Wayfinder Privacy Policy

Wayfinder Privacy Notice

Last updated: July 2023

Introduction – What is this notice for?

This privacy notice (this “notice”) is about how we use personal information about you called “personal data” when you’re playing Wayfinder (the “game”).

Who are we?

We are Digital Extremes Ltd (“we” or “us” in the rest of this notice). We are located at 355 Wellington St, Suite 107, London, ON N6A 3N^[a]7 and you can find our contact details here^[b].

We make decisions about how and why we use your personal data when you use the game. The means we’re what’s called a “data controller” of this personal data.

What is personal data and why is it important?

Personal data is any information which identifies you (like your name, nickname, and email address). It is also information which can be pieced together with other information to identify you like your age, gender, or the technical IDs given to your phone/laptop (these IDs are sometimes known as “online identifiers”); and the interactions of you and your character in the game from which it’s possible to work out things about you, such as mission time, item acquisition rates, inventory amounts, avatar characteristics and choices (“gameplay data”).

It’s important to know what we do with your personal data, because you should be able to control what happens to it. By reading and understanding this notice, you will know how we collect, use, share, and protect your personal data, and how you can ask us to use it differently.

How do we collect your personal data?

Sometimes you give us your personal data directly - for example, when you are filling in your account setup form or contacting our customer support teams. The information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you at the point we request it. Providing us with this information is voluntary, but if you choose not to provide it you may not be able to access the service or certain aspects of the service.

Sometimes we also collect information about you automatically when you use the service. Where this information can be linked back to you, it will be personal data. This information includes IP address, geographic location information using IP information, event data related to updates to your account information, microtransactional data, and advertising referral data.

If a data file called a “cookie” is downloaded onto your phone or laptop, that cookie might send your personal data to others (like Google) who pass your personal data onto us. For more information about cookies, the type of information they collect and why they collect it, and how you can consent or refuse to cookies being used, click here^[c].

When are we allowed to use your personal data?

We are only legally allowed to use your personal data where a legal basis allows us to do so. These are the legal bases which could apply:

Legal Basis	When does this Legal Basis apply?
“Contract” We need to carry out or sign up to a contract	When it’s necessary to use your personal data to perform a contract with you, or because you have asked us to do something before signing a contract with you that requires the processing of your personal data. In these cases, if you don’t provide your personal data, then we won’t be able to perform the contract or do what you have asked us to do before signing the contract.
“Legitimate Interest” It’s in our or someone else’s “legitimate interests”	“Legitimate interests” is a legal phrase. It usually means a commercial or business interest that is important to us or another company, and which we’ve balanced against your right to privacy.   We will always let you know what the interest is, and you can object to us using your personal data for these reasons on our online support portal.
“Consent” You have given us your consent	Sometimes we will ask for your (or we might need to ask for your parent’s) consent to use your personal data. This consent will always be clear and separated out from other information. You can always withdraw your consent via email at privacy@digitalextremes.com.
“Legal obligation” We need to do something a legal obligation tells us to	When it’s necessary to use your personal data so that we can perform our legal and regulatory obligations – so that we don’t break the law.

What personal data about you do we use, and why?

This table lists the types of personal data we use about you, and our reason for this:  

Information you provide to us (either directly or through a third party):

The types of your personal data we use	Why we use this personal data	Legal basis
Account setup information: Account ID, email, age, password, hardware ID, IP address.	We use this information to create your account in order to provide access to the service in accordance with your request and in order to ensure that you are old enough to play.	Contract
Game development and optimisation: Entity / avatar data, gameplay related data (ie. account state, aggregate account data, play time, item acquisition rates, inventory amounts, ability usage, account ID of friends).	We use this information in connection with development feedback and optimisations, including to provide functionality, gameplay and content improvements to the game	Legitimate interest - our interest in improving your and others’ future experiences with the game
Opt-in marketing and surveys: email, platform, transaction data.	We use this information when you voluntarily provide it for the purposes of providing you with update and promotional emails and for conducting surveys, including on features in the game.	Consent
Customer support: Any information voluntarily provided to customer support including email, login data, gameplay data and transaction data.	We use this information to help provide support to you in relation to the issue you’ve contact us about.	Legitimate interest – our interest in answering your questions about our service in order to improve your experience and improve our relationship with you
Security: IP address, IP lookup information, account ID.	We use this information to help provide security and network protection mechanisms.	Contract
Data subject request information: email address, transaction history, login history, proof of user's identity.	If a data subject request is submitted, we use this information to confirm the requestor’s identity, your rights and to process the request.	Legal obligation - our obligations under data protection laws
Sending legal reports/responding to court orders: purchase and activity data, online identifiers, information requested by law enforcement.	We may be required by law to disclose this information to law enforcement bodies.	Legal obligation – our obligations under intelligence and security laws
Friends list: list of friends that a player has added in game (Digital Extremes cannot see players on your friend list on the platform that you play the game).	To allow players to easily communicate with each other and play with each other again.	Contract
Ad campaign information: Personal and online identifiers (such as first and last name, email address, or unique online identifiers) Geolocation information Inferences drawn from the above information about your predicted characteristics and preferences	To allow us to determine the success of our advertising campaigns.	Consent

