Last Updated: 9/1/2023
2. Data Collection
When engaged to provide moderation services, we may receive and process the following types of data:
3. Use of Data
Legal Basis for Processing
We serve as a Data Processor under GDPR and other applicable privacy laws. Our legal basis for data processing is grounded in contractual agreements with game developers, who act as Data Controllers.
Game developers are responsible for obtaining explicit consent from players for data collection and processing, in accordance with End-User License Agreements (EULAs) or similar agreements. This consent extends to the data processing activities carried out by GGWP.
We receive data from game developers, who have collected it from players through EULAs or equivalent agreements. This data is used exclusively for Community Management activities, including:
Each data component mentioned in Section 2 is crucial for assessing whether an event should be flagged as an incident and for determining its severity. Our proactive approach allows for the effective and scalable management of gaming communities.
We do not use this data for marketing, third-party sharing, or any other purposes unless explicitly authorized by the game developer or as required by law. No third-party tools are used for data processing.
4. GDPR Compliance
GGWP is committed to complying with the General Data Protection Regulation (GDPR). As a data processor, we adhere strictly to the data protection principles laid out in the regulation and work diligently to uphold the rights of European Union data subjects. We ensure that appropriate safeguards are in place for the transfer and processing of personal data from the EU.
For any GDPR-related inquiries or to exercise your GDPR rights, please contact the game developer with whom you have a data agreement. The developer, as the data controller, will then liaise with us as necessary.
5. Child Privacy (COPPA Compliance)
GGWP does not knowingly process information for children under 13 years old. We serve as a service provider as defined under the California Consumer Privacy Act (CCPA) and as a data processor under the General Data Protection Regulation (GDPR). We rely on our end customers (game developers, acting as Data Controllers) to ensure that user information pertaining to children under 13 is not passed to us for processing. Should we become aware that such information has been provided, we will take immediate steps to remove it.
6. Data Retention
We retain game data only for the duration necessary to fulfill our moderation duties. Once our contractual obligations are met, or if the data is no longer required, it is securely deleted or anonymized. The default retention period is 6 months unless otherwise specified by the game developer. A longer
retention period may apply for specific users in cases where there is belief of a potential safety violation or per the request of the game developer or law enforcement.
7. Data Protection
We implement robust technical and organizational measures to protect the data we handle. This includes:
8. Data Transfers
We retain data in the geographical region from which it was originally transmitted. This practice is in line with our commitment to comply with regional data protection laws, including the General Data Protection Regulation (GDPR) for data originating from the European Union.
9. Rights of Data Subjects (e.g., Players)
Under the GDPR and other privacy regulations, individuals may have the right to:
To exercise any of these rights, players should contact the game developer with whom they have a data agreement. The developer, (as the data controller as defined under GDPR language), will then liaise with us, their data processor, as necessary.
10. Third-Party Sharing
We do not sell or rent the data we handle to third parties. Data may only be shared with third parties if:
11. Updates to this Policy
12. Contact Us
If you have questions or concerns about our data handling practices, please contact us at: firstname.lastname@example.org