Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Please tell us more about it.
Like cookies related to this forum, the game site. Just to give an example.
"By using this site, you accept cookies" messages are also not sufficient.
If there is no genuine and free choice, then there is no valid consent. Make it possible to both accept or reject cookies.
H
Hi.
Offline
xenon doesnt own the forum
thanks zoey aaaaaaaaaaaand thanks latif for the avatar
Offline
I can answer any questions about the forums.
The forums collect your IP every time you visit or interact with the site in any way and store it in the form of access logs that gradually rotate out roughly every 2 weeks.
The forums collect your IP every time you register an account or make a post and store it in the database.
The forums use cookies to tie in your browser to your user account while you're visiting the forums.
The forums use cookies to track which topics you've read and haven't read so they can display colorful dots of appropriate brightness.
That's all I got off the top of my head, anything more specific than that needs a specific question.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I can answer any questions about the forums.
The forums collect your IP every time you visit or interact with the site in any way and store it in the form of access logs that gradually rotate out roughly every 2 weeks.
The forums collect your IP every time you register an account or make a post and store it in the database.
The forums use cookies to tie in your browser to your user account while you're visiting the forums.
The forums use cookies to track which topics you've read and haven't read so they can display colorful dots of appropriate brightness.That's all I got off the top of my head, anything more specific than that needs a specific question.
I have a question about the 3rd and 4th statement. Are they oatmeal or chocolate chip?
Offline
Surprisingly, the forums prefer oatmeal.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
The forums use cookies to tie in your browser to your user account while you're visiting the forums.
I do not want any cookies. What now? There was no promt asking for permission etc.
Hi.
Offline
Easy solution there is just don't sign in. If you like I can put a disclaimer on the login/registration forms about it, but it's impossible to have logins/accounts that persist across page loads without cookies. They're not the spawn of the NSA they're a shortcut. A hand stamp to get back in the club in 2 seconds instead of having to dig out your ID and wait while we check to see if your name's on the list. You can wash the ink off your hands at any time using your browser's own tools to clear cookies or I could build in a sink somewhere.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
EE and the forums has to comply with the GDPR and disclose what type of data they collect, for what reason, for what amount of time, and to inform with whom this data is shared(e.g. PlayerIO).
EE and the forums also have to provide "a portable copy of the data collected in a common format" if requested, and the right for users to have their data erased.
Everybody edits, but some edit more than others
Offline
Hands up who cares.
One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.
Offline
Please tell us more about it.
Offline
Helvi wrote:Please tell us more about it.
EE doesn't only use cookies to work. EE's database stores personal data such as email, IP etc.. The GDPR also requires to disclose all your third parties. For instance you should also disclose how you and PlayerIO use this data.
Everybody edits, but some edit more than others
Offline
EE and the forums has to comply with the GDPR and disclose what type of data they collect, for what reason, for what amount of time, and to inform with whom this data is shared(e.g. PlayerIO).
See above post, I'll see about sticking a privacy page together with this info on it.
EE and the forums also have to provide "a portable copy of the data collected in a common format" if requested, and the right for users to have their data erased.
I don't know that handing out portable copies is possible for all information but I'll give it a shot. For the majority of the access logs, the IP is stored, but is completely detached from the user account. There's no way to reliably find out which IPs belong to which user there.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
The "portable copies" is a regulation for allowing users to port their data to another platform in case they want. I don't believe there's anyone who would request such a thing. But theoretically, if an European user requests that in a mail, you would have to comply.
I've noticed there's already a good privacy policy on http://everybodyedits.com/terms but it's quite broad. I believe the GDPR would require it to be a bit more specific.
Everybody edits, but some edit more than others
Offline
Alternative solution: Block all EU users. This could also help the grammar issue
Offline
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee
Offline
It says "some obligations" like a DPO are waived, what obligations aren't waived?
