Jump to content


WarGaming not complying with EU GDPR regulations.


  • Please log in to reply
19 replies to this topic

Insert_Insult #1 Posted 08 February 2019 - 05:24 PM

    Warrant Officer

  • Player
  • 8263 battles
  • 602
  • Member since:
    06-06-2012

 

Art. 15 GDPR Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
1The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

 

now I have made repeated requests, yet at every point, warGaming blocks me with their rules, point to note their rules do not supersede the Law.

they claim I need to supply them with a mobile phone number to access my data, yet I did not have to supply a mobile phone for them to start using the data. Nor did I have to supply a mobile phone number to purchase premium items.

they have closed numerous tickets requesting the information.

it is clear in the regulations that all I need to do is REQUEST the information, then they are supposed to supply the information, but they keep finding hoops that I am supposed to jump through to get what they legally have to supply.

 

I hope that one manager in WarGaming reads this and does the correct thing and get me the information that has been requested.

 



jabster #2 Posted 08 February 2019 - 05:55 PM

    Field Marshal

  • Beta Tester
  • 12627 battles
  • 24,995
  • [WSAT] WSAT
  • Member since:
    12-30-2010
I wouldn’t hold my breath as I went through the same thing with them. Their spiel is they need the phone number for security while ignoring that adding it at this point adds no security.

Insert_Insult #3 Posted 08 February 2019 - 06:16 PM

    Warrant Officer

  • Player
  • 8263 battles
  • 602
  • Member since:
    06-06-2012

View Postjabster, on 08 February 2019 - 04:55 PM, said:

I wouldn’t hold my breath as I went through the same thing with them. Their spiel is they need the phone number for security while ignoring that adding it at this point adds no security.

 

they will find I am a little tenacious with things like this, next step if I don't get help will be my MP. :)

Bordhaw #4 Posted 08 February 2019 - 10:40 PM

    Lieutenant Сolonel

  • Player
  • 13339 battles
  • 3,447
  • Member since:
    01-29-2017

View PostInsert_Insult, on 08 February 2019 - 04:24 PM, said:

 

Art. 15 GDPR Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
1The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

 

now I have made repeated requests, yet at every point, warGaming blocks me with their rules, point to note their rules do not supersede the Law.

they claim I need to supply them with a mobile phone number to access my data, yet I did not have to supply a mobile phone for them to start using the data. Nor did I have to supply a mobile phone number to purchase premium items.

they have closed numerous tickets requesting the information.

it is clear in the regulations that all I need to do is REQUEST the information, then they are supposed to supply the information, but they keep finding hoops that I am supposed to jump through to get what they legally have to supply.

 

I hope that one manager in WarGaming reads this and does the correct thing and get me the information that has been requested.

 

 

Why can you not download the data yourself ?

 

https://eu.wargaming.net/personal/privacy/



jabster #5 Posted 08 February 2019 - 11:13 PM

    Field Marshal

  • Beta Tester
  • 12627 battles
  • 24,995
  • [WSAT] WSAT
  • Member since:
    12-30-2010

View PostBordhaw, on 08 February 2019 - 09:40 PM, said:

 

Why can you not download the data yourself ?

 

https://eu.wargaming.net/personal/privacy/

 

Because that requires you to give WG your mobile phone number.

Insert_Insult #6 Posted 11 March 2019 - 05:54 PM

    Warrant Officer

  • Player
  • 8263 battles
  • 602
  • Member since:
    06-06-2012

Update on this post.

 

the only way I could get my Data was to give WG a contact number [which is against the GDPR], so I purchased a cheap sim card and installed it in a phone my friend loaned me.

 

now the update to this is WG were the only ones given the number, yet I have received so many telemarketing sales calls and they all claim that I entered a survey or competition which is how they got the number.

 

so it would seem that WG is actually selling any phone numbers they are able to force people to hand over, which if I am not mistaken is breaking the GDPR again, I was not asked if they could profit from my contact details so why are they doing it?

 

funny how only started receiving those calls after WG was given the number which they claim is needed for security.... newsflash WG, selling my info is not security for me, only for your bank balance.



jack_timber #7 Posted 11 March 2019 - 07:14 PM

    Major

  • Player
  • 36388 battles
  • 2,659
  • Member since:
    07-26-2014

Well I never ... Gave them my phone number never had a 'telemarketing' call.

