naughtygamers
NTHW Gaming Banner
GotW™ : Call of Duty 4

Author Topic: GDPR, NTHW and You  (Read 373 times)

0 Members and 1 Guest are viewing this topic.

Offline [NTHW] Clan

  • *
  • Posts: 200
    • NTHW Gaming
GDPR, NTHW and You
« on: 23 May 2018, 10:01: PM »
The UK is about to implement the latest internet privacy policy thing.  You've probably been deluged with email requests to give your consent to this that and the other.  But was GDPR really supposed to set off it's own spam storm?

Safeguarding an individual's data is important.  There does seem to be some overreaction.  The previous thing was all about cookies, and guess what, we probably are all rather blasé about all those "we've got cookies" consent messages splashed across websites.

NTHW already has privacy and website policies.  These are available from the navigation menus.  There is no need to change these.

We ensure that the software running the site (Simple Machines Forum, which is open source software) is regularly updated for any security releases.  We rely on our website hosts, TSO Hosts to hold the mysql database and files securely.

The site has to use cookies to work.  They link the account on your computer to the website and track the areas you can access and post.  There may be a third party cookie for antispam purposes, but we don't use analytics or similar to try and work out who is going to and from what or where and as we don't bother with adverts we don't need to know which brand of booze you like so we can ply you with more. 

If you are a member here it was your choice to register and in doing so you gave us some basic details including an email address.  You didn't have to give us your real name.  We don't know your home address, or shoe size (unless you chose to post it somewhere)  IP addresses are logged against all posts, and user registrations, mainly as a means that we can block spammers.  Some users may chose to edit their forum profile and declare their date of birth (but we don't require this).  Any password you provided is encrypted so nobody other than you can know it.  You can decide whether the site allows email or other messaging (and NTHW will only email for something serious).  You can edit your profile to control some of this stuff.

When you registered, and by posting, you grant us a permanent right to publish your message together with any attachments.  We can't delete stuff just because you want it to be forgotten.  It would make a mess of threads, and it becomes impossible to track every time something might have been re-quoted by others.

Search engines, such as google, yahoo, bing and many many others will crawl public areas of NTHW.  That may list and identify things you have done here elsewhere and in turn third party systems elsewhere on the web may be able to combine what you do here and on other unconnected sites to build wider information on you.  You may be particularly vulnerable if you have malware, tracking software or similar on your PC, and you have a preference for dubious websites.  You must accept responsibility for some of your use of the internet.

If we are operating gaming servers, or indeed when you game as a clan member on servers run by others, those servers will be tracking you, if only for gaming statistics.  Anti cheat software will be monitoring you.  And that ignores whatever data is being sent home to Activision, EA, Microsoft and others who have things embedded in the game and windows software you rely on.

So to keep things simple.  We use things only to enable this site to operate.  We don't give data to third parties.

But of course if you really don't like all this interweb stuff, and really value your privacy, please switch off your computer, tablet, smart phone, ditch your credit cards and become a recluse .....

Offline Stormpr00ter

  • Space Cadet
  • [NTHW] Clan
  • *
  • Posts: 3,598
  • Mostly Harmless
Re: GDPR, NTHW and You
« Reply #1 on: 24 May 2018, 12:47: PM »
The only thing that may be required, is that in the situation where someone leaves the forum, we anonymise any personal information, like "real" name, email address or contact details in their user profile, if they exist, and that person demands we do so.
Anything that has been posted on the threads should be fine, as it would be unreasonable to expect a forum administrator to trawl through all messages to remove any personal information.

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,508
    • Ember Big Band
Re: GDPR, NTHW and You
« Reply #2 on: 24 May 2018, 07:54: PM »
We don't require real names, or link it to any account user profile (there is no direct place that you could post that in the profile), but some users may give that away in content they post.  Similarly we won't know someone's address unless they posted it in a thread somewhere.  It's entirely optional in the user profile if a birth date is given (for which we have no means of verification), and those users who chose to give all or part of that usually do so because they want the forum to send birthday greetings.  As user profiles can be amended at any time, by the user, they are free to delete it, but it's not reasonable for admins to have to run around cleaning things up for people.