Information collected automatically or generated as part of our service to you:

What we are doing and why	The types of your personal data we use	Legal Basis
Transaction records: payments through payment processors or respective distribution platforms, cost, product purchased, IP address, details of transactions linked to payment method, currency paid, vendor, item purchased, price paid, discount applied, shipping information.	We use this information to facilitate your payment and maintain a record of your transaction history.	Contract
Generated account ID	We generate this and use this to store your service gameplay data (including level and progress) with your profile, and it allows you to connect to the service server.	Contract
Gameplay Data: Various gameplay related data (i.e. account state, ping, mission time, item acquisition rates, inventory amounts, ability usage, account ID of friends)	We use this information to improve the game and provide you with feedback and information about your gameplay and progress.	Legitimate interest – our interest in improving your and others’ future experiences with the game
IP address	We use this information to: Allow you to connect to the service server Optimize your matchmaking experience Determine your country of origin Security and anti-cheat functions	Contract
Community monitoring activities: information in reports about suspected bad behaviour (e.g. cheating, harassment, language, etc)	We use this information to investigate instances of bad behaviour and to take relevant action in response. If your account is determined to breach our Terms of service, we may consider restricting or banning your access to the service.	Legitimate interest –our interest in ensuring the security of our services, maintaining a fair gaming environment
Crash reporting log files and bug/crash reports providing information on an error that has occurred. In addition some diagnostic information may be obtained from your device where you choose to provide this information	We use this information to provide bug support and improve the stability of Wayfinder. We may so reach out to you to help fix the bug or crash.	Consent – we rely on consent to obtain diagnostic information about your device and to contact you by email to help fix any related issues. Legitimate interests – our interest in improving the stability of the game and preventing bugs/crashes from happening.
Anti-cheat related information: basic hardware information, uniquely generated hardware ID, IP address, running process list (PC only), operating system information, user account information, processes, memory, and driver which is related to the game running, user behaviour and status that may be related to cheating software.[d]	We use this information: to detect and observe cheating behaviours and consider restricting or banning access to the service to combat users registering for multiple accounts If your account is determined to breach our Terms of service, we may consider restricting or banning your access to the service.	Contract[e]
Data to provide you with chat access: text communicated to other players in-game (message history) both via player to player and group text chat, including account ID.	If you engage with chat services then we will process such data in order to deliver your messages to other users.	Contract
Data to provide you with voice chat access: audio recordings communicated to other players in-game	If you engage with voice chat services then we will process voice data in order to allow you to communicate with other users.	Contract
Chat monitoring and logging: text communicated to other players in-game (message history) both via player to player and group text chat, including account ID.	We monitor and take logs and chats to ensure they are in keeping with our community standards. We will only review hashed communications when we are detecting abuse and spam.	Legitimate interest  – our interest in providing you with customer support and security by ensuring the messages you leave don’t breach our community standards
Financial reporting: Purchasing data, activity data, and IP lookup (country) data	We use this information to complete our financial reporting and disclosure obligations to parent company, tax agencies and regulators.	Legal obligation – our obligations under tax and corporate law

Who do we share your personal data with?

Sometimes we share your personal data with other companies and organisations.

The types of companies and organisations we share your personal data with are as follows:

• Airship (the company who developed the game) – Although we manage the publication of Wayfinder, it is actually a different company called Airship Syndicate Entertainment, Inc. who developed (i.e. created and coded) the game. We sometimes need to share your personal data with Airship Syndicate Entertainment, Inc. so they can work out how they can fix or improve the game.
• Game “storefronts” and “distributors” – If we’re not already doing this ourselves, we might need help from other companies to get you to join the game and set up your account. We might share your personal data with those companies as part of that process.
• Companies in our “group” of companies – We have different companies in our “group”, who are linked to us. Some of them provide us with services to help us to manage our games. We share your personal data with these other companies so they can provide us with these services, and to fulfil some of our legal obligations.
• Other companies who provide us with services – We need separate companies to provide us with services we use to support the game (for example, payment processors, hosting providers, companies which process support ticket IDs and support communication, voice chat software providers^[f], anti-cheat software providers, and companies that help send or display marketing or advertisements if these are relevant). We share your personal data with those companies so they can provide us with those services.
• Regulators, official authorities, and other third parties in relation to legal compliance – For example, the police or the government might legally require use to give them personal data to help them with an investigation, or we might be required to give these companies personal data to enforce our terms, address security and fraud, and to protect you.  
• A third party that acquires all or part of our business – we might disclose your personal data to another company which buys or undertakes another type of corporate transaction in respect of our shares or buys all or part of our assets.  

