Privacy Policy for BigfootDS

Introduction

At BigfootDS, accessible from https://bigfootds.com, the privacy and security of our visitors, users, players, and customers is a top priority. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and what rights and choices you have.

This policy applies to information collected through our website or other software (such as videogames) only. It does not cover data collected offline or via third-party services that link to or from our site.

By accessing or using BigfootDS and/or by agreeing to this policy in a relevant prompt, you acknowledge that you have read and agree to this Privacy Policy. Questions or requests may be sent to contact@bigfootds.com.

Definitions

• Personal Data: Any information relating to an identified or identifiable person, including name, email, IP address, and online identifiers.
• Processing: Any operation on personal data, including collection, storage, use, transfer, and deletion.
• Data Controller: BigfootDS PTY LTD, determining the purposes and means of processing personal data on BigfootDS.
• You / User: Any individual accessing or using BigfootDS.

Information We Collect

1. Information You Provide Directly

• Contact form submissions: name, email address, and message content
• Account registration: name, email address, username, and encrypted password
• Billing details (processed securely via third-party processors; full card numbers are never stored on our servers)
• Email address and preferences for newsletter or mailing list subscriptions

2. Automatically Collected Data

• IP address, browser type and version, operating system, and device type
• Pages visited, time and date of visit, duration, and referring URL
• HTTP request headers and server log data
• Cookie identifiers, session tokens, and similar tracking data (see Cookies section)
• Aggregated usage analytics via Google Analytics 4 or similar services
• Interaction data from embedded third-party content (e.g. videos, social widgets, maps)

3. Data from Third-Party Authentication

• When you log in via Google, Facebook, Apple, or another OAuth provider, we receive limited profile data (name, email, unique identifier) as permitted by your settings. We never receive your third-party password.

How We Use Your Information

We process personal data for the following purposes:

Cookies and Tracking Technologies

BigfootDS uses cookies, web beacons, and similar technologies. Cookies are small text files placed on your browser to help us deliver and improve our services. We use the following categories:

Managing Cookies: You can control or delete cookies through your browser settings. Opt-out tools: DAA Opt-Out, Your Online Choices (EU), Google Analytics Opt-Out. Disabling strictly necessary cookies may impair website functionality.

Cookie Consent: Where required by law (e.g. GDPR, ePrivacy Directive), you will be presented with a cookie consent banner on your first visit. Your preference is stored and honoured on subsequent visits.

Analytics

We use Google Analytics 4 (GA4) to measure traffic and usage patterns. GA4 uses first-party cookies and does not use third-party cookies for cross-site tracking. Our privacy configuration includes:

• IP anonymisation enabled; your full IP address is never stored by Google
• Data retention configured to a maximum of 14 months
• We have signed a Data Processing Amendment with Google in accordance with GDPR
• GA4 data is not shared with Google for its own advertising purposes

You may opt out of Google Analytics tracking at any time via the Google Analytics Opt-Out Browser Add-on.

Social Login and Third-Party Authentication

You may register or log in using providers such as Google, Facebook, Apple, or GitHub. We receive only the profile data you authorise (typically name, email, unique identifier). We do not receive your password. You may revoke access through the provider's security settings at any time. We are not responsible for the data practices of identity providers.

Payments and Financial Transactions

Payments are processed by PCI-DSS Level 1 compliant third-party processors. We do not store, transmit, or access full payment card numbers. Our payment infrastructure includes:

• SSL/TLS encryption for all payment data in transit
• Tokenisation of payment methods to avoid storing raw card data on our servers
• PCI-DSS compliant environments audited by certified security assessors

Transaction records (excluding card details) are retained for up to 7 years for accounting, tax, and legal compliance.

Email Communications and Newsletter

With your explicit consent, we may send newsletters, product updates, or promotional emails. Every commercial email includes a working one-click unsubscribe link in compliance with the CAN-SPAM Act and, where applicable, CASL. You may also unsubscribe by emailing contact@bigfootds.com. Requests are processed within 10 business days. We may retain your address on a suppression list to honour your opt-out preference.

Embedded Third-Party Content

Our pages may include embedded content from YouTube, Twitter/X, Spotify, Google Maps, or social media platforms. Embedded content behaves as if you visited the originating website directly and may collect data, set cookies, and track your interaction independently. We encourage you to review each provider's privacy policy before interacting with embedded content.

Third-Party Services and Integrations

We work with trusted third-party service providers who may access your personal data only to the extent necessary to perform services on our behalf. All processors are bound by Data Processing Agreements (DPAs). Categories include:

• Hosting and infrastructure: Cloud providers who host our website and databases
• Analytics: Tools for measuring usage and performance
• Email delivery: Providers for transactional and marketing emails
• Payment processing: PCI-compliant payment processors
• Security and monitoring: Fraud detection and uptime monitoring services

How We Share Your Information

We do not sell your personal information. Data is shared only in these limited circumstances:

• Service Providers: Trusted processors under contract who help operate our website; they may only process data as instructed by us.
• Legal Requirements: Where required by law, regulation, subpoena, or court order. We notify you where legally permitted before disclosing.
• Safety: To protect the rights, property, or safety of BigfootDS, our users, or the public.
• Business Transfers: In a merger, acquisition, or asset sale, your data may transfer. You will be notified via a prominent website notice and, where feasible, by email.
• With Your Consent: For any other purpose with your explicit prior consent.

