wearefuncom

French (EU)

German (Germany)

Italian (Italy)

Spanish (EU)

Portuguese (Brazilian)

Dutch

Turkish

 Korean

Japanese

Simplified Chinese

Dune Awakening and Conan Exiles Funcom - Player Privacy Notice

Last updated:   May 20, 2025

Introduction – What is this notice for?

This privacy notice (this “notice”) is about how we use personal information about you, or “personal data”, when you’re playing Conan Exiles and/or Dune Awakening (the “game”).

Who are we?

We are Funcom Group (“we” or “us” in the rest of this notice). We are located at Kirkegata 15, N-0153 Oslo, Norway and have offices in several locations around the world. You can find our contact details here.

We make decisions about how and why we use your personal data when you use the game. That means we’re what’s called a “data controller” of this personal data.

What is personal data and why is it important?

Personal data is any information which identifies you (like your name, nickname, and email address). It is also information which can be pieced together with other information to identify you like your age, gender, or the technical IDs given to your phone/laptop (these IDs are sometimes known as “online identifiers”); and the interactions of you and your character in the game from which it’s possible to work out things about you, such as play time,  inventory amounts, construction of player structures, avatar characteristics and choices (“gameplay data”).

It’s important to know what we do with your personal data. By reading and understanding this notice, you will know how we collect, use, share, and protect your personal data, and how you can ask us to use it differently.

Personal data of children:

Our game is not intended for children. By children, we mean users under the age of 18 years old; or in the case of a region where the minimum age for processing personal information differs, that different age (e.g., generally 16 in the EU and UK). Children must not use the game for any purpose.

How do we collect your personal data?

Sometimes you give us your personal data directly - for example, when you are filling in your account setup form or contacting our customer support teams. The information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you at the point we request it. Providing us with this information is voluntary, but if you choose not to provide it you may not be able to access the service or certain aspects of the service.

Sometimes we also collect information about you automatically when you use the service. Where this information can be linked back to you, it will be personal data. This information includes IP address, geographic location information using IP information, event data related to updates to your account information, gameplay data, and microtransactional data.

When are we allowed to use your personal data?

We are only legally allowed to use your personal data where a legal basis allows us to do so. These are the legal bases which could apply:

 Legal Basis When does this Legal Basis apply?
“Contract”

 

We need to carry out or help you sign up to a contract

 

 When it’s necessary to use your personal data to perform a contract with you, or because you have asked us to do something before signing a contract with you that requires the processing of your personal data.

 

In these cases, if you don’t provide your personal data, then we won’t be able to perform the contract or do what you have asked us to do before signing the contract.

 
“Consent”

 

You have given us your consent

 Sometimes we will ask for your (or we might need to ask for your parent/guardian’s) consent to use your personal data. This consent will always be clear and separated out from other information. You can always withdraw your consent by contacting us through our Privacy Portal at: http://www.funcom.com/privacy-portal

 
“Legitimate Interest”

 

It’s in our or someone else’s “legitimate interests

 

 “Legitimate interests” is a legal phrase. It usually means a commercial or business interest that is important to us or another company, and which we’ve balanced against your right to privacy.

 

We will always let you know what the interest is, and you can object to us using your personal data for these reasons on our website at http://help.funcom.com

 

We will ensure that those interests do not override your and fundamental rights, interests or freedoms.

 
“Legal obligation”

 

We need to do something a legal obligation tells us to

 

 When it’s necessary to use your personal data so that we can perform our legal and regulatory obligations – so that we don’t break the law.

 

 

In some countries outside of the EU and UK, under local law, by consenting to the Privacy Policy you are agreeing to the collection, processing, sharing and transfer as set out in this Privacy Policy. If you do not agree to this Privacy Policy, you must not use the game.

What personal data about you do we use, and why?

We collect data about you from the information you provide to us and (either directly or through a third party) and information automatically generated as part of our service. This table lists the types of personal data we use about you, and our reason for this.

The types of your personal data we use Why we use this personal data Legal basis
Account setup information: Account ID, email, age, password, hardware ID, IP address, generated account ID We use this information to create your account to provide access to the service in accordance with your request and our End User Licence Agreement, in order to ensure that you are old enough to play.

 

 Contract
Account login information: Third party identifier. We use this information to allow you to login to the service from a third-party platform in accordance with your request.

