BG:TSCC Privacy Policies

Getting Started and Connecting, Changelogs and Announcements

Moderator: Moderator

Locked
Administrator
Forum Moderator
Posts: 282
Joined: Sat Mar 28, 2009 5:14 pm

BG:TSCC Privacy Policies

Unread post by Administrator » Thu Jun 21, 2018 10:25 pm

[ original post by Maecius ]
BG:TSCC Website Privacy Policy


I. Overview

Baldur's Gate: The Sword Coast Chronicles (BG:TSCC) is a personal hobby community hosted and operated by volunteers. We operate a forum website and a Neverwinter Nights 2 (NWN2) game server for use by our players. This privacy policy covers the website.

BG:TSCC does not operate in a professional capacity, and it does not operate as a business. Users voluntarily opt-in to forum and game server use, and will not be charged for either service. Users may donate to the server via PayPal if users choose to do so. See PayPal's privacy policy for more information on how data is handled through this platform. As we lack a team of lawyers or paid IT professionals, PayPal's Privacy Policy has been the model for our own.

This Privacy Policy is designed to inform you as to what information is collected and processed through the BG:TSCC forum website, as well as to give you a means to ensure your "right to be forgotten."

BG:TSCC is not a formalized entity or company. BG:TSCC is also not administered from a European Union member nation, although the website is hosted in one. The website and game server privacy policy are, nonetheless, designed with General Data Protection Regulation (GDPR) policies and guidelines in mind in an effort to provide users with the best possible services and protections.

The website is individually paid for by Global Administrator, Maecius. All server donations are used exclusively to help pay for the server, the website, and related expenses.

Questions about data collection and deletion should be addressed to the Global Administrators, Endelyon and Maecius, or to the Forum Developer, Zanniej.

By signing up for and using BG:TSCC's services, you are consenting to the collection of your data as described in this Privacy Policy.

II. What Personal Data Do We Collect?

Baldur's Gate: The Sword Coast Chronicles may collect information about you when you visit this website.

This may include the following:

Email Address: We will collect your email address when you create a new account for the forum. This email address will be used to send you registration information and to confirm you are a real person. This email address will not be used for sending you mass emails (except in the event of a security breach, see section X. below), nor will it be sold or transferred to third parties. The forum host company, one.com, and global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen) will be the only parties who have access to your email address.

Username and Password: Your chosen username and password will be utilized by the website as a means to log into your personal account. This information will only be used to grant you access to your account. Your username will be visible to all forum users, including nonregistered users. Your password cannot be accessed by anyone on staff, but it can be reset if needed by forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen).

IP Address: Whenever you utilize a website, you are leaving a digital fingerprint called an IP Address. This address can be used to identify your ISP (Internet Service Provider) and rough geospatial location. BG:TSCC logs and uses this address to ban forum users who are out of compliance with the forum's rules, and to establish access to the service. Your IP Address will be shared with one.com, the forum host, as part of establishing access to the forum, but will not be shared with any other parties. One.com, the forum host, and global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen) will have access to your IP Address.

Date of Birth: Users may voluntarily opt-in to listing their birthday on their user profile. This may be changed or turned off at any time by the user. If you opt-in to this feature, your age will be visible to all users who view your profile. Your birth month and day will display at the bottom of the forum on the day of your birth, as well, as a "happy birthday" message. Again, this will only happen if you voluntarily list your birthdate.

Social Media, Contact, Website, and Location Information: Users may voluntarily opt-in to listing their social media and contact information, as well as personal websites and other personal information (such as hobbies and interest and location) on their user profile. This information is stored on the database at one.com for as long as you have it in your profile. This information is visible to all users who view your profile. You may delete it at any time by adjusting your profile.

Forum Activity Logs: The forum will log when you join or leave usergroups, when you delete posts, when you are warned by forum moderators, when you change your preferred email, when you change your password, when you take a moderator action (as a forum moderator or a guild forum moderator), and so on. This information is stored on the database at one.com and will be accessible to global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen). Forum moderators will have access to user warnings and action logs as well.

