Privacy Policy

Last modified: July 15, 2023 at 14:39

At Xenyria, we value the privacy of our users and are committed to maintaining the confidentiality and security of their personal data. This privacy policy aims to explain how we collect, use, and protect the information you provide to us when using our services. We believe in transparency and strive to communicate clearly and openly about our data practices, ensuring that you have a comprehensive understanding of how your data is handled.

Throughout this policy, we will describe the types of data we collect, the purposes for which we use it, and the security measures we have implemented to safeguard your information. We will also clarify your rights as a user, ensuring that you are aware of how to exercise control over your personal data.

Please take the time to read this privacy policy carefully, as it will help you make informed decisions about your privacy and understand how your data is handled within our platform. By using our services, you acknowledge that you have reviewed and agreed to the terms outlined in this privacy policy.

Data Controller

Xenyria is operated by Kevin Winter. If you have any questions, concerns, or requests regarding the processing of your personal data or any aspect of this privacy policy, you can contact us using the following information:

Name of Data Controller: Kevin Winter
Address: Rothenturmer Straße 6a, 85077 Manching, Germany
Phone Number: +49 162 3011079
Email: kev@xenyria.net

Please note that while you can reach out to us using the contact details provided above, we encourage you to utilize the support methods listed on our support page for faster and more efficient assistance. Contacting our support team through the designated channels will ensure a more prompt response to your inquiries.

Data We Collect

As a Minecraft server, Xenyria collects certain data to enhance the gaming experience, enforce server rules, and ensure the safety of our community. The following types of data are collected on our Minecraft server are:

  1. Minecraft Account Details: We collect Minecraft account details, including the username and Unique ID (known as the “UUID”). This information is used to save user progress and enforce appropriate actions in case of rule violations, ensuring the fun and well-being of the community.
  2. IP Address: We collect users’ IP addresses on the Minecraft server to enforce necessary actions and maintain a safe environment. IP addresses help us to enforce punishments, prevent abuse, and ensure the security of our server.
  3. Public Chat History: We retain a history of public chat messages for the purpose of enforcing server rules. This allows us to moderate conversations and maintain a positive and respectful community environment.
  4. Private Chat History: We may collect and store private chat history on the Minecraft server to enforce server rules and investigate any reported incidents. This helps us ensure a safe and enjoyable experience for all users.
  5. Replays of Games: We may record and retain replays of our games on the Minecraft server. These replays serve multiple purposes, including enforcing server rules, resolving disputes, analyzing gameplay, and providing users with the ability to review and share their own gaming experiences.
  6. Gameplay Data: We collect various gameplay data, such as statistics, inventory information, playtime, and other relevant metrics. This data is required to offer the functionality of our server and also helps us analyze and improve gameplay mechanics, develop new features, and enhance the overall user experience on the Minecraft server.

In addition to the data collected on our Minecraft server, we may also collect certain data on our website. The following types of data are collected on our website:

  1. IP Address: When you visit our website, we may collect and temporarily log your IP address. This is done to prevent abuse, protect against malicious activities, and enable rate-limiting measures.
  2. Form Submissions: For submissions of contact, application, or similar forms, all data submitted through the form will also be saved to offer the respective services. For safety and to prevent spam, this data will be associated with the user’s IP address.

Legal Basis for Data Processing

Xenyria relies on the following legal bases for processing personal data, as permitted by applicable privacy regulations:

  1. Contractual Necessity: In certain circumstances, the processing of personal data is necessary for the performance of a contract between Xenyria and the user. For example, when a user engages with our Minecraft server or utilizes our website services, the processing of their data may be necessary to fulfill the terms of service and provide the requested services.
  2. Consent: In situations where required by law, Xenyria may seek the user’s consent to process their personal data for specific purposes. We will obtain explicit consent when necessary, ensuring that users have the opportunity to make informed choices and exercise control over their data.
  3. Legitimate Interests: Xenyria may process personal data based on legitimate interests, provided that such interests are not overridden by the individual’s rights and freedoms. This includes purposes such as maintaining the security and integrity of our services, preventing fraud or abuse, improving user experience, and conducting analytics to enhance our offerings.
  4. Legal Obligations: Xenyria may process personal data to comply with legal obligations imposed by applicable laws, regulations, or governmental authorities. This includes obligations related to data retention, reporting, and disclosure requirements.

