One problem with
"If you don't want them to sell it, use the "Do not sell my personal information" button.
Where do you find it?
Settings -> View privacy policy -> Do not sell my personal information"
The Opting Out window starts with, "If you are a California resident, you have the right to request that we not sell your data."
I am not a California resident, so I apparently do not have the right to use this button.
If you are in Europe we have GDPR but other than that i don't think there are any laws internationally that can protect the users.
One problem with
"If you don't want them to sell it, use the "Do not sell my personal information" button.
Where do you find it?
Settings -> View privacy policy -> Do not sell my personal information"
The Opting Out window starts with, "If you are a California resident, you have the right to request that we not sell your data."
I am not a California resident, so I apparently do not have the right to use this button.
If you are in Europe we have GDPR but other than that i don't think there are any laws internationally that can protect the users.
I suspect there are a number of US, non-California payers like me.
And in the meantime, We get 1. a convergence day repeat, with the same repeated error of inflated tier reward thresholds that we were promised "would not happen again". 2. a "on the run dahj" with no art work in the game (ironically, you can go to a fan site and see the artwork). 3. 6th anniversary celebration with basically zero emphasis on player appreciation.
I think that at this point, the parabolic curve has already hit its inflection point long ago, the game died probably somewhere around the time that a staff member took it personal over the buy again button and banned everyone.
Stick a fork in it. And find something else to play.
For those saying "you consented", here's a scenario.
I decide to hire a hitman to off me. The hitman does his/her job.
Even though I "consented" does the hitman not still legal ramifications if caught?
No offense is intended, meant, implied, construed, or contained in Red or Blue Pills. Do not use infernally. Never call with a Deuce-Seven Off-Suit. Objects in mirror may be behind you. I want you, I need you, but there ain't no way I'm ever gonna love you. The hammer of the gods will drive our ships to new lands. I'm in love with Stacy's mom. So now I come to you with open arms. Sunday is on the way. The dead know only one thing: it is better to be alive. Your men love you. If I knew nothing else about you, that would be enough. This Ming is a psycho! Maximum effort! Nothing in this disclaimer or the comment it is part of construes, implies, or in any way can serve as legal advice.
"The truth is like a lion; you don't have to defend it. Let it loose; it will defend itself."
For those saying "you consented", here's a scenario.
I decide to hire a hitman to off me. The hitman does his/her job.
Even though I "consented" does the hitman not still legal ramifications if caught?
Yeah, indeed.
The only thing I'm saying is that we consent to what they are doing.
I don't know if it's legal. From what I could find it seems so but there is so much fake news.
For those saying "you consented", here's a scenario.
I decide to hire a hitman to off me. The hitman does his/her job.
Even though I "consented" does the hitman not still legal ramifications if caught?
This is a terrible analogy. Murder is a crime. As is assisted suicide. If you hire someone to kill yourself they are still guilty of a crime. Collecting this information is only a crime without consent. If the user consents there is no crime.
It's like if someone goes to your house and takes your car. If you never gave them permission, that's theft. But if you tell someone they can borrow or take your car, then there is no crime. If you told someone in writing they can borrow your car tomorrow and they borrow the car, then you can't go to the police and claim your car was stolen.
There is a question on what information is being shared without consent and if that qualifies as PII. I am not a legal expert and I'm sure WRG's lawyers are reviewing that information. But if consent was given, then there is no issue sharing this information.
For those saying "you consented", here's a scenario.
I decide to hire a hitman to off me. The hitman does his/her job.
Even though I "consented" does the hitman not still legal ramifications if caught?
This is a terrible analogy. Murder is a crime. As is assisted suicide. If you hire someone to kill yourself they are still guilty of a crime. Collecting this information is only a crime without consent. If the user consents there is no crime.
It's like if someone goes to your house and takes your car. If you never gave them permission, that's theft. But if you tell someone they can borrow or take your car, then there is no crime. If you told someone in writing they can borrow your car tomorrow and they borrow the car, then you can't go to the police and claim your car was stolen.
There is a question on what information is being shared without consent and if that qualifies as PII. I am not a legal expert and I'm sure WRG's lawyers are reviewing that information. But if consent was given, then there is no issue sharing this information.
