Privacy Policy

1. Data Controller

A private individual operating as the provider of the ValueGameNode service.

Country of operation: Finland

2. Contact Person for Register-Related Matters

Email: [email protected]

3. Name of the Register

ValueGameNode customer and user register.

4. Purposes and Legal Basis for Processing Personal Data

We collect and process personal data for the following purposes and on the following legal bases:

Provision and Maintenance of the Service:

• Purpose: Creating and managing user accounts, processing orders, delivering and configuring game servers, invoicing and payment processing, customer service, and technical support.
• Legal Basis: Article 6(1)(b) of the EU General Data Protection Regulation (GDPR) (performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

Ensuring Service Security and Preventing Misuse:

• Purpose: Monitoring Service usage, identifying, preventing, and investigating security breaches and misuse (e.g., analysis of IP addresses and log data).
• Legal Basis: Article 6(1)(f) of the GDPR (legitimate interest of the controller). Our legitimate interest is to protect our Service, our customers, and to ensure the integrity and availability of the Service.

Service Development and Visitor Tracking:

• Purpose: Analyzing Service usage (e.g., visitor numbers, general geographical location of users based on IP address, anonymously and in aggregate) to improve and develop the Service. This functionality is self-developed and does not set cookies in the browser.
• Legal Basis: Article 6(1)(f) of the GDPR (legitimate interest of the controller). Our legitimate interest is to understand the use of our Service for its development.

Compliance with Legal Obligations:

• Purpose: Fulfilling legal obligations, for example, related to accounting and taxation (e.g., retention of payment transaction data).
• Legal Basis: Article 6(1)(c) of the GDPR (compliance with a legal obligation to which the controller is subject).

We do not send direct marketing communications without your consent.

5. Data Content of the Register (Personal Data Collected)

We collect the following data from our users:

• Information provided upon registration: First name, last name, email address, password (in encrypted form).
• Information collected during Service use:
  • IP addresses.
  • Log data regarding the use of the Service and game servers.
  • Game server configuration data (e.g., ordered service package, additional storage, backups).
  • Payment transaction data (primarily processed by our payment service provider, Stripe; we store the subscription ID).
• Information provided during customer service interactions: Messages sent via the customer service portal and chat logs.
• Automatically collected data: Website visitor numbers and users' general geographical location based on IP address (self-developed functionality, does not use cookies).

6. Regular Sources of Data

Personal data is primarily collected from the user themselves during registration, use of the Service, and customer service interactions. Information related to payment transactions (such as subscription ID) is also obtained from our payment service provider, Stripe.

7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Your personal data is treated confidentially. We may disclose data to third parties only in the following cases:

• Payment Service Provider: We use the Stripe payment service to process payments. In this context, necessary payment information (such as name, email address, and payment card details) is transferred to Stripe. Stripe is a US-based company, and your data may be transferred and processed by Stripe outside the EU/EEA (e.g., in the United States). Stripe is responsible for the appropriate safeguards for these transfers (e.g., Standard Contractual Clauses). More information on Stripe's privacy practices can be found on their website.
• Authorities: We may disclose data to competent authorities based on a legal obligation or a valid legal request (e.g., police, court).

No other regular disclosures of data are made. Our service servers, where we store the data we manage ourselves, are located in Finland.

8. Principles of Register Protection

We are committed to protecting your personal data. We use appropriate technical and organizational security measures to protect personal data against unauthorized access, use, disclosure, alteration, or destruction. These measures include, among others:

• SSL/TLS encryption for data transmission.
• Passwords are stored in an encrypted format.
• Access to personal data is restricted to only those individuals who need the data to perform their duties.
• Regular maintenance and updates of the server infrastructure.
• Firewalls.
• Regular backups.

9. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes defined in this Privacy Policy or to comply with legal obligations.

• Customer Account Information: Retained as long as the customer relationship is active. If a user account is inactive (no paid services) and the user does not log into their account, the account and associated basic information may be deleted one year after the last activity, unless the user reactivates the account.
• Termination of Customer Relationship: If a user requests the deletion of their account or the customer relationship otherwise ends, we will delete the user's personal data (such as name, email, server configurations, customer service messages) from our active databases within a reasonable time. Please note that payment transaction data processed through Stripe will remain in Stripe's own systems according to their own retention periods and legal obligations (e.g., accounting laws), over which we have no control. We will delete references to Stripe from our own database, such as the subscription ID, when it is no longer necessary.
• Log Data: Log data related to Service use (e.g., IP addresses for security monitoring) may be retained for a shorter, necessary period (e.g., from a few months to a year) for investigating misuse and maintaining security.
• Legal Obligations: Certain data, such as accounting records (e.g., invoicing data), will be retained for the period required by Finnish accounting law (generally at least 6 years from the end of the financial year).

10. Rights of the Data Subject

You have the following rights regarding the processing of your personal data:

• Right of access: You have the right to know what personal data we process about you and to obtain a copy of this data.
• Right to rectification: You have the right to request the correction of inaccurate, incorrect, or incomplete personal data.
• Right to erasure ("right to be forgotten"): In certain situations, you have the right to request the deletion of your personal data, for example, if the data is no longer needed for the purposes for which it was collected, or if you withdraw your consent (if processing was based on consent) and there is no other legal ground for processing. Note that legal obligations may limit this right (e.g., retention of accounting data).
• Right to restriction of processing: In certain situations, you have the right to request the restriction of the processing of your personal data.
• Right to object to processing: When the processing of your personal data is based on our legitimate interest, you have the right to object to the processing of your data on grounds relating to your particular situation.
• Right to data portability: To the extent that processing is based on contract or consent and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller.

You can exercise your rights by contacting us by email at: [email protected]. We will respond to your request as soon as possible, usually within one month of receiving the request. If necessary, we may request additional information to verify your identity before processing the request.

If you believe that the processing of your personal data infringes data protection legislation, you have the right to lodge a complaint with a supervisory authority (in Finland, the Office of the Data Protection Ombudsman).

11. Data Protection of Minors

Our Service is intended for individuals who are at least 16 years of age. We do not knowingly collect personal data from children under the age of 16 without verifiable parental or guardian consent. If you are under 16, you may not use the Service without such consent. If we become aware that we have collected personal data from a child under 16 without the required consent, we will take steps to delete that information.

(As per our discussion, a strict age limit of 16 is applied here.)

12. ValueGameNode as a Data Processor (Data on Game Servers)

When you rent a game server from us, you act as the data controller for all personal data that you or the users of your game server (players) store or process on the server you rent (e.g., players' IP addresses, game identifiers, in-game chats). You are responsible for the lawfulness of the processing of this data, for obtaining any necessary consents, and for informing your own players about the processing of their personal data.

In relation to this data, ValueGameNode acts as a data processor on your behalf. We process the data on the servers only as required for the technical provision and maintenance of the Service and according to your instructions (for example, when you use the Pterodactyl control panel to manage your server). We do not use the data on our customers' game servers for our own purposes.

It is recommended that our terms of service or a separate Data Processing Agreement (DPA) define more precisely the responsibilities and obligations of the parties in data processing in accordance with Article 28 of the GDPR. Although a separate DPA document may not be in place, this Privacy Policy clarifies the division of roles. It is your responsibility to ensure that you have the right to process your players' data on our servers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example, due to changes in legislation or as our Service evolves. We will notify users of material changes by email and/or by publishing an updated version in our Service's client panel or on our website. We recommend reviewing this policy regularly. By continuing to use the Service after changes have been made, you accept the updated Privacy Policy.