Privacy Policy
Your privacy is important to us at Vorandor. This Privacy Policy gives you a clear, high-level overview of how we collect and use your personal data in the game and on the website. For full GDPR information (including legal bases, retention periods and your rights) please also read our Privacy Notice.
§1 Controller and scope
The controller of your personal data is Oskar Szymański, Krotoszyńska 2, 85-378 Bydgoszcz, Poland, NIP: 9671451645, REGON: 520669692. Contact: [email protected]. This Policy applies to the Vorandor game, the vorandor.com website and related online services (such as registration, support and communication channels).
§2 What data we collect
We collect data that you provide directly and data generated when you use our services, in particular: - registration and account data (e-mail address, password hash, in-game identifiers such as account ID, character ID, nicknames), - gameplay data (progress, items, achievements, in-game actions, chat messages subject to moderation), - technical and security data, such as IP address, approximate location based on IP, device identifiers (where technically available), client and system information, and server logs (including dates, times and error logs), - data from your communication with us (support tickets, e-mails, reports), - data related to payments for optional services (for example transaction ID, amount, time of payment and payment provider) – we do not store full card numbers or CVV codes.
§3 How we use your data
We use your data mainly to: - create and manage your account and enable you to play Vorandor, - provide and improve the game, fix bugs and balance gameplay, - ensure the security and stability of our servers, including detection and prevention of fraud, abuse, cheating and attacks on our systems, - enforce the Terms of Service (for example investigating suspected breach, blocking accounts or IPs in justified cases), - provide support and communicate with you about technical issues, updates and important changes, - send you optional news and marketing messages about the game if you have chosen to receive them, - perform basic analytics (for example number of active players, gameplay patterns) to develop the game. More detailed information about the legal bases of processing can be found in the Privacy Notice.
§4 Technical data, logs and anti-cheat
To protect the game and other players we process technical information such as IP addresses, device identifiers (where technically available), client version, connection metadata and in-game event logs. We use this data in particular to: - detect and block bots, cheats, abuse of bugs and other behaviour that violates the Terms of Service, - protect accounts against theft and unauthorised access, - prevent DDoS attacks and other attempts to disrupt the game, - apply technical measures such as throttling and rate limiting. These activities are carried out on the basis of our legitimate interest in ensuring the security of the service and fair play. In serious cases we may block access from a specific account, device or IP range.
§5 Sharing of data
We do not sell your personal data. We may share data only with: - IT service providers (hosting, server infrastructure, security, analytics, error tracking) who process data on our behalf under data processing agreements, - payment providers who handle transactions for optional paid services, - external platforms where we run official channels (e.g. YouTube, TikTok, Discord) – these platforms process data under their own terms, - public authorities or courts when we are legally obliged to do so. In some cases data may be transferred outside the European Economic Area. Where this happens, we use safeguards described in the Privacy Notice (such as Standard Contractual Clauses or adequacy decisions).
§6 Data security and retention
We apply technical and organisational measures designed to protect your data against unauthorised access, loss, destruction or alteration, appropriate to the risks associated with the game and the website. We keep data only for as long as it is needed for the purposes described above, or for the period required by law (for example accounting or tax regulations). In general, account data is stored for the life of your account and for a limited time after its deletion, as explained in more detail in the Privacy Notice.
§7 Your rights and contact
Under the GDPR you have, in particular, the right to request access to your data, rectification, erasure, restriction of processing, data portability and to object to processing based on our legitimate interests or for direct marketing. Where processing is based on your consent (for example optional marketing), you may withdraw your consent at any time, which will not affect the lawfulness of processing before withdrawal. If you have questions or want to exercise your rights, contact us at: [email protected]. You also have the right to lodge a complaint with your local data protection authority. In Poland this is the President of the Personal Data Protection Office (PUODO).