PIRANHA PRIVACY POLICY
LAST UPDATE: January 27, 2022
INTRODUCTION
Piranha Games Inc. (hereinafter “PGI”, “we”, “our” or “us”) cares about the protection of your personal data and the respect of your privacy. The purpose of this privacy policy is to provide you with clear and transparent information on how we collect, process, store, share and transfer any information that can directly or indirectly identify you (hereinafter “Personal data”).
DATA CONTROLLER
PGI a company registered in Canada with company n°865634174 and registered office at 303-3600 Gilmore Way, Burnaby, BC V5G 4R8, is the data controller of the processing of your Personal data implemented as part of your use of our video games and/or websites and further described in this privacy policy.
KEY INFORMATION
PGI collects certain of your Personal data via our video games (“Games”), your account or login details when required to access our Games (“Account”), and/or our websites related to our Games (“Websites”) (hereinafter “Services”), in particular to provide you with the Services you have requested, to allow you to subscribe to our newsletter and Games related updates, and to offer you customer support.
PGI mainly collects identifying data and information concerning your use of our Games and Services (your pilot name, email address, date of birth, your personal preference, your IP address etc.). The categories of information we collect in connection with your use of our Services, the purposes and legal basis for which we collect it, are described in the table provided under Section 2 of this privacy policy.
You have rights of access to and rectification or erasure of your Personal data and to restrict or object to its processing, as well as the right to data portability, which you can exercise at any time by making a written request to us. You also have the right to lodge a complaint about our processing of your Personal data with the competent supervisory authority. Where the processing of your Personal data relies on your consent, you have the right to withdraw such consent at any time. For more information on your data protection rights, please read Section 4 of the privacy policy.
Children
Children under the age of 16 years old or the minimum age required by law for the collection and processing of the data from children, cannot subscribe directly to PGI’s Services. Where applicable, we will seek the consent of a parent or holder of parental authority before allowing access to our Services. We do not intentionally collect, use or share Personal data from children under the age of 16 years old without verifiable parental consent or as permitted by law. If we realise that we have collected Personal data of a child under 16, or equivalent minimum age depending on jurisdiction concerned, we will delete any Personal data related to such child.
Contact
If you have any questions or concerns with regard to the processing of your Personal data, the exercise of your rights or this privacy policy, feel free to contact us by sending an email to our:
Our Privacy Officer at privacy@piranhagames.com or
Our Data Controller at privacy@piranhagames.com or by post at the following address: Data Controller c/o Piranha Games, Inc., 303-3600 Gilmore Way, Burnaby, BC V5G 4R8, Canada.
For more information on the way to contact us for any privacy questions or complaints, please read Section 12 of this privacy policy.
WHAT PERSONAL DATA WE COLLECT AND PROCESS
FOR WHICH PURPOSE(S) AND ON WHICH LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
PGI collects certain of your Personal data via our Services in order to provide you with the best game experience, the use of our Services and for marketing purposes subject to receiving your prior consent. We mainly collect identifying data, and information related to the use of the Services. PGI does not collect or process any payment data concerning you (e.g. credit card details).
The table set out under Section 2 below describes the categories of Personal data PGI may collect and process as part of the Services, the corresponding purposes and the related legal ground.
The mandatory or optional nature of the Personal data collected directly by PGI will be indicated as such on each collection form made available by PGI. You should be aware that if you refuse to provide certain Personal data whose collection is mandatory, you will not be able to benefit from all or part of the Services or features of the Games offered.
CATEGORIES OF PERSONAL DATA | PURPOSE(S) OF THE PROCESSING | LEGAL BASIS |
---|---|---|
Age | To verify if you meet the minimum age requirements in your jurisdiction. | To comply with our legal obligation not to process children’s Personal data without parental consent or authorization. |
Identifying data (e.g. email address, date of birth, country of origin, password, pilot name, social networking profiles) |
|
Necessary for the performance of a contract with you. |
Personal data obtained as part of your interactions with our Services (“Game Content Data”) (e.g. personal preferences, in-game chat messages set in our Games, Messages posted on Game forum, transaction history) |
|
Our legitimate interest. |
Name, Email address | To send you special offers, promotional and commercial materials concerning our Services, new features, promotions, sales and other new offerings from us. You are able to opt-out of these emails at any time by following the link provided in the emails you have received. |
Your consent for marketing emailing. |
Payment confirmation from our payment processors, transaction ID, and amount of the transaction, where applicable. |
|
Necessary for the performance of the contract. |
Personal data necessary as part of the organisation of video games contests, competitions, survey or promotional operations and campaigns: where relevant, in particular for winners, first name, last name, Email address, home address, date of participation, responses to the video games contests or surveys, nature of the prize if any. |
|
Our legitimate interest to vary our Services and to assess the quality performance of our Games with our players. |
Personal data necessary for the functioning of the cross play feature for MW5, such as third parties’ platforms username, information of the platform on which the user is registered (e.g. Epic, Xbox, Steam), unique contact ID, online status) |
|
Necessary for the performance of the contract |
Personal data obtained via cookies, analytics and/or other tracking technologies set in our Games and/or Websites: in particular, unique identifier of a cookie, IP address, devices model, languages and country preferences and location, region, content downloaded from our Services, chat logs) |
(For more information, please read Section 10 of this privacy policy). |
Your consent given through our cookie management solution. For more information on consent mechanisms relating to cookies, please read Section 10 of this privacy policy. |
Personal data about your behavior / activity when using our Games (“Gameplay data”) which include your User ID, and statistics related data (“Gameplay statistics”), in particular:
|
|
Our legitimate interests to improve our Services and develop new functionalities, new products and services. |
HOW DO WE GET YOUR PERSONAL DATA?
