PIRANHA GAMES PRIVACY POLICY

LAST UPDATE: June 19, 2018

This privacy policy (this “Policy”) describes Piranha Games Inc.’s (“we”, “us”, “our”, “PGI”) practices with respect to the collection, use, storage and disclosure of personal information we collect from users of our Services. This Policy is incorporated by reference to the Terms of Service, and forms an integral part of it. Any capitalized term used but not defined in this Policy will have the meaning defined in the Terms of Service.

We may modify this Policy from time to time. When we post changes to this Policy, we will revise the “last modified” date at the top of this page. We encourage you to periodically review this Privacy Policy to be informed of how we collect, use, protect and disclose your information. By accessing and/or using our Services, you signify your understanding of, and agreement with, this Policy. If you do not agree with our policies, please do not access our Services.

1. INTRODUCTION

We respect and uphold individual rights to privacy and the protection of personal information. We know how important it is to protect your personal information and want to make every customer experience safe and secure. In keeping with that goal, we have developed this Policy to explain our practices for the collection, use, and disclosure of your personal information. This section describes some of the data protection and privacy legislation we follow:

1.1 CANADA

The Personal Information Protection and Electronic Documents Act (Canada), or similar privacy legislation applicable in your Province if you live in Canada (“Applicable Privacy Legislation”) regulates the way private sector organizations operating in Canada may collect, use, keep, secure and disclose personal information. “Personal information” means information about an identifiable individual, including, for example, an individual’s name, home address, telephone number, social insurance number, sex, income and family status. Personal information does not include information that would enable an individual to be contacted at a place of business, for example an employee’s name, position or title, business telephone number, or business address. We will only collect, use or disclose personal information in accordance with Applicable Privacy Legislation.

As required by Applicable Privacy Legislation, we have appointed a Data Controller who will act as the Privacy Officer. The Privacy Officer is responsible for compliance with this Privacy Policy and Applicable Privacy Legislation. Information on how to contact the Data Controller can be found below.

1.2 EUROPEAN UNION (GDPR)

The General Data Protection Regulation (GDPR) is the EU regulation on data protection and privacy which takes effect on May 25, 2018 and covers all individuals in the European Union. The purpose of GDPR is to give individuals control over their personal data and simplify the regulatory environment for businesses by unifying the laws within the EU. GDPR is applicable to all citizens of the EU, and its regulations apply to all businesses that do business with citizens of the EU.

2. CONTACT INFORMATION

2.1. CONTACT DETAILS OF THE DATA CONTROLLER

You can contact our Data Controller regarding Applicable Privacy Legislation, General Data Protection Regulation (GDPR), data protection and/or data privacy laws in the Member States of the European Union, and other guidelines regarding data protection for our Services at:

Data Controller
c/o Piranha Games, Inc.

2065 - 88 Pender St W
Vancouver, BC V6B 6N9
Canada
Email: privacy@piranhagames.com

2.2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)

The contact information for the Data Protection Officer of Piranha Games, Inc. is:

Data Protection Officer 
c/o Piranha Games Inc.

2065 - 88 Pender St W
Vancouver, BC V6B 6N9
Canada
Email: dpo@piranhagames.com

3. SERVICES WE PROVIDE

For the purpose of this policy, “Services” describe the following terms collectively:

  • “Games” – Any of our online games (including but not limited to MechWarrior Online)
  • “Websites” – Any of our websites related to our Games
  • Account” – Your user account required to access our Games and/or portions of our Websites

4. BRIEF SUMMARY OF HOW WE USE YOUR DATA

PGI takes great care to collect and process the minimum amount of your data. Your data is stored safely and is only processed when required to provide you with our Services or where required to ensure we are compliant with legal obligations, except where your rights and/or freedoms take precedence.

4.1. YOUR DATA PROCESSING PREFERENCES

You can choose how we use your Personal Data. You have the option to:

  • Withdraw your consent to the processing of data – See Section 6.1
  • Request a copy of the Personal Data we have collected about you – see Section 8.1
  • Request the deletion of your Personal Data – See Section 8.3

If you wish to make any of these requests, please contact the Data Controller (listed above).

4.2. CHILDREN

PGI has always taken care to ensure that we do not knowingly collect or process the data of children. Where applicable, we will seek the consent of a parent or legal guardian before allowing access to our Services. The minimum age for using our Services is either 13 or the minimum age required by law for the collection and processing of the data from children. If we have unknowingly collected data from a child, their parent or legal guardian may contact the Data Controller (listed above) to request prompt deletion of the data.