Except it sounds like at least some regions mining certain data is also ILLEGAL. Now do you get the analogy? Which actually is not so "terrible' if you actually understand what people are referring to with the European law, and possibly others.
"The truth is like a lion; you don't have to defend it. Let it loose; it will defend itself."
For those saying "you consented", here's a scenario.
I decide to hire a hitman to off me. The hitman does his/her job.
Even though I "consented" does the hitman not still legal ramifications if caught?
This is a terrible analogy. Murder is a crime. As is assisted suicide. If you hire someone to kill yourself they are still guilty of a crime. Collecting this information is only a crime without consent. If the user consents there is no crime.
It's like if someone goes to your house and takes your car. If you never gave them permission, that's theft. But if you tell someone they can borrow or take your car, then there is no crime. If you told someone in writing they can borrow your car tomorrow and they borrow the car, then you can't go to the police and claim your car was stolen.
There is a question on what information is being shared without consent and if that qualifies as PII. I am not a legal expert and I'm sure WRG's lawyers are reviewing that information. But if consent was given, then there is no issue sharing this information.
Except it sounds like at least some regions mining certain data is also ILLEGAL. Now do you get the analogy? Which actually is not so "terrible' if you actually understand what people are referring to with the European law, and possibly others.
GDPR includes user consent. If the user consents you can collect the data.
And comparing murder to data collection is a terrible analogy no matter how you slice it.
GDPR includes user consent. If the user consents you can collect the data.
And comparing murder to data collection is a terrible analogy no matter how you slice it.
That it does - but it also states:
- that data collected must be for a specific purpose which is clear and communicated,
- and only relevant data to that stated purpose is collected,
- data have a shelf-life and must be deleted after the purpose is served
My favourite part: “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
And to be clear - WRG is the controller in this case as we the player use thier service, which they own, host and provide to us and allow other 3rd parties to access
GDPR includes user consent. If the user consents you can collect the data.
And comparing murder to data collection is a terrible analogy no matter how you slice it.
That it does - but it also states:
- that data collected must be for a specific purpose which is clear and communicated,
- and only relevant data to that stated purpose is collected,
- data have a shelf-life and must be deleted after the purpose is served
My favourite part: “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
And to be clear - WRG is the controller in this case as we the player use thier service, which they own, host and provide to us and allow other 3rd parties to access
It's collected to serve you targeted ads. That's pretty clearly stated. They will argue that all the data is relevant for that. You can challenge that in court, but we're not going to prove anything either way here if the data is relevant. We also have no idea if the data is stored and its shelf life. Nothing collected indicates it's stored beyond its shelf life. So again short of discovery in a law suit, we have nothing to go on.
I agree with you that WRG is the controller. And if IronSource screwed up WRG has a problem which is why they're reviewing it.
But given what we know, for users that consented, there is nothing here that violates GDPR. The question is strictly what is happening for users who did not consent. And for users outside the EU, none of this makes any difference.
This has not be forgotten.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
No, I do not have a time estimate.
I appreciate the patience.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
This has not be forgotten.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
No, I do not have a time estimate.
I appreciate the patience.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
In your hypothetical, if my business partner was publicly accused of wrong doing, I would be afraid of losing business and potentially damaging my own reputation by not addressing the matter in an expedited fashion.
2 months would seem to be an excessive amount of time to sort out liability and corrective actions.
I agree that it is best to get it right, but in my humble opinion, a part of getting it right is addressing customer concerns.
This has not be forgotten.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
No, I do not have a time estimate.
I appreciate the patience.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
In your hypothetical, if my business partner was publicly accused of wrong doing, I would be afraid of losing business and potentially damaging my own reputation by not addressing the matter in an expedited fashion.
2 months would seem to be an excessive amount of time to sort out liability and corrective actions.
I agree that it is best to get it right, but in my humble opinion, a part of getting it right is addressing customer concerns.
If my business partner was doing something wrong and I was afraid of liability, I would also have my lawyers take care of the issue before posting something on a public forum that could potentially expose the company to additional liability.
This has not be forgotten.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
No, I do not have a time estimate.
