Discord
FacebookVote

Privacy Policy

Purpose

The purpose of this policy is to harmonize the requirements of the organization's other internal regulations regarding data processing activities in order to protect the fundamental rights and freedoms of natural persons and ensure the appropriate handling of personal data.

Throughout its activities, the organization intends to fully comply with the legal requirements regarding the processing of personal data, especially those outlined in Regulation (EU) 2016/679 of the European Parliament and of the Council.

Another important objective of issuing this policy is to ensure that the organization's employees are able to lawfully carry out the processing of personal data through understanding and compliance.

Data Controller

Regarding the online activities of M2Master (m2master.com and related subpages), hereinafter referred to as the service provider and data controller, it processes the personal data of registered users. It only processes personal data that is essential for the realization of the purpose of data processing and suitable for achieving that purpose. Personal data is processed only to the extent and for the duration necessary to achieve the purpose.

The data controller reserves the right to change this information at any time. Of course, any changes will be communicated to the audience in due time.

The data controller protects the personal data of registered users in every expected manner.

Definitions

Data subject:
any identified or identifiable natural person based on specific personal data
Personal data:
any information relating to an identified or identifiable natural person - especially the name, identifier, and any information characteristic of the physical, physiological, mental, economic, cultural, or social identity of the data subject - as well as any inference drawn from such information regarding the data subject
Consent:
the voluntary and specific expression of the data subject's wish, based on adequate information, by which the data subject agrees to the processing of personal data concerning him or her - in whole or in part
Data controller:
a natural or legal person, or an organization without legal personality, who or which, alone or jointly with others, determines the purposes of the data processing, makes decisions regarding the processing of data (including the means used), and carries it out or has it carried out by a data processor
Data processing:
any operation or set of operations performed on data, irrespective of the applied procedure, including collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, restriction, erasure, or destruction of data, as well as preventing further use of the data, and taking photos, voice or image recordings, and recording physical characteristics suitable for identification (e.g., fingerprints, DNA samples, iris scans)
Disclosure:
making data accessible to anyone
Data erasure:
making data unidentifiable in such a way that its restoration is no longer possible
Data processing:
performing technical tasks related to data processing operations, regardless of the method and tools used for the operations and the location of the application, provided that the technical task is carried out on the data
Data processor:
a natural or legal person, or an organization without legal personality, who or which, by contract - including contracts concluded under legal provisions - carries out data processing

Data Processing Guidelines

  1. Personal data must be processed lawfully, fairly, and in a transparent manner for the data subject.
  2. The collection of personal data must be for specified, explicit, and legitimate purposes.
  3. The purpose of processing personal data must be adequate and relevant, and the processing must be limited to what is necessary.
  4. Personal data must be accurate and kept up to date. Inaccurate personal data must be erased without delay.
  5. Personal data must be stored in a form that permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods only for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.
  6. Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  7. The principles of data protection must be applied to all information concerning identified or identifiable natural persons.
  8. The employees of the organization who carry out data processing are responsible for the lawful processing of personal data in terms of disciplinary, compensation, administrative offense, and criminal liability. If an employee becomes aware that the personal data they process is incorrect, incomplete, or outdated, they must correct it or initiate its correction with the colleague responsible for recording the data.

Stored Data

During registration, the user provides the following data:

  • Username: Used for user identification
  • Password: Stored encrypted, never displayed unencrypted
  • Email address: Associated with the user, aids communication with the user
  • Character deletion code: Used for deleting characters in the game, accessible unencrypted by M2Master employees
  • Billing information (Name, Address): We do not store this data; the system reads it from third-party sites (e.g., Paypal) during runtime.

Legal Basis for Data Processing

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, Section 5 (1) paragraph a) Consent of the data subject.

Consent to Data Processing

During registration, the user expressly consents to the processing of the personal data voluntarily provided by them, as well as to any eligible person in the future.

Scope of Data Subjects

Registered users

Scope of Processed Data

Data provided by registered users during registration: Contact information (email) and data generated by the data controller's system during the use of the service, which is associated with the user's logging computer. Automatically recorded data is logged by the system upon login or logout without the separate declaration or action of the user. Except in cases required by law, the automatically recorded data cannot be linked to other personal user data. Only the data controller has access to the data.

Purpose of Data Collection

Uninterrupted operation of the website and associated services.

Authorized Data Processors

Employees of M2Master.

The data controller stores personal data until the deletion of registration.

Data Access and Modification

The user can view, modify, or delete their own data by logging into the website using the username and password provided during registration. The data controller shall provide information in a comprehensible form in response to the registered user's request within the shortest possible time from the submission of the request, but no later than within 30 days. If the registered user's request is found to be justified, the data controller will promptly take action to correct or delete the personal data.

Data Processing Principles

M2Master presents its data processing principles below, outlining the expectations it sets for itself as a data controller and adheres to. Its data processing principles are in line with current legislation on data protection.

Right to Deletion

Any individual may request the deletion of their data through the provided contacts. This must be done promptly, but no later than within 30 days from the request, and information must be sent to the provided contacts.

Right to Block or Restrict Processing

Any individual may request the blocking of their data through the provided contacts. The block remains in place as long as the designated reason requires the storage of the data. This must be done promptly, but no later than within 30 days from the request, and information must be sent to the provided contacts.

Right to Object

Any individual may object to data processing through the provided contacts. The objection must be examined within the shortest possible time from its submission, but no later than within 15 days. A decision must be made regarding its justification, and information about the decision must be sent to the provided contacts.