4.3. THIRD PARTIES

We may share your Personal Data with Third Parties such as affiliates, contracts, vendors, or other agents where necessary to provide you with our Services. For example, we handle all payments for our Services using a Third Party payment processor. All Third Parties with whom we share your Personal Data must comply with our data protection and privacy policies. Some Third Parties may operate outside the European Union. See Section 7 for more information about how we share data with Third Parties.

4.4. INFORMATION SECURITY

The security of your personal information is a high priority for us. We maintain appropriate safeguards and current security standards to protect your personal information, whether recorded on paper or captured electronically, against unauthorized access, disclosure, or misuse. For example, electronic records are stored in secure, limited-access servers; we employ technological tools like firewalls and passwords; and we ensure our employees are trained on the importance of maintaining the security and confidentiality of personal information. Reasonably secure methods are used whenever we destroy personal information.

4.5. DATA RETENTION

PGI retains your Personal Data (defined in Section 5) for as long as you access our Services. We will delete your Personal Data upon your request. Your deletion request will begin after a 30 day grace period, during which we can cancel your request. Once the grace period has expired we will begin processing your request and the process cannot be cancelled. Once begun, we will attempt to process your request as quickly as possible, typically within 20 business days. Some requests may take longer if they are more complex. See Section 8.3.

5. TYPES OF DATA WE COLLECT

We collect two types of information through our Services: Directly Collected Data and Indirectly Collected Data. The types of information we collect depend on the nature of your interaction with us. The data listed in this section is collectively referred to as “Personal Data”.

5.1 DATA COLLECTED DIRECTLY

We collect some data directly from you (“Directly Provided Data”). This means that you have provided this data to us willingly and have consented to its storage on our systems and use for data processing as outlined in Section 4.

5.1.1. IDENTIFYING DATA

“Identifying Data” is defined as information which could be used to personally identify you.  We collect two categories of Personal Data, as detailed below.

We require some data in order to create an account so we can provide you with access to our Services. You can choose not to provide us with this Personal Data, however if you choose not to we cannot provide you with access to our Services.

This data contains:

  • Email address – used as your game login username and to communicate with you as required
  • Date of birth – used to verify that you meet the minimum age requirements in your jurisdiction
  • Country of origin – used to help establish your location to determine which jurisdictions may apply to you
  • Display Name – When you create an Account for one of our Games, you will be asked to provide a “Display Name”. This name is visible to other users when using our Services. Some games may have other names for your display name, such as Pilot Name.

When creating your Display Name, we advise users to not choose a name that can be linked to you personally in order to protect your identity. PGI intentionally does not collect enough Personal Data or use other data sources to be able to determine if your Display Name is or could be personally identifying. PGI is not responsible if you choose to use a personally identifying Display Name, nor are we responsible if you choose to make a link between your Display Name and your public identity after you have created your Account (i.e. on Social Media, by broadcasting your gameplay on a streaming service, etc.)

You also have the option to provide additional Identifying Data that is not mandatory for access to our Services. You can add or remove it at any time, typically without Customer Service assistance, except where otherwise noted. This data contains:

  • Information about your Social Networking profiles, if entered on your Forums profile
  • Personal details provided to us to provide you with travel or prizes for an offline event

5.1.2. GAME CONTENT DATA

“Game Content Data” is data that cannot be linked back to your identity without access to your Personal Data. We maintain a very clear segmentation of your data to ensure that your Personal Data has the fewest links possible to your Content Data. Upon account creation, we assign a numeric user ID (“User ID”) to your Account. This User ID is used as the sole linkage point between your Personal Data and your Game Content Data.

The Game Content Data we collect and store as part of your interactions with our Services includes:

  • Your personal preferences – e.g., product wish lists, language preferences, and marketing consent, your account information, and information about your gameplay
  • Your transaction history – the products you purchased, when they were purchased, and the payment processor used
  • In-game chat messages sent in our Games
  • Messages posted on Games forums (“Forums”) hosted on our Websites

5.2 DATA COLLECTED AUTOMATICALLY

Through the process of providing our Services, we collect some data about you indirectly (“Automatically Collected Data”). Some of this data is collected through your anonymous interactions with our websites. Other data is collected through the processing of your Directly Provided Data.

5.2.1. TRACKING DATA FOR ACCESSING OUR SERVICES

We collectively refer to the data in this section as “Tracking Data”.