I appreciate the patience.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
In your hypothetical, if my business partner was publicly accused of wrong doing, I would be afraid of losing business and potentially damaging my own reputation by not addressing the matter in an expedited fashion.
2 months would seem to be an excessive amount of time to sort out liability and corrective actions.
I agree that it is best to get it right, but in my humble opinion, a part of getting it right is addressing customer concerns.
If my business partner was doing something wrong and I was afraid of liability, I would also have my lawyers take care of the issue before posting something on a public forum that could potentially expose the company to additional liability.
......and if MY lawyers needed 2 months (or longer) to take care of an issue like this, I would fire them and find new ones who were a little more motivated.
the truth though, is that while I would like to give wrg/tp the benefit of the doubt, I have been a player of this game since it launched. Ive seen it all, and ive seen how they address things. I wish I could be an optimist on this matter, but I am of the opinion that it is extremely unlikely that wrg/tp is having daily think tank meetings about this issue. I think it is also extremely unlikely that their dream team lawyers are looking into the matter. I think the most likely explanation is that they are giving this issue an extremely low priority, and are just hoping it goes away.
This has not be forgotten.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
No, I do not have a time estimate.
I appreciate the patience.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
In your hypothetical, if my business partner was publicly accused of wrong doing, I would be afraid of losing business and potentially damaging my own reputation by not addressing the matter in an expedited fashion.
2 months would seem to be an excessive amount of time to sort out liability and corrective actions.
I agree that it is best to get it right, but in my humble opinion, a part of getting it right is addressing customer concerns.
If my business partner was doing something wrong and I was afraid of liability, I would also have my lawyers take care of the issue before posting something on a public forum that could potentially expose the company to additional liability.
......and if MY lawyers needed 2 months (or longer) to take care of an issue like this, I would fire them and find new ones who were a little more motivated.
the truth though, is that while I would like to give wrg/tp the benefit of the doubt, I have been a player of this game since it launched. Ive seen it all, and ive seen how they address things. I wish I could be an optimist on this matter, but I am of the opinion that it is extremely unlikely that wrg/tp is having daily think tank meetings about this issue. I think it is also extremely unlikely that their dream team lawyers are looking into the matter. I think the most likely explanation is that they are giving this issue an extremely low priority, and are just hoping it goes away.
I'm glad things move so much faster in your world. Maybe someday we will all live there.
This has not be forgotten.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
No, I do not have a time estimate.
I appreciate the patience.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
In your hypothetical, if my business partner was publicly accused of wrong doing, I would be afraid of losing business and potentially damaging my own reputation by not addressing the matter in an expedited fashion.
2 months would seem to be an excessive amount of time to sort out liability and corrective actions.
I agree that it is best to get it right, but in my humble opinion, a part of getting it right is addressing customer concerns.
If my business partner was doing something wrong and I was afraid of liability, I would also have my lawyers take care of the issue before posting something on a public forum that could potentially expose the company to additional liability.
......and if MY lawyers needed 2 months (or longer) to take care of an issue like this, I would fire them and find new ones who were a little more motivated.
the truth though, is that while I would like to give wrg/tp the benefit of the doubt, I have been a player of this game since it launched. Ive seen it all, and ive seen how they address things. I wish I could be an optimist on this matter, but I am of the opinion that it is extremely unlikely that wrg/tp is having daily think tank meetings about this issue. I think it is also extremely unlikely that their dream team lawyers are looking into the matter. I think the most likely explanation is that they are giving this issue an extremely low priority, and are just hoping it goes away.
I'm glad things move so much faster in your world. Maybe someday we will all live there.
I am not sure that trying to turn this thread into a personal argument is really very productive. I am not sure why you would do so.
I was asked a hypothetical question so I responded with a hypothetical answer.
Regardless, *BUMP* to re-assert that I want an official response from wrg/tp on the true subject matter of this thread.
Regardless of how long anyone thinks the response "should" take, I would like to point out that the "delay" is possibly costing WRG/TP money. I can only speak for myself, but not having this answered is one of the factors that is keeping me from spending money on this game. (The other main one being the QC issues.) If only for the logic that if there is a violation, there might be a substantial fine, which might cause the game to disappear. So why would I spend money on pixels which might not be there soon?
