Privacy Policy
Privacy Policy — GDPR Compliant
Last updated: 26.04.2026
🇪🇺
GDPR Compliant
🔒
Data Protected
🚫
No Data Selling
✉️
Right to Delete
1. Who We Are (Data Controller)
This Privacy Policy applies to Metin2PrivateServer.com, a Metin2 private server toplist website.
📋 Data Controller Information:
Website: metin2privateserver.com
Purpose: Metin2 Private Server Toplist
2. What Data We Collect
2.1 Data you provide directly:
Account Registration
• Username
• Email address
• Password (encrypted)
Server Listing
• Server name & description
• Website URL
• Banner image/video
2.2 Data collected automatically:
Technical Data
• IP address (vote validation)
• Browser type & version
• Operating system
• Pages visited
Cookies
• Session cookies
• Preference cookies
• Analytics cookies (if consent)
• Marketing cookies (if consent)
3. Legal Basis for Processing (GDPR Art. 6)
Art. 6(1)(a)
Consent — For analytics and marketing cookies, newsletter communications.
Art. 6(1)(b)
Contract — For processing your account data to provide our services.
Art. 6(1)(f)
Legitimate Interest — For IP-based vote fraud prevention and security.
4. How We Use Your Data
✅
Provide our toplist services and account management
✅
Prevent vote fraud and bot manipulation (IP tracking)
✅
Send account-related emails (password reset, notifications)
✅
Improve site performance and user experience
✅
Comply with legal obligations
❌
We NEVER sell your data to third parties
❌
We NEVER use your data for profiling without consent
❌
We NEVER share your email with advertisers
5. Cookie Policy
| Cookie Name | Type | Purpose | Duration | Required |
|---|---|---|---|---|
| metin2privateserver_session | Essential | Session management & security | 2 hours | ✅ |
| XSRF-TOKEN | Essential | Cross-site request forgery protection | 2 hours | ✅ |
| ck_consent | Essential | Stores your cookie preferences | 365 days | ✅ |
| _ga | Analytics | Google Analytics — visitor tracking | 2 years | ⚙️ |
| _gid | Analytics | Google Analytics — session tracking | 24 hours | ⚙️ |
| _gat | Analytics | Google Analytics — request throttle | 1 minute | ⚙️ |
⚙️ Manage Cookies: You can change your cookie preferences at any time by clearing your browser cookies and revisiting our site.
6. Your Rights Under GDPR
📋 Right to Access
Request a copy of all personal data we hold about you.
✏️ Right to Rectification
Request correction of inaccurate personal data.
🗑️ Right to Erasure
Request deletion of your personal data ("Right to be Forgotten").
⏸️ Right to Restriction
Request restriction of processing your personal data.
📦 Right to Portability
Receive your data in a machine-readable format.
🚫 Right to Object
Object to processing based on legitimate interests.
🔔 Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing.
⚖️ Right to Complain
Lodge a complaint with your national data protection authority.
📧 Exercise Your Rights
To exercise any of your rights, contact us at:
admin@metin2privateserver.com
We will respond within 30 days as required by GDPR.
7. Data Retention
Account data
Until account deletion or 2 years of inactivity
Server listings
Until manually deleted by owner or admin
IP addresses (votes)
30 days after collection
Visit logs
90 days
Contact messages
1 year
Cookie consent records
1 year
8. Third-Party Services
9. Data Security
🔐
SSL/TLS Encryption
All data transmitted via HTTPS with Let's Encrypt SSL certificate.
🔑
Password Hashing
Passwords stored using bcrypt hashing — never in plain text.
🛡️
CSRF Protection
Cross-Site Request Forgery protection on all forms.
🔒
SQL Injection Protection
Laravel Eloquent ORM prevents SQL injection attacks.
🚫
Rate Limiting
Vote system protected against bot abuse and spam.
📊
Access Logging
All admin actions are logged for security auditing.
10. Children's Privacy
⚠️ Age Restriction: Our service is not directed to children under the age of 16.
We do not knowingly collect personal data from children under 16.
If you are a parent or guardian and believe your child has provided us with personal data,
please contact us at admin@metin2privateserver.com
and we will delete the information immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
📧
Email notification to registered users
🔔
Banner notification on the website
📅
Updated "Last modified" date above
12. Contact & DPO
For any privacy-related questions or to exercise your GDPR rights:
admin@metin2privateserver.com
Response time: within 30 days (as required by GDPR Article 12)
🇪🇺 Supervisory Authority: If you are not satisfied with our response,
you have the right to lodge a complaint with your national data protection authority.
For EU residents, find your authority at:
edpb.europa.eu