Personal Posts: Anything you post to the forum will be visible to other forum users. Private forums will be visible to the users in that usergroup, as well as DMs and global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen). You may request that all of your posts be deleted using the "right to be forgotten" process described below. Your private messages (PMs) are stored on an internal website server database, and can be accessed by forum account administrators (currently: Maecius, Endelyon, and Zanniej). These will not be shared with others.

Disciplinary Logs, Character Notes, Player Requests, and Other Information: Information about your trends and behavior on the server, both in and out of character, may be retained in logs and records as a means to track behavior and protect server and forum users from hostile behavior. In character notes may be kept to ensure that your character's actions in regards to the game environment (and NPC attitudes towards them) are accurately kept. This information may be accessible to senior forum staff, ADMs, DMs, and, or, Forum Moderators.

Third-Party Data: Information about you from third-party sources may be processed by BG:TSCC (for example, Maecius will be able to see your PayPal email if you make a donation to the server through PayPal).

Other Information Related to Your Use of BG:TSCC's Forum or Services: We may collect additional information from or about you when you communicate with us, contact staff groups, we run activity logs, or when you respond to a survey or poll.

III. Why Do We Retain Personal Data?

We retain data only to enable access to BG:TSCC's services, to track behavior in order to protect the majority of users from hostile or unfriendly users, to log and understand user trends, and to ensure that the game world has a continuity of experience for players (for example, if your character becomes an outlaw in a storyline event, we may retain a note on that so that other characters and storytellers know that your character is a wanted man or woman).

We may retain data even after a user stops using our services (historical posts, former notes, usernames in the database so that they can be recovered should the user return to the game, etc.). Users may request that this data (posts, user accounts, etc.) be deleted, with the understanding that once the data is gone we will be unable to recover it for you.

IV. How Do We Process Your Data?

We may process your information for the following reasons:
  • To operate the forum website and offer you game services, including to:
    • - enable user access to personal accounts;
    • - authenticate your access to your personal account;
    • - to communicate with you about your account, the forum, BG:TSCC's services, or relevant PayPal transactions;
    • - create an account connection between your account and a third-party account or platform if necessary.
  • To manage your access to BG:TSCC's website and services. To utilize this website, you must enable cookies. These technologies allow the website to function, to keep you automatically logged in on computers you trust, and so on. Web traffic and data generated through BG:TSCC is not sold to third parties.
  • To comply with our obligations to our hosts, and to enforce the terms of our services, by initiating user bans, etc., where appropriate or necessary.
  • To respond to your requests, for example to contact the server's volunteer staff about a question you have.
We will keep your data on record for as long as the website is operating, unless you request we delete it (see section VIII below). This allows you to take breaks from our services and return at a later date without losing access to your accounts.

V. Do We Share Your Data?

We may share your data or other information about you with others in a variety of ways as described in this section of the Privacy Policy.

We may share your data or other information for the following reasons:
  • With volunteer staff members: We may share data generated in-house (such as public CD keys and behavior logs, not emails, for example) between and with staff members in order to ensure that services can be provided, to enable Dungeon Masters (DMs) to track character information, and so on.
  • With the other parties or service providers as necessary to ensure their services: We may, for example, share information with our host website in order to ensure your access to their services.
  • With other third parties as permitted or required by law: We will comply with authorized law enforcement requests and legal requirements as necessary. To date, we have never had one of these requests, but in the interest of transparency, we would be required to comply with them.
  • With your consent: We also share your data and other information with your consent or direction, for example if you personally place it on your public user profile.
In addition, BG:TSCC may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why users visit our sites and use our services. If this occurs, this data will not personally identify you or provide information about your use of the sites or services. We do not share your personal data with third parties for their marketing purposes.

VI. How Do We Work with Other Services and Platforms?

We only use your data to connect to and enable the other services and platforms we rely upon to provide you the services you sign up for here. Namely, our host website to grant you access to the website and wiki.

