General Data Protection Regulation (GDPR)
- Introduction and Scope
Codex.Games recognizes the importance of data protection and privacy for all users of its fandom website for games. This GDPR outlines the principles and guidelines that Codex.Games adheres to when processing and handling personal data. The GDPR applies to all data subjects whose personal information is collected and processed by Codex.Games.
- Data Controller and Data Protection Officer (DPO)
- Codex.Games shall be the Data Controller responsible for the collection, storage, and processing of personal data.
- Codex.Games shall appoint a Data Protection Officer (DPO) to oversee all data protection activities and handle any related queries.
- Lawful Basis for Processing Personal Data
Codex.Games shall process personal data based on one or more of the following lawful bases:
- The data subject has given explicit consent for the processing of their personal data.
- Processing is necessary for the performance of a contract with the data subject or to take steps at the data subject’s request prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which Codex.Games is subject.
- Processing is necessary to protect the vital interests of the data subject or another natural person.
- Processing is necessary for the legitimate interests pursued by Codex.Games, except where such interests are overridden by the interests, fundamental rights, or freedoms of the data subject.
- Types of Personal Data Collected
Codex.Games shall only collect and process personal data that is relevant and necessary for the stated purposes. This may include, but is not limited to:
- Name, username, or pseudonym (for identification and communication purposes).
- Email address (for communication and account-related purposes).
- Age/date of birth (to ensure age-appropriate content and legal compliance).
- IP address (for security and website analytics purposes).
- User-generated content (such as comments and forum posts).
- Purposes of Data Processing
Codex.Games shall process personal data for the following purposes:
- User account creation and management.
- Providing access to the website’s features and content.
- Personalizing user experiences on the website.
- Responding to user inquiries and providing customer support.
- Ensuring the security and integrity of the website.
- Analyzing website usage and improving services.
- Data Subject Rights
Codex.Games acknowledges the data subjects’ rights and shall facilitate the exercise of these rights, including:
- The right to access personal data held by Codex.Games.
- The right to rectify inaccurate or incomplete personal data.
- The right to erasure of personal data (subject to legal obligations).
- The right to restrict processing of personal data (subject to legal obligations).
- The right to data portability (where applicable).
- The right to object to processing based on legitimate interests.
- Data Retention
Personal data shall be retained for no longer than necessary to fulfill the purposes for which it was collected, unless retention is required for compliance with legal obligations.
- Data Security
Codex.Games shall implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, preventing unauthorized access, disclosure, alteration, or destruction.
- Data Breach Notification
In the event of a data breach that poses a risk to the rights and freedoms of data subjects, Codex.Games shall promptly notify the appropriate supervisory authority and affected data subjects, as required by applicable laws.
- Third-Party Processors
Codex.Games may engage third-party processors to assist with data processing activities. Such processors shall be carefully selected and required to comply with data protection standards.
- International Data Transfers
If personal data is transferred to countries outside the European Economic Area (EEA), appropriate safeguards shall be in place to ensure the protection of the data.
- Policy Updates
This GDPR may be reviewed and updated periodically to ensure compliance with relevant regulations and industry best practices. Any substantial changes shall be communicated to users.