Games News Contact Press

GDPR Compliance Statement

The General Data Protection Regulation (GDPR) is effective from 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.

FRVR understands the importance of customer data and welcomes the arrival of the GDPR. At FRVR Limited, we believe that customers are the most important part of our business and the success of our company builds on the trust that our customers, employees and other stakeholders have in our ability to deliver premier quality including the protection of personal information.

We can confirm that all FRVR Limited services will comply with GDPR when it becomes enforceable in May of 2018.

The following are key aspects of the GDPR, and how it relates to FRVR Limited.

What is the GDPR

Key Aspects of GDPR

There are 4 aspects to the GDPR that FRVR Limited has considered as part of our GDPR compliance:

The right to data portability

Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilities reuse.

The right to be forgotten:

This gives individuals the right to have certain personal data deleted so third parties can no longer trace them.

Privacy by Design

This helps to facilitate the inclusions of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data.

Data Breach Notifications

Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is an high risk to the rights and freedoms of data subjects, they must also notify the data subjects.

GDPR Compliance for FRVR

To Understand the position of FRVR in the compliance of GDPR, it is important to understand the actors. These actors are:

Data Controller
is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files.
Data Processor
in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. “processing”, in relation to information or data means. obtaining, recording or holding the information or data.
Data Subject
means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about.

GDPR and FRVR Limited

The following are key elements of our GDPR Compliance:

We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, FRVR is not able to monitor the processing of Customer Personal Data in our customer’s systems.

What personal data do we collect/store?

At FRVR we collect two types of data on our users; passive and active. Passive collection is the data that is collectected when users play games, whether on their mobile or the web. This data is collected using Google Analytics and it contains the following information:

This data does not contain any directly identifying markers such as name, email or similar. Our active data collection is currently limited to our high scores and other scores (such as coins collected). We allow users to log in using their Facebook account, and from their Facebook account we store the following:

As such we don't store any data that can be used to identify and track an individual, nor tie any of our data to a person unless you have outside information (ex. Facebook user data).

How does FRVR Address GDPR

Data Access Control
The controller shall implement appropriate technical and organizational measures for ensuring that by default, only personal data which are necessary for each specific purpose of the processing are processed.
Monitoring of Access Activities
Each controller and where applicable, the controllers representative, shall maintain a record of processing activities under its responsibilities
Data Encryption
Organizations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data
Strong Compliance Framework
Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services

Questions?

Any FRVR Limited GDPR related questions and any data subject requests can be addressed to FRVR’s Data Protection Officer at gdpr@frvr.com.

FAQ

Will FRVR services comply with the GDPR?
All FRVR services will comply with the GDPR when it becomes enforceable.
What are the requirements under GDPR for FRVR?
  • Privacy measures should be implemented in the design phase
  • Right to be forgotten
  • Data portability
What information is covered by GDPR?
  • Any information relating to an identified or identifiable natural person
  • Any healthcare and sensitive data
When does GDPR come into effect?
May 25, 2018
Which customers are affected by the GDPR?
  • Applies to controllers and processors who are established in the European Union or those who offer goods and services to data subjects in the EU
  • Entities that monitor behavior of data subjects in the EU
What type of actor is FRVR?
Although FRVR is a processor of data, it does not process any specific data that identifies a person or persons in any unique way that is contrary to GRPD. FRVR processes the following data elements:
  • IP address
  • approximate geographical location
  • session duration
  • in-game activity