It is important to note that Xenyria strives to ensure that the processing of personal data is always carried out in compliance with applicable privacy regulations. We carefully assess the legal basis for each processing activity, and we implement appropriate safeguards to protect the rights and interests of our users.

Purpose of Data Processing

At Xenyria, we process personal data for specific purposes, ensuring that we adhere to applicable privacy regulations. The purposes for which we process personal data include:

  1. User Account Management: We process personal data, such as Minecraft account details and IP addresses, to manage user accounts, enable progress tracking, enforce server rules, and provide a safe and enjoyable experience on our Minecraft server.
  2. Communication and Support: We process personal data, including contact information submitted through forms, to communicate with users, respond to inquiries, provide support, and deliver important notifications related to our services.
  3. Improving and Enhancing Services: We analyze gameplay data and other relevant metrics to improve our Minecraft server and website services. This includes optimizing gameplay mechanics, developing new features, and enhancing the overall user experience.
  4. Compliance with Legal Obligations: We may process personal data to comply with legal obligations imposed by applicable laws, regulations, or governmental authorities. This includes data retention requirements, reporting obligations, and responding to legal requests or investigations.
  5. Analytics and Insights: We may process personal data, such as gameplay data and IP addresses, for analytics purposes. This helps us understand user preferences, monitor server performance, and make data-driven decisions to improve our services.
  6. Security and Fraud Prevention: We process personal data, including IP addresses and chat history, to ensure the security of our Minecraft server and website, protect against fraudulent activities, enforce server rules, and maintain a safe environment for our users.
  7. Marketing and Promotions: With the user’s consent where required, we may process personal data to provide information about our services, updates, promotions, and other relevant communications.

It is essential to note that we only process personal data for lawful and legitimate purposes, ensuring that the processing is proportionate and respects the rights and interests of our users.

Data Sharing

Xenyria may share user data with certain third parties or categories of recipients to fulfill specific purposes related to our services. The following outlines the types of recipients with whom data may be shared:

  1. Cloudflare, Inc.: Xenyria utilizes Cloudflare as a proxy for web services. While acting as a proxy, Cloudflare may have access to user data as it passes through their network. It is important to note that Cloudflare acts as a trusted service provider and is committed to implementing robust security measures to protect the data in their possession. Cloudflare, Inc. is based in the United States and is committed to complying with applicable privacy regulations. You can find the Privacy Policy of Cloudflare here.
  2. Hetzner Online GmbH: All user data is stored on servers provided by Hetzner. As the hosting service provider, Hetzner is considered a recipient of user data. They are responsible for securely storing the data and ensuring the availability of Xenyria’s services. Hetzner is based in Germany and is committed to complying with applicable privacy regulations. You can find the Privacy Policy of Hetzner here.

It is crucial to mention that the data sharing practices are limited to the necessary extent required to provide our services and maintain their functionality. Xenyria does not engage in the sale, trade, or sharing of user data for marketing or unrelated purposes.

Additionally, Xenyria implements appropriate safeguards and security measures to protect the shared data. These measures include but are not limited to encryption, access controls, and regular security assessments to mitigate the risk of unauthorized access, disclosure, or misuse.

Data Retention

Xenyria retains user data for specific periods of time, ensuring compliance with applicable privacy regulations. The retention periods for different types of data are as follows:

  1. Game Data: User game data, including progress, inventory, and statistics, is typically stored indefinitely, unless a deletion request is submitted by the user. Xenyria understands the importance of preserving user achievements and preferences to enhance the gaming experience.
  2. Chat Logs: Chat logs, both public and private, are generally stored for up to a year. This retention period allows us to monitor user patterns, identify recurring issues, and make informed decisions regarding suitable punishments for rule infractions. By analyzing chat logs over an extended period, we aim to maintain the integrity of the community and ensure that appropriate enforcement actions are taken. However, if chat logs are deemed relevant to a rule infraction case or an investigation, they may be retained for a longer, indefinite period of time to support enforcement actions and maintain the integrity of the community.
  3. Replay Data: Replays of games are stored for an indefinite period. This allows users to revisit and share their gameplay experiences, and it also serves as a valuable resource for enforcing server rules and resolving disputes, if necessary.
  4. Contact/Support/Application Data: Data submitted through contact forms, support requests, or application forms is retained for as long as necessary to complete the respective request. Additionally, this data may be stored for up to 4 weeks beyond the completion of the request for quality assurance purposes.