Does your personal data ever go to other countries?

Yes, sometimes your personal data goes to other countries as part of using your personal data in the ways we listed above. These countries will include Canada and the US and may include other countries like the Philippines.

If you are in the UK, the EU, or Switzerland and your personal data goes outside of the UK, the EEA or Switzerland, the law requires us to take extra steps to make sure your personal data is protected in the place it is going to.

We do the following things to make sure we are not breaking these laws:

• If an adequacy decision/regulation from the European Commission or UK government is in place (this is the case for Canada), we will rely on that adequacy decision.
• Before you enter the game, we ask for your consent to transfer your data overseas (we might need to ask your parent to provide this consent for you).
• If we send your personal data to a company (either in our “group” of companies or a separate company) which is in a jurisdiction not subject to an adequacy decision so they can provide us with services, we will have a contract with that company called the “standard contractual clauses and the UK addendum” which requires that company to protect your personal data.
• Sometimes the companies who provide us with services have special documents in place called “binding corporate rules”. If a company has one of these documents in place, this will be enough to make sure the personal data is protected.

We might take similar steps where you are in another country with similar legal requirements, as well.

If you want proof of or more information about any of these things, you can contact us here^[g].

How long do we keep your personal data for?

We only keep your personal data for as long as is necessary. This will generally only be for one year after either the life of the game or the last time that you logged in to the game; or where the personal data relates to your Digital Extremes account, for one year following the eventual deletion of your account.

We might need to keep your personal data for longer if a law requires us to (for example, laws about record-keeping and tax). Normally this is about six to ten years. [We might also keep your personal data (about [●] years) in a pseudonymised format for analytics purposes, so we can improve our games for you and our other players]. It we are keeping your personal data for longer in this way, we will make sure it is secure and you can still change what we do with it (see below).  ^[h]

Will we use automated decision-making?

We work with a third party anti-cheat software provider to detect cheating^[i]. We may process your personal data using automated decision-making methods in order to identify users who are cheating by observing and detecting cheating behaviours and users registering for multiple accounts.

If your account is determined to breach our Terms of Service, we may consider restricting or banning your access to the Game^[j]. Please see our Terms of Service for the Game here^[k]. If this happens, you will be informed of the outcome of the decision and you will have the right to obtain human intervention to express your point of view and context the decision by contacting us at privacy@digitalextremes.com.  

What control do you have over your personal data, and how can you make us change what we do with it?

Because your personal data is about you, you should be able to control what happens to it.

We provide different ways you can do this. The easiest way is to write us an email (privacy@digitalextremes.com) requesting one or more of the following:

• “Stop using my data” – you can object to how we are using your personal data if we are using it based on legitimate interests (see above) in certain situations;
• “Download my data” – you can request a downloadable copy of your personal data and for us to transfer it to another party. If you wish for us to transfer such personal information to a third party, please ensure you detail that party in your request. Note that we can only do so where it is technically feasible;
• “Access my data” – you can request to access to the personal data we use about you, and information about how we use it and who we share it with;
• “Delete my data” – you can request that your account or specific personal data we store about you is deleted from the game. Please be aware that once an account has been deleted there is no way to recover it;
• “Correct my data” – you can request that information about you that is wrong or outdated is corrected. You can update your account information at any time by logging on to your account profile;
• “Restrict the use of my data” - you can request to restrict the use your personal data, for example to storage purposes only;
• “I don’t consent any more” – you can withdraw your consent if our reason for using your personal data is consent (see above). We will then stop using your personal data in this way (though this doesn’t affect the lawfulness of the processing until you withdraw).

You can also submit requests to exercise these rights by contacting us at privacy@digitalextremes.com.

Unfortunately we’re sometimes not able to do the things you tell us to, for example because of the particular legal basis we have been relying on to process your personal data, or because it would interfere with another person’s own privacy rights. If this happens, we’ll explain to you why we aren’t able to do what you tell us to with that piece of personal data.

