Last updated: June 6, 2020
In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data.
What we collect and why
Our guiding principle is to collect only what we need. Here’s what that means in practice:
Identity & access
When you sign up for our newsletter, we ask for your email address and your explicit consent, so we can send you email marketing about our games and related topics. We also ask if you are at least 16 years old to comply with privacy laws. We’ll never sell your personal information to third parties.
We store the IP address, the files viewed on our websites and the date/time stamp of every website request for 7 days. We do not collect any other personal information from visitors on our websites automatically.
We do use not use any first-party or third-party cookies on our websites.
When you email us with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.
When we access or share your information
- To provide services you've requested.
- To help you troubleshoot or squash a software bug, with your permission.
- When required under applicable law.
We do use the following carefully selected third-party services and only to the extent necessary process some of your personal information via these third parties: Heroku (located in the US) for hosting our websites, Mailchimp (located in the US) for managing and sending our email newsletter and Fastmail (located in Australia) to handle email support requests.
Your Rights With Respect to Your Information
Spaces of Play recognizes the rights granted in the European Union’s General Data Protection Regulation (“GDPR”), except as limited by applicable law. These rights include:
- Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
- Right to Correction. You have the right to request correction of your personal information.
- Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using Spaces of Play services because our applications may then no longer work.
- Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority. To identify your specific authority or find out more about this right, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.
- Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (We never sell your personal data.)
- Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
- Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
- Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
If you have questions about exercising these rights or need assistance, please contact us at firstname.lastname@example.org or at Spaces of Play UG (haftungsbeschränkt), Torstr. 110, 10119 Berlin, Germany. To identify your specific authority to file a complaint or find out more about GDPR, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.
How we secure your data
All data is encrypted via SSL/TLS when transmitted from our servers to your browser.
We use multi-factor authentication for third party services to prevent unauthorised access to your data.
Policy Regarding Children
We do not knowingly collect personal information from children under 16. If you are under 16, please do not provide any personal information to us. If you become aware that a child under 16 has provided us with personal information without your consent, please contact us at email@example.com.
We may update this policy as needed to comply with relevant regulations and reflect any new practices.