Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Register for an account or create a profile
• Participate in community forums, discussions, or comment sections
• Contact us through our contact form, email, or phone
• Subscribe to our newsletter, email notifications, or push notifications
• Participate in games, quizzes, puzzles, or interactive features
• Submit content, including artifacts, rituals, or forum posts
• Upload images, photos, or other media files
• Complete surveys or feedback forms
• Make purchases or transactions (if applicable)
• Enter contests or competitions

This information may include:

• Identity Data: Name, username, display name, profile picture, date of birth (for age verification)
• Contact Data: Email address, postal address, phone number, social media handles
• Profile Data: Biography, interests, preferences, language settings, timezone
• Content Data: Posts, comments, messages, uploaded images, forum contributions
• Financial Data: Payment card details, billing address (if applicable for premium features)
• Marketing Data: Marketing preferences, newsletter subscriptions, communication preferences
• Game Data: Fantasy Score (FS), achievements, progress, game statistics, high scores

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

• Technical Data: IP address, browser type and version, operating system, device type, screen resolution
• Usage Data: Pages you visit, time spent on pages, click patterns, navigation paths, search queries
• Location Data: General geographic location based on IP address, timezone
• Referral Data: Referring website addresses, search terms, campaign identifiers
• Device Identifiers: Device ID, advertising ID, unique device identifiers
• Connection Data: Internet service provider, connection type, network information
• Performance Data: Page load times, error logs, crash reports, performance metrics
• Cookies and Tracking Technologies: Cookies, web beacons, pixels, local storage, session storage

1.3 Information from Third Parties

We may also receive information about you from third-party sources, including:

• Social Media Platforms: When you log in using social media accounts or share content
• Authentication Services: OAuth providers, single sign-on services
• Analytics Providers: Google Analytics, other analytics services
• Payment Processors: Transaction information, payment status
• Advertising Networks: Advertising identifiers, campaign performance data
• Public Sources: Publicly available information from social media or other sources

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information. For detailed information about cookies, please see our Cookie Policy.

1.5 Sensitive Personal Data

We do not intentionally collect sensitive personal data (also known as special category data under GDPR), such as:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Health data
• Sexual orientation

If you voluntarily share such information in public forums or content, please be aware that it will be publicly visible and subject to our standard data processing practices. We recommend not sharing sensitive personal data on our platform.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• To provide and maintain our service: To operate and maintain our website, deliver content, and ensure functionality
• To create and manage your account: To register you as a user, manage your profile, and authenticate your identity
• To process transactions: To handle payments, process orders, and manage subscriptions (if applicable)
• To deliver content: To display artifacts, rituals, learning modules, and other website content
• To enable interactive features: To support games, quizzes, forums, and community interactions

2.2 Service Improvement

• To analyze usage patterns: To understand how users interact with our site, which features are most popular, and identify areas for improvement
• To conduct research and analytics: To analyze trends, user behavior, and website performance
• To test and develop new features: To develop, test, and launch new functionality and services
• To fix bugs and technical issues: To identify, diagnose, and resolve technical problems

2.3 Communication

• To respond to inquiries: To answer questions, address concerns, and provide customer support
• To send administrative communications: To send account updates, service announcements, and policy changes
• To send marketing communications: To send newsletters, promotional materials, and updates (with your consent)
• To facilitate community interactions: To enable messaging, notifications, and forum participation

2.4 Personalization

• To customize content: To tailor content, recommendations, and features based on your preferences and interests
• To remember your settings: To save language preferences, display settings, and other configurations
• To track progress: To maintain your Fantasy Score (FS), track achievements, and save game progress
• To provide recommendations: To suggest relevant artifacts, rituals, or learning modules

2.5 Security and Legal Compliance

• To ensure security: To detect, prevent, and address fraud, abuse, security threats, and unauthorized access
• To enforce terms: To enforce our Terms of Service, investigate violations, and protect our rights
• To comply with legal obligations: To meet legal, regulatory, and governmental requirements
• To respond to legal requests: To respond to court orders, subpoenas, and other legal processes
• To protect rights: To protect the rights, property, or safety of our users, ourselves, or others

