What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a European privacy regulation which replaced EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
- can request from data subjects to obtain, correct, unsubscribe or delete personal data;
- will be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
How will this affect DuckDice users?
In order to comply with GDPR legislation we need your explicit consent to data processing:
You will also have a possibility to revoke your consent at any point in time from your Privacy Settings:
However, note that DuckDice collects the only minimum amount of personal data without which use of the Service will no longer be possible. Therefore revoke consent for data processing will also trigger account removal.
DuckDice always collected and will collect the least possible amount of personal data which necessary for using the service. The personal data processed by DuckDice are following:
- Telegram ID – used to play with DuckDice bot in Telegram messenger; Username – used to identify a user in the system;
- Password – used by a user in order to login in the system;
- Avatar – used to identify a user in the system;
- Email – used to send security Emails and/or used by a user to log in;
- Social profile ID/username/first name/last name – used by a user to log in.
All data above will be stored until a user deletes his account.
What benefits DuckDice users will have?
1. Every user can download the report with his full personal identifiable data from Privacy Setting. Note that Personal Data report contains private data and therefore you must have Security Setting enabled in order to start composing it:
The report will contain vast amount of data which will be gathered from several sources, this is a time-consuming process so allow about an hour for your report to be generated. After your report composition will be completed DuckDice will send you a notification with a link, please open and download report using it. A report will be deleted after you have used a download link.
2. Every user can edit his avatar, email address, username and password in Settings. Due to technical constraint Telegram ID can only be reset and Username can be changed only once from the Settings and only via Support request after.
3. Every user can request his personal data removal. As mentioned above, DuckDice collects personal data which is necessary for using the Service, without this data, it will no longer be possible to use the Service and therefore removal of your personal data will also trigger full account removal.
Note that since we will hard-delete your data from our database there will be no possibility to restore an account and all your funds must be withdrawn prior to account removal request.
4. Every user will have possibility to request personal data processing halt. However, as with the personal data removal scenario, the request to stop data processing will trigger full account removal, personal data wipe from the DuckDice database and all funds must be withdrawn prior to making a request.
5. Every user can now unsubscribe from the DuckDice mailing list in Settings:
Please note that you cannot unsubscribe from the System email which provide you with Security codes.
What cookies do we store in your browser and why?
Below is a list of the main cookies set by DuckDice, and what each is used for:
_fp - stores browser's fingerprint. Lifetime: forever.
_t - stores timestamp when user firstly visited the site in a current browsing session. Needed for unique visits statistic. Lifetime: browsing session.
_r - stores http referrer for a current browsing session. Needed in order to external track traffic sources. Lifetime: browsing session.
_c - stores identifier of affiliate campaign. Needed for affiliate statistic. Lifetime: forever.
Cookies set by third parties for wildcard domain: *.duckdice.io
Google analytics: _ga, _gat, _gid
Please keep in mind that some browsers (i.e. chrome on mac) keep background processes running even if no tabs opened due to this session cookies may be left set between sessions.
There are also cookies set by third-party scripts to their domains.
If you wish to stop accepting cookies, you can do so through the Privacy Settings option in your browser.
How we protect our servers and the information which is stored in them?
- All servers have full encryption;
- All backups have full encryption;
- Firewalls, VPN Access;
- Access to servers allowed only over VPN;
- All http/s services work over Cloudflare;
- Connections to nodes over VPN;
- SSH port forwarding tunnels;
- Services allowed only over VPN;
- Servers have a firewall and allowed only SSH port;
- Alerts on critical services.
How we enable security of processing data?
- the pseudonymisation and encryption of personal data;
- regular testing;
- assessment and evaluating the effectiveness of technical and organisational measures.
Data Breach Notification
When DuckDice will be made aware of personal data breaches we will notify all our users within 72 hours after the notice.
Data International Transfer
We only disclose personal data to third-parties where it is necessary to provide the high-quality service or in order to respond lawful requests from authorities.
We share the following data with only 1 third-party systems:
Zendesk Inc. – username and email information is transferred if a user sends a message to live-chat or sends an email to support mailbox.