"BanThemAll" - Data Policy

Last updated: March 25, 2021

1. Scope of Application

The protection of your personal data as a user of "BanThemAll" (hereinafter: "platform") is important for us. We process the given data exclusively according to the respective legisla-tion (GDPR and Austrian Data Protection Act) and the present data policy. The data policy describes how we (Scrimber IT-Service GmbH, Lugeck 7, 1010 Vienna, hereinafter: "BTA", controller according to Art 4 (7) GDPR) process your personal data when using the services of the platform. The data policy also includes the relevant information according to Art 13 GDPR.

2. Processed data

When using the services of the platform, BTA will process the following data: Username, password, E-Mail, gaming name, country of origin, gaming preferences, video voting results, chatting information, website navigation behavior of the user. There is no usage of automat-ed decision-making (Art 22 GDPR).

In order to prevent multiple accounts and cyberattacks on the platform, the IP-address of the user will also be processed.

3. Lawfulness of data processing

The data processing is based on the consent of the data subject that provided the data, un-less other legal provisions justify the data processing.

If gaming names of people who are not registered on the platform (e.g. gaming name of the possible cheater in the video material) fulfil the criteria of Art 4 (1) GDPR (= definition of personal data), the lawfulness of the processing of such data is based on Art 6 (1) (f) GDPR (= processing is necessary for the purposes of the legitimate interests pursued by the con-troller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data). The legitimate interest of the platform is to combat cheaters.

4. Access and transfer of data

BTA may only view or pass the data to third parties under the following circumstances:

  1. authorities and courts if they request the disclosure of the data
  2. affiliated companies of BTA which are controlled by BTA (e.g. a subsidiary of BTA)
  3. staff of BTA and affiliated companies according to point 4) b)
  4. companies that provide IT-services to BTA (e.g. hosting companies). Processors are obliged to maintain confidentiality (Art 28 (3) (b) GDPR). BTA ensures that a data pro-cessing contract (Art 28 GDPR) is concluded with these companies.
  5. to other persons only anonymized data

5. Duration of the data processing

The data will be processed for the duration of the user agreement. After termination of the user agreement, BTA may further process the data if this is justified by another legal basis.

6. Data security

We endeavor to maintain the confidentiality and integrity of the personal data transmitted. All data is stored on servers in the European Union or in third countries that fulfil the standards of data protection according to the GDPR. For security reasons, passwords will be en-crypted in the database by using a hash function.

7. Rights of the data subject

According to the relevant provisions of the GDPR, the user has the following rights (rights of the data subject according to Chapter III GDPR):

  1. access by the data subject (Art 15 GDPR)
  2. rectification of inaccurate personal data (Art 16 GDPR)
  3. erasure of personal data if a ground of erasure applies (Art 17 GDPR)
  4. restriction of processing (Art 18 GDPR)
  5. data portability (Art 20 GDPR)
  6. objection to the processing of personal data (Art 21 GDPR)

If the processing is based on Art 6 (1) (a) GDPR, the user has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The processing of personal data according to other provisions will not be affected by the consent withdrawal.

The rights of the data subject can only be exercised in the case of personal data according to Art 4 (1) GDPR. In the case of anonymized data, which cannot be assigned to individual persons, the rights of the data subject do not apply.

An official ID-card must be presented to exercise the rights of the data subject. If necessary, additional proof of identification may be requested. A complaint can be lodged against the processing of personal data at the data protection authority, Barichgasse 40–42, A-1030 Vienna.

8. Contact Data

Controller according to Art 4 (7) GDPR:
Scrimber IT-Service GmbH
Lugeck 7/14, A-1010 Wien
E-Mail: office@scrimber.at

If you contact us by E-mail, the data you provide will be stored for six months in order to answer your inquiry and possible follow-up questions. We do not pass this data to third parties without your consent.

Gender-specific formulations apply to all genders.