TOP-MC-SERVERS.NET - Privacy Policy
Effective Date: March 16, 2024
Privacy Policy
(hereinafter referred to as the Privacy Policy or the Policy)
1. INTRODUCTION
This Privacy Policy applies to the processing of personal data of users who register on the website https://top-mc-servers.net (hereinafter referred to as the "website") owned and operated by the Data Controller as defined in point 2 and of users who have registered an account on the website. For the purposes of this Privacy Policy, the main terms used are defined in Annex 1 attached hereto.
The terms of use for the use of the internet platform provided by the Data Controller are available on https://top-mc-servers.net/faq/. In order for the user's server to be displayed on the Controller's website and for users to be able to vote on it, pre-registration on the website and the provision of the data of the server to be displayed in the user account of the data subject are required.
The processing of data under this Privacy Policy is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR") and the relevant provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
2. THE DATA CONTROLLER
Name: Dávid Gyetván
Seat/Postal address: 1104 Budapest, Alkér street 70.
E-mail address: info@top-mc-servers.net
hereinafter referred to as the Data Controller
3. DATA MANAGEMENTS
This Privacy Policy applies to the following processing activities of the Data Controller in connection with the operation of the website:
- Management of registration data
- Data required to log in to the user account
- Data related to requesting a new password
- Management of the data that the user may enter in his/her user account
- Data required for the operation of the platform
- Processing of data related to purchases
- Processing of data related to the sending of notifications
- Processing of data related to the contact with the Data Controller
- Processing of data related to voting
- Cookies
3.1. Registration (creating a user account)
Users can register on the Controller's website by using the Sign up menu of the website. During the registration process, the registrants shall enter their own personal data. The registrant shall be solely responsible for the accuracy and correctness of the data provided during registration.
After entering the registration data, the Data Controller will send a confirmation e-mail to the e-mail address provided by the user during the registration to finalise the registration. The user can confirm his/her registration by clicking on the link in the e-mail.
Upon confirmation of registration, the user account of the registrant is created with the data provided during registration, which data, except for the e-mail address, can be modified by the user in his/her account later.
By logging into the account, the user can use the Internet platform operated by the Data Controller and the services provided through it. Without providing the requested data during registration, the user account of the data subject cannot be created and the data subject cannot use the Internet platform operated by the Data Controller and the services provided through it.
The registered user shall be solely responsible for the secure and confidential use of the e-mail address and password. The registered user shall not disclose this data to third parties, nor shall he/she use another user’s ID, password or attempt to use other access.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| The creation of the data subject's user account, the use of the platform operated by the Data Controller and the services provided through it. | E-mail address, Username Password IP address Date of registration. The Data Controller does not recognize or store the password provided by the user during registration. In the case of a forgotten password, the user can request a new password via the https://top-mc-servers.net/forgot-password/ interface to the e-mail address provided at registration, which system-generated password the user must change after login. | Performing the service contract concluded with the Data Controller, ensuring the use of the platform (Article 6(1)(b) GDPR). | The data is stored until the user's account is deleted. The user account can be deleted as follows: 1) Deletion of account by the user: the user can delete his/her account in his/her user profile at any time. After deletion of the account, the user will not have access to the data stored in the account, the data stored in the account will be deleted. 2) Deletion of account by the Data Controller at the request of the user: the user may request the Data Controller to delete his/her account at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. 3) Deletion of the account by the Data Controller, as the operator of the website, for breach of the terms of use of the platform: A user's account may also be deleted by the Data Controller if the user violates the terms of use applicable to the operation of the platform and the Data Controller excludes the user concerned from using the platform. |
3.2. Logging in to the user account
Registered users can log in to their user account by entering the e-mail address and password they provided during registration https://top-mc-servers.net/login/ website. The use of the platform and the services provided through it can be accessed after logging in to the user account of the user.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Identifying the data subject, ensuring secure access to his or her user account and providing access to the platform. | E-mail address Password Login time, IP address The Data Controller does not have access to the user's password, and does not know it. | Performing the contract concluded with the Data Controller, provide the user with access to the platform (Article 6(1)(b) GDPR). | The data is stored until the user's account is deleted. For information on how and when a user account may be deleted, please refer to the Terms of Use at https://top-mc-servers.net/faq/. |
3.3. Requesting a new password
