In addition to definitions in the Terms of Service, Acceptable Use Policy, Service Level Agreement, shall the following apply in this contract:
“Controller”: KUBBUR (“KUBBUR Limited”), The processor and controlling party of the data processing, the provider;
“Data Subject”: Client, One who’s data is controlled by the controller and is subject to the current and adjacent agreement(s);
“Areas of processing”: The websites or addresses where the subject allows his data to be collected and or processed.
RIGHTS OF THE DATA SUBJECT
The Data Subjects of this relationship, depending on their residence have different applicable data protection laws and rights to their case. The most notable of which is the European Economic Area’s GDPR which applies to the residents of which and the providers offering services to said residents. The rights of the EEA Data Subjects are stated within articles 12 through 23.
Right of access by the data subject, Article 15.
Right to rectification 16
Right to erasure, often known as right to be forgotten, Article 17.
Right to restriction of processing, Article 18.
Residents of the U.S. state of California are subject to the Californian Consumer Privacy Act or CCPA which by generalization protects and reserves their right to require their personal information not to be shared or sold;
Residents of the United Kingdom of Great Britain and Northern Ireland are subject to the UK Data Protection Act 2018 or DPA18 which is in most ways equivalent to the EEA’s GDPR;
Any future data protection regulations enactments that may come to be such as the possible Chinese Privacy Information Protection Law Draft will automatically be enforced and will the provider pledge to comply.
THE DATA PROTECTION OFFICER
The Data Protection Officer of KUBBUR is Leifur Steinn Gunnarsson of Reykjavík, Iceland. Their email is; [email protected], any conversation with said email is private and confidential, data protection regulations are taken into account on each request.
The Data Protection Officer may require the data subject to provide personally identifiable information such as passports and residential maintenance bills in order to confirm their identity. Said information will not be stored for longer than the conversation lasts, and again, will not be shared. Any requests for the enactment of any GDPR, CCPA or DPA18 articles shall be sent to the Data Protection Officer via email at [email protected] from the same email associated with your account if possible.
COOKIES OF THE DATA SUBJECT
KUBBUR uses and maintains a custom made, fully secure billing solution. The solution utilizes browser cookies in order to function and keep the Data Subject’s information accurate. These cookies are never used for purposes other than to identify the data subject to the system. Said system will never use the data subject’s information for marketing purposes unless the data subject has given consent to such use of its data.
CHILDREN AS DATA SUBJECTS
The Children’s Online Privacy Protection Act or COPPA is a U.S. Law restricting children under the age of 13, and therefore protecting them for unfair treatment online from the ability to commercially engage or be data subjects of and with online businesses. Thereby does the provider reject all relationships with children under the age of 13, any existing relationship applicable to the prior are void and will be terminated. Suspicion of COPPA violation(s) may be sent to the Data Protection Officer with the subject prefix "[COPPA Abuse]:"
Adolescents, 13 until their age of legal and financial independence are unable to form contracts until legal age, to engage in commercial relations with the Controller will they need parental (legal guardian) permission and be represented by their guardian(s) in regard to the entirety of the legal and commercial relationship.
HOW THE DATA SUBJECT’S DATA IS USED
General information is used for the sole purpose of running the purchased service(s), they belong in said service(s) and will not be accessed by the Controller at any time unless required by law.
Personal information is solely utilized for the reservation of accurate legal representation for the relationship. Law enforcement or activities in legal proceedings may require sharing said information with qualified governmental authorities.
To obtain clarification of General, Communications and Personal information feel free to send a message to the Data Protection Officer.
WHERE THE DATA SUBJECT’S DATA IS STORED
Any and all information, General and Personal is stored on servers operated by the provider from their own property or a rented service with any of the following Tier 3 Secure Data Center Providers: “Path Network, Inc.“; “Amazon Web Services EMEA S.à.r.l.“ These servers may be located in various locations around the world, including but not limited to:
The United Kingdom
The Federal Republic of Germany
Various EU member states
HOW THE DATA SUBJECT'S DATA IS SHARED
The “controller” may share data about the “subject” with authorized 3rd parties for various purposes (including but not limited to the prevention of fraudulent activity by the “subject“). As such when data is shared with these 3rd parties the data shared will be handled in accordance with the respective privacy policies of these 3rd parties. The 3rd parties in question, along with their respective privacy policies, are the following:
“Path Network, Inc.“ — https://path.net/privacy-policy
“KVM Group Limited“ — https://kvm.group/legal/privacy-policy
THE DATA WE COLLECT ABOUT THE SUBJECT
The “controller” only stores data about the “subject” which is necessary for the operation of the “controller’s” business. This data is the following:
The subject’s email address
The subject’s “Discord.com” account ID
Optionally the “subject” may provide the “controller” with additional data, including but not limited to:
The subject’s first and last name
The subject’s “Minecraft.net” account name
ADDITIONAL PROTECTION OF THE DATA SUBJECT’S CONNECTIVITY TO THE CONTROLLER
Any service may be applied and delivered with additional routing services from “Path Network, Inc.“, in order to counter (D)DoS cyberattacks against said services.
DATA RETENTION POLICY
As a business operating in the United Kingdom, KUBBUR is required to follow UK consumer and financial law among all others, of which are regulations set by Her Majesty’s Revenue and Customs on retention of Communications Data. Said regulations state by generalization that the provider shall have the option to retain data as long as is necessary, any further is not recommended. The necessary time period is 6+1 years, the (+1) additional year is the accounting year.
The “controller” reserves the right to send its customers email messages regarding their account, services or the company when required. The reasons for these messages include, but are not limited to:
Confirmation of the user’s email address
Requests for the reset of the user’s account password
Informal emails regarding the status of support tickets, interruption in service, service status, account breaches and account status.
Order confirmations, invoices, payment confirmations, late payment notifications and payment reminders.
Alerts and messages concerning the security and safety of users and their services.
Email messages which do not fit in these categories may still be received by the user occasionally, however, these messages are never for promotional purposes but instead are reserved for emergencies and such where reaching out to the user is important (e.g. if a data breach were to occur).
THIRD PARTY SERVICES
The “controller” uses various 3d party services to operate its business. These services are:
Discord.com (offered by “Discord, Inc.”) — used for user authentication & as a mechanism for providing support to clients.
MongoDB.org (offered by “MongoDB, Inc.”) — used for data storage.
Postmarkapp.com (offered by “ActiveCampaign, LLC.”, “AC PM, LLC.”) — used for the delivery of email messages to customers.
connect.kvm.group (offered by “KVM Group Limited”) — used for user authentication.
As user data actively passes through these services the privacy policies of the aforementioned services also apply to data subjects of the controller. Their respective privacy policies, in order of the aforementioned, are listed here: