GDPR Details
The General Data Protection Regulation's Data Rights
Overview of the GDPR
On May 25, 2018, the General Data Protection Regulation (GDPR), a comprehensive data protection law, went into force. It imposes stringent requirements on organisations that handle personal data and grants individuals in the European Union more rights over that data.
Your Privacy Is Important
MartinPinPlays is dedicated to upholding GDPR compliance and safeguarding your privacy. Your rights and our handling of your personal information are described on this page.
Important Guidelines:
- Lawfulness: We only process data when we have a valid reason to do so
- Transparency: We make sure you understand how we use your data
- Purpose Limitation: We only use your data for the purposes for which it was intended
- Data Minimisation: We only gather the information that is required
- Accuracy: We maintain your data current and accurate
- Limitation on Storage: We only keep data for as long as is required
- Security: We take the necessary precautions to safeguard your data
- Accountability: We are able to prove that we are in compliance
Your Rights Regarding Data
You have a number of significant rights under GDPR with regard to your personal data:
The right to enter
All of the personal information we have about you, including how we use it and with whom we share it, is available upon request.
The Right to Restitution
You can request that we update any incomplete or erroneous personal information.
The Right to Erasure
In some situations, you have the right to request that your personal information be deleted.
The ability to limit processing
In some circumstances, you can request that we restrict how we use your data.
The right to transfer data
To move your data to another service, you can ask for it in a portable format.
The ability to object
You have the right to object to marketing and other forms of data processing.
Rights Concerning Automated Decision-Making
When it comes to automated decision-making and profiling, you have rights.
The ability to revoke consent
When consent is the legal basis for data processing, you have the right to revoke it at any moment.
Note: Certain rights might not always be applicable. Any restrictions will be explained when you submit a request.
Information We Gather
Depending on how you use our services, we gather various kinds of personal information:
Details of the Account
- Display name and username
- Email address
- Encrypted password
- A profile photo
- Date of birth (to confirm age)
- The nation or area
Information about gaming
- Game preferences and skill levels
- Tournament participation history
- Match results and statistics
- Team affiliations
- Achievement and ranking data
Communication information
- Messages sent via our platform
- Support ticket correspondence
- Forum posts and comments
- Survey and feedback answers
Technical details
- IP address and location information
- Device details and browser type
- Usage trends and preferences
- Performance and error logs
- Cookies and tracking information
Payment details
- Billing address
- Payment method information (processed by third parties)
- Transaction history
- Tax data, if applicable
How We Utilise Your Information
Based on particular legal justifications, we process your personal data for the following purposes:
Service Provision (Contract Performance)
- Setting up and maintaining your account
- Planning and conducting competitions
- Handling payments and award distribution
- Offering customer service
- Facilitating user communication
Legal Compliance
- Verification of age and consent from parents
- Filing taxes and maintaining financial compliance
- Answering court orders
- Preventing fraud and abuse
Justifiable Interests
- Enhancing our offerings and user experience
- Monitoring security and identifying threats
- Analysing and optimising performance
- Planning and developing our business
Consent-based processing
- Marketing communications
- Tailored content and suggestions
- Features and improvements that are optional
- Integrations with third parties
Exchange of Data
In the following situations, we might disclose your personal information:
Data Preservation
We only keep your personal information for as long as is required to fulfil the objectives specified in our privacy policy:
Account Data
Duration of Retention: Until the account is deleted plus thirty days
Goal: Recovering accounts and resolving disputes
Tournament Data
Duration of Retention: 7 Years
Goals: Legal compliance, dispute resolution, and historical records
Payment Data
Duration of Retention: 7 Years
Goal: Maintaining financial records and tax compliance
Analytics Data
Duration of Retention: 26 months
Goals: Business analytics and service enhancement
Logs of Security
Duration of Retention: 12 months
Goals: Monitoring security and investigating incidents
Marketing Information
Duration of Retention: Until Consent Is Withdrawn + 30 Days
Goal: Adherence to unsubscribe requests
Automated Deletion: When retention periods are up, our automated systems will remove the data. In many situations, you can also ask for an earlier deletion.
