Wednesday, May 23, 2018

GDPR

Hi,

This blog post is about the new GDPR, aka the European General Data Protection Regulation (PDF in English), and how I (Marine Kelley) comply with it. In this post I'll try to go full disclosure with you about what I know when you purchase or use a product I made.

In a nutshell, the GDPR is a regulation that states that you, as a user, have the right to your privacy and that regulation gives you the right to know what data is processed by a vendor, to whom it is given, and a right to decide what you want to share and even to be forgotten.

Although this is a European regulation and Second Life is managed by Linden Lab which is based in the United States, I believe you have those rights no matter what. I have those rights as a European, and so should you. And as a European, my business should comply with this regulation anyway.

I'm going to try to remain concise here, but in case you don't want to read, here is the tl;dr version :

I do nothing with your data, I know very little about you, and I've followed these principles long before the GDPR was even an idea.


If you want fuller details, read on.

As you may know, there are several ways you as a user may interact with me as a merchant :

- By buying products from a vendor in-world, either from a RealRestraint vendor or a Marine's Goodies vendor.
- By buying products from the Marketplace.
- By contacting me in-world through chat or IM (Instant Message), directly or through a friend when language is an issue.
- By contacting me via email.


Let's start with the most important part : what I know about you. Then I'll explain how I gather these data and what I do with them.


Your data

I know very little about you. Your user name (for example Jane Resident), your display name(s) at the time(s) you interacted with me, the purchases you made, what you said to me when we discussed, the money you spent buying my products, and that's it.

Some of these data are on my hard drives in the form of textual chat logs, the rest is on the Gmail servers because I use Gmail as my primary mail service. All purchase logs go to my Gmail mailbox and sit there until the time I need them. The purchases transactions are also on the LL servers in the form of a Transaction History. None of my other mailboxes receives any data about you.

I do not know anything about your real name or identity, nor do I know anything about your IP address, computer, let alone real world location.

Lastly, I do not share nor sell any of your information to anyone. I did not wait for a regulation to tell me not to, I believe we are all entitled to our privacy.


When buying from a vendor in-world

When you buy a product from either a RealRestraint or a Marine's Goodies vendor, I receive in my mailbox an email from my server stating what you bought, when, from what vendor, for how much money, and if there was an error.

There is also the Linden Lab Transaction History, on which I have no control except consultation. When you make a purchase, paying me money in exchange for a product, a log entry is added to that Transaction History, stating your user name, the amount of money, the time and the location of the vendor.

Some of my RealRestraint vendors belong to my friend Angelina Sinclair, who gets a share of the earnings when buying from one of those vendors. As a result, she is notified when you buy from her by seeing your user name in a popup in her viewer, as well as in her Transaction History.


When opening a box

Nearly every box containing a product I made also contains a small script named "_Inventory", which is responsible for sending me an email when you rez the box. The data contains your user name, the inventory inside the box so I know there was no mistake when packaging the product and nothing was lost during the transfer, but also the slurl pointing to the place where the box was rezzed.

This might raise a privacy concern but in practice I do nothing with that information, which is not something my script is even programmed to send, it is automatically added by SL when sending the email, there's nothing I can do to prevent that, short of using an in-world relay and compounding the system.


When using a product I made

None of my products gathers any information about you nor shares anything with me. RR products do contact my home server once a week to get the "message of the day" and to get notified when an update is available. I do not log those commands nor get any information from them.


When updating a RealRestraint product

When you update a RealRestraint product (with a simple update or a replacement), I know what you update, when, from what updater and if there was an error. All these data are sent to my Gmail mailbox.


When buying a Maison De La Marquise product

When you buy a product from Maison De La Marquise, which is my Marketplace store, I receive an email from Linden Lab containing your user name, your purchase, who you gifted it to if it is a gift, the money you spent, the money I earned (that's what you spent minus 5% and commissions if any) and the time of the purchase.


When communicating with me
When you IM me, two things may happen. If I'm online, our conversation is logged to a particular text file on my hard drive (and on yours too) with your user name, display name and the dates and times. If I'm offline, your messages go to my mailbox, as well as my answers since I can communicate even while offline (thanks LL for that feature !).


When going to my shop in Pak

There is a radar in my booth in Pak that sends the user names of everybody who is present around the parcel to a prim that is located in my home sim. This list is not stored anywhere, it is just displayed as a hovertext that I look at once in a while. When someone leaves the vicinity or logs off there, their name disappears from the list.

I use this radar mainly to check if a specific person (usually a griefer or a troll) is present and if I have to intervene.


When reading this blog

Blogger belongs go Google and they may or may not gather information about you. They do not share any of it with me except for regular, non-identifying statistics and I have no control over what they gather.


When downloading the RLV

The RLV archive is stored in a folder on www.erestraints.com. I do not control any part of this site except for the FTP which I use to upload the RLV, and I get no information about who visits that page, downloads the viewer or when.


When using the RLV

The RLV does not share any data with me or anyone else about your usage you make of it. It stores the same data as the official SL viewer. LL sends me a regular report about crashes and other statistics, but none can identify anybody, they're just numbers and release versions.


The right to erasure

You may request me to erase all data I have about you. This is a manual process and I reserve the right to do it within reasonable delays, and this is what I'll do :

- I'll search your name in my mailbox and erase all entries.
- I'll erase your IM text log from my hard drive.


There are three caveats though :

- I cannot erase that data from the LL servers so my Transaction History will forget about you when it expires. Likewise, I cannot guarantee that Gmail won't keep a copy of the erased data, I have no control over that either. I can only erase what I have control upon.
- I treat my regular customers better than the ones who buy only a product or two from me. This means that when someone requests something from me that goes against normal business practices (like a replacement when the original object was lost, knowing said object was no-copy/trans and I can't be given a proof of the loss), the amount of money you spent with me goes a long way to help me decide if I should help or not. If you want me to erase those data, you may go back from "good customer" to "standard customer" status.
- Technically I do not own any of the data stored on Gmail, even though I own the credentials to access that mailbox. So I'll erase your data from there as an act of good will, but I am in no way required to do so. The only data that I own are the ones on my hard drives, and those are the ones I am required to erase. If you really want Gmail to erase your data from my mailbox once and for all, you have to ask Google.



The right to access

This one is more difficult, because it requires not to erase data but to format it in a reusable way (likely a text file). This is not a problem for IM logs, but it is for purchase logs as they are stored in my mailbox. I don't know if there's a way with Gmail to selectively archive some emails to a hard drive instead of all of them. I know that archiving the whole mailbox takes two days.

The same caveat applies : I do not own the data stored in my Gmail mailbox, even though I own the credentials to access it, so I am not actually required to share what is stored in it.