Data Privacy Statement
Data Privacy Statement for Aetherfield Games (AF)
The core game team are Sam Griffin and Martin Winchester who are reachable via email email@example.com.
Data Privacy Summary
When you book for a game, you need to read our full privacy statement and agree to us using your personal information for the purposes of running our larp games effectively and safely. We do not sell or share data outside of AF except (if necessary) to the emergency services or if required by law.
We collect and use personal data such as name, email, date of birth, photo, phone number and emergency contact details. We may also record details of medical conditions or similar if you provide them to us. If you intentionally or repeatedly break the game rules, particularly safety, equality/diversity or social contract rules, a short neutral statement to this effect may be recorded in a separate Incident File.
We ask for your explicit consent to record, store and use your personal data for games that we run, and separately if you agree to receiving marketing information about upcoming AF games.
You have the right to request a copy of the information about you that we have and to require us to delete it. Deleting your data will impact on your ability to attend our games.
Your information in our main database is held for a maximum of 3 years after the last event of a game you attended. Information in the Incident File will be held until 6 months after AF ceases to run larp games.
If you do not agree to our use of your personal data as outlined in the full Data Privacy statement, then we cannot accept your booking.
What data do you collect?
We collect your name, email address, date of birth, telephone number, next of kin/emergency contact details and any health conditions/phobias/allergies or other things (such as scenarios or people you want to minimise contact with) that you have told us about. We also collect photographs for some games.
We may also collect data about clothing sizes and the gender you prefer to present as in play, if you are crewing for us.
From time to time we may ask if we can temporarily hold bank account details to process payment returns.
If you intentionally or repeatedly break the game rules, particularly safety, equality/diversity or social contract rules, a short neutral statement to this effect may be recorded in a separate incident file. The incident file is only available to the core game team and may be used to make judgements about your attendance at events.
What do you use my data for?
All of the data is used for the express and sole purpose of providing larp events. More specifically (but not exclusively), we use the data to –
- identify you as the player of a particular character within a game,
- contact you with relevant information about the game and any events you might have booked on to, or be on a waitlist for,
- provide you with links to game information,
- record which games you have attended,
- record what payments have been received,
- enable us to pass information on to a first aider or an emergency service, if the individual is unable to give consent,
- to pass food allergy/intolerance information to any caterer that does not obtain this information via their own form,
- enable us to improve the accessibility and safety of our games,
- generate id cards and other in-game resources,
- buy or create costume or props,
- produce a ‘guest list’ of event attendee’s names so people can tell who is coming to a particular event,
- and with express permission, to advertise or notify of an upcoming game also run by us.
Who has access to the data, how is it stored, and how long do you keep it?
Data is gathered via google forms or a similar service and by email. Data is held by us in a password protected database and/or spreadsheet and/or email box held on password protected devices. Sharing (via dropbox or similar cloud service) is restricted to the core AF team or, if required, may be visible to an administrator updating or maintaining the database on behalf of the core team. From time to time, all data may be transferred onto a back-up version of the database, held in the same way.
A hard copy of your details will be made before events and kept in a secure place accessible only to the core game team, for use in event of emergency. This will be physically destroyed after the event.
No data that can identify you as an individual, other than your name, Player ID number and photograph, will be shared with other attendees, or used for in game purposes except as indicated above.
We do not share or sell data to other organisations except in the emergency situation outlined above, or if required to do so by law.
Your data will standardly be deleted 3 years from the end of the last event of a system in which you played. Any documents produced (for example character sheets) that contain a player’s name and ID may be archived for reference purposes in the creation of future games. The player’s details will be deleted from our database, as will any emails.
Bank account details will be held only as long as required to process a transaction and then deleted.
How do I request for my data to be seen by myself or removed?
You can email us to ask for a copy of any data we hold on you, which we will provide within a calendar month. We will respond to requests to update and modify the data within a similar time frame.
You can ask us to fully delete any records we hold by withdrawing consent. If you do this, and are currently booked onto an event, your booking will be cancelled.
If you ask us to delete something from the incident file, we will do so, but will cancel any current bookings and refuse to take further bookings from you. We will keep a record of your name and that you requested information to be removed from this file until 6 months after we cease to run any further games.