Stichting 3RD Rock Grid Foundation (3RG) respects and protects the privacy of its customers (Users). In this policy document we inform you how we gather, store, and use the information we know about you. At all times our privacy policies will be in accordance with applicable law in the places where we operate.
By using our Service, you acknowledge and agree that 3RG collects some personally identifiable information (as defined below). We will not share any information about our Users except as described herein.
1. Data controller
In respect to each data subject’s personal data, the controller is regarded to be the Stichting 3RD Rock Grid Foundation which has a contractual relationship or other co-operation relationship with an individual customer or an organisation the data subject is representing.
Domein 81 5421 AP Gemert Netherlands
Other contact details:
2. Lawfulness of processing
The legal basis for processing of the personal data is either fulfilment of an agreement concluded between the Stichting 3RD Rock Grid Foundation and an individual customer or an organisation the data subject is representing, or the legitimate interest of the data controller. Such legitimate interests consist of e.g. managing and developing the Service.
In some cases personal data may also be processed to comply with legal obligations.
Consent may also be used as a processing ground when explicitly provided, e.g. when sensitive information may be collected.
3. Purpose of processing
Maintaining customer information is necessary to enable fulfilment of agreements and organising of business functions.
Personal data can also be used to allow use of and monitor use of data systems for purposes of data security and user control, as well as for other purposes related to ensuring security and rights of other persons as well as proprietary rights of Stichting 3RD Rock Grid Foundation. Monitoring shall always be limited to what is specifically allowed under applicable local laws.
Furthermore, personal data can be used to ensure compliance with certain statutory obligations e.g. record keeping, audit obligations and compliance screening obligations (prevention of white-collar crimes and money laundering), and Stichting 3rd Rock Grid Foundation policies as well as industry standards.
Personal data may also be retained for dispute resolution purposes in order to solve disputes and to establish, exercise and defend legal claims.
4. The types of personal data we process
- Registration information you provide when you create an Account to access our Service.
- Transaction information when you acquire, exchange, trade, barter, or transfer Geodes in the Service. This information includes without limitation: the amount, date, time and location of the transaction, parties involved, and other transaction circumstances.
- Billing information when you acquire land in exchange for a regular donation to 3RG. This information includes without limitation: date and amount received, and the region(s) you own.
- Service related information you provide through support tickets, direct communications with 3RG staff and board, testing of features and other aspects of the Service, e.g. conflict mediation, and customer surveys.
- Usage information, including without limitation: the number of Users using the Service, how frequent, at which times, and how long they use the Service, the frequency certain places are visited.
- Low level account information, e.g. IP and MAC-addresses in selected cases (relating to data security and conflict resolution).
5. How do we collect your information
We collect information through technology from within the Service itself:
- When you register an Account in the Service, through our Website(s)
- When you use the Service, including our Websites and Forums
- When you communicate with 3RG directly
We will not collect information:
- with cookies (cookies may be used, but not for information gathering), web beacons, pixel tags, or any such features.
- through other sources that update and supplement information provided by you
- through advertising and affiliate networks operated by a third party or parties
6. How do we use your information
6.1 Personal information
Your Registration, Transaction, Billing, and Service related information is held in confidence by 3RG, and is only used to:
- give you access to the Service and other 3RG products and services
- keep your Account in good standing
- to detect, investigate, and prevent activities that may violate our Terms of Service or be illegal
- in anonymised form, to optimise or improve our products, services and operations
You understand however that 3RG may disclose your Personal Information under the following circumstances:
- when you have given explicit permission for such disclosure
- if such disclosure is required by law or legal process served on 3RG
- to assist law enforcement authorities in their investigation of suspected illegal or wrongful activity
- if we believe in good faith that a person is in danger
- to service providers we contracted to help us with operational tasks, such as, without limitation: billing (PayPal), customer support, e-mail delivery, and infrastructure maintenance. Our contract with these providers will specify that they are prohibited from using your personal information for purposes unrelated to the products or services they are providing.
6.2 Anonymous information
Usage information and anonymised personal information is only used by 3RG to optimise or improve our products, services, and operations. We do not share anonymous information directly with third parties, but may publish such information on the Service, including our website(s) and forums. Examples of these publications are: the number of Users online and the number of Regions on the grid.
7. Data retention
Stichting 3RD Rock Grid Foundation will retain personal information no longer than 7 years after the relation with the data subject becomes passive.
8. Regular data disclosure
Personal data may be transferred to Stichting 3RD Rock Grid Foundation’s suppliers, consultants, and other service providers, some of which may be located outside of EU/EEA countries.
9. Data transfers from EU/EEA
If personal data is transferred outside of the EU/EEA area, the data controller ensures that sufficient level of data protection is maintained through appropriate safety measures, e.g. EU commission’s model clauses. More information of such international data transfers and the applied safeguards may be received by using the contact details provided in section 13.
10. Data security
All personal data is stored on secure servers in locked premises. Stichting 3RD Rock Grid Foundation’s IT systems apply customary authorisation processes, e.g. individual access rights and passwords. Access is allowed only for such persons who have a legitimate need to access the personal data.
In case of outsourced applications and data processing, Stichting 3RD Rock Grid Foundation protects the data security by applying appropriate confidentiality and other clauses in the outsourcing agreements.
11. Data subject’s rights
11.1 Object personal data processing
When the personal data processing is based on the data controller’s legitimate interest (only), the data subject is entitled to object the processing of his/her personal data on grounds relating to his/her particular situation.
Data subject may send his/her request to object the processing in accordance with section 13 of this Privacy Notice. In this request, the data subject shall define the particular situation based on which the data subject is objecting the data processing. Stichting 3RD Rock Grid Foundation may decline the request on statutory grounds.
11.2 Access to information
Data subject is entitled to obtain information of the personal data concerning him/her which Stichting 3RD Rock Grid Foundation is processing and obtain a copy of such personal data. Requests for access may be presented to Stichting 3RD Rock Grid Foundation in accordance with section 13 of this Privacy Notice.
11.3 Right to rectification, erasure and restriction
Data subject is entitled to have any such personal data that is inaccurate, outdated, unnecessary or contrary to the purpose of data processing corrected or erased. Requests concerning rectification may be presented to Stichting 3RD Rock Grid Foundation in accordance with section 13 of this Privacy Notice.
Data subject is also entitled to have the data controller restrict processing of the data subject’s personal data for example when the data subject is waiting for the data controller’s answer to data access or erasure request.
11.4 Right to lodge a complaint
If the data controller does not follow the applicable data protection regulation, a data subject is entitled to lodge a complaint with competent data protection authority.
12. Using data subject’s rights
As a general rule, Stichting 3RD Rock Grid Foundation does not charge the data subject for using his/her rights presented in section 11. However, Stichting 3RD Rock Grid Foundation may, at its sole discretion,
(a) refuse to fulfil; or
(b) charge a reasonable fee for fulfilment of
several similar consecutive requests or requests that are manifestly unfounded or excessive. Stichting 3RD Rock Grid Foundation is also entitled to decline requests on statutory grounds.
13. Contacting the data controller
In all questions and matters relating to personal data processing or rights of the data subject, data subjects may contact Stichting 3RD Rock Grid Foundation.
Data subjects may use their right by e-mail to firstname.lastname@example.org