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
I do not want any cookies. What now? There was no promt asking for permission etc.
what kind of bull**** logic are you using right now honestly
you're basically trying to go into a bar without an id
why do you think cookies are the spawn of satan
Offline
https://i.imgur.com/VkhWLn5.png
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee
Don't things like email address and password count as private info? (And pretty sure IP counts too)
Helvi wrote:I do not want any cookies. What now? There was no promt asking for permission etc.
what kind of bull**** logic are you using right now honestly
you're basically trying to go into a bar without an id
why do you think cookies are the spawn of satan
Not sure if Helvi is doing this with good intentions or not, but EE does need to comply or they could be fined a large amount of money or whatever, it's better we bug the devs about it until it's done than randomly in the future someone taking legal action against EE.
Offline
Don't things like email address and password count as private info? (And pretty sure IP counts too)
We only store ip to use it in non-commercially beneficial way (only for ip bans)
Emails and Passwords are stored in playerio. We don't and can't deal with them
Offline
LukeM wrote:Don't things like email address and password count as private info? (And pretty sure IP counts too)
We only store ip to use it in non-commercially beneficial way (only for ip bans)
Emails and Passwords are stored in playerio. We don't and can't deal with them
Well EE is a commercial game, and IP bans are a part of EE, so I would argue that that means they are being used commercially.
And for the emails and passwords, it's still your responsibility even if technically they are stored on PlayerIO's servers, the data is still collected and used by EE, the end user never even knows about PlayerIO...
Offline
https://i.imgur.com/VkhWLn5.png
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee
Of course it does: it stores emails and associated IP addresses, which is a very bad mix to privacy.
A Data Protection Officer(DPO) is a special employee which has to have a professional knowledge in data protection law and IT security. By the new legislation in force, every company which activity consists in personal data processing must appoint one. Like in the article you screenshot instead of link, it is given the example of educational platforms such as schools, whom must appoint a DPO because they process student personal information.
EE doesn't have to appoint a DPO because it's just a sandbox game. But EE isn't exempted of respecting the rights of European users: to be informed, to rectify, to erase, to port.
Emails and Passwords are stored in playerio. We don't and can't deal with them
It doesn't matter. You have to include in your privacy terms that you're sharing this informations with PlayerIO, and PlayerIO is also obligated to disclose how they use this data.
You essentially have to include all the other third parties you use: you have to specify that the Twitter widget from everybodyedits.com may also store cookies, etc..
Everybody edits, but some edit more than others
Offline
(i am speaking as a community member, if i say something wrong don't blame ee staff, only my shortsightedness)
Offline
hwo do you guys chnage emials from users then?
thanks hg for making this much better and ty for my avatar aswell
Offline
https://i.imgur.com/VkhWLn5.png
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee
GDPR does apply to any personal information, which includes IP addresses, emails, etc. There are of course legitimate reasons to store this data longer than 30 days (e.g. for ip bans).
LukeM wrote:Don't things like email address and password count as private info? (And pretty sure IP counts too)
We only store ip to use it in non-commercially beneficial way (only for ip bans)
Emails and Passwords are stored in playerio. We don't and can't deal with them
Any data that is processed on your behalf is still your responsibility. Just because the data is stored on another server or processed by another provider doesn't mean it's not your data. (In fact, to comply with deletion requests and such, you need to remove the data from all third-parties that process data on your behalf as well). If your service providers are unable to comply with these requests, then they are not GDPR compliant themselves, making them unsuitable for you to use if you are going to be GDPR compliant. When you consider the requirements for the GDPR, you need to think about (and you should already know) where your data is, for example in web server logs, forum backups, your PayPal account (or whatever) for processing payments, etc.
Player Since 2011. I used to make bots and stuff.
Offline
Oh right backups I almost forgot about those.
that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
[ Started around 1732690493.7394 - Generated in 0.253 seconds, 13 queries executed - Memory usage: 1.86 MiB (Peak: 2.15 MiB) ]