Effective date: May 20, 2018
Starting May 25, 2018, the new European legislation for data protection (GDPR
) is in effect. This law requires pretty much every web page in the world to adhere to specific requirements.
In my personal view as administrator of Xu-Fu's Pet Guides, this is a great thing, even though it means that many smaller pages like my own will need to make adjustments even if they were never the target of this legislation. After all, Xu-Fu is a private project that is not aiming to sell you stuff or make profit through or with your data.
Still, this is a good opportunity to work on transparency. Below is everything to know about what the page does and what it doesn't. There is a lot of mandatory parts, some points are directly related to GDPR, and some just for the sake of making all info available that there is :-)
1. Types of Data Collected
1.1 Personal Data
When registering as a user, Xu-Fu gives the option to provide certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
- Personal information provided by you on your account profile
1.2 Usage Data
Xu-Fu may also collect information how the Service is accessed and used ("Usage Data"). This Usage Data includes information such as your computer's Internet Protocol address (e.g. IP address), the pages you visit and the time and date of your visit. All this is done to identify spam bots and prevent their entry.
All this data is erased automatically after 7 days of your visit.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from the website and stored on your device.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the page, for example the setting of a preferred display language (see above)
2.1 Cookies in use:
- Session Cookies. Xu-Fu uses Session Cookies to operate the web page. This ensures that information such as your preferred language is carried over between individual pages when browsing through the page.
- Preference Cookies. Xu-Fu uses Preference Cookies to remember your language setting.
- User ID. Only in use if you register an account and tick "Remember me" upon login. Allows the page to identify your account on later visits to log you in automatically.
- Google AdSense. See below.
3. Google AdSense
Why use these ads at all? To cover the server cost and not to make any profit. The ad is placed unobtrusively at the very bottom of a page to not annoy visitors too much. That cuts down the potential revenue from it by about 80% (according to Google estimates). Ad revenue is fluctuating between $10-30 per month. The cost of hosting the page is roughly $20/month.
4. Data Minimisation
GDPR requires that only those details are saved that are required to operate the service and only those people have access to it who need it for the service to function.
In terms of access, only the page admin and the web service provider (see below) can access any of the stored data.
This is what Xu-Fu saves about you only when you register a user account
- Your password in a hashed version. Hashing is an irreversible process to mask a password. The masked version cannot be used for anything and your actual password cannot be retrieved from it. Your actual password is not stored anywhere, only the password hash is.
- Your email address, if you provide one. You can remove it in your account setting at any time and it is only used for password reset emails, nothing else.
- The date of your registration
- Account preferences. Optional information that modifies how the page works for you, for example: display language, user icon, a connected WoW character, preferences for how specific pages show you information.
- Your profile info. Optional information about yourself, for example: personal description, links to social media, favourite pet etc. - all this can be edited and removed at any time in the profile settings
- If a pet collection is added, this is also gathered and saved from the public WoW armory.
If you signed up using Battle.net authentication, a few more things are stored:
- A unique access token that allows Xu-Fu to see your Battle Tag and which WoW characters are on your account. This token does not allow access to any other data. You can revoke it at any time in your Battle.net security settings.
- If a pet collection is available through Battle.net, it is from the public armory and saved.
5. Right to Data Deletion
If you did not register an account, all data about your visit is automatically deleted 7 days after the visit.
If you do have a user account, there is an option at the bottom of your account settings to permanently delete your account. It does what it says :-)
6. Right to Access
If you would like a copy of all data stored about your user account, please send an email to firstname.lastname@example.org.
7. Data Security
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
8. Service Providers
We employ a third party company to facilitate our Service. This is the Web Service Provider responsible for hosting the web page (DomainFactory, www.df.eu
This third party has access to your Personal Data only to perform these tasks on our behalf and is obligated not to disclose or use it for any other purpose.
9. Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
10. Children's Privacy
Xu-Fu's Pet Guides does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.