|CS.RIN.RU - Steam Underground Community
|Page 1 of 1|
|Author:||RessourectoR [ Friday, 13 Jul 2018, 14:05 ]|
For feedback, questions or any concerns regarding this policy, send a PM to RessourectoR.
This post is intended to inform users on
In the following, "personal data" refers to the definition found in . Note that we do not formally adhere to the GDPR, because this site is hosted in Russia and therefore outside of the EU. However, we respect the right to privacy and do our best to comply with any removal or information requests related to personal data.
Important: This policy only applies to the forum. The main site (https://cs.rin.ru) is hosted on a different server and not maintained by me.
What data is collected and stored and for what purpose? For how long is it stored?
Furthermore, the mailserver logs e-mail addresses when sending e-mails and the database server logs slow queries that may contain personal data.
All server logs are kept for approximately 7 days and are then deleted. They are used to track malicious activity in case of a security breach, to ensure that the server works correctly and for generic activity statistics, which are only generated on demand and without analysis of IP addresses or session IDs. These activity reports are not stored permanently.
IP addresses and user agents
Visitor sessions contain a user agent string (if available) and an anonymized IP address. Inactive sessions expire after one hour, but may be stored indefinitely within backups. Session information is required for successful user login and authentication.
Forum profile logs
These logs are kept indefinitely, unless the user requests them to be deleted. They are used by the staff to recognize users and to provide account recovery support.
Forum ban lists and ban logs
is stored in the forum database indefinitely, unless the user requests removal. Account passwords are hashed with a salted MD5 function and are also stored indefinitely.
On the web server, unencrypted database backups are stored for up to seven days, after which they are deleted and encrypted copies take their place for approximately one year. The encryption is done with GPG using AES-256, with the RSA decryption key not being stored on the server.
Off-site, encrypted backups done by me (RessourectoR) are stored indefinitely for the database, and up to one year for avatars and attachments.
Off-site backups made by the server owner are not encrypted and may be stored indefinitely; this is currently not known.
Backups contain most personal data that was later removed, but are only kept strictly for archival purposes. All backups made prior to 2017 contain full (non-anonymized) IP addresses.
Who has access to the data?
Who is the data shared with?
Prior to 25.06.18, forum pages contained advertisement and tracking code from third-party sites including, but not limited to, youlamedia.com, liveinternet.ru, counter.yadro.ru and yandex.st.
Prior to 13.07.18, forum pages contained a tracking counter from count.rin.ru.
Pages outside of /forum may contain additional advertisement and tracking code.
The forum allows users to embed content from other websites, which may be loaded by the visitor's browser, by using BBCodes:
All these sites may collect information such as full IP addresses and browser configuration. YouTube videos are embedded using the "privacy-enhanced mode" (youtube-nocookie.com), for which Google claims that no information on forum visitors is stored unless they play the video.
What control do users have over their data?
This means that users can remove all personal information that account deletion without posts deletion would remove as well, except for profile logs. We do not delete accounts without good reason, unless they have a very low post count (below 15 posts), in order to retain the user's contributions to the community. Furthermore, users can request advanced removal of personal data from
The already anonymized IP addresses cannot be traced back to individual persons and therefore are not personal data on their own. To our best knowledge, this covers all possible occurences of personal data in our database beyond a user's profile, if such information was provided by you or is publically visible on the forum. If you have reason to believe that other users have entered your sensitive personal information anywhere on this forum beyond the above listed possibilities, let us know and we will attempt to remove it. We may refuse such a request at our discretion, if it requires violating the privacy of other users. Please note that while deleting accounts without deleting posts is technically possible, it does not achieve better privacy than anonymization as laid out above.
Accounts can also be merged, if some kind of proof of ownership is provided.
Users can protect against tracking by blocking scripts from all domains other than cs.rin.ru, in case any such scripts are added by the server owner or by intruders. Additionally, images and videos in posts, private messages and signatures can be replaced by links using the display options for images and Flash (even if the videos are not Flash-based).
|Page 1 of 1||All times are UTC + 1 hour|
|Powered by phpBB® Forum Software © phpBB Group