When using our Services, we may collect the Internet Protocol (IP) address of your computer, the IP address of your Internet Service Provider, the date and time you access our Services, the Internet address of the website, if any, from which you linked directly to our Services, the operating system or other system characteristics of the computing device you are using, the portions of our Services you visit, read or view, and the content you download from our Services. This information is used for the purpose of operating, administering, and improving our Services.

TRACKING COOKIES

Our Services consisting of websites may use “cookies”, a technology that installs a small amount of information on a user’s computer to permit our Services to recognize future visits using that computer and to track your use of our Services. Cookies enhance the convenience and use of our Services. For example, the information provided through cookies is used to recognize you as a previous user of our Services, to offer personalized content and information for your use, to track your activity at our Services, to respond to your needs, and to otherwise facilitate your experience. You may choose to decline cookies from website Services if your browser permits, but doing so may affect your use of our Services and your ability to access certain features of our Services or engage in transactions through our Services.

Below are the cookies we use on our Websites:

First-party cookies necessary for site functionality

Name

Description

Duration

XSRF-TOKEN

Ensures requests come from mwomercs.com

1 Day

mwo_session

PHPSESSID

Stores your user login status

1 Day

hl

Stores Language choice

1 Day

Third Party Cookies

Company

Name

Description

Duration

Google

_ga

Record visits to our website

2 Years

Google

_gid

Store a unique value for each page visited

1 Day

Google

_gat

Rate limits the collection of data on high traffic sites

1 Day


USER TRACKING INFORMATION

With respect to our websites, we may use web beacons or pixel tags to compile tracking information reports regarding user demographics, traffic patterns, and purchases. We may use a third party to conduct these functions (such as the “Google Analytics” offering). We may then provide these reports to advertisers and others. None of the tracking information in these reports can be connected to the identities or other personal information of individual users.

For our own research purposes, we may link tracking information with your other Automatically Collected Data, and take great care to ensure that Personal Data is never linked.

We may receive a confirmation when you open any email sent from us, if your computer supports such capabilities.

GEO-LOCATION

The browser or client software that you use to access our Services may transmit certain geographic information and information regarding the capabilities or features of your computer or software to us.  In addition, we lookup any IP address that attempts to connect to any of our Services using a third party geo-location service. We do not use any Identifying Data for this purpose, and the stored lookup data we receive back is stored as Game Content Data.

5.2.2 GAMEPLAY DATA

We need to collect, store, and process data about your activity in our Games as a part of providing you our Services. “Gameplay Data” collectively refers to your User ID and “Gameplay Statistics”. Gameplay Statistics may include:

  • Which of our Games you have downloaded, installed, and played
  • In-game settings in our Games
  • Progress in our Games
  • Membership in in-game Units
  • How often you play and the date you created an Account
  • Information about the device you use to play our Games
  • The IP address used to access our Games
  • If you have entered into and/or won any of our sweepstakes, contests, or promotion featured on our Services

Collection of this data depends on which features of our Services you use.

We summarize and/or aggregate some data used for statistical, historical, and research purposes. This data is only derived from the collected Gameplay Statistics and the processing results in fully anonymized data.

5.2.3 FRAUD AND TERMS OF SERVICE VIOLATIONS

We may collect data that is required for us to detect, investigate, and prevent cheating and other Terms of Service violations in our Games (“TOS Violation”). PGI collects and uses this data only for the purposes of detection, investigation and prevention of TOS Violations in our Games. This data is deleted 6 months after its collection, unless the data proves that a TOS Violation has occurred. Data which can be used to prove that a TOS Violation has occurred will be retained in accordance with legal requirements to be used in legal claims if required. Some or all of this data may be shared with Third Parties where required to pursue our legal interests. We may or may not be able to disclose parts of or all of this data to you to protect the processes we have in place to detect TOS Violations.

5.2.4. SUPPLEMENTING DATA

From time to time we may supplement data you give us with information from other publicly available sources, such as Social Media posts. This data is used to gather opinions to help make improvements to our Services.

5.2.5 DATA PROVIDED BY PARTNERS

PAYMENT PROCESSORS

When you make a purchase using our Services, we will receive a payment confirmation from our payment processor. This confirmation contains only a confirmation number which we use as a reference number if we need to contact the payment processor or if we need to investigate the transaction.

