Arkasa Server - Privacy Policy
Effective Date: January 13, 2026 Version: 1.0
Introduction
This Privacy Policy explains how Didier De Ridder ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the Arkasa gaming server ("Server", "Service").
We process personal data in accordance with:
- EU General Data Protection Regulation (GDPR)
- Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data
Data Controller
| Information | Details |
|---|---|
| Data Controller | Didier De Ridder |
| Business Address | Cyriel Buysselaan, 9120 Melsele, Belgium |
| VAT Number | BE1023.256.463 |
| arkasaserver@gmail.com | |
| Website | www.arkasa.gg |
| Supervisory Authority | Belgian Data Protection Authority (GBA) |
What Data We Collect
Account and Identity Data
- Steam ID / Epic Games ID
- Discord ID and username
- In-game character names
- Email address (for purchases and support)
- Account creation date
Connection Data
- IP addresses
- Connection timestamps
- Session duration
- Geographic location (country/region)
Gameplay Data
- In-game actions and events
- Chat messages (global, tribe, whispers)
- Commands used
- Player statistics (playtime, kills, tames, etc.)
- Tribe membership and alliances
- Building and territory claims
Transaction Data (for purchases)
- Purchase history
- Payment method (last 4 digits only)
- Transaction IDs
- VAT invoices
- Billing address
Communication Data
- Support tickets and correspondence
- Discord messages sent in public server channels
- Appeal submissions
We do not monitor or log direct messages (DMs) between users unless reported via the ticketing system.
Technical Data
- Game client version
- Mods installed
- Error logs and crash reports
Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing game server services | Performance of contract |
| Account management | Performance of contract |
| Server security and anti-cheat | Legitimate interest |
| Rule enforcement and moderation | Legitimate interest |
| Processing purchases | Performance of contract |
| VAT compliance and invoicing | Legal obligation |
| Responding to support requests | Performance of contract |
| Service improvement | Legitimate interest |
| Legal compliance | Legal obligation |
How We Use Your Data
Service Provision
- Authenticate your identity and manage your account
- Deliver in-game features and purchased items
- Process and fulfill transactions
- Provide customer support
Security and Enforcement
- Detect and prevent cheating, hacking, and exploits
- Enforce server rules and community guidelines
- Investigate and resolve disputes
- Ban violators and maintain ban lists
Legal Compliance
- Comply with Belgian tax law (VAT)
- Respond to lawful requests from authorities
- Maintain records as required by law
Communication
- Send service-related announcements
- Notify of rule changes or Terms updates
- Respond to inquiries and support tickets
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | 6 months after last activity |
| Gameplay logs | 6 months |
| Chat logs | 6 months |
| Connection logs (IP addresses) | 6 months |
| Transaction records | 10 years (Belgian tax law) |
| VAT invoices | 10 years (Belgian tax law) |
| Support tickets | 2 years after resolution |
| Ban records | Indefinite (see note below) |
Note on Ban Records: Only technical identifiers (SteamID, EpicID, hashed IP addresses) are retained indefinitely to enforce bans and prevent fraud. Personal contact details (email, name) are removed after the standard 6-month retention period unless required for ongoing legal proceedings.
After retention periods expire, data is permanently deleted or anonymized.
Data Sharing
We Share Data With:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Payment processor (Tip4Serv and its sub-processors) | Transaction processing | PCI-DSS compliant, contractual obligations |
| Server hosting provider | Infrastructure | Data Processing Agreement, EU servers |
| Discord | Community management | Discord Privacy Policy applies |
| Steam / Epic Games | Authentication | Platform Privacy Policies apply |
Tip4Serv acts as an independent data controller or processor for payment data in accordance with its own Privacy Policy. If Tip4Serv uses sub-processors (such as Stripe or PayPal), this is governed by Tip4Serv's agreements and policies.
We Do NOT:
- Sell your personal data
- Share data for third-party marketing
- Share data with advertisers
- Transfer data to countries without adequate protection (without safeguards)
Legal Disclosure
We may disclose data when required by law, court order, or lawful request from Belgian or EU authorities.
International Data Transfers
Your data is primarily processed within the EU/EEA on servers located in Europe.
If data is transferred outside the EU/EEA, we implement:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfer Impact Assessments
- Additional safeguards as required by Belgian and EU law
Your Rights Under GDPR
You have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data (subject to legal retention requirements).
Right to Restriction
Request limitation of processing in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interest.