In the case of a forgotten password, the user can request a new password on https://top-mc-servers.net/forgot-password/ subpage, which will be generated by the system and sent to the user's e-mail address provided at registration and which the user will be required to change upon login.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Providing access to the user account of the user and to use the platform. | E-mail address, system-generated password and IP address of the data subject. | Performing the contract concluded with the Data Controller, provide the user with access to the platform (Article 6(1)(b) GDPR). | The data is stored until the user's account is deleted. For information on how and when a user account may be deleted, please refer to the Terms of Use at https://top-mc-servers.net/faq/. |
3.4. Other data provided by the user in his/her user account
The user has the possibility to upload information about his/her server in the user account, in addition to the information provided at registration, which will be displayed to visitors of the site. The registered user may modify or delete this server data in his account.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Providing the services of the platform | Server data (server name, server-related website availability, discord invitation, server ip address or domain address, server related port and qry report, server description, youtube video link to the server showing the server, server version, server country, server categorization, votifier, banner upload option). | Performing the contract concluded with the Data Controller, providing the user with the services of the platform (Article 6(1)(b) GDPR). | Until the deletion of the user account of the data subject, but no later than the deletion of the server data by the user or the Data Controller. The user may delete or modify the server data provided by him/her in his/her user account at any time. The Data Controller has the right to delete server data, which is described in the Terms of Use available on the https://top-mc-servers.net/faq/. |
3.5. Data necessary for the technical functioning of the platform
The Controller processes the personal data specified below in order to ensure the technically correct and proper functioning of the website.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Ensuring the technically correct and proper functioning of the platform | IP address Online identifier Type and time of user activity US or other (non-US) nationality of the user | The Data Controller's legitimate interest in ensuring the technically correct and proper functioning of the platform (Article 6(1)(f) GDPR). The platform works by storing the data of US citizen users on US servers. | The data is stored until the user's account is deleted. For information on how and when a user account may be deleted, please refer to the Terms of Use at https://top-mc-servers.net/faq/. |
3.6. Purchases on the website
Registered users have the possibility to use the Data Controller's paid services through the website, in connection with which the Data Controller processes the data of the data subjects as follows.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Payment for the service, execution of payment transactions. | Time, method and online identifier of payment transactions. | Performance of the contract concluded with the Data Controller (Article 6(1)(b) GDPR). | Data relating to payment transactions shall be stored by the Data Controller for the retention period of the account on which the transaction is based. |
| Drawing up, sending and keeping accounting documents | Billing name, Billing address, E-mail address, Tax number | To comply with the tax and accounting obligations of the Data Controller (Article 6(1)(c) GDPR). | At least 8 years from the date of invoicing |
3.7. Sending information letters about the operation of the website
The Data Controller sends newsletters to the e-mail addresses of registered users in order to inform them about news related to the operation of the website and the services available, features and services provided by the platform, changes to the terms of use.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Providing news about the operation of the website and available services. | User name, E-mail address | Performing the contract concluded with the Data Controller, providing the user with the services of the platform (Article 6(1)(b) GDPR). | The data is stored until the user's account is deleted. For information on how and when a user account may be deleted, please refer to the Terms of Use at https://top-mc-servers.net/faq/. |
3.8. Contact with the Data Controller
The data subject can contact the Data Controller through the e-mail address of the Data Controller indicated in point 2 or by using the online form in the contact section of the website. The Controller will send the data subject a reply to the e-mail address provided at the beginning of the communication.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| Ensuring contact, replying to the data subject's message | Name, E-mail address, Content of message | Consent of the data subject (Article 6(1)(a) GDPR). The data subject shall have the right to withdraw his or her consent at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal | The Data Controller shall delete the data of the persons who have contacted him after the purpose of the contact has been fulfilled, unless the Data Controller is required by law to further store the data or in case a further contact is established with the data subject which involves the processing of the data subject's personal data, in which case the Data Controller shall inform the data subject of the further processing. |
3.9. Voting
On the website of the Data Controller, users can vote for the server they consider to be the best among the servers displayed on the website, which votes are forwarded by the Data Controller to the server provider receiving the vote, which server provider may, according to the terms of use of its website, provide the user casting the vote with some reward.