We may also be required to keep certain personal data to satisfy legal requirements or for security purposes, or if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Children

None of our services or content on our websites are designed or intended for children under 16 years of age. Our content is in compliance with the Children's Online Privacy Protection Act (COPPA) and will never be directed at children under 16 years of age. If you are under the restricted age for data protection purposes in your jurisdiction, you are not permitted to access the websites or games unless your parent or guardian has provided express consent. Please see our Terms of service and End-User License Agreement ^[l]for additional information.

We do not knowingly collect personal information from children under these ages for any purpose. If you believe that we have personal information of a child under these ages without parental/guardian consent, or if you are the parent or guardian of the user and wish to withdraw consent, please contact us at privacy@digitalextremes.com.

Updates to this policy

We may make updates to this policy from time to time (for example because our services have changed or because of changes in laws). We will appropriately notify you of this. The date this notice was last updated can be found at the top.  

Other locations

If you live in any of the following locations, you can read more about the additional privacy terms which apply to you here:

• California^[m]

How can you ask questions or make a complaint about your privacy?

If you have any questions about what we have said in this notice or how your personal data is used, you can contact us about it.

Our contact details are:

E-Mail:        privacy@digitalextremes.com 

Address:        355 Wellington St, Suite 107, London, ON N6A 3N7

If you are located in the EEA or the United Kingdom and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at:

Jurisdiction	Name	Address	Contact details
EU	Bird & Bird GDPR Representative Ireland	Deloitte House, 29 Earlsfort Terrace, Dublin 2, D02 AY28	EUrepresentative.DigitalExtremes@twobirds.com Key contact: Vincent Rezzouk-Hammachi
UK	Bird & Bird GDPR Representative Services UK	12 New Fetter Lane, London, EC4A 1JP, United Kingdom	UKrepresentative.DigitalExtremes@twobirds.com Key contact: Vincent Rezzouk-Hammachi

You can also contact the official organisation which regulates personal data in your country (the “regulator”) to lodge a complaint, if you think we are not using your personal data correctly. Please see the Annex ^[n]to this notice which lists the contact details of the different regulators.

Thank you!

We hope you have a great time playing Wayfinder!

--

If you live in California:

California Privacy Rights This section contains disclosures required by the California Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to the CCPA.  

Personal Information we Collect.  In the preceding 12 months, we collected the following categories of personal information about California consumers. We do not sell personal information.

Categories of Personal Information	Disclosed for business purposes to the following categories of third parties:	Sold to following categories of third parties:
Personal and online identifiers (such as first and last name, email address, or unique online identifiers)	All categories listed below.	All categories listed below.
Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement)	All categories listed below.	All categories listed below.
Geolocation information	All categories listed below.	All categories listed below.
Inferences drawn from the above information about your predicted characteristics and preferences	All categories listed below.	All categories listed below.
Other information about you that is linked to the personal information above	All categories listed below.	All categories listed below.

Categories of Sources. We collect personal information from the following categories of sources:

• Consumers;
• Internet service providers;
• Data analytics providers;
• Advertising providers;
• Social networks;
• Service providers; and
• Affiliates not under the Digital Extremes brand.

Why We Collect, Use, and Share California Information. We use and disclose the personal information we collect for our commercial and business purposes, as further described in this Privacy Policy.  These commercial and business purposes include, without limitation:

• Our commercial purposes, including marketing, advertising, and enabling commercial transactions.
• Our business purposes as identified in the CCPA, which include:

• Auditing related to our interactions with you;
• Legal compliance;
• Detecting and protecting against security incidents, fraud, and illegal activity;
• Debugging;
• Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;
• Internal research for technological improvement;
• Internal operations;
• Activities to maintain and improve our services; and
• Other one-time uses.

Recipients of California Personal Information. We disclose the categories of personal information designated above to the categories of third parties listed below for business purposes:

• Service providers;
• Affiliates not under the Digital Extremes brand; and
• Government entities.

Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses.  If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

• The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you; our purposes for collecting or selling personal information about you; the categories of personal information about you that we have either sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal information.
• The right to request that we delete the personal information we have collected from you.
• The right to opt out of our sale(s) of your personal information. Please note that if you opt out of certain types of sales, we will be unable to provide you with the services that rely on such sales.
• The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

To exercise any of the above rights, please contact us and submit the required verifying information, by emailing us at privacy@digitalextremes.com.^[o]

Verification Process and Required Information. Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled.  We will require you to log-in to your account first to verify your identification. If this is not possible, we may ask you to provide additional information, including  email address, details about your account and activities in Wayfinder, or other such information as may be needed.

Minors’ Right to Opt In. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.  

---

Annex – list of regulators you can contact

You can contact the regulator on this list which is in the country you are located in:

• You can find a list of EU data protection regulators here.
• In the UK, the regulator is the Information Commissioner’s Office which you can contact here.