 

 Contract
Customer support information: Any information voluntarily provided to customer support including email, login data, gameplay data and transaction data. We use this information to help provide support to you in relation to the issue you’ve contact us about. Legitimate interest – our interest in answering your questions about our service in order to improve your experience and improve our relationship with you

 
Security data: IP address, IP lookup information, account ID. We use this information to help provide security and network protection mechanisms.

 

 Contract

 

Where the data processing activities are not necessary for performance of a contract

 

Legitimate interest – our interest in ensuring the security of our services & technologies

 
Game development and optimisation: Entity / avatar data, gameplay related data (i.e. account state, aggregate account data, play time, item acquisition rates, inventory amounts, ability usage, account ID of friends). We use this information in connection with development feedback and optimisations, including to provide functionality, gameplay and content improvements to the game

 

 Legitimate interest - our interest in improving your and others’ future experiences with the game

 
Data subject request information: email address, transaction history, login history, proof of user's identity. If a data subject request is submitted, we use this information to confirm the requestor’s identity, your rights and to process the request.

 

 Legal obligation - our obligations under data protection laws
Sending legal reports/responding to court orders - activity data, online identifiers, information requested by law enforcement

 

 We may be required by law to disclose this information to law enforcement bodies.

 

 Legal obligation – our obligations under intelligence and security laws
Forum: Account information including email, IP address, password and alias, and forum postings.

 

 We use this information to allow you to use the forum services. Contract
Friends lists: List of friends that a player has added in game

 

 To allow players to easily communicate with each other and play with each other again.

 

 Contract
Voice Chats: Your voice when you utilise the push to talk voice chat functionality To allow players to easily communicate with each other when they select to activate the voice feature

 

 Legitimate Interests - to keep you informed of and promote our products and services and to manage our relationship with you as our customer, to the extent this is allowed by law
Marketing and surveys: email address, account alias, platform, transaction data. We use this information when you voluntarily provide it for the purposes of providing you with update and promotional emails.

 

 Consent (for opt-in marketing)

 

Legitimate Interests - to keep you informed of and promote our products and services and to manage our relationship with you as our customer, to the extent this is allowed by law

 

 

Information collected automatically or generated as part of our service to you:

The types of your personal data we use Why we use this personal data Legal Basis
Transaction records: payments through payment processors or respective distribution platforms, cost, product purchased, IP address, details of transactions linked to alias, payment method, currency paid, vendor, item purchased, price paid, discount applied, shipping information.

 

 We use this information to facilitate your payment and maintain a record of your transaction history. Contract

 

Legal obligation – our obligations under tax, corporate, and intelligence laws
Generated account ID We generate this and use this to store your service gameplay data (including level and progress) with your profile, and it allows you to connect to the service server.

 

 Contract
Gameplay data: Various gameplay related data (i.e. account state, play time, item acquisition rates, inventory amounts, ability usage, account ID of friends)

 

 We use this information to improve the game and provide you with feedback and information about your gameplay and progress. Legitimate interest (only where consent isn’t relied on and obtained) - our interest in improving your and others’ future experiences with the game

 

Consent

 
IP address We use this information to:

  • Allow you to connect to the service server
  • Optimize your matchmaking experience
  • Determine your country of origin
  • Security and anti-cheat functions

 

 Contract

 

+ See legal bases for security / anti-cheat
Anti-cheat and security related information: basic hardware information, uniquely generated hardware ID, IP address, running process list (PC only), operating system information, user account information, processes, memory, and driver which is related to the game running, user behaviour and status that may be related to cheating software We use this information:

  • to detect and observe cheating behaviours and consider restricting or banning access to the service
  • identify and address bugs and assess game function for optimisation
  • solve game crashes and optimise compatibility of hardware with the game
  • to combat users registering for multiple accounts

 

If your account is determined to breach our Terms of service, we may consider restricting or banning your access to the service.

 

 Contract (for anti-cheat information) – to ensure a cheat-free and fair gaming service

 

Consent - to obtain diagnostic information about your device and to contact you by email to help fix any related issues

 

Legitimate interest – (where consent isn’t relied on and obtained) our interest in ensuring the security of our services and maintaining a fair gaming environment

 

 
Data to provide you with chat access: push to talk audio and text communicated to other players in-game (message history), on our forum, and through public chat channel or sent to peers, including alias and account ID.