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• HTTPS/TLS 1.2+ encryption for all data in transit
• Bcrypt or equivalent hashing for stored passwords; plaintext passwords are never stored
• Role-based access controls limiting data access to authorised personnel
• Regular security assessments, penetration testing, and vulnerability scanning
• Real-time monitoring systems for detecting suspicious activity
• PCI-DSS compliant payment environment

In the event of a personal data breach likely to result in risk to your rights, we will notify affected individuals and relevant supervisory authorities within the legally mandated timeframe (e.g. 72 hours under GDPR).

Data Retention

We retain personal data only as long as necessary to fulfil stated purposes or as required by law:

Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or transfer your personal data. You may exercise these rights by contacting us at contact@bigfootds.com. We will respond within the timeframe required by applicable law. You will never be penalised or discriminated against for exercising your privacy rights.

GDPR - European Union Data Protection Rights

If you are in the EU or EEA, the General Data Protection Regulation (EU) 2016/679 grants you these rights:

• Right of Access (Art. 15): Request a copy of personal data we hold and how it is processed.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data without undue delay.
• Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your data where no longer necessary, consent is withdrawn, or processing is unlawful, subject to legal retention obligations.
• Right to Restriction of Processing (Art. 18): Request we temporarily halt processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (e.g. CSV/JSON) and transfer it to another controller where technically feasible.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing; we will cease unless we demonstrate compelling grounds.
• Rights re: Automated Decisions (Art. 22): Not be subject to solely automated decisions, including profiling, that produce significant legal or similarly significant effects, without human review.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing relies on it, without affecting the lawfulness of prior processing.

Legal Bases for Processing: Art. 6(1)(a) Consent; Art. 6(1)(b) Contract; Art. 6(1)(c) Legal obligation; Art. 6(1)(f) Legitimate interests. For special category data, we rely on Art. 9(2)(a) explicit consent or other applicable bases.

International Transfers: Transfers outside the EEA are protected by EU Standard Contractual Clauses (SCCs, Commission Decision 2021/914), adequacy decisions, or other lawful Chapter V GDPR mechanisms.

Data Protection Officer: Where legally required, a DPO has been appointed. Contact: contact@bigfootds.com.

We will respond to GDPR requests within 30 days (extendable by 2 months for complex cases). You may also lodge a complaint with your EU Member State's supervisory authority (DPA).

UK GDPR - United Kingdom Rights

If you are in the UK, your rights under the UK GDPR and Data Protection Act 2018 mirror those under EU GDPR listed above. The Information Commissioner's Office (ICO) is the UK supervisory authority: ico.org.uk. International transfers from the UK are governed by UK International Data Transfer Agreements (IDTAs) or UK addendums to EU SCCs as approved by the UK Secretary of State.

CCPA / CPRA - California Consumer Privacy Rights

The California Consumer Privacy Act (CCPA), as amended by the CPRA (effective January 1, 2023), grants California residents:

• Right to Know: Disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom data is shared.
• Right to Delete: Request deletion of personal information, subject to exceptions (completing transactions, security, legal obligations).
• Right to Correct: Request correction of inaccurate personal information we hold.
• Right to Opt Out of Sale or Sharing: Opt out of the sale or sharing of personal information for cross-context behavioural advertising. We do not sell personal information. Should this change, we will add a "Do Not Sell or Share My Personal Information" link to our homepage.
• Right to Limit Sensitive Personal Information: Restrict use of sensitive personal information to necessary purposes only.
• Right to Non-Discrimination: We will not deny service, charge different prices, or provide lower quality because you exercised a CCPA right.

Personal information collected in the past 12 months: Identifiers (name, email, IP address); Internet or network activity (browsing history, site interactions); Commercial information (if purchases made); Geolocation data (if location features used); Inferences drawn to build user profiles.

Submit CCPA requests to contact@bigfootds.com. We verify identity and respond within 45 days (extendable by 45 days). Authorised agents may submit requests on your behalf with proper documentation.

Other US State Privacy Rights: Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), and other states with similar privacy laws may exercise equivalent rights by contacting contact@bigfootds.com.

COPPA - Children's Online Privacy Protection

BigfootDS is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where a higher threshold applies, such as certain EU member states under GDPR Art. 8).