6. HOW YOUR DATA IS USED

PGI needs to process the data listed above for the purpose of fulfilling our contract with you in accordance with legislation in our and your jurisdiction(s). As a user of our Services, we will use your Personal Data, unless prohibited by law, for the following purposes:

  • To provide you with the Services you request
  • To communicate with you about your Account and your transactions, and to send you updates about our Services and/or changes to our policies
  • To offer you customer support for, but not limited to, updates and patches to our Services
  • To arrange for your travel and/or the receipt of awards to which you may be entitled as the result of an offline event

6.1. COMMUNICATING WITH YOU

PGI may use your data to communicate with you for our legitimate business interests in accordance with legislation in our and your jurisdiction(s). We may use your data to communicate with you to send you updates about new features, promotions, sales, and other new offerings from PGI. You are able to opt-out of these emails at any time by following the link provided in the emails you have received. Please note that even if you have unsubscribed from all of our promotional emails, we may still send you some emails to confirm purchases, notify you of changes to our Terms of Service or Privacy Policy, or provide security updates regarding our Services. We will cease all communications once your Account has been disabled.

6.2. IMPROVING OUR SERVICES

We may review, analyze, summarize, and aggregate Tracking Data, Gameplay Data, and Content Data to make improvements to our Services. We only use information you have provided, either directly or automatically, when performing these data processing tasks. We always take your preferences into account and never use data for which you have opted out.

6.3. FRAUD AND TERMS OF SERVICE VIOLATIONS

We use your data to detect, investigate, and prevent TOS Violations on our Services. Data used to detect, investigate, and prevent TOS Violations on our Services is used only for these purposes. If data that can be used to prove that a TOS Violation has occurred, we will retain this data to satisfy the requirements of any legal processes during the applicable statue(s) of limitations.

7. HOW YOUR DATA IS SHARED

In order to further our legitimate business purposes, we may share some of your Personal Data with the following types of third parties:

  1. Payment processors – We share your email address, Display Name, and your Account ID number, and details about purchases for our Games requested by you with companies such as Xsolla and Steam. Processing of payments is done directly with our partners, and no payment method or additional personal details needed to complete the transaction are transmitted to PGI. We receive a transaction result back from our processors that does not contain any additional personal information.
  2. Email and marketing services – Your email address may be shared with a third-party service for the purposes of sending you emails based on your preferences and our legitimate business requirements.
  3. Storage and hosting providers – Some or all of your data is stored on services and storage provided to us by OVH. Some additional data may be hosted with Amazon Web Services, Inc.
  4. Customer support partners – We use external partners to provide you with customer support. We may provide them with your email address and Display Name in the case we need to initiate a customer service ticket with you. No other information is sent from us to our customer support partners. However, you may enter additional information when you create a support ticket with us. Such partners include Zendesk.
  5. Publicly available data – Our Websites may feature forums, message boards or chat areas where users can exchange ideas and communicate with each other. When posting to a message board or chat area, the information is being made publicly available in an online environment. Any information posted is the sole responsibility of the individual user. If your personal information is posted on one of our Forums, you can use our Forums moderation tools to request its deletion. We will attempt to remove it as promptly as possible and will notify you if we are unable to do so and for what reason.
  6. External moderators – Your Display Name and Forums history may be available to volunteer moderators for the purpose of providing efficient and prompt community moderation.
  7. Our affiliates – We may share personal information gathered on our Websites with and amongst our corporate subsidiaries, affiliates or divisions for internal business purposes in accordance with this Policy. If we do, we will ensure that your information continues to be used only in accordance with this Policy and your expressed choices.
  8. Legal Disclosure – We may disclose your information as permitted or required by law. For example, we may be compelled to release information by a court of law or other person or entity with jurisdiction to compel production of such information. If we have reasonable grounds to believe information could be useful in the investigation of improper or unlawful activity, we may disclose information to law enforcement agencies or other appropriate investigative bodies.
  9. Change of control – As we continue to grow, we might sell or buy certain subsidiaries and/or business units. In such transactions, customer information is generally one of the transferred assets, but would remain subject to the protections described in this Policy (unless you consent otherwise). Also, in the unlikely event that we (or substantially all of our assets) are acquired by another party, customer information would in most cases be one of the transferred assets. Any such transfers will be in accordance with applicable laws.

PGI may also share anonymous data which does not contain any Personal Data. This data may include summarized and/or aggregated data.

8. YOUR RIGHTS

You may have the right, governed by your local legislation and regulations, to control how we use your data. You will need to have created an Account on our Services in order to exercise this right, if applicable. You can control which direct communications you wish to receive on the email section of your Account profile on our Website. If applicable, you can contact the Data Controller if you wish to exercise your rights to data access, data erasure, and to object to data processing.

