Privacy Policy

Document date: 2023-10-28

Personal data processed by Wildfire Games and purposes of processing:

The following personal data is collected by Wildfire Games in order to run this Gitea instance, with the ultimate purpose of developing 0 A.D., a free and open-souce game of ancient warfare:

1. Username

Your account is uniquely identified with a username, that you choose at the time of registration. Having a unique username is a requirement for developers to communicate with you about your feedback and your contributions.

This username is public and acts as a pseudonym.

2. Email

Your account is associated with one or more email addresses. One email adress, called "primary address", must be provided at registration. It is a requirement for allowing you to retain control of your account in case of forgotten password. It is a requirement for sending you information and updates about your feedback and your contributions.

One of your email addresses is public: it is the one that you decide to use in patches and git commits, and it can be consulted by anyone reading those contributions. It is not necessarily the primary address. Adding that public email address to your list of account email addresses is a requirement to associate your commits and patches with your other contributions. Your other email addresses are private.

Your primary email address is used to display your Gravatar profile picture if you created an account on that platform. Please note that we do not send your email address to this third-party, only a hashed version of it. Users of Gravatar should consult their Privacy Policy for more information. We do not share the personal data of our users who do not have a Gravatar account associated with their email address.

3. Password

A password is necessary for logging in to your account on this website. You choose your password at the time of registration.

Wildfire Games only receives an encrypted version of the password, so that your password is not revealed in case of a security breach.

4. GPG keys

One or more GPG keys are necessary for identifying you when you access code repositories through SSH using a git client. If you made one of your GPG keys public somewhere else, this can be used to identify you.

5. Full Name, Biography, Website, Location

You can optionally fill your account with profile information, including personally identifiable information. If you choose to fill it, this information is public. If you choose to fill your biography with sensitive information (such as racial or ethnic origin, political affiliations, religious/philosophical beliefs, biometric data, age under 13, etc.), your account may be suspended and this information removed (please read the Terms of Use for more details).

6. Usage information and client information

Whenever you connect to this Gitea instance through a web browser, a git client, or any third-party application, we receive usage and device information (which pages you view, your IP address, your client — which may include the name of your operating system, your UserAgent, etc. —, session information if you are logged in, request date and time, language preference). This information is necessary for Gitea to work. It is also processed by us to prevent attacks, to enforce banishments of users who violated the terms of use, and to bring criminal proceedings in case of a cyberattack (EU Court of Justice Press Release No 112/16).

We keep the logs containing this information for a duration of three months. Additionally, we may save the IP addresses of users who violated the terms of use, for no longer than three years.

7. Cookies

When you visit the website, we store cookies (and similar technologies, like HTML5 localStorage) on your computer or device. We use cookies to keep you logged in, remember your preferences, and provide information for future development of this Gitea instance. For security purposes, we use cookies to identify a device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use our services. You may however remove cookies from your storage after your visit.

8. Issues, comments, wiki contents

All the content (written text, including code snippets, uploaded images, reactions) that you upload to this Gitea instance is associated to your account and released to the public under the Creative Commons Attribution-ShareAlike license. This content will be used by Wildfire Games to develop the game. You can freely edit this content, but we will hold copies and backups of it indefinitely in order to develop the game. If you start defacing or mass-deleting your content, your account may be suspended and your content may be selectively restored from backups. If you share sensitive information in your content, your account may be suspended and this information removed (please read the Terms of Use for more details).

9. Code and uploaded git data

All the file blobs and commit comments you send to the git repositories are released to the public and will, in most cases, be cloned in third-party checkouts of the repositories (for instance on Github, Gitlab, and other forges; on CI systems; on the machines of members of the community; etc). The code you upload will be released under a fitting license (see LICENSE.txt for the default licencing of certain folders of the main repository), the artwork you upload and texts you write will be released under the Creative Commons Attribution-ShareAlike license. Do not forget that commit comments contain personal information (a pseudonym and an email address). You are responsible for verifying the contents of your commits before pushing them anywhere.

Security and circumstances of processing:

Wildfire Games keeps this Gitea instance up-to-date, following the latest releases of Gitea (GDPR 32). The Gitea development team enforces a written security information program, which aligns with industry recognized frameworks.

The transmission of personal data is secured using SSH (for git pushes) and HTTPS (on the website) (GDPR 32).