VII. How Do We Use Cookies and Tracking Technologies?

When you visit our sites, use our services, or visit a third-party website linked through our services, we may use cookies and other tracking technologies to recognize you as our user and to customize your online experiences. Certain aspects and features of our services and sites are only available through the use of Cookies (to keep yourself logged in automatically, for example, which is a box you may choose to toggle on when logging into the forum), so if you choose to disable or decline Cookies, your use of the sites and services may be limited, or not work at all.

VIII. What Privacy Choices Are Available To You?

You have choices when it comes to the privacy practices and communications described in this Privacy Policy.

The first choice, is, of course, in whether you decide to use these services in the first place.

You also have a "right to be forgotten" choice. If you would like your username and all of your posts deleted, you may contact the global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen) to request that they delete your account and user posts. Keep in mind that if they are deleted they are not recoverable and you have given up all future access to them.

Deletions will not occur when the data in question is needed for a legitimate purpose, such as the consistency and continuity of DM campaigns. Legitimacy of purpose will be determined on a case-by-case basis. If ruled legitimate, the post in question may be moved to a more private area of the forum (such as where the DMs discuss campaigns and share event notes), or the post's author may be changed to a neutral placeholder account to divorce the message from the original author, but these things may also not occur if doing either would damage the continuity of the server's public storyline.

You may request a copy of the personal data we have on you (e.g., email address on file, IP address on file, etc.) by contacting the global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen).

Please note that to request data or to request the deletion of data, you must demonstrate control over the account you are contacting us about, and over the email address associated with that account. This two-step (by Private Message and by email) verification requirement is to protect users against data loss and privacy violations.

IX. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls at the hosting data centers, and information access authorization controls. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the data we maintain about you is accurate and current. We are not responsible for protecting any data that we share with a third-party based on an account connection that you have authorized. We are also not responsible for protecting any data that you elect, voluntarily, to share with others in a public forum.

X. What Happens If We're Breached?

If we detect a security breach, or unauthorized loss of data, we have 72 hours to notify you (from the time when we first become aware of the security issue). We will likely do this through a mass email, in the event that it becomes necessary. This will be the only time we send out a mass email (i.e., if there's a breach of the website or the server), and this will only be done to ensure that you are aware of the issue. A breach announcement will also be posted to the forum as a "state of the server" message, with information on what you can do to protect yourself (changing passwords, emails, etc.).

XI. Can Children Use Our Services?

The sites and services are not directed to children under the age of 13. We do not knowingly collect information from children or other individuals who are not legally able to use our sites and services. To sign up for website services, users must affirm that they are 13 years of age or older. If we obtain actual knowledge that we have collected data from a child under the age of 13, we will promptly delete it, unless we are legally obligated to retain such data. Contact the global forum administrators (currently: Maecius, Endelyon, Zanniej, DM Boo, DM Theophanies, and DM Arrakeen) if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13.

XII. Changes to this Privacy Policy

This Privacy Policy may be changed or updated from time to time, to clarify things, to bring it more into compliance with privacy laws, or to otherwise improve transparency and your access to information about your privacy. When changes occur, we will post them to the Community Information forum, likely as a "state of the server" announcement as well as an update post to this thread.

Administrator
Forum Moderator
Posts: 282
Joined: Sat Mar 28, 2009 5:14 pm

Re: BG:TSCC Privacy Policies

Unread post by Administrator » Thu Jun 21, 2018 10:39 pm

[ original post by Maecius ]
BG:TSCC Server Privacy Policy


I. Overview

Baldur's Gate: The Sword Coast Chronicles (BG:TSCC) is a personal hobby community hosted and operated by volunteers. We operate a forum website and a Neverwinter Nights 2 (NWN2) game server for use by our players. This privacy policy covers the game server.

BG:TSCC does not operate in a professional capacity, and it does not operate as a business. Users voluntarily opt-in to forum and game server use, and will not be charged for either service. Users may donate to the server via PayPal if users choose to do so. See PayPal's privacy policy for more information on how data is handled through this platform. As we lack a team of lawyers or paid IT professionals, PayPal's Privacy Policy has been the model for our own.