3.1. Personal data you provide to PGI directly
When you use our Services, you share directly some information with us, in particular when you create an Account, sign up to the newsletter, to the Game forum, to video game contests, or promotional operations.
3.2. Personal data PGI obtains indirectly
We may indirectly collect or receive certain of your Personal data, in particular via:
Cookies and other tracking technologies used in our Games and / or Websites to analyse your behaviour when using our Services;
Our payment processors: when you make a purchase using our Services, we will receive a payment confirmation from our payment processor. This confirmation contains only a confirmation number, which we use as a reference number if we need to contact the payment processor or if we need to investigate the transaction.
Business partners when you have expressly consented to giving your email address for commercial purposes, newsletters and promotional materials.
Your access to, or use of, the cross-play feature for MW5 available on platforms or websites owned by third party (e.g. Epic).
Please note that this privacy policy does not apply to the processing of Personal data implemented by third parties’ platforms on which our Games are available. PGI does not supervise or control their privacy practices. We recommend that you specifically review the privacy policies available on each of the third parties’s platforms, in particular regarding the sharing of your Personal data.
In any event, PGI will only process the Personal data received indirectly under the terms of this privacy policy.
YOUR RIGHTS
4.1. Your data protection rights
Depending on your location, you may have rights with respect to the processing of your Personal data in accordance with applicable data protection laws. Such rights include:
Your right of access: you have the right to ask us if we are using or storing your Personal data. You can also ask us for copies of such Personal data.
Your right to rectification: you have the right to ask us to rectify information you think is inaccurate and to complete information you consider is incomplete.
Your right to erasure: you have the right to request from us erasure of your Personal data when:
We no longer need your Personal data;
You initially consented to the use of your Personal data, but have now withdrawn your consent;
You have objected to the use of your Personal data and your interests outweigh those of PGI,
We have collected or used your Personal data unlawfully; and/or
We have a legal obligation to erase your Personal data.
You have the right to request the erasure of your Personal data. If you would like to request deletion of Personal data associated with your Account, such request will result in the closure of your Account. As a result of your closure request, you will lose access to some of our Services that require an active Account. You can request the closure of your account by emailing: [privacy@piranhagames.com]. For more information on the mechanism / process applicable to your account closure please refer section 6.
Your right to restriction of processing: you have the right to request from us the restriction of the processing of your Personal data as follows:
Temporarily limit the processing when you have challenged the accuracy of your Personal data; or you have objected to the use of your Personal data; and /or
Limit the processing if we processed your Personal data unlawfully without you wishing to delete it; and we no longer need your Personal data but you wish us to keep it in order to defend or exercise legal claims.
Your right to object to processing: you have the right to object to the processing of your Personal data if we are using your Personal data for (a) a task carried out in the public interest, (b) our legitimate interests, (c) scientific or historical research or statistical purposes; or (d) direct marketing.
If you do object we will no longer process your Personal data unless there is a compelling and prevailing legitimate reason for us to do so, or for the establishment, exercise or defence of legal claims.
Your right to data portability: this right applies to Personal data you have provided to us and where the processing is automated and based on your consent or made under a contract. You have the right to ask us, if technically feasible, to transfer your Personal data to a third party or directly provide it to you in a structured, commonly used and machine-readable format.
You also have the right to withdraw consent at any time where the processing is based on your consent (e.g. cookies, marketing communications), without affecting the lawfulness of processing based on consent before such withdrawal. In particular, you may withdraw your consent for the receiving of commercial communications and marketing offers by clicking on a link to withdraw consent included on our Websites or in our email, or by contacting our Privacy Officer through the procedures described under Section 4.2 below.
You have the right to lodge a complaint before the competent supervisory authority.