 

 If you engage with chat services, then we will process such data in order to deliver your messages to other users. Legitimate Interests – our interest in enhancing the game experience for players
Financial reporting: Purchasing data, activity data, and IP lookup (country) data We use this information to complete our financial reporting and disclosure obligations to parent company, tax agencies and regulators. Legal obligation – our obligations under tax and corporate law
If you are playing Dune Awakening, the below row is also relevant:
Advertising: Account information, user ID, purchase data. We use this information to display advertising network purchases on an impression basis that optimizes based on return on spend or targets based on in-game data. Consent

 

Legitimate interest (only where consent isn’t relied on and obtained) – our interest in improving your experience and promoting our game

 
Advertising effectiveness information: Advertising ID and select device information (IP address, ad source, engagement data and search terms).

 

 If you click on a link that advertises the service, we store the Advertising ID for that advertisement with your profile. Consent

 

Legitimate interest – (only where consent isn’t relied on and obtained) – our interest assessing advertising effectiveness
Chat monitoring, moderation:  text communicated to other players in-game (message history), on our forum, and through public chat channel or sent to peers, including alias and account ID.

 

 For private messaging, we filter chats to ensure swear words are not displayed. Where a chat is reported by a user, we reactively review the content and remove it if it breaches our Terms of Service. In addition, if your account is determined to breach our Terms of Service, we may consider restricting or banning your access to the service.

 

We proactively review messages communicated publicly in channels/forums.

 Legitimate interest our interest in providing you with customer support and security by ensuring the messages you leave don’t breach our community standards

 

Legal obligation – to the extent our moderation activities are conducted in order to comply with our obligations under applicable online safety legislation.

 

 

Who do we share your personal data with?

Sometimes we share your personal data with other companies and organisations.

The types of companies and organisations we share your personal data with are as follows:

  • Game “storefronts” and “distributors” – If we’re not already doing this ourselves, we might need help from other companies to get you to join the beta test and set up your account. We might share your personal data with those companies as part of that process.
  • Companies in our “group” of companies – We have different companies in our “group”, who are linked to us. Some of them provide us with services to help us to manage our games. We share your personal data with these other companies so they can provide us with these services, and to fulfil some of our legal obligations.
  • Publishing platforms and distributors – We distribute our games through online gaming and publishing platforms. We share account information, transaction data, and financial records information with these platforms to enable our services and to fulfil our legal and regulatory obligations.
  • Anti-cheat solution providers – We share account, gameplay, and anti-cheat information with certain providers to detect observe cheating behaviours and consider restricting or banning access to the service and to combat users registering for multiple accounts.
  • Text and Voice chat service providers – To enable in-game communication services, we share account, gameplay, and diagnostics information with third-party solutions.
  • Advertising attribution service providers – To enable us to track the efficiency of our spending on advertising campaigns, we share certain personal information such as your advertising ID and select device information (IP address, ad source, engagement data and search terms) with third party providers who are able to provide us with spend analytics.
  • Payment platforms – We share account, transaction, and financial records information with payment processors, play stores, and other companies that help us process transactions and payments for our services.
  • Analytics and customer support services – We also work with analytics and third party customer support services to enable in-game support, diagnostics, patching, service log recording, support tickets processing, bug/crash reports, and analytics services. We share account, gameplay, customer support, crash reporting, and in-game diagnostics, and security information to accomplish this.
  • Hosting platforms – We may share some limited personal data with hosting platforms to enable our servers to run smoothly and ensure frictionless gameplay.
  • Regulators, official authorities, and other third parties in relation to legal compliance – For example, the police or the government might legally require use to give them personal data to help them with an investigation, or we might be required to give these companies personal data to enforce our terms, address security and fraud, and to protect you.
  • A third party that acquires all or part of our business – we might disclose your personal data to another company which buys or undertakes another type of corporate transaction in respect of our shares or buys all or part of our assets.

Does your personal data ever go to other countries?

Yes, sometimes your personal data goes to other countries outside the UK and EEA as part of using your personal data in the ways we listed above. This will include the US. If you are in the UK, the EU, or Switzerland and your personal data goes outside of the UK, the EEA or Switzerland, the law may require us to take extra steps to make sure your personal data is protected in the place it is going to.