This Privacy Policy is designed to inform you as to what information is collected and processed through the BG:TSCC game server.

BG:TSCC is not a formalized entity or company. BG:TSCC is also not administered from a European Union member nation, although the website is hosted in one. The website and game server privacy policy are, nonetheless, designed with General Data Protection Regulation (GDPR) policies and guidelines in mind in an effort to provide users with the best possible services and protections.

The game server is hosted in North America.

The server is individually paid for by Global Administrator, Maecius. All server donations are used exclusively to help pay for the server, the website, and related expenses.

Questions about data collection and deletion should be addressed to the Global Administrators, Endelyon and Maecius, or to the Forum Developer, Zanniej.

By signing up for and using BG:TSCC's services, you are consenting to the collection of your data as described in this Privacy Policy.

II. What Personal Data Do We Collect?

Baldur's Gate: The Sword Coast Chronicles may collect information about you when you utilize the game server.

Information collected may include the following:

Username and Public NWN2 CD Key: Your chosen username and your Public NWN2 CD Key will be utilized by the host server and the game client as a means to log into your personal user account. This information will only be used to grant (or remove, in the case of a player ban) access to your account. Your username will be visible to all game client users. Your Public CD Key will only be accessible to those with access to the host server (currently: Maecius, Endelyon, DM Boo, DM Theophanies, DM Arrakeen, Valefort, Chambordini, Rasael), but may be shared with the ADMs and DMs in disciplinary logs. The server does not process (or have access to) your full CD Key, and we cannot retrieve it for you if you lose it. The server does not process (or have access to) your game user account password, and the GameSpy servers that collected that information have been taken down.

IP Address: Whenever you connect to the server, you are leaving a digital fingerprint called an IP Address. This address can be used to identify your ISP (Internet Service Provider) and rough geospatial location. BG:TSCC logs and uses this address to enable access to the server, as well as to ban server users who are out of compliance with the server's rules. Your IP Address may be shared with OVH, the server host, as part of establishing access to the forum, but will not be shared with other third parties. OVH, the server host, and those with access to the host server (currently: Maecius, Endelyon, DM Boo, DM Theophanies, DM Arrakeen, Valefort, Chambordini, Rasael) will have access to your IP Address(es).

Server Activity Logs: We may track activities on the server (log-ins, log-outs, certain actions like item exploits, breaking 3 by 20 rule, illegal domains, etc.). We do not track user Chat and Tell communication on the server, except when troubleshooting or when supplying voluntary extension functions for player convenience. Other players may log their own communications using widely available and popular conversation loggers, and we are not responsible for protecting any of the data you voluntarily share with other users in this way.

Other Information Related to Your Use of BG:TSCC's Game Services: We may collect additional information from or about you when you communicate with us, contact staff groups, or we run activity logs or exploit searches.

III. Why Do We Retain Personal Data?

We retain data only to enable access to BG:TSCC's services, to track behavior in order to protect the majority of users from hostile or unfriendly users, to log and understand user trends, to protect your account from unauthorized access, and to ensure that the game world has a continuity of experience for players.

We may retain data even after a user stops using our services (such as your username and associated character files). Users may request that this data be deleted, with the understanding that once the data is gone we will be unable to recover it for you.

IV. How Do We Process Your Data?

We may process your information for the following reasons:
  • To operate the game services to:
    • - enable user access to personal accounts;
    • - authenticate your access to your personal account;
    • - communicate with you about your account, rules, or BG:TSCC's services;
    • - create an account connection between your account and a third-party account or platform if necessary.
  • To comply with our obligations to our hosts, and to enforce the terms of our services, by initiating user bans, etc., where appropriate or necessary.
  • To respond to your requests, for example to contact the server's volunteer staff about a question you have.
We will keep your data on record for as long as the server is operating, unless you request we delete it (see section VII below). This allows you to take breaks from our services and return at a later date without losing access to your character accounts.

