Data Usage

From Spring
Jump to: navigation, search

Wiki < Community < Data Usage

Data and usage of data

The SpringRTS server and its managed game hosts process and retain information generated by users:

  1. Registration & login details: email address, IP/MAC address, chosen username, (hashed) password.
  2. Actions taking place via Springs infrastructure: chat, games played by users and all associated ingame commands, hardware and connectivity information characterizing suitability to play such games, client software used, IP addresses of battle hosts; and derived statistics of these data. This data is divided into two types:
    1. Data created in publicly accessible contexts, such as non-passworded chat channels and battle hosts.
    2. Data created in private contexts, such as private messages, passworded chat channels and passworded battle hosts.
  3. Source files, artwork and other content relating to games and development of games.

This data is used to provide services that would normally be expected from an online gaming platform, primarily:

  1. Publicly available replays of games that were played in publicly accessible contexts. These include all actions taken by players, including chat, within the game.
  2. Persistent game and chat elements, which make users aware of publicly visible events that previously occurred on the platform.
  3. Development and provision of the Spring engine, plus supporting infrastructure, including a lobbyserver in which users chat to each other.
  4. Bridging of publicly accessible chat channels to external locations, typically those managed by our own users and sub-projects for purposes explicitly related to SpringRTS.
  5. Verification of user identity on login and within battle hosts.
  6. Moderator action in the event of disputes and suspected misconduct.

We retain and process data of types A, B and C on basis of legitimate interest, to provide the above services.

Users may connect to our server using external and bespoke software, known as a “client”, as specified through a publicly available protocol. This software may be outside of our control and knowledge. In such cases, whilst we may deny connections from clients that do not comply with GDPR and other legal requirements where it is technically and practically possible for us to do so, the operation and compliance of client software is the responsibility of its authors and users. The data usage policies summarised in this notice ONLY cover our usage of the data that is sent by users and users client software to our server.

Users are contacted via automated messages to email addresses that they provide for purposes related to item 5 when it is necessary to do so, such as when a user requests account recovery. In exceptional circumstances we may also manually contact individual users for purposes related to items 3 or 6. We do not use these email addresses to send marketing emails to our users and we do not disclose email addresses to third parties.

Legitimate Interest

We would be unable to provide the above services without retention and processing of the above data. Items 1 and 2 consist wholly of retaining and processing data of types B and C. Data retained and processed relating to item 3 consists of type B and C data, primarily communications occurring between users during their cooperative usage of our services, plus games and other content files for these services. Item 4 requires no retention of data, but requires on-the-fly processing of type B data. Item 5 requires type A data to correctly associate login attempts to user accounts and to help protect the server and battle hosts from malicious activity. Item 6 requires both type A and B data, to support moderator actions identifying, discouraging and preventing misconduct.

Type B.1 data is generated exclusively by individuals within in publicly accessible contexts, in which an expectation exists that this data will be shared with any number of other users. Type B.2 data is generated by individual in contexts where an expectation of privacy from other users exists. Such data is of a nature that is not expected to carry significant risk to an individual’s rights and freedoms, however steps are taken to respect this privacy as detailed below; this data is used only for purposes relating to items 3 and 6. The retention and processing of type B data carries a low risk of inhibiting individual’s rights and freedoms.

Type A data contains information (particularly: email, IP and MAC addresses) provided in private contexts that could, in some cases, and when supplemented with external sources of related information, be used to identify a real individual from their online footprint and consequently requires appropriate protection as detailed below; since otherwise the data held by SpringRTS concerning such individuals is of a non-sensitive nature the associated impact on individuals interests, rights and freedoms is low.

Developers and other users who provide data of type C may also provide licenses for such data. Authors may choose to include their own contact details; the risk to the individual’s rights and freedoms is low. For details on how we handle such content see our policies on licensing, forking, and on how the GPL license of the spring engine affects game content.

We do not engage in targeted advertising. We do not engage in profiling or automated decision making that has legal implications for users. We do not process or retain criminal or special category data.

All of our codebases are open source, permitting our users and developers to verify and review that our systems perform as described in this document, and to report any related technical errors.