So in some ways, this is actually no skin off my back, and actually to my advantage. The longer the response is in coming, the more money I save!
The offical handling of this thread has been shambolic and just goes to show how seriously WRG/TP take this issue.
To be clear - none of this is directed to or is the direct responsibility of @Shan , however as the PoC for players, there has been some failure in handling / escalating / responding back.
Ideally, by now, WRG's DPO (data protection officer) - which you are required to have - should have responded with a holding statement at the very least...e.g.
we are looking into the topics raised. Due to the number of points and number of third parties involved, we expect this to take between x - y weeks to gather the required information.
The current proposal to our customers is that we will respond with an update in regards to
- WRG / TP's data collection as a controller in x weeks
- WRG / TP's data collection as a processor in x+2 weeks
- WRG /TP's data collection as a joint controller in x+4 weeks
Additionally we have requested that all third parties listed respond back to our requests in a x - y week period, and we currently anticipate that we will require x weeks to analyze each third parties information, prior to updating the forums
... and then on those dates provide us with an update - even if it is to say that information is xx% collected and analysed and the next update is expected to be in yy weeks
Silence / Lack of response is paramount to negligence. There are many players who are from the S/W industry, and we are not blind to the effort required to look into these matters, but a little bit of planning, prep and professionalism goes a long way.
It would be good to see some formal response soon - otherwise the other option is for players to ask for a DSAR on each topic originally raised in the OP's post; which would the result in, by my estimate, 3x to 4x the amount of work in a 30 day time frame than if WRG seriously looked into this from the start.
Thank you for your patience while I was looking at the best way to reply to this thread and provide the answers you requested.
I’ve consulted with our legal team as well as with IronSource directly.
To be as complete as possible, I will provide a list that I hope you will find useful and helpful.
1. What personal and related data does STT collect:
The following information is collected by Beamable services for Star Trek Timelines on behalf of Wicked Realm Games. We have included both personally-identifiable data, as well as adjacent data that you may wish to be aware of.
Direct personal information, including email and social login association. This information is stored nowhere other than the backend, nor is it forwarded to anybody. It is purely used to satisfy login functionality with email and social (Facebook/AppleID), and security purposes. These include:
- DBID
- Email
- Username
- IP address
- Third party authorizations and associated account information (note that this only exists if you opted to sign in using a third party such as Facebook).
Install attribution information we collect when a player installs or reinstalls an app. The source of this information is ultimately AppsFlyer, and is used to track how the player came to install the app for user acquisition purposes (e.g. organically, from an advertisement, etc.). These include:
- Date and time of install
- DBID
- Country
- Advertising ID
- Provider (Google Play, iTunes, etc)
A record of all player purchases with real-money. This information is primarily used to support player support requests, especially in situations where a player requests a refund or did not receive the item they expected. It may also be used in a broader scope to better understand what offers are popular, and enhance the gameplay experience. This includes:
- Date and time of purchase
- DBID
- Transaction ID (internal identification of a specific purchase)
- Provider ID (external identification of a specific purchase, such as a GPA number)
- Provider (Google Play, iTunes, etc)
- State of purchase (completed, cancelled, etc)
- Product listing (which offer or Dilithium denomination was purchased)
- Currency (amount and type of currency paid)
A record of all player sessions, and details on their devices. This information is used to optimize Star Trek Timelines performance and detect when there are device-specific issues. It is also used to support player support requests, to better understand player login patterns, and to enhance the gameplay experience. This includes:
- Date and time of session
- Purchase total to date
- Device name and specifications
- Operating System and version
- Provider (Google Play, iTunes, etc)
2. What personal data does IronSource collect via STT:
The only data that is automatically shared with IronSource is the DBID, IP address, and Advertising ID (or a STT specific app ID if the Advertising ID cannot be used) , as well as device specifications such as screen size.
The DBID is an identifier specific to Beamable systems that is assigned to your game account. It has no context outside of that system, and absent other information such as email addresses or 3rd party associations like Facebook sign-in, cannot be used to personally identify you.
The IP address is collected by IronSource in order to ensure that ads and offers are localized correctly, as well as to check that all regional privacy standards (such as GDPR) are being observed.
