To use the FUMBBL website, you must give the website consent to process some personal data of yours. Keep reading for a detailed overview of what this means.
TL;DR - Please don't. This is very important information and you should be taking privacy seriously. While there is a lot of text here, I have tried to keep the language clear and understandable.
On the web, privacy is really important. Many websites keep a huge amount of information on you as an individual. FUMBBL tries to be different. We do what we can to minimize the amount of personal information stored.
As of May 25th, 2018 the General Data Protection Regulation (GDPR) takes effect. The GDPR is an EU regulation on "the protection of natural persons with regard to the processing of personal data and on the free movement of such data". This is a fancy way of saying that you as a European Union individual has a right to privacy and a right to know what is stored about you by various entities (companies, websites, etc).
In order to not have to apply one privacy policies to EU citizens and another to non-EU citizens, FUMBBL applies this policy to everyone.
DefinitionsThere are a number of important concepts and definitions that are used in the GDPR. These are some of them which I believe are the core ones.
- "Personal Data"
- A concept that is of course very important to the GDPR. The original GDPR document says that "personal data" is "any information relating to an identified or identifiable natural person". What this means is more or less any information about you, either directly (name, address, phone number, etc) or indirectly (your chosen coach name, IP number, session cookie, etc). This is obviously very broad.
- This is another key concept, and is again very broad. Effectively, anything FUMBBL does with your "personal data" is considered processing. This includes simply storing it.
- This is something that you, as a user and individual, can explicitly give to FUMBBL allowing the "processing" of your "personal data". For children below the age of 16, consent must be given or authorized by the holder of parental responsibility of the child. FUMBBL is expected to make "reasonable efforts" to verify the parental consent in such a case "taking into consideration available technology". What this means in detail is not specified, and our interpretation is that a checkbox asking for either you being 16 or older, or having the authorization to give this consent is "reasonable".
- "Lawful basis"
FUMBBL may not "process" your "personal data" unless there
is at least one "lawful basis" to do so. There are a few
different situations where this is fulfilled:
- Direct "consent" as stated above.
- Processing necessary for performance of a contract.
- Compliance with a legal obligation to which FUMBBL is subject.
- To protect the interests of you or another person.
- To perform a task carried out in the "public interest".
- For the purposes of "legitimate interests" pursued by FUMBBL.
- This is a process where FUMBBL transforms "personal data" in such a way that the resulting data cannot be attributed to an individual without the use of additional information. What this means is that if someone who has previously given consent to our "processing" of their information (e.g. someone who has made an account), and at a later point in time revokes this consent, FUMBBL can "pseudonymize" the account (meaning, clearing the email address, change the account name to something non-descript and clear IP addresses and cookies on the server side). The reason for this method is to not break the historical and statistical information stored (such as match records) which are considered in the public interest to retain.
- "Right of Access" and "Data portability"
- This gives you the right to access the personal data that has been processed by FUMBBL and information about how this data is being processed. FUMBBL also needs to provide details about the processing; such as the purpose, with whom the data is shared and how the data was acquired. FUMBBL complies with this through this page and the "My Data" page linked above.
- "Right to Erasure"
- You as a user have a right to request erasure of personal data related to yourself. In a FUMBBL context, this will mean that your account information will be pseudonymised, and that technical information (cookies and IP numbers) will be cleared. FUMBBL only allows a single account per individual. An "erased" account is considered as your one allowed account, and by requesting erasure you will not be allowed to create a new one. Thus, you will no longer be welcome on FUMBBL after going through with an erasure request. To go ahead with this erasure process, there is a "Right to Erasure" link above, which goes through this in more detail.
What information is collected and processed
Account informationWhen you register to the site, FUMBBL collects an account name and your email address. This is required to maintain the security of your account and to maintain your identity on the site.
Profile information and settingsWhen you enter profile information to your account (through the About page), FUMBBL collects the information you enter. This includes location and timezone data, your real name and/or the data you provide in the biography field. You are also able to provide a photo of yourself to be shown on the website. Only the information provided explicitly by you is processed here, and you always have the ability to edit and/or remove this data. This data is fully optional and is entered by you through a separate process from the account registration. The reason this data is collected at all is to improve the sense of community among the users.
Content you provide through the websiteAll the information you provide through the website is processed by FUMBBL. This includes things such as forum posts, private message posts, blog entries, team and player names and biographies and news comments. Data provided this way is visible by other people on the website and in most cases public even to individuals without accounts (not including private messages), and as such are considered of public interest. If direct personal information is posted in public view, you can contact moderators to resolve this. Match records are also considered content in this context, and is also considered of public interest. This data is collected as the primary purpose of the website and it is of course entirely up to you how much of this is provided to FUMBBL. If real personal information is posted about you on the website directly by yourself or indirectly by other users and you wish to have it removed, contact a staff member for assistance in getting this done.
Payment informationDonations through PayPal, Patreon or other channels are handled explicitly through the respective processor. When a donation is made, the processor can provide FUMBBL with some personal information (such as email address, shipping address and real name). FUMBBL processes this data as given by the payment processor in order to manage the supporter status badge and deal with problems with the donations. Under no circumstance does FUMBBL process direct payment details such as credit card numbers or bank account numbers. This data is collected for statistical purposes and in order to maintain a good level of support to the generous individuals who wish to directly support the site.
Site usageFUMBBL tracks information about your use of the website for purposes of error resolution and for statistical purposes. This data includes pages you view and links you click. This data is processed for purposes of improving the website and identifying and correcting problems. Information about access is also being collected for the purpose of enabling user to user communication (eg. time since last access).
Device and connection informationFUMBBL collects information about the device you use to access the website. This includes technical information about your device (operating system, browser, IP number). Most of this data is collected through the use of Google Analytics, but some of it is also tracked directly by the website. The purpose of this data collection is to give FUMBBL an idea of technical platforms used by users in order to maintain support for major browsers and operating systems.
How information is used
Core functionality and personalizationInherently, most data collected is directly used to provide the core purpose of the website. This includes things such as teams, match records, forums and blog posts. Information is also used to ensure your account remains protected and to personalize your account for social purposes.
R&DFUMBBL uses the data collected as a basis for improvements to the website and service. Either directly through feature suggestions on the forums, or indirectly through statistics collected about your browser or which matches you are playing.
To communicate with youFUMBBL sometimes sends out email to its users. Mostly, this is because of a direct opt-in, but in certain cases email can be sent to users if there are very important issues you need to be informed about. Email is also sent out as part of the account registration process, and for technical reasons such as password recovery.
User supportFUMBBL uses your information to resolve technical issues or to investigate support related issues. Administrators and staff members on FUMBBL may look at your information for this purpose. At no point is non-public information about you given out to other non-staff members of the site.
Direct consentFUMBBL may use information about you where you have given consent to do so for a specific purpose not listed above.
How information is shared
Direct through the website and related servicesInformation you post is directly accessible on the website for the types of data where there is a reasonable expectation for this to happen. This includes but is not limited to blog and forum posts, coach, team and player bios, news comments.
Third party sharingSome of the public data is available through a public API, which shares some of the information provided by FUMBBL users in a way suitable for third-party websites and services to process.
The data available through the unauthenticated API is considered non-personal as it only reflects information that is public by its nature on the website. The authenticated API will only show information connected to the authenticated account. Accept