The General Data Protection Regulation (GDPR) is effective from 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.
FRVR understands the importance of customer data and welcomes the arrival of the GDPR. At FRVR Limited, we believe that customers are the most important part of our business and the success of our company builds on the trust that our customers, employees and other stakeholders have in our ability to deliver premier quality including the protection of personal information.
FRVR Limited services complies with all applicable parts of the GDPR.
The following are key aspects of the GDPR, and how it relates to FRVR Limited.
The GDPR is the General Data Protection Regulation established by the European Union.
At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
Follows EU Data Protection Directive (Directive 95/46/EC). For more information, please see eugdpr.org.
There are 4 aspects to the GDPR that FRVR Limited has considered as part of our GDPR compliance:
Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilities reuse.
This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. FRVR Limited does not store any personal data, only authentication tokens to Facebook. Those tokens can be invalidated by removing the game app according to these instructions by Facebook.
Since we currently do not store any PII directly, and the only way to link game state and analytics data collected with a particular user is via their Facebook Access Token, simply removing the FRVR game app from the users’ Facebook profile will anonymize any information we hold. This will happen instantly, the moment the user removes our app.
This helps to facilitate the inclusions of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data.
Controllers must report personal data breaches to the relevant supervisory authority within 72 hours after having become aware of it. If there is an high risk to the rights and freedoms of data subjects, they must also notify the data subjects.
FRVR Limited has an escalated process in order to ensure the security of user data. Information about whether or not user data has been part of a breach is available upon request.
To Understand the position of FRVR in the compliance of GDPR, it is important to understand the actors. These actors are:
The following are key elements of our GDPR Compliance:
We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, FRVR is not able to monitor the processing of Customer Personal Data in our customer’s systems.
At FRVR we collect two types of data on our users; passive and active. Passive collection is the data that is collected when users play games, whether on their mobile device or the web. This data is collected using Google Analytics or similar and contains the following information:
This data does not contain any personally identifying information. Our active data collection is currently limited to high scores and game information, such as coins collected. We allow users to log in using their Facebook account, and from their Facebook account we store the following:
As such we don't store any data that can be used to identify and track an individual. The user access token can be invalidated at any time by removing our app from the users Facebook profile.
Any FRVR Limited GDPR related questions and any data subject requests can be addressed to: gdpr@frvr.com.