If an adequacy decision/regulation from the European Commission, Swiss government or UK government is in place, we will rely on that adequacy decision or regulation. If there is no adequacy decision or regulation, we will take one of the following steps to ensure the data is protected:

  • If we send your personal data to a company (either in our “group” of companies or a separate company) which is in a jurisdiction not subject to an adequacy decision so they can provide us with services, we will have a contract with that company called the “standard contractual clauses” (for transfers from the EEA we normally use modules 1 and 2, available here) and the “UK addendum” (for transfers from the UK, available here) which requires that company to protect your personal data and implement any other appropriate safeguards to protect your personal data as required by data protection law.
  • Sometimes the companies who provide us with services have special documents in place called “binding corporate rules”. If a company has one of these documents in place, we rely on that document to ensure the personal data is protected.

We might take similar steps where you are in another country with similar legal requirements, as well.

If you want proof of or more information about any of these mechanisms, you can contact us at [email protected].

How long do we retain your personal data?

We only keep your personal data for as long as is necessary to allow you to play our game. This means we will generally store your personal data while you use the game (i.e. until you delete your account, request us to delete your personal data, etc.). If you delete your account, unless you request otherwise, we will retain your account data for up to one year.

We may keep information for longer to conduct analysis which helps us improve our game. When we do so we remove the information that can be used to identify you from the data. Normally this information will not be kept for longer than one year.

Personal data collected for chat moderation purposes will be retained for up to one month.

We might need to keep your personal data for longer if a law requires us to (for example, laws about record-keeping and tax). Normally this is about six to ten years. It we are keeping your personal data for longer in this way, we will make sure it is secure and you may still have rights in respect of we do with it (see below).

Will we use automated decision-making?

We work a third-party anti-cheat software providerto detect cheating. We may process your personal data using automated decision-making methods to identify users who are cheating by observing and detecting cheating behaviours and users registering for multiple accounts.

We conduct automated content moderation activities to keep users safe online. We may process your personal data using automated decision-making methods in order to identify users who are posting or otherwise disseminating content that breaches our Terms of Conduct.

If your account is determined to breach our Terms of Conduct, we may consider restricting or banning your access to the game, Services, or items purchased in-Game. If this happens, you will be informed of the outcome of the decision. If the decision constitutes automated decision-making with a legal or similarly significant effect, and you will have the right to obtain human intervention to express your point of view and context of the decision by contacting us at [email protected].  You may also contact the relevant supervisory authority.

What control do you have over your personal data, and how can you make us change what we do with it?

We provide different ways you can do this. The easiest way is to write us an email ([email protected]) requesting one or more of the following, to the extent they are applicable to you (which we will confirm on request):

  • Stop using my data” – you can object to how we are using your personal data if we are using it based on legitimate interests (see above) in certain situations. You can also change your marketing preferences at any time by clicking the link in emails we have sent to you;
  • Download my data” – you can request a downloadable copy of your personal data and for us to transfer it to another party. If you wish for us to transfer such personal information to a third party, please ensure you detail that party in your request. Note that we can only do so where it is technically feasible;
  • Access my data” – you can request to access to the personal data we use about you, and information about how we use it and who we share it with;
  • Delete my data” – you can request that your account or specific personal data we store about you is deleted from the game. Please be aware that once an account has been deleted there is no way to recover it;
  • Correct my data” – you can request that information about you that is wrong or outdated is corrected. You can update your account information at any time by logging on to your account profile;
  • “Restrict the use of my data” - you can request to restrict the use your personal data, for example to storage purposes only;
  • I don’t consent any more” – you can withdraw your consent if our reason for using your personal data is consent (see above). We will then stop using your personal data in this way (though this doesn’t affect the lawfulness of the processing until you withdraw).

Additionally,

  • if you are based in France, you also have the right to:
  • set guidelines regarding the use of your personal data after your death (Art. 85 French Data Protection Act),
  • register on the Bloctel list of objections to cold calling, this is a free service (Art. 223-1 French Consumer Code);
  • if you are based in Italy, you have the right to:
  • set guidelines to restrict those who have their own interest, or act on your behalf, in their capacity as representative or for family reasons deserving protection, to exercise after your death the above-mentioned rights on your personal data (Art. 2-terdecies D.Lgs. 196/2003);
  • register free of charge in the screening register (“Registro Pubblico delle Opposizioni”), to opt out from unsolicited communications of Art. 130 of D.Lgs. 196/2003 delivered by phone or mail (Art. 130 (3-bis) D.Lgs. 196/2003).

