1. Controller
Hamster Systems is responsible for the personal data processed through this website and related systems unless a separate agreement states otherwise.
2. Laws considered
As Hamster Systems is operated from the UK, we consider UK GDPR and the Data Protection Act 2018. Where users, infrastructure, or service providers are in the EU/Germany, EU GDPR principles and applicable German data protection requirements, including the BDSG where relevant, may also be considered.
3. Data we collect
- Account data: name, email, password hash, role, special ranks, account age, status, notes, and login activity.
- Support data: tickets, messages, attachments, categories, priority, assigned agent, status, transcripts, access approval PINs, and internal support notes.
- Career data: applications, CV/resume files, experience, portfolio links, application status, recruiter notes, and messages sent to applicants.
- Content data: guides, comments, media, submissions, changelogs, news, and project data where features are used.
- Technical data: IP address, browser/device data, logs, cookies, timestamps, security events, and email delivery logs.
4. Why we use data
We use personal data to operate the website, provide accounts, answer support requests, manage applications, protect security, keep audit records, send required emails, improve services, comply with legal obligations, and prevent misuse.
5. Lawful bases
Depending on the activity, we may rely on contract performance, legitimate interests, consent, legal obligation, or steps taken before entering into a contract. Recruitment data is processed to assess applications and communicate with applicants.
6. Hosting and international processing
Infrastructure may be hosted in Germany and/or other UK/EEA locations. Where data is processed by third-party providers, we aim to use appropriate safeguards, contracts, access controls, and security measures.
7. Retention
We keep data only for as long as needed for the purpose it was collected, including account administration, support history, recruitment records, security logs, legal compliance, disputes, backups, and audit records. Retention periods may vary by feature.
8. Your rights
Depending on your location and the applicable law, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent, and complain to a supervisory authority.
9. UK and EU supervisory authorities
UK users may contact the Information Commissioner’s Office (ICO). EU/German users may contact their local data protection authority. We encourage users to contact us first so we can try to resolve the issue.
10. Security
We use role-based access, audit logs, account controls, ticket assignment, time-limited access approvals, and technical measures to protect data. No online system is completely risk-free.
11. Contact
For privacy requests, contact us using the support or contact details on the website.