You will have, no doubt, been subject to a bombardment of emails asking you for your explicit consent on using your data, keeping you informed and a myriad of other reasons. This is down the General Data Protection Regulations (GDPR) that the Euro Zone will be introducing and enforcing on 25 May 2018.
As Obsidian Fleet is an International Community, we have a duty to ensure that our rules and policies are compliant and that we support our members in ensuring that they process data correctly.
This guidance is offered for information only, and not intended as legal advice. If legal advice is required, guidance from the Information Commissioner or qualified legal counsel should be sought.
What is GDPR and how does it affect us?
GDPR is the new Data Protection rules introduced by the European Union. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online id, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data. (Information Commissioners Office, 2018)
For more information, go here
For those running Nova
The [INSERT: SITE NAME] (“Site” or “We”) collect and use personal information solely to provide an online collaborative writing environment. Where feasible, We collect personal information only with the knowledge and consent of the individual concerned (“Individual”), and, if the Individual notifies us that they wish to revoke their consent, We will make a best effort to remove all personal information related to the Individual from our Site within one Calendar Month of the request.
You may have certain rights in relation to your information including a right to access or to correct the information we hold on you. Some of these rights will only apply in certain circumstances, however, such as the right to be forgotten. They will generally not be available if we required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise or discuss, any of these rights, please contact the Data Controller.
You can remove consent, where you have provided it, at any time, as well as update any of your opt-in preferences by logging into your account.
- You can ask us to confirm if we are processing your information.
- You can ask for access to your information.
- You can ask to correct your information if it’s wrong.
- You can ask us to delete your information.
- You have a right to be forgotten and you can ask that our systems stop using your information.
- You can ask us to restrict how we use your information.
- You can ask us to stop using your personal information, but only in certain cases.
- You have the right to complain to the relevant supervisory authority.
What we collect
“Required Member Information”: When an Individual signs up for the Site (becoming a “Member”), We collect the Member’s name, age, email address, language and timezone.
“Optional Member Information”: We allow a Member, at their discretion, to provide additional contact information, a geographic location, interests and a biography.
“Access Logs”: When an Individual visits the Site, We collect incidental personal information in the Site’s logs including the Individual’s IP address and user agent.
Required Member Information and Optional Member Information are collected with an Individual’s consent when the Individual signs up for the Site or edits their account within the Site. To participate in the Site, a Member must provide all Required Member Information. A Member may provide a pseudonym instead of their real name if they do not wish to disclose their real name.
Access Logs are collected by our web server and web application when an Individual uses the Site.
Why is information collected?
Required Member Information is collected to allow a Member to participate in the Site. A Member’s name, email address and timezone are listed on their profile. A Member’s email address will also be used to contact the Member and to send the Member story posts and other content directly related to the Site. A Member’s age is only used to confirm the Member meets the legal requirements to participate in this Site.
Optional Member Information is collected to allow a Member to share more details about themselves to other Members of the Site.
Access Logs are collected for diagnosing technical problems with our Site. In rare situations, We may also use Access Logs to ban an Individual found to be acting inappropriately with the Site, including, but not limited to, violating the rules of the Site, placing an undue burden on the Site or violating applicable laws (“Inappropriate Use”).
Where your information will be held
When we share your information, your information may be transferred outside the European Economic Area.
We store our information on cloud servers located in the USA or engage vendors which do not always have equivalent data protection laws to those applicable in Europe. The transfer of this information is therefore governed by a contract including standard contractual clauses (SCCs) approved by the European Commission. Wherever possible all data is retained within the European Economic Area to ensure compliance with all applicable data protection laws.
When you provide us with this information you are consenting that we may collect and use it in the way we’ve set out.
We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you’ve still got an active account or have interacted with recent Members. We will retain and use your registration information as necessary to comply with our legal obligations only.
We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place.
Information we share
A Member’s name, email address, time zone and Optional Member Information are shared with other Members of the Site through the Member’s user profile.
A Member’s name, age, email address, time zone and Optional Member Information may also be shared with Obsidian Fleet, the organisation within which the Site belongs.
There are certain circumstances where we may transfer your personal data to authorised and other third parties. Some examples of when your personal information is transferred to other third party organisations are as follows:
- If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority.
- Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
Access Logs are generally not shared, although they may in rare circumstances be shared with Obsidian Fleet or the [INSERT: WEBSITE HOSTING COMPANY] (“Host”) to diagnose technical problems or when an Individual is reasonably believed to have committed Inappropriate Use of the Site.
The Site or the Host may share personal information with relevant law enforcement authorities as required to comply with applicable laws. The Site will notify the Individual if permitted by applicable laws, when this occurs.
The Site will not share any personal information with any other parties without the Individual’s consent.
We are committed to keeping your personal information safe. We’ve got physical, technical and administrative measures in place to prevent unauthorised access or use of your information and we ensure that we comply with our own internal security policies.
We will also routinely refresh our information to ensure we keep it up-to-date.
Required Member Information and Optional Member Information is retained as long as the Individual remains a Member of the Site. Once an Individuals account is deleted this information is removed from the server and no longer accessible. Historical information posted to the site by the Individual will remain and identifiable by either a Guest tag and/or their Character name only as in such circumstances the information will cease to be personal data.
Access Logs are retained for [INSERT: LOG DELETION PERIOD].
How can information be removed?
A Member may submit a request to [INSERT: DATA CONTROLLER EMAIL] to have their account deleted and all Required Member Information and Optional Member Information removed from the Site. This will cause them to no longer be a Member.
The Site cannot ensure that other Members do not personally retain Required Member Information or Optional Member Information shared with these other Members through the Site as described in this Policy.
The Site routinely deletes all Access Logs, so an Individual does not need to request its removal explicitly.
Cookies are small pieces of text sent back and forth between your web browser and a website you visit. A cookie file is stored in your web browser and allows the Site to recognise you and make your next visit easier and the Site more useful to you. Cookies can be “persistent” or “session” cookies.
Do Not Track Policy
The [INSERT: SITE NAME] does not track Individuals over time to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals.
Joint Fleet Command
Obsidian Fleet Data Controller