Please note that we may ask you to verify your identity before responding to such requests.

You also have the right to complain to your local data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA), the UK or where you live. A list of the EEA and UK entities can be found below.

Unfortunately, we’re sometimes not able to do the things you tell us to, for example because of the legal basis we have been relying on to process your personal data, or because it would interfere with another person’s own privacy rights. If this happens, we’ll explain to you why we aren’t able to do what you tell us to with that piece of personal data.

We may also be required to keep certain personal data to satisfy legal requirements or for security purposes, or if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Updates to this policy

We may make updates to this policy from time to time (for example because our services have changed or because of changes in laws). We will appropriately notify you of this. The date this notice was last updated can be found at the top.

Other locations

If you live in any of the following locations, you can read more about the additional privacy terms which apply to you here:

  • California
  • South Korea
  • Turkey

How can you ask questions or make a complaint about your privacy?

If you have any questions about what we have said in this notice or how your personal data is used, you can contact us about it.

Our contact details are:

E-Mail: [email protected]

Address:              Kirkegata 15, Oslo Norway N-0153

You can also contact the official authority which regulates personal data in your country (the “regulator”) to lodge a complaint, if you think we are not using your personal data correctly. If you are in the UK or the EEA:

  • You can find a list of EEA data protection regulators here.
  • In the UK, the regulator is the Information Commissioner’s Office which you can contact here.

Thank you!

We hope you have a great time playing the game!

 

If you are in California:

California Privacy Rights - This section contains disclosures required by the California Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to the CCPA.

Personal Information we Collect.  In the preceding 12 months, we collected the following categories of personal information about California consumers. We do not sell personal information.

Categories of Personal Information Disclosed for business purposes to the following categories of third parties:
Personal and online identifiers (such as first and last name, email address, or unique online identifiers) All categories listed below.
Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement) All categories listed below.
Geolocation information All categories listed below.
Inferences drawn from the above information about your predicted characteristics and preferences All categories listed below.
Other information about you that is linked to the personal information above All categories listed below.

 

Categories of Sources. We collect personal information from the following categories of sources:

 

  • Consumers;
  • Internet service providers;
  • Data analytics providers;
  • Advertising providers;
  • Social networks;
  • Service providers; and
  • Affiliates not under the Tencent brand.

 

Why We Collect, Use, and Share California Information. We use and disclose the personal information we collect for our commercial and business purposes, as further described in this Privacy Policy.  These commercial and business purposes include, without limitation:

  • Our commercial purposes, including marketing, advertising, and enabling commercial transactions.
  • Our business purposes as identified in the CCPA, which include:
    • Auditing related to our interactions with you;
    • Legal compliance;
    • Detecting and protecting against security incidents, fraud, and illegal activity;
    • Debugging;
    • Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;
    • Internal research for technological improvement;
    • Internal operations;
    • Activities to maintain and improve our services; and
    • Other one-time uses.

 

Recipients of California Personal Information. We disclose the categories of personal information designated above to the categories of third parties listed below for business purposes:

  • Service providers;
  • Affiliates not under the Funcom brand; and
  • Government entities.

 

Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses.  If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

  • The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you; our purposes for collecting or selling personal information about you; the categories of personal information about you that we have either sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal information.
  • The right to request that we delete the personal information we have collected from you.
  • The right to opt out of our sale(s) of your personal information. Please note that if you opt out of certain types of sales, we will be unable to provide you with the services that rely on such sales.
  • The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

 

To exercise any of the above rights, please contact us and submit the required verifying information, by emailing us at [email protected].

Verification Process and Required Information. Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled.  We will require you to provide, at a minimum a Steam user id and email address.

Minors’ Right to Opt In. Children must not use the game. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.

 

If you are in South Korea

We collect your personal information for the purposes described in this Privacy Policy. Personal information that we collect from Republic of Korea is stored in and processed on our servers located in Germany, the United Kingdom, the United States, Portugal, Romania, Sweden and Norway and as outlined below in the table on ‘Overseas Transfer of Personal Data’.