It is important to note that while Xenyria provides these general retention periods, we retain the right to keep data for shorter periods if deemed appropriate. This flexibility allows us to ensure efficient data management and compliance with legal obligations.

Data Security

At Xenyria, we prioritize the security of user data and have implemented several measures to safeguard its confidentiality and integrity. These measures include:

  1. Limited Data Access: Access to user data is restricted to authorized personnel who require it for specific purposes. We follow the principle of least privilege, granting access only to the extent necessary to fulfill their responsibilities.
  2. Vulnerability Research: Our team conducts regular research on software vulnerabilities to identify and address potential weaknesses promptly. By staying informed about the latest security developments, we proactively mitigate risks and ensure the protection of user data.
  3. Staff Training: Our staff undergoes comprehensive training on data security best practices. This training equips them with the necessary knowledge and skills to handle user data securely and responsibly.
  4. Two-Factor Authentication (2FA): We implement 2FA for access to data, adding an extra layer of protection to prevent unauthorized access to sensitive information.
  5. Regular Data Backups: We perform regular backups of user data to ensure its availability and integrity. In the event of data loss or system failure, these backups enable us to restore the data and minimize any potential disruptions.
  6. Data Center Security: The data center provided by Hetzner Online GmbH, our trusted hosting service provider, adheres to industry-standard security practices. This includes physical security measures, such as restricted access and surveillance systems, to protect the infrastructure hosting user data.
  7. Encrypted Communication: Communication between machines, when applicable, is encrypted to ensure that data remains secure during transit.
  8. Web Request Encryption: Web requests made to our servers are encrypted, utilizing protocols such as HTTPS, to protect user data during transmission.
  9. Remote Access Security: Remote access to our servers is protected using industry-standard security practices, ensuring that only authorized individuals can access the system.

These security measures demonstrate our commitment to maintaining the confidentiality, integrity, and availability of user data. We continually evaluate and enhance our security practices to adapt to emerging threats and industry best practices.

Please note that while we have implemented these security measures, no method of data transmission or storage can guarantee absolute security. We remain dedicated to monitoring and improving our security practices to protect user data to the best of our ability.

International Data Transfers

At Xenyria, we prioritize the protection of user data and comply with applicable data protection regulations, including requirements related to international data transfers. Currently, we do not transfer any user data outside of the European Economic Area (EEA).

It is important to note that while Cloudflare is utilized as a proxy for web services, user data processed by Cloudflare is not actively provided by us. Cloudflare operates as a content delivery network (CDN) and security service that helps improve the performance and security of our website. When users interact with our website, their requests pass through Cloudflare’s network, and Cloudflare may process certain data as part of its service.

However, it’s crucial to highlight that Xenyria does not actively transfer or provide user data to Cloudflare. Instead, Cloudflare operates as an intermediary between our users and our website, optimizing the delivery of content and enhancing security without receiving direct access to user data controlled by Xenyria.

While Cloudflare may operate globally, it is committed to complying with data protection regulations and has implemented safeguards to protect user data. These safeguards include the adoption of appropriate data protection measures and adherence to industry best practices.

As we continue to prioritize data privacy and security, we regularly assess our service providers, including Cloudflare, to ensure their practices align with our commitment to protecting user data. In the event that we engage with any additional service providers that involve international data transfers, we will comply with applicable legal requirements and implement necessary safeguards to protect the privacy and security of user data.

Data Subject Rights

At Xenyria, we recognize and respect the rights of individuals whose personal data we process. We are committed to ensuring that these rights are upheld in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and relevant California laws. As a data subject, you have the following rights:

  1. Right to Access: You have the right to request access to the personal data we hold about you. Upon receiving such a request, we will provide you with a copy of the relevant data and any additional information required by law.
  2. Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request its rectification or correction. We will promptly update any inaccurate or outdated information to ensure its accuracy.
  3. Right to Erasure: You have the right to request the erasure of your personal data under certain circumstances. This includes situations where the data is no longer necessary for the purposes for which it was collected, you withdraw your consent, or the data processing is deemed unlawful.
  4. Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances. This may include situations where you contest the accuracy of the data or the lawfulness of its processing.
  5. Right to Data Portability: If the processing of your personal data is based on your consent or for the performance of a contract, you have the right to receive a copy of your data in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance.
  6. Right to Object: You have the right to object to the processing of your personal data in certain situations. If you exercise this right, we will no longer process your data unless there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
  7. Right to Withdraw Consent: If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal of consent.
  8. Right to Lodge a Complaint: If you believe that your rights under applicable privacy laws have been infringed, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first so that we may address any concerns you may have.