8.1. YOUR RIGHT TO ACCESS

You may have the right, governed by your local legislation and regulations, to access your Personal Data that we store. If so, you have the right to require the following free of charge from us:

  1. Information whether your Personal Data is retained
  2. Access to and/or
  3. Duplicates of the Personal Data retained

If applicable, you can exercise your Right to Access by contacting the Data Controller. We will typically provide a duplicate of your Personal Data as an archive within 30 days of your request. Larger or more complicated requests may take additional time. If additional time is required we will communicate the reasons why to you. Once the archive is ready the Data Controller will notify you and provide you with the next steps needed for you to download and access it. Your archives will always be stored and transmitted in an encrypted format to ensure the protection and confidentiality of your data.

If your request infringes on the rights and/or freedoms of others or is found to be excessive or unfounded we reserve the right to charge a fee for access to your archive (based on the administrative costs for taking the actions required to generate the archive) or refuse the request. We may not be able to provide Personal Data you have posted or provided using our Services if you have chosen to, despite our request to you not to, provide Personal Data in a particular field on our Services.

8.2. YOUR RIGHT TO ACCURACY

You may have the right, governed by your local legislation and regulations, to request the correction of errors or omissions in your personal information that is in our custody or under our control. If they change, please update your data using your User Profile on our Website. Please inform us if you believe that any of your Personal Data that we retain is inaccurate.

8.3. YOUR RIGHT TO ERASURE

You may have the right, governed by your local legislation and regulations, to request the deletion of your Personal Data by closing your Account. As a result of your closure request, you will lose access to any of our Services that require an active Account. You can request the closure of your account by:

  • Clicking on the link on your user profile page
  • Clicking on the link displayed when you are asked to accept an update to our Terms of Service, if you have not already accepted the most recent update

You will be asked if you are sure you want to close your account. When you confirm that you wish to proceed, we will put your account into the 30-day grace period as described below. We will also send you an email notification of your closure request, just in case someone is trying to attack your account. This is the last email you will receive from us about your account unless you elect to cancel your closure request.

GRACE PERIOD

We will allow a 30 day grace period during which you can cancel your request and have your account reactivated without having lost any Game Content Data. This grace period allows us to process any final financial and other requests you may have initiated before your closure request. During this grace period, you may cancel your closure request at any time by simply logging back into your Account on our Website. You will be prompted to accept our Terms of Service, after which point your request will automatically be canceled. Once the 30 day grace period has expired your request is permanent.

COMPLICATED ACCOUNTS

The complexity of your account depends on which features of our Services you have used. Features that affect the accounts of other players may cause delays to your closure request. For example, if you are the leader of a unit in one of our Games, then we will not be able to process your request until you have either transferred the Unit leadership to another player or have disbanded the unit. We may require up to an additional 60 days to fully complete your request depending on the complexity of your account and the number of requests you have made.

AUTOMATICALLY DELETED DATA

Some of your data is automatically deleted as part of our standard process of operating and administering our Services. Such data includes (but may not be limited to):

  • Some, but possibly not all, in-game leaderboard data is retained until the next leaderboard refresh, at which point the data is overwritten
  • Match chat history is retained for 30 days after which it is automatically deleted
  • User submitted crash dumps used for analysis and debugging of our game are automatically deleted after 30 days

DATA WE RETAIN

When your grace period has expired, we will delete your Identifying Data from our systems. With the removal of your Identifying Data, your remaining data is fully anonymized and may be retained based on our legitimate business needs, for compliance with applicable legislation, and legal requirements.

Information that you have shared with others (i.e. Forums posts) and your rankings on some leaderboards will remain visible and will be seen by others as “Unknown User”. We are unable to control data which has been copied out of our Services. Your profile information may remain visible in external services such as search engines until they refresh their cache.

8.4. YOUR RIGHT TO OBJECT

You can object to the processing of your Personal Data based on your legitimate interests governed by your local legislation and regulations. If you do object we will no longer process your Personal Data unless there is a compelling and prevailing legitimate reason for us to do so, or for compliance with applicable legislation and/or legal requirements.

9. UPDATES TO THIS POLICY

We may update this policy from time to time for various reasons. We may update it for legal and/or regulatory requirements, changes to industry practices, and when technological developments require it. We will notify you when we change this policy using our Services, and possibly by email if we deem it necessary.