GDPR Compliance Statement
The General Data Protection Regulation (GDPR) is effective from 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.
Pidomtech understands the importance of customer data and welcomes the arrival of the GDPR. At PidomTech, we believe that customers are the most important part of our business and the success of our company builds on the trust that our customers, employees and other stakeholders have in our ability to deliver premier quality including the protection of personal information.
PidomTech services complies with all applicable parts of the GDPR.
Any consent you may give or choose to withhold in relation to the GDPR shall apply to all services (games and website) provided by PidomTech as part of the frvr.com domain.
The following are key aspects of the GDPR, and how it relates to Pidomtech.
What is the GDPR
The GDPR is the General Data Protection Regulation established by the European Union.
At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
Follows EU Data Protection Directive (Directive 95/46/EC). For more information, please see eugdpr.org.
Key Aspects of GDPR
There are 4 aspects to the GDPR that PidomTech has considered as part of our GDPR compliance:
The right to data portability
Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilities reuse.
At any time, users may request any date we store on their behalf by contacting us via email on [email protected]
The right to be forgotten
This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. PidomTech does not store any personal data, only authentication tokens to Facebook. Those tokens can be invalidated by removing the game app according to these instructions by Facebook.
Since we currently do not store any PII directly, and the only way to link game state and analytics data collected with a particular user is via their Facebook Access Token, simply removing PidomTech game app from the users’ Facebook profile will anonymize any information we hold. This will happen instantly, the moment the user removes our app.
Privacy by Design
This helps to facilitate the inclusions of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data.
This aspect does not apply to PidomTech.
Data Breach Notifications
Controllers must report personal data breaches to the relevant supervisory authority within 72 hours after having become aware of it. If there is an high risk to the rights and freedoms of data subjects, they must also notify the data subjects.
PidomTech has an escalated process in order to ensure the security of user data. Information about whether or not user data has been part of a breach is available upon request.
GDPR Compliance for PidomTech
To Understand the position of PidomTech in the compliance of GDPR, it is important to understand the actors. These actors are:
Data Controller
is the individual or the legal person who controls and is responsible for the keeping and use of personal information on a computer or in structured manual files.
Data Processor
in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. “processing”, in relation to information or data means. obtaining, recording or holding the information or data.
Data Subject
means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about.
GDPR and PidomTech
The following are key elements of our GDPR Compliance:
We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, PidomTech is not able to monitor the processing of Customer Personal Data in our customer’s systems.
What personal data do we collect/store?
At PidomTech we collect two types of data on our users; passive and active. Passive collection is the data that is collected when users play games, whether on their mobile device or the web. This data is collected using Google Analytics or similar and contains the following information:
IP address
approximate geographical location
session duration
in-game activity
This data does not contain any personally identifying information. Our active data collection is currently limited to high scores and game information, such as coins collected. We allow users to log in using their Facebook account, and from their Facebook account we store the following:
User Access Token: we simply use this token to identify a user from one play session to the next. We do not gain access to any details about the user.
As such we don’t store any data that can be used to identify and track an individual. The user access token can be invalidated at any time by removing our app from the users Facebook profile.
How does PidomTechAddress GDPR
Data Access Control
The controller shall implement appropriate technical and organizational measures for ensuring that by default, only personal data which are necessary for each specific purpose of the processing are processed.
Monitoring of Access Activities
Each controller and where applicable, the controllers representative, shall maintain a record of processing activities under its responsibilities
Data Encryption
Organizations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data
Strong Compliance Framework
Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services
Any Question? Contact us : [email protected]