Privacy Policy
regarding data processing related to the website https://rustserverlist.com
(hereinafter referred to as the Privacy Policy or the Policy)
Effective Date: March 08, 2026
1. INTRODUCTION
Dávid Gyetván, the owner and operator of the website https://rustserverlist.com (hereinafter: the website), as data controller (hereinafter: Data Controller) – in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) – provides the following information on the processing of personal data in connection with the website.
The processing of data under this Privacy Policy is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR") and the relevant provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
2. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER
Name: Dávid Gyetván
Postal address: 1104 Budapest, Alkér street 70.
E-mail address: support@xennodes.com
hereinafter referred to as the Data Controller
3. DEFINITIONS
The main terms used in this Privacy Policy are defined as follows:
personal data: any information relating to an identified or identifiable natural person ('data subject').
identifiable natural person: a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
data subject: a natural person identified or identifiable on the basis of any information. In relation to this Privacy Policy "data subjects" refers to website users affected by the data processing activities of the Data Controller as defined in Section 3.
processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
controller: natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
recipient: means a natural or legal person, to which the personal data are disclosed.
transfer: making data available to a specified third party.
restriction of processing: the marking of stored personal data with the aim of limiting their future processing.
erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve.
data subject's consent: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. DATA PROCESSINGS COVERED BY THIS PRIVACY POLICY
This Privacy Policy applies to the following processing activities of the Data Controller in connection with the operation of the website:
- data processing related to creating a user account on the website and logging into it
- data processing related to validating the game servers displayed on the website and editing server data
- data processing related to online voting on the website
- data processing related to contacting the website operator
- data processing related to the secure operation of the website
- data processing related to cookies used by the website.
5. Data subjects, SCOPE of processed data, PURPOSES, LEGAL BASIS AND INTENDED DURATION of data processing
In connection with the data processing activities specified in point 4, the Data Controller processes the personal data of website users for the purposes, on the legal bases and for the planned duration as specified below.
5.1. Data processing related to creating the user account and logging in:
Users can create a user account on the website via Steam and log into their user account via Steam. The provider of Steam (Valve Corporation) acts as an independent data controller with regard to the personal data it processes.
The user account of the data subject is automatically created when they log in to the website for the first time via Steam. When logging in to the user account, the Data Controller's website redirects the user to the website of the Steam provider (Valve Corporation), where the user shall enter their login details (on the website of the other Steam service provider). The Steam website then redirects the user, who is already logged in via Steam, back to the Data Controller's website. The user therefore does not provide their login details to the Data Controller, but to the Steam provider (Valve Corporation), which processes them independently in accordance with its own data processing policy. User authentication on the Data Controller's website is performed via the user's Steam ID.
In view of the above, the Data Controller draws attention to the fact that the termination or inaccessibility of the user's Steam account restricts their ability to log in to the Data Controller's website.
The user may only use their user account for its intended purpose. When using the website, the user is obliged to comply with the applicable legal regulations in force and to refrain from any activity that is illegal or infringes the interests of others, in particular any activity that restricts or hinders the proper functioning of the website or through which the user commits a violation or criminal offense.
The website operator is entitled to restrict or permanently terminate the user's access to their account if the user's activities on the website jeopardize the proper and uninterrupted operation of the website and/or cause damage to the website operator.
For security reasons, the website operator is entitled to permanently exclude the user from future use of the website's functions.
