8-Bit Academy

GDPR Compliance

GDPR Compliance Statement

Introduction

At 8-Bit Academy, we are committed to protecting the privacy and rights of our users in accordance with the General Data Protection Regulation (GDPR). This compliance statement outlines how we adhere to GDPR principles when collecting, processing, and protecting personal data of individuals in the European Economic Area (EEA).

Data Controller Information

8-Bit Academy serves as the data controller for all personal information collected through our website and services. For any GDPR-related inquiries, please contact our designated data protection contact using the information provided at the end of this statement.

Personal Data We Process

We may collect and process the following categories of personal data:

  • Account information (name, email address)
  • Usage data (game progress, educational performance metrics)
  • Technical data (IP address, browser information, device data)
  • Communication data (when you contact us)
  • For students and children under 16, we collect only minimal data necessary for the service

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Your consent (which you can withdraw at any time)
  • Necessity to perform a contract with you (providing our educational gaming services)
  • Compliance with a legal obligation
  • Our legitimate interests, provided they do not override your fundamental rights and freedoms

Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

  1. Right to Access: You can request information about your personal data that we process, including what data we have, how we use it, and with whom we share it.

  2. Right to Rectification: You can request that we correct inaccurate personal data or complete incomplete personal data.

  3. Right to Erasure (Right to be Forgotten): You can request that we delete your personal data under certain circumstances.

  4. Right to Restrict Processing: You can request that we limit the processing of your personal data in certain scenarios.

  5. Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted to another controller.

  6. Right to Object: You can object to the processing of your personal data that is based on our legitimate interests or for direct marketing purposes.

  7. Rights Related to Automated Decision Making: You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

To exercise any of these rights, please contact us using the information provided at the end of this statement. We will respond to your request within 30 days.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of our security measures
  • Restricted access to personal information
  • Staff training on data protection and security practices
  • Regular backups to prevent data loss

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When determining retention periods, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means

International Data Transfers

If we transfer your personal data outside the EEA, we ensure adequate protection through one or more of the following safeguards:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Using specific contracts approved by the European Commission (Standard Contractual Clauses)
  • For transfers to the US, working with providers certified under the EU-US Privacy Shield (where applicable)

Data Protection Impact Assessments

For processing activities that may result in high risk to individuals’ rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize data protection risks.

Data Breach Procedures

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

Data Protection Officer

While not legally required for our organization, we have designated a responsible person to oversee GDPR compliance and address data protection concerns.

Cookie Compliance

Our cookie policy complies with GDPR requirements by:

  • Obtaining explicit consent before setting non-essential cookies
  • Providing clear information about the cookies we use
  • Offering easy ways to withdraw consent

Children’s Data

For users under 16 years of age in the EEA, we obtain parental or guardian consent before processing personal data, except where local law allows for a lower age limit.

Changes to This Statement

We may update this GDPR Compliance Statement periodically. Any changes will be posted on this page with a revised effective date.

Contact Information

For any GDPR-related inquiries or to exercise your rights, please contact us at:

8-Bit Academy

Squaretopia: Super Mario Bros 3 Style Map

Squaretopia World

Site Info

Website Family

Social Media

Facebook Twitter Pinterest Instagram