This article will cover everything you need to know about Data Processing at Player XP so you have more clarity into what we do with the data we get and that you provide us.
We will also talk a bit about how Brexit affected GDPR policies and how we use AWS services to process Personal Data whilst ensuring we comply with GDPR and Data Protection laws.
Player XP Uses Industry Leading Amazon Web Services
At Player XP we use Amazon Web Services (AWS) for our data processing to store and protect all our data. AWS ensures we always operate in a way that is compliant with GDPR, Data Protection and other applicable legislation. AWS has hundreds of features and services that are focused on helping users with the security and compliance of their customer data.
AWS allows us to determine where we store our customer data and choose its secured state. We can also manage who has access to your data and AWS services through users, groups, permissions and credentials. These rights to process are controlled by our customers so you would need to give consent and access to anyone who wants to manage your Personal Data.
Data Protection is important and it is right that customers have concerns about data processing. In 2018, a new GDPR was introduced by the European Economic Area (EEA) to strengthen the security of Personal Data in the EU. AWS quickly responded and ensured that its services were compliant with the latest GDPR. Post-Brexit, in the UK we now follow the UK GDPR which was set after the UK officially left the EU. AWS is also compliant with this legislation. They have confirmed they do not expect this to impact customers’ use of AWS or the supply of their services.
If needed, AWS users can continue to transfer personal data in and out of AWS regions throughout the EEA and the UK. This process will still comply with GDPR if we need to process client data in an EU country. Data stored in AWS services is a priority to keep safe and protected and will receive the same high level of protection as it does in the EEA. AWS’s IT infrastructure is aligned with the best security practices and IT security standards. As promised we ensure to use the market-leading services for processing and securely storing your data.
AWS complies with these ISO certificates:
- ISO 9001
- ISO 27001
- ISO 27017
- ISO 27018
How Player XP Uses Your Personal Information
Once our clients provide us with personal information, for example, when setting up Player XP services for your game, we only use this information for ordinary Player XP business. Examples of this are responding to enquiries, processing a request and providing clients with access to our service. This also includes fulfilling the purpose of a contract with a client. We do not process your data if it would negatively impact the service you pay for or if it doesn’t comply with our legal obligations.
We use the data you provide us to perform our services and comply with applicable legislation. We may also use your data to audit, identify security incidents, protect against fraud and use it towards the development and improvement of our services. For example, we collect and aggregate your Usage Data to help us identify the number of users who are using a specific feature on the dashboard.
At Player XP we may share your information with third parties who perform services for us to improve the efficiency and performance of our service. (e.g. billing, CRM, system administration, data storage etc.) However, these third parties are prohibited from using your information other than to provide their services to Player XP. The services they carry out on our behalf are subject to agreements with us that oblige them to process your data only with our instructions and to ensure they are handled following appropriate security measures. These are identified in our Player XP policies which are disclosed to associates who provide services to us.
Protection of your Data
Player XP operates as a service that collects and analyses publicly available information and then stores our analytics on a dashboard which customers can access to see the data. If you publish information on publicly available websites and social media platforms, Player XP may have already analysed some of that data. The information that we collect is already publicly available on many websites and platforms, this is the only data we have access to. We get other data by contracting directly with content providers.
At Player XP we understand how valuable your data is to you, we ensure to keep your data secure and place restrictions on our customer’s use of the data they access through the Player XP dashboard. Sensitive information that you exchange with Player XP is always encrypted during transit. Information you share with us is transmitted using the SLL encryption protocol. SLL encryption is the industry-leading standard for transmitting data online.
Removing your Data
You can update the personal information of your account by accessing it through our dashboard. If you have admin access you can do this for your entire company and team members. If you want to delete your information you can reach out to us at firstname.lastname@example.org to request to delete your personal information. You will receive a response to this request within 30 days but please consider we have the right to reject your request under specific circumstances highlighted in our policies.
You also have the right to request a copy of your personal data, correct inaccurate or outdated information, and place a restriction or withdraw your consent to processing your data at any time.
Processing and Transferring
The information that you provide to us will be processed by Player XP or a service provider in the country where it was collected and stored initially. If your information is transferred to other countries, we must have your consent to process and transfer the data as there are likely to be different data protection and GDPR laws in other countries.
We are not restricted to processing your data in one country, the data will likely be processed in the UK or the country of our client if that is what they prefer. We will discuss with our clients if they have a preference for where Personal Data is stored and processed to ensure you are comfortable with how your data is being handled and its whereabouts.
Setting up an EU server means the data we process for our European clients will not be able to leave Europe and you will know where and how it is being used.
How Brexit Impacted GDPR
As we mentioned earlier, AWS complies with the 2018 EU GDPR legislation. However, after Brexit, the EU GDPR no longer applied to the UK. Therefore, the DPPEC (Data Protection, Privacy and Electronic Communications) amended the DPA 2018 and merged it with the requirements of the EU GDPR to form a new UK specific regime known as the UK GDPR.
We still use AWS for your personal data as it is also compliant with the UK GDPR which is very similar to the EU GDPR. Processing data with AWS should remain the same as before Brexit meaning our use of their services should not be affected and your data will still be protected using the industry-leading service.
Thank you for reading, we hope this article gives you more clarity around data processing at Player XP and answers queries and concerns you had around the protection of your Personal Data. If you have any questions that weren’t answered in this article or you want to suggest a new feature to Player XP, feel free to contact us via email or Slack. A member of the team will be in touch!