Privacy of Data
We use thorough security procedures to safeguard your personal information:
Technical Protections
- End-to-end encryption for data transmission
- AES-256 encryption for data at rest
- Multi-factor authentication for administrator access
- Regular security audits and penetration tests
- Automated threat detection and response
- Secure coding practices and code reviews
Organisational Actions
- Employee education regarding data security and protection
- The principle of least privilege and access controls
- Background checks for employees who have access to data
- Protocols for responding to incidents and notifying breaches
- Frequent security awareness training
- Evaluations of the effects of data protection
Infrastructure Security
- Using certified providers for safe cloud hosting
- Firewalls and network segmentation
- Frequent patching and software updates
- Backup and disaster recovery protocols
- Data centre physical security measures
- Tracking and recording of all system access
Certifications in Security
Industry-standard certifications attest to our security procedures:
- ISO 27001 Information Security Management
- SOC 2 Type II Compliance
- GDPR Compliance Certification
- PCI DSS for payment processing
Tracking & Cookies
To improve your experience and examine usage trends, we employ cookies and related technologies:
The privacy of children
We take extra precautions to safeguard children under 16's privacy:
Age Verification
- We require users to confirm they are at least 13 years old
- Users under 16 need parental consent for data processing
- We verify age through various methods including self-declaration
- Accounts may be suspended if age cannot be verified
Parental Rights
- Parents can request access to their child's data
- Parents can request correction or deletion of data
- Parents can withdraw consent for data processing
- Parents can restrict certain features or communications
Extra Safeguards
- Limited data collection for users under 16
- No behavioural advertising to minors
- Enhanced security for child accounts
- Routine evaluation of child protection protocols
For Parents
Please email us at [email protected] if you are a parent or guardian with concerns regarding your child's data.
Subject: Privacy Concern for Children
Transfers of Data Internationally
We might send your data abroad because we are a global platform. We make sure the proper protections are in place:
Mechanisms for Transfers
- Adequacy Decisions: Transfers to nations with sufficient security
- Typical Contractual Provisions: EU-approved terms of the contract
- Corporate Rules That Are Binding: Rules for internal data protection
- Certification Programs: Industry-accepted privacy certifications
Where We Store Our Data
- Principal: European Union (hosting that complies with the GDPR)
- Backup: United Kingdom (suitable protection)
- CDN: Global content delivery network subject to EU regulations
- Analytics: Services based in the EU or that adhere to privacy regulations
Protections for transfers
- Encryption in transit and at rest
- Contractual duties to protect data
- Routine audits of foreign partners
- Data localisation where mandated by law
Complaint Submissions
You have a few choices if you think we handled your personal information improperly:
Get in touch with us first
To address your concern, we encourage you to get in touch with us directly:
- Email: [email protected]
- Response time: 72 hours
- 30-day resolution goal
Authority for Supervision
You have the option to complain to your local data protection authority:
- UK: Information Commissioner's Office (ICO)
- EU: Your national data protection authority
- Other: Your jurisdiction's appropriate privacy regulator
Legal Recourse
Additionally, you might be able to pursue the following legal remedies:
- Damages compensation
- Court orders to halt processing
- Other remedies under applicable law
Get in touch with our data protection officer
Our Data Protection Officer (DPO) is in charge of monitoring our data protection procedures and is available to assist with any enquiries or worries pertaining to privacy.
DPO Contact Details
Email: [email protected]
Telephone: +44 20 7946 0958
Address:
Data Protection Officer
MartinPinPlays
12 Park Road
Manchester, M14 4LB
United Kingdom
How Our DPO Can Assist
- Respond to enquiries concerning data processing
- Help you exercise your rights
- Look into privacy complaints
- Offer advice on consent and preferences
- Work with oversight bodies
- Evaluate and enhance our privacy procedures
Response Times
- Acknowledgment: 72 hours
- Simple questions: 7 days
- Complex requests: 30 days
- Critical issues: 24 hours