Maybe they didn't sell mine:)



SuedKAT #8 Posted 11 March 2019 - 07:26 PM

    Lieutenant General

  • Player
  • 12154 battles
  • 7,471
  • [T-D-U] T-D-U
  • Member since:
    08-21-2014

View PostInsert_Insult, on 11 March 2019 - 05:54 PM, said:

Update on this post.

 

the only way I could get my Data was to give WG a contact number [which is against the GDPR], so I purchased a cheap sim card and installed it in a phone my friend loaned me.

 

now the update to this is WG were the only ones given the number, yet I have received so many telemarketing sales calls and they all claim that I entered a survey or competition which is how they got the number.

 

so it would seem that WG is actually selling any phone numbers they are able to force people to hand over, which if I am not mistaken is breaking the GDPR again, I was not asked if they could profit from my contact details so why are they doing it?

 

funny how only started receiving those calls after WG was given the number which they claim is needed for security.... newsflash WG, selling my info is not security for me, only for your bank balance.

 

There are firms all around Europe that make a living on selling active (and ok as in not in some "do not call" registry) numbers to telemarketing companies and there are a ton of ways to get those numbers without buying them from anyone. Purchasing a cheap sim card, I'm guessing a pre-paid one and not expecting a ton of sales calls during the first month is what's surprising to me, have you never bought a phone in the past or something?

Insert_Insult #9 Posted 11 March 2019 - 07:54 PM

    Warrant Officer

  • Player
  • 8263 battles
  • 602
  • Member since:
    06-06-2012

View PostSuedKAT, on 11 March 2019 - 06:26 PM, said:

 

There are firms all around Europe that make a living on selling active (and ok as in not in some "do not call" registry) numbers to telemarketing companies and there are a ton of ways to get those numbers without buying them from anyone. Purchasing a cheap sim card, I'm guessing a pre-paid one and not expecting a ton of sales calls during the first month is what's surprising to me, have you never bought a phone in the past or something?

 

the sim was a Tesco sim, zero money on it as I don't use mobile phones and have no wish to start using one, the only reason it was kept active for so long was due to having to wait for the export from WG, it still has no money on it and now I have my data the phone has been handed back and the sim stored in my desk drawer.

 

if you are aware of the GDPR, no information of anyone is to be used without their consent, and if it is to be used then the company is required to inform you what it is used for.

 

edit, FYI, my friend who loaned me the phone uses prepaid sims, and after speaking to him it would seem he has never received an unwarranted sales call, but then again he has never given WG his number.


Edited by Insert_Insult, 11 March 2019 - 07:59 PM.


Nishi_Kinuyo #10 Posted 11 March 2019 - 10:25 PM

    Major General

  • Player
  • 8210 battles
  • 5,335
  • [GUP] GUP
  • Member since:
    05-28-2011

View PostInsert_Insult, on 11 March 2019 - 05:54 PM, said:

Update on this post.

 

the only way I could get my Data was to give WG a contact number [which is against the GDPR], so I purchased a cheap sim card and installed it in a phone my friend loaned me.

 

now the update to this is WG were the only ones given the number, yet I have received so many telemarketing sales calls and they all claim that I entered a survey or competition which is how they got the number.

 

so it would seem that WG is actually selling any phone numbers they are able to force people to hand over, which if I am not mistaken is breaking the GDPR again, I was not asked if they could profit from my contact details so why are they doing it?

 

funny how only started receiving those calls after WG was given the number which they claim is needed for security.... newsflash WG, selling my info is not security for me, only for your bank balance.

You do know that they recycle mobile phone numbers a decent time after they go inactive, right?

So its possible that you got such a recycled number which did go through a survey competition... 2-3 years prior.



Insert_Insult #11 Posted 12 March 2019 - 06:05 PM

    Warrant Officer

  • Player
  • 8263 battles
  • 602
  • Member since:
    06-06-2012

View PostNishi_Kinuyo, on 11 March 2019 - 09:25 PM, said:

You do know that they recycle mobile phone numbers a decent time after they go inactive, right?

So its possible that you got such a recycled number which did go through a survey competition... 2-3 years prior.

 

that is a fair point, I was not aware of mobile numbers being recycled, just goes to show after a lifetime of never using a mobile phone I have learnt something.