| The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|
| To increase the number of registered users of the website, as well as the legitimate interest of the registered user to provide rewards to players who vote for him/her (if the user's page provides such). | Username, IP address, Votes (Which server the user voted for), The date and time of the vote | The legitimate interest of the Data Controller to increase the number of registered users of the website and the registered user's legitimate interest in providing rewards to players who cast a vote (if it provides such) (Article 6(1)(f) GDPR). | The data is stored until the user's account is deleted. For information on how and when a user account may be deleted, please refer to the Terms of Use at https://top-mc-servers.net/faq/. |
3.10. COOKIES
The website uses functional and analytical cookies in connection with its operation, about which more information can be found in our Cookie Policy.
The user can accept or refuse the use of cookies in the window that pops up when visiting the website. The data subject can also set his/her browser to disable or enable cookies, so that he/she can prevent all cookie-related activities, delete cookies placed during previous visits. With each browser being different, it is possible to set preferences for cookies, including their deletion, individually using the browser toolbar. For more information about the settings for disabling or enabling cookies, please refer to the Help section of your browser, or you can find out more directly via the links below:
If the cookie is deleted, the function (purpose) associated with the cookie will not be fulfilled, as a result of which certain content and functions of the website will not be available to the user.
4. DATA TRANSFERS
The Controller transfers personal data of the users to the following recipients.
- Hosting providers: depending on the nationality of the user concerned, the Data Controller stores user
data on the servers of the following hosting providers:
- for US citizens, the Data Controller stores users' data on servers operated by the hosting provider OVH US LLC dba OVHcloud (registered seat/postal address: 11950 Democracy Dr Ste 300, Reston, VA 20190, e-mail: legal@corp.ovh.us website: https://www.us.ovhcloud.com) - for non-US citizens, the Data Controller stores the users' data on servers operated by the hosting provider OVH HOSTING LIMITED ENTERPRISE (seat/postal address: 2 Rue Kellermann, 59100 Roubaix, France, e-mail: support@ovh.com website: https://www.ovhcloud.com )
Hosting providers ensure the storage of the data on their own servers and perform other tasks necessary for the provision of the hosting service (e.g. repair and maintenance tasks). - Payment service providers: the Data Controller uses the payment services of the payment service provider ................ (seat/postal address:, e-mail: ..................., website: ..................), which operates the Paypal platform for online payment transactions. The purpose of the data transfers is to carry out payment transactions, to prevent and detect fraud and abuse of payment transactions, to perform any additional tasks that may be required by the payment service provider to ensure the effectiveness of the payment, and to confirm the transactions. The credit card data provided during the online payment process are directly transferred to the payment service provider's system and are not seen, stored or accessed in any form by the Data Controller.
- Provider of the online invoicing program: the Data Controller uses the online invoicing program billingo.hu, operated by Billingo Technologies ZRT. (seat/postal address: 1133 Budapest, Árbóc street 6, e-mail: hello@billingo.hu, website: https://www.billingo.hu), for the issuing and sending of invoices and for the provision of data relating to invoices towards NAV. The service provider provides the online billing software for the Data Controller, and performs tasks related to the maintenance, operation and repair of the software.
- Electronic mail service provider: the sending and electronic delivery of newsletters related to the operation of the website is provided to the Data Controller by the service provider Namecheap, Inc. (seat/postal address: 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA, e-mail: support@namecheap.com, website: https://www.namecheap.com ).
- Accountant: In order to fulfil its tax declaration and accounting obligations under the applicable legislation, the Data Controller uses an accountant, to whom it transfers the personal data necessary for the fulfilment of its mandate. Accountant of the Controller: Etelka Csalló.(seat/postal address: 1203 Budapest, Helsinki út 3, .e-mail: csallo.etelka1@t-online.hu ).
