Effective July 4, 2020
We may collect information about the Services you use and how you use them, such as the selections you make on our Services. We collect personally identifiable information (“PII”), device-identifiable information (“DII”), and log information about your interactions as described below.
PII is information that can be used to identify or contact you online or offline, such as your name, address, email, phone number, photos or audio data, profile pictures, and payment information. The Services may retain PII when it is provided to us, such as when you use our Services, attempt to contact us, submit a resume or job application, or connect with us on social media or one of our partners. For example, you may see a “Log in with…” button from your phone, which means that we request PII from a partner to streamline the login process. You will likely be presented with a “request for permission” screen by a third party asking to share your ID, profile picture, and other listed information with us. We may collect users’ government or similar IDs to verify accounts and may share that information with a vendor to conduct those verifications.
We may also create or collect DII, such as cookies, statistical identifiers, gamertags, device or advertising identifiers, usernames, and similar identifiers that are linkable to a browser, device, or account but which does not directly identify a person. From these platforms, we may also receive other information, such as your IP address, user agent, timestamps, precise and imprecise geolocation, sensor data, apps, fonts, battery life information, and screen size.
Our Services also collect information about your interactions, including navigation paths, search queries, crashes, timestamps, purchases, clicks and shares, and referral URLs. We may combine this data with PII and DII. For efficiency, information about your interactions may be transmitted to our servers while you are not using the Services. We may also partner with third parties that collect additional information – please see their privacy policies for more details and see below for your choices regarding these parties.
We use the information we collect from our Services to provide, maintain, protect and improve our Services, to develop new Services and offerings, and to protect us and our users.
PII is primarily used for business purposes, such as for sending you occasional newsletters and updates, hiring, responding to inquiries, logins, and providing the Services. When you contact us, we may keep a record of your communication as well as the other information to help solve any issues you might be facing. We may use your email address to inform you about our Services, such as letting you know about changes or improvements. Please keep in mind that comment sections, forums, and other similar areas of our Services are public. Any information posted in those areas is viewable and usable by anyone that has access.
We share PII with companies, outside organizations, and individuals for limited reasons, outlined below:
We use DII to operate our Services and manage user sessions, including analyzing usage of our Services, preventing malicious behavioral and fraud, improving the content, to link your identity across devices and browsers in order to provide you with a more seamless experience online, and helping third parties provide relevant advertising and related metrics. We share DII with third parties primarily for advertising and analytics purposes, for external processing, and for security purposes.
While we strive to work with reputable companies with good privacy practices, this Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you on the Services. We also do not control the privacy policies and your privacy settings with third parties, including social networks and ad networks. We may use third parties to help offer you more tailored ads and better Services, such as obtaining analytics about the users of our site and to help tailor advertising to your preferences. For further information, please see the relevant privacy policies for each third party and industry codes of conduct.
The data we process may qualify for multiple legal bases for processing under Article 6 of the General Data Protection Regulation (and similar laws that specify legal bases for processing). Below are our primary legal bases for each type of data for users covered under such laws:
It is contractually necessary and a legitimate interest to process your username, email, password, cookie data, IP address, account numbers on various platforms (e.g., your XBox or Steam ID), game information (including wins/losses, scores, and screenshots), device models, operating systems versions, and similar information to fulfill our obligations in the terms of service to provide you with and market our high quality products and services.
We obtain consent for the processing of data necessary for any optional profile information, such as your profile picture, your description, gender, birthday, and general location (e.g., state and country). Where users login with social media accounts, those companies have obtained consent on our behalf to use that data as described above.
We have a contractual necessity and a legitimate interest in collecting our users’ game activities for the purpose of tracking users’ game usage and stats, including to be used in leaderboards, to determine the winners of matches, and to help market our services to existing and new users.
We have a legitimate interest and a contractual necessity in processing and storing payment information in order to facilitate transactions between our users and ourselves. It’s a legitimate interest and we obtain consent to process your government-issued identifiers, such as driver’s licenses. This is used in order to verify our users’ identities and to prevent fraudulent users when dealing with payments.
It’s a contractual necessity and a legitimate interest to process your social data, such as teams, friends, friend requests, blocked users, chats, and direct messages. In some instances, as necessary, we may obtain consent for such data.
We have a legitimate interest in processing users’ purchase history for the purpose of providing users help in fixing purchase and payment issues.
