Privacy Policy

Introduction

Your privacy is important to us. This Privacy Policy explains how RO-INC.XYZ ("we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our platform. We are committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Czech data protection law.

If you have any questions, you can contact us at: [email protected] or via our contact form.

Information We Collect

We may collect the following types of information:

• Account Information: Your username, email address, password (stored in hashed form), and profile information you provide during registration.
• Content You Upload: Files, messages, notes, images, and other content you post on the platform.
• Usage Data: Aggregate, non-personal statistics about how our platform is used (e.g., total visitor counts to the homepage). We do not collect device-specific or individually identifiable usage data beyond what is listed here.
• Contact Form Data: Your email address and the content of your message when you submit a contact or report form.
• Cookies: See the Cookies section below.

Cookies We Use

We use only strictly necessary cookies that are required for the platform to function. These cookies do not require your consent under GDPR, as they are essential to provide the service you have requested.

• PHPSESSID: A temporary session cookie required for login and form handling. Expires when you close your browser.
• lang: Stores your preferred language setting.
• cf_clearance: Set by Cloudflare Turnstile after you complete a CAPTCHA challenge, to protect against bots. Governed by Cloudflare's privacy policy.

We do not use tracking, analytics, advertising, or profiling cookies.

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The following table outlines our processing activities and their legal basis:

• Account registration and login — Performance of a contract (Article 6(1)(b) GDPR): necessary to provide the service you signed up for.
• Sending transactional emails (e.g., account notifications) — Performance of a contract (Article 6(1)(b) GDPR).
• Security scanning of uploaded files (ClamAV) — Legitimate interests (Article 6(1)(f) GDPR): protecting users and the platform from malware.
• Content moderation — Legitimate interests (Article 6(1)(f) GDPR): maintaining a lawful and safe platform.
• Responding to contact/report form submissions — Legitimate interests (Article 6(1)(f) GDPR): handling user enquiries and reports.
• Compliance with legal obligations — Legal obligation (Article 6(1)(c) GDPR): e.g., responding to lawful requests from authorities.

How We Use Your Information

• To create and manage your account and provide platform services.
• To send you service-related communications (e.g., account updates, reports status).
• To detect, investigate, and prevent fraudulent or illegal activity.
• To scan uploaded files for malware using ClamAV.
• To respond to reports of policy violations or illegal content.
• To comply with legal obligations.

We will not use your data for purposes incompatible with those listed above without obtaining your consent or having another lawful basis.

Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your information only in the following limited circumstances:

• Service Providers: We use the following third-party services to operate our platform. Each is contractually bound to process your data only as instructed and to maintain appropriate security measures:
  • Mailgun – for sending and receiving platform emails. Data may be processed in the US under appropriate safeguards (Standard Contractual Clauses).
  • Google – for optional Sign in with Google functionality. Governed by Google's Privacy Policy.
  • Discord – for optional Sign in with Discord functionality. Governed by Discord's Privacy Policy.
  • Cloudflare – for DDoS protection and CAPTCHA services. May process connection data. Governed by Cloudflare's Privacy Policy.
• Legal Authorities: We may disclose your information to law enforcement or other public authorities if required by law, court order, or to protect the rights, safety, or property of RO-INC.XYZ, its users, or the public.

International Data Transfers

Some of our third-party service providers (notably Mailgun and Cloudflare) may process your data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or the provider's participation in an equivalent approved framework, to protect your data in accordance with GDPR requirements.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Account data: Retained for the duration of your account. Deleted upon account deletion request, subject to the note on anonymized content below.
• Contact form submissions and report data: Retained for up to 12 months, unless a longer period is required for legal or dispute resolution purposes.
• Uploaded files: Deleted when you delete them or when your account is deleted.
• Anonymized content: When you delete your account, some content such as forum posts or chat messages may be retained in anonymized form (with all personally identifying information removed) to preserve the integrity of conversations. This anonymized data is no longer personal data under GDPR.

Your Rights Under GDPR

If you are in the EU or EEA, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data. You may also delete your account directly.
• Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances.
• Right to Object: You can object to processing based on legitimate interests.
• Right to Data Portability: You can request a copy of data you have provided to us in a structured, machine-readable format, where technically feasible and where processing is based on consent or contract.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Czech supervisory authority: Úřad pro ochranu osobních údajů (UOOU), www.uoou.cz.

Reporting Content and Removal

If you believe any uploaded content contains your personal data or violates your privacy rights, please use the "Report File" feature or contact us directly. We will review the reported content and remove it if necessary to comply with applicable law, including GDPR erasure requests.

Security of Your Information

We implement reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include hashed password storage, ClamAV malware scanning, and Cloudflare-based DDoS and bot protection. However, no method of transmission over the internet is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected users as required by GDPR.

Children's Privacy

Our platform is intended for users aged 16 and older. Users between the ages of 13 and 15 may only use the platform with verified parental or guardian consent, where required by applicable law. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take prompt steps to delete it. If you believe we have collected such data, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via a site-wide notice and, where possible, by email with reasonable advance notice. The updated policy will indicate the date of the most recent revision. Continued use of the platform after changes take effect constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

• Email: [email protected]
• Contact form: ro-inc.xyz/contact_us