Effective Date: March 9, 2020
ConcernedApe LLC, a Washington limited liability company (“ConcernedApe”, “we”, “us” and their derivatives) makes this policy available to users of our websites, including stardewvalley.net and its subdomains (collectively, the “Websites”), the Stardew Valley® videogame for PC, Playstation 4, PSVita, and Xbox (collectively, the “Game”), the Stardew Valley Forum, including forums.stardewvalley.net and its subdomains (collectively, the “Forum”), and other online services we may provide (with the Websites, Game, and Forum, collectively, the “Services”).
This policy describes our practices for collecting, using, transferring, disclosing, retaining and disposing of users’ personal data. Note that lowercase terms that are used but not defined in this policy (e.g., “personal data”, “controller”, “process”, “data subject”, etc.) have the meanings assigned in Article 4 of the European Union General Data Protection Regulation. To be clear, however, this policy applies to all users of the Services, no matter where they live.
This policy applies only to personal data we collect through the Services. It does not apply to any information that we collect offline or you provide to or is collected by any third party.
Please read this policy carefully, so you can understand our policies and practices regarding your personal data.
We do not knowingly collect personal data from anyone under 13 years of age. Our Services are directed to people who are at least 13 years old. If you are under 13, do not submit any information about yourself to us. If you become aware that a child under the age of 13 has provided us with personal data, please contact us at [email protected], so we may remove the information.
Personal data we collect and how we collect it
Correspondence. If you correspond with us, we will retain records of our correspondence, including the contents of whatever was said, your email address, name, signature, postal address, and telephone number, if provided, and any other information that you provide to us in such correspondence.
Forum. If you use the Forum, we may collect your name or username, email address, and IP address (your IP address is never publicly visible). We may also retain copies of your posts to the Forum, including the contents of whatever was posted and any other personal data you choose to share on the Forum such as your profile information.
Analytics. If you browse our Websites or Forum, we may collect certain information about your use of our Websites and Forum. This information may include, without limitation, the number of page visits and duration, type of browser, etc. Some of this information, such as your IP address, may constitute personal data.
Automatic Tracking Technologies. Data we collect about your use of the Websites and Forum may be collected through “cookies” and “web beacons”. Cookies are small files placed on the hard drive of your computer through your web browser that enable us to recognize your browser and capture and remember certain information. Web beacons (also referred to as “clear gifs”, “pixel tags”, and “single-pixel gifs”) are small electronic files that enable us, for example, to count users who have visited our pages and for other related website statistics. For more information about cookies, please see our detailed Cookies Policy.
Where personal data is processed; transfer of personal data
We’re based in the State of Washington in the United States of America. We may process and transfer your personal data in and to the United States of America and other countries, regardless of where you are. Note that the laws regulating the collection, use, and disposal of personal data vary from country to country, so applicable law in the country where your personal data may be processed may not be as comprehensive or strict as the laws of the country where you’re located.
How we use personal data
We do not use automated decision-making in connection with the processing of your information.
We use automatic data collection technologies and the personal data collected through them to enable our Websites and Forum to remember you. We also use information gained through automatic data collection technologies to compile statistical information about use of our Websites and Forum, such as the pages users visit most often. We may use this information to improve our Services.
Access to personal data by contractors and other third parties
We may give certain independent contractors access to data we collect, including personal data. These independent contractors may assist us with tracking use of our Websites and Forum, including monitoring posts to the Forum, and with providing and improving the Services. Independent contractors that work for us are obligated to keep personal data confidential and use it only in accordance with our express instructions.
We also may disclose personal data:
Legal bases for processing
We rely on the following legal bases to process your personal data:
Your data subject rights
We will promptly act on the request of any user of the Services that we:
You may always withdraw any consent to process your personal data you have provided us and object to our use or disclosure of your personal data. Exercise of any of the rights set forth in this section may not apply retroactively from the date a given request is made and doesn’t affect our ability to continue processing personal data in accordance with this policy and applicable law. The rights described in this section are subject to certain limitations and exceptions under applicable law.
If you’d like to exercise any of your data subject rights concerning your personal data that we may possess, please reach out to us by email at [email protected] When you reach out, please put “Data Subject Access Request” in the subject line of the e-mail, and briefly describe the right or rights you intend to exercise. We may use your personal data to confirm your identity before acting on your request.
You will always have the right to lodge a complaint about our privacy practices with the appropriate supervisory authority. We ask that you contact us first, so we can try to address any concerns that you have about our privacy practices directly.
Additional notice for California residents
The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“CCPA”):
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Verifiable Consumer Requests.To exercise your rights described above, please email us at [email protected] with the subject line “CCPA”. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal data. You may also make a verifiable consumer request on behalf of your child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm that the personal data relates to you. Making a verifiable consumer request does not require you to create a profile with us. We will only use personal data provided in a verifiable consumer request to verify your identity or authority to make the request.
Response Timing and Format.We endeavor to respond to a verifiable consumer request within 30 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have a profile with us, we will deliver our written response to that profile. If you do not have a profile with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the receipt of verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Data security and retention
We retain personal data for only as long as necessary to fulfill the purposes for which it was collected or provided, subject to certain exceptions as authorized by and where required under applicable law. We may pseudonymize, delete or take other measures to dispose of personal data. We may retain copies of personal data for additional time for business continuity purposes and for the purposes of creating backups.
We implement a variety of security measures to maintain the safety of your personal data when you use the Services. We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted. Such information is only accessible by those authorized with special access rights to such systems and that are required to keep the information confidential, subject to any additional requirements imposed by our contract with them and applicable law.
Also, please keep in mind that the transmission of information via the internet is not completely secure. Although we have designed our Services with the protection of your personal data in mind, we cannot guarantee the security of your personal data transmitted through the Services. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
Changes to this policy
If you have any questions regarding this policy or our privacy practices, you may contact us at [email protected]