 

With regards to the legal basis of processing personal information included in the section “What personal data about you do we use, and why?” the following legal provisions under the PIPA applies:

  • (for consent): we use this information pursuant with your consent, pursuant to Article 15(1)(1) of the PIPA.
  • (for complying with legal obligations): we use this information where necessary to comply with a legal obligation pursuant to Article 15(1)(2) of the PIPA.
  • (for contractual necessity): we use this information where necessary to perform our contract with you to provide our Services, pursuant to Article 15(1)(4) of PIPA.

 

We provide your personal information to third parties as described below:

 

 

 

Legal Grounds Name of Recipient Types of Personal Information provided Purpose of Use by Recipient Period of Retention
PIPA Art. 17(1)(1) Consent of the data subject Steam Steam ID To allow you to log into Steam In accordance with Steam’s privacy policy
Legitimate interest – PIPA Art. 17(1)(2), 15(1)(6) Google LLC, , Sprout Social Tableau, Databrain, Databricks, StarRiver Data, SmartLink, BattleEye Gameplay data, account data, SteamID, online identifiers To perform data analytics, insights, enrichment and attribution analysis; to enable the Services In accordance with privacy.

 

 

For the performance of the services detailed in this Privacy Policy, we delegate the processing of your personal information to the following professional service providers:

Delegatee Description of Delegated Services
Funcom Oslo AS Data processor: Processes and stores data on behalf of the data controller
Microsoft, Audiokinetics Data processor: To provide text chat access and/or microphone chat access
Playfab Data processor: To build and operate the live game on a single platform
Gportal, Google Cloud, Data processor: To host services to facilitate online gaming
HelpShift, Data processor: To provide customer support
SurveyMonkey Data processor: To conduct player surveys
 SmartLink Data processor: To send newsletters
Steam, Xsolla Data processor: To process transaction information and payment information
Atlassian, JIRA Data processor: To store information for bug reporting features
GGWP Data processor: To moderate chats and online harms
BattlEye Data processor: To prevent and detect the use of cheat software

 

Overseas Transfer of Personal Information

We transfer personal information to third parties overseas as follows:

Legal Grounds Recipient Receiving Country Date and Method of Transfer Types of Your Personal Information to be Transferred

 

 Purposes of Use by Recipients Period of Retention of Use by Recipient
PIPA Art. 28-8(1)(1), 17(1)(1) Consent of the data subject

 

 Steam United States or otherwise provided in Steam’s privacy policy Transmitted through private encryption algorithm from time to time at the time-of-service provision. Steam ID To allow you to log into Steam For our processors, please see “How long do we retain your personal data?” and for controllers, please see the relevant section of the entity’s privacy policy.
PIPA Art. 28-8(1)(1), 17(1)(1) Consent of the Data Subject Google LLC, , Sprout Social Tableau, Databrain, Databricks, StarRiver Data, SmartLink, In accordance with these entities’ privacy policies Account data, communications and chat data, preference data, and other related data To perform data analytics, insights, enrichment and attribution analysis
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance Microsoft, Audiokinetics In accordance with these entities’ privacy policies Account data, communications and chat data, preference data, and other related data To provide text chat access and/or microphone chat access
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance Playfab United States or otherwise provided in Playfab’s privacy policy Account data, communications and chat data, preference data, and other related data To facilitate online gameplay by building and operating games on a single platform
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance Gportal In accordance with Gportal’s privacy policies Device, browser and access information (e.g. operating system, internet service provider, date and time of access, websites of access, access status) To host services to facilitate online gaming
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance Google Cloud Google Cloud: Germany or otherwise in accordance with Google Cloud’s privacy policy Log files
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance HelpShift, Discord In accordance with these entities’ privacy policies Information you provide to us as part of your customer support (e.g. email, login data, gameplay data and transaction data) To provide customer support
PIPA Art. 28-8(1)(1), 17(1)(1) Consent of the Data Subject SurveyMonkey In accordance with SurveyMonkey’s privacy policy Email address and IP address To conduct player surveys
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance Steam, Xsolla In accordance with these entities’ privacy policies Account, transaction, and financial records information To process transaction information and payment information
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance Atlassian, JIRA In accordance with these entities’ privacy policies Free text, captured fields To store information for bug reporting features
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance GGWP In accordance with GGWP’s privacy policy Free text through form submission, email address, account information, character information To moderate chats and online harms
PIPA Art. 28-8(1)(3) Delegation and Retention for Contractual Performance BattlEye In accordance with BattlEye’s privacy policy IP address, device information, gameplay data To prevent and detect the use of cheat software

