PART A - CONSENT TO DATA PROCESSING
1) At agreement to these terms, you (‘the data subject’) consent to the lawful and fair processing of-
b) personal data stored incidentally on what pages have been visited, the amount of visitors and for how long;
c) your age; and
d) identifiers, in-game names, Internet Protocol (IP) addresses, and cookies.
2) We (‘CubedCon’) will process such data as a ‘data controller’ for the purposes of-
a) fulfilment of any contractual or statutory duties upon CubedCon through the retrieval of data from an automated service;
b) provision of the electronic ‘Convention’ or CubedCon’s services through an automated service;
c) retrieval of contact details to respond without undue delay to complaints or comments made from an automated service;
d) marketing for future CubedCon events; or
e) retrieval of contact details from an automated service to advertise future CubedCon events or promotional offers to you.
3) In paragraph (2), reference to any ‘automated service’ denotes-
a) a service which is ran by our processors;
b) a service which provides secure retrieval of information that is automatically stored on a server upon submission of a form on the organisation website;
c) a service which doesn’t produce substantial legal consequences; and
d) a service which may require human intervention and interpretation, and does not make final or irrevocable decisions.
b) to the policies and terms of SHOPIFY when making purchases through the SHOPIFY dialogue on the CubedCon website, which will appear during any purchase made on CubedCon’s website;
c) that CubedCon for the purposes of the General Data Protection Regulation (‘GDPR’) is a ‘data processor’ of data transferred from you to SHOPIFY for CubedCon in any sale or licence for a further benefit at loss of money consideration;
d) to cooperate with CubedCon in the processing of accurate and regularly updated information, including age, email address and organisation names;
e) to the secure storage and collection of your data through reliable processors and authorised parties, such as Google Analytics, Hotjar and our junior ‘data handlers’ which is used to make improvements to the site.
5) We will not share the data during the management of the mentioned data in paras 1, 2 and 4(b)-(c) with another legal or natural person outside CubedCon, Google Analytics, Hotjar and SHOPIFY, sell that data, or require you to input sensitive data relating to religious or political views, sex, gender, race, or sexual orientation.
6) You may withdraw consent at any time by contacting our data protection controllers, who are required by law to respond without undue delay to enforce any of the rights outlined in Part D.
PART B - GENERAL INFORMATION
8) You have the right to object to any processing, if CubedCon decides to continue processing data after an attempted invocation of the right to erasure or notification of consent withdrawal if they cannot demonstrate compelling reasons for prolonging the processing in pursuit of the public interest or the organisation’s legitimate interest.
9) Any personal data will be erased securely within 2 years from the date the ‘Convention’ ends.
10) Immediately enforceable ‘data subject rights’ in relation to the erasure and handling of data are outlined in Part D. Other rights and remedies available to you are outlined in Part E, such as the right to make complaints to a supervisory authority or access to a judicial remedy for compensation of breach of the GDPR.
12) CubedCon is not responsible tortiously or under any statutory obligation for any information inputted into third-party applications, websites, clients, forms or servers. We will not transfer any data indicated in paras (1), (2) and (4)(b)-(c) to any other legal body to a third-country or an EU Member State unless there is a legitimate public interest in the provision of that data.
PART C - THE IDENTITY OF THE DATA SENIOR ‘CONTROLLERS’
13) CubedCon’s data protection controllers will be responsible for personal data for the purposes outlined in paras (1)-(2). If you require the assistance of CubedCon in relation to enforcement of data subject rights under Arts 15-22 and 34 of the GDPR (as outlined below) or in relation to the data held by SHOPIFY or to make complaints, you must contact the main data controller by their contact details outlined in para (14).
14) Paul Baird, Karl Håkansson and George Raymond are CubedCon’s senior data controllers, responsible for all data received by CubedCon. They are contactable by e-mail during working hours (Monday-Friday, 10am-7pm) at [email protected], [email protected] and [email protected] respectively.