If we discover we have inadvertently collected data from a child under the applicable age threshold without verified parental consent, we will delete it immediately. Parents or guardians who believe their child has submitted data on BigfootDS should contact us at contact@bigfootds.com. We will investigate and take corrective action within 72 hours of notification.

HIPAA - Health Information Privacy (US)

To the extent BigfootDS operates as a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act (HIPAA), we comply with the HIPAA Privacy Rule (45 CFR Part 164) and Security Rule. Protected Health Information (PHI) is used and disclosed only as permitted by HIPAA, protected by administrative, physical, and technical safeguards, and subject to our Notice of Privacy Practices (NPP), available upon request. For HIPAA enquiries, contact our Privacy Officer at contact@bigfootds.com.

PCI-DSS - Payment Card Data Security

Any payment card data processed in connection with BigfootDS is handled in compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Our compliance measures include: use of a PCI-DSS Level 1 certified payment processor; no storage, processing, or transmission of raw cardholder data on our own servers; HTTPS/TLS for all payment-related pages; and completion of annual PCI-DSS Self-Assessment Questionnaires (SAQ).

LGPD - Lei Geral de Protecao de Dados (Brasil)

Se voce esta no Brasil, a Lei No. 13.709/2018 (LGPD) concede-lhe direitos de acesso, correcao, anonimizacao, portabilidade, eliminacao, e revogacao do consentimento. Para exercer esses direitos, entre em contato: contact@bigfootds.com. Reclamacoes nao resolvidas podem ser enviadas a Autoridade Nacional de Protecao de Dados (ANPD): gov.br/anpd.

English summary: Brazilian users have rights under the LGPD including access, correction, deletion, portability, and information about data sharing. Contact contact@bigfootds.com to exercise these rights.

PIPEDA - Canadian Privacy Rights

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, Canadian residents may: access personal information we hold; challenge its accuracy and request correction; withdraw consent for collection, use, or disclosure; and file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca. Submit requests to contact@bigfootds.com. We will respond within 30 days.

India DPDP Act 2023 - Data Principal Rights

Under the Digital Personal Data Protection Act 2023 (DPDP Act) and its Rules, Indian residents (Data Principals) are entitled to:

• Right to Information (S. 11): A summary of personal data processed, the processing activities, and the identities of processors and third parties with whom data has been shared.
• Right to Correction and Erasure (S. 12): Correction of inaccurate or misleading data and erasure of data no longer needed for its stated purpose.
• Right of Grievance Redressal (S. 13): Grievances addressed by our Data Fiduciary; unresolved complaints may be escalated to the Data Protection Board of India.
• Right to Nominate (S. 14): Nominate another individual to exercise rights on your behalf in case of death or incapacity.

Data Fiduciary contact: contact@bigfootds.com. We acknowledge requests within 72 hours and resolve them within timelines prescribed by the DPDP Act and its Rules.

POPIA - South Africa Protection of Personal Information

Under the Protection of Personal Information Act 4 of 2013 (POPIA), South African data subjects have the right to access, correct, delete, and object to the processing of their personal information. Contact contact@bigfootds.com to exercise these rights. Unresolved complaints may be lodged with the Information Regulator of South Africa: justice.gov.za/inforeg.

PDPA - Thailand Personal Data Protection

Under Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA), Thai data subjects have rights of access, correction, deletion, restriction, portability, and objection. Contact contact@bigfootds.com to exercise these rights. Complaints may be submitted to the Personal Data Protection Committee (PDPC) of Thailand.

CASL - Canada Anti-Spam Legislation

Where applicable, BigfootDS complies with Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23). Our CASL commitments include:

• We obtain express or implied consent before sending commercial electronic messages (CEMs) to Canadian recipients
• Every CEM clearly identifies BigfootDS as the sender and includes our contact information
• Every CEM includes a functioning unsubscribe mechanism, honoured within 10 business days
• We maintain records of consent as required by CASL

Links to External Websites

BigfootDS may contain links to third-party websites. Once you leave our site, this Privacy Policy no longer applies. We have no control over and accept no responsibility for external sites' content, privacy policies, or practices. We recommend reviewing the privacy policy of any third-party site you visit.

Do Not Track (DNT) Signals

Some browsers transmit "Do Not Track" signals to websites. There is currently no universally accepted standard for how websites must respond to DNT signals. At this time, BigfootDS does not alter its data collection practices in response to DNT browser signals. We will review this position as industry standards evolve.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. When material changes are made, we will update the "Last Updated" date at the top and post a prominent notice on our website, and where feasible notify subscribers via email. Your continued use of BigfootDS after any modification constitutes acceptance of the revised policy. We encourage you to review this page periodically.

Contact Us

For questions, data subject requests, or privacy complaints, please contact us:

• Website: https://bigfootds.com
• Email: contact@bigfootds.com
• Data Controller / Owner: BigfootDS PTY LTD

We aim to respond to all enquiries within 5 business days, and within applicable legal deadlines for formal data subject requests.