To maintain compliance with the GDPR we will be making some changes. The first of which is IP logs will no longer be backed up in point-in-time backups.
Right To See Collected Personal Data
Currently, some of this data is not immediately visible. We don’t collect much actual personal data. The main thing we collect is your email (which you can already see) and logs of you logging into the game and site (which is just your IP tied to your username). We will be making IP logs available on the account page on our new website. In the meantime, you can request this manually via support if you want it for some reason.
We also log in-game actions, but these actions are not considered personal data. You can manually request this data but it is extremely large and fairly useless as it’s raw data that won’t mean much to you. It is mostly in-game item actions like kills/deaths and item transactions, like picking up an item or trading something. It may take some time to get this data if you request it because of how large the data is (every time you move an item to storage, pick up an item, trade an item, buy something, etc, a log entry is generated — it’s a lot of data). We may refuse this request at our discretion. It takes a lot of time to gather this data as we do not usually process it or do much with it except in abuse cases (i.e. hacked accounts, etc).
Right To Be Forgotten
We’ll also be adding a self-help option to “be forgotten”. When you make a request to “be forgotten” the following will happen:
- The account will be disabled from logging in to the game
- The password will be invalidated. (it will not be made random, it will actually be 100% invalid similar to setting it to NULL)
After 30 days have passed the following will happen:
- Your username will be set to random characters.
- The email address on the account will be removed.
- Ban data will be cleared of the note field, but the reason code will remain (i.e. the code for harassment will remain, but the names or text saying who/what you did will be removed)
- IP log data will remain but will no longer be identifiable unless you maintain other accounts on the server.
- Item transaction data will remain. This is needed to maintain the server. As your account has been disassociated it will no longer be connected to you personally.
- Log data related to payments will remain as it is required by local law. This may contain the email address you used to make the payment (PayPal email).
- Forum posts will remain and will be changed to have been posted by a guest account. If you wish specific posts be deleted you can already self-delete most posts and should do that before requesting to be forgotten.
If you want your characters deleted you should do that manually before using the “forget me” option. If you request to be forgotten it will be impossible to cancel the request, even staff will not be able to cancel it. Be sure it’s what you want before you do it. The email address on your account must be valid in order to process an automatic request. If 2FA is enabled you will also need to enter your 2FA code. If you no longer have access to your email account you’ll have to follow the procedures for email account recovery before you can use the automated system. If you do not wish to do that you can also prove your identity via manual processing. This involves sending us a copy of your ID and other information to prove the request is coming from you. Once the request is processed the data you sent us to prove your identity will be permanently destroyed. Manual requests can only come from players based in the EU, players outside the EU must use the automatic option.
The GDPR provides protection for your identity and does not make you immune to bans. If you are banned you can still request to “be forgotten” but this will not remove the ban. We reserve the right to keep email addresses and IP data if we feel it’s necessary to maintain the security/operational stability of the server. Effectively, this means we will keep this data if we want to keep you off the server and feel it’s needed. This is along the lines of a provision in the GDPR and is not believed to be a violation of it. We can keep data we feel we need regardless of your request.
Please note, while we are doing our best to follow the GDPR we have no locations in or ties with the EU and we do not specifically target citizens that are members of EU. We also do not process data for marketing purposes, which is the main target of the GDPR. Our data processing is limited to game activities, we do not process location data or player habits. The little processing of sales records we do is only to determine product popularity (i.e. best selling) not who is buying what. As such, we are not actually subjected to the GDPR conditions. We follow them because we believe they are a good idea, not because we have to.
P.S. Per the GDPR you can still request a manual “forget me” via support.rebirth.ro in the meantime but we suggest you wait for the automatic option.
Other GDPR Conditions