Previous version: November 18, 2018
1.1. mod.io Pty Ltd, 164 Kings Way; AU 3205 South Melbourne, Australia (ACN 628 999 039) (and its Associates, as defined by the Corporations Act 2001) (mod.io, we, us, our) operates the mod.io website, API, the SDK, official engine plugins and tools and any related services (Services).
1.3. We collect the minimum amount of directly or indirectly personally identifiable information required to provide and improve our Services (Personal Data).
1.6. This policy sets out:
- what Personal Data we collect and use
- what our legal basis is for collecting Personal Data
- how we collect Personal Data and why
- what happens if we can't collect your Personal Data
- how we may disclose your Personal Data and share it through the Services
- what third party service providers we use
- how we use third party payment processors
- how long we retain Personal Data and how we make sure it is secure
- what your rights are about your Personal Data
- how you can complain about privacy breaches
- how to contact us
1.8. Children under the age of 13 years are prohibited from using the Services. We will not knowingly collect Personal Data from a child under the age of 13. If the country you're in requires a higher age of consent for the collection of Personal Data, mod.io requires the consent of a parent or guardian prior to the provision of that Personal Data.
2. What Personal Data does mod.io collect and use?
2.1. We may collect information that could be considered Personal Data in combination with other information.
2.2. This includes:
- your display name;
- your email address;
- your country (language and timezone preference);
- your birthday;
- your avatar;
- your IP address or device ID;
- details of what you have purchased using our Services;
- third party services user IDs (e.g. Steam, Google, Facebook);
- data you give us directly through enquiries; and
- any other information relating to you that you provide to us directly through the Services.
3. What is our legal basis and purpose for collecting and processing Personal Data?
3.1. Unless otherwise agreed, we are the data controller of any Personal Data that you directly provide to us. mod.io collects and processes Personal Data in a fair and in a transparent manner. mod.io will only collect and process your Personal Data for the following reasons:
- where you have consented to our collection and use of your Personal Data; and/or
- where we are required to collect and use your Personal Data to provide you with the Services that we have contractually agreed to provide to you in the most effective way; and/or
- where it is necessary for our legitimate interest for the purposes set out in this policy, unless this legitimate interest is outweighed by your individual interests; and/or
- to comply with the law.
4. How does mod.io collect and use Personal Data and why?
4.1. We may collect your Personal Data from you:
- when you create any mod.io account (User Account);
- when you use the Services;
- when you consent for third parties to send us your information;
- during any communications between you and us; and
- when you make any purchases through the Services.
4.2. We may collect and use your Personal Data to set up your mod.io User Account. Your User Account is automatically assigned a number (the "mod.io ID") that is later used to reference your User Account along with any display name or avatar linked to your User Account. We do not require you to provide your real name to setup your User Account you can use a display name of your choosing that you can change at any time.
4.3. We may collect and use your Personal Data from third parties. Where, and if, this happens, you will be informed of such collection. This may happen when you authenticate your mod.io User Account in-game or via an application or third party using the Services.
4.4. You may connect your mod.io User Account with a social networking service or gaming platform on PC, console and mobile such as Facebook, Google, Steam, Xbox, iOS and others. If you do this, they may send us information from those accounts. We may receive your user ID, email address, country, age range, display name, avatar and other information, as far as this information is publicly available on the platform.
4.5. We may collect information automatically when you interact with the Services. This may include your IP address, device ID, browser type, browser version, the time and date of your visit, the time spent on pages and other diagnostic data.
4.6. We may use your Personal Data to contact you with updates, news or promotional materials and other information that may be of interest to you. You can opt out of receiving these communications from us any time by following the unsubscribe link in any email we send to you.
4.7. We may collect and use your Personal Data if you submit or send it to us through your communications with us. For example, your posts, comments, responses or enquiries when using the Services.