3. Legal Basis for Processing (GDPR)

Under the UK GDPR, we process your personal data based on the following legal grounds:

• Consent: When you have given clear consent for us to process your personal data
• Contract: When processing is necessary for the performance of a contract with you
• Legitimate interests: When processing is necessary for our legitimate business interests
• Legal obligation: When processing is necessary to comply with legal obligations

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who assist us in operating our website and providing services:

• Hosting Providers: Cloud hosting services, data centers, server providers
• Analytics Services: Google Analytics, website analytics tools
• Email Services: Email delivery services, newsletter platforms
• Payment Processors: Payment gateways, financial services (if applicable)
• Content Delivery Networks (CDN): Content distribution networks for faster delivery
• Customer Support: Help desk software, support ticket systems
• Security Services: Security monitoring, fraud detection, DDoS protection
• Marketing Services: Marketing automation, advertising platforms (with consent)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information when required by:

• Law, statute, regulation, or legal process
• Court orders, subpoenas, or warrants
• Government agencies or regulatory bodies
• Legal investigations or proceedings
• Compliance with applicable laws and regulations

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity or successor. We will notify you of any such transfer and any changes to this Privacy Policy.

4.4 With Your Consent

We may share your information with third parties when you have given explicit consent for such sharing, including sharing content on social media platforms or participating in co-branded promotions.

4.5 Public Information

Information you choose to make public (such as forum posts, public profile information, or comments) may be visible to other users and the general public. Please be cautious about sharing personal information publicly.

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This may include usage statistics, demographic information, and trends for research, analytics, or marketing purposes.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements, including the use of standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

6.1 Technical Security Measures

• Encryption: SSL/TLS encryption for data in transit, encryption for sensitive data at rest
• Access Controls: Role-based access controls, authentication requirements, password policies
• Network Security: Firewalls, intrusion detection systems, DDoS protection
• Secure Infrastructure: Regular security updates, patch management, secure server configuration
• Backup Systems: Regular backups, disaster recovery procedures, data redundancy

6.2 Organisational Security Measures

• Staff Training: Regular security training for employees and contractors
• Access Management: Principle of least privilege, regular access reviews
• Incident Response: Incident response procedures, breach notification protocols
• Vendor Management: Security assessments of third-party service providers
• Compliance Monitoring: Regular security audits, vulnerability assessments, penetration testing

6.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights
• Provide clear information about the nature of the breach, likely consequences, and measures taken
• Take immediate steps to contain and remediate the breach

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. You use our Service at your own risk.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are as follows:

7.1 Account Data

• Active Accounts: Retained while your account is active and for 30 days after account closure
• Inactive Accounts: Accounts inactive for 3 years may be deleted after notification
• Account Information: Profile data, preferences, settings retained according to account status

7.2 Content Data

• Forum Posts: Retained indefinitely unless deleted by user or removed for policy violations
• Uploaded Content: Retained until user deletion or account closure, plus 90 days for backup systems
• Game Data: Fantasy Score and achievements retained while account is active

7.3 Communication Data

• Email Correspondence: Retained for 3 years for customer support and legal purposes
• Support Tickets: Retained for 2 years after resolution
• Newsletter Subscriptions: Retained until unsubscription, plus 30 days for processing

7.4 Analytics and Usage Data

• Website Analytics: Retained for up to 26 months (Google Analytics default)
• Log Files: Retained for 90 days for security and troubleshooting
• Aggregated Data: May be retained indefinitely in anonymized form

7.5 Legal Requirements

We may retain certain data for longer periods if required by law, legal proceedings, or to protect our legal rights. This includes data related to:

• Legal disputes or investigations
• Regulatory compliance requirements
• Fraud prevention and security
• Tax and accounting obligations (typically 7 years)

7.6 Deletion

When we no longer need your data, we will securely delete or anonymize it using industry-standard deletion methods. Please note that deleted data may persist in backup systems for up to 90 days before permanent deletion.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data under UK GDPR:

8.1 Right of Access (Article 15)

You have the right to access and receive a copy of your personal data. This includes information about:

• The purposes of processing
• The categories of personal data concerned
• The recipients or categories of recipients to whom the data has been disclosed
• The retention period or criteria used to determine retention periods
• Your rights to rectification, erasure, restriction, or objection
• The source of the data if not collected directly from you

We will provide this information within one month of your request (may be extended by two months for complex requests).

