Effective February 5, 2021. Last Revised February 5, 2021
What We Collect (How it is Used or Shared)
We collect information you provide to us directly when you use our services. This includes:
- Account Information:
If you create a CS40 account, we require you to provide a username, password and to share you first name or other real simple callsign. Your username is public, as is your first name/callsign. You also provide other account information, like an email address, phone number, Discord user ID, bio, or a profile picture. We store these as well as your user account preferences and settings. You Discord account ID is stored to be able to link and verify users between our Discord server and our website.
- Content you submit
We collect the content you submit to our services. This includes your posts and comments (including saved drafts), your messages with other users (e.g., private messages,), and your reports and other communications with us on our website. Your content may include text, links, images, gifs, and videos. Posts and comments on our public Discord server channels are logged, and some are displayed in public logs (pins). We also collect your third part gaming account IDs (SteamID, FaceIt ID or similar) and make these available to other users for friend requests and networking.
- Actions you take
We collect information about the actions you take when using our services. This includes your interactions with content, like voting, reacting to content, reporting, joining events or commenting. It also includes your interactions with other users, such as following, friending, and blocking. We ask for your interactions with third party game data, specifically your rank in relevant game titles. Inappropriate behaviour on our services is logged and attributed to your user ID and associated gaming service accounts. We also collect data on your CS40 subscriptions or staff status.
- Transactional information
If you purchase products from us, (e.g., Bronze, Silver, Gold or Prime subscriptions, Donations, Reward Points or Merchandise), we will collect certain information from you, including your name, address, email address, and information about the product or service you are purchasing. We use industry-standard payment processor services (i.e. Paypal) to handle payment information.
- Other information
You may choose to provide other information directly to us. I.e., we may collect information when you fill out a form, participate in questionnaires or events, sponsored activities, competitions, apply for staff or admin positions, request support from us or otherwise communicate with us.
Information we collect automatically
When you access or use our services, we may also automatically collect information about you. This includes:
- Log and Usage Data
We may log information when you access and use our services to help the services function and to help us verify your legitimacy. This may include your IP address, user-agent string, browser type, operating system, referral URLs, device information (e.g., device IDs), device settings, pages visited, links clicked, the requested URL, and search terms. Except for the IP address used to create your account, we will delete any IP addresses collected after 100 days. Data on your connections to our game server services is held for no more than 100 days by our third party vendors (i.e. DatHost).
- Information collected from cookies and similar technologies
We may receive information from cookies, which are pieces of data your browser stores and sends back to us when making requests, and similar technologies. We use this information to improve your experience on our website, understand user activity, and improve the quality of our services. For example, we store and retrieve information about your read content, favourite topics, reactions and other settings.
- Location Information
We do not collect or use location data based on your mobile devices, GPS tracking or otherwise. IP addresses are stored, as explained above, but is not used to calculate or specific user locations. Address information is logged in relation to our transactions. If you have no transactions with us, no data is stored.
Information collected from other services
We may receive information about you from other sources, including from other users and third parties, and combine that information with the other information we have about you. For example, we may receive information about your behaviour from other users or information about your third party game accounts status (VAC bans or similar), and combine it with our own data using your shared third party gaming account Ids and your account information on our services.
We do NOT share your data with any third parties, nor do we intend to capitalise on advertising, analytics or other profiling on you.
We Use Information about You to:
- Provide, maintain, and improve our services;
- Research and develop new services;
- Help protect the safety of CS40 and our users, which includes blocking suspected spammers, addressing abuse, and enforcing our Terms of Services and general code of conduct (#ourdiscordguidelines)
- Send you technical notices, updates, security alerts, invoices, and other support and administrative messages;
- Provide user support and customer service;
- Communicate with you about products;
- Communiate with you about services and events, and provide other news and information we think will be of interest to you (we will never send such information your e-mail accounts. Communication will reach you through your csforty.com account or your Discord server membership);
- Monitor and analyze trends, usage, and activities in connection with our services;
Much of the information and content on our services is accessible to other members, provided they have an account. By using our services, you are directing us to share this information freely within our enclosed membership group (CS40).
When you submit content (including a post, comment, chat message, Discord stream or voice channel participation) to our services, other members will be able to access that content, the username associated with the content, and the date and time you originally submitted the content. Although some content on our services may be private or withheld, it may become public to other members (e.g., by other users’ intent, by the staff and admins’ choice in case of reporting abusive or prohibited behaviour) and you should take that into consideration before posting to our services.
Your CS40 account has a profile page that is shared with other users. Your profile contains information about your activities on the service, such as your username, prior posts and comments, karma, reactions and awards received, trophies, role status (staff, admin, etc.), CS40 Subscriber status and how long you have been member of CS40.
We offer social sharing features that let you share content or actions you take on our services with other media (i.e. Facebook, Twitter, Reddit, LinkedIn and more). Your use of these features enables the sharing of certain information with your friends or the public, depending on the settings you establish with the third party that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the third parties that provide these social sharing features (e.g., Facebook, and Twitter).
CS40 only shares nonpublic information about you in the following ways. We do not sell this information.
With Social Media sharing. If you link your CS40 content to a third-party service, CS40 will share the information you authorize with that third-party service.
To comply with the law. We may share information in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request, including, but not limited to, meeting national security or law enforcement requirements. To the extent the law allows it, we will attempt to provide you with prior notice before disclosing your information in response to such a request.
In an emergency. We may share information if we believe it is necessary to prevent imminent and serious bodily harm to a person.
To enforce our policies and rights. We may share information if we believe your actions are inconsistent with our Terms of Service, #ourdiscordguidelines, directions by staff or admins or to protect the rights, property, and safety of ourselves and others.