4.8. We do not sell or share your Personal Data with marketing companies or advertising providers.
5. How do we use "cookies" and other usage information?
5.1. We may collect and use your Personal Data to monitor your usage of our Service to customise your experience.
5.3. We may send a "cookie" (which is a small summary file containing a unique ID number) to your device. This enables us to recognise your device and may automatically log you in to your User Account. It also helps us keep track of products or services you view using the Services.
5.5. We may conduct research about our users demographics, interests and behaviors based on information collected as outlined in this clause 5. This research may be compiled and analyzed on an aggregate basis. For example as user statistics, to analyse trends, diagnose problems, control spam and improve quality of the Services (Aggregated Information). Any Aggregated Information is non-identifiable.
5.6. Some examples of cookies that we use:
- Session cookies: we use session cookies to operate our Service and enable you to sign in to your mod.io User Account.
- Preference cookies: we use preference cookies to remember your preferences and various settings.
- Security cookies: we use security cookies, to control spam, verify data submission and other security purposes.
5.7. If you do not wish to receive technically necessary cookies, you can set your browser so that your device does not accept them. However, you may not be able to use some of our Services.
6. What happens if we can't collect your Personal Data?
6.1. You may choose to deal with us on an anonymous basis or use a pseudonym, we encourage you to not use your real name when creating a User Account.
7. How we may disclose your Personal Data and how we share information through the Services?
7.1. We may disclose your Personal Data as set out below for the purposes set out in clause 3:
- to comply with a legal obligation including: the police, any relevant authority or enforcement body, if required by law, including if you have been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary;
- to our related entities, employees and contractors;
- to our licensees, third party service providers or third party payment processors, see below clauses 8 and 9;
- to our developers, game partners and other third parties that use our Services we will disclose the information you select in your control panel (End User Information); and
7.2. You can manage access to your End User Information in your control panel.
7.3. We may disclose non-identifable data such as aggregated demographic information or useage patterns that we collect with our partners, developers, games, third party services and related entities to describe our Services or for other lawful purposes.
7.4. As we are an interactive, cross platform Service, much of our Services are publicly accessible on our platform and on third party platforms. The Services are designed to make information that is uploaded by end users available to third parties, websites, games, applications, tools, services and users that consume our Services.
7.5. We do not knowingly share your Personal Data through our Services, however we are unable to monitor content posted to the public platform, including any personally identifiable information that you chose to post or that is posted about you. You are informed that:
- Any content that is posted to mod.io's platform as part of the Services is public information including: your avatar, display name, mod.io ID.
- You can update your User Account privacy settings at any time to change or modify what User Account information is publicly accessible in your control panel https://mod.io/members/settings.
7.6. We have very limited control over how public information is reproduced or shared once it has been posted, particularly if it is published elsewhere online outside our direct control.
7.7. We encourage you to be careful about what you share online and on our Services. You should never share any Personal Data in a public forum including Personal Data of yourself or others.
7.8. If you believe your Personal Data has been shared throughout the Services and you do not have access to amend or remove it, contact us and we will attempt to resolve your concern.
8. What third party service providers may receive your Personal Data?
8.1. We may provide your Personal Data to third party service providers engaged by mod.io to perform functions on its behalf to deliver the Services effectively.
8.2. We may provide your Personal Data to third parties for the following purposes:
- customer support for the use of the Services;
- secure storage, management and back up;
- website analytics;
- process payments;
- efficient communications between you and mod.io;
- any other purposes so that we can effectively operate the Services.
8.3. We use some of the following third party service providers that may receive your Personal Data:
- Amazon Web Services (AWS) (compute, storage and processing);
- Microsoft Azure (compute, storage and processing);
- Google Cloud Platform (GCP) (compute, storage and processing);
- GSuite (support and communication); and
- Google Analytics (analytics).