The content of git repositories is encrypted at rest. Personal data is protected against unintentional loss and against malicious deletion in encrypted backups for additional time (GDPR 30.1.g, GDPR 32).

All personal data that Wildfire Games processes is obtained from the user (GDPR 14).

Wildfire Games reserves the right to delete any service data (including personal data) at any time, except where a user has objected to the erasure of their personal data for performance of a legal claim.

Legal basis for the processing:

The processing is necessary for the performance of the service defined in the terms (GDPR 6.1.b).

Wildfire Games has legitimate interests in providing this Gitea instance, in the development and improvement of 0 A.D., of the tools surrounding it, and of its development environment (GDPR 6.1.f).

Wildfire Games does not process any further data for this Gitea instance and does not ask for consent to process data (GDPR 6.1.a, GDPR 7, GDPR 8, GDPR 13.2.c).

User rights:

  1. Contact Wildfire Games, by sending an email to webmaster at wildfiregames dot com (GDPR 13.1.a, GDPR 13.1.b). To exercise any user right, please refer to this contact.
  2. Right of access to personal data concerning themself (GDPR 15).
  3. Right to obtain personal data in a machine-readable format (GDPR 20).
  4. Right to rectification of inaccurate personal data (GDPR 16).
  5. Right to erasure of personal data where it is not relevant to the stated purposes, if the data was processed unlawfully, or if the user objects to the processing and has overriding legitimate grounds (GDPR 17).
  6. Right to restriction of personal data processing where the accuracy of the data is contested by the user, if the data was processed unlawfully, or if the user requires the data for a legal claim (GDPR 18).
  7. Right to object to the processing of personal data concerning themself on grounds relating to their particular situation (GDPR 21).
  8. Right to lodge a complaint with a supervisory authority (GDPR 13.2.d, GDPR 77). Requests that are manifestly unfounded or excessive are not responded to or may be charged (GDPR 12.4, GDPR 12.5).

Wildfire Games obligations:

  1. Wildfire Games demonstrates compliance with GDPR (GDPR 5.2 'accountability').
  2. Wildfire Games documents their processing activities appropriately, in particular the categories of processed personal data and security measures to protect it (GDPR 30).
  3. Wildfire Games processes personal data lawfully, fairly and transparently (GDPR 5.1.a, GDPR 12.1).
  4. Wildfire Games informs users of the purposes, legal grounds, legitimate interests and retention periods of personal data processing at the time it is processed, recipients of personal data and where applicable, transfer of personal data to third countries and automated decision-making (GDPR 13.1.c-f, GDPR 13.2.a, GDPR 13.2.e-f, GDPR 15.1, GDPR 15.4).
  5. Wildfire Games does not processes personal data for purposes other than the specified ones (GDPR 5.1.b, 'purpose limitation', GDPR 13.3).
  6. Wildfire Games does not process personal data that is not needed for the specified purposes (GDPR 5.1.c, 'data minimization').
  7. Wildfire Games uses a storage form that does not allow identification of natural persons for longer than necessary (GDPR 5.1.e 'storage limitation').
  8. Wildfire Games secures personal data processing to prevent unauthorised or unlawful processing and accidental loss (GDPR 5.1.f. 'integrity and confidentiality').
  9. Wildfire Games informs users of their right to access, to rectify, to erase personal data and the right to restrict, to withdraw consent to, to object to personal data processing and to complain at a supervisory authority (GDPR 13.2.b, GDPR 13.2.c, GDPR 13.2.d).
  10. Wildfire Games facilitates the exercise of user rights where possible (GDPR 12.2), without undue delay (GDPR 12.3).
  11. Wildfire Games informs the users that to exercise their rights, users might need to provide additional information to identify the natural person or the data (GDPR 12.6, GDPR 13.2.e).
  12. Wildfire Games will not knowingly collect personal data from children under the age of 13 (Children's Online Privacy Protection Act). If you believe Wildfire Games received any personal data from or about a child under 13, please contact Wildfire Games.
  13. Where Wildfire Games processes sensitive personal data based on legitimate interests, Wildfire Games considers performing, recording and periodically reviewing Legitimate Interests Assessments and Data Protection Impact Assessments (GDPR 35) to become confident that the individual's interests do not override Wildfire Games legitimate interests, and that Wildfire Games is not using personal data in intrusive ways unless there is a very good reason to.
For further information on Wildfire Games Privacy Policies, visit the wiki page UserDataProtection.