GDPR Rights and Data Protection
Last Updated: January 2025
At mirrordestiny.com, we respect your privacy and are committed to protecting your personal data. This page explains your rights under the General Data Protection Regulation (GDPR) and how we handle your information.
1. Data Controller Information
The data controller responsible for your personal information is:
- Company: mirrordestiny.com
- Address: 107 Jackson Street, Brighton, New Zealand
- Email: support@mirrordestiny.com
- Data Protection Contact: info@mirrordestiny.com
2. Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
2.1 Right to Access
You have the right to know what personal data we hold about you. This includes:
- What data we collect
- Why we collect it
- How we use it
- Who we share it with
- How long we keep it
You can request a copy of your data at any time. We will provide this within 30 days at no cost.
2.2 Right to Rectification
You have the right to correct inaccurate or incomplete personal data. If you find errors in your information, we will update it promptly. You can:
- Update your account details directly
- Contact us to correct specific information
- Request verification of corrected data
2.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data in these situations:
- The data is no longer needed for its original purpose
- You withdraw consent and there is no other legal basis
- You object to processing and there are no overriding grounds
- The data was unlawfully processed
- Legal obligations require deletion
Note that some data may need to be retained for legal or security reasons.
2.4 Right to Restriction of Processing
You can ask us to limit how we use your data when:
- You question the accuracy of the data
- Processing is unlawful but you prefer restriction over deletion
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
During restriction, we will only store your data and process it with your consent or for legal purposes.
2.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format. You can:
- Request your data in machine-readable format (like CSV or JSON)
- Transfer your data to another service provider
- Receive data directly or have us send it to another controller
This right applies to data you provided based on consent or contract.
2.6 Right to Object
You can object to processing of your personal data when:
- Processing is based on legitimate interests
- Data is used for direct marketing
- Data is used for profiling or automated decisions
- Processing is for scientific or historical research
We will stop processing unless we can show compelling legitimate grounds.
2.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. This does not affect:
- Lawfulness of processing before withdrawal
- Processing based on other legal grounds
You can withdraw consent through your account settings or by contacting us.
2.8 Right to Lodge a Complaint
If you believe we have not handled your data properly, you can:
- Contact us first to resolve the issue
- File a complaint with your local supervisory authority
- Seek legal remedies through courts
3. How to Exercise Your Rights
3.1 Making a Request
To exercise any of your rights, contact us at:
- Email: support@mirrordestiny.com
- Alternative Email: info@mirrordestiny.com
- Subject Line: "GDPR Rights Request"
Please include:
- Your full name and email address
- Account username if applicable
- Specific right you wish to exercise
- Details of your request
- Proof of identity if requested
3.2 Response Time
We will respond to your request:
- Within 30 days as standard
- Within 60 days for complex requests
- We will inform you if we need extra time
- We will explain any delays
3.3 Verification Process
To protect your privacy, we may need to verify your identity before processing requests. We may ask for:
- Government-issued ID
- Proof of address
- Account verification details
- Security questions
4. Data We Collect
4.1 Personal Data
We collect and process:
- Account Information: Username, email, password (encrypted)
- Profile Data: Age, country, preferences
- Contact Details: Email for communications
- Device Information: Device type, OS, IP address
- Usage Data: Game statistics, play time, features used
- Communication Data: Support messages, feedback
4.2 Special Categories of Data
We do not intentionally collect sensitive personal data such as:
- Health information
- Racial or ethnic origin
- Political opinions
- Religious beliefs
- Biometric data
5. Legal Basis for Processing
We process your data based on:
- Consent: You have given clear permission
- Contract: Processing is necessary to provide services
- Legal Obligation: We must comply with laws
- Legitimate Interests: We have valid business reasons
6. Data Sharing and Transfers
6.1 Who We Share With
We may share data with:
- Cloud service providers for data storage
- Analytics services to improve our game
- Payment processors for transactions
- Customer support tools
- Legal authorities when required
6.2 International Transfers
Some data may be transferred outside the EEA. We ensure protection through:
- Standard contractual clauses
- Adequacy decisions
- Privacy Shield certification where applicable
- Binding corporate rules
7. Data Retention
We keep your data for as long as:
- Your account is active
- Required to provide services
- Needed for legal compliance
- Necessary for legitimate business interests
After account deletion:
- Most data is deleted within 30 days
- Backups are removed within 90 days
- Some data may be retained for legal reasons
- Anonymized data may be kept for analytics
8. Data Security Measures
We protect your data using:
- Encryption for data in transit and at rest
- Secure servers with firewall protection
- Access controls and authentication
- Regular security audits and testing
- Staff training on data protection
- Incident response procedures
9. Automated Decision Making
We may use automated processing for:
- Fraud detection and prevention
- Content recommendations
- Account security measures
You have the right to:
- Request human review of automated decisions
- Express your point of view
- Contest the decision
10. Cookies and Tracking
We use cookies for:
- Essential site functionality
- Analytics and performance
- Personalization
- Marketing (with consent)
You can manage cookies through:
- Our cookie consent banner
- Browser settings
- Opt-out tools
11. Children's Data
For users under 16:
- We require parental consent
- Parents can access their child's data
- Parents can request deletion
- We collect minimal information
- Extra security measures apply
12. Data Breach Notification
In case of a data breach, we will:
- Notify authorities within 72 hours
- Inform affected users promptly
- Explain the nature of the breach
- Describe steps we are taking
- Provide guidance to protect yourself
13. Third-Party Rights
When exercising your rights, we consider:
- Rights and freedoms of others
- Legitimate interests of third parties
- Public interest considerations
- Legal obligations
14. Updates to This Policy
We may update this GDPR policy to reflect:
- Changes in law or regulation
- New processing activities
- Improvements to our practices
We will notify you of significant changes through email or in-game notifications.
15. Contact and Complaints
15.1 Contact Us
For any GDPR-related questions or requests:
- Email: support@mirrordestiny.com
- Alternative Email: info@mirrordestiny.com
- Address: 107 Jackson Street, Brighton, New Zealand
15.2 Supervisory Authority
If you are not satisfied with our response, you can contact your local data protection authority. For EEA residents, find your authority at edpb.europa.eu.
16. Additional Resources
For more information about your privacy:
- Read our Privacy Policy
- Review our Terms of Use
- Visit our Contact page
We are committed to protecting your data and respecting your rights. Your privacy is important to us, and we work hard to maintain your trust.