V. Do We Share Your Data?

We may share your data or other information about you with others in a variety of ways as described in this section of the Privacy Policy.

We may share your data or other information for the following reasons:
  • With volunteer staff members: We may share data generated in-house (such as public CD keys and behavior logs, not emails, for example) between and with staff members in order to ensure that services can be provided, to enable DMs to track character information, and so on.
  • With the other parties or service providers as necessary to ensure their services: We may, for example, share information with our host server in order to ensure your access to these services.
  • With other third parties as permitted or required by law: We will comply with authorized law enforcement requests and legal requirements as necessary. To date, we have never had one of these requests, but in the interest of transparency, we would be required to comply with them.
  • With your consent: We may also share your data and other information with your consent or direction.
In addition, BG:TSCC may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and what users play (percentage of human characters vs. elves, etc.). If this occurs, this data will not personally identify you or provide information about your personal use of the sites or services. We do not share your personal data with third parties for their marketing purposes.

VI. How Do We Work with Other Services and Platforms?

We only use your data to connect to and enable the other services and platforms we rely upon to provide you the services you sign up for here. Namely, our host server to grant you access to the game client module.

VII. What Privacy Choices Are Available To You?

You have choices when it comes to the privacy practices and communications described in this Privacy Policy.

The first choice, is, of course, in whether you decide to use these services in the first place.

You also have a "right to be forgotten" choice. If you would like your username and all of your character files deleted, you may contact those with access to the host server (currently: Maecius, Endelyon, DM Boo, DM Theophanies, DM Arrakeen, Valefort, Chambordini, Rasael) to request these files be deleted. Keep in mind in that once they are deleted they are not recoverable and you have given up all future access to them.

The exception to this is when the data in question is needed for a legitimate purpose, such as analyzing security exploits, game bugs, or proving cheating behavior. Legitimacy of purpose will be determined on a case-by-case basis. If ruled legitimate, the character files or account in question may be retained on the game host.

You may request a copy of the personal data we have on you (e.g., user accounts associated with your Public CD Key, etc.) by contacting those with access to the host server (currently: Maecius, Endelyon, DM Boo, DM Theophanies, DM Arrakeen, Valefort, Chambordini, Rasael).

Please note that to request data or to request the deletion of data, you must demonstrate control over the account you are contacting us about, and over the email address associated with that account. This requirement is to protect users against data loss and privacy violations.

VIII. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls at the hosting data centers, and information access authorization controls. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your accounts and your character files by not sharing your CD Keys with others. We are not responsible for protecting any data that we share with a third-party based on an account connection that you have authorized.

Please note that Skywing's Client Extension is third party software and use of it to long onto the software by Gamespy Listing is at your own risk. More detail can be found here: viewtopic.php?f=4&t=2638&p=27864#p27864



IX. What Happens If We're Breached?

If we detect a security breach, or unauthorized loss of data, BGTSCC shall strive to notify you within 72 hours of our becoming aware of the breach, but this does not entail a legal obligation. We will likely do this through a mass email, in the event that it becomes necessary. This will be the only time we send out a mass email (i.e., if there's a breach of the website or the server), and this will only be done to ensure that you are aware of the issue. A breach announcement will also be posted to the forum as a "state of the server" message, with information on what you can do to protect yourself (if applicable).

X. Can Children Use Our Services?

The server's content is not intended for children under the age of 13. We do not knowingly collect information from children or other individuals who are not legally able to use our sites and services. If we obtain actual knowledge that we have collected data from a child under the age of 13, we will promptly delete it and remove their access at the request of their parents or guardians, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13.

XI. Changes to this Privacy Policy

This Privacy Policy may be changed or updated from time to time, to clarify things, to bring it more into compliance with privacy laws, or to otherwise improve transparency and your access to information about your privacy. When changes occur, we will post them to the Community Information forum, likely as a "state of the server" announcement as well as an update post to this thread.

Locked