The Advertising ID is generated by your device, please note that you can limit the use of your Advertising ID, or reset it entirely, in your device settings.
Lastly, device specifications are collected, such as screen size, in order to ensure that the offers and advertisements served are compatible with your device and will not crash the app as a result.
3. What other services collect personal data via STT:
The following lists other services that may collect personal and related data via Star Trek Timelines:
- AppsFlyer: Gameplay data, DBID and purchase data for attribution and analytics purposes.
- CloudOnce: Gameplay data in order to track external provider achievements linked to the game.
- Firebase (Crashlytics): DBID, Username, diagnostic data for crash reporting.
- Facebook: Association ID, friends list, and game data for authentication and social features.
- Pubnub: DBID and chat data in order to facilitate in-game chat services.
- Swrve: DBID and gameplay data in order to serve push notifications.
- Community Sift: Chat data in order to moderate and censor inappropriate content (note that no data is stored for greater than 14 days).
- Vanilla Forums: DBID, email address, and username if one has been set
- Zendesk: Email address, if used via game app: DBID, provider, device type and name, OS version, game version and data for Player Support purposes. Other data as volunteered by the user.
Have you seriously dragged this on for 2 months only to completely overlook the issues I have reported and to throw at us some general and incomplete information about what ironSource is collecting? And even that is based on what ironSource told you? Are you serious??????
Have you seriously dragged this on for 2 months only to completely overlook the issues I have reported and to throw at us some general and incomplete information about what ironSource is collecting? And even that is based on what ironSource told you? Are you serious??????
Comments
If you are in Europe we have GDPR but other than that i don't think there are any laws internationally that can protect the users.
I suspect there are a number of US, non-California payers like me.
I have the button. But when I push it, it says it's only for California residents.
And in the meantime, We get 1. a convergence day repeat, with the same repeated error of inflated tier reward thresholds that we were promised "would not happen again". 2. a "on the run dahj" with no art work in the game (ironically, you can go to a fan site and see the artwork). 3. 6th anniversary celebration with basically zero emphasis on player appreciation.
I think that at this point, the parabolic curve has already hit its inflection point long ago, the game died probably somewhere around the time that a staff member took it personal over the buy again button and banned everyone.
Stick a fork in it. And find something else to play.
It is a slow process I am sorry, I am trying to be as thorough as I can be, for everyone's sake.
@Shan Is there any estimate on when this may be completed? That may help with some of the concerns.
I decide to hire a hitman to off me. The hitman does his/her job.
Even though I "consented" does the hitman not still legal ramifications if caught?
No offense is intended, meant, implied, construed, or contained in Red or Blue Pills. Do not use infernally. Never call with a Deuce-Seven Off-Suit. Objects in mirror may be behind you. I want you, I need you, but there ain't no way I'm ever gonna love you. The hammer of the gods will drive our ships to new lands. I'm in love with Stacy's mom. So now I come to you with open arms. Sunday is on the way. The dead know only one thing: it is better to be alive. Your men love you. If I knew nothing else about you, that would be enough. This Ming is a psycho! Maximum effort! Nothing in this disclaimer or the comment it is part of construes, implies, or in any way can serve as legal advice.
Yeah, indeed.
The only thing I'm saying is that we consent to what they are doing.
I don't know if it's legal. From what I could find it seems so but there is so much fake news.
No, I do not have a time estimate.
I appreciate the patience.
i d stop playing the game at all? 🤗
Timeframes for a response to an offical request is 1 month...just saying, if you want a timely reponse - put a formal request in....
This is a terrible analogy. Murder is a crime. As is assisted suicide. If you hire someone to kill yourself they are still guilty of a crime. Collecting this information is only a crime without consent. If the user consents there is no crime.
It's like if someone goes to your house and takes your car. If you never gave them permission, that's theft. But if you tell someone they can borrow or take your car, then there is no crime. If you told someone in writing they can borrow your car tomorrow and they borrow the car, then you can't go to the police and claim your car was stolen.
There is a question on what information is being shared without consent and if that qualifies as PII. I am not a legal expert and I'm sure WRG's lawyers are reviewing that information. But if consent was given, then there is no issue sharing this information.