15) CubedCon’s senior data controllers are joined by other members of staff (‘data handlers’), who are subject to confidentiality agreements and have been authorised to handle the data in compliance with sub-processing and authorisation laws imposed by the GDPR.
16) Our senior data controllers are responsible as ‘controllers’ over all primary data outlined in paragraphs (1)-(2) and as processors of data under our agreement with SHOPIFY as outlined in paragraphs 4(b)-(c).
17) Our data protection team will respond to all correspondence without an undue delay depending on its urgency.
PART D - DATA SUBJECT RIGHTS
18) The following rights concern the data described in para (1)-(2). For rights concerning the data described in paras (4)(b)-(c), see consumer terms with SHOPIFY.
19) The rights conferred to data subjects are highlighted in-
a) articles 15 to 22 and 34 of the GDPR (‘General Data Protection Regulation 2016/679’);
b) sections 45 to 50 in the Data Protection Act 2018; and
20) You may enforce your rights to access, rectify, erase, or restrict processed information under the GDPR by contacting our primary data controller (see para. (13)). The data protection rights are:
a) to access information on-
i) the processed data,
ii) whether personal data is being processed,
iii) the purpose of processing,
iv) the categories of personal data concerned,
v) the recipients of the information,
vi) the duration of the processed data,
vii) the rights to rectify or erase said data.
This right is subject to the exception that providing the information would adversely affect the rights or agency of other data subjects, third-parties, clients or partners.
b) to be informed of the appropriate safeguards in place in the event of international transfer.
c) to have data rectified where the personal data related to you is inaccurate.
d) to have data erased if - among other grounds within the GDPR - you withdraw consent or it is unlawfully processed.
e) to restrict further processing for a temporary period, unless the further processing involves one or more of the following-
i) the mere storage of the impugned data;
ii) the establishment, exercise or defence of legal claims;
iii) the protection of the rights of other individuals; and
iv) the preservation of a wider pressing public interest which outweighs the importance of data subject rights.
f) to have disclosed parties notified regarding any rectification, erasure or restriction of processing of your information, subject to the exception that this proves impossible or to act is very difficult.
g) to data portability, where the data subject may request to receive their data in a machine-readable format. The right shall continue to require the data controller to transmit that data to another without hindrance where technically feasible.
h) to object to the processing of personal data without your consent for the purposes of a legitimate or public interest. CubedCon retains the right to rebut this right under the GDPR, where they can prove compelling grounds for continuing processing of the personal data under these grounds which outweigh the importance of protecting data subject rights.
i) to freedom from automated decision-making which produces substantial legal effects upon you. It is unlikely that data subjects may invoke this right, as CubedCon does not seek to substantially alter the legal status or rights of data subjects, all data processing is necessary for adequate provision of our service.
j) to be informed of a personal data breach concerning you without undue delay (maximum 72 hours) from the moment CubedCon becomes aware of it.
PART E - REMEDIES AND COMPLAINTS
21) Other than the immediate enforceable rights under Articles 15 to 22 and 34 of the GDPR, there are a number of remedies available to the data subject in the event of a breach of data protection law. They include-
a) the right to lodge a complaint with a supervisory authority, such as the ICO for UK nationals.
b) the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them, or against a controller or processor where your rights have been reaches as a result of non-compliance with the GDPR,
c) the right to affordable legal representation from a not-for-profit legal service to data subjects.
d) the right to compensation to any person suffering loss as a consequence of infringement of the GDPR, including processors against controllers.
PART F - CUBEDCON AS A ‘PROCESSOR’ FOR SHOPIFY
23) We can process that data only where the law prescribes it and through the means of paras 4(b)-(c), which includes where lawful and clear consent is given to SHOPIFY for us to process personal data.
24) CubedCon has a legal relationship with SHOPIFY, who is responsible as quasi-agent of CubedCon to provide a website add-on to advertise server benefits for purchase, and to facilitate sales and refer funds directly to CubedCon, in the way described in paras 4(b)-(c).
PART G - JURISDICTION