User rights under GDPR

Users wishing to exercise their rights under GDPR should contact moderation staff, who are identifiable on the server by means of a spanner icon, and also contactable through springrts.com or by email at postmaster@springrts.com; such requests are handled on a case-by-case basis. We have procedures in place to assess numbers of moderation staff and ensure that such people are contactable and able to respond within the required time periods. Any data supplied in response will typically come in plain text form, or in the form of access to online replay files.

Note that the right to erasure under GDPR is not absolute; in particular we may refuse to fully erase data of individuals with a record of past misconduct if we believe such data may be required to prevent potential future misconduct of sufficient severity. See [1] for details.

Disclosure of data to third parties and other users

When information is supplied to us within a publicly visible medium, such as through a public chat channel or public game host, we may and typically will make this information publicly available to other users and to GDPR compliant third parties. This pertains to type all type B.1 data, plus usernames.

Type B.2 data is supplied to other users only when these other users are present or have access to the private context, such as a passworded chat channel or passworded game host, in which the data was created. This data is not disclosed to third parties, but it is retained to provide persistent chat functionality and is accessible to server administrators whilst it is retained.

When users choose to act as battle hosts, or provide automated battle hosts, the IP address of this host becomes publicly available information, necessarily to allow our users to make a (direct) connection to the battle, and for the battle host to accept or decline this connection. Battle hosts receive usernames plus type B data associated to the battles that they host and will typically distribute this data to other connected users. Battle hosts also necessarily become aware of the IP addresses of users attempting to connect to their battles, but they do not become aware of any other type A data of these users. On a technical level, the distributed nature of battle hosting amongst our users arises from a need for more computational resources and connectivity than the Spring server alone provides. Consequently, battle hosts take on responsibilities of their own under the GDPR and are required to comply fully with the policies set out in this document.

Non-public information supplied to us on login, pertaining to all type A data excluding usernames, may be visible to our moderators and developers when there is a need under items 3 or 6. Hashed passwords are accessible only to developers with a need to access the live user database. Type A data is not disclosed to third parties or other users, except to battle hosts as described above, and except where we judge it necessary for purposes of verifying the authenticity of users; we use the external GDPR compliant service IPHub to assist in automated detection of potentially malicious users attempting to conceal their own identities.

We reserve the right to pass ANY data that we hold to relevant law enforcement agencies if we believe that it may contain indications or evidence of illegal action.

Data storage and protection

All data retained are kept within databases and/or file archives on our server, located within the EU.

The database files are directly accessible only to chosen individuals who require access for purposes related to server development or administration; access is possible only via an encrypted connection using individual credentials. The list of individuals with this access is reviewed regularly on timescales related to their activity. All data of type A held by us is contained within these databases. Archives of replay files are made available through a public website.

Communications of users to and from our lobbyserver, which covers all type A data sometimes excepting usernames and chat taking place on the lobbyserver, is encrypted (except in cases where users have persistently declined over many years to install software updates supporting this encryption). Passwords are communicated and stored only in hashed format.

Communications taking place between players and spectators within online games, typically consisting of ingame commands and chat, are not encrypted; the Spring engine uses a bespoke protocol for such communications, which prioritises low latency. These communications consist of less sensitive data - type B data plus usernames – and it is judged here that the requirement of minimal latency should take precedence over the benefits to privacy of an encryption layer.

Retention and erasure of personal data

The record of type A data of a user is retained for as long as we regard the user as active or with a significant possibility of returning to activity; we engage in automated deletion of such records for users who have remained inactive for 5 consecutive years. This threshold is chosen based on the behaviour of our users, who are known to return after lengthy periods of absence.

Type B.1 data of users, plus usernames, is retained in the form of publicly available archives of online games. We engage in automated deletion of this data after 3 years, but in special cases some replays may be retained for longer.

Type B.1 and type B.2 data consisting of chat taking place on the server within registered channels, in which channel history functionality has been enabled, is stored for up to one month in a database that provides persistent chat functionality. Otherwise, type B.2 data is not retained.

Users should note that when they create type B data they typically do so in the presence of other users who may retain and process the data for periods and purposes outside of our control or knowledge.

We retain and erase type C data according to its license. We regard maintaining a publicly available archive of this data as critical to providing our services and to future development and, whilst we respect individuals right to erasure upon request of any personal data within this archive, we do not engage in automated deletion of it after any time period.