| Persons affected by data processing | The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|---|
| Users who create a user account on the Data Controller website. | Creating the account for the user and ensuring that they can log into it. | IP address, Steam ID (identifier) and Steam public profile name, which data is sent by the Steam service provider (Valve Corporation) to the Data Controller's website the fact of logging in and out of the user's account and the time of their occurrence. The source of personal data related to user login via Steam is Valve Corporation (its privacy policy is available here: https://store.steampowered.com/privacy_agreement/) |
Consent of the data subject (Article 6(1)(a) GDPR). The data subject may delete their user account at any time after logging in under the "Delete Account" menu item within the Profile. The data subject shall have the right to withdraw his or her consent at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. |
The data is stored until the user's account is deleted but no longer until the user withdraws their consent. The user account may be deleted in the following three cases: 1) Deletion of account by the user: the user can delete his/her account in his/her user profile at any time. After deletion of the account, the user will not have access to the data stored in the account, the data stored in the account will be deleted. 2) Deletion of account by the Data Controller at the request of the user: the user may request the Data Controller to delete his/her account at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. 3) Deletion of the account by the Data Controller, as the operator of the website, for breach of the terms of use of the website. |
5.2. Data processing related to the validation of public game servers on the server list published on the website and the editing of server data:
Users operating community (public) game servers can log in to their user accounts created on the website and validate their servers listed on the server list published on the website and edit the server data related to their own validated servers within a specified scope. The users are solely responsible for the accuracy and correctness of the information provided in their user account.
| Persons affected by data processing | The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|---|
| Users with a user account on the Data Controller's website who are operators of community (public) game servers included in the server list published on the Data Controller's website. | Providing users operating community (public) game servers with editing rights - within a specific scope - regarding the server information displayed on the website regarding their servers. | personal data specified in section 5.1. the verification code required to validate the server operated by the data subject - server data provided by the data subject, the date of provision, modification, or deletion of the data. The source of personal data related to user login via Steam is Valve Corporation (its privacy policy is available here: https://store.steampowered.com/privacy_agreement/) |
Consent of the data subject (Article 6(1)(a) GDPR). The data subject may delete their user account at any time after logging in under the "Delete Account" menu item within the Profile. The data subject shall have the right to withdraw his or her consent at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. |
The data is stored until the user's account is deleted but no longer until the user withdraws their consent. The user account can be deleted as described in section 5.1. |
5.3. Data processing related to online voting on the website:
After logging into their user accounts, website users can vote for game servers published on the website, which increases the number of user votes received by the game server published on the site. The number of user votes cast plays a role in the ranking of game servers on the website.
At the user's request and with their consent, the Data Controller's website forwards the vote cast by the user to the server provider receiving the vote, which server provider may, according to the terms of use of its website, provide the user casting the vote with some reward.
| Persons affected by data processing | The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|---|
| Users who vote for social game servers included in the server list published on the Data Controller's website. | Ranking and comparison of social game servers displayed on the website for website visitors. | personal data specified in section 5.1. the votes cast, their number, and the date of voting. The source of personal data related to user login via Steam is Valve Corporation (its privacy policy is available here: https://store.steampowered.com/privacy_agreement/) |
Consent of the data subject (Article 6(1)(a) GDPR). The data subject may delete their user account at any time after logging in under the "Delete Account" menu item within the Profile. The data subject shall have the right to withdraw his or her consent at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. |
The data is stored until the user's account is deleted but no longer until the user withdraws their consent. The user account can be deleted as described in section 5.1. |
5.4. Data processing related to the secure operation of the website:
In connection with the secure operation of the website, the Data Controller processes the following personal data of website users.
Users are solely responsible for maintaining the confidentiality of their account information, including their login password, and for all activities that occur under their account. Users must immediately notify the website operator of any unauthorized use of their account or any other breach of security related to their account.
| Persons affected by data processing | The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|---|
| Users with a user account on the Data Controller's website. | Secure operation of the website, prevention, detection and defense against fraud and attacks. | IP address Steam ID, the fact and time of logging in and out of user account, the number of votes cast through the website and the date of voting. The source of personal data related to user login via Steam is Valve Corporation (its privacy policy is available here: https://store.steampowered.com/privacy_agreement/) |
Enforcement of the Data Controller's legitimate interests related to the secure operation of the website and the prevention and elimination of fraud and attacks affecting it (GDPR Article 6(1)(f)). | As a general rule, the data is stored until the user's account is deleted. However, if the user is excluded from using the website' functions for security reasons, the data will be processed for the duration of the exclusion. Exclusion is at the sole discretion of the website operator and may be permanent depending on the severity of the offense. |
5.5. Processing of users' personal data related to contacting the website operator:
The Data Controller ensures that users of its website can contact it in case of questions or problems related to the website by filling out the online contact form available on the website or by sending an email to the Data Controller. The Data Controller will send its response to the data subject to the email address provided by the data subject when contacting the Data Controller.
