1 reply to this topic

[Releasethe Krakken]

Im not going to discuss the privacy policy.   

 

But I read the GDPR requirements it requires a few things:

 

1.  The company must give the person the right to accept the policy.

2.  A person can request a company to delete is information

 

if requirement 1 is not met erepublik can be heavily fined up to 5% of its yearly revenue.

 

From what I read erepublik is implementing GDPR policies .

 

we have a different set of laws concerning this  but ok.  our laws are more stringent.  in fact we require accountability that the company must have a legitimate reason to collect the data.

 

if plato could perhaps write an article explaining the new policy i assume that would be a bit of accountability. 

 

will citizens on or before the 1st of February be given the right to decline the privacy policy.

 

will erepublik respect this decision and place measures in place to not collect information from those that have declined  the policy?

 

secondly will we be able to request what information you collected from us to what parties you shared it with and request all information to be erased from your servers.

 

 

 

[Gucio]

https://www.erepubli.../privacy-policy

10 Rights of the data subject
If your personal information is processed, you have the following rights vis-à-vis us. To invoke those rights, please send an email to privacy@erepubliklabs.com, specifying the type of request. a) Right of access
You have the right to obtain from us a confirmation as to whether or not personal information concerning you are being processed, and, where that is the case, access to the personal data and the following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal information or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from you, any available information as to their source;
• the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission. Right of rectification
You have the right to obtain from us within undue delay the rectification of inaccurate or incomplete personal information. Taking into account the purposes of the processing, you shall have the right to have incomplete personal information completed, including by means of providing a supplementary statement. c) Right to erasure (”right to be forgotten”)
You shall have the right to obtain from us the erasure of personal information concerning without undue delay and we shall have the obligation to erase personal information without undue delay where one of the following grounds applies:

• the personal information is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• you withdraw consent on which the processing is based according to Art. 6 para.1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
• you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para 2 GDPR;
• the personal information has been unlawfully processed;
• the personal information has to be erased for compliance with a legal obligation in the European Union
• the personal information has been collected in relation to the offer of information society services referred to in Article 8 para.1.

Where we have made the personal information public and is obliged pursuant to the above to erase the personal information, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by the European Union or for the performance of a task carried out in the public interest
• for the establishment, exercise or defense of legal claims.

d) Right to restriction of processing
You shall have the right to obtain from us the restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by yourself, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal information and requests the restriction of their use instead;
• we no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
• You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of us override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing pursuant to the above, you shall be informed by us before the restriction of processing is lifted. e) Right to data portability
You have the right to receive the personal information, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal information have been provided, where:

• the processing is based on consent pursuant to Art. 6 para 1 lit. a or Art. 6 para 1 lit. b or Art. 2 para 2 lit. a
• the processing is carried out by automated means.

The right shall not adversely affect the rights and freedoms of others.
In exercising your right to data portability you shall have the right to have the personal information transmitted directly from one controller to another, where technically feasible.
The exercise of this right shall be without prejudice to the right of erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. f) Notification regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing carried to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it. g) Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 para. 1 lit e) or lit. f). We shall no longer process the personal information unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal information is processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal information shall no longer be processed for such purposes.
At the latest at the time of the first communication with you, the right referred to above shall be explicitly brought to your attention and shall be presented clearly and separately from any other information.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise his or her right to object by automated means using technical specifications. h) Automated individual decision-making
The you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you
This shall not apply if the decision:

• is necessary for entering into, or performance of, a contract between you and us
• is authorised by European Union law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• is based on your explicit consent.

We shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of us, to express his or her point of view and to contest the decision.
Decisions shall not be based on special categories of personal data unless Art. 9 para.2 lit. a) or lit g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. i) Right of complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the European Member State where you reside, work or suspect of infringement, if you believe that the processing of personal information concerning you is not in compliance with GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

 

Old privacy policy: https://www.erepubli...vacy-policy-old