Your GDPR Rights

Last Updated: January 1, 2025

Effective Date: January 1, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals control over their personal data. As users of My Hospital Town Doctor Games, you have specific rights regarding how your personal information is collected, used, and protected.

This page explains your rights under GDPR and how to exercise them. We are committed to respecting these rights and making it easy for you to control your personal data.

2. Data Controller Information

Visionary Games Zone is the data controller for personal data collected through our website and services. This means we determine the purposes and means of processing your personal data and are responsible for ensuring GDPR compliance.

3. Your GDPR Rights Explained

Under GDPR, you have the following rights regarding your personal data:

3.1 Right to Information (Article 13-14)

You have the right to know:

• What personal data we collect about you
• Why we collect and use your data
• How long we keep your data
• Who we share your data with
• Your rights and how to exercise them
• How to contact us about data protection

How we comply: This information is provided in our Privacy Policy and on this page.

3.2 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This includes:

• Confirmation that we process your data
• A copy of your personal data
• Information about how we use your data
• Details about data sharing
• Information about data retention periods

Response time: We will respond within one month of receiving your request.

How to request: Email us at [email protected] with "Data Access Request" in the subject line.

3.3 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if it is incomplete. This includes:

• Correcting factual errors
• Updating outdated information
• Adding missing information

Response time: We will make corrections within one month.

How to request: Contact us at [email protected] with details of the corrections needed.

3.4 Right to Erasure (Article 17) - "Right to be Forgotten"

You have the right to request deletion of your personal data in certain circumstances:

• The data is no longer necessary for the original purpose
• You withdraw consent and there is no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required for compliance with legal obligations

Limitations: We may not be able to delete data if we need it for legal compliance, public interest, or legitimate business purposes.

How to request: Email [email protected] with "Data Deletion Request" in the subject line.

3.5 Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in certain situations:

• You contest the accuracy of the data (while we verify accuracy)
• Processing is unlawful but you prefer restriction over deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we consider your objection)

Effect: We will store the data but not use it for other purposes without your consent.

3.6 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format when:

• Processing is based on consent or contract
• Processing is carried out by automated means

You can also request that we transfer your data directly to another service provider where technically feasible.

Format: We will provide data in JSON or CSV format unless you request a specific format.

3.7 Right to Object (Article 21)

You have the right to object to processing of your personal data when:

• Processing is based on legitimate interests
• Processing is for direct marketing purposes
• Processing is for scientific, historical research, or statistical purposes

Direct marketing: You can object to direct marketing at any time, and we will stop immediately.

Other processing: We will stop processing unless we can demonstrate compelling legitimate grounds.

3.8 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling, that produces legal or similarly significant effects. Currently, we do not engage in automated decision-making that would trigger this right.

4. How to Exercise Your Rights

4.1 Contact Methods

You can exercise your GDPR rights by contacting us through any of the following methods:

• Email (Recommended): [email protected]
• General Inquiries: [email protected]
• Business Contact: [email protected]

4.2 Information to Include in Your Request

To help us process your request quickly and securely, please include:

• Your full name
• Contact email address
• Specific right you want to exercise
• Detailed description of your request
• Any relevant dates or reference numbers
• Proof of identity (if required)

4.3 Identity Verification

To protect your privacy, we may need to verify your identity before processing certain requests. This may involve:

• Asking security questions
• Requesting identification documents
• Using email verification
• Confirming account details

4.4 Response Times

We are committed to responding to your requests promptly:

• Standard requests: Within one month
• Complex requests: Up to three months (we will notify you of any delay)
• Urgent requests: We will prioritise based on the nature of the request
• Acknowledgment: We will acknowledge receipt within 72 hours

5. Parental Rights for Children's Data

Parents and legal guardians have additional rights regarding their children's personal data:

5.1 Consent Management

• Provide consent for data processing
• Withdraw consent at any time
• Modify consent preferences

5.2 Access and Control

• Access their child's personal data
• Request correction of their child's data
• Request deletion of their child's data
• Object to processing of their child's data

5.3 Monitoring and Oversight

• Review data collection practices
• Monitor their child's online activities
• Receive notifications about data processing

6. Cookie Consent and Management

6.1 Cookie Categories

We use different types of cookies, and you can manage your preferences for each:

• Essential cookies: Required for website functionality (cannot be disabled)
• Analytics cookies: Help us understand website usage (optional)
• Preference cookies: Remember your settings (optional)
• Marketing cookies: Currently not used

6.2 Managing Cookie Consent

You can manage your cookie preferences by:

• Using our cookie consent banner when you first visit
• Contacting us to change your preferences
• Using your browser settings to block cookies
• Clearing existing cookies from your browser

6.3 Withdrawing Cookie Consent

To withdraw your consent for non-essential cookies:

• Email us at [email protected]
• Clear your browser cookies
• Adjust your browser settings to block future cookies

7. Data Transfers and International Rights

If your data is transferred outside the UK/EU, you have additional rights:

• Information about the transfer and safeguards in place
• Access to copies of adequacy decisions or appropriate safeguards
• Right to object to transfers in certain circumstances

8. Complaints and Appeals

8.1 Internal Complaints

If you are not satisfied with how we handle your request:

• Contact our Data Protection Officer
• Request a review of the decision
• Escalate to senior management

8.2 Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority:

United Kingdom:

• Authority: Information Commissioner's Office (ICO)
• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

8.3 When to Contact Supervisory Authority

You may wish to contact the ICO if:

• We fail to respond to your request within the required timeframe
• You disagree with our response to your request
• You believe we are not complying with GDPR
• You want independent advice about your rights

9. Fees and Charges

Generally, we do not charge fees for processing GDPR requests. However, we may charge a reasonable fee if:

• Your request is clearly unfounded or excessive
• You make repetitive requests for the same information
• The request requires significant administrative effort

We will inform you of any fees before processing your request and explain why the fee is necessary.

10. Updates to Rights and Procedures

We may update our procedures for handling GDPR requests to:

• Comply with new legal requirements
• Improve our response processes
• Incorporate feedback from users
• Align with best practices

We will notify users of significant changes to these procedures through our website or by email where appropriate.

11. Technical and Organisational Measures

We implement appropriate technical and organisational measures to protect your rights:

11.1 Technical Measures

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security updates and patches
• Automated data retention and deletion processes

11.2 Organisational Measures

• Staff training on GDPR compliance
• Data protection impact assessments
• Clear data handling procedures
• Regular audits and compliance reviews

We are committed to protecting your privacy rights and ensuring full compliance with GDPR. Your data protection is our priority, and we are here to help you exercise your rights effectively.