SuedKAT #12 Posted 12 March 2019 - 07:16 PM

    Lieutenant General

  • Player
  • 12154 battles
  • 7,471
  • [T-D-U] T-D-U
  • Member since:
    08-21-2014

View PostInsert_Insult, on 11 March 2019 - 07:54 PM, said:

 

the sim was a Tesco sim, zero money on it as I don't use mobile phones and have no wish to start using one, the only reason it was kept active for so long was due to having to wait for the export from WG, it still has no money on it and now I have my data the phone has been handed back and the sim stored in my desk drawer.

 

if you are aware of the GDPR, no information of anyone is to be used without their consent, and if it is to be used then the company is required to inform you what it is used for.

 

edit, FYI, my friend who loaned me the phone uses prepaid sims, and after speaking to him it would seem he has never received an unwarranted sales call, but then again he has never given WG his number.

 

You might want to look into GDPR a bit more since you'll find your telephone number next to your name in the phone book as well as on numerous online sites, however a pre-paid sim tend to be a bit more anonymous and you can most of the time use that "unregistered" so to speak from phone books etc. Do keep in mind though that in most cases the local shop that sold you that sim card is required to report that sale to the operator, or if not the operator will see that number active in their network, or they simply list the numbers as active the moment they ship them to the store and as soon as that happens your number is collected into several databases as an "active" number, this information is then sold to companies that perform sales via telephone. A new active number will generally have numerous sales calls in the first 1-3 months and then again 6-8 months later since that's a rough time period for the "refresh rate" so to speak.

 

I just had a read of the terms of service for the largest pre- paid sim card provider here and it quite clearly states that they will save my information for 24 months after purchase and will use that information to provide me with tailored offers as well as share this with their subcontractors as well as subcontractors outside EU/EES, to not get a random sales call after all that would be a miracle.

 

However it can be as Nishi_Kinuyo mentioned above as well, the sim you bought have a "must use before this date" stamped on it or the package it came in, generally 6 or 12 months, if the sim ain't used before then the number gets recycled.

 

Also I got 2 WG accounts on EU, one on RU, NA and the SEA server all have phone numbers tied to them for recovery purposes in case my accounts get compromised, neither are bombarded with sales calls, it's just my main line that have the occasional sales call from some electricity company or Viasat trying to convince me I need their services.



Pansenmann #13 Posted 12 March 2019 - 08:47 PM

    Field Marshal

  • Player
  • 35134 battles
  • 13,119
  • [WJDE] WJDE
  • Member since:
    08-17-2012

Beware, you may need to receive an SMS on that mobile number

when you want to change password etc.

 

actually WG wants to use that phone number for 2nd factor auth

and to ensure the personal data does not go to an unauthorized person.

 

well, it is not foolproof but better than nothing.

 

PS: you can send them a Letter anytime and request your data on a read-only medium aka DVD or CD

PPS: it is advised to include an addressed return letter


Edited by Pansenmann, 12 March 2019 - 08:48 PM.


Nishi_Kinuyo #14 Posted 12 March 2019 - 09:53 PM

    Major General

  • Player
  • 8210 battles
  • 5,335
  • [GUP] GUP
  • Member since:
    05-28-2011

View PostInsert_Insult, on 12 March 2019 - 06:05 PM, said:

 

that is a fair point, I was not aware of mobile numbers being recycled, just goes to show after a lifetime of never using a mobile phone I have learnt something.

Hey, last time I had a mobile phone was years ago as well, and I made like a handful of phonecalls a year with it at best. :girl:



jabster #15 Posted 13 March 2019 - 11:13 AM

    Field Marshal

  • Beta Tester
  • 12627 battles
  • 24,995
  • [WSAT] WSAT
  • Member since:
    12-30-2010

View PostPansenmann, on 12 March 2019 - 07:47 PM, said:

Beware, you may need to receive an SMS on that mobile number

when you want to change password etc.

 

actually WG wants to use that phone number for 2nd factor auth

and to ensure the personal data does not go to an unauthorized person.

 

well, it is not foolproof but better than nothing.