5. THE RIGHTS OF DATA SUBJECTS
Data subjects have the following rights in relation to the processing of their personal data:
a) Right of access
The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not his or her personal data are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom or which the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period of the storage of the personal data or, if not possible, the criteria for determining that period;
(e) the existence of the right of the data subject to request from the controller the rectification, erasure of personal data or restriction of the processing of personal data concerning him or her or to object to the processing of such personal data;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data have not been collected from the data subject, any available information as to their source;
(h) that the existence of automated decision-making processing, including profiling, and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject shall also have the right to obtain, upon request, a copy of his or her personal data which are the subject of the processing, from the Controller. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs.
In order to meet data security requirements and to protect the rights of the data subject, the Data Controller shall verify the identity of the data subject and of the person who wishes to exercise his or her right of access, for which purpose the provision of information and the provision of copies of personal data shall be subject to the identification of the data subject.
b) Right to rectification
The data subject shall have the right to obtain from the Data Controller, at his or her request, the rectification of inaccurate personal data relating to him or her, upon providing credible evidence of the inaccuracy of the data concerned by the rectification request.
c) Right to restriction of processing
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Data Controller where one of the following conditions is met:
- the data subject contests the accuracy of his or her personal data, in which case the Data Controller will limit the processing for the period of time necessary to verify the accuracy of the personal data;
- the processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing in accordance with paragraph 5. d); in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.
d) Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her where such processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
e) Right to erasure ("right to be forgotten")
The data subject shall have the right to obtain, at his or her request, the erasure of personal data concerning him or her by the Controller where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data have been unlawfully processed;
- the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
- the data subject has objected to the processing on the basis of Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing;
- the personal have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
The Controller shall not be required to comply with the data subject's request for erasure in the cases provided for in Article 17(3) of the GDPR, in particular where the processing is necessary for the establishment, exercise or defence of legal claims or for compliance with a legal obligation to which the Controller is subject.
f) Right to data portability:
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller if the processing is based on the data subject's consent or on a contract with the data subject and the processing is carried out by automated means.
6. THE SUBMISSION AND MANAGEMENT OF REQUESTS FOR DATA PROCESSING
The data subject may send his or her request for processing to the Data Controller by post or by electronic means (e-mail address) indicated in point 2. The Data Controller shall examine the data subject's request without undue delay and not later than 30 days after receipt of the request and shall inform the data subject of the actions taken or proposed to be taken by the Data Controller in response to the request. If necessary, taking into account the number of requests and their complexity, this time limit may be extended by a further 60 days. The Data Controller shall inform the data subject of the extension of the time limit within 30 days of receipt of the request, providing the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. Where the request is unfounded, the Controller shall inform the data subject of the refusal of the request, the reasons for the refusal and the remedies available to the data subject, as set out in point 7 of this Policy.
7. LEGAL REMEDIES
If the data subject considers that the Data Controller has infringed the applicable data protection requirements in the processing of his or her personal data, he or she has the following legal remedies:
- may lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa street 9-11., postal address: 1363 Budapest, Pf. 9. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu), or
- has the right to lodge an appeal for the protection of your data with a court, which will rule on the matter as a matter of priority. In such a case, the data subject may, at his/her own discretion bring the action before the competent court of the seat of the Controller (at Budapest-Capital Regional Court, in hungarian: Fővárosi Törvényszék) or before the competent court of the place where the data subject resides or is domiciled.
ANNEX 1: Definitions
For the purposes of this Privacy Policy, the main definitions applicable are as follows:
personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
data subject: a natural person identified or identifiable on the basis of any information.
processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
recipient: means a natural or legal person, to which the personal data are disclosed.
data protection: the protection of the lawfulness of the processing of personal data, the protection of the data subject and the protection of the data subject.
transfer: making data available to a specified third party.
restriction of processing: the marking of stored personal data with the aim of limiting their future processing.
erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve.
data subject's consent: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.