PRIVACY POLICY

GGWP Privacy Policy

 

Last Updated: 9/1/2023

 

1. Introduction

At GGWP, we are committed to ensuring the privacy and security of the data we handle. This Privacy Policy outlines how we manage, use, and safeguard the personal data of game players that is provided to us for the purpose of moderation and community management.

 

2. Data Collection

When engaged to provide moderation services, we may receive and process the following types of data:

  • Usernames and/or user IDs
  • Chat logs or in-game communications
  • Gameplay activity and statistics
  • Reports or complaints made by or about users
  • Relationships between players
  • Match or session information
  • Flagged incidents from the game or other vendors
  • Other player information provided by the game for the purposes of
    moderation or community management

3. Use of Data

 

Legal Basis for Processing

We serve as a Data Processor under GDPR and other applicable privacy laws. Our legal basis for data processing is grounded in contractual agreements with game developers, who act as Data Controllers.

Explicit Consent

Game developers are responsible for obtaining explicit consent from players for data collection and processing, in accordance with End-User License Agreements (EULAs) or similar agreements. This consent extends to the data processing activities carried out by GGWP.

We receive data from game developers, who have collected it from players through EULAs or equivalent agreements. This data is used exclusively for Community Management activities, including:

  • Enforcing game community guidelines and rules.
  • Creating a safe and respectful gaming environment.
  • Assisting game developers in making informed decisions about user
    behavior.

Each data component mentioned in Section 2 is crucial for assessing whether an event should be flagged as an incident and for determining its severity. Our proactive approach allows for the effective and scalable management of gaming communities.

We do not use this data for marketing, third-party sharing, or any other purposes unless explicitly authorized by the game developer or as required by law. No third-party tools are used for data processing.

4. GDPR Compliance

GGWP is committed to complying with the General Data Protection Regulation (GDPR). As a data processor, we adhere strictly to the data protection principles laid out in the regulation and work diligently to uphold the rights of European Union data subjects. We ensure that appropriate safeguards are in place for the transfer and processing of personal data from the EU.

 

For any GDPR-related inquiries or to exercise your GDPR rights, please contact the game developer with whom you have a data agreement. The developer, as the data controller, will then liaise with us as necessary.

5. Child Privacy (COPPA Compliance)

GGWP does not knowingly process information for children under 13 years old. We serve as a service provider as defined under the California Consumer Privacy Act (CCPA) and as a data processor under the General Data Protection Regulation (GDPR). We rely on our end customers (game developers, acting as Data Controllers) to ensure that user information pertaining to children under 13 is not passed to us for processing. Should we become aware that such information has been provided, we will take immediate steps to remove it.

6. Data Retention

We retain game data only for the duration necessary to fulfill our moderation duties. Once our contractual obligations are met, or if the data is no longer required, it is securely deleted or anonymized. The default retention period is 6 months unless otherwise specified by the game developer. A longer
retention period may apply for specific users in cases where there is belief of a potential safety violation or per the request of the game developer or law enforcement.

7. Data Protection

We implement robust technical and organizational measures to protect the data we handle. This includes:

  • Encryption of data at rest (AES-256) and in transit (TLSv1.2).
  • Regular security audits and assessments.
  • Access controls to ensure only authorized personnel can access the
    data.
  • Please see GGWP Security Policy for more details

 

8. Data Transfers

We retain data in the geographical region from which it was originally transmitted. This practice is in line with our commitment to comply with regional data protection laws, including the General Data Protection Regulation (GDPR) for data originating from the European Union.

9. Rights of Data Subjects (e.g., Players)

Under the GDPR and other privacy regulations, individuals may have the right to:

  • Request access to their personal data.
  • Ask for corrections to inaccurate data.
  • Request deletion of their data.
  • Object to or restrict processing of their data.
  • Request data portability.

To exercise any of these rights, players should contact the game developer with whom they have a data agreement. The developer, (as the data controller as defined under GDPR language), will then liaise with us, their data processor, as necessary.

10. Third-Party Sharing

We do not sell or rent the data we handle to third parties. Data may only be shared with third parties if:

  • It’s part of the service we offer in conjunction with a third-party tool or platform.
  • It’s required by law or in response to a legal request.
  • It’s necessary to protect the rights, property, or safety of GGWP, our clients, or the public.

 

11. Updates to this Policy

We may update this Privacy Policy from time to time and will alert customers of any planned material changes by email.

12. Contact Us

If you have questions or concerns about our data handling practices, please contact us at: privacy@ggwp.com