To exercise your rights as a data subject or if you have any questions or requests regarding your personal data, please reach out to us using the contact information provided in the “Data Controller Contact Information” section. We will respond to your requests promptly and in accordance with the applicable legal requirements.

Please note that there may be certain limitations or exceptions to these rights as permitted by law. We will inform you if any such limitations apply to your specific request.

Cookies and LocalStorage

Cookies are small text files that are placed on your device when you visit a website. They serve various purposes, including enhancing your browsing experience, personalizing content, and analyzing website traffic. Cookies can be categorized into different types, such as session cookies that are temporary and are deleted when you close your browser, and persistent cookies that remain on your device for a specified period or until you manually delete them.

LocalStorage is a web storage technology that allows websites to store and retrieve data on a user’s device. Unlike cookies, which are sent back and forth between the web server and the browser with each request, LocalStorage enables websites to store larger amounts of data locally on the user’s device without the need for constant communication with the server. This data remains accessible even after closing the browser.

At Xenyria, we may use cookies and LocalStorage for various purposes to enhance your experience on our website and improve our services. These technologies may include essential cookies necessary for the functioning of the website, as well as cookies and LocalStorage used for analytical purposes.

Analytical cookies and LocalStorage allow us to collect information about your browsing behavior on our website, such as the pages you visit, the duration of your visit, and the actions you take. This data helps us understand how users interact with our website and enables us to make informed decisions to improve our services, content, and user experience.

However, we want to emphasize that the use of cookies and LocalStorage for analytical purposes is subject to your explicit consent. We will request your consent before placing these cookies or utilizing LocalStorage technologies on your device. You have the choice to accept or decline these cookies or LocalStorage features. Please note that declining them may limit certain functionalities or prevent us from collecting analytical data to enhance our services.

Furthermore, it is important to note that any data collected through cookies and LocalStorage technologies will be used solely for analytical purposes related to Xenyria’s website and services. We do not use these technologies to track your activities across other websites or for targeted advertising purposes.

Children’s Privacy

Xenyria recognizes the importance of protecting the privacy of children online. Our services and website are not actively targeted towards children as our primary audience. We require users to be at least 13 years old or meet the minimum age requirement specified by their local regulations for us to process their data.

As a general practice, we do not knowingly collect or solicit personal information from children below the applicable age based on local legislation without verifiable parental consent or the appropriate legal basis. If we become aware that we have collected personal information from a child without parental consent, we will take prompt steps to delete that information from our records.

We strongly encourage parents and guardians to actively participate in and supervise their children’s online activities to ensure a safe and enjoyable experience. If you believe that we may have inadvertently collected personal information from a child under the applicable age based on local legislation, please contact us immediately using the contact details provided in the “Data Controller” section. We will take appropriate steps to address the situation promptly.

Changes to This Privacy Policy

At Xenyria, we may periodically update or modify our Privacy Policy to ensure that it accurately reflects our data practices and complies with evolving legal requirements and industry standards. We encourage you to review this Privacy Policy regularly to stay informed about how we collect, use, protect, and disclose your personal information.

When we make any material changes to the Privacy Policy, we will notify you through a prominent notice on our website or by other means, such as email or push notification, before the changes take effect. By continuing to use our services or website after the revised Privacy Policy becomes effective, you indicate your acceptance of the updated terms.

We encourage you to carefully read any updates or modifications to the Privacy Policy and to contact us if you have any questions or concerns about the changes. Your continued use of our services or website following the posting of changes to this Privacy Policy signifies your agreement with and acceptance of such changes.

It is essential to stay informed about your rights and obligations concerning your personal information. Therefore, we recommend that you regularly review this Privacy Policy and any accompanying notices to understand how we collect, use, protect, and disclose your information.