 

PS: you can send them a Letter anytime and request your data on a read-only medium aka DVD or CD

PPS: it is advised to include an addressed return letter

 

The problem is that at the point in time you request the GDPR data you are already have the credentials required to add a mobile phone number so unless WG have a way of checking that the mobile phone number belongs to the authorised owner of the account then where's the added security?

eekeeboo #16 Posted 14 March 2019 - 07:39 PM

    English Community Manager

  • WG Staff
  • 46125 battles
  • 2,076
  • Member since:
    07-25-2010

View PostInsert_Insult, on 11 March 2019 - 06:54 PM, said:

 

the sim was a Tesco sim, zero money on it as I don't use mobile phones and have no wish to start using one, the only reason it was kept active for so long was due to having to wait for the export from WG, it still has no money on it and now I have my data the phone has been handed back and the sim stored in my desk drawer.

 

if you are aware of the GDPR, no information of anyone is to be used without their consent, and if it is to be used then the company is required to inform you what it is used for.

 

edit, FYI, my friend who loaned me the phone uses prepaid sims, and after speaking to him it would seem he has never received an unwarranted sales call, but then again he has never given WG his number.

 

It's VERY easy for those companies to get a hold of the "bank" of numbers. This is how you end up with calls on any new sim if it's old enough. 

 

But to be clear, no company, especially WG would risk breaking GDPR and has been legally checked, repeatedly by people who are responsible for this in law. 



nakkipeppu #17 Posted 14 March 2019 - 08:28 PM

    Sergeant

  • Player
  • 32180 battles
  • 288
  • [LGGF] LGGF
  • Member since:
    04-10-2012
They've created a process for providing the data to the data subject, because GDPR requires the controller to do so. After a risk management session, they concluded that the person asking for the data needs to be sufficiently identified, and a email or a ticket is not considered as sufficient.

 

Now, by adding a phone number to a mix, it would make it multifactor authentication, and then they deemed that you've sufficiently provided the proof of your identity. This all is documented somewhere in their quality management system, and if there was an audit from say, data protection authority, they damn well need to prove they followed this process they created, to a point.

 

I'm guessing emailing a copy of your passport could perhaps work, short of showing up at their offices with an ID. Companies do usually give you alternative ways to perform the request, but they're rather cumbersome. 

 

Look at it this way - would you be happy to know, that a company would provide ALL the information they have on you the guy to some guy who got hold of your email account alone ?



jabster #18 Posted 14 March 2019 - 09:09 PM

    Field Marshal

  • Beta Tester
  • 12627 battles
  • 24,995
  • [WSAT] WSAT
  • Member since:
    12-30-2010

View Postnakkipeppu, on 14 March 2019 - 07:28 PM, said:

They've created a process for providing the data to the data subject, because GDPR requires the controller to do so. After a risk management session, they concluded that the person asking for the data needs to be sufficiently identified, and a email or a ticket is not considered as sufficient.

 

Now, by adding a phone number to a mix, it would make it multifactor authentication, and then they deemed that you've sufficiently provided the proof of your identity. This all is documented somewhere in their quality management system, and if there was an audit from say, data protection authority, they damn well need to prove they followed this process they created, to a point.

 

I'm guessing emailing a copy of your passport could perhaps work, short of showing up at their offices with an ID. Companies do usually give you alternative ways to perform the request, but they're rather cumbersome. 

 

Look at it this way - would you be happy to know, that a company would provide ALL the information they have on you the guy to some guy who got hold of your email account alone ?

 

Asking to add a mobile phone number at this point adds no security to the process.

nakkipeppu #19 Posted 14 March 2019 - 09:38 PM

    Sergeant

  • Player
  • 32180 battles
  • 288
  • [LGGF] LGGF
  • Member since:
    04-10-2012

View Postjabster, on 14 March 2019 - 10:09 PM, said:

 

Asking to add a mobile phone number at this point adds no security to the process.

 

It probably doesn't, but it's a process. If they ignored the requirement to provide mobile number and just gave him the data, that'd be a deviation, which would be huge pain to deal with. Nobody in their right minds is going to go against a documented process that's very likely audited by a third party to conform to GDPR.

 

 



Rupolsky #20 Posted 23 March 2019 - 09:28 AM

    Corporal

  • Player
  • 1730 battles
  • 116
  • [HUZ1] HUZ1
  • Member since:
    12-01-2011

Did you hear what happened to the Englishman, Irishman and Scotsman?

 

Spoiler

 






4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users