The forum does need to retain email addresses linked to accounts.  Users can chose whatever email they want, and through the profile can change it, but it would have to be valid to allow the account to register or be updated.  In common with most message board systems a unique email is the one piece of data that enables user accounts to be verified.  It's not to be encouraged, and patterns will often emerge where users try and register duplicate accounts with different email addresses.  We can't do that by IP address alone as in a lifetime of forum use we visit from so many different locations that most IP's will end up overlapping with many others.  Blocking spammers and other dubious users on IP alone is doomed to failure, and deterrence of many legitimate people, so email address is the only control.  We don't give out the email address of users, and unless the user has chosen to allow their email to be public only the few forum moderators would be able to see it.

At present a lot of interpretation of GPDR is vague.  Major businesses are scurrying around to try and work out what to do.  A small site like this is at the bottom of the pile and until I see some definitive guidance that something needs to be changed, I believe the existing privacy and website policies under which NTHW is operated, are sufficient.
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline Ramrod

  • [NTHW] Clan
  • *
  • Posts: 5,229
  • Full time again :(
Re: GDPR, NTHW and You
« Reply #3 on: 24 May 2018, 09:35: PM »
afaik, any data that we hold pertaining to existing users which was obtained in a reasonable manner (ie to sign up here etc) is deemed toalready have had consent. I believe that it's new sign ups (after the 25/5/18) that need to have all this gdpr stuff applied to.
Step by step, walk the thousand mile road...

Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,508
    • Ember Big Band
Re: GDPR, NTHW and You
« Reply #4 on: 24 May 2018, 09:47: PM »
From what my workplace currently understands, new clients are easier to deal with as you collect their consent to hold stuff as they join your business and if they don't consent they probably won't become a client.  It's existing ones that are more problematic as you have to spell out to them the new policies.  You may need to reconfirm their consent to continue to use their data, giving them the rights to opt out (hence the spam overloads in the last few days of the world and his wife telling you of new policies and requiring opt in / out depending on their interpretation of rules).  But for many organisations, simply to allow stuff to function you have to hold some data which could be considered personal.  My limited understanding is that this is not so much about what you hold, but why you hold it and what you do (or as importantly) cannot do with it, and that you do make all proper steps to keep stuff secure and prevent abuse.

Data Protection responsibilities are a good thing.  But once again, despite our frequently being told that government wants to cut bureaucracy and red tape, we get exactly the opposite.
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline IMPz

  • [NTHW] Clan
  • *
  • Posts: 456
Re: GDPR, NTHW and You
« Reply #5 on: 24 May 2018, 10:47: PM »
I've just signed a new contract and received the following email

In light of the forthcoming changes and impending introduction of the GDPR (General Data Protection Regulations) we are contacting all of our registered suppliers who have access to our personal data. Could you please complete the four questions below in relation to your use of [Some Company Who Should Remain Nameless] personal data.
Once we have established the nature and purpose of your activities with our data, we will send a GDPR addendum to our existing supplier contract, or a new supplier contract should one not be in place. This will cover the new GDPR requirements, including purpose, legal justifications, retention and destruction of [That Same Company] personal data. 
Please can you respond to this email by the 25th May 2018 which I’m sure you know is the implementation of the new GDPR requirements within the UK.


1     The subject matter and duration of the Personal Data Processing
2     The nature and purpose of the Personal Data Processing
3     The type of Personal Data being Processed
4     The categories of Data Subjects

I had to phone them up and ask for an explanation of the questions  :lol:




Offline MovedGoalPosts

  • Kannon Fodda
  • [NTHW] Clan
  • *
  • Posts: 3,508
    • Ember Big Band
Re: GDPR, NTHW and You
« Reply #6 on: 25 May 2018, 12:33: AM »
I've just signed a new contract and received the following email

I had to phone them up and ask for an explanation of the questions  :lol:

I've removed the company name - it's not really fair on the afflicted ;)

But that has to be just about the most gobbledegook email I've seen yet.  After all a company is not a person, so are they referring to themselves, or the data they might hold of their own clients  ???
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı

Offline IMPz

  • [NTHW] Clan
  • *
  • Posts: 456
Re: GDPR, NTHW and You
« Reply #7 on: 25 May 2018, 08:32: PM »
Thanks MGP, did not notice that the company name had been included. Yes a complete load of gobbledegook.

I asked for guidance and below are the 4 answers to the questions


[Company name removed] employee names & Mobile Numbers, E-mail addresses Customer site addresses

Required contact name & number required for installation

[Company name removed] employee names & Mobile Numbers, E-mail addresses Customer site addresses

Customer [Company name removed] Employee’s