We use your info to get what you order into your hands. We don’t use your information for advertising or mailing lists. We don’t even use Google Analytics because those “metrics” aren’t important—what you think about our games is important.
You’re not a data subject, we bet you’re someone we’d enjoy playing a game with.
Let’s take a look at what we collect, how it’s used, and what we save.
Cookies and your info
We store a 365-day cookie on your computer for this website’s privacy notification which is for General Data Protection Regulation (GDPR) compliance.
We allow third-party cookies in order to sell games and display videos.
Our online shop is created with Shopify.com—an e-commerce platform—that stores cookies on your computer to create your shopping cart.
If you buy from us, you enter payment and shipping information into a secure Shopify.com component which is saved to our Shopify.com account (and if you pay with PayPal, PayPal.com stores cookies).
Here’s how we use your information:
- An email alerts us to your order—it contains your name and address (we delete this after reading it).
- We log in to our secure Shopify account to see your order and shipping address (if you pay via PayPal, we can see your shipping address from our PayPal account).
- We never see, and are unable to access, your payment information.
- We log in to our secure Stamps.com account to create your shipping label. When created, its record is sent to the United States Postal Service (USPS). We don’t save your shipping address (but Stamps.com and USPS.com do keep records).
- We personally hand your package to a Postal Service Clerk at a United States Post Office where USPS.com tracks its progress.
In a nutshell
- subQuark.com stores a cookie to display our privacy notification.
- Shopify.com stores cookies to create your shopping cart.
- Shopify.com collects shipping and billing info, if you make a purchase.
- We use Stamps.com to create your shipping label.
- USPS.com tracks your package.
- YouTube.com and Google.com store cookies for our videos.
For successful Kickstarters, your shipping address is collected via a survey.
We import the survey from our secure Kickstarter.com account as Excel spreadsheets. These allow us to package your rewards and create their shipping labels. Once all rewards are shipped, we shred the paper shipping lists and delete the files from our computer.
We don’t use third-party pledge managers, in part, to safeguard your personal data. We also don’t use third-party fulfillment & shipping services for the same reason.
- Data Subject: That’s you, here on this site.
- Data Controller: That’s us collecting order info and displaying videos.
- Data Processor: Shopify.com, PayPal.com, Stamps.com, USPS.com, YouTube.com, and Google.com.
Subject access request (SAR)
You can request the personal information we have about you. We don’t store information or data about you longer than we need to—in most cases, 24 to 48 hours—so it’s highly likely that we don’t have any data about you.
If you’d like to submit a SAR, please mail a written request with the following information so that we can verify that you’re requesting this on your behalf.
- your name on your order
- the date of your purchase(s)
- what you purchased
- your shipping address
- email address used for purchase(s)
- email address to return your requested information
If the email used to purchase is different than the one you want us to return your request to, please provide a photocopy of a conventional and recognisable photo ID, such as a driver’s license, passport, or national identity card (German Personalausweis or US Real ID, for example).
After we email you our findings, we’ll delete that email, and shred your written request.
Mail your SAR to our Designated Protection Officer:
David Miller, DPO
24 Sheffield Road
Portsmouth, NH 03801
We’ll respond within 10 days of its receipt.
In the event of a data breach, we’ll post breach information within 48 hours of its discovery. Since we don’t keep your email address, we’ll post details here on this page and make announcements on our Twitter and Facebook feeds.
Data breaches can include digital and physical records (such as mailing labels).
|Breach date||Nature of breach||Mitigation|
phew . . .