Right to Withdraw Consent
Withdraw consent at any time (where processing is based on consent).
Right to Complain
Lodge a complaint with the Belgian Data Protection Authority.
How to Exercise Your Rights
Submit requests to:
- Email: arkasaserver@gmail.com
- Subject: "GDPR Request - [Your Right]"
Include:
- Your full name
- Account username
- Email address associated with account
- Description of your request
- Proof of identity (we may request verification)
Response Timeline:
- Acknowledgment: within 48 hours
- Response: within 30 days (may extend to 60 days for complex requests)
- No fee for reasonable requests
Data Security
We implement appropriate technical and organizational measures:
Technical Measures
- TLS 1.3 encryption for data in transit
- Encrypted storage for sensitive data
- Regular security updates and patches
- Access controls and authentication
- Firewall and intrusion detection
Organizational Measures
- Staff access limited to necessary personnel
- Confidentiality agreements for all staff
- Regular security training
- Incident response procedures
Data Breach Notification
In case of a personal data breach:
To Authorities:
- Notification to Belgian GBA within 72 hours (if required)
To Affected Users:
- Notification without undue delay if high risk to rights and freedoms
- Via email and Discord announcement
Notification includes:
- Nature of the breach
- Likely consequences
- Measures taken
- Contact point for information
Children's Privacy
Minimum Age: 13 years
We do not knowingly collect data from children under 13. If we discover such data, it will be deleted immediately.
Parental Rights: Parents or guardians may contact us to:
- Request information about data collected from their child
- Request deletion of their child's data
- Exercise rights on behalf of their child
Cookies and Tracking
Website (www.arkasa.gg)
We use cookies for:
- Essential functionality (login, preferences)
- Analytics (anonymous usage statistics)
In-Game
No cookies. Data collected through game server logs.
Discord Data Processing
We process Discord messages and related data only to the extent they are accessible to us as server administrators and strictly necessary for:
- Server moderation and enforcement of our Community Guidelines
- Providing technical support and resolving disputes
- Maintaining server security and preventing abuse
Legal basis: This processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining a safe and functional community environment, and where applicable, contractual necessity (Art. 6(1)(b) GDPR) for support services.
Scope limitation: We do not systematically monitor all server communications. We only access and process messages when:
- Reported by users or automated moderation tools
- Relevant to an active investigation
- Required for enforcing server rules or Discord's Terms of Service
Data retention: Messages processed for moderation purposes are retained only as long as necessary for the specific purpose (typically up to 90 days, unless needed for ongoing investigations). Security-related logs may be retained longer if required for legal compliance.
Your rights: Discord users maintain full control over their messages through Discord's own privacy settings and data export/deletion tools. For requests specific to our server administration, contact us at arkasaserver@gmail.com with subject "Discord Data Request".
Note: Discord Inc. (or Discord Netherlands BV for EEA users) remains the primary data controller for all Discord platform data. Our role is limited to processing as outlined above.
Automated Decision-Making
We may use automated systems for:
- Anti-cheat detection
- Spam filtering
- Automated moderation
Automated decisions are never the sole basis for permanent account termination without human review.
Your Rights: You can request human review of any automated decision that significantly affects you.
Changes to This Policy
We may update this Privacy Policy periodically.
Notification:
- Material changes announced via Discord and email
- At least 14 days notice before changes take effect
- Updated version posted on www.arkasa.gg
Contact and Complaints
Contact Us
| Method | Contact |
|---|---|
| arkasaserver@gmail.com | |
| Discord | https://discord.gg/arkasa |
| Website | www.arkasa.gg/contact |
Supervisory Authority
Belgian Data Protection Authority (GBA/APD)
- Website: www.dataprotectionauthority.be
- Email: contact@apd-gba.be
- Address: Drukpersstraat 35, 1000 Brussels, Belgium
You have the right to lodge a complaint with the GBA if you believe your data protection rights have been violated.
Summary Table
| Topic | Details |
|---|---|
| Data Controller | Didier De Ridder |
| Location | Belgium (EU) |
| Legal Framework | GDPR + Belgian Act of 30 July 2018 |
| Data Retention | 6 months (general), 10 years (financial) |
| Data Transfers | EU-based, SCCs for non-EU |
| Your Rights | Access, rectification, erasure, portability, object, complain |
| Contact | arkasaserver@gmail.com |
| Supervisory Authority | Belgian GBA (www.dataprotectionauthority.be) |
Last updated: January 13, 2026 Version: 1.0