Difference between revisions of "Stardew Valley Wiki:Privacy policy"
Margotbean (talk | contribs) |
Margotbean (talk | contribs) |
||
Line 137: | Line 137: | ||
We protect your Personal Data through a combination of collection, security, and retention policies. | We protect your Personal Data through a combination of collection, security, and retention policies. | ||
+ | <ul> | ||
+ | <li><u>Limited retention</u>. We only keep your Personal Data for as long as we need it for business and operational needs or to comply with any statutory, regulatory, or legal obligations. For example, we may retain Personal Data collected from you to support customer service inquiries and prevent repeated violations or suspected violations of our Terms of Use if your account has been banned or your access to the Services has been disabled for any reason.</li> | ||
− | + | <li><u>Purpose limitation</u>. We will use your Personal Data only for the Services you choose to access and for the purposes for which you choose to share it. We will respect your requests to start or stop processing your Personal Data for marketing purposes, as well as the types of marketing messages you may wish to receive.</li> | |
− | + | <li><u>Security measures</u>. We use appropriate measures to ensure a level of security appropriate to the risk involved and have implemented contractual, technical, administrative, and physical security measures designed to protect Personal Data from unauthorized access, disclosure, use, and modification. For example, we use a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted. Such information is only accessible by those authorized with special access rights to such systems and that are required to keep the information confidential, subject to any additional requirements imposed by our contract with them and applicable law. As part of our privacy compliance processes, we review these security procedures on an ongoing basis to consider new technology and methods as necessary. However, please understand that our implementation of security measures as described in this Policy does not guarantee the security of your Personal Data. | |
− | + | <ul style="list-style-image: none; list-style-type: circle;"> | |
− | + | <li>In the event of a security breach, we will notify the proper regulatory authorities and any affected users of the breach within 72 hours after we become aware of the breach.</li> | |
− | + | </ul> | |
+ | </li> | ||
+ | </ul> | ||
<u>Your Practices and Activities</u> | <u>Your Practices and Activities</u> | ||
Line 197: | Line 201: | ||
The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“'''CCPA'''”): | The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“'''CCPA'''”): | ||
− | + | <ul> | |
− | + | <li>In the preceding 12 months, we disclosed the categories of Personal Data listed below for business purposes: | |
− | + | ||
− | + | <ul style="list-style-image: none; list-style-type: circle;"> | |
− | + | <li>''Identifiers'': your first and last name, email address, username, IP address, Steam ID, signature, billing and shipping address, telephone number, and online identifiers such as a key, token, or ID session.</li> | |
− | + | ||
+ | <li>''Commercial information'': your purchase history (''e.g.,'' value and details of purchase).</li> | ||
+ | |||
+ | <li>''Internet or other similar network activity'': your interaction with the Services and advertisements, including the number of page visits, duration, and type of browser.</li> | ||
+ | |||
+ | <li>''Categories of Personal Data described in Section 1798.80(e) of the California Customer Records'': your first and last name, signature, billing and shipping address, payment information, and telephone number.</li> | ||
+ | |||
+ | <li>''Other categories'': your gameplay information and phone model or the content that you share publicly in the Forum or Wiki, for example, or provide to us when you contact us directly.</li> | ||
+ | </ul> | ||
+ | </li> | ||
+ | |||
+ | <li>In the preceding 12 months, we have not sold Personal Data. We only disclose Personal Data to service providers.</li> | ||
+ | |||
+ | <li>You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you, to the extent retained by us:</li> | ||
− | + | <ul style="list-style-image: none; list-style-type: circle;"> | |
+ | <li>The categories of Personal Data we collected about you.</li> | ||
+ | <li>The categories of sources for the Personal Data we collected about you.</li> | ||
+ | <li>Our business or commercial purpose for collecting or selling that Personal Data.</li> | ||
+ | <li>The categories of third parties with whom we share that Personal Data.</li> | ||
+ | <li>The specific pieces of Personal Data we collected about you (also known as a data portability request).</li> | ||
+ | <li>If we sold or disclosed your Personal Data for a business purpose, two separate lists disclosing: (a) sales, identifying the Personal Data categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.</li> | ||
+ | </ul> | ||
+ | </li> | ||
− | + | <li>You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to: | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | <ul style="list-style-image: none; list-style-type: circle;"> | |
− | + | <li>Complete the transaction for which we collected the Personal Data, provide the Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;</li> | |
− | + | <li>Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;</li> | |
− | + | <li>Debug the Services to identify and repair errors that impair existing intended functionality;</li> | |
− | + | <li>Exercise free speech, ensure the right of another user to exercise their free speech rights, or exercise another right provided for by law;</li> | |
− | + | <li>Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);</li> | |
− | + | <li>Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;</li> | |
− | + | <li>Enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us;</li> | |
− | + | <li>Comply with a legal obligation; or</li> | |
− | + | <li>Make other internal and lawful uses of that information that are compatible with the context in which you provided it.</li> | |
+ | </ul> | ||
+ | </li> | ||
+ | </ul> | ||
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: | We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: |
Revision as of 02:08, 2 December 2021
Effective Date: November 30, 2021
ConcernedApe LLC, a Washington limited liability company (“ConcernedApe”, “we”, “us” and their derivatives) makes this policy available to users of our websites, including stardewvalley.net and its subdomains (collectively, the “Websites”), the Stardew Valley® videogame (the “Game”), the Stardew Valley Forum, including forums.stardewvalley.net and its subdomains (collectively, the “Forum”), the Stardew Valley Wiki, including stardewvalleywiki.com and its subdomains (collectively, the “Wiki”), the Stardew Valley Shop, including shop.stardewvalley.net and its subdomains (collectively, the “Shop”), and other online services or products we may provide (with the Websites, Game, Forum, Wiki, and Shop, collectively, the “Services”).