The data subject is solely responsible for the accuracy and correctness of the data provided in the inquiry.
| Persons affected by data processing | The purpose of processing | Processed data | Legal basis for processing | Intended duration of data storage |
|---|---|---|---|---|
| Users who contact the Data Controller by email or via the online contact form on the website. | Ensuring that the data subject can contact the Data Controller, responding to the data subject's message, and maintaining contact with the data subject regarding the subject of the request. | Name, e-mail address, the subject and content of the request, and, depending on the subject of the request, any additional information necessary to handle the request. | Consent of the data subject (Article 6(1)(a) GDPR). The data subject shall have the right to withdraw his or her consent at any time by sending a statement to the e-mail address of the Data Controller specified in point 2. If the data subject withdraws their consent, the Data Controller will not be able to maintain contact with the data subject or respond to their requests. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. |
The Data Controller shall delete the data of the persons who have contacted him after the purpose of the contact has been fulfilled, unless the Data Controller is required by law to further store the data or in case a further contact is established with the data subject which involves the processing of the data subject's personal data, in which case the Data Controller shall inform the data subject of the further processing. |
5.6. COOKIES
The website uses functional and analytical cookies in connection with its operation, about which more information can be found in our Cookie Policy.
The user can accept or refuse the use of analytical cookies in the window that pops up when visiting the website. The data subject can also set his/her browser to disable or enable cookies, so that he/she can prevent all cookie-related activities, delete cookies placed during previous visits. With each browser being different, it is possible to set preferences for cookies, including their deletion, individually using the browser toolbar. For more information about the settings for disabling or enabling cookies, please refer to the Help section of your browser, or you can find out more directly via the links below:
- Google Chrome: https://support.google.com/accounts/answer/61416
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Microsoft Edge: https://learn.microsoft.com/en-us/microsoft-edge/devtools-guide-chromium/storage/cookies
If the cookie is deleted, the function (purpose) associated with the cookie will not be fulfilled, as a result of which certain content and functions of the website will not be available to the user.
6. SOURCE OF DATA:
Logging in to the website takes place through the Steam service provider system, during which the Steam service provider (Valve) transmits the data subject's Steam ID and Steam public profile name to the Data Controller in connection with the login. With regard to other personal data processed by the Data Controller, the source of the personal data is the data subjects themselves.
7. PERSONS INVOLVED IN THE PROCESSING OF PERSONAL DATA:
the processing of personal data is carried out by the Data Controller itself.
The data subject may read about the external service providers used by the Data Controller to perform the tasks specified by the Data Controller during data processing in Section 8 of the Privacy Policy.
8. RECIPIENTS OF PERSONAL DATA TRANSFERS (PERSONS TO WHOM THE DATA CONTROLLER TRANSFERS PERSONAL DATA):
Hosting provider of the Data Controller's website: personal data published on the Data Controller's website or provided by users through it is stored on the hosting of the following service provider:
Name: OVH US LLC dba OVHcloud
Registered office (postal address): 11950 Democracy Dr Ste 300, Reston, VA 20190
Email address: legal@corp.ovh.us
Website: https://www.us.ovhcloud.com
Personal data published on the Data Controller's website or provided by users through it (including data stored in users' accounts) is stored on the server of the website hosting provider indicated above.
The Data Controller's e-mail system service provider: Data Controller's e-mail system service provider is Namecheap, Inc (address: 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA, e-mail address: support@namecheap.com website: https://www.namecheap.com/). The purpose of the data transfer is to store the data content of the electronic mail account owned by the Data Controller on the data processor's server and to perform other tasks related to the provision of hosting services (e.g., maintenance and repair tasks).
Other recipients:
Authorities or persons authorized by law to supervise the activities of the Data Controller may, in the course of their duties, access and process the data necessary for the performance of the relevant supervision in accordance with the rules applicable to them.