We have a legitimate interest in conducting analytics, measuring usage and conversions, detecting fraudulent users, implementing data security measures, and analyzing game telemetrics to improve our services. We and our processors have measures in place to protect your privacy.
We have a legitimate interest in enabling third-party ads and data collection on our sites and apps to help provide a more customized ad experience for our users and site visitors. We may also use ad mediation services that help us organize our vendors, who may also receive and transfer data from these ad partners. Our reputable partners provide measures to protect your privacy, such as pseudonymization and opt-outs. In some cases, as appropriate, we or our partners obtain consent.
We have a legitimate interest in sending periodic emails and direct marketing to inform registered users of updates and offers. We make clear disclosures when users sign up and offer opt outs to anyone not interested.
For HR and internal operations, we rely on contractual necessity and legitimate interests to process the data of applicants and staff, such as for resumes and applications, payroll, internal chat and communications, and project management.
We have a legitimate interest in processing users’ personal data to provide customer support, debug problems, and answer sales questions, including data such as emails, names, and other details as necessary to answer user questions. Similarly, we have a legitimate interest in processing personal data (e.g., names, social media profile data, and chat data/metadata) for the purpose of responding to questions and messages on our social media accounts, including through automated bots.
If you wish to cancel your account, you can do so by accessing our platform or contacting us for assistance with the process. Our email is included at the end of this Policy.
Like many other companies, we do not honor DNT flags but instead, offer other choices with respect to third parties. Many third parties participate in self-regulation to offer you a choice regarding receiving targeted ads. Please note that you’ll still see generic ads after opting out, but they won’t be based on your activities online. On the web, you can opt out of participating companies by visiting the following sites:
If you wish to similarly opt out of cross-app advertising on mobile devices, you can enable the Limit Ad Tracking flag on the device. Enabling Limit Ad Tracking sends a flag to third parties that you wish to opt out of targeted advertising on that device, and major mobile platforms require companies to honor this flag. Screenshots on how to find these options on various devices are available here: http://www.networkadvertising.org/mobile-choices
For options on other platforms or devices, please see their respective privacy policies to learn about the choices they offer.
Users covered under the EU General Data Protection Regulation (or similar laws) have the right to access their data, rectify mistakes, erase their data, restrict certain processing (i.e., opt-out), export their data, withdraw consent, and lodge a complaint with a supervisory authority. Before using these rights, we may ask you to verify your identity to ensure that only you can use these rights on your own account.
We aim to provide you with a reasonable opportunity to access, update, and delete to your PII. In some cases, we may have to keep that information for legitimate business or legal purposes. When updating your information, we may ask you to verify your identity before we can act on your request.
We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold and undertake reasonable security measures with appropriate confidentiality, integrity, and availability protections. However, since no software or storage system is 100% secure, we cannot guarantee the security of your information associated with the Services, or any other service for that matter. You can help protect your account information by using unique and hard-to-guess passwords. We generally store data for as long as we have a valid business purpose or if we are legally required to do so.
Our Services are designed for adults (18+). We do not knowingly collect information for any child under the legal age to provide consent to data processing (13 in the US and up to 16 in the EU). If you are the parent of a child under the age required to provide consent and have a concern regarding your child’s information on our Services and/or wish to delete their data, please contact us at the email listed at the bottom of this Policy.
If we transfer personal information from the European Union to the United States, we will comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/
For any questions or complaints regarding our compliance with either the EU-U.S. Privacy Shield Framework or the Swiss - U.S. Privacy Shield Framework, please contact us at the email listed at the bottom of this Policy. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint. For any unresolved complaints, we have agreed to cooperate with JAMS. If you are unsatisfied with the resolution of your complaint, you may contact JAMS for further information and assistance by visiting: https://www.jamsadr.com/eu-us-privacy-shield
Under certain conditions specified by the principles of the EU-U.S. and the Swiss - U.S. Privacy Shield Frameworks, respectively, you may also be able to invoke binding arbitration to resolve your complaint, provided you have taken the following steps: (1) raised your compliant directly with the Company and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction
We are also subject to the investigatory and enforcement powers of the US Federal Trade Commission. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. We may be legally obligated to disclose personal information to authorities to meet national security, law enforcement, or other legal requirements.
This Policy may change from time to time. We will post any changes to this Policy on this page, including material changes. Please check back periodically to view changes to this Policy.