with the Office of the Privacy Commissioner Canada at https://www.priv.gc.ca/en/privacy-topics/information-and-advice-for-individuals/your-privacy-rights/raising-your-privacy-concern-with-an-organization/
  • California Residents
    • California Residents
      Under the applicable privacy legislation, as a consumer and customer (person who is a California resident) you have the following rights in relation to your personal data:

      • Right to be informed
      You have the right to know what personal data a business collects about you, how its used, for what purpose and in accordance with which lawful basis, who it's shared with and how long it's kept.
      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to rectification
      You have the right to have any incomplete or inaccurate information a business holds about you corrected.
      • Right to erasure (commonly known as the right to be forgotten)
      You have the right to ask us to delete your Personal Data.
      • Right to object to 'Opt Out' and 'Do not Track'
      You have the right to object to a business selling or sharing your Personal Data, where applicable.
      • Right to limit use and disclosure of sensitive personal data
      You have the right to direct a business that collects your sensitive personal data to limit its use to what is necessary to perform the services or provide the goods reasonably expected.
      • Right to withdraw consent
      If you have provided your consent to a business to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time.
      • Right to lodge a complaint
      You have the right to lodge a complaint with the California Privacy Protection Agency at https://cppa.ca.gov/webapplications/complaint about the way an organisation is processing personal data.
  • Gibraltar Residents
    • Gibraltar Residents

      • Right to be informed
      You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to rectification
      You have the right to have any incomplete or inaccurate information we hold about you corrected.
      • Right to erasure (commonly known as the right to be forgotten)
      You have the right to ask us to delete your Personal Data.
      • Right to object to processing
      You have the right to object to us processing your Personal Data.
      • Right to restrict processing
      You have the right to restrict our use of your Personal Data.
      • Right to portability
      You have the right to ask us to transfer your Personal Data to another party.
      • Automated decision-making
      You have the right not to be subject to a decision based solely on automated processing which will significantly affect you.
      • Right to withdraw consent
      If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
      • Right to lodge a complaint - you can raise a complaint with the Gibraltar Regulation Authority at https://www.gra.gi/data-protection/complaints
  • New Zealand Residents
    • New Zealand Residents

      • Right to be informed
      You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to rectification
      You have the right to have any incomplete or inaccurate information we hold about you corrected.
      • Right to lodge a complaint
      You have the right to lodge a complaint with the Office of the Privacy Commissioner at https://www.privacy.org.nz/ if you have concerns about how your personal data is being processed.
  • Switzerland Residents
    • Switzerland Residents

      • Right to be informed
      You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to portability
      You have the right to ask us to transfer your Personal Data to another party.
      • Right to lodge a complaint
      If you are concerned about the way in which we are handling your Personal Data, you can contact the Federal Data Protection and Information Commissioner at https://www.edoeb.admin.ch/edoeb/en/home.html
  • UK and EEA Residents
    • UK and EEA Residents

      • Right to be informed
      You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
      • Right of access (commonly known as a "Subject Access Request")
      You have the right to receive a copy of the Personal Data we hold about you.
      • Right to rectification
      You have the right to have any incomplete or inaccurate information we hold about you corrected.
      • Right to erasure (commonly known as the right to be forgotten)
      You have the right to ask us to delete your Personal Data.
      • Right to object to processing
      You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
      • Right to restrict processing
      You have the right to restrict our use of your Personal Data.
      • Right to portability
      You have the right to ask us to transfer your Personal Data to another party.
      • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you.
      • Right to withdraw consent
      If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
      • Right to lodge a complaint
      You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data.

      The supervisory authority in the UK is the Information Commissioner's Office who can be contacted online at: https://ico.org.uk/global/contact-us/
      Or by telephone on 0303 123 1113

      For supervisory authorities in other countries within the EU see the link below:
      https://edpb.europa.eu/about-edpb/about-edpb/members_en

How to exercise your rights
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called 'How to contact us and our Data Protection Officer'. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.

9. Children's Privacy

Brighter Shores is intended for use by individuals aged 13 and over, as such we recognise that we process children's personal data and take this responsibility seriously. We're committed to the additional requirements of Recital 38 of the UK GDPR. Furthermore, we have a strong awareness of the ICO's Children's Code and have taken additional measures to ensure the safety of children online and the security of their personal data.

10. Automated Decision-Making and Profiling

Our in-game chat facility does utilise automated decision-making to block offensive content. We do not carry out any profiling activities, nor use automated decision making that produces a legal, or significant effect on you. If you have any questions about this, you can contact us using the details in the 'Contact Us' section.

11. Use of Cookies and Similar Technologies

We don't utilise cookies on our website(s), but we do collect some information about your use of our service such as: the internet protocol (IP) address used to connect your device to the internet, connection information such as browser type and version, information about your device including device-type and device identifier, operating system and platform, mobile network data, a unique reference number linked to the data you enter on our system, connection details, the site from which you arrived at our service, details of your activity with date / time stamps including pages you visited and your searches / transactions.

12. Security and storage of information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

If we become aware of any loss, misuse, alteration of personal data we will work closely with our DPO and other parties as necessary to investigate the incident promptly and effectively. We have the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.

Our chat service is NOT encrypted, which means it might not be private. Think of it as similar to posting on a public forum. You therefore must not use it to share any personal information or discuss anything secret, confidential or sensitive.

13. Data Retention

We will not keep Personal Data longer than is necessary, for the purpose or purposes for which they were collected. Fen Research will take all reasonable steps to destroy, or erase from its systems, all Personal Data which is no longer required. This does not apply to anonymised data.

14. How to contact us and our Data Protection Officer

If you wish to contact us in relation to this Privacy Notice, or if you wish to exercise any of your rights outlined above, please contact us as follows:

Fen Research Ltd
St John's Innovation Centre
Cowley Road
Cambridge
CB4 0WS
United Kingdom
E-mail: [email protected]

We have also appointed a Data protection Officer ("DPO"), their details are as follows:
Evalian Limited
West Lodge
Leylands Business Park
Colden Common
Hampshire
SO21 1TH
United Kingdom
www.evalian.co.uk

15. Our EU Representative

We are based outside the European Union (EU) and under the EU General Data Protection Regulation (EU GDPR), we are required to appoint an EU representative. The purpose of an EU representative is to make it easy for people in the EU to contact us should they wish to exercise their rights or make a complaint or enquiry in relation to how we are processing their Personal Data. It is also a contact point for the supervisory authorities located in the EU.

Our EU representative is Rickert Rechtsanwaltsgesellschaft mbH, who can be contacted at:

Rickert Rechtsanwaltsgesellschaft mbH
- Fen Research -
Colmantstraße 15
53115
Bonn
Germany
E-mail: [email protected]

16. Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.

Last updated 24-Oct-2024