4.2. How to exercise your rights
You can exercise any of the above listed rights by sending an email at any time to our Privacy Officer at the following address: privacy@piranhagames.com; or
By post to the following address: 303-3600 Gilmore Way, Burnaby, BC V5G 4R8, Canada;
We will assess and determine the admissibility of the request within one month after receipt. Assuming the request is admissible, we will provide the requested information or carry out the actions relevant to the rights cited in the aforementioned period.
If, in view of the complexity of the request or the number of simultaneous requests, the delay cannot be complied with, we will inform you before the expiry of this period that our response will be postponed for up to two months.
HOW PGI PROTECTS YOUR PERSONAL DATA?
HOW LONG WILL PGI KEEP YOUR PERSONAL DATA?
Your data related to your Account during the usage period of our Services and up to 3 years from our last contact.
Your data related to your chat history for 30 days after which data is automatically deleted.
ACCOUNT AND GRACE PERIOD
WITH WHOM PGI SHARES YOUR PERSONAL DATA?
Payment processors – We share your email address, pilot name, and your IP address with Xsolla when you purchase our Game on mwomercs.com and with Steam for the purchase of Games via Steam website. Processing of payments is done directly with our partners, and no payment method or additional personal details needed to complete the transaction are transmitted to PGI. Where applicable, we receive a transaction result back from our processors that does not contain any payment data;
Business partners – Subject to your prior consent obtained on the sign-up page of the Services, your email address may be shared with our business partners – whose identity will be specifically mentioned on the consent form – so they can send you promotional offers and other marketing materials. Such third-party includes MailChimp and Mandrill. In addition, when using MW5 your personal data may be shared with our business partner, GameSight, in order to review, summarize, aggregate and monitor your data for marketing analytics purposes. Please note that this Policy does not apply to data processing by these trusted partners, acting as independent data controllers. We recommend that you take careful note of the privacy policies of these trusted partners;
IT providers – Some or all of your Personal data, including your email address, pilot name, date of birth, country of origin, IP address, is stored on services and storage provided to us by OVH acting as processor for technical purposes. Such data may be hosted with Amazon Web Services, Inc for MWO databases offsite backup purposes. In addition, your Personal data related to the use of the cross-play feature for MW5 is stored on Microsoft’s Azure platform.
Customer support partners – We use external partners to provide you with customer support. We may provide them with your email address in the case we need to initiate a customer service ticket with you. No other information is sent from us to our customer support partners. However, you may enter additional information when you create a support ticket with us. Such partners include Zendesk.
External moderators – Your pilot name and forums history may be available to volunteer moderators for providing efficient and prompt community moderation.
Our affiliates – We may share Personal data gathered on our Websites with other trusted companies of the Enad Global 7’s group for administrative, technical and internal business purposes in accordance with this privacy policy. If we do, we will ensure that your Personal data continues to be used only in accordance with this privacy policy and your expressed choices.
Legal Disclosure – We may disclose your information as permitted or required by law. For example, we may be compelled to release information by a court of law or other person or entity with jurisdiction to compel production of such information. If we have reasonable grounds to believe information could be useful in the investigation of improper or unlawful activity, we may disclose information to law enforcement agencies or other appropriate investigative bodies.
Change of control – As we continue to grow, we might sell or buy certain subsidiaries and/or business units. In such transactions, customer information is generally shared with potential buyers and one of the transferred assets, but such disclosure would remain subject to confidentiality obligations, and made in compliance with the applicable data protection regulation as described in this Policy (unless you consent otherwise). Also, in the unlikely event that we (or substantially all of our assets) are acquired by another party, customer information would in most cases be one of the transferred assets. Any such transfers will be in accordance with applicable laws.
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
COOKIES, Analytics and tracking technologies
CHILDREN’S PRIVACY
HOW TO CONTACT PGI
By sending an email to our Data Controller or our Privacy Officer at the following address: privacy@piranhagames.com; or
By post to the following address: Data Controller c/o Piranha Games, Inc. 303-3600 Gilmore Way, Burnaby, BC V5G 4R8, Canada, or Privacy Officer c/o Piranha Games, Inc. 303-3600 Gilmore Way, Burnaby, BC V5G 4R8, Canada.
HYPERLINKS TO OTHER WEBSITES
UPDATES AND CHANGES TO THE PRIVACY POLICY
Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act (notified under document number C(2001) 4539) (2002/2/EC)↩︎
PGI has implemented and maintains adequate technical, physical and organisational measures to ensure the confidentiality and security of your personal information and to protect your Personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing. In particular, PGI relies on encryption mechanisms where technically feasible, restricted internal access and credentials, internal security and IT policies, back-up procedures, firewalls, and strong contractual commitments and warranties when relying on third party providers.