 

Data Destruction

Personal information is retained in accordance with the data retention periods as detailed in section “Data Retention”. With the exception of the personal information set out below, personal information, which has fulfilled the purpose for which it was collected or used, and has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible way by using technical methods, and printed information will be destroyed by shredding or incinerating such information.

The personal information  detailed in section “Data Retention” are required to be retained pursuant to the following laws:

 

Act on the Consumer Protection in Electronic Commerce, Etc. Article 6 of the Act on the Consumer Protection in Electronic Commerce In an electronic commerce or a mail-order sale:

·        Records regarding labelling and advertising (6 months)

·        Records regarding execution or withdrawal of a contract (5 years)

·        Records regarding the payment of a price and the supply of goods and services (5 years)

·        Records regarding customer services or dispute resolution (3 years)
Protection of Communications Secrets Act Article 41 of the Decree of the Act, Article 15-2 of the Protection of Communications Secrets Act ·        Log records, IP address (3 months)

·        The date of telecommunications by users, the time that the telecommunications start and end, the frequency of use (12 months)

You may exercise rights related to the protection of personal information by requesting access to your personal information or the correction, deletion or suspension of processing of your personal information, etc. pursuant to applicable laws such as the Personal Information Protection Act (“PIPA”). You may also exercise these rights through your legal guardian or someone who has been authorized by you to exercise the right. However, in this case, you must submit a power of attorney to us in accordance with the Enforcement Regulations of the PIPA. You can also withdraw your consent or demand a suspension of the personal information processing at any time.

Additional Use and Provision of Personal Information

In accordance with the PIPA, we may use or provide personal information within the scope of reasonably related to the initial purpose of the collection, in consideration of whether disadvantages have been caused to data subjects and whether necessary measures have been taken to secure such as encryption, etc.  We will determine with due care whether to use or provide personal information in consideration of general circumstances including relevant laws and regulations such as the PIPA, purpose of use or provision of personal information, how personal information will be used or provided, items of personal information to be used or provided, matters to which data subjects provided consent or which were notified/disclosed to data subjects, impact on data subjects upon the use or provision, and measures taken to protect subject information.  Specific considerations are as follows:

  • whether the additional use/provision is related to the initial purpose of the collection;
  • whether the additional use/provision is foreseeable in light of the circumstances under which personal information was collected and practices regarding processing;
  • whether the additional use/provision unfairly infringe on the interests of the data subject; and
  • whether the necessary security measures such as pseudonymization or encryption were taken.

Measures to Ensure Safety of Personal Information

We implement the following measures to ensure safety of your personal information:

  1. Managerial measures: establishment and implementation of internal management plan, operation of dedicated organization, regular employee training
  2. Technical measures: management of access rights to the personal information processing system, installation of an access control system, encryption of personal information, and installation and renewal of security programs
  3. Physical measures: access control of computer rooms, data storage rooms, etc.

Contact

To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.

  • Data Protection Department, responsible for the management and safety of your personal information
  • Email: [email protected]

 

Remedies for Infringement of Rights and Interests

 

In order to seek remedies for personal information infringement, you may file an application for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. In addition, you may contact the following institutions for other reports and consultations on personal information infringement:

  1. Personal Information Dispute Mediation Committee: (no area code required) 1833-6972 (kopico.go.kr)
  2. Personal Information Infringement Report Center: (no area code required) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors’ Office: (no area code required) 1301 (spo.go.kr)
  4. National Police Agency: (no area code required) 182 (ecrm.cyber.go.kr)

 

 

Turkey:

Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for Turkey.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website:https://app.prighter.com/portal/16225868492

Overseas transfer of personal data

In accordance with Article 9 of the DPL, your personal data may be transferred abroad. You can find full details of these transfers in the table ‘Overseas Transfer of Personal Information’ under ‘Korea’.