8.2 Right to Rectification (Article 16)

You have the right to have inaccurate or incomplete personal data corrected. You can update much of your information directly through your account settings. For other corrections, please contact us.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the original purpose
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been processed unlawfully
• Deletion is required to comply with legal obligations

We may retain data if deletion conflicts with legal obligations or legitimate interests.

8.4 Right to Restrict Processing (Article 18)

You have the right to request restriction of processing when:

• You contest the accuracy of the data (while we verify accuracy)
• The processing is unlawful but you prefer restriction over deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we verify legitimate grounds)

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This applies to data you provided based on consent or contract, and processed by automated means.

8.6 Right to Object (Article 21)

You have the right to object to processing of your personal data:

• To direct marketing: You can object at any time, and we will stop processing for marketing purposes
• To processing based on legitimate interests: We will stop unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms
• To automated decision-making: Including profiling, unless necessary for contract or authorized by law

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Contact details: ico.org.uk

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us:

• Email: [email protected]
• Subject Line: "GDPR Request - [Your Right]" (e.g., "GDPR Request - Access")
• Include: Your full name, email address, and details of your request
• Verification: We may request proof of identity to protect your data

We will respond to your request within one month. For complex requests, we may extend this period by two months, and we will inform you of any extension.

9. Children's Privacy

Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For users aged 13-16, we require parental consent before processing their personal data in accordance with UK GDPR requirements.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Third-Party Services and Integrations

11.1 Google Services

We use various Google services that may collect and process your data:

• Google Maps: For displaying maps and location services on our Contacts page. Google may collect location data, IP address, and usage information. See Google's Privacy Policy
• Google Analytics: For website analytics and understanding user behavior. Google Analytics uses cookies to track website usage. You can opt-out using the Google Analytics Opt-out Browser Add-on. See Google Analytics Privacy Policy
• Google Fonts: For displaying custom fonts. Google may collect technical data. See Google Fonts FAQ

11.2 Social Media Platforms

Our website may include social media features (share buttons, login with social accounts, embedded content). These features may collect your IP address, page visits, and may set cookies. Interactions with these features are governed by the privacy policy of the respective social media platform:

• Facebook: Privacy Policy
• Twitter: Privacy Policy
• Instagram: Privacy Policy

11.3 Payment Processors

If you make purchases through our website, payment information is processed by third-party payment processors. We do not store full payment card details. Payment processors are PCI-DSS compliant. Your payment data is subject to the privacy policy of the payment processor.

11.4 Content Delivery Networks (CDN)

We may use CDN services to deliver content faster. CDN providers may collect technical data such as IP addresses and usage statistics to optimize content delivery.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. You can contact our DPO at:

• Email: [email protected]
• Subject: "Data Protection Inquiry"

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Privacy Email: [email protected]
• Address: 123 Enchanted Forest Lane, Mystical City, MC 12345, United Kingdom
• Phone: +1 (234) 729-203
• Business Hours: Monday - Friday, 9:00 AM - 5:00 PM GMT

14.1 Response Times

We aim to respond to all inquiries within:

• General Inquiries: 2-3 business days
• Privacy Requests: 1 month (as required by GDPR)
• Data Breach Reports: Immediately for urgent matters

14.2 Supervisory Authority

If you are located in the UK and have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15. Additional Information

15.1 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)
• Displaying a notice on our website (for major changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15.2 Version History

Version 1.0: December 2024 - Initial Privacy Policy

15.3 Translations

This Privacy Policy is written in English. If we provide translations in other languages, the English version shall prevail in case of any discrepancies.

15.4 Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion
• "Controller" means the entity that determines the purposes and means of processing personal data (us)
• "Processor" means the entity that processes personal data on behalf of the controller
• "Data Subject" means the individual to whom personal data relates (you)