We are a Data Controller according to the terminology used in the GDPR. This document describes what information we collect, how long we collect it and for what purpose we collect it. We will also outline which data we share with third parties (our Data Processors). The document is not meant to be legally binding, but rather to give our userbase insight in what information we collect.
Personal and sensitive data
- Email address: When an user creates an account on RuneHQ, we store their email address to ensure no duplicate accounts can exist under this email address, to notify users of changes to their account and opted in status alerts, and to allow users continued access to their account by sending password resets to this email address. The email address is not publicly visible, but available to the user themselves and priviliged staff members.
- Usernames on different services: A logged in user can add or delete information about usernames on different services. This information is displayed publicly.
- Location: A logged in user can add or delete information about their whereabouts. This information is displayed publically.
- IP address: When two devices communicate with each other over the internet, they do so with an unique identifier known as an IP address. We store this information for security reasons for a limited time in logs and firewalls to ensure the accessibility of our site and obtaining information in case of malicious activity. We store the ip address indefinitely when a post is made. The ip address used to make a post is visible to the user themselves, and privileged staff members. The ip address is stored in an access/login log only visible to the user themselves for up to 90 days to allow users to govern their account security themselves. The ip address can be associated with a user ban or server ban.
- Name and physical address: When the user uses our store and choses to save their name or physical address, this information will be stored indefinitely to allow users to re-use this information.
- GEOIP data: We infer the approximate location of an ip through the GEOIP service. This information may be inaccurate, showing nearby towns or areas, or even different countries or continents when a VPN is used. This information is only visible to the user themselves in their login/access log.
- Tracking cookies: A tracking cookie is a cookie (bit of information) that identifies an unique user on other domains. We do not personally use tracking cookies, but third parties may use tracking cookies to identify users across different websites, including our website.
This is a list of sensitive data. Sensitive data is data that tells something about a person.
- User generated content: Users can post text and images on our forum through topics and profile information. This content can include anything, including sensitive data. This information is mostly public, unless access is restricted to a board. Who can see certain posts can change over time.
- Store transactions: When you purchase in our store, we store information about this transaction such as the date a product was bought, the quantity of products bought, and if the product was payed for. We do NOT store any payment details, as this is handled by your chosen payment provider.
This is a list of third parties that allow us to provide various services.
- TODO NAME OF AD COMPANY TODO: RuneHQ uses advertisements to offset some of the costs associated with hosting a big site with thousands of users every day. Allowing advertisements to show allows us to keep RuneHQ up and running. They use tracking cookies to show a greater variety of advertisements, and to show more relevant advertisements.
- Google: We use Google Analytics to identify how our site is being used. Google Analytics stores anonymous data about your visit to aggregate information about page visits, such as how many people visited certain pages, the bounce rate and the average amount of time people spent on a page. We also use Google Search to allow our users to search through our content. Google may store your search history when you use this search functionality.
- Facebook: We use a facebook widget in the sidebar of our homepage. Liking our page allows us to more easily reach our community on Facebook, as well as generate exposure for our site on facebook. Users may also link their RuneHQ account to their Facebook account. This action shares information to facebook that you use RuneHQ, as well as when you log into RuneHQ.
- Twitter: Users may link their RuneHQ account to their Twitter account. This action shares information to twitter that you use RuneHQ, as well as when you log into RuneHQ.
- Discord: We use a widget of the text and voice-chat platform Discord on one of our pages. Using this widget will share your information with them.
We are committed to keeping your personal and sensitive data safe. We do this partly by ensuring that we only require users to store essential personal data, and that this personal data is only visible to a small number of people. We make sure that personal or sensitive data only used for verification is stored in an encrypted format (e.g. hashing). We make sure that our website is only available through the secure https protocol to ensure that communication between the user and our server is always single-way encryption and not decrypted by any third party (a so-called man-in-the-middle attack).
If the user is an EU resident, they may have certain rights including: The right not to provide your personal
information to us; the right of access to your personal information; the right to request rectification of
your personal information; the right to erase or restrict personal information we have on the user;
the right to object to processing of your personal information; the right to withdraw previously given
consent on processing personal information and the right to lodge complaints with supervisory authorities.
Before we can process any requests we need to verify the identity of the user.
Users can keep their personal data up-to-date by logging into their account and modifying their account. If the user has no access to their account, they can reset their password through their email address. If the user has no access to their email address they may contact us through our contact form.
When a user wants us to erase their personal information, or restrict what personal information we have on them, they can usually do this themselves by modifying their profile. If there is personal information that the user cannot delete themselves, they can contact our staff through our contact form. Please be aware that information related to the security of our services, or the health of our community, cannot be deleted. This includes bans on an account or ip address. Also be aware that deletion of some personal information may result in revokation of rights, as we are no longer able to verify eligibility of having those rights.