Except it sounds like at least some regions mining certain data is also ILLEGAL. Now do you get the analogy? Which actually is not so "terrible' if you actually understand what people are referring to with the European law, and possibly others.
GDPR includes user consent. If the user consents you can collect the data.
And comparing murder to data collection is a terrible analogy no matter how you slice it.
That it does - but it also states:
- that data collected must be for a specific purpose which is clear and communicated,
- and only relevant data to that stated purpose is collected,
- data have a shelf-life and must be deleted after the purpose is served
source: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/
My favourite part:
“The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
And to be clear - WRG is the controller in this case as we the player use thier service, which they own, host and provide to us and allow other 3rd parties to access
It's collected to serve you targeted ads. That's pretty clearly stated. They will argue that all the data is relevant for that. You can challenge that in court, but we're not going to prove anything either way here if the data is relevant. We also have no idea if the data is stored and its shelf life. Nothing collected indicates it's stored beyond its shelf life. So again short of discovery in a law suit, we have nothing to go on.
I agree with you that WRG is the controller. And if IronSource screwed up WRG has a problem which is why they're reviewing it.
But given what we know, for users that consented, there is nothing here that violates GDPR. The question is strictly what is happening for users who did not consent. And for users outside the EU, none of this makes any difference.
At this point, I think that expecting the players to wait for over 2 months to get a response on this issue defies the word "patience".
This is not your fault or responsibility, shan. It is absolutely ridiculous that there has been no official word on this.
To play Devil's Advocate, what if your business partner that you thought was doing all of the right things, is doing the wrong things and you need to sort out liability and corrective actions? Sometimes things don't happen as fast as we want them and its usually best to get it right rather than half way.
In your hypothetical, if my business partner was publicly accused of wrong doing, I would be afraid of losing business and potentially damaging my own reputation by not addressing the matter in an expedited fashion.
2 months would seem to be an excessive amount of time to sort out liability and corrective actions.
I agree that it is best to get it right, but in my humble opinion, a part of getting it right is addressing customer concerns.
If my business partner was doing something wrong and I was afraid of liability, I would also have my lawyers take care of the issue before posting something on a public forum that could potentially expose the company to additional liability.
......and if MY lawyers needed 2 months (or longer) to take care of an issue like this, I would fire them and find new ones who were a little more motivated.
the truth though, is that while I would like to give wrg/tp the benefit of the doubt, I have been a player of this game since it launched. Ive seen it all, and ive seen how they address things. I wish I could be an optimist on this matter, but I am of the opinion that it is extremely unlikely that wrg/tp is having daily think tank meetings about this issue. I think it is also extremely unlikely that their dream team lawyers are looking into the matter. I think the most likely explanation is that they are giving this issue an extremely low priority, and are just hoping it goes away.
I'm glad things move so much faster in your world. Maybe someday we will all live there.
I am not sure that trying to turn this thread into a personal argument is really very productive. I am not sure why you would do so.
I was asked a hypothetical question so I responded with a hypothetical answer.
Regardless, *BUMP* to re-assert that I want an official response from wrg/tp on the true subject matter of this thread.
So in some ways, this is actually no skin off my back, and actually to my advantage. The longer the response is in coming, the more money I save!
To be clear - none of this is directed to or is the direct responsibility of @Shan , however as the PoC for players, there has been some failure in handling / escalating / responding back.
Ideally, by now, WRG's DPO (data protection officer) - which you are required to have - should have responded with a holding statement at the very least...e.g.
... and then on those dates provide us with an update - even if it is to say that information is xx% collected and analysed and the next update is expected to be in yy weeks
Silence / Lack of response is paramount to negligence. There are many players who are from the S/W industry, and we are not blind to the effort required to look into these matters, but a little bit of planning, prep and professionalism goes a long way.
It would be good to see some formal response soon - otherwise the other option is for players to ask for a DSAR on each topic originally raised in the OP's post; which would the result in, by my estimate, 3x to 4x the amount of work in a 30 day time frame than if WRG seriously looked into this from the start.
I’ve consulted with our legal team as well as with IronSource directly.