8.4. We have concluded standard contractual clauses with these providers and their privacy policies are located here:
- AWS Data Policies: https://aws.amazon.com/compliance/data-privacy-faq/
- Microsoft Azure Data Policies: https://www.microsoft.com/en-us/trust-center/privacy
- GCP, Google Analytics and GSuite: https://www.google.com/intl/en/policies/privacy/
8.5. We will take reasonable steps to ensure that the overseas recipients of your Personal Data do not breach the privacy obligations relating to your Personal Data. If you are located in the European Economic Area (EEA), we will comply with the GDPR if we transfer Personal Data to a location outside the EEA. If we do this, we will use appropriate safeguards by entering into the required agreements using the standard clauses to protect any Personal Data being transferred. You may request a copy of the respective safeguards or agreements.
8.6. We will not transfer your Personal Data to a third party service provider or a country unless we believe they have reasonable and adequate controls in place including the security of your Personal Data. If you don't agree with your Personal Data being transferred to countries such as the United States of America, you may be unable to use the Services.
9. Our use of Third Party Payment Processors and Financial Information
9.1. We use third party payment processes to conduct online payments made through the Services in accordance with our Payment Terms https://mod.io/payments. We use:
9.2. You can use the Services without disclosing your credit card or debit card number or billing details (Financial Information).
9.3. We will only collect Financial Information from you directly if required with your express knowledge and consent.
9.4. You may be required to provide your Financial Information to a third party payment processor.
9.5. If you make financial transactions (such as payment of invoices) we only use and retain any Financial Information to complete payments you initiate.
9.6. Any Financial Information that is collected is solely for the purpose of transaction approval and the transfer of funds.
10. Third Party Links And Websites
11. How long will we retain Personal Data and make sure it is secure?
11.1. We will retain Personal Data for so long as it may be relevant to the purpose it was collected for and while your User Account is active.
11.2. When disposing of Personal Data or other information on the Services, we may anonymize it, delete it or take other appropriate steps to make it non-personally identifiable. Data may persist in copies made for backup and business continuity purposes for additional time.
11.3. We take all reasonable steps to protect the Personal Data that we hold from misuse, loss, or unauthorised access, including by means of firewalls, password access, secure servers and encryption of data.
11.4. If you suspect any misuse or loss of, or unauthorised access to, your Personal Data, please let us know immediately.
11.5. If we suspect any misuse or loss of, or unauthorised access to, your Personal Data we may inform you of that suspicion and take immediate steps to limit any further access to, or distribution of, your Personal Data. If we determine that the breach is likely to result in serious harm to you and we are unable to prevent the likely risk of serious harm with remedial action, we will take action to the appropriate data protection authority in accordance with the relevant privacy laws.
11.7. We will destroy or de-identify your Personal Data if we no longer require it to deliver the Services as soon as practicable if it is lawful and reasonable to do so.
12. What are your rights about your Personal Data?
12.1. We believe that users should be treated equally no matter where they are so we extend the rights arising from the GDPR about Personal Data to all of our users of the Services, regardless of their location including:
- the right to be informed - you have the right to be clear about what Personal Data is processed, who processes it and why.
- the right to access - you have the right to request copies of any of your Personal Data that mod.io has collected. You can request this using the privacy tools https://mod.io/members/privacy provided in your profile.
- the right to rectification - you have the right to request that mod.io correct any information you believe is inaccurate. You also have the right to request that mod.io complete information that you believe is incomplete.
- the right to erasure - you have the right to request that mod.io erases your Personal Data. You can request deletion of your Personal Data using the privacy tools https://mod.io/members/privacy provided in your profile.
- the right to restrict processing - you have the right to object to mod.io's processing of your Personal Data.
- the right to data portability - you have the right to request that mod.io transfer the data we have collected to another organisation or directly to you.
12.2. You have the right to withdraw your consent at any time where we have relied on your consent to process your Personal Data.
12.3. You can update your User Account information by accessing your account settings https://mod.io/members/settings.
12.4. You can unsubscribe from certain emails by clicking the "unsubscribe" link they contain.
13. How can you complain about privacy breaches?
13.2. We will treat your requests or complaints confidentially. We will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options about how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
13.3. You may always lodge a complaint with a supervisory authority.
14. Contact Us