languagegames.fun
The Privacy Policy
The aim of this privacy policy is to explain which data is collected by the languagegames.fun website, why it is collected, how it is kept secure and to explain the user his rights according to this data. It also describes cookies usage by the languagegames.fun website.
Last edit date: 02.09.2021
| the website | - this website, accessible at https://languagegames.fun |
| OS | - the operating system |
| the Terms of Use | - the terms of use of the website. |
| user | - anyone using the website |
| GDPR | - the General Data Protection Regulation |
| COPPA | - Children's Online Privacy Protection Rule |
The administrator of the website and your data administrator is Tomasz Horodecki.
You can contact him by e-mail: admin@languagegames.fun.
This data is collected based on consent according to Art 6 (1)(a) of GDPR, which is given by the user during sign-up process (by accepting this privacy policy), or by the player before starting the game (also by accepting this privacy policy) in case of accessing a game by the game link generated by the signed-up user. The consent from the player is requied only if the signed-up user (the teacher) enabled the live reporting feature, otherwise no data is collected from the player that would require his consent.
This data is kept until:
- The signed-up user removes his account.
- The signed-up user’s account is removed.
- The players data can be removed by the signed-up user using the website’s dashboard by removing the link connected with the player's game record or the dataset connected to this link.
- The players data can be also removed automatically if there is too much play records of the link (the oldest records are removed then).
- All play records are removed automaticially after three weeks of submitting. This removal can take up to one week.
- The user's mail address - it is used for the following purposes:
- To identify him during log-in.
- To communicate with the user:
- during sign-up, mail change or password reset procedure
- to inform about changes in the terms of use or in the privacy policy
- to inform about news and changes on the website
- to inform about detected data breach
- to respond to user’s feedback message
- for direct contact of the website’s administrator with the individual user (for example to respond to the feedback message from the user)
- Password hash - The website does not store the user’s password in plain-text, it uses strong hashing alghorithm to perform during sign-up procedure a one-time, irreversible password encryption. Next, during log-in attempts, the password you provide is encrypted in this way again, and two hashes (outputs of encryption process) are compared to each other. This allows the website to autentache the user without storing his password in a decryptable form.
- The content created by the user by using the website's dashboard tools
- The last activity time - this data is used to detect non-used accounts and remove them
- The user's nickname – send together with the game result (accuracy) and play time – This data is used to show the signed-up user the player's game result. It is only collected if the live reporting feature have been enabled by the signed-up user (teacher). This feature is disabled by default, and links with this feature enabled cannot be shared to anyone below the age of consent of his country.
This data is collected to keep the website and the data it collectcs safe. It makes it possible to detect hacking attempts and data breaches, helps find security vurneabilities and fix them. It is collected according to Article 6 (1)(f) of GDPR (the legitimate interest). This data is removed automatically after 30 days or less.
- The user’s IP address and time during login attempt – It is collected to prevent brute-forcing login credentials and accessing the signed-up users data by an unauthorized person. For example if someone provides wrong login credentials, the website might not allow another login attempt from his IP adrress for a certain amount of time.
- The requests URL with their data and time, IP address, browser and OS information – for example if the user visits the login page, the website collects the information that user from given IP tried to access login page from certain browser and certain OS. It also saves the request’s time and date. This allows to detect irregulalities in the web traffic, find the ways someone might be trying to gain an unautorized access to the website or the data of another users. In case of data breach, this might help understand how it have happened and prevent it in the future.
- to be informed – about the way that their data is processed. This is the goal of this privacy policy.
- of access to his data and data portability – the signed-up users can view most of their data in the dashboard, all users can request access to it by contacting the administrator. The administrator has 30 days to respond to the request.
- to rectification – users have right to have any innaccuracy in their personal data corrected. They can request data rectification by contacting the administrator.
- to be forgotten – users have the right to have all their data removed. The signed-up users can remove their data by using the option 'remove my account' in the websites's dashboard's settings page. The data stored in the databases (email address, password hash, content created by the user, data collected from the players (as stated in point 2)) will be removed instantly, the data stored in logs (requests URL, date and time, browser and OS information) will be removed automatically after 30 days or less. Any user can request their data removal by contacting the administrator.
- to restrict processing or object – the user can request data processing restriction or object to the data processing by contacting the administrator.
- to lodge a complaint with a supervisor authority.
To contact the administrator, please write to the admin@languagegames.fun.
The signed-up users apart from contacting the administrator to access or rectify their data, can instantly edit their mail address, password and data submitted using the website’s dashboard using the website’s dashboard interface. They can also use this interface to remove their account data.
None of the data collected by the website is shared with any third-party.
- Session cookie – the website assignes a cookie with unique identifier to distinguish one user from another.
For example when the user logs-in and refreshes the dashboard page, the website knows that it is him and does not need to display him a login form again.
- Cookies acceptance cookie – it contains information if the user has been informed about the cookies usage. It makes it possible not to display cookies usage information every time the user enters or reloads the website.
The website uses multiple layers of security to ensure that the users data is kept safe. All the vurneable data is transfered from and to the user using secure SSL protocol. It is kept on rented VPS located in Amsterdam. On the server the most vurneable data is encrypted for extra security.
The website administrator may update this privacy policy. The signed-up users will by informed by mail message that the privacy policy is about to be updated. The non signed-up users are recomended to watch this privacy policy page from time to time. If this privacy policy will be updated, for 7 days before the changes apply, the new privacy policy will be available to see by clicking a link on this page. After 7 days, the new privacy policy will substitute the old one. If the user do not remove their account or do not contact the administrator to object their data processing or request its removal within this time, their data may be processed according to the new privacy policy.
The website does not willingly collect any personal information from US children below 13 years old. It is targetted to the European audience only, the signed-up users are allowed to give the game access only to the users (students) located in the European Union.