To be as complete as possible, I will provide a list that I hope you will find useful and helpful.
1. What personal and related data does STT collect:
The following information is collected by Beamable services for Star Trek Timelines on behalf of Wicked Realm Games. We have included both personally-identifiable data, as well as adjacent data that you may wish to be aware of.
Direct personal information, including email and social login association. This information is stored nowhere other than the backend, nor is it forwarded to anybody. It is purely used to satisfy login functionality with email and social (Facebook/AppleID), and security purposes. These include:
- DBID
- Email
- Username
- IP address
- Third party authorizations and associated account information (note that this only exists if you opted to sign in using a third party such as Facebook).
Install attribution information we collect when a player installs or reinstalls an app. The source of this information is ultimately AppsFlyer, and is used to track how the player came to install the app for user acquisition purposes (e.g. organically, from an advertisement, etc.). These include:
- Date and time of install
- DBID
- Country
- Advertising ID
- Provider (Google Play, iTunes, etc)
A record of all player purchases with real-money. This information is primarily used to support player support requests, especially in situations where a player requests a refund or did not receive the item they expected. It may also be used in a broader scope to better understand what offers are popular, and enhance the gameplay experience. This includes:
- Date and time of purchase
- DBID
- Transaction ID (internal identification of a specific purchase)
- Provider ID (external identification of a specific purchase, such as a GPA number)
- Provider (Google Play, iTunes, etc)
- State of purchase (completed, cancelled, etc)
- Product listing (which offer or Dilithium denomination was purchased)
- Currency (amount and type of currency paid)
A record of all player sessions, and details on their devices. This information is used to optimize Star Trek Timelines performance and detect when there are device-specific issues. It is also used to support player support requests, to better understand player login patterns, and to enhance the gameplay experience. This includes:
- Date and time of session
- Purchase total to date
- Device name and specifications
- Operating System and version
- Provider (Google Play, iTunes, etc)
2. What personal data does IronSource collect via STT:
The only data that is automatically shared with IronSource is the DBID, IP address, and Advertising ID (or a STT specific app ID if the Advertising ID cannot be used) , as well as device specifications such as screen size.
The DBID is an identifier specific to Beamable systems that is assigned to your game account. It has no context outside of that system, and absent other information such as email addresses or 3rd party associations like Facebook sign-in, cannot be used to personally identify you.
The IP address is collected by IronSource in order to ensure that ads and offers are localized correctly, as well as to check that all regional privacy standards (such as GDPR) are being observed.
The Advertising ID is generated by your device, please note that you can limit the use of your Advertising ID, or reset it entirely, in your device settings.
Lastly, device specifications are collected, such as screen size, in order to ensure that the offers and advertisements served are compatible with your device and will not crash the app as a result.
3. What other services collect personal data via STT:
The following lists other services that may collect personal and related data via Star Trek Timelines:
- AppsFlyer: Gameplay data, DBID and purchase data for attribution and analytics purposes.
- CloudOnce: Gameplay data in order to track external provider achievements linked to the game.
- Firebase (Crashlytics): DBID, Username, diagnostic data for crash reporting.
- Facebook: Association ID, friends list, and game data for authentication and social features.
- Pubnub: DBID and chat data in order to facilitate in-game chat services.
- Swrve: DBID and gameplay data in order to serve push notifications.
- Community Sift: Chat data in order to moderate and censor inappropriate content (note that no data is stored for greater than 14 days).
- Vanilla Forums: DBID, email address, and username if one has been set
- Zendesk: Email address, if used via game app: DBID, provider, device type and name, OS version, game version and data for Player Support purposes. Other data as volunteered by the user.
For additional context and information please refer to our Terms of Service (https://www.tiltingpoint.com/terms-of-service/) and Privacy Policy (https://www.tiltingpoint.com/privacy-policy/)
It is understandable that you might have additional questions, if that is the case do not hesitate to reach out directly to privacy@tiltingpoint.com.
Thank you!
I was hoping to avoid the need to file a complaint with my national data protection authority but here we are.
https://edpb.europa.eu/about-edpb/about-edpb/members_en
Agreed, I feel a lot of the actual points have been missed here...