- 1. What does this Privacy Policy cover?
This Privacy Policy (this “Policy”) sets forth how we collect, use, protect, store, disclose, and otherwise process your Personal Data (defined below). This Policy does NOT apply to information you provide to any third party or is collected by any third party (except as otherwise provided below). For example, third-party gaming platforms and mobile app stores such as Steam, PlayStation, Microsoft Store, Google Play, and Apple App Store may collect your Personal Data as you download and play the Game (each a “Third-Party Gaming Platform”). Personal data collected by a Third-Party Gaming Platform is subject to such Third-Party Gaming Platform’s privacy policy (e.g., Steam Privacy Policy, PlayStation Privacy Policy, Microsoft Privacy Policy, Google Privacy Policy, and Apple Privacy Policy).
By using our Services, you are confirming that you understand English well enough to understand this Policy. Should you have questions about this Policy, please contact us by emailing us at [email protected], so we can clarify and address your questions. |
- 2. How do we process children’s Personal Data?
We do not knowingly collect Personal Data from anyone under 13 years of age. Our Services are directed to people who are at least 13 years old. If you are under 13, do not submit any Personal Data about yourself to us. If you become aware that a child under the age of 13 has provided us with Personal Data, please contact us at [email protected], so we may remove the Personal Data. |
- 3. What types of Personal Data do we collect and how do we collect it?
We may collect different types of information from you depending on how you use our Services, including Personal Data. “Personal Data” means information that relates to an identified or identifiable natural person.
We may also collect information that does not generally identify you but may become associated with your account. We may use information that does not identify you for any permissible business purpose under applicable law. |
- 4. For what purposes do we collect your Personal Data?
Generally
We do not use automated decision-making in connection with the processing of your Personal Data.
Lawful Basis We only collect, use, or store your Personal Data if:
|
- 5. In what situations do we disclose your Personal Data?
Third Party Service Providers
We may disclose your Personal Data to a third party such as a service provider for a business purpose. When we disclose Personal Data for a business purpose, we enter into a contract with the service provider that describes the purpose and requires the service provider to both keep that Personal Data confidential and not use it for any purpose except performing the contract. These service providers (e.g., e-commerce service providers and data analytic service providers) may assist us with our Websites, Forum, Wiki, or Shop, including monitoring posts to the Forum or providing and improving the Services. Others We may also disclose your Personal Data:
|
- 6. How do we treat Personal Data transferred to the U.S.?
Place of Business
We may store or process your Personal Data outside of the country where we collect the information or the country in which you reside. Our primary place of business is Washington, United States of America. You should understand that we may transfer some or all of your Personal Data to the United States of America to carry out certain operational and processing needs as described in this Policy. Transfer Mechanisms When transferring Personal Data out of foreign territories, we implement technical, organizational, and physical safeguards to protect your Personal Data. We use European Commission approved standard contractual clauses and implement related measures when required by applicable law. Please contact us if you have questions related to the relevant transfer mechanism for your Personal Data. |
- 7. How is my Personal Data protected?
Our Retention, Purpose Limitation, and Security Policies
We protect your Personal Data through a combination of collection, security, and retention policies.
Your Practices and Activities Your practices and activities are likewise very important for the protection of your Personal Data. You can take certain steps to help protect your Personal Data, such as being mindful of what you share publicly on the Services. For example:
Users should also not pick a password that is easy to guess and should not share their password. Please remember that we have no control over what third parties do with the content of your communications and no responsibility or obligation regarding third parties. |
- 8. What rights do you have to your Personal Data?
Right to Access, Correct, Delete, or Restrict Processing
Subject to any limitations and exceptions under applicable law, you have the right to request access to your Personal Data and exercise the following rights:
We will comply with your requests in accordance with, and subject to, applicable law. For example, we are not required to delete your Personal Data if we have an overriding legitimate ground for retaining that information, such as to prevent fraud. Please note that we are legally prohibited from carrying out requested actions in some instances, including (1) when we are unable to confirm your identity, (2) where the request is considered excessive, and (3) where doing so would adversely affect the rights or freedoms of other individuals. We Are Here to Help Please email us at [email protected] with the subject line “Data Subject Access Request” if you would like to exercise any of the rights described above or if you have questions regarding your rights. Right to Complain You have the right to lodge a complaint regarding our collection, storage, or processing of your Personal Data with a data protection supervisory authority in the country where you live or work. |
- 9. Additional Notice for California Residents
California Consumer Privacy Act of 2018
The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“CCPA”):
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Verifiable Consumer Requests. To exercise your rights described above, please email us at [email protected] with the subject line “CCPA” or mail your request to ConcernedApe LLC, Attn: Privacy, 701 N. 36th St., Suite 200, Seattle, WA 98103. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm that the Personal Data relates to you. Making a verifiable consumer request does not require you to create a profile with us. We will only use Personal Data provided in a verifiable consumer request to verify your identity or authority to make the request. Response Timing and Format. We endeavor to respond to a verifiable consumer request within 30 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have a profile with us, we will deliver our written response to that profile. If you do not have a profile with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. |
- 10. How will we notify you of changes to this Policy?
We reserve the right to change this Policy from time to time consistent with applicable law. If we make changes to this Policy, we will notify you by revising the date at the top of this Policy, and in some cases, we may provide you with additional notice (such as adding a statement in the Game or the homepages of our Services, or sending you an email notification). |
- 11. How can someone contact us?
If you have questions, you may email us at [email protected].
If you are a law enforcement agency, please email us at [email protected] with your request for Personal Data with the subject line “Law Enforcement Request.” |