PGI will not keep your Personal data for longer than necessary and will immediately delete your Personal data once the purpose for which they have been collected and processed is achieved. In particular, we will keep:
For more information on the retention of your Personal data collected via cookies and tracking technologies, please see Section 10 of this privacy policy.
7.1. Closure request
Following your closure request, you will be asked if you are sure you want to close your Account. When you confirm that you wish to proceed, we will allow a 30 days grace period during which you can cancel your request and have your Account reactivated without having lost any Game content data (i.e. your personal preferences, your transaction history, in-game chat messages sent in our Games, messages posted on Games forums hosted on our Websites). This grace period allows us to process any final financial and other requests you may have initiated before your closure request. During this grace period, you may cancel your closure request at any time by simply logging back into your Account on our Websites. You will be prompted to accept our Terms of Service, after which point your request will automatically be cancelled. Once the 30-day grace period has expired your request is permanent. We will also send you an email notification of your closure request, just in case someone is trying to attack your Account. This is the last email you will receive from us about your Account unless you elect to cancel your closure request.
The complexity of your Account depends on which features of our Services you have used. Features that affect the accounts of other players may cause delays to your closure request. For example, if you are the leader of a unit in one of our Games, then we will not be able to process your request until you have either transferred the Unit leadership to another player or have disbanded the unit. We may require up to an additional 60 days to fully complete your request depending on the complexity of your Account and the number of requests you have made.
When your grace period has expired, we will delete your Personal data from our systems. Information that you have shared with others (i.e. Forums posts) and your rankings on some leaderboards will remain visible and will be seen by others as “Unknown User”. We are unable to control data which has been copied out of our Services.
7.2. Account inactivity
At the end of a period of 2 years from your last use of your Account, the latter will be considered as inactive. At the end of this period, PGI will notify you of the inactivity of your Account and will allow you 30 days to decide whether you wish to delete or keep your Account. In the absence of a reply from you within 30 days of the notification, PGI will delete your Account.
In order to further our legitimate business purposes, PGI may communicate or share certain of your Personal data with the following types of third parties:
PGI implements the necessary contractual and organisational measures to ensure that the processing of your Personal data by these third party providers and business partners is strictly limited to the purposes defined in this privacy policy and to guarantee the confidentiality and security of your Personal data.
PGI may transfer some of your Personal data outside of the European Economic Area (EEA) when necessary for technical and operational purposes, to enable us to offer you high-performance Games and to provide you with products and services you requested. In particular, we may share or give access to your Personal data to business partners and third-party providers located in the United States for customer support, transaction and marketing purposes. These transfers will be made in compliance with applicable data protection regulations and will rely on appropriate safeguards recognised under the General Data Protection Regulation (GDPR).
In addition, PGI may transfer some of your Personal data to our database located in Canada. In this regard, PGI relies on the adequacy decision1 adopted by the European Commission that ensures an adequate level of protection of Personal data in accordance with the GDPR.
When the transfer of your Personal data cannot be based on an adequacy decision of the European Commission recognising an adequate level of protection, we put in place other appropriate transfer mechanisms and guarantees to ensure the protection of your Personal data such as, for example, data transfer agreements including the standard contractual clauses approved by the European Commission, and, as the case may be, any other necessary supplementary measures as required by the European Data Protection Board (EDPB).
Cookies are small text files that are placed on your computer and devices by us when you use our Games or visit our Websites. They are widely used in order to make the application and our Websites work, or work more efficiently, as well as to provide us with more information.
PGI uses cookies and other tracking technologies for authentication and security purposes. We would also like to use internal analytical tools or third party analytical metrics with your prior consent to provide you with personalized content and to improve our Services based on how you use such Services.
You may choose to decline cookies from Websites if your browser permits, but doing so may affect your use of our Services and your ability to access certain features of our Services or engage in transactions through our Services.
For more information about the use of cookies, please click on our cookies policy available here.
We do not provide Services or Games directly or proactively to children under the age of 16 years old or the minimum age required by law for the collection and processing of the data from children. Where applicable, we will seek the consent of a parent or holder of parental authority before allowing access to our Services. We do not intentionally collect, use or share Personal data from children under the age of 16 years old without verifiable parental consent or as permitted by law. If we realise that we have collected Personal data of a child under 16 years old, or equivalent minimum age depending on jurisdiction concerned, we will immediately delete any related Personal data.
You may identify hyperlinks to access the websites of other organisations on our Websites or in the content, we provide to you. Please note that this privacy policy does not cover how other third parties may process your Personal data. We recommend you to read the privacy policies related to such third party platforms.
We keep our privacy policy under regular review to ensure it is up to date and compliant with the applicable data protection regulation.
In case of significant changes or modifications, we will inform you of such changes and provide you with a hyperlink to the updated privacy policy 30 days in advance. This information will be provided to you at the email address indicated on your Account.