Privacy Policy
New Privacy Policy
Updated 16/5/18
Who We Are - This Privacy Policy is issued for all of our customers by Epic Gaming Ltd.(Company Registration No: 7096533) , hereby referred to as "us", "we" or "our". If you have any queries regarding this policy or the use of your data, you can contact us on privacy@epiclan.co.uk.
Why We Need Your Personal Data – Users may browse public areas of the site without providing any personal information, however to use interactive features or to use our products/services you will be required to provide some personal details
We process your personal data to provide you with access to our services (e.g. event, tournaments and online community). We only request data from you that we have deemed essential for these purposes. We process your personal data as part of your contact with us to participate in our services and we process your data for marketing purposes solely where you have said it is ok to do so.
If you attend our events, we require additional personal data from you. During an event, we act as an Internet Service Provider and therefore must track network and internet use as part of the event terms and conditions. We may also be required to make payments or issue prizes as part of your attendance.
Under 13s – If you are aged under 13, we will need parental consent to sign up for our website. Parents will receive a verification link which will need to be selected to activate your account. This does not replace consent required from parents for under 16s to attend our events.
Where We Get Your Data From – Only from you. We do not buy in data from any third parties, or sell on your data to any third parties. The only data we have from you is either provided by you, or generated by participating in our services (e.g. generating your attendance history).
Cookies - Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org . You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.
Other websites - Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.
Retaining Your Data - We retain that data while you remain a customer with us to allow for future bookings and to track your historical attendance (e.g. to apply our loyalty scheme). After 2 years of not using our services (defined as attending an event, participating in an online tournament or accessing your website account) we will notify you that your data will be automatically removed, followed by account deletion 2 weeks after that notification. To retain your account, you simply need to log in to your website account.
Please see the section under “Your Rights” for requests to manually remove your data.
Data Sharing – We use 3rd party software systems in order to process your data, we select systems that are either based in the EU, or have suitable protections through the EU-US Privacy Shield. We have listed all possible systems that may hold your data and why below, note that any requests to modify/remove your data will also be shared with these organisations as part of our data flow:
- Microsoft (Office 365)* – We use Office365 for our emails and day-to-day office software, meaning that any emails you send to us as well as our working documents will be stored on Microsoft’s servers
- Freshworks (Freshdesk)* – Freshdesk is used when you create support tickets to us, it uses either Single Sign On (SSO) with your epic.LAN account, or you may enter your details direct.
- Mailchimp* – If we are sending out mass emails to you, then we use Mailchimp as our provider. Once messages have been sent, the mailing list is removed within 4 weeks and a fresh mailing list is used every time we sent a message to ensure that your marketing preferences are kept up to date.
- Sparkpost* – Sparkpost sends out emails through the website, it does not retain any of your personal data.
- Gleam.io* – If we operate any competitions and giveaways, we use Gleam.io where you may choose to enter and provider your details directly to them as a platform.
- Surveymonkey* – Surveymonkey is used to survey customers to improve our customer service to you. A fresh mailing list is used for each survey to ensure that your data is kept up to date.
- Microsoft Azure* – The epic.LAN website and therefore database is stored on Microsoft Azure services.
- Slack* – Slack is the day-to-day live communications tool for epic.LAN team members, it is unlikely to be used for any personal details except for urgent and confidential team communications.
- Sage (SagePay)* – Customers use SagePay to make payments to epic.LAN for supplies and services, the epic.LAN website pre-populates customer address details for security verification in to SagePay, but no payment details are entered or stored on our services.
- Sage (Sage Cloud Accounting/Payroll)* – Customer payment history is held on Sage for financial records, but no payment details (e.g. bank account) are stored for customers.
- PayPal* – Customers use PayPal to make payments for epic.LAN supplies and services, the organisation may also use PayPal to pay customers and suppliers at their request.
- HSBC* – The organisation uses HSBC as its bank account supplier. Occasionally bank payments are made to customers e.g. for prize giving as well as suppliers, details of recent payment recipients are held on the bank account for future payments.
Organisations marked with a * may store their data on servers outside of the EU, however all organisations utilised have EU-US Privacy Shield Certified Standards in place. Copies of the organisation safeguards are available on each provider’s website and at https://www.privacyshield.gov/list)
Your Rights
Under the General Data Protection Regulations, the following rights apply to you and your data:
- Right to be informed – This right means that you are entitled to know how we handle your data and is covered through this privacy policy.
- Right to access – You can access most of your information through your epic.LAN website account which will show your personal details and event history. If you wish to access additional information about your data, please see the section on making requests below.
- Right to rectification – You can update most of your personal details through your epic.LAN website account. If you wish to make further updates that cannot be managed through self-service, please see the section on making requests below.
- Right to erasure – We automatically remove your data after 2 years of inactivity. Should you wish to remove your personal data before that time, please see the section on making requests below.
- Right to restrict processing – As your personal data is required as part of your service with us, the main applicable restriction will be for use of your data for marketing communications, you can manage your marketing preferences on your epic.LAN account. Note that this does not restrict the ability to send you specific communications about services you have already purchased (e.g. information about an event you have booked to attend).
- Right to data portability – You will soon be able to download a CSV file or your personal details and attendance history direct from the epic.LAN website, in the meantime, please see the section below on making requests.
- Right to object – You have the right to object to direct marketing, you can manage these preferences in your epic.LAN account.
- Rights related to automated decision making and profiling – We do not use any automated decision making or profiling.
Making Requests - To make any requests under the above rights, please contact privacy@epiclan.co.uk. Responses will be completed within 30 days from the request being received except where the request is manifestly unfounded, excessive or repetitive, in which case the request may be rejected, further information requested or a fee charged. In any of these cases you will be notified of our decision along with your next steps and how to appeal the decision.
Complaints – If you have any objections or concerns over your data, in the first instance we would ask you to get in touch with us to resolve any concerns. If we are unable to resolve your concerns, then we will advise you to make contact to the local supervisory body, in this case the Information Commissioners Office.
We may change this policy at any time but will ensure that users of the site are notified.