Aggregated or de-identified information. We may share information about you that has been aggregated or anonymized such that it cannot reasonably be used to identify you. For example, we may show the total number of times a post has been upvoted or a website subsection has been visited without identifying who the visitors were.
How We Protect Your Information
We take measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. For example, we use HTTPS while information is being transmitted, MD5 and Salt encryption on passwords, encourage and use Two Factor Authentication and encrypt email with SSL. We also enforce technical and administrative access controls to limit access to data sets between staff and individual admin roles.
You can help maintain the security of your account by configuring Two Factor Authentication and by revising your password regularly.
We store the information we collect for as long as it is necessary for the purpose(s) for which we originally collected it. All Log and Usage Data has a 100 day retention limit, and is thus deleted 100 days after the given event is logged. We may retain certain information for legitimate purposes or as required by law.
You have choices about how to protect and limit the collection, use, and sharing of information about you when you use our services. While some data is necessary for us to be able to provide you with a CS40 account and access to our services, other data is optional and is up to you to configure.
Accessing and Changing Your Information
You can access and change certain information through our services. See your Account Settings page for more information. You can also request a copy of the personal information CS40 currently maintains about you by contacting our Data Privacy Manager as described under “Contact Us” below.
Deleting Your Account
You may delete your account information at any time from the Account Settings page. You can also submit a request to delete the personal information CS40 maintains about you by following the process described in the “Your Rights - Data Subject and Consumer Information Requests” section below. When you delete your account, your profile is no longer visible to other users and disassociated from content you posted under that account. Please note, however, that the posts, comments, and messages you submitted prior to deleting your account will still be visible to other members unless you first delete the specific content, or until staff or admins perform cleanup. We may also retain certain information about you as required by law or for legitimate business purposes after you delete your account.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject first- and third-party cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our services.
Do Not Track
Most modern web browsers give you the option to send a Do Not Track signal to the sites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a site should respond to this signal, and we do not take any action in response to this signal. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information we have about you.
Controlling Online Status
You may opt out of being tracked as “online” on our services in the Security and Privacy section of your Account Settings at all times.
Accessing Device Information
You can access our device and login information inferred from your IP address and browser via your Account Settings. You can subsequently stop the collection of this information at any time by contacting our Data Privacy Manager as described in “Contact Us” below.
Data Subject and Consumer Information Requests
Requests for a copy of the information CS40 has about your account - including EU General Data Protection Regulation (GDPR) data subject access requests - can be submitted by contacting our Data Privacy Manager by the means made available in “Contact Us” below.
All other data subject and consumer requests under data protection laws should be sent via email to [email protected] from the email address that you have verified with your CS40 account.
Before we process a request from you about your personal information, we need to verify the request and your legitimacy via your access to your CS40 account or to a verified email address associated with your CS40 account. You may also designate an authorized agent to exercise these rights on your behalf. Cs40 does not discriminate against users for exercising their rights under data protection laws to make requests regarding their personal information.
International Data Transfers
While our members, staff, admins and owner base is international, our services, our data processing and our user information is stored on servers that are hosted within the EU, more specifically in Germany. We may store information on third party services (such as Google Drive) in other countries depending on a variety of factors, including the locations of our users and service providers. By accessing or using our services or otherwise providing information to us, you consent to the processing, transfer, and storage of information to Germany, to other member nations of the EU and to other countries, where you may not have the same rights as you do under local law.
Information for EEA and All Users
Users in the European Economic Area have the right to request access to, rectification of, or erasure of their personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where they have previously provided consent. These rights can be exercised using the information provided under “Your Choices” above or as described in the “Your Rights - Data Subject and Consumer Information Requests section” above. EEA users also have the right to lodge a complaint with their local supervisory authority if they believe our efforts to be fraudulent, criminal or dishonest.
As required by applicable law, we collect and process information about users in the EEA only where we have a legal basis for doing so. We have elected to extend these principles to all users outside of the EEA as well, and will follow these principles unless local law is Lex Specialis and requires otherwise.
Our legal bases depend on the services you use and how you use them. We process your information on the following legal bases:
You have consented for us to do so for a specific purpose;
We need to process the information to provide you our services, including to operate the services, provide user and customer support, personalised features and to protect the safety and security of our services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as preventing fraud, ensuring network and information security, enforcing our rules and policies, protecting our legal rights and interests, research and development, personalizing the services; or
We need to process your information to comply with our legal obligations.
Additional Information for California Users
The California Consumer Privacy Act (“CCPA”) requires us to provide California residents with some additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.
In the last 12 months, we have collected the following categories of personal information depending on the services used:
Identifiers, like your CS40 username, email address, IP address, and cookie information.
Transactional and Commercial Information, including information about transactions you undertake with us.
Internet or other electronic network activity information, such as information about your activity on our services.
Audiovisual information in pictures, audio, or video content submitted to csforty.com (CS40).
Professional or employment-related information or demographic information, but only if you explicitly provide it to us, such as by sharing content on our services.
You can find more information about what we collect and sources of that information, the purposes for collecting that information, and the categories of third parties with whom we share that information in the “What We Collect (and How it is Used and Shared)” section above.
If you are a California resident, you have additional rights under the CCPA, including the right to request access to or deletion of your personal information, and information about our data practices, as well as the right not to be discriminated against for exercising your privacy rights. These rights can be exercised as described in the Data Subject and Consumer Information Requests section above.
Children under the age of 18 are not allowed to create an account or otherwise use our services. Additionally, if you are in the EEA, you must be over the age required by the laws of your country to create an account or otherwise use CS40 services, or we need to have obtained verifiable consent from your parent or legal guardian.
Changes to This Policy
To send a GDPR data subject request or CCPA consumer request, simply contact our Data Privacy Manager by any of the following means.