In the event of a request from a court or authority, the Data Controller must forward the data necessary to comply with the court/authority request to the requesting person.
9. THE RIGHTS OF DATA SUBJECTS
Data subjects have the following rights in relation to the processing of their personal data, as explained below:
a) Right of access
The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not his or her personal data are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom or which the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period of the storage of the personal data or, if not possible, the criteria for determining that period;
(e) the existence of the right of the data subject to request from the controller the rectification, erasure of personal data or restriction of the processing of personal data concerning him or her or to object to the processing of such personal data;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data have not been collected from the data subject, any available information as to their source;
(h) that the existence of automated decision-making processing, including profiling, and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject shall also have the right to obtain, upon request, a copy of his or her personal data which are the subject of the processing, from the Controller. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs.
In order to meet data security requirements and to protect the rights of the data subject, the Data Controller shall verify the identity of the data subject and of the person who wishes to exercise his or her right of access, for which purpose the provision of information and the provision of copies of personal data shall be subject to the identification of the data subject.
b) Right to rectification
The data subject shall have the right to obtain from the Data Controller, at his or her request, the rectification of inaccurate personal data relating to him or her, upon providing credible evidence of the inaccuracy of the data concerned by the rectification request.
c) Right to restriction of processing
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Data Controller where one of the following conditions is met:
- the data subject contests the accuracy of his or her personal data, in which case the Data Controller will limit the processing for the period of time necessary to verify the accuracy of the personal data;
- the processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing in accordance with paragraph 5. d); in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.
d) Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her where such processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
The right to object applies to the data processing specified in section 5.4 of this Policy and to the cookies necessary for the operation of the website.
e) Right to erasure ("right to be forgotten")
The data subject shall have the right to obtain, at his or her request, the erasure of personal data concerning him or her by the Controller where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data have been unlawfully processed;
- the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
- the data subject has objected to the processing on the basis of Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing;
- the personal have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
The Controller shall not be required to comply with the data subject's request for erasure in the cases provided for in Article 17(3) of the GDPR, in particular where the processing is necessary for the establishment, exercise or defence of legal claims or for compliance with a legal obligation to which the Controller is subject.
f) Right to data portability:
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller if the processing is based on the data subject's consent or on a contract with the data subject and the processing is carried out by automated means.
g) Right to withdraw consent to data processing:
If data processing is based on the consent of the data subject, the data subject has the right to withdraw their consent at any time by sending a statement to the postal address or email address specified in Section 2 of the Data Controller. Deleting the user account on the website also means withdrawing consent to data processing.
In the event of withdrawal of consent, the data subject's data will be deleted. Withdrawal of consent does not affect the lawfulness of previous data processing based on consent.
The withdrawal of consent to data processing applies to the data processing specified in sections 5.1, 5.2, 5.3, and 5.5 of this Policy, as well as to the analytical cookies used by the website.
10. THE SUBMISSION AND MANAGEMENT OF REQUESTS FOR DATA PROCESSING
The data subject may send his or her request for processing to the Data Controller by post or by electronic means (e-mail address) indicated in point 2. The Data Controller shall examine the data subject's request without undue delay and not later than 30 days after receipt of the request and shall inform the data subject of the actions taken or proposed to be taken by the Data Controller in response to the request. If necessary, taking into account the number of requests and their complexity, this time limit may be extended by a further 60 days. The Data Controller shall inform the data subject of the extension of the time limit within 30 days of receipt of the request, providing the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. Where the request is unfounded, the Controller shall inform the data subject of the refusal of the request, the reasons for the refusal and the remedies available to the data subject, as set out in point 11 of this Policy.
11. LEGAL REMEDIES
If the data subjects consider that the Data Controller has infringed the applicable data protection requirements in the processing of their data, they have the following legal remedies:
- may lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu), or
- may apply to the court for the protection of their data, which will treat the case as a matter of priority. In this case, the data subjects have the right to decide whether to file their claim with the court of their place of residence (permanent address or place of stay (temporary address)) or with the court of the Data Controller' place of residence (at Budapest-Capital Regional Court, in hungarian: Fővárosi Törvényszék).